Commits · e0c21a0b6b09425f8396ff2daf74377687dc27ac · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

06 Feb, 2013 10 commits

ssl/s3_cbc.c: md_state alignment portability fix. · e0c21a0b

Andy Polyakov authored Feb 01, 2013

RISCs are picky and alignment granted by compiler for md_state can be
insufficient for SHA512.
(cherry picked from commit 36260233)

e0c21a0b

ssl/s3_cbc.c: uint64_t portability fix. · 1dfb4b94

Andy Polyakov authored Feb 01, 2013

Break dependency on uint64_t. It's possible to declare bits as
unsigned int, because TLS packets are limited in size and 32-bit
value can't overflow.
(cherry picked from commit cab13fc8)

1dfb4b94

typo. · e5cb7743
Dr. Stephen Henson authored Jan 31, 2013
```
(cherry picked from commit 34ab3c8c)
```
e5cb7743
Add ordinal for CRYPTO_memcmp: since this will affect multiple · 73390e6b
Dr. Stephen Henson authored Jan 31, 2013
```
branches it needs to be in a "gap".
(cherry picked from commit 81ce0e14)
```
73390e6b

Timing fix mitigation for FIPS mode. · d91d9acc

Dr. Stephen Henson authored Jan 29, 2013

We have to use EVP in FIPS mode so we can only partially mitigate
timing differences.

Make an extra call to EVP_DigestSignUpdate to hash additonal blocks
to cover any timing differences caused by removal of padding.
(cherry picked from commit b908e88e)

d91d9acc

Oops. Add missing file. · 820988a0
Ben Laurie authored Jan 28, 2013
```
(cherry picked from commit 014265eb)
```
820988a0

Update DTLS code to match CBC decoding in TLS. · 1326a64a

Ben Laurie authored Jan 28, 2013

This change updates the DTLS code to match the constant-time CBC
behaviour in the TLS.
(cherry picked from commit 9f27de17)

1326a64a

Don't crash when processing a zero-length, TLS >= 1.1 record. · e0da2c2e

Ben Laurie authored Jan 28, 2013

The previous CBC patch was bugged in that there was a path through enc()
in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left
at the previous value which could suggest that the packet was a
sufficient length when it wasn't.
(cherry picked from commit 6cb19b76)

e0da2c2e

Make CBC decoding constant time. · fb0a59cc

Ben Laurie authored Jan 28, 2013

This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841b)

fb0a59cc

Add and use a constant-time memcmp. · f5cd3561

Ben Laurie authored Jan 28, 2013

This change adds CRYPTO_memcmp, which compares two vectors of bytes in
an amount of time that's independent of their contents. It also changes
several MAC compares in the code to use this over the standard memcmp,
which may leak information about the size of a matching prefix.
(cherry picked from commit 2ee79888)

f5cd3561

04 Feb, 2013 2 commits
- Merge branch 'OpenSSL_1_0_2-stable' of /home/steve/src/git/openssl into OpenSSL_1_0_2-stable · 115f7fa5
  Dr. Stephen Henson authored Feb 04, 2013
  
  115f7fa5
- Fix for trace code: SSL3 doesn't include a length value for · c867d871
  Dr. Stephen Henson authored Feb 04, 2013
```
encrypted premaster secret value.
(cherry picked from commit ea34a583)
```
  c867d871
02 Feb, 2013 2 commits
- bn_word.c: fix overflow bug in BN_add_word. · 2a713ead
  Andy Polyakov authored Nov 09, 2012
```
(cherry picked from commit 134c0065)
```
  2a713ead
- x86_64 assembly pack: keep making Windows build more robust. · 2e7900b6
  Andy Polyakov authored Feb 02, 2013
```
PR: 2963 and a number of others
(cherry picked from commit 4568182a)
```
  2e7900b6
24 Jan, 2013 1 commit
- Fix warning: lenmax isn't used any more. · f8435919
  Dr. Stephen Henson authored Jan 24, 2013
  
  f8435919
23 Jan, 2013 1 commit
- Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set · 1db4354b
  Dr. Stephen Henson authored Jan 23, 2013
  
