| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
It is clearly public because it is declared in <openssl/evp.h>,
refenced from EVP_PKEY_asn1_set_public(3), and similar to the
documented functions DH_bits(3) and RSA_bits(3).
Triggered by tb@ adding a const qualifier to its argument.
|
| |
|
|
|
|
|
| |
Should have been part of the previous commit. Omission noted by schwarze.
tested in bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
|
|
| |
TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3),
TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3),
and TS_TST_INFO_get_ext_by_OBJ(3)
tested in a bulk by sthen
ok jsing
|
| |
|
|
|
|
|
| |
SXNET_add_id_INTEGER(3), SXNET_add_id_asc(3), SXNET_add_id_ulong(3)
tested in a bulk by sthen
ok jsing
|
| |
|
|
| |
to the "pass" and "name" arguments of PKCS12_create(3). Adjust the manual.
|
| |
|
|
|
| |
to the "name", "header", and "data" arguments of PEM_write(3) and
PEM_write_bio(3). Adjust the manual.
|
| |
|
|
|
| |
to the "url" argument of OCSP_crlID_new(3) and to the "urls"
argument of OCSP_url_svcloc_new(3). Adjust the manuals.
|
| |
|
|
|
|
|
| |
PKCS8_decrypt(3).
tested in a bulk build by sthen
ok beck, jsing
|
| |
|
|
|
| |
to the argument of X509_get_subject_name(3) and X509_get_issuer_name(3).
Adjust the manual.
|
| |
|
|
|
| |
tested in a bulk by sthen
ok beck, jsing
|
| |
|
|
|
|
|
| |
PKCS12_item_decrypt_d2i(3), PKCS12_pbe_crypt(3), PKCS12_newpass(3).
tested in a bulk by sthen
ok beck, jsing
|
| |
|
|
| |
to the arguments of OCSP_cert_id_new(3). Adjust the manual.
|
| |
|
|
|
| |
tested in a bulk by sthen
ok beck, jsing
|
| |
|
|
| |
to the "obj" argument of X509v3_get_ext_by_OBJ(3). Adjust the manual.
|
| |
|
|
| |
to the "sig" argument of EVP_DigestVerifyFinal(3). Adjust the manual.
|
| |
|
|
|
|
|
| |
PKCS12_decrypt_skey(3).
tested in a bulk by sthen
ok beck, jsing
|
| |
|
|
| |
ok beck@ tb@
|
| |
|
|
|
|
|
| |
Also place all of the OPENSSL_* memory related prototypes under #ifndef
LIBRESSL_INTERNAL.
ok beck@ tb@
|
| |
|
|
|
|
|
| |
PKCS12_add_key(3), PKCS12_add_safe(3), PKCS12_create(3).
tested in a bulk build by sthen
ok beck, jsing
|
| |
|
|
|
|
|
| |
PEM_write(3) and PEM_write_bio(3).
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
|
| |
OCSP_crlID_new(3), OCSP_parse_url(3), OCSP_sendreq_bio(3),
OCSP_sendreq_new(3), and OCSP_url_svcloc_new(3).
tested in a bulk build by sthen
ok jsing (as part of a larger diff)
|
| |
|
|
|
|
|
| |
X509_get_subject_name(3).
tested in a bulk build by sthen
ok jsing (as part of a larger diff)
|
| |
|
|
|
|
|
| |
ASN1_INTEGER * arguments of OCSP_cert_id_new(3).
tested in a bulk build by sthen
ok jsing (as part of a larger diff)
|
| |
|
|
|
|
|
|
| |
OCSP_REQUEST_get_ext_by_OBJ(3), OCSP_ONEREQ_ext_by_OBJ(3)
OCSP_BASICRESP_get_ext_by_OBJ(3), OCSP_SINGLERESP_get_ext_by_OBJ(3)
tested in a bulk build by sthen
ok jsing (as part of a larger diff)
|
| |
|
|
|
|
|
| |
X509v3_get_ext_by_OBJ(3).
