Commits · 413cbfe68d83f9afc726b7234c49bd5ccddb97b4 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Feb 07, 2013

ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility. · 413cbfe6

Andy Polyakov authored Feb 01, 2013

Kludge alert. This is arranged by passing padding length in unused
bits of SSL3_RECORD->type, so that orig_len can be reconstructed.
(cherry picked from commit 8bfd4c65)

413cbfe6

Feb 06, 2013

Fix for EXP-RC2-CBC-MD5 · ee463921

Adam Langley authored Feb 06, 2013

MD5 should use little endian order. Fortunately the only ciphersuite
affected is EXP-RC2-CBC-MD5 (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) which
is a rarely used export grade ciphersuite.

ee463921

prepare for next version · 76e7744b
Dr. Stephen Henson authored Feb 06, 2013

76e7744b

Feb 05, 2013

prepare for release · d9e048ce
Dr. Stephen Henson authored Feb 04, 2013

OpenSSL_1_0_0k

d9e048ce
make update · 65a9383e
Dr. Stephen Henson authored Feb 04, 2013

65a9383e
Add ordinal for CRYPTO_memcmp: since this will affect multiple · c6b82f7e
Dr. Stephen Henson authored Jan 31, 2013
```
branches it needs to be in a "gap".
(cherry picked from commit 81ce0e14)
```
c6b82f7e
Fix error codes. · 25590043
Dr. Stephen Henson authored Feb 04, 2013
```
(cherry picked from commit 35d732fc)
```
25590043
Update CHANGES and NEWS · 8a5d624d
Dr. Stephen Henson authored Feb 04, 2013

8a5d624d
bn_word.c: fix overflow bug in BN_add_word. · ae4a75ce
Andy Polyakov authored Nov 09, 2012
```
(cherry picked from commit 134c0065)
```
ae4a75ce
x86_64 assembly pack: keep making Windows build more robust. · 2e884ce1
Andy Polyakov authored Feb 02, 2013
```
PR: 2963 and a number of others
(cherry picked from commit 4568182a)
```
2e884ce1
update NEWS · da8f1b73
Dr. Stephen Henson authored Feb 01, 2013

da8f1b73
s3/s3_cbc.c: allow for compilations with NO_SHA256|512. · 33f44acb
Andy Polyakov authored Feb 01, 2013
```
(cherry picked from commit d5371324)
```
33f44acb

ssl/s3_cbc.c: md_state alignment portability fix. · 11c48a0f

Andy Polyakov authored Feb 01, 2013

RISCs are picky and alignment granted by compiler for md_state can be
insufficient for SHA512.
(cherry picked from commit 36260233)

11c48a0f

ssl/s3_cbc.c: uint64_t portability fix. · 3cdaca24

Andy Polyakov authored Feb 01, 2013

Break dependency on uint64_t. It's possible to declare bits as
unsigned int, because TLS packets are limited in size and 32-bit
value can't overflow.
(cherry picked from commit cab13fc8)

3cdaca24

Update DTLS code to match CBC decoding in TLS. · b23da291

Ben Laurie authored Jan 28, 2013

This change updates the DTLS code to match the constant-time CBC
behaviour in the TLS.
(cherry picked from commit 9f27de17)

b23da291

Don't crash when processing a zero-length, TLS >= 1.1 record. · 610dfc3e

Ben Laurie authored Jan 28, 2013

The previous CBC patch was bugged in that there was a path through enc()
in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left
at the previous value which could suggest that the packet was a
sufficient length when it wasn't.
(cherry picked from commit 6cb19b76)

610dfc3e

Fixups from previous commit. · 080f3953
Ben Laurie authored Jan 29, 2013

080f3953
Oops. Add missing file. · f852b607
Ben Laurie authored Jan 28, 2013
```
(cherry picked from commit 014265eb)
```
f852b607
Add a target so I can build this. · e2356454
Ben Laurie authored Jan 29, 2013

e2356454

Make CBC decoding constant time. · e5420be6

Ben Laurie authored Jan 28, 2013

This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841b)