  1db4354b
22 Jan, 2013 4 commits
- x86_64 assembly pack: make Windows build more robust [from master]. · 3f233a1e
  Andy Polyakov authored Jan 22, 2013
```
PR: 2963 and a number of others
```
  3f233a1e
- TABLE update. · 25917e97
  Andy Polyakov authored Jan 22, 2013
  
  25917e97
- Configure: update linux-mips* lines [from master]. · 8812a81b
  Andy Polyakov authored Jan 22, 2013
  
  8812a81b
- bn/asm/mips.pl: hardwire local call to bn_div_words. · b17ffba9
  Andy Polyakov authored Jan 22, 2013
  
  b17ffba9
20 Jan, 2013 1 commit
- Don't include comp.h if no-comp set. · 3619e34f
  Dr. Stephen Henson authored Jan 20, 2013
  
  3619e34f
19 Jan, 2013 6 commits
- Merge branch 'OpenSSL_1_0_2-stable' of openssl.net:openssl into OpenSSL_1_0_2-stable · 6924686b
  Ben Laurie authored Jan 19, 2013
  
  6924686b
- Remove extraneous brackets (clang doesn't like them). · 92745f81
  Ben Laurie authored Jan 19, 2013
  
  92745f81
- Add MacOS 64-bit debug target. · 17cf9864
  Ben Laurie authored Jan 19, 2013
  
  17cf9864
- engines/ccgost: GOST fixes [from master]. · 5cfefd3c
  Andy Polyakov authored Jan 19, 2013
```
Submitted by: Dmitry Belyavsky, Seguei Leontiev
PR: 2821
```
  5cfefd3c
- Can't check a size_t for < 0. · 9ccc6f43
  Ben Laurie authored Jan 19, 2013
  
  9ccc6f43
- .gitignore adjustments · 3c924717
  Andy Polyakov authored Jan 19, 2013
  
  3c924717
18 Jan, 2013 4 commits
- -named_curve option handled automatically now. · 1a932ae0
  Dr. Stephen Henson authored Jan 18, 2013
  
  1a932ae0
- Add code to download CRLs based on CRLDP extension. · 57912ed3
  Dr. Stephen Henson authored Dec 06, 2012
```
Just a sample, real world applications would have to be cleverer.
```
  57912ed3
- cipher is not used in s_server any more. · e998f8ae
  Dr. Stephen Henson authored Jan 18, 2013
  
  e998f8ae
- New option to add CRLs for s_client and s_server. · e318431e
  Dr. Stephen Henson authored Dec 02, 2012
  
  e318431e
17 Jan, 2013 5 commits
- initial support for delta CRL generations by diffing two full CRLs · 6a10f38d
  Dr. Stephen Henson authored Dec 04, 2012
  
  6a10f38d
- Typo (PR2959). · c0950788
  Dr. Stephen Henson authored Jan 17, 2013
  
  c0950788
- constify · c644b832
  Dr. Stephen Henson authored Nov 29, 2012
  
  c644b832
- New functions to set lookup_crls callback and to retrieve internal X509_STORE · 75f53531
  Dr. Stephen Henson authored Nov 27, 2012
```
from X509_STORE_CTX.
```
  75f53531
- add option to get a certificate or CRL from a URL · 7c283d9e
  Dr. Stephen Henson authored Dec 02, 2012
  
  7c283d9e
16 Jan, 2013 1 commit
- print out issuer and subject unique identifier fields in certificates · 2aa3ef78
  Dr. Stephen Henson authored Jun 12, 2012
  
  2aa3ef78
15 Jan, 2013 3 commits
- add wrapper function for certificate download · 1c0964e8
  Dr. Stephen Henson authored Nov 29, 2012
  
  1c0964e8
- Generalise OCSP I/O functions to support dowloading of other ASN1 · 5c8d41be
  Dr. Stephen Henson authored Nov 29, 2012
```
structures using HTTP. Add wrapper function to handle CRL download.
```
  5c8d41be
- Update default dependency flags. · b2866403
  Dr. Stephen Henson authored Jan 15, 2013
  
  b2866403