Commits · 5fc77684f1bfa87d0cf9f7a84de92550fa854a84 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Jun 27, 2016

evp/evp_enc.c: refine partial buffer overlap detection. · 5fc77684
Andy Polyakov authored Jun 20, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
5fc77684

evp/evp_enc.c: check for partially[!] overlapping buffers · c3a73daf

Andy Polyakov authored Jun 17, 2016


in EVP_EncryptUpdate and EVP_DecryptUpdate. It is argued that in
general case it's impossible to provide guarantee that partially[!]
overlapping buffers can be tolerated.

Reviewed-by: Matt Caswell <matt@openssl.org>

c3a73daf

Jun 26, 2016

RT2680: Public EC key is shown as private · dca5eeb4

Rich Salz authored Jun 26, 2016



Re-implemented as suggested by Steve Henson.
Also change ECParameters_print the same way.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

dca5eeb4

RT2964: Fix it via doc · 5d28ff38

Rich Salz authored Jun 26, 2016



OBJ_nid2obj() and friends should be treated as const.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

5d28ff38

Revert "RT2964: Fix it via doc" · c32bdbf1

Rich Salz authored Jun 25, 2016

This reverts commit 82f31fe4

.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

c32bdbf1

Jun 25, 2016

RT2964: Fix it via doc · 82f31fe4

Rich Salz authored Jun 25, 2016



OBJ_nid2obj() and friends should be treated as const.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

82f31fe4

Handle BN_mod_word failures. · d70a5627

David Benjamin authored Jun 24, 2016

As of 37258dad

 and the corresponding upstream
change, BN_mod_word may fail, like BN_div_word. Handle this properly. Thanks to
Brian Smith for pointing this out. See BoringSSL's
44bedc348d9491e63c7ed1438db100a4b8a830be.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1251

d70a5627

Fix BN_is_prime* calls. · 748e8530

David Benjamin authored Jun 24, 2016



This function returns a tri-state -1 on error. See BoringSSL's
53409ee3d7595ed37da472bc73b010cd2c8a5ffd.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1251

748e8530

Add x509 and crl corpora · f08c8c1a
Kurt Roeckx authored Jun 21, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1229
```
f08c8c1a
Add X509 and CRL fuzzer · e1859d8d
Kurt Roeckx authored Jun 18, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1229
```
e1859d8d

Jun 24, 2016

Add -ciphers flag to enc command · 3b5bea36

Rich Salz authored Jun 24, 2016



Don't print the full list of ciphers as part of the -help output.

Reviewed-by: Andy Polyakov <appro@openssl.org>

3b5bea36

perlasm/x86_64-xlate.pl: address errors and warnings in elderly perls. · 67b8bf4d
Andy Polyakov authored Jun 23, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
67b8bf4d
./config: minor cleanup. · 8f3bc096
Andy Polyakov authored Jun 23, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
8f3bc096
./config: detect x32-only environment. · c5c0cac5
Andy Polyakov authored Jun 23, 2016
```
RT#4583

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
c5c0cac5

Teach EVP_PKEY_HMAC keys how to EVP_PKEY_cmp() · 3b92e518

Nathaniel McCallum authored Jun 20, 2016



Fixes openssl/openssl#1236

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1237)

3b92e518

Avoid signed overflow · 5bea15eb

Kurt Roeckx authored Jun 23, 2016



Found by afl

Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #3013

5bea15eb

Deal with API changes. · 24bf6f3c
Ben Laurie authored Jun 24, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
24bf6f3c

Ensure HMAC key gets cleansed after use · 0def528b

Matt Caswell authored Jun 24, 2016



aesni_cbc_hmac_sha256_ctrl() and aesni_cbc_hmac_sha1_ctrl() cleanse the
HMAC key after use, but static int rc4_hmac_md5_ctrl() doesn't.

Fixes an OCAP Audit issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>

0def528b

Add some documentation for missing HMAC functions · 827d17f0
Matt Caswell authored Jun 20, 2016
```
This includes the newly added HMAC_CTX_get_md().

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
827d17f0

Add a getter to obtain the HMAC_CTX md · a6211814

Matt Caswell authored Jun 20, 2016



As a result of opaque HMAC_CTX apps need a getter for the HMAC_CTX md.

