Skip to content
  1. Feb 05, 2013
    • Ben Laurie's avatar
      Update DTLS code to match CBC decoding in TLS. · be885297
      Ben Laurie authored
      This change updates the DTLS code to match the constant-time CBC
      behaviour in the TLS.
      (cherry picked from commit 9f27de17)
      (cherry picked from commit 5e4ca556e970edb8a7f364fcb6ee6818a965a60b)
      
      Conflicts:
      	ssl/d1_enc.c
      	ssl/d1_pkt.c
      	ssl/s3_pkt.c
      be885297
    • Ben Laurie's avatar
      Don't crash when processing a zero-length, TLS >= 1.1 record. · b3a959a3
      Ben Laurie authored
      The previous CBC patch was bugged in that there was a path through enc()
      in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left
      at the previous value which could suggest that the packet was a
      sufficient length when it wasn't.
      (cherry picked from commit 6cb19b76)
      (cherry picked from commit 2c948c1bb218f4ae126e14fd3453d42c62b93235)
      
      Conflicts:
      	ssl/s3_enc.c
      b3a959a3
    • Ben Laurie's avatar
      Fixups. · 2928cb4c
      Ben Laurie authored
      2928cb4c
    • Ben Laurie's avatar
      Oops. Add missing file. · a33e6702
      Ben Laurie authored
      (cherry picked from commit 014265eb)
      (cherry picked from commit 7721c53e5e9fe4c90be420d7613559935a96a4fb)
      a33e6702
    • Ben Laurie's avatar
      Make CBC decoding constant time. · 35a65e81
      Ben Laurie authored
      This patch makes the decoding of SSLv3 and TLS CBC records constant
      time. Without this, a timing side-channel can be used to build a padding
      oracle and mount Vaudenay's attack.
      
      This patch also disables the stitched AESNI+SHA mode pending a similar
      fix to that code.
      
      In order to be easy to backport, this change is implemented in ssl/,
      rather than as a generic AEAD mode. In the future this should be changed
      around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
      (cherry picked from commit e130841b)
      
      Conflicts:
      	crypto/evp/c_allc.c
      	ssl/ssl_algs.c
      	ssl/ssl_locl.h
      	ssl/t1_enc.c
      (cherry picked from commit 3622239826698a0e534dcf0473204c724bb9b4b4)
      
      Conflicts:
      	ssl/d1_enc.c
      	ssl/s3_enc.c
      	ssl/s3_pkt.c
      	ssl/ssl3.h
      	ssl/ssl_algs.c
      	ssl/t1_enc.c
      35a65e81
    • Andy Polyakov's avatar
      .gitignore adjustments · 7ad132b1
      Andy Polyakov authored
      7ad132b1
    • Ben Laurie's avatar
      Add and use a constant-time memcmp. · 27088131
      Ben Laurie authored
      This change adds CRYPTO_memcmp, which compares two vectors of bytes in
      an amount of time that's independent of their contents. It also changes
      several MAC compares in the code to use this over the standard memcmp,
      which may leak information about the size of a matching prefix.
      (cherry picked from commit 2ee79888)
      
      Conflicts:
      	crypto/crypto.h
      	ssl/t1_lib.c
      (cherry picked from commit dc406b59f3169fe191e58906df08dce97edb727c)
      
      Conflicts:
      	crypto/crypto.h
      	ssl/d1_pkt.c
      	ssl/s3_pkt.c
      27088131
    • Ben Laurie's avatar
      Add target so I can build. · affe9899
      Ben Laurie authored
      affe9899
    • Dr. Stephen Henson's avatar
      Don't try and verify signatures if key is NULL (CVE-2013-0166) · 66e8211c
      Dr. Stephen Henson authored
      Add additional check to catch this in ASN1_item_verify too.
      66e8211c
  2. Jan 23, 2013
  3. Jan 20, 2013
  4. Jan 11, 2013
  5. Dec 10, 2012
    • Dr. Stephen Henson's avatar
      PR: 2888 · 42aa3ec4
      Dr. Stephen Henson authored
      Reported by: Daniel Black <daniel.black@openquery.com>
      
      Support renewing session tickets (backport from HEAD).
      42aa3ec4
  6. Dec 04, 2012
  7. Dec 03, 2012
  8. Nov 29, 2012
    • Dr. Stephen Henson's avatar
      PR: 2803 · 42e10c3f
      Dr. Stephen Henson authored
      Submitted by: jean-etienne.schwartz@bull.net
      
      In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
      42e10c3f
  9. Nov 21, 2012
    • Dr. Stephen Henson's avatar
      PR: 2908 · c571a3e9
      Dr. Stephen Henson authored
      Submitted by: Dmitry Belyavsky <beldmit@gmail.com>
      
      Fix DH double free if parameter generation fails.
      c571a3e9
  10. Nov 19, 2012
  11. Nov 18, 2012
    • Dr. Stephen Henson's avatar
      PR: 2880 · 34b5ba3b
      Dr. Stephen Henson authored
      Submitted by: "Florian Rüchel" <florian.ruechel@ruhr-uni-bochum.de>
      
      Correctly handle local machine keys in the capi ENGINE.
      34b5ba3b
  12. Oct 16, 2012
  13. Oct 05, 2012
  14. Sep 24, 2012
  15. Sep 21, 2012
  16. Sep 11, 2012
  17. Jul 05, 2012
  18. May 11, 2012
    • Dr. Stephen Henson's avatar
      PR: 2813 · 4baee303
      Dr. Stephen Henson authored
      Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>
      
      Fix possible deadlock when decoding public keys.
      4baee303
  19. May 10, 2012
  20. May 04, 2012
  21. Apr 23, 2012