- Jun 21, 2016
-
-
David Benjamin authored
Using RSA_PKCS1_PADDING with RSA_private_decrypt is inherently unsafe. The API requires writing output on success and touching the error queue on error. Thus, although the padding check itself is constant-time as of 294d1e36, and the logic after the decryption in the SSL code is constant-time as of adb46dbc , the API boundary in the middle still leaks whether the padding check succeeded, giving us our much-loved Bleichenbacher padding oracle. Instead, PKCS#1 padding must be handled by the caller which uses RSA_NO_PADDING, in timing-sensitive code integrated with the Bleichenbacher mitigation. Removing PKCS#1 padding in constant time is actually much simpler when the expected length is a constant (and if it's not a constant, avoiding a padding oracle seems unlikely), so just do it inline. Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1222
-
Kurt Roeckx authored
It wrote before the start of the string found by afl Reviewed-by: Richard Levitte <levitte@openssl.org> MR: #2994
-
Petr Vaněk authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1241)
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
We recalculate the location of the directories we keep track of. However, we did so after having moved to the new directory already, so the data we did the calculations from were possibly not quite correct. This change moves the calculations to happen before moving to the new directory. This issue is sporadic, and possibly dependent on the platform. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rich Salz authored
Add missing entries to NAME section Add SYNOPSIS lines, remove old NAME entries Update find-doc-nits; better regexp's for parsing SYNOPSIS sections. Rename a couple of files to have an API name. Remove RSA_private_decrypt; it was duplicate content Update for recent doc additions Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Jun 20, 2016
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
David Benjamin authored
It was already nearly clean. Just one undeclared variable. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1240)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
This extends 'req' to take more than one DN component, and to take them as full DN components and not just CN values. All other commands are changed to pass "CN = $cn" instead of just a CN value. This adds 'genpc', which differs from the other 'gen*' commands by not calling 'req', and expect the result from 'req' to come through stdin. Finally, test/certs/setup.sh gets the commands needed to generate a few proxy certificates. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
While travelling up the certificate chain, the internal proxy_path_length must be updated with the pCPathLengthConstraint value, or verification will not work properly. This corresponds to RFC 3820, 4.1.4 (a). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
The subject name MUST be the same as the issuer name, with a single CN entry added. RT#1852 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
-
Dr. Matthias St. Pierre authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Kurt Cancemi authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1194)
-
Kurt Cancemi authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1194)
-
huangqinjin authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1233)
-
Kurt Cancemi authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1231)
-
Jiri Horky authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Emilia Kasper authored
Reorder arguments to follow convention. Also allow r/s to be NULL in DSA_SIG_get0, similarly to ECDSA_SIG_get0. This complements GH1193 which adds non-const setters. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rob Percival authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rob Percival authored
This encompasses what was previously tested. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
RT#4578 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
The previous change for Windows wasn't quite right. Corrected to use %HOME%, %USERPROFILE% and %SYSTEMPROFILE%, in that order. Also adding the default home for VMS, SYS$LOGIN: Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Jun 18, 2016
-
-
FdaSilvaYY authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1168)
-
FdaSilvaYY authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1168)
-
FdaSilvaYY authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1168)
-
FdaSilvaYY authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1168)
-
FdaSilvaYY authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1168)
-
Matt Caswell authored
Better than losing the const qualifier. RT4378 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Update e_os2.h so that inttypes.h is included. RT4378 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Changing the type of the |str| variable in asn1pars enables us to remove 4 casts with just 1. This silences an OpenBSD warning along the way. RT4378 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
EVP_MDs are always const, so stacks of them should be too. This silences a warning about type punning on OpenBSD. RT4378 Reviewed-by: Richard Levitte <levitte@openssl.org>
-