- 11 Sep, 2017 1 commit
-
-
multics authored
Fixes the typo CLA: trivial Reviewed-by:
Paul Dale <paul.dale@oracle.com> Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4354) (cherry picked from commit f70c22eb)
-
- 07 Sep, 2017 1 commit
-
-
Rich Salz authored
Reviewed-by:
-
- 28 Aug, 2017 1 commit
-
-
Rich Salz authored
Fixes CVE 2017-3735 Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4276) (cherry picked from commit b2317174)
-
- 25 Aug, 2017 1 commit
-
-
Matt Caswell authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
-
- 24 Aug, 2017 1 commit
-
-
Rich Salz authored
Reviewed-by:
-
- 23 Aug, 2017 2 commits
-
-
Dr. Stephen Henson authored
Fix GCM documentation: the tag does not have to be supplied before decrypting any data any more. Reviewed-by:
-
Rich Salz authored
Reviewed-by:
Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4234) (cherry picked from commit a130950d)
-
- 22 Aug, 2017 1 commit
-
-
Pauli authored
Reviewed-by:
-
- 18 Aug, 2017 3 commits
-
-
Dr. Stephen Henson authored
Fixes #4180 Reviewed-by:
-
David von Oheimb authored
Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4183)
-
Andy Polyakov authored
Reviewed-by:
-
- 17 Aug, 2017 1 commit
-
-
Bernd Edlinger authored
Reviewed-by:
-
- 15 Aug, 2017 1 commit
-
-
Richard Levitte authored
Fixes #3867 Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3873)
-
- 09 Aug, 2017 1 commit
-
-
Xiaoyin Liu authored
In the generated HTML document, the `<pre>` tag is not closed. Reviewed-by:
-
- 07 Aug, 2017 2 commits
-
-
Bernd Edlinger authored
Reviewed-by:
-
Rich Salz authored
Also fix one missing use of it. Thanks to GitHub user Vort for finding it and pointing out the fix. Reviewed-by:
-
- 04 Aug, 2017 1 commit
-
-
Bernd Edlinger authored
Reviewed-by:
-
- 31 Jul, 2017 1 commit
-
-
Bernd Edlinger authored
The memory blocks contain secret data and must be cleared before returning to the system heap. Reviewed-by:
-
- 29 Jul, 2017 1 commit
-
-
Bernd Edlinger authored
and d2i_PKCS8PrivateKey_bio before it goes out of scope. Reviewed-by:
-
- 28 Jul, 2017 1 commit
-
-
Paul Yang authored
Reviewed-by:
-
- 27 Jul, 2017 2 commits
-
-
Paul Yang authored
to address #3973, and original PR to master branch is #3614 test case in the original PR is not applied. Reviewed-by:
-
David Benjamin authored
Reviewed-by:
Ben Kaduk <kaduk@mit.edu> Reviewed-by:
-
- 25 Jul, 2017 2 commits
-
-
Andy Polyakov authored
"Optimize" is in quotes because it's rather a "salvage operation" for now. Idea is to identify processor capability flags that drive Knights Landing to suboptimial code paths and mask them. Two flags were identified, XSAVE and ADCX/ADOX. Former affects choice of AES-NI code path specific for Silvermont (Knights Landing is of Silvermont "ancestry"). And 64-bit ADCX/ADOX instructions are effectively mishandled at decode time. In both cases we are looking at ~2x improvement. Hardware used for benchmarking courtesy of Atos, experiments run by Romain Dolbeau <romain.dolbeau@atos.net>. Kudos! This is minimalistic backpoint of 64d92d74 Thanks to David Benjamin for spotting typo in Knights Landing detection! Reviewed-by:
-
Simon Richter authored
Commit b8326569 fixed whitespace handling in the copy script, which exposes bugs in the install routine for nmake Makefiles. This corrects the quoting around the copy invocation for the openssl.exe binary. CLA: trivial Reviewed-by:
-
- 24 Jul, 2017 2 commits
-
-
Xiaoyin Liu authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
- 22 Jul, 2017 1 commit
-
-
Dr. Stephen Henson authored
Fixes #2718 Reviewed-by:
-
- 20 Jul, 2017 1 commit
-
-
Richard Levitte authored
When an error occurs during the starttls handskake, s_client gets stuck looping around zero bytes reads, because the server won't sent anything more after its error tag. Shutting down on the first zero byte read fixes this. Fixes #3980 Reviewed-by:
-
- 19 Jul, 2017 2 commits
-
-
Matt Caswell authored
The intention of the removed code was to check if the previous operation carried. However this does not work. The "mask" value always ends up being a constant and is all ones - thus it has no effect. This check is no longer required because of the previous commit. Reviewed-by:
-
Matt Caswell authored
In TLS mode of operation the padding value "pad" is obtained along with the maximum possible padding value "maxpad". If pad > maxpad then the data is invalid. However we must continue anyway because this is constant time code. We calculate the payload length like this: inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); However if pad is invalid then inp_len ends up -ve (actually large +ve because it is a size_t). Later we do this: /* verify HMAC */ out += inp_len; len -= inp_len; This ends up with "out" pointing before the buffer which is undefined behaviour. Next we calculate "p" like this: unsigned char *p = out + len - 1 - maxpad - SHA256_DIGEST_LENGTH; Because of the "out + len" term the -ve inp_len value is cancelled out so "p" points to valid memory (although technically the pointer arithmetic is undefined behaviour again). We only ever then dereference "p" and never "out" directly so there is never an invalid read based on the bad pointer - so there is no security issue. This commit fixes the undefined behaviour by ensuring we use maxpad in place of pad, if the supplied pad is invalid. With thanks to Brian Carpenter for reporting this issue. Reviewed-by:
-
- 18 Jul, 2017 1 commit
-
-
Emilia Kasper authored
This is an inherent weakness of the padding mode. We can't make the implementation constant time (see the comments in rsa_pk1.c), so add a warning to the docs. Reviewed-by:
-
- 16 Jul, 2017 1 commit
-
-
Bernd Edlinger authored
Make RSA key exchange code actually constant-time. Reviewed-by:
-
- 15 Jul, 2017 1 commit
-
-
simon-p-r authored
From https://github.com/openssl/openssl/pull/1023 CLA: trivial Reviewed-by:
-
- 06 Jul, 2017 1 commit
-
-
Richard Levitte authored
When tree_calculate_user_set() fails, a jump to error failed to deallocate a possibly allocated |auth_nodes|. Reviewed-by:
-
- 05 Jul, 2017 3 commits
-
-
Bernd Edlinger authored
Fixes #3349 Reviewed-by:
-
Richard Levitte authored
Undoing: > - in UI_process(), |state| was never made NULL, which means an error > when closing the session wouldn't be accurately reported. This was a faulty cherry-pick from master Reviewed-by:
-
Richard Levitte authored
- in EVP_read_pw_string_min(), the return value from UI_add_* wasn't properly checked - in UI_process(), |state| was never made NULL, which means an error when closing the session wouldn't be accurately reported. Reviewed-by:
-
- 04 Jul, 2017 1 commit
-
-
Rich Salz authored
Port of GH#3842 to 1.0.2 Reviewed-by:
-
- 02 Jul, 2017 2 commits
-
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
