- Mar 29, 2017
-
-
Steven Collison authored
These ciphers don't appear to be documented anywhere. Given the performance[1] benefits I think it makes sense to expose them. [1] https://software.intel.com/sites/default/files/open-ssl-performance-paper.pdf Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3067) (cherry picked from commit 209fac9f)
-
Steven Collison authored
These were added to the help in ad775e04 but not the pods. Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Jon Spillett authored
Reviewed-by:
-
- Mar 26, 2017
-
-
Andy Polyakov authored
Even though Apple refers to Procedure Call Standard for ARM Architecture (AAPCS), they apparently adhere to custom version that doesn't follow stack alignment constraints in the said standard. [Why or why? If it's vendor lock-in thing, then it would be like worst spot ever.] And since bsaes-armv7 relied on standard alignment, it became problematic to execute the code on iOS. Reviewed-by:
-
- Mar 25, 2017
-
-
Bernd Edlinger authored
Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
-
Bernd Edlinger authored
Don't access memory before checking the correct length in aesni_cbc_hmac_sha256_ctrl in case EVP_CTRL_AEAD_TLS1_AAD. Reviewed-by:
-
- Mar 24, 2017
-
-
Andy Polyakov authored
This module is used only with odd input lengths, i.e. not used in normal PKI cases, on contemporary processors. The problem was "illuminated" by fuzzing tests. Reviewed-by:
-
- Mar 23, 2017
-
-
Richard Levitte authored
Fixes #2542 Reviewed-by:
-
- Mar 22, 2017
-
-
Andy Polyakov authored
Initial IV was disregarded on SHAEXT-capable processors. Amazingly enough bulk AES128-SHA* talk-to-yourself tests were passing. Reviewed-by:
-
- Mar 21, 2017
-
-
Matt Caswell authored
Set the correct variable, and then actually send the alert! Found by, and fix suggested by, Raja Ashok. Reviewed-by:
-
Matt Caswell authored
We should not write to |out| in error cases, so we should defer doing this until the "done" block. Reviewed-by:
-
Matt Caswell authored
An internal error path could result in a memory leak. Also remove some redundant code. Reviewed-by:
-
- Mar 20, 2017
-
-
Richard Levitte authored
LONG and ZLONG items (which are OpenSSL private special cases of ASN1_INTEGER) are encoded into DER with padding if the leading octet has the high bit set, where the padding can be 0x00 (for positive numbers) or 0xff (for negative ones). When decoding DER to LONG or ZLONG, the padding wasn't taken in account at all, which means that if the encoded size with padding is one byte more than the size of long, decoding fails. This change fixes that issue. Reviewed-by:
-
Kurt Roeckx authored
Reviewed-by:
-
Kurt Roeckx authored
llvm's ubsan reported: runtime error: negation of -9223372036854775808 cannot be represented in type 'long'; cast to an unsigned type to negate this value to itself Found using afl Reviewed-by:
-
Kurt Roeckx authored
Found by afl Reviewed-by:
-
- Mar 15, 2017
-
-
Bernd Edlinger authored
Reviewed-by:
-
- Mar 13, 2017
-
-
Bernd Edlinger authored
and RSA_verify_PKCS1_PSS_mgf1 with 512-bit RSA vs. sha-512. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Andy Polyakov authored
Exteneded feature flags were not pulled on AMD processors, as result a number of extensions were effectively masked on Ryzen. Original fix for x86_64cpuid.pl addressed this problem, but messed up processor vendor detection. This fix moves extended feature detection past basic feature detection where it belongs. 32-bit counterpart is harmonized too. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Matt Caswell authored
DTLSv1_listen() is stateless. We never increment the record read sequence while listening, and we reflect the incoming record's sequence number in our write sequence. The logic for doing the write sequence reflection was *after* we had finished processing the incoming ClientHello and before we write the ServerHello. In the normal course of events this is fine. However if we need to write an early alert during ClientHello processing (e.g. no shared cipher), then we haven't done the write sequence reflection yet. This means the alert gets written with the wrong sequence number (it will just be set to whatever value we left it in the last time we wrote something). If the sequence number is less than expected then the client will believe that the incoming alert is a retransmit and will therefore drop it, causing the client to hang waiting for a response from the server. Fixes #2886 Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
- Mar 12, 2017
-
-
Matt Caswell authored
conf has the ability to expand variables in config files. Repeatedly doing this can lead to an exponential increase in the amount of memory required. This places a limit on the length of a value that can result from an expansion. Credit to OSS-Fuzz for finding this problem. Reviewed-by:
-
- Mar 11, 2017
-
-
Richard Levitte authored
This shouldn't have been applied to the 1.0.2 branch. This reverts commit 5247c038 . Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2907)
-
Richard Levitte authored
It shouldn't try to return an action description for UIT_PROMPT type UI strings. Reviewed-by:
-
- Mar 10, 2017
-
-
Pauli authored
... in functions dealing with the SSL object rather than the context. Reviewed-by:
-
Bernd Edlinger authored
that refers to space deallocated by a call to the free function in tls_decrypt_ticket. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
It was still generating EAY style source. Reviewed-by:
-
Richard Levitte authored
It was still generating EAY style source. Reviewed-by:
-
Matt Caswell authored
RSA_private_encrypt(), RSA_public_decrypt(), RSA_public_encrypt() and RSA_private_decrypt() are declared with a "const" from parameter, but this is not reflected in the docs. Reviewed-by:
-
- Mar 09, 2017
-
-
Pauli authored
even if run several times in a session. This amounts to moving the column counter so it isn't a function local static variable and reinitialising it each time. Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
- Mar 08, 2017
-
-
Pauli authored
to just the ciphers enc can process. This means no AEAD ciphers and no XTS mode. Reviewed-by:
-
Roberto Guimaraes authored
CLA: trivial Reviewed-by:
-
- Mar 07, 2017
-
-
Pauli authored
Reviewed-by:
-
Andy Polyakov authored
Exteneded feature flags were not pulled on AMD processors, as result a number of extensions were effectively masked on Ryzen. It should have been reported for Excavator since it implements AVX2 extension, but apparently nobody noticed or cared... Reviewed-by:
-
