openssl

History

Ben Laurie 2acc020b77 Make CBC decoding constant time.

This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bccfc0bb9da254dc84e23bc6a1c78a64e)

2013-02-06 14:19:07 +00:00

aes

x86_64 assembly pack: make Windows build more robust.

2013-01-22 22:27:28 +01:00

asn1

Make "make depend" work on MacOS out of the box.

2013-01-19 14:14:30 +00:00

Change AR to ARX to allow exclusion of fips object modules

2011-01-26 16:08:08 +00:00

bio

Improve WINCE support.

2013-01-19 21:23:13 +01:00

x86_64 assembly pack: keep making Windows build more robust.

2013-02-02 19:54:59 +01:00

buffer

correct error code

2012-04-22 13:31:09 +00:00

camellia

x86_64 assembly pack: make Windows build more robust.

2013-01-22 22:27:28 +01:00

cast

Change AR to ARX to allow exclusion of fips object modules

2011-01-26 16:08:08 +00:00

cmac

fix reset fix

2012-04-11 15:05:07 +00:00

cms

Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set

2013-01-23 01:09:38 +00:00

comp

Assorted bugfixes:

2011-02-03 12:03:51 +00:00

conf

New config module for string tables. This can be used to add new

2012-10-22 13:05:54 +00:00

des

Update support for Intel compiler: add linux-x86_64-icc and fix problems.

2012-11-28 13:05:13 +00:00

Version skew reduction: trivia (I hope).

2012-06-03 22:00:21 +00:00

dsa

Version skew reduction: trivia (I hope).

2012-06-03 22:00:21 +00:00

dso

dso/dso_win32.c: fix compiler warning.

2012-12-18 18:19:54 +00:00

Fix EC_KEY initialization race.

2012-10-05 20:50:11 +00:00

ecdh

Fix EC_KEY initialization race.

2012-10-05 20:50:11 +00:00

ecdsa

Fix EC_KEY initialization race.

2012-10-05 20:50:11 +00:00

engine

make depend

2012-11-19 13:18:09 +00:00

err

Don't include comp.h if no-comp set.

2013-01-20 02:34:25 +00:00

evp

Make CBC decoding constant time.

2013-02-06 14:19:07 +00:00

hmac

Fix some warnings caused by __owur. Temporarily (I hope) remove the more

2011-11-14 00:36:10 +00:00

idea

Change AR to ARX to allow exclusion of fips object modules

2011-01-26 16:08:08 +00:00

jpake

Change AR to ARX to allow exclusion of fips object modules

2011-01-26 16:08:08 +00:00

krb5

Change AR to ARX to allow exclusion of fips object modules

2011-01-26 16:08:08 +00:00

lhash

Change AR to ARX to allow exclusion of fips object modules

2011-01-26 16:08:08 +00:00

md2

Change AR to ARX to allow exclusion of fips object modules

2011-01-26 16:08:08 +00:00

md4

Fix some clang warnings.

2013-01-13 21:04:39 +00:00

md5

x86_64 assembly pack: make Windows build more robust.

2013-01-22 22:27:28 +01:00

mdc2

Update dependencies.

2011-02-21 17:51:59 +00:00

modes

x86_64 assembly pack: make Windows build more robust.

2013-01-22 22:27:28 +01:00

objects

Fix some clang warnings.

2013-01-13 21:04:39 +00:00

ocsp

revert OCSP_basic_verify changes: they aren't needed now we support partial chain verification and can pass verify options to ocsp utility

2012-12-20 18:51:00 +00:00

pem

make update

2011-12-27 14:46:03 +00:00

perlasm

AES for SPARC T4: add XTS, reorder subroutines to improve TLB locality.

2012-11-24 21:55:23 +00:00

pkcs7

Submitted by: Markus Friedl <mfriedl@gmail.com>

2012-03-22 15:44:51 +00:00

pkcs12

Version skew reduction: trivia (I hope).

2012-06-03 22:00:21 +00:00

pqueue

Change AR to ARX to allow exclusion of fips object modules

2011-01-26 16:08:08 +00:00

rand

PR: 2786

2012-08-22 22:43:23 +00:00

rc2

Change AR to ARX to allow exclusion of fips object modules

2011-01-26 16:08:08 +00:00

rc4

x86_64 assembly pack: make Windows build more robust.

