- Sep 24, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 5886354d)
-
Andy Polyakov authored
RT: 3541 Reviewed-by: Emilia Kasper <emilia@openssl.org> (cherry picked from commit 8b07c005)
-
Emilia Kasper authored
Do the final padding check in EVP_DecryptFinal_ex in constant time to avoid a timing leak from padding failure. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 4aac102f) Conflicts: crypto/evp/evp_enc.c (cherry picked from commit 738911cd)
-
Emilia Kasper authored
(Original commit adb46dbc ) Use the new constant-time methods consistently in s3_srvr.c Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit 455b65df)
-
Adam Langley authored
that bad encryptions are treated like random session keys in constant time. (cherry picked from commit adb46dbc ) Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
Also tweak s3_cbc.c to use new constant-time methods. Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1 This patch is based on the original RT submission by Adam Langley <agl@chromium.org>, as well as code from BoringSSL and OpenSSL. Reviewed-by: Kurt Roeckx <kurt@openssl.org> Conflicts: crypto/rsa/rsa_oaep.c
-
- Sep 21, 2014
-
-
Tim Hudson authored
that fixed PR#3450 where an existing cast masked an issue when i was changed from int to long in that commit Picked up on z/linux (s390) where sizeof(int)!=sizeof(long) Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit b5ff559f)
-
- Sep 10, 2014
-
-
Rich Salz authored
If we don't find a signer in the internal list, then fall through and look at the internal list; don't just return NULL. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit b2aa38a9)
-
- Sep 08, 2014
-
-
Erik Auerswald authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit af4c6e34)
-
- Sep 05, 2014
-
-
Adam Langley authored
Fix a bug in handling of 128 byte long PSK identity in psk_client_callback. OpenSSL supports PSK identities of up to (and including) 128 bytes in length. PSK identity is obtained via the psk_client_callback, implementors of which are expected to provide a NULL-terminated identity. However, the callback is invoked with only 128 bytes of storage thus making it impossible to return a 128 byte long identity and the required additional NULL byte. This CL fixes the issue by passing in a 129 byte long buffer into the psk_client_callback. As a safety precaution, this CL also zeroes out the buffer before passing it into the callback, uses strnlen for obtaining the length of the identity returned by the callback, and aborts the handshake if the identity (without the NULL terminator) is longer than 128 bytes. (Original patch amended to achieve strnlen in a different way.) Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit be0d8517)
-
- Sep 04, 2014
-
-
Adam Langley authored
(cherry picked from commit 2b0180c3 ) Reviewed-by: Ben Laurie <ben@openssl.org>
-
- Sep 03, 2014
-
-
Richard Levitte authored
string returns 0 with errno = ENOENT. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 360928b7)
-
Phil Mesnier authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 6a14fe75)
-
- Sep 02, 2014
-
-
Emilia Kasper authored
"inline" without static is not correct as the compiler may choose to ignore it and will then either emit an external definition, or expect one. Reviewed-by: Geoff Thorpe <geoff@openssl.org> (cherry picked from commit 86f50b36)
-
- Aug 30, 2014
-
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 4d86e8df)
-
Rich Salz authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 9d6253cf)
-
Rich Salz authored
Re-order algorithm list. Be consistent in command synopsis. Add content about signing. Add EXAMPLE section Add some missing options: -r, -fips-fingerprint -non-fips-allow Various other fixes. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 6aa9dbab)
-
James Westby authored
Add the file written by James Westby, graciously contributed under the terms of the OpenSSL license. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit cf2239b3)
-
- Aug 29, 2014
-
-
Rich Salz authored
The doc says that port can be "*" to mean any port. That's wrong. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 07e3b31f)
-
- Aug 28, 2014
-
-
Emilia Kasper authored
Pull constant-time methods out to a separate header, add tests. Reviewed-by: Bodo Moeller <bodo@openssl.org> (cherry picked from commit 9a9b0c04) Conflicts: test/Makefile
-
Raphael Spreitzer authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit f9fb43e1)
-
Rich Salz authored