GitHub Issue #1152

Reviewed-by: Tim Hudson <tjh@openssl.org>

a6211814

Jun 23, 2016

Fix ASN1_STRING_to_UTF8 could not convert NumericString · d6079a87

Matt Caswell authored Jun 23, 2016



tag2nbyte had -1 at 18th position, but underlying ASN1_mbstring_copy
supports NumericString. tag2nbyte is also used in do_print_ex which will
not be broken by setting 1 at 18th position of tag2nbyte

Reviewed-by: Stephen Henson <steve@openssl.org>

d6079a87

Make x25519_compute_key() return a boolean · 51a3b763

huangqinjin authored Jun 23, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

51a3b763

Make ossl_ecdh_compute_key() return a boolean · 65ea288d

huangqinjin authored Jun 17, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

65ea288d

utils/mkdir-p: check if dir exists also after mkdir failed · 70a56b91

Sebastian Andrzej Siewior authored Jun 10, 2016



with "make install -j8" it happens very often that two or more make
instances are creating the same directory in parallel. As a result one
instace creates the directory and second mkdir fails because the
directory exists already (but it did not while testing for it earlier).

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1204)

70a56b91

RT2867: des_ede3_cfb1 ignored "size in bits" flag · fe2d1491

Rich Salz authored Jun 23, 2016



Code and tests by Steve.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

fe2d1491

Drop extraneous printf argument in mkcert.sh · 615dd78b
Viktor Dukhovni authored Jun 23, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
615dd78b
Update fuzz corpora · d0ba3119
Kurt Roeckx authored Jun 15, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #2986
```
d0ba3119

Add checks on sk_TYPE_push() returned result · 3c82e437

FdaSilvaYY authored Jun 04, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

3c82e437

Rework error handling from asn1_do_lock method. · 687b4868

FdaSilvaYY authored May 29, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

687b4868

Jun 22, 2016
- Fix generation of expired CA certificate. · b58614d7
  Dr. Stephen Henson authored Jun 22, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  b58614d7
- OpenSSL::Test: Fix directory calculations in __cwd() · 768a3eca
  Richard Levitte authored Jun 22, 2016
```
The previous fix contained a mistake, where any absolute path in
%directories would be cleared away instead of just being left alone.

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  768a3eca
- rand/randfile.c: make it non-ASCII-savvy. · fc6076ca
  Andy Polyakov authored Jun 21, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  fc6076ca
- Move OS-specific fopen quirks to o_fopen.c. · 09487816
  Andy Polyakov authored Jun 21, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  09487816
- crypto/cryptlib.c: omit OPENSSL_ia32cap_loc(). · eeac54ef
  Andy Polyakov authored Jun 17, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  eeac54ef
Jun 21, 2016

Spelling... and more spelling · f430ba31

FdaSilvaYY authored Jun 19, 2016



Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1245)

f430ba31

segmentation fault with 'openssl s_client -prexit -keymatexport' · 1d8b4eb2

mmiyashita authored Jun 21, 2016



Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1243)

1d8b4eb2

Avoid creating an illegal pointer. · 5388b8d4

Kurt Roeckx authored Jun 18, 2016



Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1230

5388b8d4

Make RSA key exchange code actually constant-time. · 5b8fa431

David Benjamin authored Jun 16, 2016

Using RSA_PKCS1_PADDING with RSA_private_decrypt is inherently unsafe.
The API requires writing output on success and touching the error queue
on error. Thus, although the padding check itself is constant-time as of
294d1e36, and the logic after the
decryption in the SSL code is constant-time as of
adb46dbc

, the API boundary in the middle
still leaks whether the padding check succeeded, giving us our
much-loved Bleichenbacher padding oracle.

Instead, PKCS#1 padding must be handled by the caller which uses
RSA_NO_PADDING, in timing-sensitive code integrated with the
Bleichenbacher mitigation. Removing PKCS#1 padding in constant time is
actually much simpler when the expected length is a constant (and if
it's not a constant, avoiding a padding oracle seems unlikely), so just
do it inline.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1222

5b8fa431

buf2hexstr: properly deal with empty string · 01238aec

Kurt Roeckx authored Jun 19, 2016



It wrote before the start of the string

found by afl

Reviewed-by: Richard Levitte <levitte@openssl.org>

MR: #2994

01238aec

Fix typo · 28bd8e94

Petr Vaněk authored Jun 21, 2016



Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1241)

28bd8e94