| #
f4601b6d |
| 30-Apr-2024 |
sapph2c |
Fixed typos in ossl_ht_new.pod, EVP_PKEY_decrypt.pod, and RSA_public_encrypt.pod
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.or
Fixed typos in ossl_ht_new.pod, EVP_PKEY_decrypt.pod, and RSA_public_encrypt.pod
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24304)
show more ...
|
| #
98161274 |
| 16-Apr-2024 |
Hubert Kario |
Be more explicit about RSAES-PKCS#1v1.5 error handling
And add a note how to perform side-channel free error stack handling.
Signed-off-by: Hubert Kario <hkario@redhat.com>
Be more explicit about RSAES-PKCS#1v1.5 error handling
And add a note how to perform side-channel free error stack handling.
Signed-off-by: Hubert Kario <hkario@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24159)
show more ...
|
| #
8548d3bf |
| 12-Dec-2022 |
Hubert Kario |
rsa: fix version of rsa implicit rejection introduction
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@o
rsa: fix version of rsa implicit rejection introduction
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19889)
show more ...
|
| #
7fc67e0a |
| 15-Mar-2022 |
Hubert Kario |
rsa: add implicit rejection in PKCS#1 v1.5
The RSA decryption as implemented before required very careful handling
of both the exit code returned by OpenSSL and the potentially returned
rsa: add implicit rejection in PKCS#1 v1.5
The RSA decryption as implemented before required very careful handling
of both the exit code returned by OpenSSL and the potentially returned
ciphertext. Looking at the recent security vulnerabilities
(CVE-2020-25659 and CVE-2020-25657) it is unlikely that most users of
OpenSSL do it correctly.
Given that correct code requires side channel secure programming in
application code, we can classify the existing RSA decryption methods
as CWE-676, which in turn likely causes CWE-208 and CWE-385 in
application code.
To prevent that, we can use a technique called "implicit rejection".
For that we generate a random message to be returned in case the
padding check fails. We generate the message based on static secret
data (the private exponent) and the provided ciphertext (so that the
attacker cannot determine that the returned value is randomly generated
instead of result of decryption and de-padding). We return it in case
any part of padding check fails.
The upshot of this approach is that then not only is the length of the
returned message useless as the Bleichenbacher oracle, so are the
actual bytes of the returned message. So application code doesn't have
to perform any operations on the returned message in side-channel free
way to remain secure against Bleichenbacher attacks.
Note: this patch implements a specific algorithm, shared with Mozilla
NSS, so that the attacker cannot use one library as an oracle against the
other in heterogeneous environments.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13817)
show more ...
|
| #
3dbf8243 |
| 02-Dec-2021 |
Matt Caswell |
Clarify the deprecation warnings in the docs
There was recently an instance where a user was confused by the
deprecation warnings in the docs. They believed the warning applied to
th
Clarify the deprecation warnings in the docs
There was recently an instance where a user was confused by the
deprecation warnings in the docs. They believed the warning applied to
the immediately preceding function declarations, when it fact it applied
to the following function declarations.
https://mta.openssl.org/pipermail/openssl-users/2021-December/014665.html
We clarify the wording to make it clear that the warning applies to the
following functions.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17180)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
| #
408def8b |
| 02-Mar-2021 |
Pauli |
doc: document param argument to RSA calls
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
|
| #
8020d79b |
| 11-Mar-2021 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14512)
|
| #
b0aae913 |
| 22-Feb-2021 |
Rich Salz |
Remove RSA SSLv23 padding mode
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14248)
|
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1 |
|
| #
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
|
|
Revision tags: OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
| #
4fd8a3e1 |
| 12-Feb-2020 |
Pauli |
rsa: document deprecated low level functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11063)
|
|
Revision tags: OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
| #
5e0d9c86 |
| 18-Aug-2019 |
Rich Salz |
Use WARNINGS heading not WARNING
Also update find-doc-nits to reject "=head1 WARNING"
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthi
Use WARNINGS heading not WARNING
Also update find-doc-nits to reject "=head1 WARNING"
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9602)
show more ...
|
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s |
|
| #
b89fdeb2 |
| 01-Mar-2019 |
Bernd Edlinger |
Update documentation regarding required output buffer memory size
of RSA_private_decrypt/RSA_public_encrypt.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com
Update documentation regarding required output buffer memory size
of RSA_private_decrypt/RSA_public_encrypt.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/8365)
show more ...
|
|
Revision tags: OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
| #
4746f25a |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in doc/man3/
[skip ci]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/78
Following the license change, modify the boilerplates in doc/man3/
[skip ci]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7829)
show more ...
|
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
| #
1e3f62a3 |
| 17-Jul-2017 |
Emilia Kasper |
RSA_padding_check_PKCS1_type_2 is not constant time.
This is an inherent weakness of the padding mode. We can't make the
implementation constant time (see the comments in rsa_pk1.c), so
RSA_padding_check_PKCS1_type_2 is not constant time.
This is an inherent weakness of the padding mode. We can't make the
implementation constant time (see the comments in rsa_pk1.c), so add a
warning to the docs.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16, OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d |
|
| #
e9b77246 |
| 20-Jan-2017 |
Beat Bolli |
doc/man3: reformat the function prototypes in the synopses
I tried hard to keep the lines at 80 characters or less, but in a few
cases I had to punt and just indented the subsequent line
doc/man3: reformat the function prototypes in the synopses
I tried hard to keep the lines at 80 characters or less, but in a few
cases I had to punt and just indented the subsequent lines by 4 spaces.
A few well-placed typedefs for callback functions would really help, but
these would be part of the API, so that's probably for later.
I also took the liberty of inserting empty lines in overlong blocks to
provide some visual space.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1956)
show more ...
|
| #
b41f6b64 |
| 10-Mar-2017 |
Matt Caswell |
Fix some RSA documentation
RSA_private_encrypt(), RSA_public_decrypt(), RSA_public_encrypt() and
RSA_private_decrypt() are declared with a "const" from parameter, but
this is not ref
Fix some RSA documentation
RSA_private_encrypt(), RSA_public_decrypt(), RSA_public_encrypt() and
RSA_private_decrypt() are declared with a "const" from parameter, but
this is not reflected in the docs.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2899)
show more ...
|
|
Revision tags: OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14 |
|
| #
b97fdb57 |
| 11-Nov-2016 |
Richard Levitte |
Fix referenses in section 3 manuals
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1900)
|
|
Revision tags: OpenSSL_1_1_0c |
|
| #
99d63d46 |
| 26-Oct-2016 |
Rich Salz |
Move manpages to man[1357] structure.
Move manpages to manX directories
Add Windows/VMS install fix from Richard Levitte
Update README
Fix typo's
Remove some duplicates
Move manpages to man[1357] structure.
Move manpages to manX directories
Add Windows/VMS install fix from Richard Levitte
Update README
Fix typo's
Remove some duplicates
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
