openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Readability tweaks for comments that explain the blinding.	tb	2019-06-04	1	-5/+5
\|
*	Remove the blinding later to avoid leaking information on the length	tb	2019-06-04	1	-3/+3
\| \| \| \| \| \| \| \|	of kinv. Pointed out and fix suggested by David Schrammel and Samuel Weiser ok jsing
*	unrevert the use of bn_rand_interval().	tb	2018-11-06	1	-12/+5
\| \| \| \|	ok beck jsing
*	revert use of bn_rand_interval due to failures with ECDHE and TLS	tb	2018-11-06	1	-5/+12
\|
*	Make use of bn_rand_interval() where appropriate.	tb	2018-11-05	1	-12/+5
\| \| \| \|	ok beck jsing
*	Use a blinding value when generating a DSA signature, in order to reduce	jsing	2018-06-14	1	-9/+39
\| \| \| \| \| \| \| \|	the possibility of a side-channel attack leaking the private key. Suggested by Keegan Ryan at NCC Group. With input from and ok tb@
*	Clarify the digest truncation comment in DSA signature generation.	jsing	2018-06-14	1	-3/+4
\| \| \| \|	Requested by and ok tb@
*	Pull up the code that converts the digest to a BIGNUM - this only needs	jsing	2018-06-14	1	-10/+10
\| \| \| \| \| \| \|	to occur once and not be repeated if the signature generation has to be repeated. ok tb@
*	Fix a potential leak/incorrect return value in DSA signature generation.	jsing	2018-06-14	1	-4/+6
\| \| \| \| \| \| \| \| \| \|	In the very unlikely case where we have to repeat the signature generation, the DSA_SIG return value has already been allocated. This will either result in a leak when we allocate again on the next iteration, or it will give a false success (with missing signature values) if any error occurs on the next iteration. ok tb@
*	style(9), comments and whitespace.	jsing	2018-06-13	1	-30/+32
\|
*	Avoid a timing side-channel leak when generating DSA and ECDSA signatures.	jsing	2018-06-13	1	-5/+2
\| \| \| \| \| \| \| \| \|	This is caused by an attempt to do fast modular arithmetic, which introduces branches that leak information regarding secret values. Issue identified and reported by Keegan Ryan of NCC Group. ok beck@ tb@
*	Fix a small timing side channel in dsa_sign_setup(). Simple adaptation	tb	2018-04-28	1	-12/+25
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	of OpenSSL commit c0caa945f6ef30363e0d01d75155f20248403df4 to our version of this function. ok beck, jsing Original commit message: commit c0caa945f6ef30363e0d01d75155f20248403df4 Author: Pauli <paul.dale@oracle.com> Date: Wed Nov 1 06:58:13 2017 +1000 Address a timing side channel whereby it is possible to determine some information about the length of the scalar used in DSA operations from a large number (2^32) of signatures. This doesn't rate as a CVE because: * For the non-constant time code, there are easier ways to extract more information. * For the constant time code, it requires a significant number of signatures to leak a small amount of information. Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4576)]
*	Send the function codes from the error functions to the bit bucket,	beck	2017-01-29	1	-8/+8
\| \| \| \| \| \|	as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
*	Add ct and nonct versions of BN_mod_inverse for internal use	beck	2017-01-21	1	-3/+3
\| \| \| \|	ok jsing@
*	Split out BN_div and BN_mod into ct and nonct versions for Internal use.	beck	2017-01-21	1	-4/+4
\| \| \| \|	ok jsing@
*	Make explicit _ct and _nonct versions of bn_mod_exp funcitons that	beck	2017-01-21	1	-2/+4
\| \| \| \| \| \| \| \| \| \| \| \|	matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@
*	Disable DSA_FLAG_NO_EXP_CONSTTIME, always enable constant-time behavior.	bcook	2016-06-21	1	-71/+33
\| \| \| \| \| \| \|	Improved patch from Cesar Pereida. See https://github.com/libressl-portable/openbsd/pull/61 for more details. ok beck@
*	Set BN_FLG_CONSTTIME on the correct variable. beck committed wrong fix.libressl-v2.4.1	tedu	2016-06-06	1	-2/+2
\| \| \| \|	Mistake noted by Billy Brumley. Many thanks.
*	Correct a problem that prevents the DSA signing algorithm from running	beck	2016-06-06	1	-4/+6
\| \| \| \| \| \| \|	in constant time even if the flag BN_FLG_CONSTTIME is set. This issue was reported by Cesar Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by Cesar Pereida.
*	Fix an incorrect error check in DSA verify.	bcook	2015-09-10	1	-4/+2
\| \| \| \| \| \|	From Matt Caswell's OpenSSL commit "RT3192: spurious error in DSA verify". https://github.com/openssl/openssl/commit/eb63bce040d1cc6147d256f516b59552c018e29b
*	None of these need to include <openssl/rand.h>	jsing	2014-10-18	1	-2/+1
\|
*	if (x) FOO_free(x) -> FOO_free(x).	miod	2014-07-12	1	-15/+8
\| \| \| \| \| \| \|	Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
*	Only import cryptlib.h in the four source files that actually need it.	jsing	2014-07-11	1	-4/+5
\| \| \| \| \| \| \| \|	Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
*	KNF	miod	2014-07-09	1	-186/+206
\|
*	hand-KNF macro the do { } while loops	deraadt	2014-06-27	1	-16/+20
\|
*	tags as requested by miod and tedu	deraadt	2014-06-12	1	-1/+1
\|
*	Use C99 initializers for the various FOO_METHOD structs. More readable, and	miod	2014-04-27	1	-12/+6
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	avoid unreadable/unmaintainable constructs like that: const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = { EVP_PKEY_CMAC, EVP_PKEY_CMAC, 0, "CMAC", "OpenSSL CMAC method", 0,0,0,0, 0,0,0, cmac_size, 0, 0,0,0,0,0,0,0, cmac_key_free, 0, 0,0 }; ok matthew@ deraadt@
*	resolve conflicts	djm	2012-10-13	1	-1/+15
\|
*	openssl-1.0.0e: resolve conflicts	djm	2011-11-03	1	-19/+1
\|
*	resolve conflicts, fix local changes	djm	2010-10-01	1	-14/+34
\|
*	resolve conflicts	djm	2009-01-09	1	-0/+3
\|
*	resolve conflicts	djm	2008-09-06	1	-54/+54
\|
*	openssl security fixes, diff from markus@, ok & "commit it" djm@	pvalchev	2006-10-04	1	-0/+12
\| \| \| \|	http://www.openssl.org/news/secadv_20060928.txt for more
*	resolve conflicts	djm	2006-06-27	1	-12/+43
\|
*	resolve conflicts	djm	2005-04-29	1	-0/+2
\|
*	merge 0.9.7b with local changes; crank majors for libssl/libcrypto	markus	2003-05-12	1	-5/+9
\|
*	merge with 0.9.7-beta1	markus	2002-09-05	1	-55/+1
\|
*	OpenSSL 0.9.7 stable 2002 05 08 merge	beck	2002-05-15	1	-3/+8
\|
*	merge openssl 0.9.6b-engine	beck	2001-08-01	1	-0/+21
\| \| \| \| \|	Note that this is a maintenence release, API's appear not to have changed. As such, I have only increased the minor number on these libraries
*	import DSA changes from 0.9.6a (Bleichenbacher attack), ok provos@/deraadt@	markus	2001-04-23	1	-7/+57
\|
*	openssl-engine-0.9.6 merge	beck	2000-12-15	1	-3/+4
\|
*	OpenSSL 0.9.5 merge	beck	2000-03-19	1	-0/+321
	warning this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs