The core SipHash supports either 8 or 16-byte output and a configurable
number of rounds.
The default behavior, as added to EVP, is to use 16-byte output and
2,4 rounds, which matches the behavior of most implementations.
There is an EVP_PKEY_CTRL that can control the output size.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2216)
Add Poly1305 as a "signed" digest.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2128)
llvm's ubsan reported:
runtime error: negation of -9223372036854775808 cannot be represented in
type 'int64_t' (aka 'long'); cast to an unsigned type to negate this
value to itself
Found using libfuzzer
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1908
Don't set choice selector on parse failure: this can pass unexpected
values to the choice callback. Instead free up partial structure
directly.
CVE-2016-7053
Thanks to Tyler Nighswander of ForAllSecure for reporting this issue.
Reviewed-by: Richard Levitte <levitte@openssl.org>
crypto/asn1/asn1_item_list.c needed including dh.h and rsa.h directly.
The reason is that they are not included by x509.h when configured
'no-deprecated'
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1741)
crypto/asn1/a_strex.c: Type of width variable in asn1_valid_host
function needs to be changed from char to signed char to avoid
build error due to '-Werror=type-limits'.
Signed-off-by: Patrick Steuer <psteuer@mail.de>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
Don't rely on embedded flag to free strings correctly: it wont be
set if there is a malloc failure during initialisation.
Thanks to Guido Vranken for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1725)
If a STACK (corresponding to SEQUENCE OF or SET OF) is NULL then the
field is absent as opposed to empty (present but has zero elements).
Reviewed-by: Rich Salz <rsalz@openssl.org>
Add mutable versions of X509_get0_notBefore and X509_get0_notAfter.
Rename X509_SIG_get0_mutable to X509_SIG_getm.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Constify X509_SIG_get0() and order arguments to mactch new standard.
Add X509_SIG_get0_mutable() to support modification or initialisation
of an X509_SIG structure.
Reviewed-by: Matt Caswell <matt@openssl.org>
Deprecate the function ASN1_STRING_data() and replace with a new function
ASN1_STRING_get0_data() which returns a constant pointer. Update library
to use new function.
Reviewed-by: Rich Salz <rsalz@openssl.org>
llvm's ubsan reported:
runtime error: negation of -9223372036854775808 cannot be represented in type
'long'; cast to an unsigned type to negate this value to itself
Found using afl
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1325
New hostname checking function asn1_valid_host()
Check commonName entries against nameConstraints: any CN components in
EE certificate which look like hostnames are checked against
nameConstraints.
Note that RFC5280 et al only require checking subject alt name against
DNS name constraints.
Reviewed-by: Richard Levitte <levitte@openssl.org>