eliminating them as dead code.
Both volatile and "memory" are used because of some concern that the compiler
may still cache values across the asm block without it, and because this was
such a painful debugging session that I wanted to ensure that it's never
repeated.
(cherry picked from commit 7753a3a68431aa81b82beea4c3f5374b41454679)
Conflicts:
crypto/bn/asm/x86_64-gcc.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
Invalid parameters passed to the SRP code can be overrun an internal
buffer. Add sanity check that g, A, B < N to SRP code.
Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
Group for reporting this issue.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
- Upon parsing, reject OIDs with invalid base-128 encoding.
- Always NUL-terminate the destination buffer in OBJ_obj2txt printing function.
CVE-2014-3508
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
We can't rename ssleay_rand_bytes to md_rand_bytes_lock as this will cause
an error code discrepancy. Instead keep ssleay_rand_bytes and add an
extra parameter: since ssleay_rand_bytes is not part of the public API
this wont cause any binary compatibility issues.
Reviewed-by: Kurt Roeckx <kurt@openssl.org >
(cherry picked from commit 8068a675a7d1a657c54546f24e673e59e6707f03)
Don't use multiple locks when SP800-90 DRBG is used outside FIPS mode.
PR#3176
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a3efe1b6e9d2aa2ce5661e4d4b97262eae743fa7)
This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.
This does have the impact of masking any *real* unitialised data reads in bn though.
Patch based on approach suggested by Rich Salz.
PR#3415
(cherry picked from commit 77747e2d9a5573b1dbc15e247ce18c03374c760c)
Internal pointers in CCM, GCM and XTS contexts should either be
NULL or set to point to the appropriate key schedule. This needs
to be adjusted when copying contexts.
(cherry picked from commit c2fd5d79ffc4fc9d120a0faad579ce96473e6a2f)
In EVP_PBE_alg_add don't use the underlying NID for the cipher
as it may have a non-standard key size.
PR#3206
(cherry picked from commit efb7caef637a1de8468ca109efd355a9d0e73a45)
Because of a missing include <fcntl.h> we don't have O_CREATE and don't create
the file with open() using mode 0600 but fall back to using fopen() with the
default umask followed by a chmod().
Problem found by Jakub Wilk <jwilk@debian.org>.
If the key type does not match any CMS recipient type return
an error instead of using a random key (MMA mitigation). This
does not leak any useful information to an attacker.
PR#3348
