- 27 6月, 2016 2 次提交
-
-
由 Andy Polyakov 提交于
in EVP_EncryptUpdate and EVP_DecryptUpdate. It is argued that in general case it's impossible to provide guarantee that partially[!] overlapping buffers can be tolerated. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
Re-implemented as suggested by Steve Henson. Also change ECParameters_print the same way. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 26 6月, 2016 3 次提交
-
-
由 Rich Salz 提交于
OBJ_nid2obj() and friends should be treated as const. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Rich Salz 提交于
This reverts commit 82f31fe4. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Rich Salz 提交于
OBJ_nid2obj() and friends should be treated as const. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 25 6月, 2016 10 次提交
-
-
由 David Benjamin 提交于
As of 37258dad and the corresponding upstream change, BN_mod_word may fail, like BN_div_word. Handle this properly. Thanks to Brian Smith for pointing this out. See BoringSSL's 44bedc348d9491e63c7ed1438db100a4b8a830be. Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #1251
-
由 David Benjamin 提交于
This function returns a tri-state -1 on error. See BoringSSL's 53409ee3d7595ed37da472bc73b010cd2c8a5ffd. Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #1251
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #1229
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #1229
-
由 Rich Salz 提交于
Don't print the full list of ciphers as part of the -help output. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
RT#4583 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Nathaniel McCallum 提交于
Fixes openssl/openssl#1236 Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1237)
-
由 Kurt Roeckx 提交于
Found by afl Reviewed-by: NRich Salz <rsalz@openssl.org> MR: #3013
-
- 24 6月, 2016 7 次提交
-
-
由 Ben Laurie 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
aesni_cbc_hmac_sha256_ctrl() and aesni_cbc_hmac_sha1_ctrl() cleanse the HMAC key after use, but static int rc4_hmac_md5_ctrl() doesn't. Fixes an OCAP Audit issue. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Matt Caswell 提交于
This includes the newly added HMAC_CTX_get_md(). Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
As a result of opaque HMAC_CTX apps need a getter for the HMAC_CTX md. GitHub Issue #1152 Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
tag2nbyte had -1 at 18th position, but underlying ASN1_mbstring_copy supports NumericString. tag2nbyte is also used in do_print_ex which will not be broken by setting 1 at 18th position of tag2nbyte Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 huangqinjin 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 huangqinjin 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 23 6月, 2016 11 次提交
-
-
with "make install -j8" it happens very often that two or more make instances are creating the same directory in parallel. As a result one instace creates the directory and second mkdir fails because the directory exists already (but it did not while testing for it earlier). Signed-off-by: NSebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1204)
-
由 Rich Salz 提交于
Code and tests by Steve. Reviewed-by: NDr. Stephen Henson <steve@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> MR: #2986
-
由 FdaSilvaYY 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 FdaSilvaYY 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
The previous fix contained a mistake, where any absolute path in %directories would be cleared away instead of just being left alone. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 22 6月, 2016 6 次提交
-
-
由 FdaSilvaYY 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1245)
-
由 mmiyashita 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1243)
-
由 Kurt Roeckx 提交于
Found by tis-interpreter Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #1230
-
由 David Benjamin 提交于
Using RSA_PKCS1_PADDING with RSA_private_decrypt is inherently unsafe. The API requires writing output on success and touching the error queue on error. Thus, although the padding check itself is constant-time as of 294d1e36, and the logic after the decryption in the SSL code is constant-time as of adb46dbc, the API boundary in the middle still leaks whether the padding check succeeded, giving us our much-loved Bleichenbacher padding oracle. Instead, PKCS#1 padding must be handled by the caller which uses RSA_NO_PADDING, in timing-sensitive code integrated with the Bleichenbacher mitigation. Removing PKCS#1 padding in constant time is actually much simpler when the expected length is a constant (and if it's not a constant, avoiding a padding oracle seems unlikely), so just do it inline. Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #1222
-
由 Kurt Roeckx 提交于
It wrote before the start of the string found by afl Reviewed-by: NRichard Levitte <levitte@openssl.org> MR: #2994
-
由 Petr Vaněk 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1241)
-
- 21 6月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-