wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9805 commits 20 branches 302 tags 153 MiB
Commit graph

5104 commits

Author SHA1 Message Date
Dr. Stephen Henson
76e7744bef prepare for next version 2013-02-06 02:27:23 +00:00
Dr. Stephen Henson
d9e048ceac prepare for release 2013-02-05 16:46:21 +00:00
Dr. Stephen Henson
65a9383e6b make update 2013-02-05 16:46:21 +00:00
Andy Polyakov
ae4a75cecf bn_word.c: fix overflow bug in BN_add_word. 
(cherry picked from commit 134c00659a)
 2013-02-05 16:46:19 +00:00
Andy Polyakov
2e884ce11d x86_64 assembly pack: keep making Windows build more robust. 
PR: 2963 and a number of others
(cherry picked from commit 4568182a8b)
 2013-02-05 16:46:19 +00:00
Ben Laurie
080f395392 Fixups from previous commit. 2013-02-05 16:46:17 +00:00
Ben Laurie
e5420be6cd Make CBC decoding constant time. 
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bcc)

Conflicts:
	crypto/evp/c_allc.c
	ssl/ssl_algs.c
	ssl/ssl_locl.h
	ssl/t1_enc.c
 2013-02-05 16:46:16 +00:00
Ben Laurie
9c00a95060 Add and use a constant-time memcmp. 
This change adds CRYPTO_memcmp, which compares two vectors of bytes in
an amount of time that's independent of their contents. It also changes
several MAC compares in the code to use this over the standard memcmp,
which may leak information about the size of a matching prefix.
(cherry picked from commit 2ee798880a)

Conflicts:
	crypto/crypto.h
	ssl/t1_lib.c
 2013-02-05 16:46:15 +00:00
Dr. Stephen Henson
ebc71865f0 Don't try and verify signatures if key is NULL (CVE-2013-0166) 
Add additional check to catch this in ASN1_item_verify too.
 2013-02-05 16:46:15 +00:00
Dr. Stephen Henson
1dfa62d4c8 Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set 2013-01-23 01:14:13 +00:00
Andy Polyakov
8c6364e198 x86_64 assembly pack: make Windows build more robust [from master]. 
PR: 2963 and a number of others
 2013-01-22 23:00:02 +01:00
Dr. Stephen Henson
98c2e93723 Don't include comp.h if no-comp set. 2013-01-20 01:12:15 +00:00
Dr. Stephen Henson
d8b177719a make no-comp compile 2012-12-30 16:05:24 +00:00
Dr. Stephen Henson
235e76bce1 Fix two bugs which affect delta CRL handling: 
Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.
 2012-12-06 18:25:18 +00:00
Dr. Stephen Henson
77ada38dbd PR: 2803 
Submitted by: jean-etienne.schwartz@bull.net

In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
 2012-11-29 19:15:52 +00:00
Bodo Möller
c51f6bccea Fix EC_KEY initialization race. 
Submitted by: Adam Langley
 2012-10-05 20:51:31 +00:00
Ben Laurie
b8719c753e Fix warning. 2012-10-04 15:04:26 +00:00
Ben Laurie
92b2530acd Fix warning (hope this doesn't break other platforms, there's a twisty 
little maze of #ifs, all different).
 2012-10-04 15:03:08 +00:00
Bodo Möller
9ff94ad7ae Fix Valgrind warning. 
Submitted by: Adam Langley
 2012-09-24 19:50:00 +00:00
Bodo Möller
9c5d75d5a9 Fix warning. 
Submitted by: Chromium Authors
 2012-09-17 17:26:03 +00:00
Andy Polyakov
a203df7521 sha1-armv4-large.pl: comply with ABI [from HEAD]. 2012-08-17 20:01:47 +00:00
Richard Levitte
83a4ae6b0b Cosmetics: remove duplicate symbol in crypto/symhacks.h 2012-07-05 08:49:02 +00:00
Richard Levitte
9374bc1c10 Cosmetic: Reorder so it's more similar to the Unixly build. 2012-07-04 17:27:43 +00:00
Andy Polyakov
e9c563fc29 bss_dgram.c: fix typos in Windows code. 2012-07-01 09:12:23 +00:00
Andy Polyakov
4887e07819 x86_64 assembly pack: make it possible to compile with Perl located 
on path with spaces [from HEAD].

