Skip to content
GitLab
  1. 05 Feb, 2013 3 commits
    • Ben Laurie's avatar
      Make CBC decoding constant time. · e5420be6
      Ben Laurie authored 
      This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841b)

Conflicts:
	crypto/evp/c_allc.c
	ssl/ssl_algs.c
	ssl/ssl_locl.h
	ssl/t1_enc.c
      e5420be6
    • Ben Laurie's avatar
      Add and use a constant-time memcmp. · 9c00a950
      Ben Laurie authored 
      This change adds CRYPTO_memcmp, which compares two vectors of bytes in
an amount of time that's independent of their contents. It also changes
several MAC compares in the code to use this over the standard memcmp,
which may leak information about the size of a matching prefix.
(cherry picked from commit 2ee79888)

Conflicts:
	crypto/crypto.h
	ssl/t1_lib.c
      9c00a950
    • Dr. Stephen Henson's avatar
      Don't try and verify signatures if key is NULL (CVE-2013-0166) · ebc71865
      Dr. Stephen Henson authored 
      Add additional check to catch this in ASN1_item_verify too.
      ebc71865
  3. 23 Jan, 2013 1 commit
  5. 22 Jan, 2013 1 commit
  7. 20 Jan, 2013 1 commit
  9. 19 Jan, 2013 2 commits
  11. 13 Jan, 2013 2 commits
  13. 30 Dec, 2012 1 commit
  15. 23 Dec, 2012 1 commit
  17. 10 Dec, 2012 1 commit
    • Dr. Stephen Henson's avatar
      PR: 2888 · 8dad8bc4
      Dr. Stephen Henson authored 
      Reported by: Daniel Black <daniel.black@openquery.com>

Support renewing session tickets (backport from HEAD).
      8dad8bc4
  19. 06 Dec, 2012 1 commit
  21. 04 Dec, 2012 1 commit
  23. 03 Dec, 2012 1 commit
  25. 29 Nov, 2012 1 commit
    • Dr. Stephen Henson's avatar
      PR: 2803 · 77ada38d
      Dr. Stephen Henson authored 
      Submitted by: jean-etienne.schwartz@bull.net

In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
      77ada38d
  27. 22 Nov, 2012 1 commit
  29. 21 Nov, 2012 1 commit
    • Dr. Stephen Henson's avatar
      PR: 2908 · 04fde202
      Dr. Stephen Henson authored 
      Submitted by: Dmitry Belyavsky <beldmit@gmail.com>

Fix DH double free if parameter generation fails.
      04fde202
  31. 20 Nov, 2012 1 commit
  33. 19 Nov, 2012 1 commit
  35. 18 Nov, 2012 1 commit
    • Dr. Stephen Henson's avatar
      PR: 2880 · fb81e6d3
      Dr. Stephen Henson authored 
      Submitted by: "Florian Rüchel" <florian.ruechel@ruhr-uni-bochum.de>

Correctly handle local machine keys in the capi ENGINE.
      fb81e6d3
  37. 16 Oct, 2012 1 commit
  39. 05 Oct, 2012 2 commits
  41. 04 Oct, 2012 3 commits
  43. 24 Sep, 2012 2 commits
  45. 21 Sep, 2012 1 commit
  47. 17 Sep, 2012 1 commit
  49. 11 Sep, 2012 1 commit
  51. 01 Sep, 2012 1 commit
    • Dr. Stephen Henson's avatar
      Don't load GOST ENGINE if it is already loaded. · 0ad9fe2d
      Dr. Stephen Henson authored 
      Multiple copies of the ENGINE will cause problems when it is cleaned up as
the methods are stored in static structures which will be overwritten and
freed up more than once.

Set static methods to NULL when the ENGINE is freed so it can be reloaded.
      0ad9fe2d
  53. 17 Aug, 2012 1 commit
  55. 13 Aug, 2012 2 commits
  57. 05 Jul, 2012 1 commit
  59. 04 Jul, 2012 1 commit
  61. 01 Jul, 2012 1 commit