Emilia Kasper
1cb10d9c7d
Revert "RT3425: constant-time evp_enc"
...
Causes more problems than it fixes: even though error codes
are not part of the stable API, several users rely on the
specific error code, and the change breaks them. Conversely,
we don't have any concrete use-cases for constant-time behaviour here.
This reverts commit 1bb01b1b5f
2014-12-17 14:57:16 +01:00
Richard Levitte
15b7f5bf88
Include "constant_time_locl.h" rather than "../constant_time_locl.h".
...
The different -I compiler parameters will take care of the rest...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 8202802fad
2014-10-17 14:03:57 +02:00
Emilia Kasper
1bb01b1b5f
RT3425: constant-time evp_enc
...
Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit b55ff319f8
2014-09-24 16:41:55 +02:00
Geoff Thorpe
9febee0272
evp: prevent underflow in base64 decoding
...
This patch resolves RT ticket #2608 .
Thanks to Robert Dugal for originally spotting this, and to David
Ramos for noticing that the ball had been dropped.
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-05-06 18:23:54 -04:00
Dr. Stephen Henson
47f689ac09
Initialize num properly.
...
PR#3289
PR#3345
(cherry picked from commit 3ba1e406c2
2014-05-06 14:09:26 +01:00
Eric Young
9ad5c5e4f9
Fix base64 decoding bug.
...
A short PEM encoded sequence if passed to the BIO, and the file
had 2 \n following would fail.
PR#3289
(cherry picked from commit 10378fb5f4
2014-04-02 19:58:25 +01:00
Ben Laurie
2928cb4c82
Fixups.
2013-02-05 16:50:33 +00:00
Ben Laurie
35a65e814b
Make CBC decoding constant time.
...
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.
This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.
In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bcc
2013-02-05 16:50:32 +00:00
Dr. Stephen Henson
24d0524f31
PR: 2588
...
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve
Close file pointer.
2011-09-01 13:48:48 +00:00
Dr. Stephen Henson
4d6af5c5d2
../comm.txt
2010-11-27 17:33:34 +00:00
Dr. Stephen Henson
05bbbe9204
PR: 2295
...
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve
OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
2010-10-11 23:28:54 +00:00
Dr. Stephen Henson
65b4c34d86
initialise pbe_tmp
2010-07-08 16:51:48 +00:00
Dr. Stephen Henson
63e3676e68
fix so it is safe to repeatedly add PBE algorithms
2010-06-26 12:55:01 +00:00
Ben Laurie
d886975835
Fix gcc 4.6 warnings. Check TLS server hello extension length.
2010-06-12 13:18:58 +00:00
Dr. Stephen Henson
356f164f52
PR: 2258
...
Submitted By: Ger Hobbelt <ger@hobbelt.com>
Base64 BIO fixes:
Use OPENSSL_assert() instead of assert().
Use memmove() as buffers overlap.
Fix write retry logic.
2010-05-27 12:41:33 +00:00
Dr. Stephen Henson
9a542ea01d
don't add digest alias if signature algorithm is undefined
2010-03-06 20:52:33 +00:00
Dr. Stephen Henson
1939f83709
Fix memory leak: free up ENGINE functional reference if digest is not
...
found in an ENGINE.
2010-03-05 13:35:06 +00:00
Dr. Stephen Henson
582eb96d15
Revert CFB block length change. Despite what SP800-38a says the input to
...
CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.
2010-02-26 14:41:38 +00:00
Dr. Stephen Henson
1b690c1a8b
The "block length" for CFB mode was incorrectly coded as 1 all the time. It
...
should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.
2010-02-15 19:40:45 +00:00
Dr. Stephen Henson
2873a53f5f
Correct ECB mode EVP_CIPHER definition: IV length is 0
2010-02-15 19:25:37 +00:00
Dr. Stephen Henson
c22050be29
Traditional Yuletide commit ;-)
...
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
2009-12-25 14:11:18 +00:00
Dr. Stephen Henson
9e5dea0ffd
PR: 2124
...
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>
Check for memory allocation failures.
