wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/ssl
History
Dr. Stephen Henson c4e6fb1524 Timing fix mitigation for FIPS mode. 
We have to use EVP in FIPS mode so we can only partially mitigate
timing differences.

Make an extra call to EVP_DigestSignUpdate to hash additonal blocks
to cover any timing differences caused by removal of padding.
(cherry picked from commit b908e88ec1)
2013-02-06 14:19:08 +00:00
..
.cvsignore Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
bio_ssl.c OPENSSL_NO_SOCK fixes. 2012-04-16 17:42:36 +00:00
d1_both.c PR: 2755 2012-03-06 13:47:43 +00:00
d1_clnt.c Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
d1_enc.c Update DTLS code to match CBC decoding in TLS. 2013-02-06 14:19:07 +00:00
d1_lib.c Improve WINCE support. 2013-01-19 21:23:13 +01:00
d1_meth.c Let the TLSv1_method() etc. functions return a const SSL_METHOD 2005-08-14 21:48:33 +00:00
d1_pkt.c Update DTLS code to match CBC decoding in TLS. 2013-02-06 14:19:07 +00:00
d1_srtp.c Submitted by: Eric Rescorla <ekr@rtfm.com> 2012-02-11 22:53:31 +00:00
d1_srvr.c PR: 2778(part) 2012-03-31 18:03:02 +00:00
dtls1.h PR: 2658 2011-12-31 22:59:57 +00:00
install-ssl.com Install srtp.h 2012-07-05 13:20:19 +00:00
kssl.c Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
kssl.h make kerberos work with OPENSSL_NO_SSL_INTERN 2011-05-11 22:50:18 +00:00
kssl_lcl.h Merge from 1.0.0-stable branch. 2009-04-23 16:32:42 +00:00
Makefile Make CBC decoding constant time. 2013-02-06 14:19:07 +00:00
s2_clnt.c Add and use a constant-time memcmp. 2013-02-06 14:16:55 +00:00
s2_enc.c Update ssl library to support EVP_PKEY MAC API. Include generic MAC support. 2007-06-04 17:04:40 +00:00
s2_lib.c Add ctrl and utility functions to retrieve raw cipher list sent by client in 2012-09-12 13:57:48 +00:00
s2_meth.c Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
s2_pkt.c Add and use a constant-time memcmp. 2013-02-06 14:16:55 +00:00
s2_srvr.c Fix some warnings caused by __owur. Temporarily (I hope) remove the more 2011-11-14 00:36:10 +00:00
s3_both.c Add and use a constant-time memcmp. 2013-02-06 14:16:55 +00:00
s3_cbc.c Timing fix mitigation for FIPS mode. 2013-02-06 14:19:08 +00:00
s3_clnt.c perform sanity checks on server certificate type as soon as it is received instead of waiting until server key exchange 2012-08-31 11:18:54 +00:00
s3_enc.c Update DTLS code to match CBC decoding in TLS. 2013-02-06 14:19:07 +00:00
s3_lib.c Print out point format list for clients too. 2012-11-26 18:39:38 +00:00
s3_meth.c Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
s3_pkt.c Update DTLS code to match CBC decoding in TLS. 2013-02-06 14:19:07 +00:00
s3_srvr.c stop warning when compiling with no-comp 2012-12-29 23:37:56 +00:00
s23_clnt.c send out the raw SSL/TLS headers to the msg_callback and display them in SSL_trace 2012-12-07 23:42:33 +00:00
s23_lib.c Fix warnings. 2010-06-12 14:13:23 +00:00
s23_meth.c Initial incomplete TLS v1.2 support. New ciphersuites added, new version 2011-04-29 22:56:51 +00:00
s23_pkt.c Reorder inclusion of header files: 2002-07-10 07:01:54 +00:00
s23_srvr.c Add three Suite B modes to TLS code, supporting RFC6460. 2012-08-15 15:15:05 +00:00
srtp.h move internal functions to ssl_locl.h 2011-11-21 22:52:13 +00:00
ssl-lib.com Add d1_srtp and t1_trce. 2012-07-05 13:20:02 +00:00
ssl.h typo 2012-12-26 15:23:42 +00:00
ssl2.h Initial "opaque SSL" framework. If an application defines 2011-04-29 22:37:12 +00:00
ssl3.h Make CBC decoding constant time. 2013-02-06 14:19:07 +00:00
ssl23.h
ssl_algs.c Make CBC decoding constant time. 2013-02-06 14:19:07 +00:00
ssl_asn1.c Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
ssl_cert.c Add ctrl and utility functions to retrieve raw cipher list sent by client in 2012-09-12 13:57:48 +00:00
ssl_ciph.c return error if Suite B mode is selected and TLS 1.2 can't be used. Correct error coded 2012-12-01 18:33:21 +00:00
ssl_conf.c really fix automatic ;-) 2012-12-07 12:41:13 +00:00
ssl_err.c return error if Suite B mode is selected and TLS 1.2 can't be used. Correct error coded 2012-12-01 18:33:21 +00:00
ssl_err2.c Use new-style system-id macros everywhere possible. I hope I haven't 2001-02-20 08:13:47 +00:00
ssl_lib.c fix typo and warning 2012-11-19 02:46:46 +00:00
ssl_locl.h Timing fix mitigation for FIPS mode. 2013-02-06 14:19:08 +00:00
ssl_rsa.c Rearrange and test authz extension. 2012-06-07 13:20:47 +00:00
ssl_sess.c Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
ssl_stat.c PR: 1794 2011-11-25 00:17:44 +00:00
ssl_task.c Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
ssl_txt.c Initial incomplete TLS v1.2 support. New ciphersuites added, new version 2011-04-29 22:56:51 +00:00
ssltest.c stop warning when compiling with no-comp 2012-12-29 23:37:56 +00:00
t1_clnt.c Initial incomplete TLS v1.2 support. New ciphersuites added, new version 2011-04-29 22:56:51 +00:00
t1_enc.c Timing fix mitigation for FIPS mode. 2013-02-06 14:19:08 +00:00
t1_lib.c Add and use a constant-time memcmp. 2013-02-06 14:16:55 +00:00
t1_meth.c Initial incomplete TLS v1.2 support. New ciphersuites added, new version 2011-04-29 22:56:51 +00:00
t1_reneg.c Update RI to match latest spec. 2009-12-27 22:58:55 +00:00
t1_srvr.c Initial incomplete TLS v1.2 support. New ciphersuites added, new version 2011-04-29 22:56:51 +00:00
t1_trce.c Fix for trace code: SSL3 doesn't include a length value for 2013-02-04 15:13:12 +00:00
tls1.h Add three Suite B modes to TLS code, supporting RFC6460. 2012-08-15 15:15:05 +00:00
tls_srp.c PR: 1794 2011-12-14 22:17:06 +00:00