1. 12 12月, 2019 1 次提交
  2. 10 12月, 2019 1 次提交
  3. 07 12月, 2019 1 次提交
  4. 08 11月, 2019 1 次提交
  5. 03 9月, 2019 1 次提交
  6. 14 6月, 2019 1 次提交
  7. 30 5月, 2019 1 次提交
  8. 28 5月, 2019 1 次提交
  9. 27 5月, 2019 1 次提交
  10. 20 4月, 2019 1 次提交
    • G
      TicketNo:AR000C11BK · 17ac3fa9
      g00368537 提交于
      Description: Prevent over long nonces in ChaCha20-Poly1305
      
      ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for
      every encryption operation. RFC 7539 specifies that the nonce value (IV)
      should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and
      front pads the nonce with 0 bytes if it is less than 12 bytes. However it
      also incorrectly allows a nonce to be set of up to 16 bytes. In this case
      only the last 12 bytes are significant and any additional leading bytes are
      ignored.
      
      It is a requirement of using this cipher that nonce values are unique.
      Messages encrypted using a reused nonce value are susceptible to serious
      confidentiality and integrity attacks. If an application changes the
      default nonce length to be longer than 12 bytes and then makes a change to
      the leading bytes of the nonce expecting the new value to be a new unique
      nonce then such an application could inadvertently encrypt messages with a
      reused nonce.
      
      Additionally the ignored bytes in a long nonce are not covered by the
      integrity guarantee of this cipher. Any application that relies on the
      integrity of these ignored leading bytes of a long nonce may be further
      affected.
      
      Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe
      because no such use sets such a long nonce value. However user
      applications that use this cipher directly and set a non-default nonce
      length to be longer than 12 bytes may be vulnerable.
      
      CVE-2019-1543
      
      Team:PDU_DRV
      Feature or Bugfix:Feature
      Binary Source:No
      PrivateCode(Yes/No):No
      
      Change-Id: I5085b1e79835cfae4d7122311d857c09a14e2420
      Reviewed-on: http://mgit-tm.rnd.huawei.com/4573465Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
      Reviewed-by: Nwangyanbo 00291255 <wangyanbo3@huawei.com>
      Reviewed-by: Nxiaofuzhou 00203296 <xiaofuzhou@huawei.com>
      17ac3fa9
  11. 18 4月, 2019 1 次提交
  12. 20 11月, 2018 4 次提交
  13. 19 11月, 2018 1 次提交
  14. 16 11月, 2018 2 次提交
  15. 15 11月, 2018 1 次提交
  16. 14 11月, 2018 6 次提交
  17. 13 11月, 2018 1 次提交
    • V
      Added missing signature algorithm reflection functions · 45f24725
      Viktor Dukhovni 提交于
          SSL_get_signature_nid()      -- local signature algorithm
          SSL_get_signature_type_nid() -- local signature algorithm key type
          SSL_get_peer_tmp_key()       -- Peer key-exchange public key
          SSL_get_tmp_key              -- local key exchange public key
      
      Aliased pre-existing SSL_get_server_tmp_key(), which was formerly
      just for clients, to SSL_get_peer_tmp_key().  Changed internal
      calls to use the new name.
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      45f24725
  18. 12 11月, 2018 8 次提交
  19. 11 11月, 2018 1 次提交
  20. 10 11月, 2018 2 次提交
  21. 09 11月, 2018 3 次提交