- Feb 11, 2013
-
-
Lutz Jaenicke authored
-
Andy Polyakov authored
(cherry picked from commit 3caeef94)
-
- Feb 09, 2013
-
-
Andy Polyakov authored
-
Andy Polyakov authored
-
- Feb 08, 2013
-
-
Andy Polyakov authored
(cherry picked from commit f93a4187)
-
Andy Polyakov authored
(cherry picked from commit e9baceab)
-
Andy Polyakov authored
With previous commit it also ensures that valgrind is happy.
-
Ben Laurie authored
-
Ben Laurie authored
-
- Feb 07, 2013
-
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Dr. Stephen Henson authored
Fix the calculation that checks there is enough room in a record after removing padding and optional explicit IV. (by Steve) For AEAD remove the correct number of padding bytes (by Andy)
-
- Feb 06, 2013
-
-
Adam Langley authored
MD5 should use little endian order. Fortunately the only ciphersuite affected is EXP-RC2-CBC-MD5 (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) which is a rarely used export grade ciphersuite.
-
Dr. Stephen Henson authored
-
- Feb 04, 2013
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Feb 03, 2013
-
-
Andy Polyakov authored
-
- Feb 02, 2013
-
-
Andy Polyakov authored
(cherry picked from commit 134c0065)
-
Andy Polyakov authored
PR: 2963 and a number of others (cherry picked from commit 4568182a)
-
Andy Polyakov authored
Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch.
-
- Feb 01, 2013
-
-
Ben Laurie authored
-
Andy Polyakov authored
Kludge alert. This is arranged by passing padding length in unused bits of SSL3_RECORD->type, so that orig_len can be reconstructed.
-
Andy Polyakov authored
-
Dr. Stephen Henson authored
-
Andy Polyakov authored
-
Andy Polyakov authored
RISCs are picky and alignment granted by compiler for md_state can be insufficient for SHA512.
-
Andy Polyakov authored
Break dependency on uint64_t. It's possible to declare bits as unsigned int, because TLS packets are limited in size and 32-bit value can't overflow.
-
- Jan 31, 2013
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
branches it needs to be in a "gap".
-
Dr. Stephen Henson authored
We have to use EVP in FIPS mode so we can only partially mitigate timing differences. Make an extra call to EVP_DigestSignUpdate to hash additonal blocks to cover any timing differences caused by removal of padding.
-
- Jan 29, 2013
-
-
Dr. Stephen Henson authored
Add additional check to catch this in ASN1_item_verify too.
-
- Jan 28, 2013
-
-
Ben Laurie authored
-