generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
10,701 Commits 16 Branches 258 Tags 86 MiB
3242e5938b
Commit Graph

660 Commits

Author SHA1 Message Date
Richard Levitte
8202802fad Include "constant_time_locl.h" rather than "../constant_time_locl.h". 
The different -I compiler parameters will take care of the rest...

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-10-15 10:49:35 +02:00
Emilia Kasper
f2df488a1c RT3425: constant-time evp_enc 
Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4aac102f75)

Conflicts:
	crypto/evp/evp_enc.c

(cherry picked from commit 738911cde6)
 2014-09-24 16:25:54 +02:00
Emilia Kasper
bcdd904c6c Fix build when BSAES_ASM is defined but VPAES_ASM is not 
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit da92be4d68)
 2014-08-21 15:48:23 +02:00
Dr. Stephen Henson
c28b055a0c Fix copy for CCM, GCM and XTS. 
Internal pointers in CCM, GCM and XTS contexts should either be
NULL or set to point to the appropriate key schedule. This needs
to be adjusted when copying contexts.
(cherry picked from commit c2fd5d79ff)
 2014-06-30 14:00:00 +01:00
ZNV
105a3db56e Make EVP_CIPHER_CTX_copy work in GCM mode. 
PR#3272
(cherry picked from commit 370bf1d708)
 2014-06-29 22:02:42 +01:00
Dr. Stephen Henson
69b8f2895b Fix for EVP_PBE_alg_add(). 
In EVP_PBE_alg_add don't use the underlying NID for the cipher
as it may have a non-standard key size.

PR#3206
(cherry picked from commit efb7caef637a1de8468ca109efd355a9d0e73a45)
 2014-06-27 22:58:55 +01:00
Geoff Thorpe
d0666f289a evp: prevent underflow in base64 decoding 
This patch resolves RT ticket #2608.

Thanks to Robert Dugal for originally spotting this, and to David
Ramos for noticing that the ball had been dropped.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
 2014-05-06 18:10:23 -04:00
Dr. Stephen Henson
a41d5174e2 Initialize num properly. 
PR#3289
PR#3345
(cherry picked from commit 3ba1e406c2)
 2014-05-06 14:09:14 +01:00
Eric Young
bfc3424d1f Fix base64 decoding bug. 
A short PEM encoded sequence if passed to the BIO, and the file
had 2 \n following would fail.

PR#3289
(cherry picked from commit 10378fb5f4)
 2014-04-02 19:57:27 +01:00
Dr. Stephen Henson
c776a3f398 make update 2014-01-06 13:33:27 +00:00
Dr. Stephen Henson
a6c62f0c25 Ignore NULL parameter in EVP_MD_CTX_destroy. 2013-12-20 22:52:41 +00:00
Dr. Stephen Henson
60df657b3a make update 2013-12-08 13:23:14 +00:00
Andy Polyakov
7ed244a0b3 Make Makefiles OSF-make-friendly. 
PR: 3165
(cherry picked from commit d1cf23ac86)
 2013-11-12 22:01:20 +01:00
Dr. Stephen Henson
e94a23876c Fix memory leak. 
(cherry picked from commit 16bc45ba95)
 2013-11-11 23:55:40 +00:00
Dr. Stephen Henson
834d30bc63 Initialise context before using it. 
(cherry picked from commit a4947e4e06)
 2013-11-06 13:19:23 +00:00
Ben Laurie
e26faa9e0c PBKDF2 should be efficient. Contributed by Christian Heimes 
<christian@python.org>.
 2013-11-03 17:33:54 +00:00
Andy Polyakov
eb22b7ec75 evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms. 
Submitted by: Yuriy Kaminskiy
(cherry picked from commit 524b00c0da)

Resolved conflicts:

	crypto/evp/e_des3.c
 2013-10-03 11:11:44 +02:00
Andy Polyakov
5cd1aa4f15 crypto/evp/e_aes.c: fix logical pre-processor bug and formatting. 
Bug would emerge when XTS is added to bsaes-armv7.pl. Pointed out by
Ard Biesheuvel of Linaro.
(cherry picked from commit 044f63086051d7542fa9485a1432498c39c4d8fa)
 2013-08-03 17:08:43 +02:00
Andy Polyakov
9ab3ce1246 e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms. 
PR: 3002
(cherry picked from commit 5c60046553)
 2013-03-18 19:35:48 +01:00
Andy Polyakov
13e225300f e_aes_cbc_hmac_sha1.c: fine-tune cache line alignment. 
With previous commit it also ensures that valgrind is happy.
 2013-02-08 09:45:09 +01:00
Andy Polyakov
746c6f3a53 e_aes_cbc_hmac_sha1.c: align calculated MAC at cache line. 2013-02-07 23:04:31 +01:00
Dr. Stephen Henson
0d589ac150 make update 2013-02-04 21:29:41 +00:00
Andy Polyakov
529d27ea47 e_aes_cbc_hmac_sha1.c: cleanse temporary copy of HMAC secret. 2013-02-03 20:04:39 +01:00
Andy Polyakov
125093b59f e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues. 
Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch.
 2013-02-02 19:35:09 +01:00
Ben Laurie
e130841bcc Make CBC decoding constant time. 
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
 2013-01-28 17:31:49 +00:00
Dr. Stephen Henson
96f7fafa24 Don't require tag before ciphertext in AESGCM mode 2012-10-16 22:46:40 +00:00
Andy Polyakov
bc78883017 e_aes.c: uninitialized variable in aes_ccm_init_key [from HEAD]. 
PR: 2874
Submitted by: Tomas Mraz
 2012-09-15 08:46:31 +00:00
Dr. Stephen Henson
73913443a5 add missing evp_cnf.c file 2012-07-04 13:14:11 +00:00
Dr. Stephen Henson
e133ff7190 PR: 2840 
Reported by: David McCullough <david_mccullough@mcafee.com>

Restore fips configuration module from 0.9.8.
 2012-07-03 20:16:30 +00:00
Dr. Stephen Henson
58fdd30664 revert more "version skew" changes that break FIPS builds 2012-06-10 23:01:28 +00:00
Ben Laurie
af454b5bb0 Reduce version skew. 2012-06-08 09:18:47 +00:00
Dr. Stephen Henson
88be4ebfbc make update 2012-04-26 10:42:20 +00:00
Andy Polyakov
0d829f6681 e_rc4_hmac_md5.c: reapply commit#21726, which was erroneously omitted. 
PR: 2797, 2792
 2012-04-20 21:45:17 +00:00
Dr. Stephen Henson
ecf963b80d make ciphers work again for FIPS builds 2012-04-20 00:07:48 +00:00
Andy Polyakov
7fc6d35be0 e_rc4_hmac_md5.c: last commit was inappropriate for non-x86[_64] platforms 
[from HEAD].
PR: 2792
 2012-04-19 20:43:02 +00:00
Dr. Stephen Henson
143619ccf6 only call FIPS_cipherinit in FIPS mode 2012-04-18 22:41:50 +00:00
Andy Polyakov
9f339d75b5 e_rc4_hmac_md5.c: update from HEAD, fixes crash on legacy Intel CPUs. 
PR: 2792
 2012-04-18 17:51:33 +00:00
Andy Polyakov
371056f2b9 e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag 
countermeasure [from HEAD].

PR: 2778
 2012-04-15 14:23:03 +00:00
Dr. Stephen Henson
c34137bef9 fix leak 2012-03-22 16:28:51 +00:00
Dr. Stephen Henson
8705846710 only cleanup ctx if we need to, save ctx flags when we do 2012-02-10 16:54:56 +00:00
Dr. Stephen Henson
7b23c126e6 undef some symbols that cause problems with make depend for fips builds 2012-01-18 01:40:36 +00:00
Dr. Stephen Henson
5c05f69450 make update 2011-12-27 14:38:27 +00:00
Ben Laurie
825e1a7c56 Fix warnings. 2011-12-02 14:39:41 +00:00
Dr. Stephen Henson
a310428527 Workaround so "make depend" works for fips builds. 2011-11-22 12:50:59 +00:00
Andy Polyakov
cd7b854bbb e_rc4_hmac_md5.c: make it work on darwin64, which is configured with RC4_CHAR. 2011-11-15 12:39:48 +00:00
Andy Polyakov
e6ccc6ed70 Configure, e_aes.c: allow for XTS assembler implementation [from HEAD]. 2011-11-15 12:19:56 +00:00
Andy Polyakov
e959a01fac e_aes.c: jumbo update from HEAD. 2011-11-14 21:17:08 +00:00
Andy Polyakov
d807d4c21f c_allc.c: add XTS ciphers [from HEAD]. 2011-11-14 21:13:35 +00:00
Ben Laurie
4c02cf8ecc make depend. 2011-11-13 20:23:34 +00:00
Bodo Möller
67f8de9ab8 "make update" 2011-10-19 15:24:44 +00:00