wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8650 commits 20 branches 302 tags 153 MiB
Commit graph

620 commits

Author SHA1 Message Date
Matt Caswell
02fef91630 Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data. 
This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.

This does have the impact of masking any *real* unitialised data reads in bn though.

Patch based on approach suggested by Rich Salz.

PR#3415

(cherry picked from commit 77747e2d9a5573b1dbc15e247ce18c03374c760c)
 2014-07-13 22:36:03 +01:00
Huzaifa Sidhpurwala
54985b5061 Make sure BN_sqr can never return a negative value. 
PR#3410
(cherry picked from commit e14e764c0d5d469da63d0819c6ffc0e1e9e7f0bb)
 2014-06-26 23:52:18 +01:00
Dr. Stephen Henson
0a9b8dd1b4 Fix 0.9.8 FIPS capable OpenSSL build. 
The object file bn_lib.o is excluded from FIPS builds which causes
a linker error for BN_consttime_swap. So move definition from bn_lib.c
to bn_gf2m.c

This change is *only* needed for OpenSSL 0.9.8 which uses the 1.2
FIPS module.
 2014-06-06 12:31:13 +01:00
Geoff Thorpe
a721216f0f bignum: allow concurrent BN_MONT_CTX_set_locked() 
The lazy-initialisation of BN_MONT_CTX was serialising all threads, as
noted by Daniel Sands and co at Sandia. This was to handle the case that
2 or more threads race to lazy-init the same context, but stunted all
scalability in the case where 2 or more threads are doing unrelated
things! We favour the latter case by punishing the former. The init work
gets done by each thread that finds the context to be uninitialised, and
we then lock the "set" logic after that work is done - the winning
thread's work gets used, the losing threads throw away what they've done.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
 2014-05-06 18:23:49 -04:00
mancha
fff69a7d8c Fix for CVE-2014-0076 backported to 0.9.8 branch 
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140

Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.

Thanks for mancha for backporting the fix to OpenSSL 0.9.8 branch.
 2014-03-27 00:55:08 +00:00
Andy Polyakov
1213e6c3c2 bn_word.c: fix overflow bug in BN_add_word. 
(cherry picked from commit 134c00659a)
 2013-02-05 16:50:36 +00:00
Andy Polyakov
2ee77d36a0 x86-mont.pl: fix bug in integer-only squaring path [from HEAD]. 
PR: 2648
 2011-12-09 14:28:48 +00:00
Andy Polyakov
65f7456652 ppc.pl: fix bug in bn_mul_comba4 [from HEAD]. 
PR: 2636
Submitted by: Charles Bryant
 2011-11-05 10:17:06 +00:00
Bodo Möller
195d6bf760 BN_BLINDING multi-threading fix. 
Submitted by: Emilia Kasper (Google)
 2011-10-19 14:57:59 +00:00
Dr. Stephen Henson
22152d6885 PR: 2540 
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Prevent infinite loop in BN_GF2m_mod_inv().
 2011-06-22 15:23:20 +00:00
Dr. Stephen Henson
05bbbe9204 PR: 2295 
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
 2010-10-11 23:28:54 +00:00
Ben Laurie
d886975835 Fix gcc 4.6 warnings. Check TLS server hello extension length. 2010-06-12 13:18:58 +00:00
Andy Polyakov
02312a91ca ppc.pl: assembler Y chokes on apostrophes in comment. 2010-03-22 20:58:43 +00:00
Ben Laurie
ed4cd027f3 Fix warnings. 2010-02-28 13:37:15 +00:00
Bodo Möller
3e4da3f7cb Always check bn_wexpend() return values for failure (CVE-2009-3245). 
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)

Submitted by: Neel Mehta
 2010-02-23 10:36:41 +00:00
Dr. Stephen Henson
1ff44a99a4 PR: 2111 
Submitted by: Martin Olsson <molsson@opera.com>

Check for bn_wexpand errors in bn_mul.c
 2009-12-02 15:27:19 +00:00
Dr. Stephen Henson
ae37f9f3a2 PR: 2062 
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BN_rand error handling in bntest.c
 2009-10-01 00:22:23 +00:00
Dr. Stephen Henson
15684f58c2 Update from 1.0.0-stable. 2009-06-17 11:49:18 +00:00
Dr. Stephen Henson
0e6c24ae4b Update from HEAD. 2009-06-17 11:26:39 +00:00
Dr. Stephen Henson
a78ded0b61 PR: 1700 
Submitted by: "Robbins, Aharon" <aharon.robbins@intel.com>
Approved by: steve@openssl.org

