Commit graph

11727 commits

Author SHA1 Message Date
Dr. Stephen Henson
3b4a761853 Don't allow non-FIPS curves in FIPS mode.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-25 00:20:56 +01:00
Dr. Stephen Henson
255401756d Use correct function name: CMS_add1_signer()
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 5886354dcc)
2014-09-25 00:06:46 +01:00
Andy Polyakov
ec65b83d65 crypto/bn/bn_nist.c: work around MSC ARM compiler bug.
RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit 8b07c005fe)
2014-09-25 00:46:45 +02:00
Andy Polyakov
d169bf9cab e_os.h: allow inline functions to be compiled by legacy compilers.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 40155f4089)
2014-09-25 00:36:10 +02:00
Emilia Kasper
738911cde6 RT3425: constant-time evp_enc
Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4aac102f75)

Conflicts:
	crypto/evp/evp_enc.c
2014-09-24 16:25:04 +02:00
Emilia Kasper
e1080ea3c7 RT3067: simplify patch
(Original commit adb46dbc6d)

Use the new constant-time methods consistently in s3_srvr.c

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 455b65dfab)
2014-09-24 15:54:51 +02:00
Adam Langley
941af48fec This change alters the processing of invalid, RSA pre-master secrets so
that bad encryptions are treated like random session keys in constant
time.

(cherry picked from commit adb46dbc6d)

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-24 15:42:43 +02:00
Emilia Kasper
9bed73adaa RT3066: rewrite RSA padding checks to be slightly more constant time.
Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1

This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Conflicts:
	crypto/rsa/rsa_oaep.c
	crypto/rsa/rsa_pk1.c
	ssl/s3_cbc.c
2014-09-24 12:47:19 +02:00
Emilia Kasper
e9128d9401 Note i2d_re_X509_tbs and related changes in CHANGES
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-23 18:26:42 +02:00
Emilia Kasper
972868b23d make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-09-23 18:20:26 +02:00
Emilia Kasper
e774a3055b Add i2d_re_X509_tbs
i2d_re_X509_tbs re-encodes the TBS portion of the certificate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 95b1752cc7)
2014-09-23 18:20:26 +02:00
Emilia Kasper
d9f99d4ef3 Revert "Add accessor for x509.cert_info."
This reverts commit 519ad9b384.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-23 18:20:26 +02:00
Emilia Kasper
6ce2a64191 Revert "Add more accessors."
This reverts commit cacdfcb247.

Conflicts:
	crypto/x509/x509.h

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-23 18:20:26 +02:00
Andy Polyakov
d2a1226b81 CHANGES: mention ECP_NISTZ256.
Reviewed-by: Bodo Moeller <bodo@openssl.org>
(cherry picked from commit 507efe7372)
2014-09-23 14:56:46 +02:00
Andy Polyakov
9fa9370b6f crypto/ecp_nistz256.c: harmonize error codes.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit be07ae9b10)
2014-09-22 00:11:04 +02:00
Dr. Stephen Henson
12f14b1d8f Fix warning.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 16e5b45f72)
2014-09-22 00:10:53 +02:00
Andy Polyakov
27918b7c25 crypto/ec: harmonize new code with FIPS module.
RT: 3149
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-22 00:07:44 +02:00
Andy Polyakov
2e31c47adb Configure: engage ECP_NISTZ256.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 847147908b)

Resolved conflicts:

	Configure
	TABLE
2014-09-22 00:07:44 +02:00
Andy Polyakov
3842a64d36 Add ECP_NISTZ256 by Shay Gueron, Intel Corp.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4d3fa06fce)
2014-09-22 00:07:44 +02:00
Andy Polyakov
8aed2a7548 Reserve option to use BN_mod_exp_mont_consttime in ECDSA.
Submitted by Shay Gueron, Intel Corp.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit f54be179aa)
2014-09-22 00:07:44 +02:00
Andy Polyakov
f7835e1c20 perlasm/x86_64-xlate.pl: handle inter-bank movd.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 902b30df19)
2014-09-22 00:07:44 +02:00
Andy Polyakov
11d8abb331 Configure: add configuration for crypto/ec/asm extensions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 6019cdd327)

Resolved conflicts:

	Configure
	Makefile.org
	TABLE
2014-09-22 00:07:44 +02:00
Tim Hudson
320d949781 Fixed error introduced in commit f2be92b94d
that fixed PR#3450 where an existing cast masked an issue when i was changed
from int to long in that commit

Picked up on z/linux (s390) where sizeof(int)!=sizeof(long)

