Commits · 9fb523adce6fd6015b68da2ca8e4ac4900ac2be2 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

30 Oct, 2013 1 commit

Robin Seggelmann authored May 09, 2012

PR: 2808

With DTLS/SCTP the SCTP extension SCTP-AUTH is used to protect DATA and
FORWARD-TSN chunks. The key for this extension is derived from the
master secret and changed with the next ChangeCipherSpec, whenever a new
key has been negotiated. The following Finished then already uses the
new key. Unfortunately, the ChangeCipherSpec and Finished are part of
the same flight as the ClientKeyExchange, which is necessary for the
computation of the new secret. Hence, these messages are sent
immediately following each other, leaving the server very little time to
compute the new secret and pass it to SCTP before the finished arrives.
So the Finished is likely to be discarded by SCTP and a retransmission
becomes necessary. To prevent this issue, the Finished of the client is
still sent with the old key.

9fb523ad

21 Oct, 2013 1 commit
- Remove unused variable. · cecf4d98
  Ben Laurie authored Oct 21, 2013
  
  cecf4d98
20 Oct, 2013 6 commits

Fix another gmt_unix_time case in server_random · 070e40e2
Nick Mathewson authored Oct 20, 2013

070e40e2

Do not include a timestamp in the Client/ServerHello Random field. · d757097b

Nick Mathewson authored Oct 20, 2013

Instead, send random bytes, unless SSL_SEND_{CLIENT,SERVER}RANDOM_MODE
is set.

This is a forward-port of commits:
  4af79303
  f4c93b46
  3da721da
  25832701

While the gmt_unix_time record was added in an ostensible attempt to
mitigate the dangers of a bad RNG, its presence leaks the host's view
of the current time in the clear.  This minor leak can help
fingerprint TLS instances across networks and protocols... and what's
worse, it's doubtful thet the gmt_unix_time record does any good at
all for its intended purpose, since:

    * It's quite possible to open two TLS connections in one second.

    * If the PRNG output is prone to repeat itself, ephemeral
      handshakes (and who knows what else besides) are broken.

d757097b

Remove gratuitous patent references · 7b112c27
Steve Marquess authored Oct 15, 2013

7b112c27
Fix no-ssl-trace · 03ee8c2e
Dr. Stephen Henson authored Oct 17, 2013

03ee8c2e

Prevent use of RSA+MD5 in TLS 1.2 by default. · 3495842b

Dr. Stephen Henson authored Oct 15, 2013

Removing RSA+MD5 from the default signature algorithm list
prevents its use by default.

If a broken implementation attempts to use RSA+MD5 anyway the sanity
checking of signature algorithms will cause a fatal alert.
(cherry picked from commit 77a0f740d00ecf8f6b01c0685a2f858c3f65a3dd)

3495842b

Add clang debug target. · face65da
Ben Laurie authored Oct 20, 2013

face65da

15 Oct, 2013 5 commits
- PPC assembly pack: make new .size directives profiler-friendly. · e41a49c6
  Andy Polyakov authored Oct 15, 2013
```
Suggested by: Anton Blanchard
(cherry picked from commit 76c15d79)
```
  e41a49c6
- Add brainpool curves to NID table too. · 3a55a42b
  Dr. Stephen Henson authored Oct 15, 2013
```
(cherry picked from commit 6699cb84)
```
  3a55a42b
- Fix warning. · 72550c52
  Dr. Stephen Henson authored Oct 15, 2013
```
(cherry picked from commit f6983769c1bcd6c3c6b6bbfbbc41848f6dccf127)
```
  72550c52
- Add test vectors from RFC7027 · a9d0c56d
  Dr. Stephen Henson authored Oct 15, 2013
```
(cherry picked from commit 8ba2d4ed7f128e400693562efd35985068c45e4d)
```
  a9d0c56d
- RFC7027 (Brainpool for TLS) support. · 469bcb0c
  Dr. Stephen Henson authored Oct 14, 2013
```
(cherry picked from commit 695e8c36528f9c3275f5f56e9633ac6a0c11f2e3)
```
  469bcb0c
14 Oct, 2013 2 commits

PPC assembly pack: update from master branch. · 43ce9cdd

Andy Polyakov authored Oct 15, 2013

Includes multiple updates: AES module to comply with more ABI
flavors, SHA512 for PPC32, .size directives.

