Age | Commit message (Collapse) | Author |
|
Read ASN.1 data in chunks to prevent invalid inputs from allocating
excessive amounts of data.
Bug: 35443725
Test: run cts -m CtsLibcoreTestCases
Test: manually ran testcase from OpenSSL
Change-Id: Ia9d6aa40726c0cba26e2060108112f33e00e8270
Merged-In: Ie00536d7ad815464b2b031f7bcd1b683e12c1623
Merged-In: If087a69ee075b3c5323abb8d7d740e92bd703bb1
Merged-In: If77e23607fc77f724f50ad0e0b94eef4beae57ea
Merged-In: Ia8d0370ece1d5c1750a4331810c610ed5c813224
Merged-In: Ia945d5ce50335919b0783fe909892703213454ef
(cherry picked from commit ea156ae109eac7b7cf7d4f6a76f3c4590734789b)
|
|
Always use Fermat's Little Theorem in ecdsa_sign_setup.
The case where ec_group_get_mont_data is NULL is only for arbitrary groups
which we now require to be prime order. BN_mod_exp_mont is fine with a NULL
BN_MONT_CTX. It will just compute it. Saves a bit of special-casing.
Also don't mark p-2 as BN_FLG_CONSTTIME as the exponent is public anyway.
(cherry picked from commit 8cf79af7d1497c07bd684764b96c9659e7b32ae1)
Bug: 33752052
Change-Id: Iedaf2f40028ef703078262ae5e971cc715d49866
(cherry picked from commit 5e7ef724aead3c33184f34ac7c684e9c2a859b87)
|
|
5e36e04f4a -s ours am: e5f071b97d am: 301d2f9c13 am: dfd0e610dd
am: 87df09edfc
Change-Id: I8d5c226e25e8b8b6d2df2e3e880fbfb0e11afa91
|
|
am: 2579fef5be
Change-Id: Id172439d03d3694e924d424b2b4924ec2493680a
|
|
5e36e04f4a -s ours am: e5f071b97d am: 301d2f9c13
am: dfd0e610dd
Change-Id: I6453924e68c5e282a8db7d1a03cca380882e8250
|
|
am: f74cb4fd9a
Change-Id: Ibf4a6b82a153de15cd85b6d1219bfd59851ecc6e
|
|
5e36e04f4a -s ours am: e5f071b97d
am: 301d2f9c13
Change-Id: I94b8ae46d9438a90ab033c9e11a79f5fbab14b14
|
|
am: f57d711a89
Change-Id: I53fe9b10a8919c062573e7a2cf5eaf43526d5dd6
|
|
am: 29b92ab938
Change-Id: Iae907681572694ca0b166448470077c4d7a90693
|
|
5e36e04f4a -s ours
am: e5f071b97d
Change-Id: If8b668a54082c0e429796da0049a929bf3b5137d
|
|
|
|
am: 5e36e04f4a -s ours
Change-Id: I8d1c586856aad99e09b33faf85ef28f5d6d8f266
|
|
am: 84ef8ae722
Change-Id: I8d97b5d85d0ef570a8ca68b5e36ddb7a286fb552
|
|
am: 38fcf1045e
Change-Id: I24f456bb6aeb670e0f7518f48827ce3da3b816d7
|
|
am: 3a7c987a43
Change-Id: I172285d83d594c972f986b33fbc4251ec3583a0f
|
|
am: aa436848f1
Change-Id: Id34d840377d8a03870cd2f2628d6e89f3421555a
|
|
am: 2242e545fe
Change-Id: I2a7f0671035826f356d21529d7d491592d4783e0
|
|
am: 7a342e9714
Change-Id: I1d13e3c11357d8d8b0eb6c590800eaaa9b51add0
|
|
am: 8c2c80c1be
Change-Id: I7fff0f3abda4f0ed15f9f68e2a97d0addf3b06ae
|
|
This is a more complete fix for CVE-2016-2182. The original commit
message was:
"If an oversize BIGNUM is presented to BN_bn2dec() it can cause
BN_div_word() to fail and not reduce the value of 't' resulting
in OOB writes to the bn_data buffer and eventually crashing.
Fix by checking return value of BN_div_word() and checking writes
don't overflow buffer.
Thanks to Shi Lei for reporting this bug."
