Commits · 2583270191a8b27eed303c03ece1da97b9b69fd3 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Oct 09, 2013

Control sending time with SSL_SEND_{CLIENT,SERVER}RANDOM_MODE · 25832701

Nick Mathewson authored Oct 09, 2013

(I'd rather use an option, but it appears that the options field is
full.)

Now, we send the time in the gmt_unix_time field if the appropriate
one of these mode options is set, but randomize the field if the flag
is not set.

25832701

Refactor {client,server}_random to call an intermediate function · 3da721da
Nick Mathewson authored Oct 09, 2013
```
I'll be using this to make an option for randomizing the time.
```
3da721da

Sep 16, 2013

Do not include a timestamp in the ServerHello Random field. · f4c93b46
Nick Mathewson authored Sep 16, 2013
```
Instead, send random bytes.
```
f4c93b46

Do not include a timestamp in the ClientHello Random field. · 4af79303

Nick Mathewson authored Sep 07, 2013

Instead, send random bytes.

While the gmt_unix_time record was added in an ostensible attempt to
mitigate the dangers of a bad RNG, its presence leaks the host's view
of the current time in the clear.  This minor leak can help
fingerprint TLS instances across networks and protocols... and what's
worse, it's doubtful thet the gmt_unix_time record does any good at
all for its intended purpose, since:

    * It's quite possible to open two TLS connections in one second.
    * If the PRNG output is prone to repeat itself, ephemeral
    * handshakes (and who knows what else besides) are broken.

4af79303

Feb 11, 2013
- use 10240 for record size · 46ebd9e3
  Dr. Stephen Henson authored Feb 11, 2013
```
Workaround for non-compliant tar files sometimes created by "make dist".
```
  OpenSSL_1_0_1e
  
  46ebd9e3
- prepare for release · f66db68e
  Dr. Stephen Henson authored Feb 11, 2013
  
  f66db68e
- Update NEWS · 0c4b72e9
  Dr. Stephen Henson authored Feb 11, 2013
  
  0c4b72e9
- FAQ/README: we are now using Git instead of CVS · f88dbb83
  Lutz Jaenicke authored Feb 11, 2013
  
  f88dbb83
- sparccpuid.S: work around emulator bug on T1. · 1113fc31
  Andy Polyakov authored Feb 11, 2013
```
(cherry picked from commit 3caeef94)
```
  1113fc31
Feb 09, 2013
- ssl/*: fix linking errors with no-srtp. · 08981470
  Andy Polyakov authored Feb 09, 2013
  
  08981470
- ssl/s3_[clnt|srvr].c: fix warnings. · 4d8da30f
  Andy Polyakov authored Feb 09, 2013
  
  4d8da30f
Feb 08, 2013
- s3_cbc.c: make CBC_MAC_ROTATE_IN_PLACE universal. · 579f3a63
  Andy Polyakov authored Feb 08, 2013
```
(cherry picked from commit f93a4187)
```
  579f3a63
- s3_cbc.c: get rid of expensive divisions [from master]. · 47061af1
  Andy Polyakov authored Feb 08, 2013
```
(cherry picked from commit e9baceab)
```
  47061af1
- e_aes_cbc_hmac_sha1.c: fine-tune cache line alignment. · 13e22530
  Andy Polyakov authored Feb 08, 2013
```
With previous commit it also ensures that valgrind is happy.
```
  13e22530
- Add clang target. · 26bc56d0
  Ben Laurie authored Jan 26, 2013
  
  26bc56d0
- Remove extraneous brackets (clang doesn't like them). · 496681cd
  Ben Laurie authored Jan 19, 2013
  
  496681cd
Feb 07, 2013
- e_aes_cbc_hmac_sha1.c: align calculated MAC at cache line. · 746c6f3a
  Andy Polyakov authored Feb 07, 2013
  
  746c6f3a
- ssl/[d1|s3]_pkt.c: harmomize orig_len handling. · 8545f73b
  Andy Polyakov authored Feb 07, 2013
  