Add the wrapper to all public header files (Configure generates one). Don't bother for those that are just lists of #define's that do renaming. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 089f10e6)
-
- Aug 27, 2014
-
-
Emilia Kasper authored
The old code implicitly relies on the ASN.1 code returning a \0-prefixed buffer when the buffer length is 0. Change this to verify explicitly that the ASN.1 string has positive length. Reviewed-by: Dr Stephen Henson <steve@openssl.org> (cherry picked from commit 82dc08de54ce443c2a9ac478faffe79e76157795)
-
Matt Caswell authored
When d2i_ECPrivateKey reads a private key with a missing (optional) public key, generate one automatically from the group and private key. Reviewed-by: Dr Stephen Henson <steve@openssl.org> (cherry picked from commit ed383f847156940e93f256fed78599873a4a9b28) Conflicts: doc/crypto/EC_KEY_new.pod
-
Adam Langley authored
This change saves several EC routines from crashing when an EC_KEY is missing a public key. The public key is optional in the EC private key format and, without this patch, running the following through `openssl ec` causes a crash: -----BEGIN EC PRIVATE KEY----- MBkCAQEECAECAwQFBgcIoAoGCCqGSM49AwEH -----END EC PRIVATE KEY----- Reviewed-by: Dr Stephen Henson <steve@openssl.org> (cherry picked from commit b391570bdeb386d4fd325917c248d593d3c43930)
-
Mihai Militaru authored
I also removed some trailing whitespace and cleaned up the "see also" list. Reviewed-by: Emilia Kasper <emilia@openssl.org> (cherry picked from commit 7b3e11c5)
-
- Aug 26, 2014
-
-
David Gatwood authored
The description of when the server creates a DH key is confusing. This cleans it up. (rsalz: also removed trailing whitespace.) Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
- Aug 25, 2014
-
-
Jan Schaumann authored
The EXAMPLE that used FILE and RC2 doesn't compile due to a few minor errors. Tweak to use IDEA and AES-128. Remove examples about RC2 and RC5. Reviewed-by: Emilia Kasper <emilia@openssl.org>
-
- Aug 24, 2014
-
-
Matt Caswell authored
This patch was submitted by user "Kox" via the wiki Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 2dd8cb3b)
-
- Aug 22, 2014
-
-
Adam Langley authored
Limit the number of empty records that will be processed consecutively in order to prevent ssl3_get_record from never returning. Reported by "oftc_must_be_destroyed" and George Kadianakis. Reviewed-by: Bodo Moeller <bodo@openssl.org> (cherry picked from commit 3aac17a8)
-
Adam Langley authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit e19c9381)
-
Emilia Kasper authored
Clarify the intended use of EVP_PKEY_sign. Make the code example compile. Reviewed-by: Dr Stephen Henson <steve@openssl.org> (cherry picked from commit d64c533a)
-
- Aug 21, 2014
-
-
Emilia Kasper authored
In Visual Studio, inline is available in C++ only, however __inline is available for C, see http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dr Stephen Henson <steve@openssl.org> (cherry picked from commit f511b25a)
-
Emilia Kasper authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit da92be4d)
-
- Aug 19, 2014
-
-
Adam Langley authored
eliminating them as dead code. Both volatile and "memory" are used because of some concern that the compiler may still cache values across the asm block without it, and because this was such a painful debugging session that I wanted to ensure that it's never repeated. (cherry picked from commit 7753a3a6 ) Conflicts: crypto/bn/asm/x86_64-gcc.c Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Aug 15, 2014
-
-
Matt Caswell authored
PR#3450 Conflicts: ssl/s3_clnt.c Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- Aug 13, 2014
-
-
Bodo Moeller authored
group_order_tests (ectest.c). Also fix the EC_POINTs_mul documentation (ec.h). Reviewed-by: <emilia@openssl.org>
-
- Aug 12, 2014
-
-
Dr. Stephen Henson authored
Add patch missed from backport of SRP ciphersuite fix. PR#3490 Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
- Aug 08, 2014
-
-
Dr. Stephen Henson authored
The addition of SRP authentication needs to be checked in various places to work properly. Specifically: A certificate is not sent. A certificate request must not be sent. Server key exchange message must not contain a signature. If appropriate SRP authentication ciphersuites should be chosen. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 8f5a8805b82d1ae81168b11b7f1506db9e047dec) Conflicts: ssl/s3_clnt.c ssl/s3_lib.c
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 193c1c07165b0042abd217274a084b49459d4443)
-