generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/crypto
History
Ben Laurie e5420be6cd Make CBC decoding constant time. 
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bccfc0bb9da254dc84e23bc6a1c78a64e)

Conflicts:
	crypto/evp/c_allc.c
	ssl/ssl_algs.c
	ssl/ssl_locl.h
	ssl/t1_enc.c
2013-02-05 16:46:16 +00:00
..
aes
x86_64 assembly pack: make Windows build more robust [from master].
2013-01-22 23:00:02 +01:00
asn1
Don't try and verify signatures if key is NULL (CVE-2013-0166)
2013-02-05 16:46:15 +00:00
bf
Revert the size_t modifications from HEAD that had led to more
2008-11-12 03:58:08 +00:00
bio
Fix warning (hope this doesn't break other platforms, there's a twisty
2012-10-04 15:03:08 +00:00
bn
x86_64 assembly pack: make it possible to compile with Perl located
2012-06-27 13:04:17 +00:00
buffer
correct error code
2012-04-22 13:31:37 +00:00
camellia
x86_64 assembly pack: make Windows build more robust [from master].
2013-01-22 23:00:02 +01:00
cast
Constify crypto/cast.
2009-12-22 11:45:59 +00:00
cms
Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set
2013-01-23 01:14:13 +00:00
comp
Assorted bugfixes:
2011-02-03 12:04:40 +00:00
conf
PR: 2576
2011-09-02 11:20:41 +00:00
des
PR: 2266
2010-05-26 23:23:44 +00:00
dh
PR: 1644
2009-09-06 15:49:12 +00:00
dsa
make EVP_dss() work for DSA signing
2011-06-20 20:05:38 +00:00
dso
"make update"
2011-09-05 09:54:59 +00:00
ec
Fix EC_KEY initialization race.
2012-10-05 20:51:31 +00:00
ecdh
Fix EC_KEY initialization race.
2012-10-05 20:51:31 +00:00
ecdsa
Fix EC_KEY initialization race.
2012-10-05 20:51:31 +00:00
engine
PR: 2735
2012-02-27 16:33:16 +00:00
err
Don't include comp.h if no-comp set.
2013-01-20 01:12:15 +00:00
evp
Make CBC decoding constant time.
2013-02-05 16:46:16 +00:00
hmac
inherit HMAC flags from MD_CTX
2011-05-19 17:39:49 +00:00
idea
Constify version strings and some structures.
2007-01-21 13:07:17 +00:00
jpake
J-PAKE was not correctly checking values, which could lead to attacks.
2010-11-24 13:48:12 +00:00
krb5
Further BUILDENV refinement, further fool-proofing of Makefiles and
2005-05-16 16:55:47 +00:00
lhash
Revert lhash patch for PR#2124
2009-12-09 15:00:20 +00:00
md2
Constify seed and md2.
2007-08-31 10:12:35 +00:00
md4
Remove unnecessary casts and avoid some warnings with gcc 4.2.
2007-06-07 16:07:57 +00:00
md5
x86_64 assembly pack: make Windows build more robust [from master].
2013-01-22 23:00:02 +01:00
mdc2
Update filenames in makefiles.
2006-02-04 01:45:59 +00:00
modes
[co]cf128.c: fix "n=0" bug [from HEAD].
2010-04-14 07:47:53 +00:00
objects
PR: 2149
2010-01-25 16:07:51 +00:00
ocsp
Don't try and verify signatures if key is NULL (CVE-2013-0166)
2013-02-05 16:46:15 +00:00
pem
Fix warnings (From HEAD, original patch by Ben).
2010-06-15 17:25:15 +00:00
perlasm
x86_64-xlate.pl: remove old kludge.
2012-03-13 19:19:57 +00:00
pkcs7
Submitted by: Markus Friedl <mfriedl@gmail.com>
2012-03-22 15:43:06 +00:00
pkcs12
PR: 2737
2012-02-27 16:46:54 +00:00
pqueue
Fix warnings (From HEAD, original patch by Ben).
2010-06-15 17:25:15 +00:00
rand
Fix OPNESSL vs. OPENSSL typos [from HEAD].
2012-01-15 13:40:40 +00:00
rc2
Wire RC4 key_table to read-only segment.
2007-09-18 21:10:32 +00:00
rc4
x86_64 assembly pack: make Windows build more robust [from master].
2013-01-22 23:00:02 +01:00
rc5
Make inline assembler clang-friendly [from HEAD].
2010-08-02 21:54:23 +00:00
ripemd
PR: 1835
2009-02-14 21:49:38 +00:00
rsa
Add and use a constant-time memcmp.
2013-02-05 16:46:15 +00:00
seed
Engage crypto/modes.
2008-12-23 11:33:01 +00:00
sha
x86_64 assembly pack: make Windows build more robust [from master].
2013-01-22 23:00:02 +01:00
stack
make update (1.0.0-stable)
2011-03-22 23:56:18 +00:00
store
Make it possible to disable STORE.
2009-02-19 09:42:51 +00:00
threads
Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda).
2009-05-15 16:37:08 +00:00
ts
PR: 2410
2011-01-03 01:22:09 +00:00
txt_db
Change STRING to OPENSSL_STRING etc as common words such
2009-07-27 21:08:53 +00:00
ui
PR: 2717
2012-02-12 18:25:11 +00:00
whrlpool
x86_64 assembly pack: make Windows build more robust [from master].