  8545f73b
- Fix IV check and padding removal. · 32cc2479
  Dr. Stephen Henson authored Feb 07, 2013
```
Fix the calculation that checks there is enough room in a record
after removing padding and optional explicit IV. (by Steve)

For AEAD remove the correct number of padding bytes (by Andy)
```
  32cc2479
Feb 06, 2013

Fix for EXP-RC2-CBC-MD5 · f306b87d

Adam Langley authored Feb 06, 2013

MD5 should use little endian order. Fortunately the only ciphersuite
affected is EXP-RC2-CBC-MD5 (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) which
is a rarely used export grade ciphersuite.

f306b87d

prepare for next version · 41cf07f0
Dr. Stephen Henson authored Feb 06, 2013

41cf07f0

Feb 04, 2013
- typo · 62f40333
  Dr. Stephen Henson authored Feb 04, 2013
  
  OpenSSL_1_0_1d
  
  62f40333
- Prepare for release. · f9f6a8f9
  Dr. Stephen Henson authored Feb 04, 2013
  
  f9f6a8f9
- typo · df0d9356
  Dr. Stephen Henson authored Feb 04, 2013
  
  df0d9356
- make update · 0d589ac1
  Dr. Stephen Henson authored Feb 04, 2013
  
  0d589ac1
- Fix error codes. · 35d732fc
  Dr. Stephen Henson authored Feb 04, 2013
  
  35d732fc
- Reword NEWS entry. · 896ddb98
  Dr. Stephen Henson authored Feb 04, 2013
  
  896ddb98
- Update NEWS · e630b3c2
  Dr. Stephen Henson authored Feb 04, 2013
  
  e630b3c2
- Add CHANGES entries. · f1ca56a6
  Dr. Stephen Henson authored Feb 04, 2013
  
  f1ca56a6
Feb 03, 2013
- e_aes_cbc_hmac_sha1.c: cleanse temporary copy of HMAC secret. · 529d27ea
  Andy Polyakov authored Feb 03, 2013
  
  529d27ea
Feb 02, 2013
- bn_word.c: fix overflow bug in BN_add_word. · b2226c6c
  Andy Polyakov authored Nov 09, 2012
```
(cherry picked from commit 134c0065)
```
  b2226c6c
- x86_64 assembly pack: keep making Windows build more robust. · 024de217
  Andy Polyakov authored Feb 02, 2013
```
PR: 2963 and a number of others
(cherry picked from commit 4568182a)
```
  024de217
- e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues. · 125093b5
  Andy Polyakov authored Feb 02, 2013
```
Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch.
```
  125093b5
Feb 01, 2013
- Merge remote-tracking branch 'origin/OpenSSL_1_0_1-stable' into OpenSSL_1_0_1-stable · f3e99ea0
  Ben Laurie authored Feb 01, 2013
  
  f3e99ea0
- ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility. · 8bfd4c65
  Andy Polyakov authored Feb 01, 2013
```
Kludge alert. This is arranged by passing padding length in unused
bits of SSL3_RECORD->type, so that orig_len can be reconstructed.
```
  8bfd4c65
- ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility. · ec07246a
  Andy Polyakov authored Feb 01, 2013
  
  ec07246a
- Don't access EVP_MD_CTX internals directly. · 04e45b52
  Dr. Stephen Henson authored Feb 01, 2013
  
  04e45b52
- s3/s3_cbc.c: allow for compilations with NO_SHA256|512. · d5371324
  Andy Polyakov authored Feb 01, 2013
  
  d5371324
- ssl/s3_cbc.c: md_state alignment portability fix. · 36260233
  Andy Polyakov authored Feb 01, 2013
```
RISCs are picky and alignment granted by compiler for md_state can be
insufficient for SHA512.
```
  36260233
- ssl/s3_cbc.c: uint64_t portability fix. · cab13fc8
  Andy Polyakov authored Feb 01, 2013
```
Break dependency on uint64_t. It's possible to declare bits as
unsigned int, because TLS packets are limited in size and 32-bit
value can't overflow.
```
  cab13fc8