Dr. Stephen Henson
5a7fc89394
Add additional DigestInfo checks.
...
Reencode DigestInto in DER and check against the original: this
will reject any improperly encoded DigestInfo structures.
Note: this is a precautionary measure, there is no known attack
which can exploit this.
Thanks to Brian Smith for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-29 12:31:29 +01:00
Emilia Kasper
96e1015eec
RT3066: rewrite RSA padding checks to be slightly more constant time.
...
Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1
This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Conflicts:
crypto/rsa/rsa_oaep.c
2014-09-24 14:39:44 +02:00
Alan Hryngle
7faa66433f
Return smaller of ret and f.
...
PR#3418.
(cherry picked from commit fdea4fff8f
)
2014-07-05 22:39:16 +01:00
Ben Laurie
2708813166
Add and use a constant-time memcmp.
...
This change adds CRYPTO_memcmp, which compares two vectors of bytes in
an amount of time that's independent of their contents. It also changes
several MAC compares in the code to use this over the standard memcmp,
which may leak information about the size of a matching prefix.
(cherry picked from commit 2ee798880a
)
Conflicts:
crypto/crypto.h
ssl/t1_lib.c
(cherry picked from commit dc406b59f3169fe191e58906df08dce97edb727c)
Conflicts:
crypto/crypto.h
ssl/d1_pkt.c
ssl/s3_pkt.c
2013-02-05 16:50:32 +00:00
Bodo Möller
195d6bf760
BN_BLINDING multi-threading fix.
...
Submitted by: Emilia Kasper (Google)
2011-10-19 14:57:59 +00:00
Dr. Stephen Henson
05bbbe9204
PR: 2295
...
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve
OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
2010-10-11 23:28:54 +00:00
Dr. Stephen Henson
93b810637b
Bypass algorithm blocking with TLS MD5+SHA1 signature in FIPS mode by
...
calling underlying method directly.
2010-01-27 00:51:24 +00:00
Dr. Stephen Henson
9e5dea0ffd
PR: 2124
...
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>
Check for memory allocation failures.
2009-12-09 13:41:50 +00:00
Dr. Stephen Henson
3cc52ee97a
Don't set non fips allow flags when calling RSA_new() and DSA_new().
2009-09-22 11:28:05 +00:00
Dr. Stephen Henson
e1246e1ad7
Submitted by: Julia Lawall <julia@diku.dk>
...
The functions ENGINE_ctrl(), OPENSSL_isservice(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
2009-09-13 11:20:38 +00:00
Dr. Stephen Henson
5e4c2225ed
Oops, moved too much.
2009-06-26 23:56:10 +00:00
Dr. Stephen Henson
167d2a1411
PR: 1961
...
Submitted by: Martin Gerbershagen <martin.gerbershagen@nsn.com>
Approved by: steve@openssl.org
Avoid memory leak if RAND_bytes() fails.
2009-06-26 22:52:18 +00:00
Dr. Stephen Henson
f908ca4db4
PR: 1840
...
Submitted by: Martin Kaiser <lists@kaiser.cx>
Approved by: steve@openssl.org
Handle NULL passing in parameter and BN_CTX_new() error correctly.
2009-02-14 22:19:31 +00:00
Dr. Stephen Henson
3795297af8
Change old obsolete email address...
2008-11-05 18:36:57 +00:00
Dr. Stephen Henson
e852835da6
Make update: delete duplicate error code.
2008-09-17 17:11:09 +00:00
Dr. Stephen Henson
05794d983f
Add RSA update from FIPS branch that got omitted....
2008-09-17 15:53:59 +00:00
Dr. Stephen Henson
9b809d6278
Add missing files.
2008-09-16 22:54:30 +00:00
Dr. Stephen Henson
d83dde6180
Merge changes to build system from fips branch.
2008-09-16 21:44:57 +00:00
Dr. Stephen Henson
e3f2860e73
Merge public key FIPS code, RSA, DSA, DH.
2008-09-16 14:55:26 +00:00
Dr. Stephen Henson
16349eeceb
Port X931 key generation routines from FIPS branch. Don't include deprecated
...
versions as they weren't in 0.9.8 before now anyway.
2008-09-15 21:42:28 +00:00
Dr. Stephen Henson
1af12ff1d1
Fix error code discrepancy.
