generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/ssl
History
Ben Laurie 2acc020b77 Make CBC decoding constant time. 
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bccfc0bb9da254dc84e23bc6a1c78a64e)
2013-02-06 14:19:07 +00:00
..
.cvsignore
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
bio_ssl.c
OPENSSL_NO_SOCK fixes.
2012-04-16 17:42:36 +00:00
d1_both.c
PR: 2755
2012-03-06 13:47:43 +00:00
d1_clnt.c
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
d1_enc.c
Make CBC decoding constant time.
2013-02-06 14:19:07 +00:00
d1_lib.c
Improve WINCE support.
2013-01-19 21:23:13 +01:00
d1_meth.c
Let the TLSv1_method() etc. functions return a const SSL_METHOD
2005-08-14 21:48:33 +00:00
d1_pkt.c
Add and use a constant-time memcmp.
2013-02-06 14:16:55 +00:00
d1_srtp.c
Submitted by: Eric Rescorla <ekr@rtfm.com>
2012-02-11 22:53:31 +00:00
d1_srvr.c
PR: 2778(part)
2012-03-31 18:03:02 +00:00
dtls1.h
PR: 2658
2011-12-31 22:59:57 +00:00
install-ssl.com
Install srtp.h
2012-07-05 13:20:19 +00:00
kssl_lcl.h
Merge from 1.0.0-stable branch.
2009-04-23 16:32:42 +00:00
kssl.c
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
kssl.h
make kerberos work with OPENSSL_NO_SSL_INTERN
2011-05-11 22:50:18 +00:00
Makefile
Make CBC decoding constant time.
2013-02-06 14:19:07 +00:00
s2_clnt.c
Add and use a constant-time memcmp.
2013-02-06 14:16:55 +00:00
s2_enc.c
Update ssl library to support EVP_PKEY MAC API. Include generic MAC support.
2007-06-04 17:04:40 +00:00
s2_lib.c
Add ctrl and utility functions to retrieve raw cipher list sent by client in
2012-09-12 13:57:48 +00:00
s2_meth.c
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
s2_pkt.c
Add and use a constant-time memcmp.
2013-02-06 14:16:55 +00:00
s2_srvr.c
Fix some warnings caused by __owur. Temporarily (I hope) remove the more
2011-11-14 00:36:10 +00:00
s3_both.c
Add and use a constant-time memcmp.
2013-02-06 14:16:55 +00:00
s3_clnt.c
perform sanity checks on server certificate type as soon as it is received instead of waiting until server key exchange
2012-08-31 11:18:54 +00:00
s3_enc.c
Make CBC decoding constant time.
2013-02-06 14:19:07 +00:00
s3_lib.c
Print out point format list for clients too.
2012-11-26 18:39:38 +00:00
s3_meth.c
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
s3_pkt.c
Make CBC decoding constant time.
2013-02-06 14:19:07 +00:00
s3_srvr.c
stop warning when compiling with no-comp
2012-12-29 23:37:56 +00:00
s23_clnt.c
send out the raw SSL/TLS headers to the msg_callback and display them in SSL_trace
2012-12-07 23:42:33 +00:00
s23_lib.c
Fix warnings.
2010-06-12 14:13:23 +00:00
s23_meth.c
Initial incomplete TLS v1.2 support. New ciphersuites added, new version
2011-04-29 22:56:51 +00:00
s23_pkt.c
Reorder inclusion of header files:
2002-07-10 07:01:54 +00:00
s23_srvr.c
Add three Suite B modes to TLS code, supporting RFC6460.
2012-08-15 15:15:05 +00:00
srtp.h
move internal functions to ssl_locl.h
2011-11-21 22:52:13 +00:00
ssl2.h
Initial "opaque SSL" framework. If an application defines
2011-04-29 22:37:12 +00:00
ssl3.h
Make CBC decoding constant time.
2013-02-06 14:19:07 +00:00
ssl23.h
Import of old SSLeay release: SSLeay 0.9.0b
1998-12-21 10:56:39 +00:00
ssl_algs.c
Make CBC decoding constant time.
2013-02-06 14:19:07 +00:00
ssl_asn1.c
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
ssl_cert.c
Add ctrl and utility functions to retrieve raw cipher list sent by client in
2012-09-12 13:57:48 +00:00
ssl_ciph.c
return error if Suite B mode is selected and TLS 1.2 can't be used. Correct error coded
2012-12-01 18:33:21 +00:00
ssl_conf.c
really fix automatic ;-)
2012-12-07 12:41:13 +00:00
ssl_err2.c
Use new-style system-id macros everywhere possible. I hope I haven't
2001-02-20 08:13:47 +00:00
ssl_err.c
return error if Suite B mode is selected and TLS 1.2 can't be used. Correct error coded
2012-12-01 18:33:21 +00:00
ssl_lib.c
fix typo and warning
2012-11-19 02:46:46 +00:00
ssl_locl.h
Make CBC decoding constant time.
2013-02-06 14:19:07 +00:00
ssl_rsa.c
Rearrange and test authz extension.
2012-06-07 13:20:47 +00:00
ssl_sess.c
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
ssl_stat.c
PR: 1794
2011-11-25 00:17:44 +00:00
ssl_task.c
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
ssl_txt.c
Initial incomplete TLS v1.2 support. New ciphersuites added, new version
2011-04-29 22:56:51 +00:00
ssl-lib.com
Add d1_srtp and t1_trce.
2012-07-05 13:20:02 +00:00
ssl.h
typo
2012-12-26 15:23:42 +00:00
ssltest.c
stop warning when compiling with no-comp
2012-12-29 23:37:56 +00:00
t1_clnt.c
Initial incomplete TLS v1.2 support. New ciphersuites added, new version
2011-04-29 22:56:51 +00:00
t1_enc.c
Make CBC decoding constant time.
2013-02-06 14:19:07 +00:00
t1_lib.c
Add and use a constant-time memcmp.
2013-02-06 14:16:55 +00:00
t1_meth.c
Initial incomplete TLS v1.2 support. New ciphersuites added, new version
2011-04-29 22:56:51 +00:00
t1_reneg.c
Update RI to match latest spec.
2009-12-27 22:58:55 +00:00
t1_srvr.c
Initial incomplete TLS v1.2 support. New ciphersuites added, new version
2011-04-29 22:56:51 +00:00
t1_trce.c
Fix for trace code: SSL3 doesn't include a length value for
2013-02-04 15:13:12 +00:00
tls1.h
Add three Suite B modes to TLS code, supporting RFC6460.
2012-08-15 15:15:05 +00:00
tls_srp.c
PR: 1794
2011-12-14 22:17:06 +00:00