Andy Polyakov
2141e6f30b
e_aes_cbc_hmac_sha1.c: align calculated MAC at cache line.
...
It also ensures that valgring is happy.
2013-02-08 10:31:13 +01:00
Andy Polyakov
1041ab696e
e_aes_cbc_hmac_sha1.c: cleanse temporary copy of HMAC secret.
...
(cherry picked from commit 529d27ea47
)
2013-02-06 14:19:11 +00:00
Andy Polyakov
9970308c88
e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues.
...
Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch.
(cherry picked from commit 125093b59f
)
2013-02-06 14:19:10 +00:00
Ben Laurie
2acc020b77
Make CBC decoding constant time.
...
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.
This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.
In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bcc
)
2013-02-06 14:19:07 +00:00
Ben Laurie
7c770d572a
Add and use a constant-time memcmp.
...
This change adds CRYPTO_memcmp, which compares two vectors of bytes in
an amount of time that's independent of their contents. It also changes
several MAC compares in the code to use this over the standard memcmp,
which may leak information about the size of a matching prefix.
(cherry picked from commit 2ee798880a
)
2013-02-06 14:16:55 +00:00
Andy Polyakov
4568182a8b
x86_64 assembly pack: keep making Windows build more robust.
...
PR: 2963 and a number of others
2013-02-02 19:54:59 +01:00
Dr. Stephen Henson
1703627ba8
Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set
2013-01-23 01:09:38 +00:00
Andy Polyakov
46bf83f07a
x86_64 assembly pack: make Windows build more robust.
...
PR: 2963 and a number of others
2013-01-22 22:27:28 +01:00
Andy Polyakov
543fd85460
bn/asm/mips.pl: hardwire local call to bn_div_words.
2013-01-22 21:13:37 +01:00
Andy Polyakov
1598af9ac9
sha512-ppc.pl: minimize stack frame.
2013-01-22 21:09:14 +01:00
Dr. Stephen Henson
f20c673d0d
Don't include comp.h if no-comp set.
2013-01-20 02:34:25 +00:00
Andy Polyakov
a006fef78e
Improve WINCE support.
...
Submitted by: Pierre Delaage
2013-01-19 21:23:13 +01:00
Ben Laurie
6f0a93b069
Merge branch 'master' of openssl.net:openssl
2013-01-19 17:35:41 +00:00
Andy Polyakov
d4571f43e8
sha512-ppc.pl: add PPC32 code, >2x improvement on in-order cores.
2013-01-19 17:22:05 +01:00
Ben Laurie
a6bbbf2ff5
Make "make depend" work on MacOS out of the box.
2013-01-19 14:14:30 +00:00
Ben Laurie
08e5536445
Fix some clang warnings.
2013-01-13 21:04:39 +00:00
Ben Laurie
f00c54ae2e
Fix warning.
2013-01-06 19:03:48 +00:00
Dr. Stephen Henson
c1faa8b5b2
make no-comp compile
2012-12-30 16:04:51 +00:00
Dr. Stephen Henson
bdcf772aa5
Portability fix: use BIO_snprintf and pick up strcasecmp alternative
...
definitions from e_os.h
2012-12-26 23:51:56 +00:00
Dr. Stephen Henson
2dabd82236
Make partial chain checking work if we only have the EE certificate in
...
the trust store.
2012-12-21 18:31:32 +00:00
Dr. Stephen Henson
0028a23b9f
revert OCSP_basic_verify changes: they aren't needed now we support partial chain verification and can pass verify options to ocsp utility
2012-12-20 18:51:00 +00:00
Andy Polyakov
0a2d5003df
dso/dso_win32.c: fix compiler warning.
2012-12-18 18:19:54 +00:00
Andy Polyakov
f469880c61
d1_lib.c,bss_dgram.c: eliminate dependency on _ftime.
2012-12-16 19:02:59 +00:00
Dr. Stephen Henson
e9754726d2
Check chain is not NULL before assuming we have a validated chain.
...
The modification to the OCSP helper purpose breaks normal OCSP verification.
It is no longer needed now we can trust partial chains.
