- 13 Oct, 2017 1 commit
-
-
Rich Salz authored
Thanks to Jo Hornsby for reporting this and helping with the fix. Reviewed-by:
Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4464)
-
- 11 Oct, 2017 1 commit
-
-
Matt Caswell authored
RSA_setup_blinding() calls BN_BLINDING_create_param() which later calls BN_mod_exp() as follows: BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx) ret->mod will have BN_FLG_CONSTTIME set, but ret->e does not. In BN_mod_exp() we only test the third param for the existence of this flag. We should test all the inputs. Thanks to Samuel Weiser (samuel.weiser@iaik.tugraz.at) for reporting this issue. This typically only happens once at key load, so this is unlikely to be exploitable in any real scenario. Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4477) (cherry picked from commit e913d11f)
-
- 03 Oct, 2017 4 commits
-
-
Dr. Stephen Henson authored
Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4453)
-
Paul Yang authored
Reviewed-by:
Ben Kaduk <kaduk@mit.edu> Reviewed-by:
Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4453)
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Functions to retrieve the function pointer of an existing method: this can be used to create a method which intercepts or modifies the behaviour of an existing method while retaining most of the existing behaviour. Reviewed-by:
-
- 02 Oct, 2017 1 commit
-
-
Bernd Edlinger authored
Change argument type of xxxelem_is_zero_int to const void* to avoid the need of type casts. Fixes #4413 Reviewed-by:
-
- 29 Sep, 2017 3 commits
-
-
Samuel Weiser authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
-
Hubert Kario authored
BN_new() and BN_secure_new() not only allocate memory, but also initialise it to deterministic value - 0. Document that behaviour to make it explicit backport from #4438 Reviewed-by:
-
Hubert Kario authored
document that parameter to BN_free can be NULL backport from master Reviewed-by:
-
- 27 Sep, 2017 2 commits
-
-
Samuel Weiser authored
Reviewed-by:
Paul Dale <paul.dale@oracle.com> Reviewed-by:
-
Samuel Weiser authored
Fixed error in propagating BN_FLG_CONSTTIME flag through BN_MONT_CTX_set, which could lead to information disclosure on RSA primes p and q. Reviewed-by:
-
- 26 Sep, 2017 1 commit
-
-
Richard Levitte authored
Fixes #4419 Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4421)
-
- 19 Sep, 2017 1 commit
-
-
David Benjamin authored
c2i_ASN1_BIT_STRING takes length as a long but uses it as an int. Check bounds before doing so. Previously, excessively large inputs to the function could write a single byte outside the target buffer. (This is unreachable as asn1_ex_c2i already uses int for the length.) Thanks to NCC for finding this issue. Fix written by Martin Kreichgauer. Reviewed-by:
-
- 11 Sep, 2017 1 commit
-
-
multics authored
Fixes the typo CLA: trivial Reviewed-by:
-
- 07 Sep, 2017 1 commit
-
-
Rich Salz authored
Reviewed-by:
-
- 28 Aug, 2017 1 commit
-
-
Rich Salz authored
Fixes CVE 2017-3735 Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4276) (cherry picked from commit b2317174)
-
- 25 Aug, 2017 1 commit
-
-
Matt Caswell authored
Reviewed-by:
-
- 24 Aug, 2017 1 commit
-
-
Rich Salz authored
Reviewed-by:
-
- 23 Aug, 2017 2 commits
-
-
Dr. Stephen Henson authored
Fix GCM documentation: the tag does not have to be supplied before decrypting any data any more. Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
- 22 Aug, 2017 1 commit
-
-
Pauli authored
Reviewed-by:
-
- 18 Aug, 2017 3 commits
-
-
Dr. Stephen Henson authored
Fixes #4180 Reviewed-by:
-
David von Oheimb authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
- 17 Aug, 2017 1 commit
-
-
Bernd Edlinger authored
Reviewed-by:
-
- 15 Aug, 2017 1 commit
-
-
Richard Levitte authored
Fixes #3867 Reviewed-by:
-
- 09 Aug, 2017 1 commit
-
-
Xiaoyin Liu authored
In the generated HTML document, the `<pre>` tag is not closed. Reviewed-by:
-
- 07 Aug, 2017 2 commits
-
-
Bernd Edlinger authored
Reviewed-by:
-
Rich Salz authored
Also fix one missing use of it. Thanks to GitHub user Vort for finding it and pointing out the fix. Reviewed-by:
-
- 04 Aug, 2017 1 commit
-
-
Bernd Edlinger authored
Reviewed-by:
-
- 31 Jul, 2017 1 commit
-
-
Bernd Edlinger authored
The memory blocks contain secret data and must be cleared before returning to the system heap. Reviewed-by:
-
- 29 Jul, 2017 1 commit
-
-
Bernd Edlinger authored
and d2i_PKCS8PrivateKey_bio before it goes out of scope. Reviewed-by:
-
- 28 Jul, 2017 1 commit
-
-
Paul Yang authored
Reviewed-by:
-
- 27 Jul, 2017 2 commits
-
-
Paul Yang authored
to address #3973, and original PR to master branch is #3614 test case in the original PR is not applied. Reviewed-by:
-
David Benjamin authored
Reviewed-by:
-
- 25 Jul, 2017 2 commits
-
-
Andy Polyakov authored
"Optimize" is in quotes because it's rather a "salvage operation" for now. Idea is to identify processor capability flags that drive Knights Landing to suboptimial code paths and mask them. Two flags were identified, XSAVE and ADCX/ADOX. Former affects choice of AES-NI code path specific for Silvermont (Knights Landing is of Silvermont "ancestry"). And 64-bit ADCX/ADOX instructions are effectively mishandled at decode time. In both cases we are looking at ~2x improvement. Hardware used for benchmarking courtesy of Atos, experiments run by Romain Dolbeau <romain.dolbeau@atos.net>. Kudos! This is minimalistic backpoint of 64d92d74 Thanks to David Benjamin for spotting typo in Knights Landing detection! Reviewed-by:
-
Simon Richter authored
Commit b8326569 fixed whitespace handling in the copy script, which exposes bugs in the install routine for nmake Makefiles. This corrects the quoting around the copy invocation for the openssl.exe binary. CLA: trivial Reviewed-by:
-
- 24 Jul, 2017 2 commits
-
-
Xiaoyin Liu authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
