Hello folks!
I applied 005_crypto patch on OpenBSD 5.9 -release.
After that, I get an error if I run:
$ openssl crl -in acserprorfbv3.crl -inform DER
unable to load CRL
19710855970772:error:0D07809F:asn1 encoding
routines:ASN1_ITEM_EX_D2I:unexpected
eoc:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/tasn_dec.c:368:Type=X509_REVOKED
19710855970772:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
error:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/tasn_dec.c:621:Field=revoked,
Type=X509_CRL_INFO
19710855970772:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
error:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/tasn_dec.c:653:Field=crl,
Type=X509_CRL
OpenBSD 5.9 is shipped with LibreSSL 2.3.2. The error above also
happens with the lastest version (2.3.4).
The command runs nicely when using OpenSSL 1.0.2h.
All tests were done on the same system: OpenBSD 5.9 GENERIC.MP amd64.
The certificate revocation list used in this test can be fetched here
-> http://ccd.serpro.gov.br/lcr/acserprorfbv3.crl
Regards,
Jorge Peixoto
2016-05-03 11:32 GMT-03:00 Ted Unangst :
> OpenSSL announced several issues today that also affect LibreSSL.
>
> - Memory corruption in the ASN.1 encoder (CVE-2016-2108)
> - Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
> - EVP_EncodeUpdate overflow (CVE-2016-2105)
> - EVP_EncryptUpdate overflow (CVE-2016-2106)
> - ASN.1 BIO excessive memory allocation (CVE-2016-2109)
>
> Thanks to OpenSSL for providing information and patches.
>
> Refer to https://www.openssl.org/news/secadv/20160503.txt
>
> Patches for OpenBSD are available:
>
> http://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/005_crypto.patch.sig
>
> http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/013_crypto.patch.sig