[openssl.org #3060] [PATCH] empty_record_limit

2013-06-04 Thread Adam Langley via RT
Limit the number of empty records that will be processed consecutively in order to prevent ssl3_get_record from never returning. Reported by oftc_must_be_destroyed and George Kadianakis. 0004-empty_record_limit.patch Description: Binary data

[openssl.org #3061] [PATCH] dsa_crash

2013-06-04 Thread Adam Langley via RT
Don't SEGFAULT when trying to export a public DSA key as a private key. 0005-dsa_crash.patch Description: Binary data

[openssl.org #3062] [PATCH] asm_volatile

2013-06-04 Thread Adam Langley via RT
Add volatile qualifications to two blocks of inline asm to stop GCC from eliminating them as dead code. Both volatile and memory are used because of some concern that the compiler may still cache values across the asm block without it, and because this was such a painful debugging session that I

[openssl.org #3063] [PATCH] exp_zero_mod_one

2013-06-04 Thread Adam Langley via RT
Ensure that x**0 mod 1 = 0. 0007-exp_zero_mod_one.patch Description: Binary data

[openssl.org #3064] [PATCH] small_prime_generation

2013-06-04 Thread Adam Langley via RT
Ensure that, when generating small primes, the result is actually of the requested size. Fixes OpenSSL #2701. This change does not address the cases of generating safe primes, or where the |add| parameter is non-NULL. 0008-small_prime_generation.patch Description: Binary data

[openssl.org #3065] [PATCH] ec_private_key_dont_crash

2013-06-04 Thread Adam Langley via RT
This change saves several EC routines from crashing when an EC_KEY is missing a public key. The public key is optional in the EC private key format and, without this patch, running the following through `openssl ec` causes a crash: -BEGIN EC PRIVATE KEY-

[openssl.org #3066] [PATCH] constant_time_rsa_padding

2013-06-04 Thread Adam Langley via RT
This patch tweaks the OAEP padding check to be slightly more constant time and rewrites the PKCS#1 v1.5 padding check to the same end. 0010-constant_time_rsa_padding.patch Description: Binary data

[openssl.org #3067] [PATCH] premaster_constant_time

2013-06-04 Thread Adam Langley via RT
This change alters the processing of invalid, RSA pre-master secrets so that bad encryptions are treated like random session keys in constant time. 0011-premaster_constant_time.patch Description: Binary data

[openssl.org #3068] [PATCH] Safari broken ECDHE-ECDSA workaround

2013-06-04 Thread Rob Stradling via RT
The Safari browser on OSX versions 10.8 to 10.8.3 advertises support for several ECDHE-ECDSA ciphers but fails to negotiate them. When a Safari client connects to an OpenSSL-based server that has the attached patch (against the master branch) applied, the server will prefer other mutually

[openssl.org #2701] BN_generate_prime_ex can generate too large primes

2013-06-04 Thread Ben Laurie via RT
On Wed Feb 01 14:02:51 2012, dominik.oe...@informatik.hu-berlin.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi BN_generate_prime_ex can generate prime numbers larger than the specified bitsize. The problem can be reproduced using the following commands: [do@trinity tmp]$

Re: [openssl.org #3065] [PATCH] ec_private_key_dont_crash

2013-06-04 Thread Matt Caswell
On 4 June 2013 13:49, Adam Langley via RT r...@openssl.org wrote: This change saves several EC routines from crashing when an EC_KEY is missing a public key. The public key is optional in the EC private key format and, without this patch, running the following through `openssl ec` causes a

Re: [openssl.org #3065] [PATCH] ec_private_key_dont_crash

2013-06-04 Thread Matt Caswell via RT
On 4 June 2013 13:49, Adam Langley via RT r...@openssl.org wrote: This change saves several EC routines from crashing when an EC_KEY is missing a public key. The public key is optional in the EC private key format and, without this patch, running the following through `openssl ec` causes a

[openssl.org #3069] An enhancement to EC key generation to enable compact point representation

2013-06-04 Thread Andrey Jivsov via RT
A tweak to generate keys in a way that will enable the efficient point compression, described in http://tools.ietf.org/html/draft-jivsov-ecc-compact. This request doesn't change any format/API, doesn't introduce compression, and doesn't lower security. However, because the method to generate