generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/crypto
History
Ben Laurie 35a65e814b Make CBC decoding constant time. 
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bccfc0bb9da254dc84e23bc6a1c78a64e)

Conflicts:
	crypto/evp/c_allc.c
	ssl/ssl_algs.c
	ssl/ssl_locl.h
	ssl/t1_enc.c
(cherry picked from commit 3622239826698a0e534dcf0473204c724bb9b4b4)

Conflicts:
	ssl/d1_enc.c
	ssl/s3_enc.c
	ssl/s3_pkt.c
	ssl/ssl3.h
	ssl/ssl_algs.c
	ssl/t1_enc.c
2013-02-05 16:50:32 +00:00
..
aes
fix bug in AES_unwrap()
2010-08-30 23:57:03 +00:00
asn1
Don't try and verify signatures if key is NULL (CVE-2013-0166)
2013-02-05 16:50:31 +00:00
bf
Make update: delete duplicate error code.
2008-09-17 17:11:09 +00:00
bio
PR: 2755
2012-03-07 15:14:16 +00:00
bn
x86-mont.pl: fix bug in integer-only squaring path [from HEAD].
2011-12-09 14:28:48 +00:00
buffer
The fix for CVE-2012-2110 did not take into account that the
2012-04-23 20:35:55 +00:00
camellia
Make it build, plus make depend.
2009-09-27 14:04:33 +00:00
cast
Constify crypto/cast.
2009-12-22 11:45:57 +00:00
cms
Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set
2013-01-23 01:16:59 +00:00
comp
Assorted bugfixes:
2011-02-03 12:04:48 +00:00
conf
PR: 2576
2011-09-02 11:20:49 +00:00
des
PR: 2266
2010-05-26 23:23:53 +00:00
dh
Change old obsolete email address...
2008-11-05 18:36:57 +00:00
dsa
PR: 2295
2010-10-11 23:28:54 +00:00
dso
Prevent aliasing warning
2009-10-04 14:02:35 +00:00
ec
Fix EC_KEY initialization race.
2012-10-05 20:51:47 +00:00
ecdh
Fix EC_KEY initialization race.
2012-10-05 20:51:47 +00:00
ecdsa
Fix EC_KEY initialization race.
2012-10-05 20:51:47 +00:00
engine
oops, revert unrelated patches
2012-03-06 13:22:32 +00:00
err
Don't include comp.h if no-comp set.
2013-01-20 01:16:25 +00:00
evp
Make CBC decoding constant time.
2013-02-05 16:50:32 +00:00
hmac
Fix gcc 4.6 warnings. Check TLS server hello extension length.
2010-06-12 13:18:58 +00:00
idea
Make update: delete duplicate error code.
2008-09-17 17:11:09 +00:00
jpake
Backport J-PAKE fix.
2010-11-26 16:03:23 +00:00
krb5
Merge changes to build system from fips branch.
2008-09-16 21:44:57 +00:00
lhash
PR: 2124
2009-12-09 13:41:50 +00:00
md2
Make update: delete duplicate error code.
2008-09-17 17:11:09 +00:00
md4
Make update: delete duplicate error code.
2008-09-17 17:11:09 +00:00
md5
PR: 2094
2009-11-13 14:14:46 +00:00
mdc2
Merge changes to build system from fips branch.
2008-09-16 21:44:57 +00:00
objects
Update OID table too.
2010-01-25 16:08:52 +00:00
ocsp
Don't try and verify signatures if key is NULL (CVE-2013-0166)
2013-02-05 16:50:31 +00:00
pem
Fix gcc 4.6 warnings. Check TLS server hello extension length.
2010-06-12 13:18:58 +00:00
perlasm
perlasm/cbc.pl: fix tail processing bug [from HEAD].
2011-07-13 06:25:15 +00:00
pkcs7
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
2012-03-12 14:51:45 +00:00
pkcs12
PR: 2295
2010-10-11 23:28:54 +00:00
pqueue
Fix gcc 4.6 warnings. Check TLS server hello extension length.
2010-06-12 13:18:58 +00:00
rand
rand_nw.c: compensate for gcc bug (using %edx instead of %eax at -O3)
2010-07-08 09:15:14 +00:00
rc2
Make update: delete duplicate error code.
2008-09-17 17:11:09 +00:00
rc4
rc4_skey.c [0.9.8]: at some point rc4_skey and x86[_64]cpuid were modified
2011-06-06 19:58:21 +00:00
rc5
Merge changes to build system from fips branch.
2008-09-16 21:44:57 +00:00
ripemd
PR: 1835
2009-02-14 21:50:14 +00:00
rsa
Add and use a constant-time memcmp.
2013-02-05 16:50:32 +00:00
seed
Merge changes to build system from fips branch.
2008-09-16 21:44:57 +00:00
sha
Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda).
2009-05-15 16:37:29 +00:00
stack
PR: 2386
2010-12-02 18:02:02 +00:00
store
Make update: delete duplicate error code.
2008-09-17 17:11:09 +00:00
threads
Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda).
2009-05-15 16:37:29 +00:00
txt_db
Merge changes to build system from fips branch.
