generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/crypto
History
Emilia Kasper 0f04b004ac RT3066: rewrite RSA padding checks to be slightly more constant time. 
Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1

This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Conflicts:
	crypto/rsa/rsa_oaep.c
2014-09-24 14:17:41 +02:00
..
aes
vpaes-x86_64.pl: fix typo, which for some reason triggers rkhunter.
2014-04-06 12:55:22 +02:00
asn1
RT2400: ASN1_STRING_to_UTF8 missing initializer
2014-08-27 22:59:52 -04:00
bf
make update
2014-01-06 13:33:27 +00:00
bio
Fix memory leak in BIO_free if there is no destroy function.
2014-07-09 23:34:35 +01:00
bn
Ensure that x**0 mod 1 = 0.
2014-09-04 16:06:51 +02:00
buffer
make update
2014-01-06 13:33:27 +00:00
camellia
make update
2014-01-06 13:33:27 +00:00
cast
make update
2014-01-06 13:33:27 +00:00
cmac
make update
2014-01-06 13:33:27 +00:00
cms
Don't clean up uninitialised EVP_CIPHER_CTX on error (CID 483259).
2014-07-10 17:52:37 +01:00
comp
make update
2014-01-06 13:33:27 +00:00
conf
Prevent infinite loop loading config files.
2014-07-07 13:50:00 +01:00
des
make update
2014-01-06 13:33:27 +00:00
dh
make update
2014-01-06 13:33:27 +00:00
dsa
RT3061: Don't SEGFAULT when trying to export a public DSA key as a private key.
2014-08-22 15:25:18 +02:00
dso
Fix a wrong parameter count ERR_add_error_data
2014-05-19 22:17:00 +01:00
ec
Explicitly check for empty ASN.1 strings in d2i_ECPrivateKey
2014-08-27 19:50:36 +02:00
ecdh
make update
2014-01-06 13:33:27 +00:00
ecdsa
make update
2014-01-06 13:33:27 +00:00
engine
Add loaded dynamic ENGINEs to list.
2014-01-28 13:57:34 +00:00
err
make update
2014-01-06 13:33:27 +00:00
evp
Fix build when BSAES_ASM is defined but VPAES_ASM is not
2014-08-21 15:48:23 +02:00
hmac
make update
2014-01-06 13:33:27 +00:00
idea
Fix typo in ideatest.c
2014-06-28 00:06:40 +01:00
jpake
apply J-PKAKE fix to HEAD (original by Ben)
2010-11-29 18:33:28 +00:00
krb5
make update
2014-01-06 13:33:27 +00:00
lhash
make update
2014-01-06 13:33:27 +00:00
md2
Prohibit use of low level digest APIs in FIPS mode.
2011-06-01 13:39:45 +00:00
md4
make update
2014-01-06 13:33:27 +00:00
md5
md5-x86_64.pl: work around warning.
2014-08-30 19:19:01 +02:00
mdc2
make update
2014-01-06 13:33:27 +00:00
modes
RT2308: Add extern "C" { ... } wrapper
2014-08-27 21:47:12 -04:00
objects
make update
2014-08-06 22:18:45 +01:00
ocsp
RT2560: missing NULL check in ocsp_req_find_signer
2014-09-10 12:20:25 -04:00
pem
Sanity check keylength in PVK files.
2014-07-06 00:36:11 +01:00
perlasm
Reduce version skew.
2012-06-08 09:18:47 +00:00
pkcs7
Remove ancient obsolete files under pkcs7.
2014-06-27 13:54:45 +01:00
pkcs12
Fix memory leak.
2014-05-29 14:12:14 +01:00
pqueue
RT2308: Add extern "C" { ... } wrapper
2014-08-27 21:47:12 -04:00
rand
Fix error discrepancy.
2014-08-01 18:42:40 +01:00
rc2
make update
2014-01-06 13:33:27 +00:00
rc4
make update
2014-01-06 13:33:27 +00:00
rc5
Make inline assembler clang-friendly [from HEAD].
2010-08-02 21:54:48 +00:00
ripemd
make update
2014-01-06 13:33:27 +00:00
rsa
RT3066: rewrite RSA padding checks to be slightly more constant time.
2014-09-24 14:17:41 +02:00
seed
make update
2014-01-06 13:33:27 +00:00
sha
make update
2014-01-06 13:33:27 +00:00
srp
Fix SRP buffer overrun vulnerability.
2014-08-06 20:27:51 +01:00
stack
RT2308: Add extern "C" { ... } wrapper
2014-08-27 21:47:12 -04:00
store
Make it possible to disable STORE.
2009-02-19 09:42:51 +00:00
threads
Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda).
2009-05-15 16:37:08 +00:00
ts
Fix double frees.
2014-04-22 17:02:37 +01:00
txt_db
make update
2014-01-06 13:33:27 +00:00
ui
* crypto/ui/ui_lib.c: misplaced brace in switch statement.
2014-07-13 19:15:30 +02:00
whrlpool
make update
2014-01-06 13:33:27 +00:00
x509
x509/by_dir.c: fix run-away pointer (and potential SEGV)
2014-02-24 15:23:46 +01:00
x509v3
Extension checking fixes.
2014-04-15 18:53:04 +01:00
.cvsignore
Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev
2008-04-17 10:19:16 +00:00
alphacpuid.pl
Alpha assembler fixed from HEAD.
2011-08-12 12:31:08 +00:00
arm_arch.h
ARM assembler pack update from HEAD.
2011-11-14 20:58:01 +00:00
armcap.c
crypto/armcap.c: fix typo in rdtsc subroutine.
2013-09-15 22:11:34 +02:00
armv4cpuid.S
ARM assembler pack update from HEAD.
