- Oct 17, 2014
-
-
Kurt Cancemi authored
Reviewed-by: Ben Laurie <ben@openssl.org> (cherry picked from commit 87d388c9)
-
- Oct 16, 2014
-
-
Dr. Stephen Henson authored
The 1**0 test will fail for FIPS capable builds because it uses the old BIGNUM code in the 1.2 FIPS module which can't be fixed. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- Oct 15, 2014
-
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Bodo Möller <bodo@openssl.org>
-
Geoff Thorpe authored
CVE-2014-3568 Reviewed-by: Emilia Kasper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
CVE-2014-3567 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 90e53055939db40cf0fac1ad0c59630280aeee86)
-
Bodo Moeller authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Bodo Moeller authored
handling out of #ifndef OPENSSL_NO_DTLS1 section. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Bodo Moeller authored
Reviewed-by: Steve Henson <steve@openss.org>
-
Bodo Moeller authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
- Sep 29, 2014
-
-
Dr. Stephen Henson authored
Reencode DigestInto in DER and check against the original: this will reject any improperly encoded DigestInfo structures. Note: this is a precautionary measure, there is no known attack which can exploit this. Thanks to Brian Smith for reporting this issue. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Sep 25, 2014
-
-
Emilia Kasper authored
Accidentally omitted from commit 455b65df Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit fdc35a9d)
-
- Sep 24, 2014
-
-
Emilia Kasper authored
Do the final padding check in EVP_DecryptFinal_ex in constant time to avoid a timing leak from padding failure. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit b55ff319) Conflicts: crypto/evp/Makefile crypto/evp/evp_enc.c
-
Emilia Kasper authored
(Original commit adb46dbc ) Use the new constant-time methods consistently in s3_srvr.c Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit 455b65df) Conflicts: ssl/Makefile
-
Adam Langley authored
that bad encryptions are treated like random session keys in constant time. (cherry picked from commit adb46dbc ) Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
Also tweak s3_cbc.c to use new constant-time methods. Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1 This patch is based on the original RT submission by Adam Langley <agl@chromium.org>, as well as code from BoringSSL and OpenSSL. Reviewed-by: Kurt Roeckx <kurt@openssl.org> Conflicts: crypto/rsa/rsa_oaep.c
-
- Sep 21, 2014
-
-
Tim Hudson authored
that fixed PR#3450 where an existing cast masked an issue when i was changed from int to long in that commit Picked up on z/linux (s390) where sizeof(int)!=sizeof(long) Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit b5ff559f)
-
- Sep 04, 2014
-
-
Adam Langley authored
(cherry picked from commit 2b0180c3 ) Reviewed-by: Ben Laurie <ben@openssl.org>
-
- Sep 03, 2014
-
-
Richard Levitte authored
string returns 0 with errno = ENOENT. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 360928b7)
-
Phil Mesnier authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 6a14fe75)
-
- Sep 02, 2014
-
-
Emilia Kasper authored
"inline" without static is not correct as the compiler may choose to ignore it and will then either emit an external definition, or expect one. Reviewed-by: Geoff Thorpe <geoff@openssl.org> (cherry picked from commit 86f50b36)
-
- Aug 29, 2014
-
-
Matt Caswell authored
PR2693 Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 5d33b70ef5a4768fdfb77a73f9817c4570613039)
-
- Aug 28, 2014
-
-
Emilia Kasper authored
Pull constant-time methods out to a separate header, add tests. Reviewed-by: Bodo Moeller <bodo@openssl.org> (cherry picked from commit 73729e4c) Conflicts: ssl/Makefile test/Makefile
-
- Aug 22, 2014
-
-
Adam Langley authored
Limit the number of empty records that will be processed consecutively in order to prevent ssl3_get_record from never returning. Reported by "oftc_must_be_destroyed" and George Kadianakis. Reviewed-by: Bodo Moeller <bodo@openssl.org> (cherry picked from commit 3aac17a8)
-
- Aug 21, 2014
-
-
Emilia Kasper authored
In Visual Studio, inline is available in C++ only, however __inline is available for C, see http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dr Stephen Henson <steve@openssl.org> (cherry picked from commit f511b25a) Conflicts: e_os.h
-
- Aug 19, 2014
-
-
Adam Langley authored
eliminating them as dead code. Both volatile and "memory" are used because of some concern that the compiler may still cache values across the asm block without it, and because this was such a painful debugging session that I wanted to ensure that it's never repeated. (cherry picked from commit 7753a3a6 ) Conflicts: crypto/bn/asm/x86_64-gcc.c Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit a90b1e32)
-
- Aug 15, 2014
-
-
Matt Caswell authored
PR#3450 Conflicts: ssl/s3_clnt.c Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- Aug 13, 2014
-
-
Bodo Moeller authored
group_order_tests (ectest.c). Also fix the EC_POINTs_mul documentation (ec.h). Reviewed-by: <emilia@openssl.org> Conflicts: crypto/ec/ectest.c Conflicts: crypto/ec/ec.h
-
- Aug 06, 2014
-
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Emilia Kasper authored
- Upon parsing, reject OIDs with invalid base-128 encoding. - Always NUL-terminate the destination buffer in OBJ_obj2txt printing function. CVE-2014-3508 Reviewed-by: Dr. Stephen Henson <steve@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Emilia Käsper authored
CVE-2014-3510 Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
David Benjamin authored
CVE-2014-3511 Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Bodo Möller <bodo@openssl.org>
-
Adam Langley authored
In |dtls1_process_out_of_seq_message|, we know that |frag_len| <= |msg_hdr->msg_len| so the later tests for |frag_len < msg_hdr->msg_len| can be more clearly written as |frag_len != msg_hdr->msg_len|, since that's the only remaining case. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Applying same fix as in dtls1_process_out_of_seq_message. A truncated DTLS fragment would cause *ok to be clear, but the return value would still be the number of bytes read. Problem identified by Emilia Käsper, based on previous issue/patch by Adam Langley. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Adam Langley authored
Previously, a truncated DTLS fragment in |dtls1_process_out_of_seq_message| would cause *ok to be cleared, but the return value would still be the number of bytes read. This would cause |dtls1_get_message| not to consider it an error and it would continue processing as normal until the calling function noticed that *ok was zero. I can't see an exploit here because |dtls1_get_message| uses |s->init_num| as the length, which will always be zero from what I can see. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-