2008-09-16 21:44:57 +00:00
ui
Fix warnings about ignoring fgets return value
2009-10-04 16:43:39 +00:00
x509
PR: 2606
2011-09-23 13:40:06 +00:00
x509v3
PR: 2696 Submitted by: Rob Austein <sra@hactrn.net>
2012-03-06 13:37:52 +00:00
.cvsignore
FIPS merge "crypto" functions.
2008-09-16 15:11:50 +00:00
cpt_err.c
Rebuild error file C source files.
2006-11-21 20:14:46 +00:00
cryptlib.c
Add and use a constant-time memcmp.
2013-02-05 16:50:32 +00:00
cryptlib.h
Update CryptoAPI ENGINE from head. Export OPENSSL_isservice().
2008-06-06 15:52:32 +00:00
crypto-lib.com
Have an underscore before <ARCH> to make sure any future architecture
2010-03-25 14:45:22 +00:00
crypto.h
Add and use a constant-time memcmp.
2013-02-05 16:50:32 +00:00
cversion.c
(oops) Apologies all, that last header-cleanup commit was from the wrong
2004-04-19 18:09:28 +00:00
dyn_lck.c
Don't change NUM_LOCKS value for non-FIPS builds.
2008-09-17 15:07:41 +00:00
ebcdic.c
Oops, this file already had the "empty source file" workaround but it
2003-10-29 22:25:04 +00:00
ebcdic.h
EBCDIC support.
2000-02-01 02:21:16 +00:00
ex_data.c
gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL.
2007-09-06 12:43:54 +00:00
fips_err.c
Add missing files.
2008-09-16 22:48:18 +00:00
fips_err.h
Add missing files.
2008-09-16 22:48:18 +00:00
ia64cpuid.S
Cpuid modules updates.
2005-05-03 21:05:06 +00:00
install.com
Remove tmdiff.h from EXHEADERS as it doesn't exist.
2009-08-25 07:28:18 +00:00
LPdir_nyi.c
Copy a few files from LPlib (a new project of mine), add a wrapper.
2004-07-10 13:16:02 +00:00
LPdir_unix.c
Import changed files from LPlib. The changes are logged as follows
2004-09-23 22:11:39 +00:00
LPdir_vms.c
Import changed files from LPlib. The changes are logged as follows
2004-09-23 22:11:39 +00:00
LPdir_win32.c
Import changed files from LPlib. The changes are logged as follows
2004-09-23 22:11:39 +00:00
LPdir_win.c
Import changed files from LPlib. The changes are logged as follows
2004-09-23 22:11:39 +00:00
LPdir_wince.c
Import changed files from LPlib. The changes are logged as follows
2004-09-23 22:11:39 +00:00
Makefile
Make update: delete duplicate error code.
2008-09-17 17:11:09 +00:00
md32_common.h
md32_common.h: fix copy-n-paste typo. The typo was present in 098 only.
2010-03-29 11:23:11 +00:00
mem_clr.c
Fix warning.
2007-06-23 19:07:54 +00:00
mem_dbg.c
Move new function CRYPTO_strdup to mem_dbg.c because mem.c is excluded in
2008-11-24 17:02:49 +00:00
mem.c
Check for potentially exploitable overflows in asn1_d2i_read_bio
2012-04-19 11:36:09 +00:00
o_dir_test.c
Copy a few files from LPlib (a new project of mine), add a wrapper.
2004-07-10 13:16:02 +00:00
o_dir.c
DJGPP has opendir() and friends, according to Gisle Vanem <giva@bgnett.no>.
2004-08-03 19:15:21 +00:00
o_dir.h
Copy a few files from LPlib (a new project of mine), add a wrapper.
2004-07-10 13:16:02 +00:00
o_init.c
PR: 2202 (partial)
2010-03-25 12:17:17 +00:00
o_str.c
Update from HEAD.
2009-06-01 12:14:53 +00:00
o_str.h
"Overload" SunOS 4.x memcmp, which ruins ASN1_OBJECT table lookups [from HEAD].
2005-09-20 20:25:17 +00:00
o_time.c
Since version 7.0, The C RTL in VMS handles time in terms of UTC
2004-07-19 07:50:43 +00:00
o_time.h
Use one address consistently.
2001-07-05 10:20:07 +00:00
opensslconf.h.in
Implement Configure option pattern "experimental-foo"
2008-12-02 01:21:06 +00:00
opensslv.h
prepare for next version
2012-05-10 16:01:11 +00:00
ossl_typ.h
Avoid conflict with some version of Windows platform SDK.
2008-11-11 12:22:17 +00:00
sparccpuid.S
Cpuid modules updates.
2005-05-03 21:05:06 +00:00
symhacks.h
Remove duplicate symbol in crypto/symhacks.h
2012-07-05 09:06:20 +00:00
tmdiff.c
Netware-specific changes,
2003-11-28 13:10:58 +00:00
tmdiff.h
For whatever reason (compiler or header bugs), at least one commonly-used
2003-10-29 04:40:13 +00:00
uid.c
Netware-specific changes,
2003-11-28 13:10:58 +00:00
x86_64cpuid.pl
x86_64cpuid.pl update [from HEAD].
2007-11-11 16:25:00 +00:00
x86cpuid.pl
x86cpuid.pl update [from HEAD].
2007-11-11 19:44:42 +00:00