2011-11-14 20:58:01 +00:00
constant_time_locl.h
RT3066: rewrite RSA padding checks to be slightly more constant time.
2014-09-24 14:17:41 +02:00
constant_time_test.c
RT3066: rewrite RSA padding checks to be slightly more constant time.
2014-09-24 14:17:41 +02:00
cpt_err.c
Implement FIPS_mode and FIPS_mode_set
2011-05-19 18:19:07 +00:00
cryptlib.c
Avoid Windows 8 Getversion deprecated errors.
2014-02-25 13:42:25 +00:00
cryptlib.h
Reduce version skew.
2012-06-08 09:18:47 +00:00
crypto-lib.com
Add evp_cnf in the build.
2012-07-05 12:58:27 +00:00
crypto.h
Add and use a constant-time memcmp.
2013-01-28 17:30:38 +00:00
cversion.c
(oops) Apologies all, that last header-cleanup commit was from the wrong
2004-04-19 18:09:28 +00:00
ebcdic.c
Oops, this file already had the "empty source file" workaround but it
2003-10-29 22:25:04 +00:00
ebcdic.h
RT2308: Add extern "C" { ... } wrapper
2014-08-27 21:47:12 -04:00
ex_data.c
Avoid warnings with -pedantic, specifically:
2008-07-04 23:12:52 +00:00
fips_err.h
Update error codes for FIPS.
2011-10-21 13:04:27 +00:00
fips_ers.c
Add FIPS error codes.
2011-06-21 16:58:10 +00:00
ia64cpuid.S
IA64 assembler pack update from HEAD.
2011-11-14 20:45:57 +00:00
install-crypto.com
Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>
2011-03-19 09:47:47 +00:00
LPdir_nyi.c
Copy a few files from LPlib (a new project of mine), add a wrapper.
2004-07-10 13:16:02 +00:00
LPdir_unix.c
Import changed files from LPlib. The changes are logged as follows
2004-09-23 22:11:39 +00:00
LPdir_vms.c
Followup on RT3334 fix: make sure that a directory that's the empty
2014-09-03 22:26:05 +02:00
LPdir_win32.c
Import changed files from LPlib. The changes are logged as follows
2004-09-23 22:11:39 +00:00
LPdir_win.c
Followup on RT3334 fix: make sure that a directory that's the empty
2014-09-03 22:26:05 +02:00
LPdir_wince.c
Import changed files from LPlib. The changes are logged as follows
2004-09-23 22:11:39 +00:00
Makefile
Constant-time utilities
2014-08-28 17:07:07 +02:00
md32_common.h
Make inline assembler clang-friendly [from HEAD].
2010-08-02 21:54:48 +00:00
mem_clr.c
Fix warning.
2007-06-23 18:47:51 +00:00
mem_dbg.c
PR: 1894
2009-04-16 17:22:51 +00:00
mem.c
Reduce version skew.
2012-06-08 09:18:47 +00:00
o_dir_test.c
Copy a few files from LPlib (a new project of mine), add a wrapper.
2004-07-10 13:16:02 +00:00
o_dir.c
DJGPP has opendir() and friends, according to Gisle Vanem <giva@bgnett.no>.
2004-08-03 19:15:21 +00:00
o_dir.h
Copy a few files from LPlib (a new project of mine), add a wrapper.
2004-07-10 13:16:02 +00:00
o_fips.c
call OPENSSL_init when calling FIPS_mode too
2012-04-20 14:42:54 +00:00
o_init.c
The first of many changes to make OpenSSL 1.0.1 FIPS capable.
2011-05-26 14:19:19 +00:00
o_str.c
Update from HEAD.
2009-06-01 12:14:15 +00:00
o_str.h
"Overload" SunOS 4.x memcmp, which ruins ASN1_OBJECT table lookups.
2005-09-20 20:19:07 +00:00
o_time.c
Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>
2011-03-19 09:47:47 +00:00
o_time.h
Experimental new date handling routines. These fix issues with X509_time_adj()
2008-10-07 22:55:27 +00:00
opensslconf.h.in
Eliminate warning induced by http://cvs.openssl.org/chngview?cn=14690 and
2005-12-16 10:37:24 +00:00
opensslv.h
RT2308: Add extern "C" { ... } wrapper
2014-08-27 21:47:12 -04:00
ossl_typ.h
RT2308: Add extern "C" { ... } wrapper
2014-08-27 21:47:12 -04:00
pariscid.pl
PA-RISC assembler pack: switch to bve in 64-bit builds.
2013-06-30 23:15:53 +02:00
ppccap.c
ppccap.c: assume no features under 32-bit AIX kernel [from HEAD].
2012-05-16 18:18:29 +00:00
ppccpuid.pl
ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance
2012-04-27 20:20:15 +00:00
s390xcap.c
s390x assembler pack update from HEAD.
2011-11-14 20:47:22 +00:00
s390xcpuid.S
s390x assembler pack update from HEAD.
2011-11-14 20:47:22 +00:00
sparccpuid.S
sparccpuid.S: work around emulator bug on T1.
2013-02-11 10:41:57 +01:00
sparcv9cap.c
sparcv9cap.c: omit unused variable.
2012-01-12 14:19:52 +00:00
symhacks.h
VMS fixes
2014-01-11 22:42:37 +00:00
uid.c
Netware-specific changes,
2003-11-28 13:10:58 +00:00
vms_rms.h
Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>
2011-03-19 09:47:47 +00:00
x86_64cpuid.pl
x86_64 assembly pack: make Windows build more robust [from master].
2013-01-22 22:54:04 +01:00
x86cpuid.pl
x86cpuid.pl: make it work with older CPUs.
2013-03-18 19:50:23 +01:00