| #
f9b6c0ba |
| 12-Mar-2014 |
Dr. Stephen Henson |
Fix for CVE-2014-0076
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. De
Fix for CVE-2014-0076
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140
Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be3483259de374f91e57d247d0fc667aef29)
Conflicts:
CHANGES
show more ...
|
|
Revision tags: OpenSSL_1_0_0l, OpenSSL_1_0_1f, OpenSSL-fips-2_0_6, OpenSSL-fips-2_0_5, OpenSSL-fips-2_0_4, OpenSSL-fips-2_0_3, OpenSSL_1_0_1e, OpenSSL_0_9_8y, OpenSSL_1_0_0k, OpenSSL_1_0_1d, OpenSSL-fips-2_0-pl1, OpenSSL-fips-2_0_2, OpenSSL-fips-2_0_1, OpenSSL_1_0_1c, OpenSSL_1_0_0j, OpenSSL_0_9_8x, OpenSSL_1_0_1b, OpenSSL_0_9_8w, OpenSSL_1_0_1a, OpenSSL_0_9_8v, OpenSSL_1_0_0i, OpenSSL_1_0_1, OpenSSL_1_0_0h, OpenSSL_0_9_8u, OpenSSL_1_0_1-beta3, OpenSSL_1_0_1-beta2, OpenSSL-fips-2_0, OpenSSL_1_0_0g, OpenSSL_0_9_8t, OpenSSL_0_9_8s, OpenSSL_1_0_0f, OpenSSL-fips-2_0-rc8, OpenSSL_1_0_1-beta1, OpenSSL-fips-2_0-rc7, OpenSSL-fips-2_0-rc6, OpenSSL-fips-2_0-rc5, OpenSSL-fips-2_0-rc4, OpenSSL-fips-2_0-rc3, OpenSSL-fips-2_0-rc2, OpenSSL-fips-2_0-rc1, OpenSSL-fips-1_2_3, OpenSSL-fips-1_2_2, OpenSSL-fips-1_2_1 |
|
| #
03e389cf |
| 14-Sep-2011 |
Andy Polyakov |
Allow for dynamic base in Win64 FIPS module.
|
|
Revision tags: OpenSSL_1_0_0e, OpenSSL_1_0_0d, OpenSSL_0_9_8r |
|
| #
7edfe674 |
| 27-Jan-2011 |
Dr. Stephen Henson |
Move all FIPSAPI renames into fips.h header file, include early in
crypto.h if needed.
Modify source tree to handle change.
|
| #
7cc684f4 |
| 27-Jan-2011 |
Dr. Stephen Henson |
Redirect FIPS memory allocation to FIPS_malloc() routine, remove
OpenSSL malloc dependencies.
|
| #
13a55192 |
| 25-Jan-2011 |
Dr. Stephen Henson |
Move BN_options function to bn_print.c to remove dependency for BIO printf
routines from bn_lib.c
|
|
Revision tags: OpenSSL_0_9_8q, OpenSSL_1_0_0c, OpenSSL_0_9_8p, OpenSSL_1_0_0b, OpenSSL_0_9_8o, OpenSSL_1_0_0a, OpenSSL_1_0_0, OpenSSL_0_9_8n, OpenSSL_0_9_8m, OpenSSL_0_9_8m-beta1, OpenSSL_1_0_0-beta5, OpenSSL_1_0_0-beta4, OpenSSL_0_9_8l, OpenSSL_1_0_0-beta3, OpenSSL_1_0_0-beta2, OpenSSL_1_0_0-beta1, OpenSSL_0_9_8k, OpenSSL_0_9_8j |
|
| #
a68c7b91 |
| 29-Dec-2008 |
Andy Polyakov |
bn_lib.c: [re-]fix Win64 compiler warning.
|
| #
5cabcf96 |
| 29-Dec-2008 |
Andy Polyakov |
Fix "possible loss of data" Win64 compiler warnings.
|
| #
6343829a |
| 12-Nov-2008 |
Geoff Thorpe |
Revert the size_t modifications from HEAD that had led to more
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different bran
Revert the size_t modifications from HEAD that had led to more
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
show more ...
|
| #
4d6e1e4f |
| 01-Nov-2008 |
Ben Laurie |
size_tification.
|
| #
f1455b30 |
| 28-Oct-2008 |
Andy Polyakov |
Minor clean-up in bn_lib.c: constification and optimization.
|
|
Revision tags: OpenSSL_0_9_8i, OpenSSL_0_9_8h, OpenSSL_0_9_8g, OpenSSL_0_9_8f, FIPS_098_TEST_8, FIPS_098_TEST_7, FIPS_098_TEST_6, FIPS_098_TEST_5, FIPS_098_TEST_4, FIPS_098_TEST_3, FIPS_098_TEST_2, FIPS_098_TEST_1 |
|
| #
bd31fb21 |
| 28-Mar-2007 |
Bodo Möller |
Change to mitigate branch prediction attacks
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
|
|
Revision tags: OpenSSL_0_9_7m, OpenSSL_0_9_8e |
|
| #
560b79cb |
| 21-Jan-2007 |
Dr. Stephen Henson |
Constify version strings and some structures.
|
|
Revision tags: OpenSSL_0_9_7l, OpenSSL_0_9_8d, OpenSSL_0_9_8c, OpenSSL_0_9_7k, OpenSSL_0_9_7j, OpenSSL_0_9_8b, OpenSSL_FIPS_1_0 |
|
| #
4a47f556 |
| 16-Dec-2005 |
Andy Polyakov |
Eliminate warning induced by http://cvs.openssl.org/chngview?cn=14690 and
keep disclaiming narrower than 32-bit support.
