generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/ssl
History
Ben Laurie 35a65e814b Make CBC decoding constant time. 
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bccfc0bb9da254dc84e23bc6a1c78a64e)

Conflicts:
	crypto/evp/c_allc.c
	ssl/ssl_algs.c
	ssl/ssl_locl.h
	ssl/t1_enc.c
(cherry picked from commit 3622239826698a0e534dcf0473204c724bb9b4b4)

Conflicts:
	ssl/d1_enc.c
	ssl/s3_enc.c
	ssl/s3_pkt.c
	ssl/ssl3.h
	ssl/ssl_algs.c
	ssl/t1_enc.c
2013-02-05 16:50:32 +00:00
..
.cvsignore
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
bio_ssl.c
PR: 2529
2011-05-25 15:15:43 +00:00
d1_both.c
PR: 2755
2012-03-07 15:14:16 +00:00
d1_clnt.c
PR: 2748
2012-03-06 13:20:20 +00:00
d1_enc.c
Make CBC decoding constant time.
2013-02-05 16:50:32 +00:00
d1_lib.c
fix error code
2012-03-12 14:50:55 +00:00
d1_meth.c
Initialize SSL_METHOD structures at compile time. This removes the need
2005-08-05 23:52:08 +00:00
d1_pkt.c
Add and use a constant-time memcmp.
2013-02-05 16:50:32 +00:00
d1_srvr.c
PR: 2778(part)
2012-03-31 18:02:23 +00:00
dtls1.h
PR: 2230
2010-04-14 00:17:12 +00:00
install.com
Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda).
2009-05-15 16:37:29 +00:00
kssl_lcl.h
To avoid commit wars over dependencies, let's make it so things that
2001-10-10 07:55:02 +00:00
kssl.c
Submitted by: Tomas Hoger <thoger@redhat.com>
2010-03-03 15:34:11 +00:00
kssl.h
Make kerberos ciphersuite code work with newer header files
2005-04-09 23:55:55 +00:00
Makefile
Make CBC decoding constant time.
2013-02-05 16:50:32 +00:00
s2_clnt.c
Add and use a constant-time memcmp.
2013-02-05 16:50:32 +00:00
s2_enc.c
ensure that the EVP_CIPHER_CTX object is initialized
2007-02-16 20:40:07 +00:00
s2_lib.c
Update from HEAD.
2007-01-21 16:07:25 +00:00
s2_meth.c
Initialize SSL_METHOD structures at compile time. This removes the need
2005-08-05 23:52:08 +00:00
s2_pkt.c
Add and use a constant-time memcmp.
2013-02-05 16:50:32 +00:00
s2_srvr.c
Assorted bugfixes:
2011-02-03 12:04:48 +00:00
s3_both.c
Add and use a constant-time memcmp.
2013-02-05 16:50:32 +00:00
s3_clnt.c
PR: 2888
2012-12-10 16:45:39 +00:00
s3_enc.c
Make CBC decoding constant time.
2013-02-05 16:50:32 +00:00
s3_lib.c
Oops: this change (http://cvs.openssl.org/chngview?cn=21503)
2011-10-19 13:53:41 +00:00
s3_meth.c
Initialize SSL_METHOD structures at compile time. This removes the need
2005-08-05 23:52:08 +00:00
s3_pkt.c
Make CBC decoding constant time.
2013-02-05 16:50:32 +00:00
s3_srvr.c
Backport OCSP fix.
2012-10-05 12:50:24 +00:00
s23_clnt.c
make no-comp compile again
2010-03-30 17:31:58 +00:00
s23_lib.c
Fix gcc 4.6 warnings. Check TLS server hello extension length.
2010-06-12 13:18:58 +00:00
s23_meth.c
make "./configure no-ssl2" work again
2006-01-15 16:57:01 +00:00
s23_pkt.c
Reorder inclusion of header files:
2002-07-10 07:01:54 +00:00
s23_srvr.c
PR: 2171
2010-02-16 14:19:42 +00:00
ssl2.h
Implement msg_callback for SSL 2.0.
2001-11-10 01:16:28 +00:00
ssl3.h
Make CBC decoding constant time.
2013-02-05 16:50:32 +00:00
ssl23.h
Import of old SSLeay release: SSLeay 0.9.0b
1998-12-21 10:56:39 +00:00
ssl_algs.c
Add SHA2 algorithms to SSL_library_init(). Although these aren't used
2010-04-07 13:19:48 +00:00
ssl_asn1.c
Fix gcc 4.6 warnings. Check TLS server hello extension length.
2010-06-12 13:18:58 +00:00
ssl_cert.c
PR: 1731 and maybe 2197
2010-03-24 23:16:35 +00:00
ssl_ciph.c
Resolve a stack set-up race condition (if the list of compression
2011-12-02 12:50:44 +00:00
ssl_err2.c
Use new-style system-id macros everywhere possible. I hope I haven't
2001-02-20 08:13:47 +00:00
ssl_err.c
fix error code
2012-03-12 14:50:55 +00:00
ssl_lib.c
backport OCSP fix enhancement
2012-10-05 13:02:31 +00:00
ssl_locl.h
Make CBC decoding constant time.
2013-02-05 16:50:32 +00:00
ssl_rsa.c
PR: 1411
2009-09-12 23:09:59 +00:00
ssl_sess.c
PR: 2160
2010-02-01 16:48:40 +00:00
ssl_stat.c
PR: 2133
2010-01-16 19:18:31 +00:00
ssl_task.c
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
ssl_txt.c
Add strings for DTLS protocol versions
2010-01-16 19:02:43 +00:00
ssl-lib.com
Add t1_reneg to the VMS build.
2010-02-22 07:05:24 +00:00
ssl.h
fix error code
2012-03-12 14:50:55 +00:00
ssltest.c
Fix gcc 4.6 warnings. Check TLS server hello extension length.
2010-06-12 13:18:58 +00:00
t1_clnt.c
Initialize SSL_METHOD structures at compile time. This removes the need
2005-08-05 23:52:08 +00:00
t1_enc.c
Make CBC decoding constant time.
2013-02-05 16:50:32 +00:00
t1_lib.c
Add and use a constant-time memcmp.
2013-02-05 16:50:32 +00:00
t1_meth.c
Initialize SSL_METHOD structures at compile time. This removes the need
2005-08-05 23:52:08 +00:00
t1_reneg.c
Update RI to match latest spec.
2009-12-27 23:03:40 +00:00
t1_srvr.c
Initialize SSL_METHOD structures at compile time. This removes the need
2005-08-05 23:52:08 +00:00
tls1.h
First cut of renegotiation extension.
2009-11-08 14:51:54 +00:00