Andy Polyakov
5dcf70a1c5
ARM assembly pack: get ARMv7 instruction endianness right.
...
Pointer out and suggested by: Ard Biesheuvel.
2014-06-06 21:27:18 +02:00
Andy Polyakov
cd91fd7c32
sha[1|512]-armv8.pl: get instruction endianness right.
...
Submitted by: Ard Biesheuvel.
2014-06-06 20:50:43 +02:00
Andy Polyakov
82741e9c89
Engage GHASH for ARMv8.
2014-06-06 20:48:35 +02:00
Andy Polyakov
2d5a799d27
Add GHASH for ARMv8 Crypto Extension.
...
Result of joint effort with Ard Biesheuvel.
2014-06-06 20:43:02 +02:00
Dr. Stephen Henson
7178c711dd
Update NEWS.
2014-06-06 14:34:23 +01:00
Andy Polyakov
65cad34b10
aesv8-armx.pl update:
...
- fix 32-bit build (submitted by Ard Biesheuvel);
- fix performance issue in CTR;
2014-06-06 12:18:51 +02:00
Dr. Stephen Henson
5111672b8e
Update value to use a free bit.
2014-06-05 13:27:11 +01:00
Dr. Stephen Henson
410e444b71
Fix for CVE-2014-0195
...
A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.
Fixed by adding consistency check for DTLS fragments.
Thanks to Jüri Aedla for reporting this issue.
(cherry picked from commit 1632ef7448
)
2014-06-05 13:23:05 +01:00
Dr. Stephen Henson
a91be10833
Fix for CVE-2014-0224
...
Only accept change cipher spec when it is expected instead of at any
time. This prevents premature setting of session keys before the master
secret is determined which an attacker could use as a MITM attack.
Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue
and providing the initial fix this patch is based on.
(cherry picked from commit bc8923b1ec
)
2014-06-05 13:22:42 +01:00
Dr. Stephen Henson
a7c682fb6f
Additional CVE-2014-0224 protection.
...
Return a fatal error if an attempt is made to use a zero length
master secret.
(cherry picked from commit 006cd7083f
)
2014-06-05 13:22:24 +01:00
Dr. Stephen Henson
b4322e1de8
Fix CVE-2014-0221
...
Unnecessary recursion when receiving a DTLS hello request can be used to
crash a DTLS client. Fixed by handling DTLS hello request without recursion.
Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
(cherry picked from commit d3152655d5
)
2014-06-05 13:22:03 +01:00
Dr. Stephen Henson
a5362db460
Fix CVE-2014-3470
...
Check session_cert is not NULL before dereferencing it.
(cherry picked from commit 8011cd56e3
)
2014-06-05 13:21:50 +01:00
Andy Polyakov
d86689e1d9
aesp8-ppc.pl: fix typos.
2014-06-04 08:34:18 +02:00
Andy Polyakov
53a224bb0a
evp/e_aes.c: add erroneously omitted break;
2014-06-04 08:33:06 +02:00
Libor Krystek
8e3231642b
Corrected OPENSSL_NO_EC_NISTP_64_GCC_128 usage in ec_lcl.h. PR#3370
2014-06-03 23:15:58 +01:00
David Benjamin
c7f267397e
Check there is enough room for extension.
2014-06-02 23:55:56 +01:00
zhu qun-ying
470990fee0
Free up s->d1->buffered_app_data.q properly.
...
PR#3286
2014-06-02 23:55:55 +01:00
Andy Polyakov
030a3f9527
evp/e_aes.c: populate HWAES_* to remaning modes.
...
Submitted by: Ard Biesheuvel.
2014-06-02 21:48:02 +02:00
Dr. Stephen Henson
14f47acf23
Allow reordering of certificates when signing.
...
Add certificates if -nocerts and -certfile specified when signing
in smime application. This can be used this to specify the
order certificates appear in the PKCS#7 structure: some broken
applications require a certain ordering.
PR#3316
2014-06-02 14:22:07 +01:00
Sami Farin
13b7896022
Typo: set i to -1 before goto.
...
PR#3302
2014-06-02 14:22:07 +01:00
Andy Polyakov
de51e830a6
Engage POWER8 AES support.
2014-06-01 23:38:11 +02:00
Matt Caswell
a5510df337
Added SSLErr call for internal error in dtls1_buffer_record
2014-06-01 21:36:25 +01:00
David Ramos
d1e1aeef8f
Delays the queue insertion until after the ssl3_setup_buffers() call due to use-after-free bug. PR#3362
2014-06-01 21:36:25 +01:00
Andy Polyakov
723463282f
armv4cpuid.S: switch to CNTVCT tick counter.
2014-06-01 22:34:02 +02:00
Andy Polyakov
797d24bee9
sha[1|256]-armv4: harmonize with arm_arch.h.
2014-06-01 22:29:50 +02:00
Andy Polyakov
ddacb8f27b
Engage ARMv8 AES support.
2014-06-01 22:20:37 +02:00
Dr. Stephen Henson
a09220d823
Recognise padding extension.
2014-06-01 18:15:21 +01:00
Dr. Stephen Henson
01f2f18f3c
Option to disable padding extension.
...
Add TLS padding extension to SSL_OP_ALL so it is used with other
"bugs" options and can be turned off.
This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient
option referring to SSLv2 and SSLREF.
PR#3336
2014-06-01 18:15:21 +01:00
Andy Polyakov
f8aab6174c
linux-aarch64: engage SHA modules.
2014-06-01 18:03:51 +02:00
Andy Polyakov
ddb6b965da
Add SHA for ARMv8.
2014-06-01 18:02:11 +02:00
Andy Polyakov
e8d93e342b
Add linux-aarch64 taget.
...
armcap.c is shared between 32- and 64-bit builds and features link-time
detection of getauxval.
Submitted by: Ard Biesheuvel.
2014-06-01 17:21:06 +02:00
Ben Laurie
992bba11d5
Merge branch 'erbridge-probable_primes'
2014-06-01 15:37:08 +01:00
Ben Laurie
5fc3a5fe49
Credit to Felix.
...
Closes #116 .
2014-06-01 15:31:27 +01:00
Ben Laurie
c93233dbfd
Tidy up, don't exceed the number of requested bits.
2014-06-01 15:31:27 +01:00
Ben Laurie
46838817c7
Constify and reduce coprime random bits to allow for multiplier.
2014-06-01 15:31:27 +01:00
Ben Laurie
0382950c6c
Zero prime doits.
2014-06-01 15:31:27 +01:00
Ben Laurie
5efa13ca7e
Add option to run all prime tests.
2014-06-01 15:31:27 +01:00
Felix Laurie von Massenbach
8927c2786d
Add a test to check we're really generating probable primes.
2014-06-01 15:31:27 +01:00
Felix Laurie von Massenbach
9a3a99748b
Remove unused BIGNUMs.
2014-06-01 15:31:27 +01:00
Felix Laurie von Massenbach
a77889f560
Only count successful generations.
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
c74e148776
Refactor the first prime index.
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
982c42cb20
Try skipping over the adding and just picking a new random number.
...
Generates a number coprime to 2, 3, 5, 7, 11.
Speed:
Trial div (add) : trial div (retry) : coprime
1 : 0.42 : 0.84
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
7e965dcc38
Remove editor barf on updating copyright.
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
8a12085293
Add python script to generate the bits needed for the prime generator.
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
c09ec5d2a0
Generate safe primes not divisible by 3, 5 or 7.
...
~2% speed improvement on trial division.
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
b0513819e0
Add a method to generate a prime that is guaranteed not to be divisible by 3 or 5.
...
Possibly some reduction in bias, but no speed gains.
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
b359642ffd
Run the prime speed tests for 10 seconds.
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
8c9336ce2b
Tidy up speed.c a little.
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
b5419b81ac
Add speed test for prime trial division.
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
e46a059ebf
Remove static from probable_prime_dh.
2014-06-01 15:31:26 +01:00