Commit graph

5137 commits

Author SHA1 Message Date
Dr. Stephen Henson
ba44b8d42e Set Enveloped data version to 2 if ktri version not zero.
(cherry picked from commit 9c5d953a07)
2014-05-06 14:04:37 +01:00
David Ramos
7cdbce53f1 Double free in i2o_ECPublicKey
PR: 3338
2014-05-04 00:56:13 +01:00
mancha
3abcf477a9 Fix eckey_priv_encode()
Fix eckey_priv_encode to return an error on failure of i2d_ECPrivateKey.
2014-04-24 19:33:01 +00:00
mancha
da8f10881e Fix double frees.
Conflicts:
	CHANGES
2014-04-22 22:52:26 +01:00
Dr. Stephen Henson
bddd6e3495 Extension checking fixes.
When looking for an extension we need to set the last found
position to -1 to properly search all extensions.

PR#3309.
(cherry picked from commit 300b9f0b70)
2014-04-15 18:53:14 +01:00
Andy Polyakov
38b4d7aab1 crypto/modes: strict aliasing fixes from master. 2014-04-06 17:23:55 +02:00
Eric Young
5762c18517 Fix base64 decoding bug.
A short PEM encoded sequence if passed to the BIO, and the file
had 2 \n following would fail.

PR#3289
(cherry picked from commit 10378fb5f4)
2014-04-02 19:57:57 +01:00
Dr. Stephen Henson
2198be3483 Fix for CVE-2014-0076
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140

Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
2014-03-12 14:16:19 +00:00
Dr. Stephen Henson
910b3a81fd Avoid Windows 8 Getversion deprecated errors.
Windows 8 SDKs complain that GetVersion() is deprecated.

We only use GetVersion like this:

	(GetVersion() < 0x80000000)

which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
(cherry picked from commit a4cc3c8041)
2014-02-25 13:43:04 +00:00
Andy Polyakov
4f5b7a76da x509/by_dir.c: fix run-away pointer (and potential SEGV)
when adding duplicates in add_cert_dir.

PR: 3261
Reported by: Marian Done
(cherry picked from commit 758954e0d8)
2014-02-24 15:24:14 +01:00
Dr. Stephen Henson
8fe4d5bedb Remove duplicate statement.
(cherry picked from commit 5a7652c3e5)
2014-02-15 01:29:49 +00:00
Scott Schaefer
b815ab2101 Fix various spelling errors
(cherry picked from commit 2b4ffc659e)
2014-02-14 22:36:04 +00:00
Dr. Stephen Henson
158d061609 Add loaded dynamic ENGINEs to list.
Always add a dynamically loaded ENGINE to list. Otherwise it can cause
problems when multiply loaded, especially if it adds new public key methods.
For all current engines we only want a single implementation anyway.
(cherry picked from commit e933f91f50)
2014-01-28 13:57:58 +00:00
Dr. Stephen Henson
9fe6acbd1d make update 2014-01-23 17:14:48 +00:00
Zoltan Arpadffy
317ed9abdb VMS fixes 2014-01-11 22:42:15 +00:00
Dr. Stephen Henson
6c6f6c44e5 Fix bug in X509_V_FLAG_IGNORE_CRITICAL CRL handling.
(cherry picked from commit 8f4077ca69)
2014-01-09 22:56:40 +00:00
Dr. Stephen Henson
11d31c00ad Prepare for 1.0.0m-dev 2014-01-06 15:02:46 +00:00
Dr. Stephen Henson
7f94a3c3de Prepare for 1.0.0l release 2014-01-06 15:02:02 +00:00
Dr. Stephen Henson
1f7732bca2 Ignore NULL parameter in EVP_MD_CTX_destroy.
(cherry picked from commit a6c62f0c25)
2013-12-20 22:53:38 +00:00
Dr. Stephen Henson
0c9394280a Fix memory leak.
(cherry picked from commit 16bc45ba95)
2013-11-11 23:55:47 +00:00
Dr. Stephen Henson
07aafc4956 Check for missing components in RSA_check.
(cherry picked from commit 01be36ef70525e81fc358d2e559bdd0a0d9427a5)
2013-11-09 15:09:21 +00:00
Dr. Stephen Henson
0c0a51d34b Initialise context before using it.
(cherry picked from commit a4947e4e06)
2013-11-06 13:19:37 +00:00
Ben Laurie
68b6a94379 PBKDF2 should be efficient. Contributed by Christian Heimes
<christian@python.org>.

Conflicts:
	crypto/evp/p5_crpt2.c
2013-11-05 10:47:35 +00:00
Andy Polyakov
41468ed388 evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms.
Submitted by: Yuriy Kaminskiy
(cherry picked from commit 524b00c0da)

Resolved conflicts:

	crypto/evp/e_des3.c
(cherry picked from commit eb22b7ec75)
2013-10-03 11:13:10 +02:00
Ben Laurie
5f0df1f650 Constification.
Conflicts:
	crypto/buffer/buffer.c
2013-10-01 15:26:14 +01:00
Dr. Stephen Henson
e6b4ed7ffa Typo.
(cherry picked from commit 415ece7301)
2013-09-30 14:26:10 +01:00
Bodo Moeller
c23746f339 Fix overly lenient comparisons:
- EC_GROUP_cmp shouldn't consider curves equal just because
      the curve name is the same. (They really *should* be the same
      in this case, but there's an EC_GROUP_set_curve_name API,
      which could be misused.)

    - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
      or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
      equality (not an error).

    Reported by: king cope

(cherry picked from commit 312a46791ab465cfa3bf26764361faed0e5df014)
2013-09-16 13:13:32 +02:00
Dr. Stephen Henson
34eee35479 Fix verify loop with CRL checking.
PR #3090
Reported by: Franck Youssef <fry@open.ch>

If no new reason codes are obtained after checking a CRL exit with an
error to avoid repeatedly checking the same CRL.

This will only happen if verify errors such as invalid CRL scope are
overridden in a callback.
(cherry picked from commit 4b26645c1a)
2013-08-06 16:08:15 +01:00
Kaspar Brand
bcd092d706 Fix for PEM_X509_INFO_read_bio.
PR: 3028
Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys
correctly if they appeared first.
(cherry picked from commit 5ae8d6bcba)
2013-08-06 16:05:52 +01:00
Dr. Stephen Henson
3087bd32ff Typo.
(cherry picked from commit 0ded2a0689)
2013-03-31 17:44:07 +01:00
Andy Polyakov
b04c0d805c x86cpuid.pl: make it work with older CPUs.
PR: 3005
(cherry picked from commit 5702e965d7)
2013-03-18 19:51:13 +01:00
Dr. Stephen Henson
64841ed746 Encode INTEGER correctly.
If an ASN1_INTEGER structure is allocated but not explicitly set encode
it as zero: don't generate an invalid zero length INTEGER.
(cherry picked from commit 1643edc63c)
2013-03-18 14:21:03 +00:00
Andy Polyakov
e9554f7f9b sparccpuid.S: work around emulator bug on T1.
(cherry picked from commit 3caeef94bd)
2013-02-11 10:42:32 +01:00
Dr. Stephen Henson
76e7744bef prepare for next version 2013-02-06 02:27:23 +00:00
Dr. Stephen Henson
d9e048ceac prepare for release 2013-02-05 16:46:21 +00:00
Dr. Stephen Henson
65a9383e6b make update 2013-02-05 16:46:21 +00:00
Andy Polyakov
ae4a75cecf bn_word.c: fix overflow bug in BN_add_word.
(cherry picked from commit 134c00659a)
2013-02-05 16:46:19 +00:00
Andy Polyakov
2e884ce11d x86_64 assembly pack: keep making Windows build more robust.
PR: 2963 and a number of others
(cherry picked from commit 4568182a8b)
2013-02-05 16:46:19 +00:00
Ben Laurie
080f395392 Fixups from previous commit. 2013-02-05 16:46:17 +00:00
Ben Laurie
e5420be6cd Make CBC decoding constant time.
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bcc)

Conflicts:
	crypto/evp/c_allc.c
	ssl/ssl_algs.c
	ssl/ssl_locl.h
	ssl/t1_enc.c
2013-02-05 16:46:16 +00:00
Ben Laurie
9c00a95060 Add and use a constant-time memcmp.
This change adds CRYPTO_memcmp, which compares two vectors of bytes in
an amount of time that's independent of their contents. It also changes
several MAC compares in the code to use this over the standard memcmp,
which may leak information about the size of a matching prefix.
(cherry picked from commit 2ee798880a)

Conflicts:
	crypto/crypto.h
	ssl/t1_lib.c
2013-02-05 16:46:15 +00:00
Dr. Stephen Henson
ebc71865f0 Don't try and verify signatures if key is NULL (CVE-2013-0166)
Add additional check to catch this in ASN1_item_verify too.
2013-02-05 16:46:15 +00:00
Dr. Stephen Henson
1dfa62d4c8 Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set 2013-01-23 01:14:13 +00:00
Andy Polyakov
8c6364e198 x86_64 assembly pack: make Windows build more robust [from master].
PR: 2963 and a number of others
2013-01-22 23:00:02 +01:00
Dr. Stephen Henson
98c2e93723 Don't include comp.h if no-comp set. 2013-01-20 01:12:15 +00:00
Dr. Stephen Henson
d8b177719a make no-comp compile 2012-12-30 16:05:24 +00:00
Dr. Stephen Henson
235e76bce1 Fix two bugs which affect delta CRL handling:
Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.
2012-12-06 18:25:18 +00:00
Dr. Stephen Henson
77ada38dbd PR: 2803
Submitted by: jean-etienne.schwartz@bull.net

In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
2012-11-29 19:15:52 +00:00
Bodo Möller
c51f6bccea Fix EC_KEY initialization race.
Submitted by: Adam Langley
2012-10-05 20:51:31 +00:00
Ben Laurie
b8719c753e Fix warning. 2012-10-04 15:04:26 +00:00