- Jun 27, 2016
-
-
Brian Smith authored
There was some uncertainty about what the code is doing with |$end0| and whether it was necessary for |$len| to be a multiple of 16 or 96. Hopefully these added comments make it clear that the code is correct except for the caveat regarding low memory addresses. Change-Id: Iea546a59dc7aeb400f50ac5d2d7b9cb88ace9027 Reviewed-on: https://boringssl-review.googlesource.com/7194 Reviewed-by: Adam Langley <agl@google.com> Signed-off-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
in EVP_EncryptUpdate and EVP_DecryptUpdate. It is argued that in general case it's impossible to provide guarantee that partially[!] overlapping buffers can be tolerated. Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Jun 26, 2016
-
-
Rich Salz authored
Re-implemented as suggested by Steve Henson. Also change ECParameters_print the same way. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Rich Salz authored
OBJ_nid2obj() and friends should be treated as const. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Rich Salz authored
This reverts commit 82f31fe4 . Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Jun 25, 2016
-
-
Rich Salz authored
OBJ_nid2obj() and friends should be treated as const. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
David Benjamin authored
As of 37258dad and the corresponding upstream change, BN_mod_word may fail, like BN_div_word. Handle this properly. Thanks to Brian Smith for pointing this out. See BoringSSL's 44bedc348d9491e63c7ed1438db100a4b8a830be. Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1251
-
David Benjamin authored
This function returns a tri-state -1 on error. See BoringSSL's 53409ee3d7595ed37da472bc73b010cd2c8a5ffd. Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1251
-
Kurt Roeckx authored
Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1229
-
Kurt Roeckx authored
Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1229
-
- Jun 24, 2016
-
-
Rich Salz authored
Don't print the full list of ciphers as part of the -help output. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
RT#4583 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Nathaniel McCallum authored
Fixes openssl/openssl#1236 Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1237)
-
Kurt Roeckx authored
Found by afl Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #3013
-
Ben Laurie authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
aesni_cbc_hmac_sha256_ctrl() and aesni_cbc_hmac_sha1_ctrl() cleanse the HMAC key after use, but static int rc4_hmac_md5_ctrl() doesn't. Fixes an OCAP Audit issue. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Matt Caswell authored
This includes the newly added HMAC_CTX_get_md(). Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
As a result of opaque HMAC_CTX apps need a getter for the HMAC_CTX md. GitHub Issue #1152 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Jun 23, 2016
-
-
Matt Caswell authored
tag2nbyte had -1 at 18th position, but underlying ASN1_mbstring_copy supports NumericString. tag2nbyte is also used in do_print_ex which will not be broken by setting 1 at 18th position of tag2nbyte Reviewed-by: Stephen Henson <steve@openssl.org>
-
huangqinjin authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
huangqinjin authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Sebastian Andrzej Siewior authored
with "make install -j8" it happens very often that two or more make instances are creating the same directory in parallel. As a result one instace creates the directory and second mkdir fails because the directory exists already (but it did not while testing for it earlier). Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1204)
-
Rich Salz authored
Code and tests by Steve. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Kurt Roeckx authored
Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #2986
-
FdaSilvaYY authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
FdaSilvaYY authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Jun 22, 2016
-
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
The previous fix contained a mistake, where any absolute path in %directories would be cleared away instead of just being left alone. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jun 21, 2016
-
-
FdaSilvaYY authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1245)
-
mmiyashita authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1243)
-
Kurt Roeckx authored
Found by tis-interpreter Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1230
-
David Benjamin authored
Using RSA_PKCS1_PADDING with RSA_private_decrypt is inherently unsafe. The API requires writing output on success and touching the error queue on error. Thus, although the padding check itself is constant-time as of 294d1e36, and the logic after the decryption in the SSL code is constant-time as of adb46dbc , the API boundary in the middle still leaks whether the padding check succeeded, giving us our much-loved Bleichenbacher padding oracle. Instead, PKCS#1 padding must be handled by the caller which uses RSA_NO_PADDING, in timing-sensitive code integrated with the Bleichenbacher mitigation. Removing PKCS#1 padding in constant time is actually much simpler when the expected length is a constant (and if it's not a constant, avoiding a padding oracle seems unlikely), so just do it inline. Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1222
-