Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4aac102f75b517bdb56b1bcfd0a856052d559f6e)
Conflicts:
crypto/evp/evp_enc.c
(Original commit adb46dbc6dd7347750df2468c93e8c34bcb93a4b)
Use the new constant-time methods consistently in s3_srvr.c
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 455b65dfab0de51c9f67b3c909311770f2b3f801)
that bad encryptions are treated like random session keys in constant
time.
(cherry picked from commit adb46dbc6dd7347750df2468c93e8c34bcb93a4b)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1
This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Conflicts:
crypto/rsa/rsa_oaep.c
crypto/rsa/rsa_pk1.c
ssl/s3_cbc.c
i2d_re_X509_tbs re-encodes the TBS portion of the certificate.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 95b1752cc7531e4b609aea166f2db1c155ab5bdd)
This reverts commit 519ad9b3845c475d29db8b84b59bde7edecb4e70.
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
This reverts commit cacdfcb2479984d9bfcc79b623118d8af6fea169.
Conflicts:
crypto/x509/x509.h
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
that fixed PR#3450 where an existing cast masked an issue when i was changed
from int to long in that commit
Picked up on z/linux (s390) where sizeof(int)!=sizeof(long)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit b5ff559ff90124c6fd53bbb49dae5edb4e821e0a)
GetDIBits has been around since Windows2000 and
BitBitmapBits is an old Win16 compatibility function
that is much slower.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 99b00fd99330afb0be46265c3e28f25f938d3221)
Move the readdir() lines out of the if statement, so
that flist is available globally.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 6f46c3c3b007f1aed77bbb4d1657fab8521e2e08)
If we don't find a signer in the internal list, then fall
through and look at the internal list; don't just return NULL.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b2aa38a980e9fbf158aafe487fb729c492b241fb)
Say where to email bug reports.
Mention general RT tracker info in a separate paragraph.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 468ab1c20d1f3a43a63d0516fed6c9fefb3ccf71)
This is funny; Ben commented in the source, Matt opend a ticket,
and Rich is doing the submit. Need more code-review? :)
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit eb63bce040d1cc6147d256f516b59552c018e29b)
For portability don't use "if ! expr"
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b999f66e34d19ae4d81263bc96b8b8d548d2e13c)
When calling X509_set_version to set v1 certificate, that
should mean that the version number field is omitted.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 1f18f50c4b0711ebe4a20038d324c0de5dce4512)
This is a more comprehensive fix. It changes all
keygen apps to use 2K keys. It also changes the
default to use SHA256 not SHA1. This is from
Kurt's upstream Debian changes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 44e0c2bae4bfd87d770480902618dbccde84fd81)
In addition to Matthias's change, I also added -n to
not remove links. And updated the manpage.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit a787c2590e468585a1a19738e0c7f481ec91b762)
The documentation is wrong about what happens when the
session cache fills up.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit e9edfc419674f20b482a9beff9c246519f9c503e)
pod2man now complains when item tags are not sequential.
Also complains about missing =back and other tags.
Silence the warnings; most were already done.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit fe7573042fa7f406fedb78d959659b39a7a1dcfb)
Copy the ifdef/undef stanza from x509.h to x509v3.h
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 83e4e03eeb22d2fbaec516a466330f2ccab22864)
Also, I (rsalz) changed "#ifdef undef" to "#if 0"
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 6b0dc6eff1a59274730802db923d55802378d011)
The function returns 0 or 1, only.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b0e659cfaca9ff4a481cc63b7f6b6e97303ad8fe)
The function returns 0 or 1, only.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b0e659cfaca9ff4a481cc63b7f6b6e97303ad8fe)