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit b5ff559ff9)
2014-09-22 06:35:57 +10:00
Andy Polyakov
dfb5de6fc0 Harmonize Tru64 and Linux make rules.
RT: 3333,3165
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit d475b2a3bf)
2014-09-20 10:22:13 +02:00
Jake Goulding
5015a93ded RT2301: GetDIBits, not GetBitmapBits in rand_win
GetDIBits has been around since Windows2000 and
BitBitmapBits is an old Win16 compatibility function
that is much slower.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 99b00fd993)
2014-09-18 16:42:07 -04:00
Rich Salz
478b3470ff RT2772 update: c_rehash was broken
Move the readdir() lines out of the if statement, so
that flist is available globally.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 6f46c3c3b0)
2014-09-11 13:09:56 -04:00
Rich Salz
3258429883 RT3271 update; extra; semi-colon; confuses; some;
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit cb4bb56bae)
2014-09-10 15:09:53 -04:00
Rich Salz
a9d928a8b6 RT2560: missing NULL check in ocsp_req_find_signer
If we don't find a signer in the internal list, then fall
through and look at the internal list; don't just return NULL.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b2aa38a980)
2014-09-10 12:20:15 -04:00
Rich Salz
3aa2d2d08f RT2196: Clear up some README wording
Say where to email bug reports.
Mention general RT tracker info in a separate paragraph.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 468ab1c20d)
2014-09-09 17:49:04 -04:00
Matt Caswell
f33ce36aff RT3192: spurious error in DSA verify
This is funny; Ben commented in the source, Matt opend a ticket,
and Rich is doing the submit.  Need more code-review? :)

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit eb63bce040)
2014-09-09 17:10:57 -04:00
Rich Salz
e61c648fd6 RT3271: Don't use "if !" in shell lines
For portability don't use "if ! expr"

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b999f66e34)
2014-09-09 17:05:50 -04:00
Geoff Keating
8c0d19d857 RT1909: Omit version for v1 certificates
When calling X509_set_version to set v1 certificate, that
should mean that the version number field is omitted.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 1f18f50c4b)
2014-09-09 15:16:42 -04:00
Kurt Cancemi
283a8fd1aa RT3506: typo's in ssltest
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 4eadd11cd9)
2014-09-09 13:58:33 -04:00
Paul Suhler
b8d687bb56 RT2841: Extra return in check_issued
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 4cd1119df3)
2014-09-08 18:50:40 -04:00
Kurt Roeckx
57c932dafd RT2626: Change default_bits from 1K to 2K
This is a more comprehensive fix.  It changes all
keygen apps to use 2K keys. It also changes the
default to use SHA256 not SHA1.  This is from
Kurt's upstream Debian changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 44e0c2bae4)
2014-09-08 17:23:37 -04:00
Matthias Andree
ef720a67ab RT2272: Add old-style hash to c_rehash
In addition to Matthias's change, I also added -n to
not remove links. And updated the manpage.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit a787c2590e)
2014-09-08 11:35:25 -04:00
Rich Salz
f28c48d07e RT468: SSL_CTX_sess_set_cache_size wrong
The documentation is wrong about what happens when the
session cache fills up.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit e9edfc4196)
2014-09-08 11:26:19 -04:00
Erik Auerswald
ff89be854e RT3301: Discard too-long heartbeat requests
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit af4c6e348e)
2014-09-08 11:23:02 -04:00
Scott Schaefer
61a44b76a0 RT2518: fix pod2man errors
pod2man now complains when item tags are not sequential.
Also complains about missing =back and other tags.
Silence the warnings; most were already done.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit fe7573042f)
2014-09-08 11:18:58 -04:00
Rich Salz
45236ed6a4 RT3108: OPENSSL_NO_SOCK should imply OPENSSL_NO_DGRAM
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit be0bd11d69)
2014-09-08 11:08:01 -04:00
Robin Lee
240635c0b2 RT3031: Need to #undef some names for win32
Copy the ifdef/undef stanza from x509.h to x509v3.h

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 83e4e03eeb)
2014-09-08 11:06:07 -04:00
Martin Olsson
610ac0525d RT2843: Remove another spurious close-comment token
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 683cd7c948)
2014-09-08 10:52:19 -04:00
Martin Olsson
9c096d0bbf RT2842: Remove spurious close-comment marker.
Also, I (rsalz) changed "#ifdef undef" to "#if 0"

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 6b0dc6eff1)
2014-09-08 10:50:33 -04:00
Rich Salz
1915744a64 Merge branch 'OpenSSL_1_0_2-stable' of git.openssl.org:openssl into OpenSSL_1_0_2-stable
another empty merge???

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-08 10:47:03 -04:00
Rich Salz
c387f7d0ea Empty merge
Merge branch 'OpenSSL_1_0_2-stable' of git.openssl.org:openssl into OpenSSL_1_0_2-stable

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-08 10:45:53 -04:00
Rich Salz
eee95fc64f Empty merge
Merge branch 'OpenSSL_1_0_2-stable' of git.openssl.org:openssl into OpenSSL_1_0_2-stable

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-08 10:45:31 -04:00
Rich Salz
dd3c21b2d2 RT1834: Fix PKCS7_verify return value
The function returns 0 or 1, only.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b0e659cfac)
2014-09-08 10:43:32 -04:00
Rich Salz
dd13aadf9e RT1832: Fix PKCS7_verify return value
The function returns 0 or 1, only.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b0e659cfac)
2014-09-08 10:39:12 -04:00
Alon Bar-Lev
2a49fef28e RT1771: Add string.h include.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 8842987e5a)
2014-09-08 10:38:08 -04:00
Viktor Dkhovni
c56be26d9f RT1325,2973: Add more extensions to c_rehash
Regexp was bracketed wrong.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 5a8addc432)
2014-09-07 18:25:59 -04:00