wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto
History
Ben Laurie e130841bcc Make CBC decoding constant time. 
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
2013-01-28 17:31:49 +00:00
..
aes x86_64 assembly pack: make Windows build more robust [from master]. 2013-01-22 22:54:04 +01:00
asn1 Fix Valgrind warning. 2012-09-24 19:49:42 +00:00
bf Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA 2011-08-14 13:47:30 +00:00
bio Unused variable. 2012-07-01 16:04:12 +00:00
bn x86_64 assembly pack: make Windows build more robust [from master]. 2013-01-22 22:54:04 +01:00
buffer correct error code 2012-04-22 13:31:26 +00:00
camellia x86_64 assembly pack: make Windows build more robust [from master]. 2013-01-22 22:54:04 +01:00
cast Revert "version skew" patches that break FIPS compilation. 2012-06-09 23:35:34 +00:00
cmac oops, macro not present in OpenSSL 1.0.2 2012-04-11 15:11:16 +00:00
cms Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set 2013-01-23 01:07:23 +00:00
comp Assorted bugfixes: 2011-02-03 12:03:57 +00:00
conf PR: 2840 2012-07-03 20:16:30 +00:00
des Reduce version skew. 2012-06-08 09:18:47 +00:00
dh DH keys have an (until now) unused 'q' parameter. When creating from DSA copy 2011-11-14 14:16:09 +00:00
dsa DH keys have an (until now) unused 'q' parameter. When creating from DSA copy 2011-11-14 14:16:09 +00:00
dso PR: 2589 2011-09-01 13:52:38 +00:00
ec Fix EC_KEY initialization race. 2012-10-05 20:51:12 +00:00
ecdh Fix EC_KEY initialization race. 2012-10-05 20:51:12 +00:00
ecdsa Fix EC_KEY initialization race. 2012-10-05 20:51:12 +00:00
engine PR: 2735 2012-02-27 16:33:25 +00:00
err Don't include comp.h if no-comp set. 2013-01-20 01:10:52 +00:00
evp Make CBC decoding constant time. 2013-01-28 17:31:49 +00:00
hmac Backport PSS signature support from HEAD. 2011-10-09 23:13:50 +00:00
idea Revert "version skew" patches that break FIPS compilation. 2012-06-09 23:35:34 +00:00
jpake apply J-PKAKE fix to HEAD (original by Ben) 2010-11-29 18:33:28 +00:00
krb5
lhash
md2 Prohibit use of low level digest APIs in FIPS mode. 2011-06-01 13:39:45 +00:00
md4 Fix some clang warnings. 2013-01-14 00:22:28 +00:00
md5 x86_64 assembly pack: make Windows build more robust [from master]. 2013-01-22 22:54:04 +01:00
mdc2 Reduce version skew. 2012-06-08 09:18:47 +00:00
modes x86_64 assembly pack: make Windows build more robust [from master]. 2013-01-22 22:54:04 +01:00
objects Fix some clang warnings. 2013-01-14 00:22:28 +00:00
ocsp PR: 2803 2012-11-29 19:15:36 +00:00
pem In FIPS mode use PKCS#8 format when writing private keys: 2013-01-07 16:19:28 +00:00
perlasm Reduce version skew. 2012-06-08 09:18:47 +00:00
pkcs7 Reduce version skew. 2012-06-08 09:18:47 +00:00
pkcs12 Reduce version skew. 2012-06-08 09:18:47 +00:00
pqueue
rand PR: 2786 2012-08-22 22:42:04 +00:00
rc2 Revert "version skew" patches that break FIPS compilation. 2012-06-09 23:35:34 +00:00
rc4 x86_64 assembly pack: make Windows build more robust [from master]. 2013-01-22 22:54:04 +01:00
rc5
ripemd Fix some clang warnings. 2013-01-14 00:22:28 +00:00
rsa Add and use a constant-time memcmp. 2013-01-28 17:30:38 +00:00
seed Revert "version skew" patches that break FIPS compilation. 2012-06-09 23:35:34 +00:00
sha x86_64 assembly pack: make Windows build more robust [from master]. 2013-01-22 22:54:04 +01:00
