- Mar 12, 2014
-
-
Dr. Stephen Henson authored
Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix. (cherry picked from commit 2198be34) Conflicts: CHANGES
-
- Mar 10, 2014
-
-
Dr. Stephen Henson authored
(cherry picked from commit a029788b)
-
- Mar 07, 2014
-
-
Dr. Stephen Henson authored
(cherry picked from commit 7a3e67f029969620966b8a627b8485d83692cca5)
-
Andy Polyakov authored
PR: 3275 (cherry picked from commit ea38f020)
-
Andy Polyakov authored
The problem is that OpenSSH calls EVP_Cipher, which is not as protective as EVP_CipherUpdate. Formally speaking we ought to do more checks in *_cipher methods, including rejecting lengths not divisible by block size (unless ciphertext stealing is in place). But for now I implement check for zero length in low-level based on precedent. PR: 3087, 2775 (cherry picked from commit 5e44c144)
-
- Mar 06, 2014
-
-
Andy Polyakov authored
(cherry picked from commit 53e51612)
-
Andy Polyakov authored
Submitted by: Roumen Petrov
-
Andy Polyakov authored
Submitted by: Roumen Petrov (cherry picked from commit 972b0dc3)
-
- Mar 03, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Mar 02, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Mar 01, 2014
-
-
Dr. Stephen Henson authored
Add a few special case digests not returned by FIPS_get_digestbynid(). Thanks to Roumen Petrov <openssl@roumenpetrov.info> for reporting this issue.
-
Dr. Stephen Henson authored
Although the memory allocated by compression methods is fixed and cannot grow over time it can cause warnings in some leak checking tools. The function SSL_COMP_free_compression_methods() will free and zero the list of supported compression methods. This should *only* be called in a single threaded context when an application is shutting down to avoid interfering with existing contexts attempting to look up compression methods.
-
Dr. Stephen Henson authored
Add option to set an alternative to the default hmacWithSHA1 PRF for PKCS#8 private key encryptions. This is used automatically by PKCS8_encrypt if the nid specified is a PRF. Add option to pkcs8 utility. Update docs.
-
Dr. Stephen Henson authored
-
- Feb 28, 2014
-
-
Andy Polyakov authored
PR: 3271 (cherry picked from commit 65370f9b)
-
Dr. Stephen Henson authored
-
- Feb 27, 2014
-
-
Dr. Stephen Henson authored
Don't set the fips flags in cipher and digests as the implementations aren't suitable for FIPS mode and will be redirected to the FIPS module versions anyway. Return EVP_CIPH_FLAG_FIPS or EVP_MD_FLAG_FIPS if a FIPS implementation exists when calling EVP_CIPHER_flags and EVP_MD_flags repectively. Remove unused FIPS code from e_aes.c: the 1.0.2 branch will never be used to build a FIPS module.
-
Dr. Stephen Henson authored
The file evp_fips.c isn't used in OpenSSL 1.0.2 as FIPS and non-FIPS implementations of algorithms can coexist.
-
Andy Polyakov authored
-
Andy Polyakov authored
(cherry picked from commit 4ca02656)
-
Andy Polyakov authored
(cherry picked from commit b62a4a1c)
-
Andy Polyakov authored
(cherry picked from commit ce876d83)
-
Andy Polyakov authored
(cherry picked from commit f861b1d4)
-
Andy Polyakov authored
(cherry picked from commit fd361a67)
-
Andy Polyakov authored
[but don't let it mask make's]. PR: 3269
-
- Feb 26, 2014
-
-
Andy Polyakov authored
PR: 3165
-
Rob Stradling authored
(cherry picked from commit ffcc832ba6e17859d45779eea87e38467561dd5d)
-
Dr. Stephen Henson authored
-
Andy Polyakov authored
(cherry picked from commit d49135e7)
-
Andy Polyakov authored
(cherry picked from commit 147cca8f)
-
Andy Polyakov authored
(cherry picked from commit 7bb9d84e)
-
- Feb 25, 2014
-
-
Andy Polyakov authored
PR: 3201 (cherry picked from commit 03da57fe)
-
Andy Polyakov authored
(cherry picked from commit e704741b)
-
Zoltan Arpadffy authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Not all platforms define BN_ULLONG. Define SCTS_TIMESTAMP as a type which should work on all platforms.
-