summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Add morphologybaserock/larswirzenius/morphLars Wirzenius2013-09-231-0/+10
|
* use 10240 for record sizeOpenSSL_1_0_1eDr. Stephen Henson2013-02-111-1/+1
| | | | Workaround for non-compliant tar files sometimes created by "make dist".
* prepare for releaseDr. Stephen Henson2013-02-115-6/+7
|
* Update NEWSDr. Stephen Henson2013-02-111-0/+4
|
* FAQ/README: we are now using Git instead of CVSLutz Jaenicke2013-02-113-4/+4
|
* sparccpuid.S: work around emulator bug on T1.Andy Polyakov2013-02-111-2/+2
| | | | (cherry picked from commit 3caeef94bd045608af03b061643992e3afd9c445)
* ssl/*: fix linking errors with no-srtp.Andy Polyakov2013-02-095-6/+39
|
* ssl/s3_[clnt|srvr].c: fix warnings.Andy Polyakov2013-02-092-0/+6
|
* s3_cbc.c: make CBC_MAC_ROTATE_IN_PLACE universal.Andy Polyakov2013-02-081-8/+9
| | | | (cherry picked from commit f93a41877d8d7a287debb7c63d7b646abaaf269c)
* s3_cbc.c: get rid of expensive divisions [from master].Andy Polyakov2013-02-081-14/+21
| | | | (cherry picked from commit e9baceab5a385e570706ca98dec768b2d89d1ac6)
* e_aes_cbc_hmac_sha1.c: fine-tune cache line alignment.Andy Polyakov2013-02-081-1/+1
| | | | With previous commit it also ensures that valgrind is happy.
* Add clang target.Ben Laurie2013-02-071-0/+1
|
* Remove extraneous brackets (clang doesn't like them).Ben Laurie2013-02-071-1/+1
|
* e_aes_cbc_hmac_sha1.c: align calculated MAC at cache line.Andy Polyakov2013-02-071-36/+43
|
* ssl/[d1|s3]_pkt.c: harmomize orig_len handling.Andy Polyakov2013-02-072-2/+6
|
* Fix IV check and padding removal.Dr. Stephen Henson2013-02-071-21/+12
| | | | | | | Fix the calculation that checks there is enough room in a record after removing padding and optional explicit IV. (by Steve) For AEAD remove the correct number of padding bytes (by Andy)
* Fix for EXP-RC2-CBC-MD5Adam Langley2013-02-062-9/+47
| | | | | | MD5 should use little endian order. Fortunately the only ciphersuite affected is EXP-RC2-CBC-MD5 (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) which is a rarely used export grade ciphersuite.
* prepare for next versionDr. Stephen Henson2013-02-064-5/+9
|
* typoOpenSSL_1_0_1dDr. Stephen Henson2013-02-041-1/+1
|
* Prepare for release.Dr. Stephen Henson2013-02-044-5/+6
|
* typoDr. Stephen Henson2013-02-041-2/+2
|
* make updateDr. Stephen Henson2013-02-043-33/+53
|
* Fix error codes.Dr. Stephen Henson2013-02-045-3/+5
|
* Reword NEWS entry.Dr. Stephen Henson2013-02-041-1/+1
|
* Update NEWSDr. Stephen Henson2013-02-041-0/+2
|
* Add CHANGES entries.Dr. Stephen Henson2013-02-041-0/+21
|
* e_aes_cbc_hmac_sha1.c: cleanse temporary copy of HMAC secret.Andy Polyakov2013-02-031-0/+2
|
* bn_word.c: fix overflow bug in BN_add_word.Andy Polyakov2013-02-021-17/+8
| | | | (cherry picked from commit 134c00659a1bc67ad35a1e4620e16bc4315e6e37)
* x86_64 assembly pack: keep making Windows build more robust.Andy Polyakov2013-02-022-2/+4
| | | | | PR: 2963 and a number of others (cherry picked from commit 4568182a8b8cbfd15cbc175189029ac547bd1762)
* e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues.Andy Polyakov2013-02-024-40/+208
| | | | Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch.
