Commit graph

454 commits

Author SHA1 Message Date
Geoff Thorpe
9febee0272 evp: prevent underflow in base64 decoding
This patch resolves RT ticket #2608.

Thanks to Robert Dugal for originally spotting this, and to David
Ramos for noticing that the ball had been dropped.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-05-06 18:23:54 -04:00
Dr. Stephen Henson
47f689ac09 Initialize num properly.
PR#3289
PR#3345
(cherry picked from commit 3ba1e406c2)
2014-05-06 14:09:26 +01:00
Eric Young
9ad5c5e4f9 Fix base64 decoding bug.
A short PEM encoded sequence if passed to the BIO, and the file
had 2 \n following would fail.

PR#3289
(cherry picked from commit 10378fb5f4)
2014-04-02 19:58:25 +01:00
Ben Laurie
2928cb4c82 Fixups. 2013-02-05 16:50:33 +00:00
Ben Laurie
35a65e814b Make CBC decoding constant time.
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bcc)

Conflicts:
	crypto/evp/c_allc.c
	ssl/ssl_algs.c
	ssl/ssl_locl.h
	ssl/t1_enc.c
(cherry picked from commit 3622239826698a0e534dcf0473204c724bb9b4b4)

Conflicts:
	ssl/d1_enc.c
	ssl/s3_enc.c
	ssl/s3_pkt.c
	ssl/ssl3.h
	ssl/ssl_algs.c
	ssl/t1_enc.c
2013-02-05 16:50:32 +00:00
Dr. Stephen Henson
24d0524f31 PR: 2588
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Close file pointer.
2011-09-01 13:48:48 +00:00
Dr. Stephen Henson
4d6af5c5d2 ../comm.txt 2010-11-27 17:33:34 +00:00
Dr. Stephen Henson
05bbbe9204 PR: 2295
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
2010-10-11 23:28:54 +00:00
Dr. Stephen Henson
65b4c34d86 initialise pbe_tmp 2010-07-08 16:51:48 +00:00
Dr. Stephen Henson
63e3676e68 fix so it is safe to repeatedly add PBE algorithms 2010-06-26 12:55:01 +00:00
Ben Laurie
d886975835 Fix gcc 4.6 warnings. Check TLS server hello extension length. 2010-06-12 13:18:58 +00:00
Dr. Stephen Henson
356f164f52 PR: 2258
Submitted By: Ger Hobbelt <ger@hobbelt.com>

Base64 BIO fixes:

Use OPENSSL_assert() instead of assert().
Use memmove() as buffers overlap.
Fix write retry logic.
2010-05-27 12:41:33 +00:00
Dr. Stephen Henson
9a542ea01d don't add digest alias if signature algorithm is undefined 2010-03-06 20:52:33 +00:00
Dr. Stephen Henson
1939f83709 Fix memory leak: free up ENGINE functional reference if digest is not
found in an ENGINE.
2010-03-05 13:35:06 +00:00
Dr. Stephen Henson
582eb96d15 Revert CFB block length change. Despite what SP800-38a says the input to
CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.
2010-02-26 14:41:38 +00:00
Dr. Stephen Henson
1b690c1a8b The "block length" for CFB mode was incorrectly coded as 1 all the time. It
should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.
2010-02-15 19:40:45 +00:00
Dr. Stephen Henson
2873a53f5f Correct ECB mode EVP_CIPHER definition: IV length is 0 2010-02-15 19:25:37 +00:00
Dr. Stephen Henson
c22050be29 Traditional Yuletide commit ;-)
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
2009-12-25 14:11:18 +00:00
Dr. Stephen Henson
9e5dea0ffd PR: 2124
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>