2013-01-22 23:00:02 +01:00
x509
Fix two bugs which affect delta CRL handling:
2012-12-06 18:25:18 +00:00
x509v3
Fix two bugs which affect delta CRL handling:
2012-12-06 18:25:18 +00:00
.cvsignore
Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev
2008-04-17 10:19:16 +00:00
alphacpuid.pl
Alpha assembler fixes from HEAD.
2011-08-12 12:32:10 +00:00
cpt_err.c
Update from 0.9.8 stable. Eliminate duplicate error codes.
2006-11-21 21:29:44 +00:00
cryptlib.c
Add and use a constant-time memcmp.
2013-02-05 16:46:15 +00:00
cryptlib.h
export OPENSSL_isservice and make update
2010-01-26 13:55:33 +00:00
crypto-lib.com
Cosmetic: Reorder so it's more similar to the Unixly build.
2012-07-04 17:27:43 +00:00
crypto.h
Add and use a constant-time memcmp.
2013-02-05 16:46:15 +00:00
cversion.c
(oops) Apologies all, that last header-cleanup commit was from the wrong
2004-04-19 18:09:28 +00:00
ebcdic.c
Oops, this file already had the "empty source file" workaround but it
2003-10-29 22:25:04 +00:00
ebcdic.h
EBCDIC support.
2000-02-01 02:21:16 +00:00
ex_data.c
Avoid warnings with -pedantic, specifically:
2008-07-04 23:12:52 +00:00
ia64cpuid.S
Make assembly language versions of OPENSSL_cleanse() accept zero length
2010-02-12 17:02:13 +00:00
install-crypto.com
Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>
2011-03-19 09:44:53 +00:00
LPdir_nyi.c
Copy a few files from LPlib (a new project of mine), add a wrapper.
2004-07-10 13:16:02 +00:00
LPdir_unix.c
Import changed files from LPlib. The changes are logged as follows
2004-09-23 22:11:39 +00:00
LPdir_vms.c
Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>
2011-03-19 09:44:53 +00:00
LPdir_win32.c
Import changed files from LPlib. The changes are logged as follows
2004-09-23 22:11:39 +00:00
LPdir_win.c
Fix mingw warnings.
2006-10-23 07:41:05 +00:00
LPdir_wince.c
Import changed files from LPlib. The changes are logged as follows
2004-09-23 22:11:39 +00:00
Makefile
Replace alphacpuid.s with alphacpuid.pl to ensure it makes to release tar-balls [from HEAD].
2010-07-26 22:09:59 +00:00
md32_common.h
Make inline assembler clang-friendly [from HEAD].
2010-08-02 21:54:23 +00:00
mem_clr.c
Fix warning.
2007-06-23 18:47:51 +00:00
mem_dbg.c
PR: 1894
2009-04-16 17:22:51 +00:00
mem.c
Check for potentially exploitable overflows in asn1_d2i_read_bio
2012-04-19 11:44:51 +00:00
o_dir_test.c
Copy a few files from LPlib (a new project of mine), add a wrapper.
2004-07-10 13:16:02 +00:00
o_dir.c
DJGPP has opendir() and friends, according to Gisle Vanem <giva@bgnett.no>.
2004-08-03 19:15:21 +00:00
o_dir.h
Copy a few files from LPlib (a new project of mine), add a wrapper.
2004-07-10 13:16:02 +00:00
o_str.c
Update from HEAD.
2009-06-01 12:14:15 +00:00
o_str.h
"Overload" SunOS 4.x memcmp, which ruins ASN1_OBJECT table lookups.
2005-09-20 20:19:07 +00:00
o_time.c
Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>
2011-03-19 09:44:53 +00:00
o_time.h
Experimental new date handling routines. These fix issues with X509_time_adj()
2008-10-07 22:55:27 +00:00
opensslconf.h.in
Eliminate warning induced by http://cvs.openssl.org/chngview?cn=14690 and
2005-12-16 10:37:24 +00:00
opensslv.h
prepare for next version
2012-05-10 16:01:57 +00:00
ossl_typ.h
Update from stable branch.
2008-11-11 12:23:18 +00:00
ppccpuid.pl
ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance
2012-04-27 20:21:26 +00:00
s390xcap.c
s390x assembler update: add support for run-time facility detection [from HEAD].
2010-01-19 21:40:58 +00:00
s390xcpuid.S
Make assembly language versions of OPENSSL_cleanse() accept zero length
2010-02-12 17:02:13 +00:00
sparccpuid.S
sparcv9cap.c: disengange Solaris-specific CPU detection routine in favour
2010-09-05 19:48:01 +00:00
sparcv9cap.c
sparcv9cap.c: disengange Solaris-specific CPU detection routine in favour
2010-09-05 19:48:01 +00:00
symhacks.h
Cosmetics: remove duplicate symbol in crypto/symhacks.h
2012-07-05 08:49:02 +00:00
uid.c
Netware-specific changes,
2003-11-28 13:10:58 +00:00
vms_rms.h
Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>
2011-03-19 09:44:53 +00:00
x86_64cpuid.pl
x86_64 assembly pack: make Windows build more robust [from master].
2013-01-22 23:00:02 +01:00
x86cpuid.pl
Make assembly language versions of OPENSSL_cleanse() accept zero length
2010-02-12 17:02:13 +00:00