wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9950 commits 20 branches 302 tags 153 MiB
Commit graph

9950 commits

This branch
This branch
All branches
Author SHA1 Message Date
Andy Polyakov
413cbfe68d ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility. 
Kludge alert. This is arranged by passing padding length in unused
bits of SSL3_RECORD->type, so that orig_len can be reconstructed.
(cherry picked from commit 8bfd4c659f)
 2013-02-07 13:43:51 +00:00
Adam Langley
ee463921ed Fix for EXP-RC2-CBC-MD5 
MD5 should use little endian order. Fortunately the only ciphersuite
affected is EXP-RC2-CBC-MD5 (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) which
is a rarely used export grade ciphersuite.
 2013-02-06 15:50:42 +00:00
Dr. Stephen Henson
76e7744bef prepare for next version 2013-02-06 02:27:23 +00:00
Dr. Stephen Henson
d9e048ceac prepare for release 2013-02-05 16:46:21 +00:00
Dr. Stephen Henson
65a9383e6b make update 2013-02-05 16:46:21 +00:00
Dr. Stephen Henson
c6b82f7ee9 Add ordinal for CRYPTO_memcmp: since this will affect multiple 
branches it needs to be in a "gap".
(cherry picked from commit 81ce0e14e7)
 2013-02-05 16:46:20 +00:00
Dr. Stephen Henson
25590043d1 Fix error codes. 
(cherry picked from commit 35d732fc2e)
 2013-02-05 16:46:19 +00:00
Dr. Stephen Henson
8a5d624d5b Update CHANGES and NEWS 2013-02-05 16:46:19 +00:00
Andy Polyakov
ae4a75cecf bn_word.c: fix overflow bug in BN_add_word. 
(cherry picked from commit 134c00659a)
 2013-02-05 16:46:19 +00:00
Andy Polyakov
2e884ce11d x86_64 assembly pack: keep making Windows build more robust. 
PR: 2963 and a number of others
(cherry picked from commit 4568182a8b)
 2013-02-05 16:46:19 +00:00
Dr. Stephen Henson
da8f1b738c update NEWS 2013-02-05 16:46:18 +00:00
Andy Polyakov
33f44acbbe s3/s3_cbc.c: allow for compilations with NO_SHA256|512. 
(cherry picked from commit d5371324d9)
 2013-02-05 16:46:18 +00:00
Andy Polyakov
11c48a0fd2 ssl/s3_cbc.c: md_state alignment portability fix. 
RISCs are picky and alignment granted by compiler for md_state can be
insufficient for SHA512.
(cherry picked from commit 36260233e7)
 2013-02-05 16:46:18 +00:00
Andy Polyakov
3cdaca2436 ssl/s3_cbc.c: uint64_t portability fix. 
Break dependency on uint64_t. It's possible to declare bits as
unsigned int, because TLS packets are limited in size and 32-bit
value can't overflow.
(cherry picked from commit cab13fc847)
 2013-02-05 16:46:17 +00:00
Ben Laurie
b23da2919b Update DTLS code to match CBC decoding in TLS. 
This change updates the DTLS code to match the constant-time CBC
behaviour in the TLS.
(cherry picked from commit 9f27de170d)
 2013-02-05 16:46:17 +00:00
Ben Laurie
610dfc3ef4 Don't crash when processing a zero-length, TLS >= 1.1 record. 
The previous CBC patch was bugged in that there was a path through enc()
in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left
at the previous value which could suggest that the packet was a
sufficient length when it wasn't.
(cherry picked from commit 6cb19b7681)
 2013-02-05 16:46:17 +00:00
Ben Laurie
080f395392 Fixups from previous commit. 2013-02-05 16:46:17 +00:00
Ben Laurie
f852b60797 Oops. Add missing file. 
(cherry picked from commit 014265eb02)
 2013-02-05 16:46:16 +00:00
Ben Laurie
e2356454c8 Add a target so I can build this. 2013-02-05 16:46:16 +00:00
Ben Laurie
e5420be6cd Make CBC decoding constant time. 
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bcc)

Conflicts:
	crypto/evp/c_allc.c
	ssl/ssl_algs.c
	ssl/ssl_locl.h
	ssl/t1_enc.c
 2013-02-05 16:46:16 +00:00
Ben Laurie
9c00a95060 Add and use a constant-time memcmp. 
This change adds CRYPTO_memcmp, which compares two vectors of bytes in
an amount of time that's independent of their contents. It also changes
several MAC compares in the code to use this over the standard memcmp,
which may leak information about the size of a matching prefix.
(cherry picked from commit 2ee798880a)

