Import OpenSSL 1.0.2s

2019-06-17 08:41:08 -07:00
parent 4155d3c2bd
commit e6c823a7e5
125 changed files with 136502 additions and 136422 deletions
--- a/doc/crypto/PKCS12_parse.pod
+++ b/doc/crypto/PKCS12_parse.pod
@@ -8,7 +8,8 @@ PKCS12_parse - parse a PKCS#12 structure

 #include <openssl/pkcs12.h>

-int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
+ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+                  STACK_OF(X509) **ca);

 =head1 DESCRIPTION

--- a/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
+++ b/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
@@ -109,7 +109,12 @@ L<ERR_get_error(3)|ERR_get_error(3)>.
 The RSA_padding_check_PKCS1_type_2() padding check leaks timing
 information which can potentially be used to mount a Bleichenbacher
 padding oracle attack. This is an inherent weakness in the PKCS #1
-v1.5 padding design. Prefer PKCS1_OAEP padding.
+v1.5 padding design. Prefer PKCS1_OAEP padding. Otherwise it can
+be recommended to pass zero-padded B<f>, so that B<fl> equals to
+B<rsa_len>, and if fixed by protocol, B<tlen> being set to the
+expected length. In such case leakage would be minimal, it would
+take attacker's ability to observe memory access pattern with byte
+granilarity as it occurs, post-factum timing analysis won't do.

 =head1 SEE ALSO

--- a/doc/crypto/X509_NAME_ENTRY_get_object.pod
+++ b/doc/crypto/X509_NAME_ENTRY_get_object.pod
@@ -44,9 +44,6 @@ X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be
 used to examine an B<X509_NAME_ENTRY> function as returned by 
 X509_NAME_get_entry() for example.

-X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID(),
-and X509_NAME_ENTRY_create_by_OBJ() create and return an 
-
 X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(),
 X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data()
 are seldom used in practice because B<X509_NAME_ENTRY> structures
--- a/doc/crypto/X509_cmp_time.pod
+++ b/doc/crypto/X509_cmp_time.pod
@@ -0,0 +1,39 @@
+=pod
+
+=head1 NAME
+
+X509_cmp_time - X509 time functions
+
+=head1 SYNOPSIS
+
+ X509_cmp_time(const ASN1_TIME *asn1_time, time_t *cmp_time);
+
+=head1 DESCRIPTION
+
+X509_cmp_time() compares the ASN1_TIME in B<asn1_time> with the time in
+<cmp_time>.
+
+B<asn1_time> must satisfy the ASN1_TIME format mandated by RFC 5280, i.e.,
+its format must be either YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ.
+
+If B<cmp_time> is NULL the current time is used.
+
+=head1 BUGS
+
+Unlike many standard comparison functions, X509_cmp_time returns 0 on error.
+
+=head1 RETURN VALUES
+
+X509_cmp_time() returns -1 if B<asn1_time> is earlier than, or equal to,
+B<cmp_time>, and 1 otherwise. It returns 0 on error.
+
+=head1 COPYRIGHT
+
+Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut