- 29 5月, 2018 2 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6290)
-
由 Dr. Matthias St. Pierre 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6290)
-
- 25 5月, 2018 2 次提交
-
-
由 Matt Caswell 提交于
This reverts commit a6f5b116. The EVP_PKEY_sign() function is intended for pre-hashed input which is not supported by our EdDSA implementation. See the discussion in PR 5880 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6284)
-
由 Matt Caswell 提交于
We check that the curve name associated with the point is the same as that for the curve. Fixes #6302 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6323)
-
- 24 5月, 2018 3 次提交
-
-
由 David Benjamin 提交于
TlsGetValue clears the last error even on success, so that callers may distinguish it successfully returning NULL or failing. This error-mangling behavior interferes with the caller's use of GetLastError. In particular SSL_get_error queries the error queue to determine whether the caller should look at the OS's errors. To avoid destroying state, save and restore the Windows error. Fixes #6299. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6316)
-
由 David Benjamin 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6314)
-
由 David Benjamin 提交于
Per SEC 1, the curve coefficients must be padded up to size. See C.2's definition of Curve, C.1's definition of FieldElement, and 2.3.5's definition of how to encode the field elements in http://www.secg.org/sec1-v2.pdf. This comes up for P-521, where b needs a leading zero. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6314)
-
- 23 5月, 2018 3 次提交
-
-
由 Viktor Dukhovni 提交于
Only check the CN against DNS name contraints if the `X509_CHECK_FLAG_NEVER_CHECK_SUBJECT` flag is not set, and either the certificate has no DNS subject alternative names or the `X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT` flag is set. Add pertinent documentation, and touch up some stale text about name checks and DANE. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Viktor Dukhovni 提交于
Don't apply DNS name constraints to the subject CN when there's a least one DNS-ID subjectAlternativeName. Don't apply DNS name constraints to subject CN's that are sufficiently unlike DNS names. Checked name must have at least two labels, with all labels non-empty, no trailing '.' and all hyphens must be internal in each label. In addition to the usual LDH characters, we also allow "_", since some sites use these for hostnames despite all the standards. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
Fixes #6327 Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6328)
-
- 21 5月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
If the lengths of both names is 0 then don't attempt to do a memcmp. Issue reported by Simon Friedberger, Robert Merget and Juraj Somorovsky. Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6291)
-
- 20 5月, 2018 1 次提交
-
-
由 Richard Levitte 提交于
A previous change of this function introduced a fragility when the destination happens to be the same as the source. Such alias isn't recommended, but could still happen, for example in this kind of code: X509_NAME *subject = X509_get_issuer_name(x); /* ... some code passes ... */ X509_set_issuer_name(x, subject); Fixes #4710 Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6280)
-
- 18 5月, 2018 2 次提交
-
-
由 Matt Caswell 提交于
Using the ca application to sign certificates with EdDSA failed because it is not possible to set the digest to "null". This adds the capability and updates the documentation accordingly. Fixes #6201 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6286)
-
由 Dr. Matthias St. Pierre 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6273)
-
- 17 5月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Experiments have shown that the lookup table used by BN_GF2m_mod_arr introduces sufficient timing signal to recover the private key for an attacker with access to cache timing information on the victim's host. This only affects binary curves (which are less frequently used). No CVE is considered necessary for this issue. The fix is to replace the lookup table with an on-the-fly calculation of the value from the table instead, which can be performed in constant time. Thanks to Youngjoo Shin for reporting this issue. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6270)
-
- 14 5月, 2018 1 次提交
-
-
由 Richard Levitte 提交于
The Console UI method always set echo on after prompting without echo. However, echo might not have been on originally, so just restore the original TTY settings. Fixes #2373 Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6156)
-
- 12 5月, 2018 1 次提交
-
-
由 Richard Levitte 提交于
Fixes #4716 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6173)
-
- 11 5月, 2018 2 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #6208
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #6208
