Skip to content
GitLab
  1. 13 Jun, 2018 1 commit
    • Matt Caswell's avatar
      Add blinding to an ECDSA signature · a3e9d5aa
      Matt Caswell authored 
      

Keegan Ryan (NCC Group) has demonstrated a side channel attack on an
ECDSA signature operation. During signing the signer calculates:

s:= k^-1 * (m + r * priv_key) mod order

The addition operation above provides a sufficient signal for a
flush+reload attack to derive the private key given sufficient signature
operations.

As a mitigation (based on a suggestion from Keegan) we add blinding to
the operation so that:

s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order

Since this attack is a localhost side channel only no CVE is assigned.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      a3e9d5aa
  3. 24 May, 2018 1 commit
  5. 22 May, 2018 1 commit
    • Kurt Roeckx's avatar
      Enable SSL_MODE_AUTO_RETRY by default · 693cf80c
      Kurt Roeckx authored 
      

Because TLS 1.3 sends more non-application data records some clients run
into problems because they don't expect SSL_read() to return and set
SSL_ERROR_WANT_READ after processing it.

This can cause problems for clients that use blocking I/O and use
select() to see if data is available. It can be cleared using
SSL_CTX_clear_mode().

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
GH: #6260
      693cf80c
  7. 12 May, 2018 1 commit
  9. 09 May, 2018 4 commits
  11. 19 Apr, 2018 1 commit
  13. 17 Apr, 2018 1 commit
  15. 05 Apr, 2018 1 commit
  17. 04 Apr, 2018 1 commit
  19. 03 Apr, 2018 2 commits
    • Matt Caswell's avatar
      Fix a text canonicalisation bug in CMS · bcc63714
      Matt Caswell authored 
      

Where a CMS detached signature is used with text content the text goes
through a canonicalisation process first prior to signing or verifying a
signature. This process strips trailing space at the end of lines, converts
line terminators to CRLF and removes additional trailing line terminators
at the end of a file. A bug in the canonicalisation process meant that
some characters, such as form-feed, were incorrectly treated as whitespace
and removed. This is contrary to the specification (RFC5485). This fix
could mean that detached text data signed with an earlier version of
OpenSSL 1.1.0 may fail to verify using the fixed version, or text data
signed with a fixed OpenSSL may fail to verify with an earlier version of
OpenSSL 1.1.0. A workaround is to only verify the canonicalised text data
and use the "-binary" flag (for the "cms" command line application) or set
the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using CMS_verify()).

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5790)
      bcc63714
    • Matt Caswell's avatar
      Fix CHANGES · ba505435
      Matt Caswell authored 
      

Fix the last release version number in CHANGES

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5852)
      ba505435
  21. 29 Mar, 2018 1 commit
  23. 27 Mar, 2018 1 commit
  25. 26 Mar, 2018 1 commit
  27. 19 Mar, 2018 1 commit
  29. 14 Mar, 2018 1 commit
  31. 07 Mar, 2018 1 commit
    • Viktor Dukhovni's avatar
      Implement multi-process OCSP responder. · 3e3c7c36
      Viktor Dukhovni authored 
      

With "-multi" the OCSP responder forks multiple child processes,
and respawns them as needed.  This can be used as a long-running
service, not just a demo program.  Therefore the index file is
automatically re-read when changed.  The responder also now optionally
times out client requests.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      3e3c7c36
  33. 05 Mar, 2018 1 commit
  35. 04 Mar, 2018 1 commit
  37. 02 Mar, 2018 1 commit
  39. 23 Feb, 2018 1 commit
  41. 13 Feb, 2018 3 commits
  43. 12 Feb, 2018 1 commit
  45. 07 Feb, 2018 1 commit
  47. 29 Jan, 2018 1 commit
  49. 28 Jan, 2018 1 commit
  51. 23 Jan, 2018 1 commit
  53. 07 Jan, 2018 2 commits
  55. 02 Jan, 2018 1 commit
  57. 12 Dec, 2017 1 commit
  59. 07 Dec, 2017 1 commit
  61. 06 Dec, 2017 1 commit
  63. 21 Nov, 2017 1 commit
    • Paul Yang's avatar
      Support multi-prime RSA (RFC 8017) · 665d899f
      Paul Yang authored 
      

* Introduce RSA_generate_multi_prime_key to generate multi-prime
  RSA private key. As well as the following functions:
    RSA_get_multi_prime_extra_count
    RSA_get0_multi_prime_factors
    RSA_get0_multi_prime_crt_params
    RSA_set0_multi_prime_params
    RSA_get_version
* Support EVP operations for multi-prime RSA
* Support ASN.1 operations for multi-prime RSA
* Support multi-prime check in RSA_check_key_ex
* Support multi-prime RSA in apps/genrsa and apps/speed
* Support multi-prime RSA manipulation functions
* Test cases and documentation are added
* CHANGES is updated

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
Reviewed-by: default avatarBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4241)
      665d899f
  65. 12 Nov, 2017 1 commit