2012-12-15 02:58:00 +00:00
Dr. Stephen Henson
2a21cdbe6b
Use new partial chain flag instead of modifying input parameters.
2012-12-13 18:20:47 +00:00
Dr. Stephen Henson
51e7a4378a
New verify flag to return success if we have any certificate in the
...
trusted store instead of the default which is to return an error if
we can't build the complete chain.
2012-12-13 18:14:46 +00:00
Ben Laurie
b204ab6506
Update ignores.
2012-12-11 15:52:10 +00:00
Ben Laurie
ec40e5ff42
Tabification. Remove accidental duplication.
2012-12-10 16:52:17 +00:00
Ben Laurie
30c278aa6b
Fix OCSP checking.
2012-12-07 18:47:47 +00:00
Dr. Stephen Henson
abd2ed012b
Fix two bugs which affect delta CRL handling:
...
Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.
2012-12-06 18:24:28 +00:00
Dr. Stephen Henson
3bf15e2974
Integrate host, email and IP address checks into X509_verify.
...
Add new verify options to set checks.
Remove previous -check* commands from s_client and s_server.
2012-12-05 18:35:20 +00:00
Andy Polyakov
8df400cf8d
aes-s390x.pl: fix XTS bugs in z196-specific code path.
2012-12-05 17:44:45 +00:00
Andy Polyakov
3766e7ccab
ghash-sparcv9.pl: shave off one more xmulx, improve T3 performance by 7%.
2012-12-04 20:21:24 +00:00
Dr. Stephen Henson
2e8cb108dc
initial support for delta CRL generations by diffing two full CRLs
2012-12-04 18:35:36 +00:00
Andy Polyakov
f91926a240
cryptlib.c: fix logical error.
2012-12-01 18:24:20 +00:00
Andy Polyakov
9282c33596
aesni-x86_64.pl: CTR face lift, +25% on Bulldozer.
2012-12-01 18:20:39 +00:00
Andy Polyakov
c3cddeaec8
aes-s390x.pl: harmonize software-only code path [and minor optimization].
2012-12-01 11:06:19 +00:00
Dr. Stephen Henson
2fceff5ba3
PR: 2803
...
Submitted by: jean-etienne.schwartz@bull.net
In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
2012-11-29 19:15:14 +00:00
Dr. Stephen Henson
f404278186
add wrapper function for certificate download
2012-11-29 01:15:09 +00:00
Dr. Stephen Henson
68f5500d31
constify
2012-11-29 01:13:38 +00:00
Dr. Stephen Henson
6f9076ff37
Generalise OCSP I/O functions to support dowloading of other ASN1
...
structures using HTTP. Add wrapper function to handle CRL download.
2012-11-28 16:22:53 +00:00
Andy Polyakov
904732f68b
C64x+ assembly pack: improve EABI support.
2012-11-28 13:19:10 +00:00
Andy Polyakov
cf5ecc3e1f
Update support for Intel compiler: add linux-x86_64-icc and fix problems.
2012-11-28 13:05:13 +00:00
Dr. Stephen Henson
2c340864be
New functions to set lookup_crls callback and to retrieve internal X509_STORE
...
from X509_STORE_CTX.
2012-11-27 23:47:48 +00:00
Andy Polyakov
cd68694646
AES for SPARC T4: add XTS, reorder subroutines to improve TLB locality.
2012-11-24 21:55:23 +00:00
Dr. Stephen Henson
46a6cec699
Reorganise parameters for OPENSSL_gmtime_diff.
...
Make ASN1_UTCTIME_cmp_time_t more robust by using the new time functions.
2012-11-21 14:13:20 +00:00
Dr. Stephen Henson
472af806ce
Submitted by: Florian Weimer <fweimer@redhat.com>
...
PR: 2909
Update test cases to cover internal error return values.
Remove IDNA wildcard filter.
2012-11-21 14:10:48 +00:00
Dr. Stephen Henson
598c423e65
don't use psec or pdays if NULL
2012-11-20 15:20:40 +00:00
Dr. Stephen Henson
360ef6769e
first parameter is difference in days, not years
2012-11-20 15:19:53 +00:00
Dr. Stephen Henson
d223dfe641
make depend
2012-11-19 15:13:33 +00:00