#
e913d11f |
| 27-Sep-2017 |
Matt Caswell |
Ensure we test all parameters for BN_FLG_CONSTTIME RSA_setup_blinding() calls BN_BLINDING_create_param() which later calls BN_mod_exp() as follows: BN_mod_exp(ret->A, ret->A, re
Ensure we test all parameters for BN_FLG_CONSTTIME RSA_setup_blinding() calls BN_BLINDING_create_param() which later calls BN_mod_exp() as follows: BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx) ret->mod will have BN_FLG_CONSTTIME set, but ret->e does not. In BN_mod_exp() we only test the third param for the existence of this flag. We should test all the inputs. Thanks to Samuel Weiser (samuel.weiser@iaik.tugraz.at) for reporting this issue. This typically only happens once at key load, so this is unlikely to be exploitable in any real scenario. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4477)
show more ...
|
#
edea42c6 |
| 22-Jun-2017 |
Paul Yang |
Change to check last return value of BN_CTX_get To make it consistent in the code base Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@h
Change to check last return value of BN_CTX_get To make it consistent in the code base Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3749)
show more ...
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16 |
|
#
7f517c26 |
| 28-Feb-2017 |
Matt Caswell |
Remove some commented out code in libcrypto Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/
Remove some commented out code in libcrypto Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2774)
show more ...
|
Revision tags: OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15 |
|
#
78e09b53 |
| 15-Nov-2016 |
Rich Salz |
Check return value of some BN functions. Factorise multiple bn_get_top(group->field) calls Add missing checks on some conditional BN_copy return value Add missing checks on some BN_c
Check return value of some BN functions. Factorise multiple bn_get_top(group->field) calls Add missing checks on some conditional BN_copy return value Add missing checks on some BN_copy return value Add missing checks on a few bn_wexpand return value Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1626)
show more ...
|
Revision tags: OpenSSL-fips-2_0_14, OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a, OpenSSL_1_1_0 |
|
#
0818dbad |
| 14-Aug-2016 |
Jakub Zelenka |
Never return -1 from BN_exp Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1455)
|
Revision tags: OpenSSL_1_1_0-pre6 |
|
#
02e112a8 |
| 28-Jun-2016 |
FdaSilvaYY |
Whitespace cleanup in crypto Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from ht
Whitespace cleanup in crypto Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1264)
show more ...
|
Revision tags: OpenSSL-fips-2_0_13 |
|
#
bb83c879 |
| 26-May-2016 |
Andy Polyakov |
bn/bn_exp.c: explain 'volatile' in MOD_EXP_CTIME_COPY_FROM_PREBUF. Reviewed-by: Tim Hudson <tjh@openssl.org>
|
#
4f22f405 |
| 17-May-2016 |
Rich Salz |
Copyright consolidation 06/10 Reviewed-by: Richard Levitte <levitte@openssl.org>
|
Revision tags: OpenSSL_1_0_1t, OpenSSL_1_0_2h, OpenSSL_1_1_0-pre5, OpenSSL_1_1_0-pre4, OpenSSL_1_0_1s, OpenSSL_1_0_2g, OpenSSL_1_1_0-pre3, OpenSSL-fips-2_0_12, OpenSSL_1_0_1r, OpenSSL_1_0_2f |
|
#
8fc8f486 |
| 25-Jan-2016 |
Andy Polyakov |
crypto/bn/x86_64-mont5.pl: constant-time gather procedure. At the same time remove miniscule bias in final subtraction. Performance penalty varies from platform to platform, and even wit
crypto/bn/x86_64-mont5.pl: constant-time gather procedure. At the same time remove miniscule bias in final subtraction. Performance penalty varies from platform to platform, and even with key length. For rsa2048 sign it was observed to be 4% for Sandy Bridge and 7% on Broadwell. CVE-2016-0702 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
d6482a82 |
| 25-Jan-2016 |
Andy Polyakov |
bn/bn_exp.c: constant-time MOD_EXP_CTIME_COPY_FROM_PREBUF. Performance penalty varies from platform to platform, and even key length. For rsa2048 sign it was observed to reach almost 10%
bn/bn_exp.c: constant-time MOD_EXP_CTIME_COPY_FROM_PREBUF. Performance penalty varies from platform to platform, and even key length. For rsa2048 sign it was observed to reach almost 10%. CVE-2016-0702 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0-pre2 |
|
#
34980760 |
| 18-Dec-2015 |
Rich Salz |
Remove /* foo.c */ comments This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1
Remove /* foo.c */ comments This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
show more ...
