| Age | Commit message (Collapse) | Author |
|---|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
According to X6.90 null, object identifier, boolean, integer and enumerated
types can only have primitive encodings: return an error if any of
these are received with a constructed encoding.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit f5e4b6b5b566320a8d774f9475540f7d0e6a704d)
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 03af843039af758fc9bbb4ae6c09ec2bc715f2c5)
|
|
Causes more problems than it fixes: even though error codes
are not part of the stable API, several users rely on the
specific error code, and the change breaks them. Conversely,
we don't have any concrete use-cases for constant-time behaviour here.
This reverts commit f2df488a1c7402e48c21c83e937955dfe9f40bee.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Various build fixes, mostly uncovered by clang's unused-const-variable
and unused-function errors.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 0e1c318ece3c82e96ae95a34a1badf58198d6b28)
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 53332a75d16a5bb3b9d90c15fcf38d2e87160a52)
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 553affbef7bb5dd313514e06dab5cd9b1de1835f)
|
|
master branch has a specific regression test for a bug in x86_64-mont5 code,
see commit cdfe0fdde6a966bdb0447de66aa04a85d99a0551.
This code is now in 1.0.2/1.0.1, so also backport the test.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit bb565cd29e34caeeaf12ecfdbe6273c2c794f5a2)
|
|
Invalid zero-padding in the divisor could cause a division by 0.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit a43bcd9e96c5180e5c6c82164ece643c0097485e)
|
|
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
The temporary variable causes unused variable warnings in opt mode with clang,
because the subsequent assert is compiled out.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 6af16ec5eed85390bcbd004806a842d6153d6a31)
|
|
malloc failure.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
|
used with no explanation. Some of this was introduced as part of RT#1929. The
value 28 is the length of the IP header (20 bytes) plus the UDP header (8
bytes). However use of this constant is incorrect because there may be
instances where a different value is needed, e.g. an IPv4 header is 20 bytes
but an IPv6 header is 40. Similarly you may not be using UDP (e.g. SCTP).
This commit introduces a new BIO_CTRL that provides the value to be used for
this mtu "overhead". It will be used by subsequent commits.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 0d3ae34df573f477b6b1aaf614d52dcdfcff5fce)
Conflicts:
crypto/bio/bss_dgram.c
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Don't attempt to access msg structure if recvmsg returns an error.
PR#3483
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 012aa9ec76b158179b4de44bb5de8b8472045eac)
|
|
If the hash or public key algorithm is "undef" the signature type
will receive special handling and shouldn't be included in the
cross reference table.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 55f7fb8848b6e4bec291724a479e1580d6f407d6)
|
|
PR#3535
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit e04d426bf98ebb22abf0f15b6f09d333a6e8b2ad)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
This doesn't really fix the datarace but changes it so it can only happens
once. This isn't really a problem since we always just set it to the same
value. We now just stop writing it after the first time.
PR3584, https://bugs.debian.org/534534
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit d45282fc7cd9b97ed1479f8b8af713337fce57f5)
|
|
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Reviewed-by: Ben Laurie <ben@openssl.org>
(cherry picked from commit 87d388c955c14a7c1371f9c7555fb429a406a3d3)
|
|
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
RT: 3553
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit 69d5747f90136aa026a96204f26ab39549dfc69b)
|
|
so the Win32 compile picks it up correctly.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
The different -I compiler parameters will take care of the rest...
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
spaces do not belong in file names, so when picking out the individual parts, remove the spaces
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
algorithms MD2 and RC5 don't get built.
Also, disable building the test apps in crypto/des and crypto/pkcs7, as
they have no support at all.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
compiler supports it. Otherwise, there are warnings about it lacking everywhere, which is quite tedious to read through while trying to check for other warnings.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Patch supplied by Matthieu Patou <mat@matws.net>, and modified to also
remove duplicate definition of PKCS7_type_is_digest.
PR#3551
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit e0fdea3e49e7454aa76bd5ecf3a3747641354c68)
|
|
Reencode DigestInto in DER and check against the original: this
will reject any improperly encoded DigestInfo structures.
Note: this is a precautionary measure, there is no known attack
which can exploit this.
Thanks to Brian Smith for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Accidentally omitted from commit 455b65dfab0de51c9f67b3c909311770f2b3f801
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit fdc35a9d3e8cf4cfd9330d5df9883f42cf5648ad)
|
|
RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit 8b07c005fe006044d0e4a795421447deca3c9f2c)
|
|
Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4aac102f75b517bdb56b1bcfd0a856052d559f6e)
Conflicts:
crypto/evp/evp_enc.c
(cherry picked from commit 738911cde68b2b3706e502cf8daf5b14738f2f42)
|
|
(Original commit adb46dbc6dd7347750df2468c93e8c34bcb93a4b)
Use the new constant-time methods consistently in s3_srvr.c
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 455b65dfab0de51c9f67b3c909311770f2b3f801)
|
|
Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1
This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Conflicts:
crypto/rsa/rsa_oaep.c
|
|
If we don't find a signer in the internal list, then fall
through and look at the internal list; don't just return NULL.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b2aa38a980e9fbf158aafe487fb729c492b241fb)
|
|
(cherry picked from commit 2b0180c37fa6ffc48ee40caa831ca398b828e680)
Reviewed-by: Ben Laurie <ben@openssl.org>
|
|
string returns 0 with errno = ENOENT.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 360928b7d0f16dde70e26841bbf9e1af727e8b8f)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 6a14fe7576e7a14a46ba14df8be8fe478536b4fb)
|
|
"inline" without static is not correct as the compiler may choose to ignore it
and will then either emit an external definition, or expect one.
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit 86f50b36e63275a916b147f9d8764e3c0c060fdb)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4d86e8df6be69ed13abb73fd564f1f894eea0a98)
|
|
Pull constant-time methods out to a separate header, add tests.
Reviewed-by: Bodo Moeller <bodo@openssl.org>
(cherry picked from commit 9a9b0c0401cae443f115ff19921d347b20aa396b)
Conflicts:
test/Makefile
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit f9fb43e176ad2a914108cd2b403425dc1ebc7262)
|
|
Add the wrapper to all public header files (Configure
generates one). Don't bother for those that are just
lists of #define's that do renaming.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 089f10e69ece75ce31540501fe0898b15e898552)
|
|
The old code implicitly relies on the ASN.1 code returning a \0-prefixed buffer
when the buffer length is 0. Change this to verify explicitly that the ASN.1 string
has positive length.
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 82dc08de54ce443c2a9ac478faffe79e76157795)
|