BoringSSL's rewrite commit message:
"958aaf1ea1b481e8ef32970d5b0add80504be4b2, imported from upstream, had
an off-by-one error. Reproducing the failure is fairly easy as it can't
even serialize 1. See also upstream's
099e2968ed3c7d256cda048995626664082b1b30.
Rewrite the function completely with CBB and add a basic test.
BUG=chromium:639740"
Change-Id: I41a91514c4bb9e83854824ed5258ffe4e49d9491
Bug: 32096880
|
|
This is a more complete fix for CVE-2016-2182. The original commit
message was:
"If an oversize BIGNUM is presented to BN_bn2dec() it can cause
BN_div_word() to fail and not reduce the value of 't' resulting
in OOB writes to the bn_data buffer and eventually crashing.
Fix by checking return value of BN_div_word() and checking writes
don't overflow buffer.
Thanks to Shi Lei for reporting this bug."
BoringSSL's rewrite commit message:
"958aaf1ea1b481e8ef32970d5b0add80504be4b2, imported from upstream, had
an off-by-one error. Reproducing the failure is fairly easy as it can't
even serialize 1. See also upstream's
099e2968ed3c7d256cda048995626664082b1b30.
Rewrite the function completely with CBB and add a basic test.
BUG=chromium:639740"
Change-Id: I41a91514c4bb9e83854824ed5258ffe4e49d9491
Bug: 32096880
|
|
This is a more complete fix for CVE-2016-2182. The original commit
message was:
"If an oversize BIGNUM is presented to BN_bn2dec() it can cause
BN_div_word() to fail and not reduce the value of 't' resulting
in OOB writes to the bn_data buffer and eventually crashing.
Fix by checking return value of BN_div_word() and checking writes
don't overflow buffer.
Thanks to Shi Lei for reporting this bug."
BoringSSL's rewrite commit message:
"958aaf1ea1b481e8ef32970d5b0add80504be4b2, imported from upstream, had
an off-by-one error. Reproducing the failure is fairly easy as it can't
even serialize 1. See also upstream's
099e2968ed3c7d256cda048995626664082b1b30.
Rewrite the function completely with CBB and add a basic test.
BUG=chromium:639740"
Change-Id: I41a91514c4bb9e83854824ed5258ffe4e49d9491
Bug: 32096880
|
|
4177c9b481 am: 1220bf946d
am: 5de55ee076
Change-Id: I8a8b03fb63b6708dacc5d7d617fd50178cb49ec6
|
|
am: 1220bf946d
Change-Id: I9add2c54dda8093efd7b3df79aef436bcaf2ddd7
|
|
am: 4177c9b481
Change-Id: Ie2b2decee75fb03dfdaa271e60b9c5b49651baf0
|
|
With these stubs, cURL should not need any BoringSSL #ifdefs at all,
except for their OCSP #ifdefs (which can switch to the more generally
useful OPENSSL_NO_OCSP) and the workaround for wincrypt.h macro
collisions. That we intentionally leave to the consumer rather than add
a partial hack that makes the build sensitive to include order.
(I'll send them a patch upstream once this cycles in.)
Reviewed-on: https://boringssl-review.googlesource.com/6980
Reviewed-by: Adam Langley <agl@google.com>
(cherry picked from upstream commit e5aa791a1cbd70c64a5cadaae71eda8f6d5aa992)
Change-Id: I65812be5cb37acd63d755b313162b7a03d130d98
|
|
c14c24ab05 -s ours am: 3c9bd56303 am: 6cf5bbc227
am: 309ccff6ae
Change-Id: I52f9812d6d3b8bcb3464b9dbd395701fe8025285
|
|
c14c24ab05 -s ours am: 3c9bd56303
am: 6cf5bbc227
Change-Id: Ia046ea07f78e37b82a7c00048d93c51b21274181
|
|
c14c24ab05 -s ours
am: 3c9bd56303
Change-Id: Id7b0bb15e3ee6f3ad20feb3f2672fc72df2609ad
|
|
am: c14c24ab05 -s ours
Change-Id: I93715c325f89a0d3263d5940e5c62b3bce495573
|
|
b6d97eefe4 am: 5c9faa3e81 -s ours am: 625c7d8217 am: f3052ee558
am: 7ffc5ef6f6
Change-Id: I1e14f4294f135530710a9af44be8040af484913c
|
|
b6d97eefe4 am: 5c9faa3e81 -s ours am: 625c7d8217
am: f3052ee558
Change-Id: Id426ad1ebb5ae08859c14e0fb14b401dd0a3770b
|
|
b6d97eefe4 am: 5c9faa3e81 -s ours
am: 625c7d8217
Change-Id: I489a02525f7186dae9f9ca95bd550bf5be294048
|
|
am: 5c9faa3e81 -s ours
Change-Id: Ib29651fdf6d4aad864175fda4b8f30421ff05c23
|
|
am: cc069eaff4
Change-Id: I13b938457efb7054a31dbc4006af368ad223b777
|
|
am: b6d97eefe4
Change-Id: I15bbc5d62cb1cd56115c36fffa01e0a288910163
|
|
am: cbbf882c58
Change-Id: I7166af73dba062ecd24830ffb5c3d116fa24628e
|
|
am: cb576493fe
Change-Id: Ifb233f7e519786f29c82f96c3c49e63e1b5a6f20
|
|
am: 9f12ca8242
Change-Id: I2a449847047903c014a54167bcdb9d7ec1fc10ee
|
|
am: 15706c2705
Change-Id: Ib4f7fefa4b8220a3caf7874f56b08f27422ea8bd
|
|
Note that while |DES_ede2_cbc_encrypt| exists, I didn't use it: I
think it's easier to see what's happening this way.