2009-12-09 13:41:50 +00:00
Dr. Stephen Henson
2c5f3606d1
Remove MD2 from digest algorithm table. This follows the recommendation in
...
several places that it is not used in new applications.
2009-07-08 08:33:27 +00:00
Ben Laurie
1eee8a4226
Use the correct length (reported by Quanhong Wang).
2009-03-03 15:06:49 +00:00
Ben Laurie
e26ad0c4fd
Fix FIPS typo.
2009-02-18 10:27:23 +00:00
Ben Laurie
f092a073a7
Fix warnings.
2008-12-02 18:14:44 +00:00
Dr. Stephen Henson
b84e441861
Don't attempt to enter FIPS mode in autoconfig module if already in FIPS mode.
2008-11-11 12:52:14 +00:00
Dr. Stephen Henson
2c17b493b1
Make -DKSSL_DEBUG work again.
2008-11-10 18:55:07 +00:00
Dr. Stephen Henson
3795297af8
Change old obsolete email address...
2008-11-05 18:36:57 +00:00
Dr. Stephen Henson
138f20433e
Camellia low level API algorithm blocking.
2008-09-21 11:21:43 +00:00
Dr. Stephen Henson
7747c67861
Make camellia work with updated EVP macros.
2008-09-21 10:24:08 +00:00
Dr. Stephen Henson
e852835da6
Make update: delete duplicate error code.
2008-09-17 17:11:09 +00:00
Dr. Stephen Henson
d83dde6180
Merge changes to build system from fips branch.
2008-09-16 21:44:57 +00:00
Dr. Stephen Henson
f947b818bf
Oops, restore change that got reverted accidentally.
2008-09-15 22:32:23 +00:00
Dr. Stephen Henson
a2dc9b6be2
Merge EVP changes in from FIPS branch.
2008-09-15 22:21:42 +00:00
Dr. Stephen Henson
1af12ff1d1
Fix error code discrepancy.
...
Make update.
2008-09-14 16:43:37 +00:00
Bodo Möller
cdd0f3b328
Don't use assertions to check application-provided arguments;
...
and don't unnecessarily fail on input size 0.
2008-08-14 21:37:20 +00:00
Dr. Stephen Henson
14748adb09
Make ssl code consistent with FIPS branch. The new code has no effect
...
at present because it asserts either noop flags or is inside
OPENSSL_FIPS #ifdef's.
2008-06-16 16:56:43 +00:00
Ben Laurie
4f2b7d48b1
make depend
2007-09-19 12:17:11 +00:00
Andy Polyakov
4d2a292e8a
EVP_*_cfb1 was broken [from HEAD].
...
PR: 1318
2007-07-08 19:18:15 +00:00
Dr. Stephen Henson
14346b3456
Fix warnings: C++ comments and computed value not used.
2007-07-04 12:56:33 +00:00
Bodo Möller
c3cc4662af
Add SEED encryption algorithm.
...
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:50:26 +00:00
Dr. Stephen Henson
392a0345de
EVP_CIPHER_CTX_key_length() should return the set key length in the
...
EVP_CIPHER_CTX structure which may not be the same as the underlying
cipher key length for variable length ciphers.
2007-02-27 18:42:52 +00:00
Dr. Stephen Henson
594c723f98
Add hmac option to dgst from 0.9.7-stable.
2007-02-08 19:08:21 +00:00
Dr. Stephen Henson
4a0d3530e0
Update from HEAD.
2007-01-21 13:16:49 +00:00
Nils Larsch
8e6905d238
remove trailing '\'
...
PR: 1438
2006-12-19 19:47:39 +00:00
Nils Larsch
d4a6240005
replace macros with functions
...
Submitted by: Tracy Camp <tracyx.e.camp@intel.com>
2006-11-29 20:47:15 +00:00
Dr. Stephen Henson
115fc340cb
Rebuild error file C source files.
2006-11-21 20:14:46 +00:00
Dr. Stephen Henson
f4f1dc39e0
Fix from HEAD.
2006-08-31 21:01:41 +00:00
Bodo Möller
1921a1adb2
"make depend" for the default configuration, i.e. no-camellia here in
...
the 0.9.8 branch!
2006-06-14 09:56:08 +00:00