|
|
Revision tags: OpenSSL_0_9_7i, OpenSSL_0_9_8a, OpenSSL_0_9_7h, OpenSSL_0_9_8, FIPS_TEST_10, OpenSSL_0_9_8-beta6, OpenSSL_0_9_8-beta5, FIPS_TEST_9, OpenSSL_0_9_8-beta4, OpenSSL_0_9_8-beta3, BEN_FIPS_TEST_8, OpenSSL_0_9_8-beta2, OpenSSL_0_9_8-beta1 |
|
| #
f15c448a |
| 03-May-2005 |
Nils Larsch |
remove BN_ncopy, it was only used in bn_nist.c and wasn't particular
useful anyway
|
| #
ff22e913 |
| 22-Apr-2005 |
Nils Larsch |
- use BN_set_negative and BN_is_negative instead of BN_set_sign
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
|
|
Revision tags: OpenSSL_0_9_7g, OpenSSL_0_9_7f, BEN_FIPS_TEST_7, BEN_FIPS_TEST_6, OpenSSL_0_9_7e |
|
| #
d459e390 |
| 20-Jun-2004 |
Geoff Thorpe |
Tidy up, including;
- Remove unused and unuseful debug cruft.
- Remove unnecessary 'top' fudging from BN_copy().
- Fix a potential memory leak and simplify the expansion logic in
BN
Tidy up, including;
- Remove unused and unuseful debug cruft.
- Remove unnecessary 'top' fudging from BN_copy().
- Fix a potential memory leak and simplify the expansion logic in
BN_bin2bn().
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
show more ...
|
| #
df11e1e9 |
| 17-Jun-2004 |
Geoff Thorpe |
Deprecate unused cruft, and "make update".
|
| #
afbe74d3 |
| 17-Jun-2004 |
Geoff Thorpe |
Actually, that last change to BN_get_word() was a little too simple.
|
| #
9088d5f2 |
| 17-Jun-2004 |
Geoff Thorpe |
As Nils put it;
Yet another question: some time ago you changed BN_set_word.
Why didn't you change BN_get_word as well?
Quite. I'm also removing the older commented-out
As Nils put it;
Yet another question: some time ago you changed BN_set_word.
Why didn't you change BN_get_word as well?
Quite. I'm also removing the older commented-out implementations to improve
readability. This complex stuff seems to date from a time when the types
didn't match up well.
Submitted by: Nils Larsch, Geoff Thorpe
show more ...
|
| #
e042540f |
| 17-Mar-2004 |
Geoff Thorpe |
Variety of belt-tightenings in the bignum code. (Please help test this!)
- Remove some unnecessary "+1"-like fudges. Sizes should be handled
exactly, as enlarging size parameters cause
Variety of belt-tightenings in the bignum code. (Please help test this!)
- Remove some unnecessary "+1"-like fudges. Sizes should be handled
exactly, as enlarging size parameters causes needless bloat and may just
make bugs less likely rather than fixing them: bn_expand() macro,
bn_expand_internal(), and BN_sqr().
- Deprecate bn_dup_expand() - it's new since 0.9.7, unused, and not that
useful.
- Remove unnecessary zeroing of unused bytes in bn_expand2().
- Rewrite BN_set_word() - it should be much simpler, the previous
complexities probably date from old mismatched type issues.
- Add missing bn_check_top() macros in bn_word.c
- Improve some degenerate case handling in BN_[add|sub]_word(), add
comments, and avoid a bignum expansion if an overflow isn't possible.
show more ...
|
|
Revision tags: OpenSSL_0_9_7d, OpenSSL-engine-0_9_6m, OpenSSL_0_9_6m, LEVITTE_after_const, LEVITTE_before_const, BEN_FIPS_TEST_5, BEN_FIPS_TEST_4 |
|
| #
d420ac2c |
| 27-Dec-2003 |
Richard Levitte |
Use BUF_strlcpy() instead of strcpy().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part
Use BUF_strlcpy() instead of strcpy().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
show more ...
|
| #
2bfd2c74 |
| 02-Dec-2003 |
Geoff Thorpe |
Incremental cleanups to bn_lib.c.
- Add missing bn_check_top() calls and relocate some others
- Use BN_is_zero() where appropriate
- Remove assert()s that bn_check_top() is already coveri
Incremental cleanups to bn_lib.c.
- Add missing bn_check_top() calls and relocate some others
- Use BN_is_zero() where appropriate
- Remove assert()s that bn_check_top() is already covering
- Simplify the code in places (esp. bn_expand2())
- Only keep ambiguous zero handling if BN_STRICT isn't defined
- Remove some white-space and make some other aesthetic tweaks
show more ...
|
| #
2ae1ea37 |
| 02-Dec-2003 |
Geoff Thorpe |
BN_FLG_FREE is of extremely dubious usefulness, and is only referred to
once in the source (where it is set for the benefit of no other code
whatsoever). I've deprecated the declaration in th
BN_FLG_FREE is of extremely dubious usefulness, and is only referred to
once in the source (where it is set for the benefit of no other code
whatsoever). I've deprecated the declaration in the header and likewise
made the use of the flag conditional in bn_lib.c. Note, this change also
NULLs the 'd' pointer in a BIGNUM when it is reset but not deallocated.
show more ...
|
| #
34066d74 |
| 01-Dec-2003 |
Geoff Thorpe |
Declare the static BIGNUM "BN_value_one()" more carefully.
|
| #
657a9195 |
| 29-Nov-2003 |
Geoff Thorpe |
This improves the placement of check_top() macros in a couple of bn_lib
functions.
|