...
Make update.
2008-09-14 16:43:37 +00:00
Bodo Möller
669b912dea
Really get rid of unsafe double-checked locking.
...
Also, "CHANGES" clean-ups.
2008-09-14 13:51:49 +00:00
Bodo Möller
df1f7b4b02
We should check the eight bytes starting at p[-9] for rollback attack
...
detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK
will be larger than necessary.
PR: 1695
2008-07-17 22:11:24 +00:00
Dr. Stephen Henson
e0f6c15418
Make WIN32 build work with no-rc4
2008-06-21 23:28:02 +00:00
Dr. Stephen Henson
10d3886c51
Fix two invalid memory reads in RSA OAEP mode.
...
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve
2008-05-19 21:26:28 +00:00
Bodo Möller
19398a175a
fix BIGNUM flag handling
2008-02-27 06:02:00 +00:00
Ben Laurie
84dd04e761
Make sure we detect corruption.
2007-04-04 12:50:13 +00:00
Bodo Möller
7cdb81582c
Change to mitigate branch prediction attacks
...
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2007-03-28 00:14:25 +00:00
Dr. Stephen Henson
4a0d3530e0
Update from HEAD.
2007-01-21 13:16:49 +00:00
Dr. Stephen Henson
115fc340cb
Rebuild error file C source files.
2006-11-21 20:14:46 +00:00
Mark J. Cox
951dfbb13a
Introduce limits to prevent malicious keys being able to
...
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937) [Steve Henson]
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
2006-09-28 11:29:03 +00:00
Bodo Möller
40ddcb717a
Remove non-functional part of recent patch, after discussion with
...
Colin Percival (this would have caused more problems than solved,
and isn't really necessary anyway)
2006-09-06 06:43:26 +00:00
Mark J. Cox
df20b6e79b
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
...
(CVE-2006-4339)
Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
2006-09-05 08:25:42 +00:00
Bodo Möller
6d2cd23f40
Thread-safety fixes
2006-06-14 08:51:41 +00:00
Nils Larsch
b7a80146f4
fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end()
2006-03-13 23:12:08 +00:00
Nils Larsch
22d1087e16
backport recent changes from the cvs head
2006-02-08 19:16:33 +00:00
Dr. Stephen Henson
9f85fcefdc
Update filenames in makefiles
2006-02-04 01:49:36 +00:00
Richard Levitte
5f4dcaf781
/usr/bin/perl util/mkerr.pl -recurse -write -rebuild
2006-01-09 16:05:22 +00:00
Ben Laurie
ec7033745e
Fix memory leak.
2005-11-25 14:26:12 +00:00
Nils Larsch
ff86d3d894
protect BN_BLINDING_invert with a write lock and BN_BLINDING_convert
...
with a read lock
Submitted by: Leandro Santi <lesanti@fiuba7504.com.ar>
2005-09-22 23:32:49 +00:00
Nils Larsch
7f622f6c04
fix warnings when building openssl with (gcc 3.3.1):
...
-Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar
-Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts
-Wstrict-prototypes -Wreturn-type -Wpointer-arith -W -Wunused
-Wno-unused-parameter -Wuninitialized
2005-08-28 23:20:52 +00:00
Andy Polyakov
98e986141b
Windows CE update from HEAD.
2005-08-07 22:29:58 +00:00
Dr. Stephen Henson
39d29195a7
Update from head.
2005-06-06 22:41:50 +00:00
Andy Polyakov
3d5afc8b83
PSS update [from 0.9.7].
2005-06-02 18:29:21 +00:00
Nils Larsch
b0fb889c29
check return value
2005-06-01 22:35:07 +00:00
Dr. Stephen Henson
460e80bd1d
Update from 0.9.7-stable
2005-06-01 22:14:41 +00:00
Nils Larsch
198bcece58
fix warning
2005-05-31 09:55:13 +00:00
Dr. Stephen Henson
c2d78c9623
Copy ordinals from 0.9.7 and update.
2005-05-30 00:28:38 +00:00
Dr. Stephen Henson
b4d2858f95
Add PSS prototype to rsa.h
2005-05-28 20:50:11 +00:00
Dr. Stephen Henson
dea446d995
Update from 0.9.7-stable branch.
2005-05-28 20:49:09 +00:00