wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11821 commits 20 branches 302 tags 153 MiB
Commit graph

6081 commits

Author SHA1 Message Date
Dr. Stephen Henson
f9b6c0ba4c Fix for CVE-2014-0076 
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140

Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be3483)

Conflicts:

	CHANGES
 2014-03-12 14:29:43 +00:00
Andy Polyakov
5e44c144e6 SPARC T4 assembly pack: treat zero input length in CBC. 
The problem is that OpenSSH calls EVP_Cipher, which is not as
protective as EVP_CipherUpdate. Formally speaking we ought to
do more checks in *_cipher methods, including rejecting
lengths not divisible by block size (unless ciphertext stealing
is in place). But for now I implement check for zero length in
low-level based on precedent.

PR: 3087, 2775
 2014-03-07 10:30:37 +01:00
Andy Polyakov
53e5161231 dh_check.c: check BN_CTX_get's return value. 2014-03-06 14:19:37 +01:00
Andy Polyakov
972b0dc350 bss_dgram.c,d1_lib.c: make it compile with mingw. 
Submitted by: Roumen Petrov
 2014-03-06 14:04:56 +01:00
Dr. Stephen Henson
315cd871c4 For self signed root only indicate one error. 
(cherry picked from commit bdfc0e284c)
 2014-03-03 23:36:46 +00:00
Dr. Stephen Henson
5693a30813 PKCS#8 support for alternative PRFs. 
Add option to set an alternative to the default hmacWithSHA1 PRF
for PKCS#8 private key encryptions. This is used automatically
by PKCS8_encrypt if the nid specified is a PRF.

Add option to pkcs8 utility.

Update docs.
(cherry picked from commit b60272b01f)
 2014-03-01 23:16:08 +00:00
Dr. Stephen Henson
01757858fe Fix memory leak. 
(cherry picked from commit 124d218889)
 2014-03-01 23:15:53 +00:00
Andy Polyakov
b62a4a1c0e perlasm/x86asm.pl: recognize elf-1 denoting old ELF platforms. 2014-02-27 14:26:12 +01:00
Andy Polyakov
ce876d8316 perlasm/x86gas.pl: limit special OPENSSL_ia32cap_P treatment to ELF. 2014-02-27 14:22:13 +01:00
Andy Polyakov
f861b1d433 rc4/asm/rc4-586.pl: allow for 386-only build. 2014-02-27 14:19:19 +01:00
Andy Polyakov
fd361a67ef des/asm/des-586.pl: shortcut reference to DES_SPtrans. 2014-02-27 14:17:43 +01:00
Rob Stradling
52f71f8181 CABForum EV OIDs for Subject Jurisdiction of Incorporation or Registration. 2014-02-26 15:33:11 +00:00
Andy Polyakov
d49135e7ea sha/asm/sha256-586.pl: don't try to compile SIMD with no-sse2. 2014-02-26 10:22:13 +01:00
Andy Polyakov
147cca8f53 sha/asm/sha512-x86_64.pl: fix compilation error on Solaris. 2014-02-26 09:30:03 +01:00
Andy Polyakov
e704741bf3 aes/asm/vpaes-ppc.pl: fix traceback info. 2014-02-25 20:11:34 +01:00
Dr. Stephen Henson
e0520c65d5 Don't use BN_ULLONG in n2l8 use SCTS_TIMESTAMP. 
(cherry picked from commit 3678161d71)
 2014-02-25 15:06:51 +00:00
Dr. Stephen Henson
3a325c60a3 Fix for v3_scts.c 
Not all platforms define BN_ULLONG. Define SCTS_TIMESTAMP as a type
which should work on all platforms.
(cherry picked from commit 6634416732)
 2014-02-25 14:56:31 +00:00
Dr. Stephen Henson
a4cc3c8041 Avoid Windows 8 Getversion deprecated errors. 
Windows 8 SDKs complain that GetVersion() is deprecated.

We only use GetVersion like this:

	(GetVersion() < 0x80000000)

which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
 2014-02-25 13:40:33 +00:00
Rob Stradling
19f65ddbab Parse non-v1 SCTs less awkwardly. 2014-02-25 10:14:51 +00:00
Andy Polyakov
758954e0d8 x509/by_dir.c: fix run-away pointer (and potential SEGV) 
when adding duplicates in add_cert_dir.