|
#
79caf5d3 |
| 19-Dec-2015 |
Matt Caswell |
Fix URLs mangled by reformat Some URLs in the source code ended up getting mangled by indent. This fixes it. Based on a patch supplied by Arnaud Lacombe <al@aerilon.ca> Reviewed
Fix URLs mangled by reformat Some URLs in the source code ended up getting mangled by indent. This fixes it. Based on a patch supplied by Arnaud Lacombe <al@aerilon.ca> Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
d911097d |
| 14-Dec-2015 |
Emilia Kasper |
Fix a ** 0 mod 1 = 0 for real this time. Commit 2b0180c37fa6ffc48ee40caa831ca398b828e680 attempted to do this but only hit one of many BN_mod_exp codepaths. Fix remaining variants and ad
Fix a ** 0 mod 1 = 0 for real this time. Commit 2b0180c37fa6ffc48ee40caa831ca398b828e680 attempted to do this but only hit one of many BN_mod_exp codepaths. Fix remaining variants and add a test for each method. Thanks to Hanno Boeck for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0-pre1, OpenSSL_0_9_8zh, OpenSSL_1_0_0t, OpenSSL_1_0_1q, OpenSSL_1_0_2e |
|
#
a9009e51 |
| 31-Aug-2015 |
Emilia Kasper |
BN_mod_exp_mont_consttime: check for zero modulus. Don't dereference |d| when |top| is zero. Also test that various BIGNUM methods behave correctly on zero/even inputs. Follow-up to
BN_mod_exp_mont_consttime: check for zero modulus. Don't dereference |d| when |top| is zero. Also test that various BIGNUM methods behave correctly on zero/even inputs. Follow-up to b11980d79a52ec08844f08bea0e66c04b691840b Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_0_1p, OpenSSL_1_0_2d, OpenSSL-fips-2_0_11 |
|
#
ed45f3c2 |
| 22-Jun-2015 |
Richard Levitte |
Rearrange rsaz A small rearrangement so the inclusion of rsaz_exp.h would be unconditional, but what that header defines becomes conditional. This solves the weirdness where rsa
Rearrange rsaz A small rearrangement so the inclusion of rsaz_exp.h would be unconditional, but what that header defines becomes conditional. This solves the weirdness where rsaz_exp.h gets in and out of the dependency list for bn_exp.c, depending on the present architecture. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_0_1o, OpenSSL_1_0_2c, OpenSSL_0_9_8zg, OpenSSL_1_0_0s, OpenSSL_1_0_1n, OpenSSL_1_0_2b |
|
#
b39fc560 |
| 14-May-2015 |
Richard Levitte |
Identify and move common internal libcrypto header files There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and ada
Identify and move common internal libcrypto header files There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
Revision tags: OpenSSL-fips-2_0_10 |
|
#
b548a1f1 |
| 01-May-2015 |
Rich Salz |
free null cleanup finale Don't check for NULL before calling OPENSSL_free Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
23a1d5e9 |
| 01-May-2015 |
Rich Salz |
free NULL cleanup 7 This gets BN_.*free: BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free
free NULL cleanup 7 This gets BN_.*free: BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free Also fix a call to DSA_SIG_free to ccgost engine and remove some #ifdef'd dead code in engines/e_ubsec. Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
b196e7d9 |
| 28-Apr-2015 |
Rich Salz |
remove malloc casts Following ANSI C rules, remove the casts from calls to OPENSSL_malloc and OPENSSL_realloc. Reviewed-by: Richard Levitte <levitte@openssl.org>
|
Revision tags: OpenSSL_0_9_8zf, OpenSSL_1_0_0r, OpenSSL_1_0_1m, OpenSSL_1_0_2a |
|
#
8c5a7b33 |
| 11-Mar-2015 |
Matt Caswell |
Fix error handling in bn_exp In the event of an error |rr| could be NULL. Therefore don't assume you can use |rr| in the error handling code. Reviewed-by: Andy Polyakov <appro@o
Fix error handling in bn_exp In the event of an error |rr| could be NULL. Therefore don't assume you can use |rr| in the error handling code. Reviewed-by: Andy Polyakov <appro@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_0_2, master-post-auto-reformat, OpenSSL_1_0_2-post-auto-reformat, OpenSSL_0_9_8-post-auto-reformat, OpenSSL_0_9_8-pre-auto-reformat, OpenSSL_1_0_0-post-auto-reformat, OpenSSL_1_0_0-pre-auto-reformat, OpenSSL_1_0_1-post-auto-reformat, OpenSSL_1_0_1-pre-auto-reformat, master-post-reformat, OpenSSL_0_9_8-pre-reformat, OpenSSL_0_9_8ze, OpenSSL_1_0_0-pre-reformat, OpenSSL_1_0_0q, OpenSSL_1_0_1-pre-reformat, OpenSSL_1_0_1l, master-pre-reformat, OpenSSL_1_0_2-pre-reformat, OpenSSL_0_9_8zd, OpenSSL_1_0_0p, OpenSSL_1_0_1k, OpenSSL_0_9_8-post-reformat |
|
#
50e735f9 |
| 05-Jan-2015 |
Matt Caswell |
Re-align some comments after running the reformat script. This should be a one off operation (subsequent invokation of the script should not move them) Reviewed-by: Tim Hudson <tjh@o
Re-align some comments after running the reformat script. This should be a one off operation (subsequent invokation of the script should not move them) Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
#
0f113f3e |
| 22-Jan-2015 |
Matt Caswell |
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
|
#
0546db3e |
| 21-Jan-2015 |
Andy Polyakov |
bn/bn_exp.c: make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org>
|
#
1d97c843 |
| 28-Dec-2014 |
Tim Hudson |
mark all block comments that need format preserving so that indent will not alter them when reformatting comments Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell
mark all block comments that need format preserving so that indent will not alter them when reformatting comments Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
Revision tags: OpenSSL-fips-2_0_9 |
|
#
73e45b2d |
| 20-Oct-2014 |
Dr. Stephen Henson |
remove OPENSSL_FIPSAPI Reviewed-by: Tim Hudson <tjh@openssl.org>
|