Conflicts:
	crypto/evp/c_allc.c
	ssl/ssl_algs.c
	ssl/ssl_locl.h
	ssl/t1_enc.c

e5420be6

Add and use a constant-time memcmp. · 9c00a950

Ben Laurie authored Jan 28, 2013

This change adds CRYPTO_memcmp, which compares two vectors of bytes in
an amount of time that's independent of their contents. It also changes
several MAC compares in the code to use this over the standard memcmp,
which may leak information about the size of a matching prefix.
(cherry picked from commit 2ee79888)

Conflicts:
	crypto/crypto.h
	ssl/t1_lib.c

9c00a950

Don't try and verify signatures if key is NULL (CVE-2013-0166) · ebc71865
Dr. Stephen Henson authored Jan 24, 2013
```
Add additional check to catch this in ASN1_item_verify too.
```
ebc71865

Jan 23, 2013
- Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set · 1dfa62d4
  Dr. Stephen Henson authored Jan 23, 2013
  
  1dfa62d4
Jan 22, 2013
- x86_64 assembly pack: make Windows build more robust [from master]. · 8c6364e1
  Andy Polyakov authored Jan 22, 2013
```
PR: 2963 and a number of others
```
  8c6364e1
Jan 20, 2013
- Don't include comp.h if no-comp set. · 98c2e937
  Dr. Stephen Henson authored Jan 20, 2013
  
  98c2e937
Jan 19, 2013
- engines/ccgost: GOST fixes [from master]. · c053e538
  Andy Polyakov authored Jan 19, 2013
```
Submitted by: Dmitry Belyavsky, Seguei Leontiev
PR: 2821
```
  c053e538
- .gitignore adjustments · 63866472
  Andy Polyakov authored Jan 19, 2013
  
  63866472
Jan 13, 2013
- Correct EVP_PKEY_verifyrecover to EVP_PKEY_verify_recover (RT 2955). · 4b24b754
  Ben Laurie authored Jan 12, 2013
  
  4b24b754
- Add .gitignore · bfff2cc1
  Dr. Stephen Henson authored Jan 13, 2013
  
  bfff2cc1
Dec 30, 2012
- make no-comp compile · d8b17771
  Dr. Stephen Henson authored Dec 30, 2012
  
  d8b17771
Dec 23, 2012
- add missing \n · d985a68c
  Dr. Stephen Henson authored Dec 23, 2012
  
  d985a68c
Dec 10, 2012

PR: 2888 · 8dad8bc4

Dr. Stephen Henson authored Dec 10, 2012

Reported by: Daniel Black <daniel.black@openquery.com>

Support renewing session tickets (backport from HEAD).

8dad8bc4

Dec 06, 2012
- Fix two bugs which affect delta CRL handling: · 235e76bc
  Dr. Stephen Henson authored Dec 06, 2012
```
Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.
```
  235e76bc
Dec 04, 2012
- check mval for NULL too · d38c549e
  Dr. Stephen Henson authored Dec 04, 2012
  
  d38c549e
Dec 03, 2012
- fix leak · 55818918
  Dr. Stephen Henson authored Dec 03, 2012
  
  55818918
Nov 29, 2012

PR: 2803 · 77ada38d

Dr. Stephen Henson authored Nov 29, 2012

Submitted by: jean-etienne.schwartz@bull.net

In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.

77ada38d

Nov 22, 2012
- reject zero length point format list or supported curves extensions · 8124ebcd
  Dr. Stephen Henson authored Nov 22, 2012
  
  8124ebcd
Nov 21, 2012

PR: 2908 · 04fde202

Dr. Stephen Henson authored Nov 21, 2012

Submitted by: Dmitry Belyavsky <beldmit@gmail.com>

Fix DH double free if parameter generation fails.

04fde202

Nov 20, 2012
- fix leaks · 6bd61198
  Dr. Stephen Henson authored Nov 20, 2012
  
  6bd61198
Nov 19, 2012
- correct docs · 23b5e47f
  Dr. Stephen Henson authored Nov 19, 2012
  
  23b5e47f