srp Reduce version skew. 2012-06-08 09:18:47 +00:00
stack Add DTLS-SRTP. 2011-11-15 23:02:16 +00:00
store
threads
ts only include evp.h once 2012-01-24 22:59:46 +00:00
txt_db
ui Reduce version skew. 2012-06-08 09:18:47 +00:00
whrlpool x86_64 assembly pack: make Windows build more robust [from master]. 2013-01-22 22:54:04 +01:00
x509 Fix two bugs which affect delta CRL handling: 2012-12-06 18:25:03 +00:00
x509v3 Fix two bugs which affect delta CRL handling: 2012-12-06 18:25:03 +00:00
.cvsignore
alphacpuid.pl Alpha assembler fixed from HEAD. 2011-08-12 12:31:08 +00:00
arm_arch.h ARM assembler pack update from HEAD. 2011-11-14 20:58:01 +00:00
armcap.c ARM assembler pack update from HEAD. 2011-11-14 20:58:01 +00:00
armv4cpuid.S ARM assembler pack update from HEAD. 2011-11-14 20:58:01 +00:00
cpt_err.c Implement FIPS_mode and FIPS_mode_set 2011-05-19 18:19:07 +00:00
cryptlib.c Add and use a constant-time memcmp. 2013-01-28 17:30:38 +00:00
cryptlib.h Reduce version skew. 2012-06-08 09:18:47 +00:00
crypto-lib.com Add evp_cnf in the build. 2012-07-05 12:58:27 +00:00
crypto.h Add and use a constant-time memcmp. 2013-01-28 17:30:38 +00:00
cversion.c
ebcdic.c
ebcdic.h
ex_data.c
fips_err.h Update error codes for FIPS. 2011-10-21 13:04:27 +00:00
fips_ers.c Add FIPS error codes. 2011-06-21 16:58:10 +00:00
ia64cpuid.S IA64 assembler pack update from HEAD. 2011-11-14 20:45:57 +00:00
install-crypto.com Apply all the changes submitted by Steven M. Schweda <sms@antinode.info> 2011-03-19 09:47:47 +00:00
LPdir_nyi.c
LPdir_unix.c
LPdir_vms.c Apply all the changes submitted by Steven M. Schweda <sms@antinode.info> 2011-03-19 09:47:47 +00:00
LPdir_win.c
LPdir_win32.c
LPdir_wince.c
Makefile typo 2011-12-10 01:37:55 +00:00
md32_common.h
mem.c Reduce version skew. 2012-06-08 09:18:47 +00:00
mem_clr.c
mem_dbg.c
o_dir.c
o_dir.h
o_dir_test.c
o_fips.c call OPENSSL_init when calling FIPS_mode too 2012-04-20 14:42:54 +00:00
o_init.c The first of many changes to make OpenSSL 1.0.1 FIPS capable. 2011-05-26 14:19:19 +00:00
o_str.c
o_str.h
o_time.c Apply all the changes submitted by Steven M. Schweda <sms@antinode.info> 2011-03-19 09:47:47 +00:00
o_time.h
opensslconf.h.in
opensslv.h prepare for next version 2012-05-10 16:02:30 +00:00
ossl_typ.h Backport PSS signature support from HEAD. 2011-10-09 23:13:50 +00:00
pariscid.pl PA-RISC assembler pack update from HEAD. 2011-11-14 20:50:15 +00:00
ppccap.c ppccap.c: assume no features under 32-bit AIX kernel [from HEAD]. 2012-05-16 18:18:29 +00:00
ppccpuid.pl ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance 2012-04-27 20:20:15 +00:00
s390xcap.c s390x assembler pack update from HEAD. 2011-11-14 20:47:22 +00:00
s390xcpuid.S s390x assembler pack update from HEAD. 2011-11-14 20:47:22 +00:00
sparccpuid.S
sparcv9cap.c sparcv9cap.c: omit unused variable. 2012-01-12 14:19:52 +00:00
symhacks.h Have the new names start in column 48, that makes it easy to see when 2012-07-05 09:00:49 +00:00
uid.c
vms_rms.h Apply all the changes submitted by Steven M. Schweda <sms@antinode.info> 2011-03-19 09:47:47 +00:00
x86_64cpuid.pl x86_64 assembly pack: make Windows build more robust [from master]. 2013-01-22 22:54:04 +01:00
x86cpuid.pl Reduce version skew. 2012-06-08 09:18:47 +00:00