Conflicts:
	crypto/crypto.h
	ssl/t1_lib.c
 2013-02-05 16:46:15 +00:00
Dr. Stephen Henson
ebc71865f0 Don't try and verify signatures if key is NULL (CVE-2013-0166) 
Add additional check to catch this in ASN1_item_verify too.
 2013-02-05 16:46:15 +00:00
Dr. Stephen Henson
1dfa62d4c8 Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set 2013-01-23 01:14:13 +00:00
Andy Polyakov
8c6364e198 x86_64 assembly pack: make Windows build more robust [from master]. 
PR: 2963 and a number of others
 2013-01-22 23:00:02 +01:00
Dr. Stephen Henson
98c2e93723 Don't include comp.h if no-comp set. 2013-01-20 01:12:15 +00:00
Andy Polyakov
c053e538b4 engines/ccgost: GOST fixes [from master]. 
Submitted by: Dmitry Belyavsky, Seguei Leontiev
PR: 2821
 2013-01-19 18:27:21 +01:00
Andy Polyakov
6386647298 .gitignore adjustments 2013-01-19 15:31:09 +01:00
Ben Laurie
4b24b754f5 Correct EVP_PKEY_verifyrecover to EVP_PKEY_verify_recover (RT 2955). 2013-01-13 22:58:00 +00:00
Dr. Stephen Henson
bfff2cc192 Add .gitignore 2013-01-13 22:57:22 +00:00
Dr. Stephen Henson
d8b177719a make no-comp compile 2012-12-30 16:05:24 +00:00
Dr. Stephen Henson
d985a68c89 add missing \n 2012-12-23 18:19:47 +00:00
Dr. Stephen Henson
8dad8bc465 PR: 2888 
Reported by: Daniel Black <daniel.black@openquery.com>

Support renewing session tickets (backport from HEAD).
 2012-12-10 16:45:19 +00:00
Dr. Stephen Henson
235e76bce1 Fix two bugs which affect delta CRL handling: 
Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.
 2012-12-06 18:25:18 +00:00
Dr. Stephen Henson
d38c549e60 check mval for NULL too 2012-12-04 17:26:26 +00:00
Dr. Stephen Henson
558189183f fix leak 2012-12-03 16:33:35 +00:00
Dr. Stephen Henson
77ada38dbd PR: 2803 
Submitted by: jean-etienne.schwartz@bull.net

In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
 2012-11-29 19:15:52 +00:00
Dr. Stephen Henson
8124ebcd78 reject zero length point format list or supported curves extensions 2012-11-22 14:15:00 +00:00
Dr. Stephen Henson
04fde2025b PR: 2908 
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>

Fix DH double free if parameter generation fails.
 2012-11-21 14:01:55 +00:00
Dr. Stephen Henson
6bd61198fb fix leaks 2012-11-20 00:29:09 +00:00
Dr. Stephen Henson
23b5e47ffc correct docs 2012-11-19 20:07:14 +00:00
Dr. Stephen Henson
fb81e6d300 PR: 2880 
Submitted by: "Florian Rüchel" <florian.ruechel@ruhr-uni-bochum.de>

Correctly handle local machine keys in the capi ENGINE.
 2012-11-18 15:20:49 +00:00
Andy Polyakov
50ff4afb03 aix[64]-cc: get MT support right [from HEAD]. 
PR: 2896
 2012-10-16 08:20:18 +00:00
Bodo Möller
c51f6bccea Fix EC_KEY initialization race. 
Submitted by: Adam Langley
 2012-10-05 20:51:31 +00:00
Dr. Stephen Henson
836a811604 backport OCSP fix enhancement 2012-10-05 13:00:18 +00:00
Ben Laurie
bb65e3f22b Backport OCSP Stapling fix. 2012-10-04 15:16:12 +00:00
Ben Laurie
b8719c753e Fix warning. 2012-10-04 15:04:26 +00:00
Ben Laurie
92b2530acd Fix warning (hope this doesn't break other platforms, there's a twisty 
little maze of #ifs, all different).
 2012-10-04 15:03:08 +00:00
Bodo Möller
9ff94ad7ae Fix Valgrind warning. 
Submitted by: Adam Langley
 2012-09-24 19:50:00 +00:00
Richard Levitte
60ccb02c4a * Configure: make the debug-levitte-linux{elf,noasm} less extreme. 2012-09-24 18:49:01 +00:00
Richard Levitte
094fb13876 * ssl/t1_enc.c (tls1_change_cipher_state): Stupid bug. Fortunately in 
debugging code that's seldom used.
 2012-09-21 13:08:26 +00:00