-
- 10 5月, 2018 1 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 09 5月, 2018 4 次提交
-
-
由 Billy Brumley 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6070)
-
由 Billy Brumley 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6070)
-
由 Billy Brumley 提交于
* EC_POINT_mul is now responsible for constant time point multiplication (for single fixed or variable point multiplication, when the scalar is in the range [0,group_order), so we need to strip the nonce padding from ECDSA. * Entry added to CHANGES * Updated EC_POINT_mul documentation - Integrate existing EC_POINT_mul and EC_POINTs_mul entries in the manpage to reflect the shift in constant-time expectations when performing a single fixed or variable point multiplication; - Add documentation to ec_method_st to reflect the updated "contract" between callers and implementations of ec_method_st.mul. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6070)
-
由 Richard Levitte 提交于
items->ile3$w_code was checked before it was assigned its value... Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6200)
-
- 08 5月, 2018 3 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6191)
-
由 Andy Polyakov 提交于
Triggered by Coverity analysis. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6190)
-
由 Matt Caswell 提交于
The function CMS_RecipientInfo_set0_pkey() is a "set0" and therefore memory management passes to OpenSSL. If the same function is called again then we should ensure that any previous value that was set is freed first before we set it again. Fixes #5052 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6142)
-
- 05 5月, 2018 1 次提交
-
-
由 Richard Levitte 提交于
When the input length is zero, just return zero early. Otherwise, there's a small chance that memory allocation is engaged, fails and returns -1, which is a bit confusing when nothing should be written. Fixes #4782 #4827 Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/6175)
-
- 04 5月, 2018 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Fixes #6121 Thanks to Mingtao Yang for reporting this bug. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6162)
-
- 03 5月, 2018 7 次提交
-
-
由 Richard Levitte 提交于
Add more items that could serve as entropy source. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6151)
-
由 Richard Levitte 提交于
Stop redefining structures that are already defined in system headers. This also means we can stop setting the pointer size globally, because the system structures will have the correct pointer sizes either way. The only exception is passing the right pointer size to a function. Stop trying to twist things around with rand(), that's the job of the DRBG that we feed. Stop assuming the location of the JPI$_FINALEXC item, look it up instead. Signal an exception if the sys$getjpiw call fails (it means the item list isn't set up right, so works as an assertion, but using VMS methodology). Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6151)
-
由 Matt Caswell 提交于
Calculating BN_mod_inverse where n is 1 (or -1) doesn't make sense. We should return an error in that case. Instead we were returning a valid result with value 0. Fixes #6004 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6119)
-
由 Matt Caswell 提交于
Commit 5b748dea added this function which should have taken a const argument. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6154)
-
由 FdaSilvaYY 提交于
No need to buildtest on opensslconf.h Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6149)
-
由 Andy Polyakov 提交于
Montgomery multiplication post-conditions in some of code paths were formally non-constant time. Cache access pattern was result-neutral, but a little bit asymmetric, which might have produced a signal [if processor reordered load and stores at run-time]. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6141)
-
由 Dr. Matthias St. Pierre 提交于
which is used for ASN1_STRING_print_ex*() and X509_NAME_print_ex*(). Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6105)
-
- 02 5月, 2018 2 次提交
-
-
由 Richard Levitte 提交于
rand_pool_bytes_needed() was constructed in such a way that the smallest acceptable entropy factor was 1 entropy bits per 8 bits of data. At the same time, we have a DRBG_MINMAX_FACTOR that allows weaker source, as small as 1 bit of entropy per 128 bits of data. The conclusion is that rand_pool_bytes_needed() needs to change to support weaker entropy sources. We therefore change the input of entropy per byte to be an entropy factor instead. This entropy factor expresses how many bits of data it takes (on average) to get 1 bit of entropy. Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6150)
-
由 Pavel Kopyl 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4700)
-
- 01 5月, 2018 2 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6124)
-
由 Matt Caswell 提交于
Fixes #5061 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6139)
-