2013-01-22 22:27:28 +01:00

rc5

Update support for Intel compiler: add linux-x86_64-icc and fix problems.

2012-11-28 13:05:13 +00:00

ripemd

Fix some clang warnings.

2013-01-13 21:04:39 +00:00

rsa

Add and use a constant-time memcmp.

2013-02-06 14:16:55 +00:00

seed

seed.c: incredibly enough seed.c can fail to compile on Solaris with certain

2012-02-26 21:52:43 +00:00

sha

x86_64 assembly pack: make Windows build more robust.

2013-01-22 22:27:28 +01:00

srp

Version skew reduction: trivia (I hope).

2012-06-03 22:00:21 +00:00

stack

Add DTLS-SRTP.

2011-11-15 22:59:20 +00:00

store

Change AR to ARX to allow exclusion of fips object modules

2011-01-26 16:08:08 +00:00

threads

Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda).

2009-05-15 16:36:56 +00:00

Rename Suite B functions for consistency.

2012-08-03 15:58:15 +00:00

txt_db

Change AR to ARX to allow exclusion of fips object modules

2011-01-26 16:08:08 +00:00

PR: 2717

2012-02-11 23:41:19 +00:00

whrlpool

x86_64 assembly pack: make Windows build more robust.

2013-01-22 22:27:28 +01:00

x509

Make "make depend" work on MacOS out of the box.

2013-01-19 14:14:30 +00:00

x509v3

Portability fix: use BIO_snprintf and pick up strcasecmp alternative

2012-12-26 23:51:56 +00:00

.cvsignore

Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev

2008-04-17 10:19:16 +00:00

alphacpuid.pl

alphacpuid.pl: fix alignment bug.

2011-08-12 12:28:52 +00:00

arm_arch.h

arm_arch.h: allow to specify __ARM_ARCH__ elsewhere.

2011-11-09 20:08:44 +00:00

armcap.c

typo

2011-10-24 13:23:51 +00:00

armv4cpuid.S

armv4cpuid.S, armv4-gf2m.pl: make newest code compilable by older assembler.

2011-11-05 13:07:18 +00:00

c64xpluscpuid.pl

C64x+ assembly pack: improve EABI support.

2012-11-28 13:19:10 +00:00

cpt_err.c

Implement FIPS_mode and FIPS_mode_set

2011-05-19 18:09:02 +00:00

cryptlib.c

Add and use a constant-time memcmp.

2013-02-06 14:16:55 +00:00

cryptlib.h

Add a symbol for the first parameter to OPENSSL_showfatal().

2011-06-23 09:46:27 +00:00

crypto-lib.com

Add the missing modules for Camellia, as well as dh_rfc5114 and evp_cnf.

2012-07-05 13:19:06 +00:00

crypto.h

Add and use a constant-time memcmp.

2013-02-06 14:16:55 +00:00

cversion.c

(oops) Apologies all, that last header-cleanup commit was from the wrong

2004-04-19 18:09:28 +00:00

ebcdic.c

Oops, this file already had the "empty source file" workaround but it

2003-10-29 22:25:04 +00:00

ebcdic.h

…

ex_data.c

Avoid warnings with -pedantic, specifically:

2008-07-04 23:12:52 +00:00

fips_err.h

Check for selftest failure in various places.

2011-10-22 17:24:27 +00:00

fips_ers.c

Rename crypto/fips_err.c to fips_ers.c to avoid clash with other fips_err.c

2011-02-03 16:16:30 +00:00

ia64cpuid.S

IA-64 assembler pack: fix typos and make it work on HP-UX.

2011-05-07 20:36:05 +00:00

install-crypto.com

After some adjustments, apply the changes OpenSSL 1.0.0d on OpenVMS

2011-03-19 10:58:14 +00:00

lock.c

Include support for an add_lock callback to tiny FIPS locking API.

2011-02-14 17:05:42 +00:00

LPdir_nyi.c

Copy a few files from LPlib (a new project of mine), add a wrapper.