PR: 2835
 2012-06-27 13:04:17 +00:00
Andy Polyakov
8d2f61ac70 bss_dgram.c: fix bugs [from HEAD]. 
PR: 2833
 2012-06-19 12:50:09 +00:00
Dr. Stephen Henson
bef20d4a68 PR: 2813 
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>

Fix possible deadlock when decoding public keys.
 2012-05-11 13:50:09 +00:00
Dr. Stephen Henson
dddddb2e6c prepare for next version 2012-05-10 16:01:57 +00:00
Dr. Stephen Henson
8fcb93613a prepare for 1.0.0j release 2012-05-10 14:48:54 +00:00
Dr. Stephen Henson
1e4406a854 Reported by: Solar Designer of Openwall 
Make sure tkeylen is initialised properly when encrypting CMS messages.
 2012-05-10 13:28:28 +00:00
Andy Polyakov
c50847c28b ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance 
of digest algorithms, mosty SHA, on Power7. Mystery of century, why SHA,
why slower algorithm are affected more... [from HEAD].
PR: 2794
Submitted by: Ashley Lai
 2012-04-27 20:21:26 +00:00
Dr. Stephen Henson
b1ce2d24dd correct error code 2012-04-22 13:31:37 +00:00
Dr. Stephen Henson
0ed781740d prepare for next version 2012-04-19 17:02:49 +00:00
Dr. Stephen Henson
d0e542fdc9 prepare for 1.0.0i release 2012-04-19 11:47:20 +00:00
Dr. Stephen Henson
5bd4fcc5c2 Check for potentially exploitable overflows in asn1_d2i_read_bio 
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
 2012-04-19 11:44:51 +00:00
Andy Polyakov
d079b387a3 OPENSSL_NO_SOCK fixes [from HEAD]. 
PR: 2791
Submitted by: Ben Noordhuis
 2012-04-16 17:43:28 +00:00
Andy Polyakov
8eeaeb4b04 Minor compatibility fixes [from HEAD]. 
PR: 2790
Submitted by: Alexei Khlebnikov
 2012-04-16 17:37:04 +00:00
Andy Polyakov
cdc575c46b ans1/tasn_prn.c: avoid bool in variable names [from HEAD]. 
PR: 2776
 2012-03-29 17:51:37 +00:00
Dr. Stephen Henson
2f0aaf76f3 Submitted by: Markus Friedl <mfriedl@gmail.com> 
Fix memory leaks in 'goto err' cases.
 2012-03-22 15:43:06 +00:00
Andy Polyakov
216a2a5fc6 x86_64-xlate.pl: remove old kludge. 
PR: 2435,2440
 2012-03-13 19:19:57 +00:00
Dr. Stephen Henson
c2c6044933 prepare for next version 2012-03-12 16:35:49 +00:00
Dr. Stephen Henson
dc95c53c6f corrected fix to PR#2711 and also cover mime_param_cmp 2012-03-12 15:26:48 +00:00
Dr. Stephen Henson
97183a312e prepare for release 2012-03-12 14:24:50 +00:00
Dr. Stephen Henson
6a0a48433b Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and 
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
 2012-03-12 14:22:59 +00:00
Dr. Stephen Henson
18ea747ce4 check return value of BIO_write in PKCS7_decrypt 2012-03-08 14:02:00 +00:00
Dr. Stephen Henson
f4f512a853 PR: 2755 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.
 2012-03-06 13:46:52 +00:00
Dr. Stephen Henson
c8ac945d59 PR: 2742 
Reported by: Dmitry Belyavsky <beldmit@gmail.com>

If resigning with detached content in CMS just copy data across.
 2012-02-29 14:01:40 +00:00
Dr. Stephen Henson
92aa50bc03 Fix memory leak cause by race condition when creating public keys. 
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
 2012-02-28 14:47:25 +00:00
Dr. Stephen Henson
2f31308b17 PR: 2736 
Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.
 2012-02-27 18:45:06 +00:00
Dr. Stephen Henson
468d58e712 xn is never actually used, remove it 2012-02-27 17:07:46 +00:00