(I couldn't find an authoritative source of test data, including in
OpenSSL's source, so I used OpenSSL's implementation to produce the
test ciphertext.)
This benefits globalplatform.
(cherry picked from commit 8c413a2d94fa720fae6a7d9c939e33978f3ed25b)
Bug: 31081987
Change-Id: I7e17ca0b69067d7b3f4bc213b4616eb269882ae0
Reviewed-on: https://boringssl-review.googlesource.com/5724
Reviewed-by: Adam Langley <agl@google.com>
|
|
(cherry picked from commit 6bfdc63114d7921037f44e7e3145c706b9ffb2e4)
Bug: 31081987
Change-Id: I0f27fa1897d2f0a148203610ccd5c6c7967f9f3d
Reviewed-on: https://boringssl-review.googlesource.com/5510
Reviewed-by: Adam Langley <agl@google.com>
|
|
5f51074adc am: 2fddbe3348
am: 652affb06b
* commit '652affb06bafde7bc4ab124deb93dda3d9f88c9d':
Fix encoding bug in i2c_ASN1_INTEGER
Change-Id: Ib1547d682f3d55192518fb3caa9e851377739fb7
|
|
5f51074adc
am: 2fddbe3348
* commit '2fddbe3348fcf4b087efcc4d44c1d466fccaf462':
Fix encoding bug in i2c_ASN1_INTEGER
Change-Id: Id8a256726d190c3e9195ccba7e7c34b18f4716a7
|
|
am: 5f51074adc
* commit '5f51074adcd8cb0fd6f34797a921685c15cdb23e':
Fix encoding bug in i2c_ASN1_INTEGER
Change-Id: I6842c9a5ea94ba4358ea69076a8f9cc6d8b512ec
|
|
am: 78f200490e
* commit '78f200490e2e7d18b7973b6f90cef350672c2be3':
Fix encoding bug in i2c_ASN1_INTEGER
Change-Id: If689d4b584c9593b805518447497bcb2d2680671
|
|
am: c313c682b6
* commit 'c313c682b677792ce384047e4a44812c218e29c9':
Fix encoding bug in i2c_ASN1_INTEGER
Change-Id: I4a6e0743464d3305d4d043dfab54790ac8baf49a
|
|
am: c79be54ba3
* commit 'c79be54ba3206605350204e419e4078906456da6':
Fix encoding bug in i2c_ASN1_INTEGER
Change-Id: I9a5d0ad1bca0a396a44939a4aea60bf83acdce32
|
|
(Imported from upstream's 3661bb4e7934668bd99ca777ea8b30eedfafa871.)
Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as
negative.
Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and Hanno Böck
<hanno@hboeck.de> for reporting this issue.
BUG=590615
(cherry-picked from c4eec0c16b02c97a62a95b6a08656c3a9ddb6baa)
Bug: 28175332
Change-Id: I49f6ecdd9b3512f3d0a28e96dd8c48734dacf248
Reviewed-on: https://boringssl-review.googlesource.com/7199
Reviewed-by: David Benjamin <davidben@google.com>
|
|
am: eea801c
* commit 'eea801cc4bb43e1fbf2e547ee8b94402264f4396':
Remove support for mis-encoded PKCS#8 DSA keys.
|