PR: 3261
Reported by: Marian Done
 2014-02-24 15:16:56 +01:00
Andy Polyakov
214368ffee aes/asm/aesni-x86[_64].pl: minor Atom-specific performance tweak. 2014-02-21 12:14:04 +01:00
Dr. Stephen Henson
47739161c6 fix WIN32 warnings 
(cherry picked from commit b709f8ef54)
 2014-02-20 22:55:24 +00:00
Dr. Stephen Henson
ded18639d7 Move CT viewer extension code to crypto/x509v3 2014-02-20 18:48:56 +00:00
Dr. Stephen Henson
4cfeb00be9 make depend 2014-02-19 20:09:08 +00:00
Dr. Stephen Henson
84917787b5 Remove references to o_time.h 2014-02-19 20:06:13 +00:00
Ben Laurie
ff49a94439 Move gmtime functions to crypto.h. 2014-02-19 18:02:04 +00:00
Ben Laurie
c0482547b3 Reverse export of o_time.h. 2014-02-19 17:57:07 +00:00
Ben Laurie
765e9ba911 Merge branch 'sct-viewer-master' of https://github.com/robstradling/openssl into sct-viewer 2014-02-19 17:17:14 +00:00
Rob Stradling
b263f21246 Move the SCT List extension parser into libssl. 
Add the extension parser in the s_client, ocsp and x509 apps.
 2014-02-19 13:12:46 +00:00
Dr. Stephen Henson
6ecbc2bb62 Don't use CRYPTO_AES_CTR if it isn't defined. 2014-02-18 22:20:30 +00:00
Dr. Stephen Henson
5a7652c3e5 Remove duplicate statement. 2014-02-15 01:27:56 +00:00
Klaus-Peter Junghanns
be2c4d9bd9 Add support for aes-128/192/256-ctr to the cryptodev engine. 
This can be used to speed up SRTP with libsrtp, e.g. on TI omap/sitara based devices.
 2014-02-15 00:01:40 +00:00
Rob Stradling
dcfe8df148 Show the contents of the RFC6962 Signed Certificate Timestamp List Certificate/OCSP Extensions. 
Add the RFC6962 OIDs to the objects table.
 2014-02-14 23:24:35 +00:00
Scott Schaefer
2b4ffc659e Fix various spelling errors 2014-02-14 22:29:12 +00:00
Andy Polyakov
701134320a ssl/s3_pkt.c: detect RAND_bytes error in multi-block. 2014-02-14 17:43:31 +01:00
Andy Polyakov
f4d456408d x86[_64]cpuid.pl: add low-level RDSEED. 2014-02-14 17:24:12 +01:00
Andy Polyakov
5599c7331b aes/asm/aesni-x86_64.pl: further optimization for Atom Silvermont. 
Improve CBC decrypt and CTR by ~13/16%, which adds up to ~25/33%
improvement over "pre-Silvermont" version. [Add performance table to
aesni-x86.pl].
 2014-02-14 17:06:15 +01:00
Dr. Stephen Henson
385b348666 Include TA in checks/callback with partial chains. 
When a chain is complete and ends in a trusted root checks are also
performed on the TA and the callback notified with ok==1. For
consistency do the same for chains where the TA is not self signed.
 2014-02-14 15:07:01 +00:00
Dr. Stephen Henson
2dac2667d1 Don't do loop detection for self signed check. 2014-02-14 14:52:23 +00:00
Dr. Stephen Henson
847865d0f9 Add suppot for ASCII with CRLF canonicalisation. 2014-02-13 14:35:56 +00:00
Andy Polyakov
9587429fa0 evp/e_aes_cbc_hmac_sha*.c: improve cache locality. 2014-02-13 14:39:55 +01:00
Andy Polyakov
98e143f118 ghash-x86[_64].pl: ~15% improvement on Atom Silvermont 
(other processors unaffected).
 2014-02-13 14:37:28 +01:00
Ben Laurie
fc92396976 Fix warning. 2014-02-13 03:11:58 +00:00
Andy Polyakov
5a42c8f07f e_aes_cbc_hmac_sha[1|256].c: fix compiler warning. 2014-02-05 16:38:22 +01:00
Andy Polyakov
0d5096fbd6 evp/e_aes_cbc_hmac_sha*.c: additional CTRL to query buffer requirements. 2014-02-05 14:05:08 +01:00
Andy Polyakov
3847d15d6b [aesni|sha*]-mb-x86_64.pl: add data prefetching. 2014-02-05 14:03:35 +01:00
Andy Polyakov
d162584b11 modes/asm/ghash-s390x.pl: +15% performance improvement on z10. 2014-02-02 00:09:17 +01:00
Andy Polyakov
d8ba0dc977 crypto/aes/asm/aesni-x86[_64].pl update, up to 14% improvement on 
Atom Silvermont. On other CPUs one can observe 1% loss on some
algorithms.
 2014-02-01 21:13:49 +01:00
Andy Polyakov
b217ca63b1 crypto/sha/asm/sha1-x86_64.pl update: 
+5% on Atom Silvermont, up to +8% improvement of legacy code.
Harmonize sha1-586.pl and aesni-sha1-x86_86.p with sha1-x86_64.pl.
 2014-02-01 21:07:16 +01:00
Dr. Stephen Henson
e933f91f50 Add loaded dynamic ENGINEs to list. 
Always add a dynamically loaded ENGINE to list. Otherwise it can cause
problems when multiply loaded, especially if it adds new public key methods.
For all current engines we only want a single implementation anyway.
 2014-01-28 13:51:58 +00:00