generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
11,875 Commits 16 Branches 258 Tags 86 MiB
9cabf6bb80
Commit Graph

6095 Commits

Author SHA1 Message Date
mancha
e14f14d36e Fix eckey_priv_encode() 
Fix eckey_priv_encode to return an error on failure of i2d_ECPrivateKey.
 2014-04-26 07:59:13 +01:00
Geoff Thorpe
79c6c4e828 make depend 2014-04-25 14:31:05 -04:00
Andy Polyakov
f8cee9d081 bn/asm/armv4-gf2m.pl, modes/asm/ghash-armv4.pl: faster multiplication 
algorithm suggested in following paper:

Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
Polynomial Multiplication on ARM Processors using the NEON Engine.

http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
 2014-04-24 10:24:53 +02:00
Andy Polyakov
558ff0f0c1 aes/asm/bsaes-x86_64.pl: Atom-specific optimization. 2014-04-24 10:13:30 +02:00
Ben Laurie
4ba5e63bfd Fix double frees. 2014-04-22 16:58:43 +01:00
Dr. Stephen Henson
300b9f0b70 Extension checking fixes. 
When looking for an extension we need to set the last found
position to -1 to properly search all extensions.

PR#3309.
 2014-04-15 18:50:53 +01:00
Dr. Stephen Henson
476830fd5b ssleay_rand_add returns a value in 1.1.0 2014-04-09 15:35:51 +01:00
Dr. Stephen Henson
f74fa33bce Return if ssleay_rand_add called with zero num. 
Treat a zero length passed to ssleay_rand_add a no op: the existing logic
zeroes the md value which is very bad. OpenSSL itself never does this
internally and the actual call doesn't make sense as it would be passing
zero bytes of entropy.

Thanks to Marcus Meissner <meissner@suse.de> for reporting this bug.
(cherry picked from commit 5be1ae28ef)
 2014-04-07 19:44:45 +01:00
Andy Polyakov
997d1aac7c crypto/modes/gcm128.c: more strict aliasing fixes. 2014-04-06 17:19:54 +02:00
Andy Polyakov
6eebcf3459 vpaes-[x86_64|ppc].pl: fix typo, which for some reason triggers rkhunter. 2014-04-06 12:50:36 +02:00
Eric Young
10378fb5f4 Fix base64 decoding bug. 
A short PEM encoded sequence if passed to the BIO, and the file
had 2 \n following would fail.

PR#3289
 2014-04-02 19:54:27 +01:00
Dr. Stephen Henson
b48310627d Don't try and verify signatures if key is NULL (CVE-2013-0166) 
Add additional check to catch this in ASN1_item_verify too.
(cherry picked from commit 66e8211c0b)
 2014-04-01 16:37:51 +01:00
Dr. Stephen Henson
2514fa79ac Add functions returning security bits. 
Add functions to return the "bits of security" for various public key
algorithms. Based on SP800-57.
 2014-03-28 14:49:04 +00:00
Dr. Stephen Henson
3a98f9cf20 Workaround for some CMS signature formats. 
Some CMS SignedData structure use a signature algorithm OID such
as SHA1WithRSA instead of the RSA algorithm OID. Workaround this
case by tolerating the signature if we recognise the OID.
 2014-03-19 17:28:01 +00:00
Dr. Stephen Henson
f9b6c0ba4c Fix for CVE-2014-0076 
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140

Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be3483)

Conflicts:

	CHANGES
 2014-03-12 14:29:43 +00:00
Andy Polyakov
5e44c144e6 SPARC T4 assembly pack: treat zero input length in CBC. 
The problem is that OpenSSH calls EVP_Cipher, which is not as
protective as EVP_CipherUpdate. Formally speaking we ought to
do more checks in *_cipher methods, including rejecting
lengths not divisible by block size (unless ciphertext stealing
is in place). But for now I implement check for zero length in
low-level based on precedent.

PR: 3087, 2775
 2014-03-07 10:30:37 +01:00
Andy Polyakov
53e5161231 dh_check.c: check BN_CTX_get's return value. 2014-03-06 14:19:37 +01:00
Andy Polyakov
972b0dc350 bss_dgram.c,d1_lib.c: make it compile with mingw. 
Submitted by: Roumen Petrov
 2014-03-06 14:04:56 +01:00
Dr. Stephen Henson
315cd871c4 For self signed root only indicate one error. 
(cherry picked from commit bdfc0e284c)
 2014-03-03 23:36:46 +00:00
Dr. Stephen Henson
5693a30813 PKCS#8 support for alternative PRFs. 
Add option to set an alternative to the default hmacWithSHA1 PRF
for PKCS#8 private key encryptions. This is used automatically
by PKCS8_encrypt if the nid specified is a PRF.

Add option to pkcs8 utility.

