Hello folks! I applied 005_crypto patch on OpenBSD 5.9 -release.
After that, I get an error if I run: $ openssl crl -in acserprorfbv3.crl -inform DER unable to load CRL 19710855970772:error:0D07809F:asn1 encoding routines:ASN1_ITEM_EX_D2I:unexpected eoc:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/tasn_dec.c:368:Type=X509_REVOKED 19710855970772:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/tasn_dec.c:621:Field=revoked, Type=X509_CRL_INFO 19710855970772:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/tasn_dec.c:653:Field=crl, Type=X509_CRL OpenBSD 5.9 is shipped with LibreSSL 2.3.2. The error above also happens with the lastest version (2.3.4). The command runs nicely when using OpenSSL 1.0.2h. All tests were done on the same system: OpenBSD 5.9 GENERIC.MP amd64. The certificate revocation list used in this test can be fetched here -> http://ccd.serpro.gov.br/lcr/acserprorfbv3.crl Regards, Jorge Peixoto 2016-05-03 11:32 GMT-03:00 Ted Unangst <t...@tedunangst.com>: > OpenSSL announced several issues today that also affect LibreSSL. > > - Memory corruption in the ASN.1 encoder (CVE-2016-2108) > - Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) > - EVP_EncodeUpdate overflow (CVE-2016-2105) > - EVP_EncryptUpdate overflow (CVE-2016-2106) > - ASN.1 BIO excessive memory allocation (CVE-2016-2109) > > Thanks to OpenSSL for providing information and patches. > > Refer to https://www.openssl.org/news/secadv/20160503.txt > > Patches for OpenBSD are available: > > http://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/005_crypto.patch.sig > > http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/013_crypto.patch.sig