tested in a bulk build by sthen
ok jsing (as part of a larger diff)
|
| |
|
|
|
|
|
|
| |
EVP_PKEY_get_attr_by_OBJ(3), X509at_get_attr_by_OBJ(3),
X509at_get0_data_by_OBJ(3), X509_REQ_get_attr_by_OBJ(3)
tested in a bulk by sthen
ok beck (as part of a larger diff)
|
| |
|
|
|
| |
tested in a bulk build by sthen
ok beck (as part of a larger diff)
|
| |
|
|
|
| |
tested in a bulk build by sthen
ok beck (as part of a larger diff)
|
| |
|
|
|
| |
tested in a bulk build by sthen
ok beck (as part of a larger diff)
|
| |
|
|
|
| |
tested in a bulk build by sthen
ok beck (as part of a larger diff)
|
| |
|
|
|
| |
to the argument of BIO_new_accept(3), BIO_new_connect(3), and
BIO_new_mem_buf(3). Update the documentation.
|
| |
|
|
| |
to return value of BIO_s_mem(3). Update the manual page.
|
| |
|
|
|
|
|
|
| |
BIO_new_accept(). The one for BIO_new_mem_buf() is a bit ugly
since it needs to cast away the newly added const qualifier,
as in OpenSSL commit 8ab31975bac.
ok jsing
|
| |
|
|
|
|
| |
BIO_s_datagram().
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
Avoid overloading a variable to store both a value and an error code - we
can simply inline the error calls (as done everywhere else). Remove a bunch
of unnecessary parentheses and tidy a few other things.
With input from tb@.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
| |
This could potentially result in a left shift that exceeded the size of the
storage type.
Issue found by Simon Friedberger, Robert Merget and Juraj Somorovsky.
ok inoguchi@ tb@
|
| |
|
|
| |
ok bcook@ tb@
|
| | |
|
| |
|
|
|
| |
to the return value of BIO_f_base64(3), BIO_f_cipher(3), and
BIO_f_base64(3). Update the documentation.
|
| |
|
|
|
| |
tested in bulk by sthen
ok jsing
|
| |
|
|
|
|
| |
Reported by Ondřej Surý, LibreSSL-portable issue #92.
ok inoguchi, jsing
|
| |
|
|
| |
to some function arguments. Update the documentation.
|
| |
|
|
|
| |
tested in a bulk by sthen
ok jsing
|
| |
|
|
| |
to the prototypes of several functions. Update the documentation.
|
| | |
|
| |
|
|
|
|
| |
functions.
ok beck, jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
carefully document constant time vs. non-constant time operation
of BN_div(3), BN_mod_exp(3), and BN_mod_inverse(3).
Until the work that is required on the ill-designed BN_exp(3) and
BN_gcd(3) interfaces can be undertaken, also document the imperfections
in their behaviour, for now. Finally, mention BN_mod_exp(3) behaviour
for even moduli.
Delete the vague statement about some functions automatically
setting BN_FLG_CONSTTIME. It created a false sense of security.
Do not rely on it: not all relevant functions do that.
Topic brought up by beck@, significant feedback and OK jsing@.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
of OpenSSL commit c0caa945f6ef30363e0d01d75155f20248403df4 to our
version of this function.
ok beck, jsing
Original commit message:
commit c0caa945f6ef30363e0d01d75155f20248403df4
Author: Pauli <paul.dale@oracle.com>
Date: Wed Nov 1 06:58:13 2017 +1000
Address a timing side channel whereby it is possible to determine some
information about the length of the scalar used in DSA operations from
a large number (2^32) of signatures.
This doesn't rate as a CVE because:
* For the non-constant time code, there are easier ways to extract
more information.
* For the constant time code, it requires a significant number of signatures
to leak a small amount of information.
Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for
reporting this issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4576)]
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this is OpennSSL commit 4a089bbdf11f9e231cc68f42bba934c954d81a49.
ok beck, jsing
Original commit message:
commit 4a089bbdf11f9e231cc68f42bba934c954d81a49
Author: Pauli <paul.dale@oracle.com>
Date: Wed Nov 1 06:58:39 2017 +1000
Address a timing side channel whereby it is possible to determine some
information about the length of the scalar used in ECDSA operations
from a large number (2^32) of signatures.
This doesn't rate as a CVE because:
* For the non-constant time code, there are easier ways to extract
more information.
* For the constant time code, it requires a significant number of signatures
to leak a small amount of information.
Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for
reporting this issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4576)]
|
| | |
|