Update docs.
(cherry picked from commit b60272b01f)
 2014-03-01 23:16:08 +00:00
Dr. Stephen Henson
01757858fe Fix memory leak. 
(cherry picked from commit 124d218889)
 2014-03-01 23:15:53 +00:00
Andy Polyakov
b62a4a1c0e perlasm/x86asm.pl: recognize elf-1 denoting old ELF platforms. 2014-02-27 14:26:12 +01:00
Andy Polyakov
ce876d8316 perlasm/x86gas.pl: limit special OPENSSL_ia32cap_P treatment to ELF. 2014-02-27 14:22:13 +01:00
Andy Polyakov
f861b1d433 rc4/asm/rc4-586.pl: allow for 386-only build. 2014-02-27 14:19:19 +01:00
Andy Polyakov
fd361a67ef des/asm/des-586.pl: shortcut reference to DES_SPtrans. 2014-02-27 14:17:43 +01:00
Rob Stradling
52f71f8181 CABForum EV OIDs for Subject Jurisdiction of Incorporation or Registration. 2014-02-26 15:33:11 +00:00
Andy Polyakov
d49135e7ea sha/asm/sha256-586.pl: don't try to compile SIMD with no-sse2. 2014-02-26 10:22:13 +01:00
Andy Polyakov
147cca8f53 sha/asm/sha512-x86_64.pl: fix compilation error on Solaris. 2014-02-26 09:30:03 +01:00
Andy Polyakov
e704741bf3 aes/asm/vpaes-ppc.pl: fix traceback info. 2014-02-25 20:11:34 +01:00
Dr. Stephen Henson
e0520c65d5 Don't use BN_ULLONG in n2l8 use SCTS_TIMESTAMP. 
(cherry picked from commit 3678161d71)
 2014-02-25 15:06:51 +00:00
Dr. Stephen Henson
3a325c60a3 Fix for v3_scts.c 
Not all platforms define BN_ULLONG. Define SCTS_TIMESTAMP as a type
which should work on all platforms.
(cherry picked from commit 6634416732)
 2014-02-25 14:56:31 +00:00
Dr. Stephen Henson
a4cc3c8041 Avoid Windows 8 Getversion deprecated errors. 
Windows 8 SDKs complain that GetVersion() is deprecated.

We only use GetVersion like this:

	(GetVersion() < 0x80000000)

which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
 2014-02-25 13:40:33 +00:00
Rob Stradling
19f65ddbab Parse non-v1 SCTs less awkwardly. 2014-02-25 10:14:51 +00:00
Andy Polyakov
758954e0d8 x509/by_dir.c: fix run-away pointer (and potential SEGV) 
when adding duplicates in add_cert_dir.

PR: 3261
Reported by: Marian Done
 2014-02-24 15:16:56 +01:00
Andy Polyakov
214368ffee aes/asm/aesni-x86[_64].pl: minor Atom-specific performance tweak. 2014-02-21 12:14:04 +01:00
Dr. Stephen Henson
47739161c6 fix WIN32 warnings 
(cherry picked from commit b709f8ef54)
 2014-02-20 22:55:24 +00:00
Dr. Stephen Henson
ded18639d7 Move CT viewer extension code to crypto/x509v3 2014-02-20 18:48:56 +00:00
Dr. Stephen Henson
4cfeb00be9 make depend 2014-02-19 20:09:08 +00:00
Dr. Stephen Henson
84917787b5 Remove references to o_time.h 2014-02-19 20:06:13 +00:00
Ben Laurie
ff49a94439 Move gmtime functions to crypto.h. 2014-02-19 18:02:04 +00:00
Ben Laurie
c0482547b3 Reverse export of o_time.h. 2014-02-19 17:57:07 +00:00
Ben Laurie
765e9ba911 Merge branch 'sct-viewer-master' of https://github.com/robstradling/openssl into sct-viewer 2014-02-19 17:17:14 +00:00
Rob Stradling
b263f21246 Move the SCT List extension parser into libssl. 
Add the extension parser in the s_client, ocsp and x509 apps.
 2014-02-19 13:12:46 +00:00
Dr. Stephen Henson
6ecbc2bb62 Don't use CRYPTO_AES_CTR if it isn't defined. 2014-02-18 22:20:30 +00:00
Dr. Stephen Henson
5a7652c3e5 Remove duplicate statement. 2014-02-15 01:27:56 +00:00
Klaus-Peter Junghanns
be2c4d9bd9 Add support for aes-128/192/256-ctr to the cryptodev engine. 
This can be used to speed up SRTP with libsrtp, e.g. on TI omap/sitara based devices.
 2014-02-15 00:01:40 +00:00
Rob Stradling
dcfe8df148 Show the contents of the RFC6962 Signed Certificate Timestamp List Certificate/OCSP Extensions. 
Add the RFC6962 OIDs to the objects table.
 2014-02-14 23:24:35 +00:00
Scott Schaefer
2b4ffc659e Fix various spelling errors 2014-02-14 22:29:12 +00:00
Andy Polyakov
701134320a ssl/s3_pkt.c: detect RAND_bytes error in multi-block. 2014-02-14 17:43:31 +01:00
Andy Polyakov
f4d456408d x86[_64]cpuid.pl: add low-level RDSEED. 2014-02-14 17:24:12 +01:00