boringssl

History

David Benjamin 47ebec1210 Validate DH public keys for RFC 5114 groups. This is CVE-2016-0701 for OpenSSL, reported by Antonio Sanso. It is a no-op for us as we'd long removed SSL_OP_DH_SINGLE_USE and static DH cipher suites. (We also do not parse or generate X9.42 DH parameters.) However, we do still have the APIs which return RFC 5114 groups, so we should perform the necessary checks in case later consumers reuse keys. Unlike groups we generate, RFC 5114 groups do not use "safe primes" and have many small subgroups. In those cases, the subprime q is available. Before using a public key, ensure its order is q by checking y^q = 1 (mod p). (q is assumed to be prime and the existing range checks ensure y is not 1.) (Imported from upstream's `878e2c5b13` and 75374adf8a6ff69d6718952121875a491ed2cd29, but with some bugs fixed. See RT4278.) Change-Id: Ib18c3e84819002fa36a127ac12ca00ee33ea018a Reviewed-on: https://boringssl-review.googlesource.com/7001 Reviewed-by: Adam Langley <agl@google.com>		8 years ago
..
aead.h	Point EVP_aead_chacha20_poly1305 at the standardized version.	8 years ago
aes.h	Fix documentation typo.	9 years ago
arm_arch.h	Allow ARM capabilities to be set at compile time.	9 years ago
asn1.h	Remove ASN1_R_MALLOC_FAILURE.	8 years ago
asn1_mac.h	Ditch remaining filename comments from public headers and ssl/	9 years ago
asn1t.h	Ditch remaining filename comments from public headers and ssl/	9 years ago
base.h	Fold EC_GROUP_new_curve_GFp and EC_GROUP_set_generator into a EC_GROUP_new_arbitrary.	8 years ago
base64.h	Deprecate basically the entire base64 implementation.	9 years ago
bio.h	Tweaks for node.js	8 years ago
blowfish.h	Add decrepit, initially containing CAST and Blowfish.	9 years ago
bn.h	Rename the BIGNUM ASN.1 functions.	8 years ago
buf.h	Have doc.go parse struct comments.	8 years ago
buffer.h	Add buffer.h for compatibility.	9 years ago
bytestring.h	Rewrite ssl3_send_server_key_exchange to use CBB.	8 years ago
cast.h	Add decrepit, initially containing CAST and Blowfish.	9 years ago
chacha.h	Change \|CRYPTO_chacha_20\| to use 96-bit nonces, 32-bit counters.	9 years ago
cipher.h	Fix up several comments and detect problems in the future.	9 years ago
cmac.h	Style: fix some header guards	9 years ago
conf.h	Also add a no-op stub for OPENSSL_config.	8 years ago
cpu.h	Allow \|CRYPTO_is_NEON_capable\| to be known at compile time, if possible.	9 years ago
crypto.h	Tweaks for node.js	8 years ago
curve25519.h	Update draft-irtf-cfrg-curves-11 references to RFC 7748.	8 years ago
des.h	Fix shared library build on OS X.	9 years ago
dh.h	Validate DH public keys for RFC 5114 groups.	8 years ago
digest.h	Documentation typo.	9 years ago
dsa.h	Have doc.go parse struct comments.	8 years ago
dtls1.h	Opaquify DTLS structs.	9 years ago
ec.h	Tweaks for node.js	8 years ago
ec_key.h	Update comments to better document in-place semantics.	8 years ago
ecdh.h	Clean up \|ECDH_compute_key\|.	9 years ago
ecdsa.h	Update comments to better document in-place semantics.	8 years ago
engine.h	Unwind DH_METHOD and DSA_METHOD.	9 years ago
err.h	Have doc.go parse struct comments.	8 years ago
evp.h	Don't allow EVP_PKEY_RSA2.	8 years ago
ex_data.h	Skip free callbacks on empty CRYPTO_EX_DATAs.	8 years ago
hkdf.h	Get rid of err function codes.	9 years ago
hmac.h	Remove HMAC_CTX_set_flags.	9 years ago
lhash.h	Style: fix some header guards	9 years ago
lhash_macros.h	Remove hash table lookups from ex_data.	9 years ago
md4.h	Store the partial block as uint8_t, not uint32_t.	8 years ago
md5.h	Store the partial block as uint8_t, not uint32_t.	8 years ago
mem.h	Fix some documentation comments.	8 years ago
obj.h	Fix up several comments and detect problems in the future.	9 years ago
obj_mac.h	Allocate a NID for X25519.	8 years ago
objects.h	Move public headers to include/openssl/	10 years ago
opensslfeatures.h	Remove remaining remnants of RIPEMD-160 support.	9 years ago
opensslv.h	Get version-related functions from crypto.h rather than ssl.h.	9 years ago
ossl_typ.h	Move public headers to include/openssl/	10 years ago
pem.h	Resolve a few old TODOs.	8 years ago
pkcs7.h	Move public headers to include/openssl/	10 years ago
pkcs8.h	Add \|PKCS12_verify_mac\|.	9 years ago
pkcs12.h	Move public headers to include/openssl/	10 years ago
poly1305.h	Fix several minor points noticed by Kenny.	9 years ago
pqueue.h	Export pqueue functions.	10 years ago
rand.h	Add a few more no-op stubs for cURL compatibility.	8 years ago
rc4.h	Fix up whitespace in headers for doc.go.	9 years ago
rsa.h	Update comments to better document in-place semantics.	8 years ago
safestack.h	Rename safe_stack.h to safestack.h.	9 years ago
sha.h	Store the partial block as uint8_t, not uint32_t.	8 years ago
srtp.h	Fold srtp.h into ssl.h.	9 years ago
ssl.h	Fix documentation string.	8 years ago
ssl3.h	Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER.	8 years ago
stack.h	Remove stack macros for nonexistent types.	8 years ago
stack_macros.h	Remove stack macros for nonexistent types.	8 years ago
thread.h	Readd CRYPTO_{LOCK\|UNLOCK\|READ\|WRITE}.	9 years ago
time_support.h	Style: fix some header guards	9 years ago
tls1.h	Update references to the extended master secret draft.	8 years ago
type_check.h	Try to fix MSVC and __STDC_VERSION__ again.	9 years ago
x509.h	Resolve a few old TODOs.	8 years ago
x509_vfy.h	Import “altchains” support.	8 years ago
x509v3.h	Get rid of err function codes.	9 years ago