提交 · 8db7946ee879ce483f4c81141926e1357aa6b941 · OpenHarmony / Third Party Openssl

21 2月, 2018 11 次提交

Replaced variable-time GCD with consttime inversion to avoid side-channel... · 8db7946e

由 Samuel Weiser 提交于 2月 21, 2018

Replaced variable-time GCD with consttime inversion to avoid side-channel attacks on RSA key generation
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NKurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/5161)

8db7946e

Sanity check the ticket length before using key name/IV · ee763495

由 Matt Caswell 提交于 2月 20, 2018

This could in theory result in an overread - but due to the over allocation
of the underlying buffer does not represent a security issue.

Thanks to Fedor Indutny for reporting this issue.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5414)

ee763495

Fix no-ec build · c7a47adc

由 Matt Caswell 提交于 2月 20, 2018

[extended tests]
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5418)

c7a47adc

Fix some undefined behaviour in the Curve448 code · 7876dbff

由 Matt Caswell 提交于 2月 20, 2018

We can't add NULL data into a hash
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5418)

7876dbff

Remove a spurious TLSProxy byte in TLSv1.3 · 6c61b274

由 Matt Caswell 提交于 2月 14, 2018

When the proxy re-encrypted a TLSv1.3 record it was adding a spurious
byte onto the end. This commit removes that.

The "extra" byte was intended to be the inner content type of the record.
However, TLSProxy was actually adding the original encrypted data into the
record (which already has the inner content type in it) and then adding
the spurious additional content type byte on the end (and adjusting the
record length accordingly).

It is interesting to look at why this didn't cause a failure:

The receiving peer first attempts to decrypt the data. Because this is
TLSProxy we always use a GCM based ciphersuite with a 16 byte tag. When
we decrypt this it actually gets diverted to the ossltest engine. All this
does is go through the motions of encrypting/decrypting but just passes
back the original data. Crucially it will never fail because of a bad tag!
The receiving party thinks the spurious additional byte is part of the
tag and the ossltest engine ignores it.

This means the data that gets passed back to the record layer still has
an additional spurious byte on it - but because the 16 byte tag has been
removed, this is actually the first byte of the original tag. Again
because we are using ossltest engine we aren't actually creating "real"
tags - we only ever emit 16, 0 bytes for the tag. So the spurious
additional byte always has the value 0. The TLSv1.3 spec says that records
can have additional 0 bytes on the end of them - this is "padding". So the
record layer interprets this 0 byte as padding and strips it off to end up
with the originally transmitted record data - which it can now process
successfully.
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5370)

6c61b274

VMS: Fix curve448 internal test program · b8a3f39b

由 Richard Levitte 提交于 2月 21, 2018

The internals test programs access header files that aren't guarded by
the public __DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H
files, and therefore have no idea what the naming convention is.
Therefore, we need to specify that explicitely in the internals test
programs, since they aren't built with the same naming convention as
the library they belong with.
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5425)

b8a3f39b

test/recipes/80-test_pkcs12.t: handle lack of Win32::API. · d4c499f5

由 Andy Polyakov 提交于 2月 20, 2018

So far check for availability of Win32::API served as implicit check
for $^O being MSWin32. Reportedly it's not safe assumption, and check
for MSWin32 has to be explicit.
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5416)

d4c499f5

Configure: engage x25519 assembly support. · 0e5c8d56

由 Andy Polyakov 提交于 2月 19, 2018

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/5408)

0e5c8d56

ec/curve25519.c: facilitate assembly implementations. · c521e439

由 Andy Polyakov 提交于 2月 19, 2018

Currently it's limited to 64-bit platforms only as minimum radix
expected in assembly is 2^51.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/5408)

c521e439

Add x25519-x86_64.pl module, mod 2^255-19 primitives. · 42efffcb

由 Andy Polyakov 提交于 2月 19, 2018

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/5408)

42efffcb

crypto/ec/curve25519.c: remove redundant fe[51]_cswap. · 127d6cf7

由 Andy Polyakov 提交于 2月 19, 2018

3 least significant bits of the input scalar are explicitly cleared,
hence swap variable has fixed value [of zero] upon exit from the loop.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/5408)

127d6cf7

20 2月, 2018 29 次提交

Add tests for newly added constant time functions · 59bf467c

由 Matt Caswell 提交于 2月 19, 2018

Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)

59bf467c

Some more cleanups of curve448 code · dd8796c5

由 Matt Caswell 提交于 2月 16, 2018

Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)

dd8796c5

fixup! More style fixes for the curve448 code · a4e6dd81

由 Matt Caswell 提交于 2月 16, 2018

Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)

a4e6dd81

fixup! Improve readability of f_impl.c and f_impl.h · 18985129

由 Matt Caswell 提交于 2月 16, 2018

Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)

18985129

Improve readability of f_impl.c and f_impl.h · 8e32ec7a

由 Matt Caswell 提交于 2月 14, 2018

Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)

8e32ec7a

Remove unrolled loops · cb5ed326

由 Matt Caswell 提交于 1月 31, 2018

Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)

cb5ed326

Yet more style updates to the curve448 code · 909c68ae

由 Matt Caswell 提交于 2月 07, 2018

Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)

909c68ae

Further style changes to curve448 code · c1f15b76

由 Matt Caswell 提交于 2月 12, 2018

Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)

c1f15b76

Simplify some code · 9c9d6ff4

由 Matt Caswell 提交于 2月 07, 2018

The original curve448 code was templated to allow for a 25519
implementation. We've just imported the 448 stuff - but a remnant of
the original templated approach remained. This just simplifies that.
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)

9c9d6ff4

Remove some unneccessary use of constant time code in curve448 · a7232276

由 Matt Caswell 提交于 2月 07, 2018

Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)

a7232276

Fix a travis failure in the curve448 code · 434149c7

由 Matt Caswell 提交于 2月 07, 2018

Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)

434149c7

Remove the curve448 vector code · 2abe3cad

由 Matt Caswell 提交于 2月 12, 2018

We removed various platform specific optimisation files in an earlier
commit. The vector code was related to that and therefore is no longer
required. It may be resurrected at a later point if we reintroduce the
opimtisations.
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)

2abe3cad

More style fixes for the curve448 code · 53ef3252

由 Matt Caswell 提交于 2月 07, 2018

Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)

53ef3252

M
Remove a strict aliasing issue with pre-computed curve448 constants · 9fd3c858
由 Matt Caswell 提交于 2月 06, 2018
```
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)
```
9fd3c858

More style fixes to Curve448 code based on review feedback · 68b20c00

由 Matt Caswell 提交于 2月 12, 2018

Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)

68b20c00

Some style fixes · 04ebd4e1

由 Matt Caswell 提交于 2月 12, 2018

Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)

04ebd4e1

Formatting tweak based on review feedback · e4118223