generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
8,813 Commits 16 Branches 258 Tags
1a38987de0d57286fac67f19ebb35c82fc1555b3
Commit Graph

17 Commits

Author SHA1 Message Date
Matt Caswell
40720ce3ca Run util/openssl-format-source -v -c . 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:52:55 +00:00
Tim Hudson
b558c8d597 mark all block comments that need format preserving so that 
indent will not alter them when reformatting comments

(cherry picked from commit 1d97c84351)

Conflicts:
	crypto/bn/bn_lcl.h
	crypto/bn/bn_prime.c
	crypto/engine/eng_all.c
	crypto/rc4/rc4_utl.c
	crypto/sha/sha.h
	ssl/kssl.c
	ssl/t1_lib.c

Conflicts:
	crypto/rc4/rc4_enc.c
	crypto/x509v3/v3_scts.c
	crypto/x509v3/v3nametest.c
	ssl/d1_both.c
	ssl/s3_srvr.c
	ssl/ssl.h
	ssl/ssl_locl.h
	ssl/ssltest.c
	ssl/t1_lib.c

Conflicts:
	crypto/asn1/a_sign.c
	crypto/bn/bn_div.c
	crypto/dsa/dsa_asn1.c
	crypto/ec/ecp_nistp224.c
	crypto/ec/ecp_nistp256.c
	crypto/ec/ecp_nistp521.c
	crypto/ec/ecp_nistputil.c
	crypto/modes/gcm128.c
	crypto/opensslv.h
	ssl/d1_both.c
	ssl/heartbeat_test.c
	ssl/s3_clnt.c
	ssl/s3_srvr.c
	ssl/ssl_sess.c
	ssl/t1_lib.c
	test/testutil.h

Conflicts:
	apps/openssl.c
	apps/ts.c
	apps/vms_decc_init.c
	crypto/aes/aes_core.c
	crypto/aes/aes_x86core.c
	crypto/dsa/dsa_ameth.c
	crypto/ec/ec2_mult.c
	crypto/evp/evp.h
	crypto/objects/objects.h
	crypto/rsa/rsa_pss.c
	crypto/stack/safestack.h
	crypto/ts/ts.h
	crypto/ts/ts_rsp_verify.c
	crypto/whrlpool/wp_dgst.c
	crypto/x509v3/v3_ncons.c
	e_os2.h
	engines/ccgost/gost89.c
	engines/ccgost/gost_ctl.c
	engines/ccgost/gost_keywrap.c
	engines/ccgost/gost_keywrap.h
	engines/ccgost/gost_sign.c
	ssl/kssl.c
	ssl/s3_srvr.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:48:44 +00:00
Emilia Kasper
96e1015eec RT3066: rewrite RSA padding checks to be slightly more constant time. 
Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1

This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Conflicts:
	crypto/rsa/rsa_oaep.c
 2014-09-24 14:39:44 +02:00
Emilia Kasper
9b208659aa Constant-time utilities 
Pull constant-time methods out to a separate header, add tests.

Reviewed-by: Bodo Moeller <bodo@openssl.org>
(cherry picked from commit 73729e4cf3)

Conflicts:
	ssl/Makefile
	test/Makefile
 2014-08-28 17:28:42 +02:00
David Woodhouse
a8655eb21a Check DTLS_BAD_VER for version number. 
Need to check DTLS_BAD_VER as well as DTLS1_VERSION.
PR:2984
(cherry picked from commit 6a14feb048)
 2013-02-12 15:12:52 +00:00
Andy Polyakov
5864fd2061 s3_cbc.c: make CBC_MAC_ROTATE_IN_PLACE universal. 
(cherry picked from commit f93a41877d)
 2013-02-08 21:38:06 +01:00
Andy Polyakov
ff58eaa4b6 s3_cbc.c: get rid of expensive divisions [from master]. 
(cherry picked from commit e9baceab5a)
 2013-02-08 17:01:55 +01:00
Dr. Stephen Henson
59b1129e0a Fix IV check and padding removal. 
Fix the calculation that checks there is enough room in a record
after removing padding and optional explicit IV. (by Steve)

For AEAD remove the correct number of padding bytes (by Andy)
(cherry picked from commit be125aa5ba)
 2013-02-08 11:49:41 +01:00
Andy Polyakov
fb092ef4fc ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility. 
Kludge alert. This is arranged by passing padding length in unused
bits of SSL3_RECORD->type, so that orig_len can be reconstructed.
(cherry picked from commit 413cbfe68d)
 2013-02-07 15:03:00 +00:00
Adam Langley
6351adecb4 Fix for EXP-RC2-CBC-MD5 
MD5 should use little endian order. Fortunately the only ciphersuite
affected is EXP-RC2-CBC-MD5 (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) which
is a rarely used export grade ciphersuite.
(cherry picked from commit ee463921ed)
 2013-02-06 16:12:49 +00:00
Andy Polyakov
40e0de0395 s3/s3_cbc.c: allow for compilations with NO_SHA256|512. 
(cherry picked from commit d5371324d9)
 2013-02-05 16:50:35 +00:00
Andy Polyakov
5f9345a2f0 ssl/s3_cbc.c: md_state alignment portability fix. 
RISCs are picky and alignment granted by compiler for md_state can be
insufficient for SHA512.
(cherry picked from commit 36260233e7)
 2013-02-05 16:50:35 +00:00
Andy Polyakov
33ccde59a1 ssl/s3_cbc.c: uint64_t portability fix. 
Break dependency on uint64_t. It's possible to declare bits as
unsigned int, because TLS packets are limited in size and 32-bit
value can't overflow.
(cherry picked from commit cab13fc847)
 2013-02-05 16:50:35 +00:00
Dr. Stephen Henson
1909df070f Don't access EVP_MD internals directly. 2013-02-05 16:50:35 +00:00
Dr. Stephen Henson
924b117422 Timing fix mitigation for FIPS mode. 
We have to use EVP in FIPS mode so we can only partially mitigate
timing differences.

Make an extra call to HMAC_Update to hash additonal blocks
to cover any timing differences caused by removal of padding.
 2013-02-05 16:50:34 +00:00
Ben Laurie
2928cb4c82 Fixups. 2013-02-05 16:50:33 +00:00
Ben Laurie
a33e6702a0 Oops. Add missing file. 
(cherry picked from commit 014265eb02)
(cherry picked from commit 7721c53e5e9fe4c90be420d7613559935a96a4fb)
 2013-02-05 16:50:33 +00:00