43ce9cdd

Add support for Cygwin-x86_64. · 011f8989
Andy Polyakov authored Sep 15, 2013
```
PR: 3110
Submitted by Corinna Vinschen.
(cherry picked from commit b3ef742c)
```
011f8989

13 Oct, 2013 2 commits

Initial aarch64 bits. · 958608ca
Andy Polyakov authored Oct 13, 2013
```
(cherry picked from commit 039081b8)
```
958608ca

MIPS assembly pack: get rid of deprecated instructions. · 1aecb23f

Andy Polyakov authored Oct 13, 2013

Latest MIPS ISA specification declared 'branch likely' instructions
obsolete. To makes code future-proof replace them with equivalent.
(cherry picked from commit 0c2adb0a)

1aecb23f

12 Oct, 2013 1 commit
- aes/asm/bsaes-x86_64.pl: update from master. · 9ed6fba2
  Andy Polyakov authored Oct 12, 2013
```
Performance improvement and Windows-specific bugfix (PR#3139).
```
  9ed6fba2
10 Oct, 2013 1 commit
- bn/asm/rsax-avx2.pl: minor optimization [for Decoded ICache]. · df5c435c
  Andy Polyakov authored Oct 10, 2013
```
(cherry picked from commit fa104be3)
```
  df5c435c
07 Oct, 2013 1 commit
- Constification. · 1ebaf97c
  Ben Laurie authored Oct 07, 2013
  
  1ebaf97c
05 Oct, 2013 3 commits
- Merge branch 'OpenSSL_1_0_2-stable' into pre-aead · c8c6914a
  Ben Laurie authored Oct 05, 2013
  
  c8c6914a
- evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms. · c99028f2
  Andy Polyakov authored Oct 03, 2013
```
Submitted by: Yuriy Kaminskiy
(cherry picked from commit 524b00c0)
```
  c99028f2
- perlasm/sparcv9_modes.pl: make it work even with seasoned perl. · 90d8c586
  Andy Polyakov authored Oct 03, 2013
```
PR: 3130
(cherry picked from commit 6b2cae0c)
```
  90d8c586
04 Oct, 2013 3 commits
- Merge branch 'OpenSSL_1_0_2-stable' into agl-1.0.2aead · 2d5dd00f
  Ben Laurie authored Oct 04, 2013
  
  2d5dd00f
- Tidy. · cb521838
  Ben Laurie authored Oct 04, 2013
  
  cb521838
- Merge branch 'OpenSSL_1_0_2-stable' into agl-1.0.2aead · ab3b624b
  Ben Laurie authored Oct 04, 2013
  
  ab3b624b
03 Oct, 2013 3 commits
- Make it build and test. · 7c81de9a
  Ben Laurie authored Oct 03, 2013
  
  7c81de9a
- evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms. · 4dfac659
  Andy Polyakov authored Oct 03, 2013
```
Submitted by: Yuriy Kaminskiy
(cherry picked from commit 524b00c0)
```
  4dfac659
- perlasm/sparcv9_modes.pl: make it work even with seasoned perl. · 66e0f9db
  Andy Polyakov authored Oct 03, 2013
```
PR: 3130
(cherry picked from commit 6b2cae0c)
```
  66e0f9db
01 Oct, 2013 11 commits
- AEAD Tests. · a2eef419
  Adam Langley authored Sep 20, 2013
```
Add tests for AEAD functions: AES-128-GCM, AES-256-GCM and
ChaCha20+Poly1305.
```
  a2eef419
- chacha20poly1305 · 9a864651
  Adam Langley authored Sep 09, 2013
```
Add support for Chacha20 + Poly1305.
```
  9a864651
- Use AEAD for AES-GCM. · fa03d011
  Adam Langley authored Sep 04, 2013
```
Switches AES-GCM ciphersuites to use AEAD interfaces.
```
  fa03d011
- AEAD support in ssl/ · 03614034
  Adam Langley authored Jul 25, 2013
```
This change allows AEADs to be used in ssl/ to implement SSL/TLS
ciphersuites.
```
  03614034
- AEAD support. · 444b1d41
  Adam Langley authored Jul 25, 2013
```
This change adds an AEAD interface to EVP and an AES-GCM implementation
suitable for use in TLS.
```
  444b1d41
- Rework tls1_change_cipher_state. · 4055ca1f
  Adam Langley authored Oct 01, 2013
```
The previous version of the function made adding AEAD changes very
difficult. This change should be a semantic no-op - it should be purely
a cleanup.
```
  4055ca1f
- Constification. · 7a216dfe
  Ben Laurie authored Oct 01, 2013
  
  7a216dfe
- Update cms docs. · a78b21fc
  Dr. Stephen Henson authored Aug 05, 2013
```
(cherry picked from commit dfcb42c6)
```
  a78b21fc
- Correctly test for no-ec. · a808002b
  Ben Laurie authored Aug 21, 2013
```
(cherry picked from commit d5605699)
```
  a808002b
- Don't run ECDH CMS tests if EC disabled. · 2fc368c1
  Dr. Stephen Henson authored Aug 17, 2013
```
(cherry picked from commit b85f8afe)
```
  2fc368c1
- Add X9.42 DH test. · 6ed3af7d
  Dr. Stephen Henson authored Aug 02, 2013
```
(cherry picked from commit bbc098ff)
```
  6ed3af7d