Commits · 6a14feb048c0b7ad4da341fca364171e273da325 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Feb 12, 2013
- Check DTLS_BAD_VER for version number. · 6a14feb0
  David Woodhouse authored Feb 12, 2013
```
Need to check DTLS_BAD_VER as well as DTLS1_VERSION.
PR:2984
```
  6a14feb0
Feb 11, 2013
- Fix in ssltest is no-ssl2 configured · 02c54f7c
  Dr. Stephen Henson authored Feb 11, 2013
```
(cherry picked from commit cbf9b4ae)
```
  02c54f7c
- Fix for SSL_get_certificate · 243dac0a
  Dr. Stephen Henson authored Feb 11, 2013
```
Now we set the current certificate to the one used by a server
there is no need to call ssl_get_server_send_cert which will
fail if we haven't sent a certificate yet.
(cherry picked from commit 147dbb2f)
```
  243dac0a
- FAQ/README: we are now using Git instead of CVS · da018b12
  Lutz Jaenicke authored Feb 11, 2013
```
(cherry picked from commit f88dbb83)
```
  da018b12
- sparccpuid.S: work around emulator bug on T1. · e9554f7f
  Andy Polyakov authored Feb 11, 2013
```
(cherry picked from commit 3caeef94)
```
  e9554f7f
Feb 09, 2013
- ssl/s3_[clnt|srvr].c: fix warnings and linking error. · 71a1ac93
  Andy Polyakov authored Feb 09, 2013
  
  71a1ac93
Feb 08, 2013
- s3_cbc.c: make CBC_MAC_ROTATE_IN_PLACE universal. · 6a2f94b3
  Andy Polyakov authored Feb 08, 2013
```
(cherry picked from commit f93a4187)
```
  6a2f94b3
- s3_cbc.c: get rid of expensive divisions [from master]. · 6ba1d561
  Andy Polyakov authored Feb 08, 2013
```
(cherry picked from commit e9baceab)
```
  6ba1d561
- ssl/[d1|s3]_pkt.c: harmomize orig_len handling. · f73546df
  Andy Polyakov authored Feb 07, 2013
```
(cherry picked from commit 8545f73b)
```
  f73546df
- Fix IV check and padding removal. · be125aa5
  Dr. Stephen Henson authored Feb 07, 2013
```
Fix the calculation that checks there is enough room in a record
after removing padding and optional explicit IV. (by Steve)

For AEAD remove the correct number of padding bytes (by Andy)
(cherry picked from commit 32cc2479)

Resolved conflicts:

	ssl/s3_cbc.c
```
  be125aa5
Feb 07, 2013

ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility. · 413cbfe6

Andy Polyakov authored Feb 01, 2013

Kludge alert. This is arranged by passing padding length in unused
bits of SSL3_RECORD->type, so that orig_len can be reconstructed.
(cherry picked from commit 8bfd4c65)

413cbfe6

Feb 06, 2013

Fix for EXP-RC2-CBC-MD5 · ee463921

Adam Langley authored Feb 06, 2013

MD5 should use little endian order. Fortunately the only ciphersuite
affected is EXP-RC2-CBC-MD5 (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) which
is a rarely used export grade ciphersuite.

ee463921

prepare for next version · 76e7744b
Dr. Stephen Henson authored Feb 06, 2013

76e7744b

Feb 05, 2013

prepare for release · d9e048ce
Dr. Stephen Henson authored Feb 04, 2013

OpenSSL_1_0_0k

d9e048ce
make update · 65a9383e
Dr. Stephen Henson authored Feb 04, 2013

65a9383e
Add ordinal for CRYPTO_memcmp: since this will affect multiple · c6b82f7e
Dr. Stephen Henson authored Jan 31, 2013
```
branches it needs to be in a "gap".
(cherry picked from commit 81ce0e14)
```
c6b82f7e
Fix error codes. · 25590043
Dr. Stephen Henson authored Feb 04, 2013
```
(cherry picked from commit 35d732fc)
```
25590043
Update CHANGES and NEWS · 8a5d624d
Dr. Stephen Henson authored Feb 04, 2013

8a5d624d
bn_word.c: fix overflow bug in BN_add_word. · ae4a75ce
Andy Polyakov authored Nov 09, 2012
```
(cherry picked from commit 134c0065)
```
ae4a75ce
x86_64 assembly pack: keep making Windows build more robust. · 2e884ce1
Andy Polyakov authored Feb 02, 2013
```
PR: 2963 and a number of others
(cherry picked from commit 4568182a)
```
2e884ce1
update NEWS · da8f1b73
Dr. Stephen Henson authored Feb 01, 2013

da8f1b73
s3/s3_cbc.c: allow for compilations with NO_SHA256|512. · 33f44acb
Andy Polyakov authored Feb 01, 2013
```
(cherry picked from commit d5371324)
```
33f44acb

ssl/s3_cbc.c: md_state alignment portability fix. · 11c48a0f

Andy Polyakov authored Feb 01, 2013

RISCs are picky and alignment granted by compiler for md_state can be
insufficient for SHA512.
(cherry picked from commit 36260233)

11c48a0f

ssl/s3_cbc.c: uint64_t portability fix. · 3cdaca24

Andy Polyakov authored Feb 01, 2013

Break dependency on uint64_t. It's possible to declare bits as
unsigned int, because TLS packets are limited in size and 32-bit
value can't overflow.
(cherry picked from commit cab13fc8)

3cdaca24

Update DTLS code to match CBC decoding in TLS. · b23da291

Ben Laurie authored Jan 28, 2013

This change updates the DTLS code to match the constant-time CBC
behaviour in the TLS.
(cherry picked from commit 9f27de17)

b23da291

Don't crash when processing a zero-length, TLS >= 1.1 record. · 610dfc3e

Ben Laurie authored Jan 28, 2013

The previous CBC patch was bugged in that there was a path through enc()
in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left
at the previous value which could suggest that the packet was a
sufficient length when it wasn't.
(cherry picked from commit 6cb19b76)

610dfc3e

Fixups from previous commit. · 080f3953
Ben Laurie authored Jan 29, 2013

080f3953
Oops. Add missing file. · f852b607
Ben Laurie authored Jan 28, 2013
```
(cherry picked from commit 014265eb)
```
f852b607
Add a target so I can build this. · e2356454
Ben Laurie authored Jan 29, 2013

e2356454

Make CBC decoding constant time. · e5420be6

Ben Laurie authored Jan 28, 2013

This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841b)

Conflicts:
	crypto/evp/c_allc.c
	ssl/ssl_algs.c
	ssl/ssl_locl.h
	ssl/t1_enc.c

e5420be6

Add and use a constant-time memcmp. · 9c00a950

Ben Laurie authored Jan 28, 2013

This change adds CRYPTO_memcmp, which compares two vectors of bytes in
an amount of time that's independent of their contents. It also changes
several MAC compares in the code to use this over the standard memcmp,
which may leak information about the size of a matching prefix.
(cherry picked from commit 2ee79888)

Conflicts:
	crypto/crypto.h
	ssl/t1_lib.c

9c00a950

Don't try and verify signatures if key is NULL (CVE-2013-0166) · ebc71865
Dr. Stephen Henson authored Jan 24, 2013
```
Add additional check to catch this in ASN1_item_verify too.
```
ebc71865

Jan 23, 2013
- Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set · 1dfa62d4
  Dr. Stephen Henson authored Jan 23, 2013
  
  1dfa62d4
Jan 22, 2013
- x86_64 assembly pack: make Windows build more robust [from master]. · 8c6364e1
  Andy Polyakov authored Jan 22, 2013
```
PR: 2963 and a number of others
```
  8c6364e1
Jan 20, 2013
- Don't include comp.h if no-comp set. · 98c2e937
  Dr. Stephen Henson authored Jan 20, 2013
  
  98c2e937
Jan 19, 2013
- engines/ccgost: GOST fixes [from master]. · c053e538
  Andy Polyakov authored Jan 19, 2013
```
Submitted by: Dmitry Belyavsky, Seguei Leontiev
PR: 2821
```
  c053e538
- .gitignore adjustments · 63866472
  Andy Polyakov authored Jan 19, 2013
  
  63866472
Jan 13, 2013
- Correct EVP_PKEY_verifyrecover to EVP_PKEY_verify_recover (RT 2955). · 4b24b754
  Ben Laurie authored Jan 12, 2013
  
  4b24b754
- Add .gitignore · bfff2cc1
  Dr. Stephen Henson authored Jan 13, 2013
  
  bfff2cc1
Dec 30, 2012
- make no-comp compile · d8b17771
  Dr. Stephen Henson authored Dec 30, 2012
  
  d8b17771