Skip to content
  1. Jun 27, 2016
  2. Jun 26, 2016
  3. Jun 25, 2016
  4. Jun 24, 2016
  5. Jun 23, 2016
  6. Jun 22, 2016
  7. Jun 21, 2016
  8. Jun 20, 2016
  9. Jun 16, 2016
  10. Jun 15, 2016
  11. Jun 14, 2016
  12. Jun 13, 2016
  13. Jun 12, 2016
  14. Jun 10, 2016
  15. Jun 07, 2016
  16. Jun 06, 2016
    • Cesar Pereida's avatar
      Fix DSA, preserve BN_FLG_CONSTTIME · 621eaf49
      Cesar Pereida authored
      
      
      Operations in the DSA signing algorithm should run in constant time in
      order to avoid side channel attacks. A flaw in the OpenSSL DSA
      implementation means that a non-constant time codepath is followed for
      certain operations. This has been demonstrated through a cache-timing
      attack to be sufficient for an attacker to recover the private DSA key.
      
      CVE-2016-2178
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      621eaf49
  17. Jun 03, 2016
    • Matt Caswell's avatar
      Fix documentation error in x509 app certopt flag · 46bad919
      Matt Caswell authored
      
      
      According to the x509 man page in the section discussing -certopt it says
      that the ca_default option is the same as that used by the ca utility and
      (amongst other things) has the effect of suppressing printing of the
      signature - but in fact it doesn't. This error seems to have been present
      since the documentation was written back in 2001. It never had this effect.
      
      The default config file sets the certopt value to ca_default. The ca utility
      takes that and THEN adds additional options to suppress printing of the
      signature. So the ca utility DOES suppress printing of the signature - but
      it is not as a result of using the ca_default option.
      
      GitHub Issue #247
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit 39a47008)
      46bad919
    • Matt Caswell's avatar
      BIO_printf() can fail to print the last character · 96f1de5b
      Matt Caswell authored
      
      
      If the string to print is exactly 2048 character long (excluding the NULL
      terminator) then BIO_printf will chop off the last byte. This is because
      it has filled its static buffer but hasn't yet allocated a dynamic buffer.
      In cases where we don't have a dynamic buffer we need to truncate but that
      is not the case for BIO_printf(). We need to check whether we are able to
      have a dynamic buffer buffer deciding to truncate.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      96f1de5b
    • Jonas Maebe's avatar
      cryptodev_asym, zapparams: use OPENSSL_* allocation routines, handle errors · f3cab0b1
      Jonas Maebe authored
      
      
      zapparams modification based on tip from Matt Caswell
      
      RT#3198
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      f3cab0b1