| Commit message (Collapse) | Author | Files | Lines |
|---|
|
this is OpennSSL commit 4a089bbdf11f9e231cc68f42bba934c954d81a49.
ok beck, jsing
Original commit message:
commit 4a089bbdf11f9e231cc68f42bba934c954d81a49
Author: Pauli <paul.dale@oracle.com>
Date: Wed Nov 1 06:58:39 2017 +1000
Address a timing side channel whereby it is possible to determine some
information about the length of the scalar used in ECDSA operations
from a large number (2^32) of signatures.
This doesn't rate as a CVE because:
* For the non-constant time code, there are easier ways to extract
more information.
* For the constant time code, it requires a significant number of signatures
to leak a small amount of information.
Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for
reporting this issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4576)]
|
|
in preparation for pledgepath
ok deraadt@
|
|
|
|
to some parameters of some functions. Update the documentation.
Add a few additional missing const qualifiers while here.
|
|
show the public data type name "LHASH_OF(SSL_SESSION)" instead.
|
|
and avoid the internal, undocumented names "struct ssl_st *"
and "struct ssl_ctx_st *".
|
|
to some parameters and return values of some functions.
Update the documentation.
|
|
|
|
BIO_f_asn1() will be taken care of later.
Tested in a bulk by sthen
ok bcook jca jsing
|
|
previous commit.
|
|
ok jsing (as part of a larger diff)
|
|
our libssl functions match theirs wrt const, except for BIO_f_ssl(3)
which will be fixed in a later step.
this went through a i386 bulk by sthen
ok jsing
|
|
grepability.
Req. by jsing
|
|
|
|
|
|
ok bcook
|
|
Annotate them.
|
|
|
|
While here, include a patch from tb@
adding the missing return type to ENGINE_ctrl() in the SYNOPSIS.
|
|
|
|
|
|
|
|
|
|
* Correct documentation of DH_new(3), DH_free(3), DSA_new(3), DSA_free(3),
RSA_new(3), and RSA_free(3) with respect to reference counting.
* Stop referencing engine(3).
|
|
and more concise.
* Correct the description of the return values of DH_set_method(3)
and DSA_set_method(3).
* Stop referencing engine(3).
|
|
* Add three missing const qualifiers to function prototypes.
* Correct the argument type of RSA_new_method(3).
* Remove duplicate decsription of RSA_flags(3) and RSA_new_method(3).
* Make the description of method selection simpler, more precise,
and more concise.
* Correct description of the return value of RSA_set_method(3).
* Stop referencing engine(3).
|
|
|
|
covering the remaining functions that were documented in engine(3),
except for seven functions that are completely pointless and that
were merely listed but not really documented.
|
|
covering 60% of the documented functions). The old, abominable
engine(3) manual page shall die soon.
|
|
to accept a NULL argument. Document that.
While here, make the related sentences more precise and less verbose.
Tweaks and OK tb@.
|
|
simplifies the caller side.
tested by & ok inoguchi; discussed with schwarze
|
|
OpenSSL commit 7c96dbcdab9 by Rich Salz.
This cleans up the caller side quite a bit and reduces the number of
lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net
shows that almost nothing checks the return value of ENGINE_finish().
While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'.
ok jsing, tested by & ok inoguchi
|
|
SSL_OP_TLS_ROLLBACK_BUG to no longer have any effect.
Update the manual page.
|
|
around the SSLv3/TLSv1.0 period... and buggy clients are buggy. This also
helps to clean up the RSA key exchange code.
ok "kill it with fire" beck@ tb@
|
|
because it was (1) woefully incomplete, (2) partially outdated
and wrong, (3) in parts imprecisely worded and hard to understand,
(4) excessively technical for a section 1 manual, (5) of excessive
size for this particular page, (6) and didn't belong here in the
first place because it essentially tried to document a C API -
SSL_CTX_set_cipher_list(3), which is now documented, so point to it.
|
|
collecting the information by inspecting the source code.
|
|
|
|
this to be "overridden" by the user supplied callback.
ok jsing@
|
|
triggered by OpenSSL commit a73d990e Feb 27 19:02:24 2018 +0100,
but with different content
|
|
|
|
suppresses any future config file loading.
ok schwarze@ with a nit from jsing@
|
|
Now that everything goes through the same code path, we can remove a layer
of indirection and just call ssl3_{read,write,peek} directly.
ok beck@ inoguchi@
|
|
These flags enabled experimental behaviour in the write path, which nothing
uses. Removing this code greatly simplifies ssl3_write().
ok beck@ inoguchi@ sthen@ tb@
|
|
|
|
Previously this incorrectly called tls_keypair_clear(), which results in
the private key being cleared, along with the certificate, OCSP staple and
pubkey hash. This breaks OCSP stapling if tls_config_clear_keys() is called
following tls_configure(), as is done by httpd.
Fix this by calling tls_keypair_clear_key() so that only the private key is
cleared, leaving the other public data untouched. While here, remove
tls_keypair_clear() and fold the necessary parts into tls_keypair_free().
ok beck@
|
|
being loaded behind our back, at a later point.
ok beck@
|
|
|
|
|
|
|
|
it may be something else. For primitive types it is possible that
a boolean int has been casted to an ASN1_VALUE pointer. Then the
64 bit read access to *pval may crash due to alignent or 32 bit
size.
bug report Anton Borowka; OK tedu@ jsing@ miod@
|
