- Jun 25, 2016
-
-
Rich Salz authored
OBJ_nid2obj() and friends should be treated as const. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 82f31fe4)
-
- Jun 24, 2016
-
-
Matt Caswell authored
aesni_cbc_hmac_sha256_ctrl() and aesni_cbc_hmac_sha1_ctrl() cleanse the HMAC key after use, but static int rc4_hmac_md5_ctrl() doesn't. Fixes an OCAP Audit issue. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 0def528b)
-
- Jun 23, 2016
-
-
Matt Caswell authored
tag2nbyte had -1 at 18th position, but underlying ASN1_mbstring_copy supports NumericString. tag2nbyte is also used in do_print_ex which will not be broken by setting 1 at 18th position of tag2nbyte Reviewed-by: Stephen Henson <steve@openssl.org> (cherry picked from commit d6079a87)
-
- Jun 22, 2016
-
-
Andy Polyakov authored
[Note that in master declaration is different.] RT#4568 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jun 21, 2016
-
-
John Foley authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Jun 20, 2016
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Matthias St. Pierre authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 14d3c0dd)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 4973a60c)
-
Andy Polyakov authored
RT#4578 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 3d32bab8)
-
- Jun 16, 2016
-
-
Rich Salz authored
Sender verified that the fix works. This is a backport/cherry-pick of just the bugfix part of 0f91e1df Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
This reverts commit 75f90688 . TerminateProcess is asynchronous, so the code as written in the above commit is not correct (and doesn't even compile at the moment). It is also probably not needed in the speed case. Reverting in order to figure out the correct solution. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Pauli authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Jun 15, 2016
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 9c1a9ccf)
-
- Jun 14, 2016
-
-
Richard Levitte authored
Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit fdcb499c)
-
Richard Levitte authored
Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit bace847e)
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org> Manual cherry-pick of 538860a3.
-
Dr. Stephen Henson authored
The selector field could be omitted because it has a DEFAULT value. In this case *sfld == NULL (sfld can never be NULL). This was not noticed because this was never used in existing ASN.1 modules. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 7c46746b)
-
Andy Polyakov authored
Couple of never-used symbols were clasing with FIPS module, "weakening" them allows to resolve linking errors. RT#3699 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Jun 13, 2016
-
-
Rich Salz authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Dr. Stephen Henson authored
Use string_to_hex, OPENSSL_hexstr2buf() doesn't exist in OpenSSL 1.0.2 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jun 12, 2016
-
-
Andy Polyakov authored
crypto/mem_clr.c was harmonized with master branch and doesn't use cleanse_ctr kludge anymore. RT#4563 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Don't use BN_hex2bn() for PSK key conversion as the conversion to BN and back removes leading zeroes, use OPENSSL_hexstr2buf() instead. RT#4554 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 6ec6d520) Conflicts: apps/s_client.c apps/s_server.c
-
Phillip Hellewell authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 6b360288)
-
Andy Polyakov authored
It's probably worth reminding that this is a fall-back implementation for platforms that don't have assembly OPENSSL_cleanse. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jun 10, 2016
-
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 5000a6d1)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 8605abf1)
-
Matt Caswell authored
The TS_RESP_verify_response() function is used for verifying the response from a TSA. You can set the provided TS_VERIFY_CTX with different flags depending on what aspects of the response you wish to verify. A seg fault will occur if you supply the TS_VFY_SIGNER or TS_VFY_TSA_NAME flags without also specifying TS_VFY_SIGNATURE. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jun 07, 2016
-
-
Matt Caswell authored
The previous commit fixed a bug with BN_mod_word() which would have been caught if we had a test for it. This commit adds one. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Matt Caswell authored
On systems where we do not have BN_ULLONG (e.g. typically 64 bit systems) then BN_mod_word() can return incorrect results if the supplied modulus is too big. RT#4501 Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 37258dad)
-
Matt Caswell authored
The previous "fix" still left "k" exposed to constant time problems in the later BN_mod_inverse() call. Ensure both k and kq have the BN_FLG_CONSTTIME flag set at the earliest opportunity after creation. CVE-2016-2178 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jun 06, 2016
-
-
Cesar Pereida authored
Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key. CVE-2016-2178 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Jun 03, 2016
-
-
Matt Caswell authored
According to the x509 man page in the section discussing -certopt it says that the ca_default option is the same as that used by the ca utility and (amongst other things) has the effect of suppressing printing of the signature - but in fact it doesn't. This error seems to have been present since the documentation was written back in 2001. It never had this effect. The default config file sets the certopt value to ca_default. The ca utility takes that and THEN adds additional options to suppress printing of the signature. So the ca utility DOES suppress printing of the signature - but it is not as a result of using the ca_default option. GitHub Issue #247 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 39a47008)
-
Matt Caswell authored
If the string to print is exactly 2048 character long (excluding the NULL terminator) then BIO_printf will chop off the last byte. This is because it has filled its static buffer but hasn't yet allocated a dynamic buffer. In cases where we don't have a dynamic buffer we need to truncate but that is not the case for BIO_printf(). We need to check whether we are able to have a dynamic buffer buffer deciding to truncate. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Jonas Maebe authored
zapparams modification based on tip from Matt Caswell RT#3198 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dirk Feytons authored
Add missing ifdefs. Same change is already present in master, see b4a3aeeb Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1155)
-
Matt Caswell authored
Fix typos and clarify a few things in the CONTRIBUTING file. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jun 01, 2016
-
-
Matt Caswell authored
A common idiom in the codebase is: if (p + len > limit) { return; /* Too long */ } Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE "len" here could be from some externally supplied data (e.g. from a TLS message). The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour. For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit! Issue reported by Guido Vranken. CVE-2016-2177 Reviewed-by: Rich Salz <rsalz@openssl.org>
-