* Merge remote-tracking branch 'origin/OpenSSL_1_0_1-stable' into ↵Ben Laurie2013-02-010-0/+0
|\ | | | | | | OpenSSL_1_0_1-stable
| * ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility.Andy Polyakov2013-02-017-31/+38
| | | | | | | | | | Kludge alert. This is arranged by passing padding length in unused bits of SSL3_RECORD->type, so that orig_len can be reconstructed.
* | ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility.Andy Polyakov2013-02-017-31/+38
|/
* Don't access EVP_MD_CTX internals directly.Dr. Stephen Henson2013-02-011-2/+2
|
* s3/s3_cbc.c: allow for compilations with NO_SHA256|512.Andy Polyakov2013-02-011-1/+18
|
* ssl/s3_cbc.c: md_state alignment portability fix.Andy Polyakov2013-02-011-15/+16
| | | | | RISCs are picky and alignment granted by compiler for md_state can be insufficient for SHA512.
* ssl/s3_cbc.c: uint64_t portability fix.Andy Polyakov2013-02-011-11/+6
| | | | | | Break dependency on uint64_t. It's possible to declare bits as unsigned int, because TLS packets are limited in size and 32-bit value can't overflow.
* typo.Dr. Stephen Henson2013-01-311-1/+1
|
* Merge branch 'ben/timing-1.0.1' into OpenSSL_1_0_1-stableDr. Stephen Henson2013-01-314-0/+63
|\
| * Add ordinal for CRYPTO_memcmp: since this will affect multipleDr. Stephen Henson2013-01-311-0/+1
| | | | | | | | branches it needs to be in a "gap".
| * Timing fix mitigation for FIPS mode.Dr. Stephen Henson2013-01-313-0/+62
| | | | | | | | | | | | | | | | We have to use EVP in FIPS mode so we can only partially mitigate timing differences. Make an extra call to EVP_DigestSignUpdate to hash additonal blocks to cover any timing differences caused by removal of padding.
* | Update NEWSDr. Stephen Henson2013-01-311-0/+1
| |
* | Don't try and verify signatures if key is NULL (CVE-2013-0166)Dr. Stephen Henson2013-01-293-3/+16
|/ | | | Add additional check to catch this in ASN1_item_verify too.
* Oops. Add missing file.Ben Laurie2013-01-281-0/+696
|
* Update DTLS code to match CBC decoding in TLS.Ben Laurie2013-01-285-57/+67
| | | | | This change updates the DTLS code to match the constant-time CBC behaviour in the TLS.
* Don't crash when processing a zero-length, TLS >= 1.1 record.Ben Laurie2013-01-285-7/+24
| | | | | | | The previous CBC patch was bugged in that there was a path through enc() in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left at the previous value which could suggest that the packet was a sufficient length when it wasn't.
* Make CBC decoding constant time.Ben Laurie2013-01-289-197/+214
| | | | | | | | | | | | | This patch makes the decoding of SSLv3 and TLS CBC records constant time. Without this, a timing side-channel can be used to build a padding oracle and mount Vaudenay's attack. This patch also disables the stitched AESNI+SHA mode pending a similar fix to that code. In order to be easy to backport, this change is implemented in ssl/, rather than as a generic AEAD mode. In the future this should be changed around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
* Add and use a constant-time memcmp.Ben Laurie2013-01-289-8/+27
| | | | | | | This change adds CRYPTO_memcmp, which compares two vectors of bytes in an amount of time that's independent of their contents. It also changes several MAC compares in the code to use this over the standard memcmp, which may leak information about the size of a matching prefix.
* Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP setDr. Stephen Henson2013-01-231-0/+2
|
* x86_64 assembly pack: make Windows build more robust [from master].Andy Polyakov2013-01-2216-16/+32
| | | | PR: 2963 and a number of others
View Lorry Controller Status