#undef X509_EXTENSIONS for WIN32 too.
 2009-04-03 16:54:04 +00:00
Dr. Stephen Henson
72f6453c48 PR: 1835 
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.
 2009-02-14 21:50:14 +00:00
Andy Polyakov
e607e731eb Synchronize with bn_nist.c from HEAD. 2008-12-30 13:41:08 +00:00
Dr. Stephen Henson
3795297af8 Change old obsolete email address... 2008-11-05 18:36:57 +00:00
Andy Polyakov
8d64abacc6 Fix crash in BN_rshift [from HEAD]. 
PR: 1663
 2008-10-28 13:47:38 +00:00
Ben Laurie
b76306c983 Constification. 2008-10-18 14:27:36 +00:00
Dr. Stephen Henson
e852835da6 Make update: delete duplicate error code. 2008-09-17 17:11:09 +00:00
Dr. Stephen Henson
9b809d6278 Add missing files. 2008-09-16 22:54:30 +00:00
Dr. Stephen Henson
d83dde6180 Merge changes to build system from fips branch. 2008-09-16 21:44:57 +00:00
Dr. Stephen Henson
0067bd77a8 Part FIPS bn merge: move functiosn to bn_opt.c to reduce dependencies. 2008-09-16 11:08:24 +00:00
Dr. Stephen Henson
16349eeceb Port X931 key generation routines from FIPS branch. Don't include deprecated 
versions as they weren't in 0.9.8 before now anyway.
 2008-09-15 21:42:28 +00:00
Andy Polyakov
1098fd48ce Compilation warning fix [from HEAD, "must have, as our Windows build does 
not tolerate warnings].
 2008-09-15 07:19:41 +00:00
Bodo Möller
36a4a67b2b Some precautions to avoid potential security-relevant problems. 2008-09-14 13:42:40 +00:00
Andy Polyakov
3a72137211 darwin64-ppc-cc experimental line accidentally made it to stable:-( 
PR: 1699
 2008-07-17 10:00:18 +00:00
Bodo Möller
4afcee8b4b avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr() 
Submitted by: Huang Ying
Reviewed by: Douglas Stebila
 2008-06-23 20:46:28 +00:00
Bodo Möller
c3031a4610 Avoid BN_MONT_CTX incompatibility. 2008-05-02 18:47:19 +00:00
Bodo Möller
812d8a176c Unobtrusive backport of 32-bit x86 Montgomery improvements from 0.9.9-dev: 
you need to use "enable-montasm" to see a difference.  (Huge speed
advantage, but BN_MONT_CTX is not binary compatible, so this can't be
enabled by default in the 0.9.8 branch.)

The CHANGES entry also covers the 64-bit x86 backport in November 2007
by appro.
 2008-05-01 23:11:34 +00:00
Andy Polyakov
1ed2d8f512 bn_nist.c update from HEAD. 
PR: 1593
 2008-04-18 15:51:31 +00:00
Andy Polyakov
efcb7a75fc Fix fast reduction on NIST curves [from HEAD]. 
PR: 1593
 2008-04-01 08:40:52 +00:00
Andy Polyakov
2035af2091 Make x86_64-mont.pl work with debug Win64 build [from HEAD]. 2008-02-27 20:14:46 +00:00
Bodo Möller
19398a175a fix BIGNUM flag handling 2008-02-27 06:02:00 +00:00
Andy Polyakov
cc9a645a02 Add x86_64-mont.pl [from HEAD]. 2007-11-11 21:04:34 +00:00
Andy Polyakov
18fb9d807e Add framework for bn_mul_mont [from 098-fips]. 2007-11-11 20:43:23 +00:00
Andy Polyakov
231a737a82 Commit #16325 fixed one thing but broke DH with certain moduli [from HEAD]. 2007-11-03 20:09:29 +00:00
Andy Polyakov
ce62fc6eae Copy bn/asm/ia64.S from HEAD. 2007-10-13 11:02:17 +00:00
Andy Polyakov
ab011d51be Minimize stack utilization in probable_prime [from HEAD]. 2007-09-18 20:55:10 +00:00
Bodo Möller
4f9a9d2b79 Make sure that BN_from_montgomery keeps the BIGNUMS in proper format 2007-09-18 16:31:18 +00:00
Andy Polyakov
d4cfbdf2c0 Integrate remaining parts of #14247 [from HEAD]. 2007-09-07 12:27:50 +00:00
Andy Polyakov
5a84b7fc2d bn_mul_recursive doesn't handle all cases correctly, which results in 
BN_mul failures at certain key-length mixes [from HEAD].
PR: 1427
 2007-07-08 18:54:30 +00:00
Dr. Stephen Henson
14346b3456 Fix warnings: C++ comments and computed value not used. 2007-07-04 12:56:33 +00:00
Andy Polyakov
a166e96d16 bn_mont.c fix [from HEAD]. 2007-06-29 13:12:34 +00:00