Check for memory allocation failures.
2009-12-09 13:41:50 +00:00
Dr. Stephen Henson
2c5f3606d1 Remove MD2 from digest algorithm table. This follows the recommendation in
several places that it is not used in new applications.
2009-07-08 08:33:27 +00:00
Ben Laurie
1eee8a4226 Use the correct length (reported by Quanhong Wang). 2009-03-03 15:06:49 +00:00
Ben Laurie
e26ad0c4fd Fix FIPS typo. 2009-02-18 10:27:23 +00:00
Ben Laurie
f092a073a7 Fix warnings. 2008-12-02 18:14:44 +00:00
Dr. Stephen Henson
b84e441861 Don't attempt to enter FIPS mode in autoconfig module if already in FIPS mode. 2008-11-11 12:52:14 +00:00
Dr. Stephen Henson
2c17b493b1 Make -DKSSL_DEBUG work again. 2008-11-10 18:55:07 +00:00
Dr. Stephen Henson
3795297af8 Change old obsolete email address... 2008-11-05 18:36:57 +00:00
Dr. Stephen Henson
138f20433e Camellia low level API algorithm blocking. 2008-09-21 11:21:43 +00:00
Dr. Stephen Henson
7747c67861 Make camellia work with updated EVP macros. 2008-09-21 10:24:08 +00:00
Dr. Stephen Henson
e852835da6 Make update: delete duplicate error code. 2008-09-17 17:11:09 +00:00
Dr. Stephen Henson
d83dde6180 Merge changes to build system from fips branch. 2008-09-16 21:44:57 +00:00
Dr. Stephen Henson
f947b818bf Oops, restore change that got reverted accidentally. 2008-09-15 22:32:23 +00:00
Dr. Stephen Henson
a2dc9b6be2 Merge EVP changes in from FIPS branch. 2008-09-15 22:21:42 +00:00
Dr. Stephen Henson
1af12ff1d1 Fix error code discrepancy.
Make update.
2008-09-14 16:43:37 +00:00
Bodo Möller
cdd0f3b328 Don't use assertions to check application-provided arguments;
and don't unnecessarily fail on input size 0.
2008-08-14 21:37:20 +00:00
Dr. Stephen Henson
14748adb09 Make ssl code consistent with FIPS branch. The new code has no effect
at present because it asserts either noop flags or is inside
OPENSSL_FIPS #ifdef's.
2008-06-16 16:56:43 +00:00
Ben Laurie
4f2b7d48b1 make depend 2007-09-19 12:17:11 +00:00
Andy Polyakov
4d2a292e8a EVP_*_cfb1 was broken [from HEAD].
PR: 1318
2007-07-08 19:18:15 +00:00
Dr. Stephen Henson
14346b3456 Fix warnings: C++ comments and computed value not used. 2007-07-04 12:56:33 +00:00
Bodo Möller
c3cc4662af Add SEED encryption algorithm.
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:50:26 +00:00
Dr. Stephen Henson
392a0345de EVP_CIPHER_CTX_key_length() should return the set key length in the
EVP_CIPHER_CTX structure which may not be the same as the underlying
cipher key length for variable length ciphers.
2007-02-27 18:42:52 +00:00
Dr. Stephen Henson
594c723f98 Add hmac option to dgst from 0.9.7-stable. 2007-02-08 19:08:21 +00:00
Dr. Stephen Henson
4a0d3530e0 Update from HEAD. 2007-01-21 13:16:49 +00:00
Nils Larsch
8e6905d238 remove trailing '\'
PR: 1438
2006-12-19 19:47:39 +00:00
Nils Larsch
d4a6240005 replace macros with functions
Submitted by: Tracy Camp <tracyx.e.camp@intel.com>
2006-11-29 20:47:15 +00:00
Dr. Stephen Henson
115fc340cb Rebuild error file C source files. 2006-11-21 20:14:46 +00:00
Dr. Stephen Henson
f4f1dc39e0 Fix from HEAD. 2006-08-31 21:01:41 +00:00
Bodo Möller
1921a1adb2 "make depend" for the default configuration, i.e. no-camellia here in
the 0.9.8 branch!
2006-06-14 09:56:08 +00:00
Bodo Möller
edbf9f878d Camellia cipher, contributed by NTT
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-11 01:08:15 +00:00
Bodo Möller
e18eef3d7a Camellia cipher, contributed by NTT
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:42:21 +00:00
Dr. Stephen Henson
b095418d20 Fix from 0.9.7-stable. 2006-04-15 17:43:18 +00:00