| Age | Commit message (Collapse) | Author |
|---|
|
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
RT: 3553
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit 69d5747f90136aa026a96204f26ab39549dfc69b)
|
|
so the Win32 compile picks it up correctly.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
The different -I compiler parameters will take care of the rest...
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
spaces do not belong in file names, so when picking out the individual parts, remove the spaces
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
algorithms MD2 and RC5 don't get built.
Also, disable building the test apps in crypto/des and crypto/pkcs7, as
they have no support at all.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
compiler supports it. Otherwise, there are warnings about it lacking everywhere, which is quite tedious to read through while trying to check for other warnings.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Patch supplied by Matthieu Patou <mat@matws.net>, and modified to also
remove duplicate definition of PKCS7_type_is_digest.
PR#3551
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit e0fdea3e49e7454aa76bd5ecf3a3747641354c68)
|
|
Reencode DigestInto in DER and check against the original: this
will reject any improperly encoded DigestInfo structures.
Note: this is a precautionary measure, there is no known attack
which can exploit this.
Thanks to Brian Smith for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Accidentally omitted from commit 455b65dfab0de51c9f67b3c909311770f2b3f801
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit fdc35a9d3e8cf4cfd9330d5df9883f42cf5648ad)
|
|
RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit 8b07c005fe006044d0e4a795421447deca3c9f2c)
|
|
Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4aac102f75b517bdb56b1bcfd0a856052d559f6e)
Conflicts:
crypto/evp/evp_enc.c
(cherry picked from commit 738911cde68b2b3706e502cf8daf5b14738f2f42)
|
|
(Original commit adb46dbc6dd7347750df2468c93e8c34bcb93a4b)
Use the new constant-time methods consistently in s3_srvr.c
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 455b65dfab0de51c9f67b3c909311770f2b3f801)
|
|
Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1
This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Conflicts:
crypto/rsa/rsa_oaep.c
|
|
If we don't find a signer in the internal list, then fall
through and look at the internal list; don't just return NULL.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b2aa38a980e9fbf158aafe487fb729c492b241fb)
|
|
(cherry picked from commit 2b0180c37fa6ffc48ee40caa831ca398b828e680)
Reviewed-by: Ben Laurie <ben@openssl.org>
|
|
string returns 0 with errno = ENOENT.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 360928b7d0f16dde70e26841bbf9e1af727e8b8f)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 6a14fe7576e7a14a46ba14df8be8fe478536b4fb)
|
|
"inline" without static is not correct as the compiler may choose to ignore it
and will then either emit an external definition, or expect one.
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit 86f50b36e63275a916b147f9d8764e3c0c060fdb)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4d86e8df6be69ed13abb73fd564f1f894eea0a98)
|
|
Pull constant-time methods out to a separate header, add tests.
Reviewed-by: Bodo Moeller <bodo@openssl.org>
(cherry picked from commit 9a9b0c0401cae443f115ff19921d347b20aa396b)
Conflicts:
test/Makefile
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit f9fb43e176ad2a914108cd2b403425dc1ebc7262)
|
|
Add the wrapper to all public header files (Configure
generates one). Don't bother for those that are just
lists of #define's that do renaming.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 089f10e69ece75ce31540501fe0898b15e898552)
|
|
The old code implicitly relies on the ASN.1 code returning a \0-prefixed buffer
when the buffer length is 0. Change this to verify explicitly that the ASN.1 string
has positive length.
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 82dc08de54ce443c2a9ac478faffe79e76157795)
|
|
When d2i_ECPrivateKey reads a private key with a missing (optional) public key,
generate one automatically from the group and private key.
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit ed383f847156940e93f256fed78599873a4a9b28)
Conflicts:
doc/crypto/EC_KEY_new.pod
|
|
This change saves several EC routines from crashing when an EC_KEY is
missing a public key. The public key is optional in the EC private key
format and, without this patch, running the following through `openssl
ec` causes a crash:
-----BEGIN EC PRIVATE KEY-----
MBkCAQEECAECAwQFBgcIoAoGCCqGSM49AwEH
-----END EC PRIVATE KEY-----
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit b391570bdeb386d4fd325917c248d593d3c43930)
|
|
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit e19c93811f0db499c98d2888f1c0c0ab65e6238a)
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit da92be4d68bec81030838e3228ef0238c565af85)
|
|
eliminating them as dead code.
Both volatile and "memory" are used because of some concern that the compiler
may still cache values across the asm block without it, and because this was
such a painful debugging session that I wanted to ensure that it's never
repeated.
(cherry picked from commit 7753a3a68431aa81b82beea4c3f5374b41454679)
Conflicts:
crypto/bn/asm/x86_64-gcc.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
group_order_tests (ectest.c). Also fix the EC_POINTs_mul documentation (ec.h).
Reviewed-by: emilia@openssl.org
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Invalid parameters passed to the SRP code can be overrun an internal
buffer. Add sanity check that g, A, B < N to SRP code.
Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
Group for reporting this issue.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
|
- Upon parsing, reject OIDs with invalid base-128 encoding.
- Always NUL-terminate the destination buffer in OBJ_obj2txt printing function.
CVE-2014-3508
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
We can't rename ssleay_rand_bytes to md_rand_bytes_lock as this will cause
an error code discrepancy. Instead keep ssleay_rand_bytes and add an
extra parameter: since ssleay_rand_bytes is not part of the public API
this wont cause any binary compatibility issues.
Reviewed-by: Kurt Roeckx <kurt@openssl.org >
(cherry picked from commit 8068a675a7d1a657c54546f24e673e59e6707f03)
|
|
(which didn't always handle value 0 correctly).
Reviewed-by: emilia@openssl.org
Conflicts:
CHANGES
|
|
Don't use multiple locks when SP800-90 DRBG is used outside FIPS mode.
PR#3176
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a3efe1b6e9d2aa2ce5661e4d4b97262eae743fa7)
|
|
PR#2569
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit cba11f57ce161fd301a72194827327128191de7e)
|
|
This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.
This does have the impact of masking any *real* unitialised data reads in bn though.
Patch based on approach suggested by Rich Salz.
PR#3415
(cherry picked from commit 77747e2d9a5573b1dbc15e247ce18c03374c760c)
|
|
Detected by dcruette@qualitesys.com
(cherry picked from commit 8b5dd340919e511137696792279f595a70ae2762)
|
|
(cherry picked from commit c1d1b0114e9d370c30649e46182393dbfc00e20c)
|
|
Based on an original patch by Neitrino Photonov <neitrinoph@gmail.com>
PR#3439
(cherry picked from commit 66816c53bea0ecddb9448da7ea9a51a334496127)
|
|
PR#2985
(cherry picked from commit 9d23f422a32cb333a5e803199ae230706b1bf9f5)
|
|
PR#2277
(cherry picked from commit 733a6c882e92f8221bd03a51643bb47f5f81bb81)
|
|
PR#3418.
(cherry picked from commit fdea4fff8fb058be928980600b24cf4c62ef3630)
|
|
(cherry picked from commit 55707a36cce3584457f687ff020842c079624ee8)
|