2004-07-10 13:16:02 +00:00

LPdir_unix.c

Import changed files from LPlib. The changes are logged as follows

2004-09-23 22:11:39 +00:00

LPdir_vms.c

After some adjustments, apply the changes OpenSSL 1.0.0d on OpenVMS

2011-03-19 10:58:14 +00:00

LPdir_win32.c

Import changed files from LPlib. The changes are logged as follows

2004-09-23 22:11:39 +00:00

LPdir_win.c

Fix mingw warnings.

2006-10-23 07:41:05 +00:00

LPdir_wince.c

Import changed files from LPlib. The changes are logged as follows

2004-09-23 22:11:39 +00:00

Makefile

Remove o_init.o special case from Makefile: this doesn't work.

2011-10-12 17:27:08 +00:00

md32_common.h

Update support for Intel compiler: add linux-x86_64-icc and fix problems.

2012-11-28 13:05:13 +00:00

mem_clr.c

Fix warning.

2007-06-23 18:47:51 +00:00

mem_dbg.c

Updates from 1.0.0-stable branch.

2009-04-20 11:33:12 +00:00

mem.c

Version skew reduction: trivia (I hope).

2012-06-03 22:00:21 +00:00

o_dir_test.c

Copy a few files from LPlib (a new project of mine), add a wrapper.

2004-07-10 13:16:02 +00:00

o_dir.c

DJGPP has opendir() and friends, according to Gisle Vanem <giva@bgnett.no>.

2004-08-03 19:15:21 +00:00

o_dir.h

Copy a few files from LPlib (a new project of mine), add a wrapper.

2004-07-10 13:16:02 +00:00

o_fips.c

Implement FIPS_mode and FIPS_mode_set

2011-05-19 18:09:02 +00:00

o_init.c

remove unnecessary attempt to automatically call OPENSSL_init

2012-07-01 22:25:04 +00:00

o_str.c

Improve WINCE support.

2013-01-19 21:23:13 +01:00

o_str.h

"Overload" SunOS 4.x memcmp, which ruins ASN1_OBJECT table lookups.

2005-09-20 20:19:07 +00:00

o_time.c

Reorganise parameters for OPENSSL_gmtime_diff.

2012-11-21 14:13:20 +00:00

o_time.h

Reorganise parameters for OPENSSL_gmtime_diff.

2012-11-21 14:13:20 +00:00

opensslconf.h.in

Eliminate warning induced by http://cvs.openssl.org/chngview?cn=14690 and

2005-12-16 10:37:24 +00:00

opensslv.h

HEAD is now 1.1.0

2009-03-31 10:38:37 +00:00

ossl_typ.h

Support routines for ASN1 scanning function, doesn't do much yet.

2010-12-13 18:15:28 +00:00

pariscid.pl

Multiple assembler packs: add experimental memory bus instrumentation.

2011-04-17 12:46:00 +00:00

ppccap.c

ppccap.c: fix typo.

2012-11-10 20:27:18 +00:00

ppccpuid.pl

ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance

2012-04-27 20:17:45 +00:00

s390xcap.c

s390x assembler pack: extend OPENSSL_s390xcap_P to 128 bits.

2010-09-18 08:46:53 +00:00

s390xcpuid.S

Multiple assembler packs: add experimental memory bus instrumentation.

2011-04-17 12:46:00 +00:00

sparc_arch.h

Support for SPARC T4 MONT[MUL|SQR] instructions.

2012-11-17 10:34:11 +00:00

sparccpuid.S

sparcv9cap.c: add SPARC-T4 feature detection.

2012-09-23 20:29:03 +00:00

sparcv9cap.c

Support for SPARC T4 MONT[MUL|SQR] instructions.

2012-11-17 10:34:11 +00:00

symhacks.h

Harmonise symhacks.h in this branch with lower versions.

2012-07-05 13:17:44 +00:00

thr_id.c

Fix warning.

2012-09-17 17:21:58 +00:00

uid.c

Netware-specific changes,

2003-11-28 13:10:58 +00:00

vms_rms.h

After some adjustments, apply the changes OpenSSL 1.0.0d on OpenVMS

2011-03-19 10:58:14 +00:00

x86_64cpuid.pl

x86_64 assembly pack: make Windows build more robust.

2013-01-22 22:27:28 +01:00

x86cpuid.pl

Extend OPENSSL_ia32cap_P with extra word to accomodate AVX2 capability.

2012-11-17 19:04:15 +00:00