- Jun 16, 2016
-
-
Pauli authored
Reviewed-by:Matt Caswell <matt@openssl.org>
-
- Jun 15, 2016
-
-
Rich Salz authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> (cherry picked from commit 9c1a9ccf)
-
- Jun 14, 2016
-
-
Richard Levitte authored
Reviewed-by:
Stephen Henson <steve@openssl.org> Reviewed-by:
Emilia Käsper <emilia@openssl.org> (cherry picked from commit fdcb499c)
-
Richard Levitte authored
Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
Dr. Stephen Henson authored
The selector field could be omitted because it has a DEFAULT value. In this case *sfld == NULL (sfld can never be NULL). This was not noticed because this was never used in existing ASN.1 modules. Reviewed-by:
Rich Salz <rsalz@openssl.org> (cherry picked from commit 7c46746b)
-
Andy Polyakov authored
Couple of never-used symbols were clasing with FIPS module, "weakening" them allows to resolve linking errors. RT#3699 Reviewed-by: -
Rich Salz authored
Reviewed-by:
-
- Jun 13, 2016
-
-
Rich Salz authored
Reviewed-by:Andy Polyakov <appro@openssl.org>
-
Dr. Stephen Henson authored
Use string_to_hex, OPENSSL_hexstr2buf() doesn't exist in OpenSSL 1.0.2 Reviewed-by:
-
- Jun 12, 2016
-
-
Andy Polyakov authored
crypto/mem_clr.c was harmonized with master branch and doesn't use cleanse_ctr kludge anymore. RT#4563 Reviewed-by: -
Dr. Stephen Henson authored
Don't use BN_hex2bn() for PSK key conversion as the conversion to BN and back removes leading zeroes, use OPENSSL_hexstr2buf() instead. RT#4554 Reviewed-by:
-
Phillip Hellewell authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> (cherry picked from commit 6b360288)
-
Andy Polyakov authored
It's probably worth reminding that this is a fall-back implementation for platforms that don't have assembly OPENSSL_cleanse. Reviewed-by: -
Andy Polyakov authored
Reviewed-by:
-
- Jun 10, 2016
-
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
The TS_RESP_verify_response() function is used for verifying the response from a TSA. You can set the provided TS_VERIFY_CTX with different flags depending on what aspects of the response you wish to verify. A seg fault will occur if you supply the TS_VFY_SIGNER or TS_VFY_TSA_NAME flags without also specifying TS_VFY_SIGNATURE. Reviewed-by:
-
- Jun 07, 2016
-
-
Matt Caswell authored
The previous commit fixed a bug with BN_mod_word() which would have been caught if we had a test for it. This commit adds one. Reviewed-by: -
Matt Caswell authored
On systems where we do not have BN_ULLONG (e.g. typically 64 bit systems) then BN_mod_word() can return incorrect results if the supplied modulus is too big. RT#4501 Reviewed-by:
-
Matt Caswell authored
The previous "fix" still left "k" exposed to constant time problems in the later BN_mod_inverse() call. Ensure both k and kq have the BN_FLG_CONSTTIME flag set at the earliest opportunity after creation. CVE-2016-2178 Reviewed-by:
-
- Jun 06, 2016
-
-
Cesar Pereida authored
Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key. CVE-2016-2178 Reviewed-by:
-
- Jun 03, 2016
-
-
Matt Caswell authored
According to the x509 man page in the section discussing -certopt it says that the ca_default option is the same as that used by the ca utility and (amongst other things) has the effect of suppressing printing of the signature - but in fact it doesn't. This error seems to have been present since the documentation was written back in 2001. It never had this effect. The default config file sets the certopt value to ca_default. The ca utility takes that and THEN adds additional options to suppress printing of the signature. So the ca utility DOES suppress printing of the signature - but it is not as a result of using the ca_default option. GitHub Issue #247 Reviewed-by:
-
Matt Caswell authored
If the string to print is exactly 2048 character long (excluding the NULL terminator) then BIO_printf will chop off the last byte. This is because it has filled its static buffer but hasn't yet allocated a dynamic buffer. In cases where we don't have a dynamic buffer we need to truncate but that is not the case for BIO_printf(). We need to check whether we are able to have a dynamic buffer buffer deciding to truncate. Reviewed-by: -
Jonas Maebe authored
zapparams modification based on tip from Matt Caswell RT#3198 Reviewed-by:
-
Dirk Feytons authored
Add missing ifdefs. Same change is already present in master, see b4a3aeeb Reviewed-by:
-
Matt Caswell authored
Fix typos and clarify a few things in the CONTRIBUTING file. Reviewed-by:
-
- Jun 01, 2016
-
-
Matt Caswell authored
A common idiom in the codebase is: if (p + len > limit) { return; /* Too long */ } Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE "len" here could be from some externally supplied data (e.g. from a TLS message). The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour. For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit! Issue reported by Guido Vranken. CVE-2016-2177 Reviewed-by:
-
- May 31, 2016
-
-
FdaSilvaYY authored
Backport of 8e89e85f From PR #1019 / #997 Reviewed-by:
-
Dr. Stephen Henson authored
Don't copy parameters is they're already present in the destination. Return error if an attempt is made to copy different parameters to destination. Update documentation. If key type is not initialised return missing parameters RT#4149 Reviewed-by:
-
- May 26, 2016
-
-
Matt Caswell authored
After a call to EVP_PKEY_new() we should check for malloc failure. RT#4180 Reviewed-by: -
Matt Caswell authored
The ssl3_digest_cached_records() function was failing to handle errors that might be returned from EVP_DigestSignInit() and EVP_DigestSignUpdate(). RT#4180 Reviewed-by:
-
- May 23, 2016
-
-
Matt Caswell authored
If lh_OBJ_NAME_insert() fails then the allocated |onp| value is leaked. RT#2238 Reviewed-by:
-
Matt Caswell authored
The functions SRP_Calc_client_key() and SRP_Calc_server_key() were incorrectly returning a valid pointer in the event of error. Issue reported by Yuan Jochen Kang Reviewed-by:
-
- May 20, 2016
-
-
Richard Levitte authored
All other errors should only display the error message. RT#1866 Reviewed-by:Viktor Dukhovni <viktor@openssl.org>
-
Richard Levitte authored
This reverts commit 54fc5795 . Reviewed-by:
-
Richard Levitte authored
This reverts commit 7229a91a . Reviewed-by:
-
Richard Levitte authored
This reverts commit 87728c68 . Reviewed-by:
-
Andy Polyakov authored
Defintions of macros similar to _XOPEN_SOURCE belong in command line or in worst case prior first #include directive in source. As for macros is was allegedly controlling. One can argue that we are probably better off demanding S_IS* macros but there are systems that just don't comply, hence this compromise solution... Reviewed-by:
-
- May 19, 2016
-
-
Viktor Dukhovni authored
Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot continue due to malloc failure. Similarly for issuer lookup failures and caller errors (bad parameters or invalid state). Also, when X509_verify_cert() returns <= 0 make sure that the verification status does not remain X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns an error without setting an appropriate value of ctx->error. Add new and some missing error codes to X509 error -> SSL alert switch. Reviewed-by:
-
