wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/ssl
History
Dr. Stephen Henson b908e88ec1 Timing fix mitigation for FIPS mode. 
We have to use EVP in FIPS mode so we can only partially mitigate
timing differences.

Make an extra call to EVP_DigestSignUpdate to hash additonal blocks
to cover any timing differences caused by removal of padding.
2013-01-31 12:34:10 +00:00
..
.cvsignore Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
bio_ssl.c OPENSSL_NO_SOCK fixes [from HEAD]. 2012-04-16 17:43:15 +00:00
d1_both.c PR: 2755 2012-03-06 13:47:27 +00:00
d1_clnt.c PR: 2748 2012-03-06 13:24:16 +00:00
d1_enc.c Update DTLS code to match CBC decoding in TLS. 2013-01-28 17:34:33 +00:00
d1_lib.c correct error code 2012-04-18 14:53:48 +00:00
d1_meth.c Let the TLSv1_method() etc. functions return a const SSL_METHOD 2005-08-14 21:48:33 +00:00
d1_pkt.c Update DTLS code to match CBC decoding in TLS. 2013-01-28 17:34:33 +00:00
d1_srtp.c Submitted by: Eric Rescorla <ekr@rtfm.com> 2012-02-11 22:53:48 +00:00
d1_srvr.c PR: 2778(part) 2012-03-31 18:02:43 +00:00
dtls1.h Reduce version skew. 2012-06-08 09:18:47 +00:00
install-ssl.com Don't forget to install srtp.h as well 2012-05-10 15:01:22 +00:00
kssl.c make kerberos work with OPENSSL_NO_SSL_INTERN 2011-05-11 22:52:34 +00:00
kssl.h make kerberos work with OPENSSL_NO_SSL_INTERN 2011-05-11 22:52:34 +00:00
kssl_lcl.h Some fixes for kerberos builds. 2009-04-21 22:20:12 +00:00
Makefile Make CBC decoding constant time. 2013-01-28 17:31:49 +00:00
s2_clnt.c Add and use a constant-time memcmp. 2013-01-28 17:30:38 +00:00
s2_enc.c Update ssl library to support EVP_PKEY MAC API. Include generic MAC support. 2007-06-04 17:04:40 +00:00
s2_lib.c Make no-ssl2 work including on Win32 builds. 2009-04-04 17:57:34 +00:00
s2_meth.c Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
s2_pkt.c Add and use a constant-time memcmp. 2013-01-28 17:30:38 +00:00
s2_srvr.c Reduce version skew. 2012-06-08 09:18:47 +00:00
s3_both.c Add and use a constant-time memcmp. 2013-01-28 17:30:38 +00:00
s3_cbc.c Timing fix mitigation for FIPS mode. 2013-01-31 12:34:10 +00:00
s3_clnt.c Reduce version skew. 2012-06-08 09:18:47 +00:00
s3_enc.c Update DTLS code to match CBC decoding in TLS. 2013-01-28 17:34:33 +00:00
s3_lib.c PR: 2806 2012-05-10 18:24:32 +00:00
s3_meth.c Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
s3_pkt.c Update DTLS code to match CBC decoding in TLS. 2013-01-28 17:34:33 +00:00
s3_srvr.c Call OCSP Stapling callback after ciphersuite has been chosen, so the 2012-09-17 14:39:38 +00:00
s23_clnt.c s23_clnt.c: ensure interoperability by maitaining client "version capability" 2012-04-25 22:07:23 +00:00
s23_lib.c Fix warnings (From HEAD, original patch by Ben). 2010-06-15 17:25:15 +00:00
s23_meth.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
s23_pkt.c Reorder inclusion of header files: 2002-07-10 07:01:54 +00:00
s23_srvr.c add FIPS support to ssl: doesn't do anything on this branch yet as there is no FIPS compilation support 2011-05-19 18:22:16 +00:00
srtp.h move internal functions to ssl_locl.h 2011-11-21 22:52:01 +00:00
ssl-lib.com PR: 2652 2012-01-05 14:30:08 +00:00
ssl.h Reduce version skew. 2012-06-08 09:18:47 +00:00
ssl2.h Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN 2011-05-11 12:56:38 +00:00
ssl3.h Make CBC decoding constant time. 2013-01-28 17:31:49 +00:00
ssl23.h
ssl_algs.c Make CBC decoding constant time. 2013-01-28 17:31:49 +00:00
ssl_asn1.c Use correct tag for SRP username. 2011-10-25 12:52:47 +00:00
ssl_cert.c don't use pseudo digests for default values of keys 2012-06-27 14:11:40 +00:00
ssl_ciph.c add "missing" TLSv1.2 cipher alias 2012-11-15 19:15:20 +00:00
ssl_err.c correct error code 2012-04-18 14:53:48 +00:00
ssl_err2.c Use new-style system-id macros everywhere possible. I hope I haven't 2001-02-20 08:13:47 +00:00
ssl_lib.c Minor enhancement to PR#2836 fix. Instead of modifying SSL_get_certificate 2012-09-21 14:01:59 +00:00
ssl_locl.h Timing fix mitigation for FIPS mode. 2013-01-31 12:34:10 +00:00
ssl_rsa.c Reduce version skew. 2012-06-08 09:18:47 +00:00
ssl_sess.c New ctrl values to clear or retrieve extra chain certs from an SSL_CTX. 2011-12-22 15:01:16 +00:00
ssl_stat.c PR: 1794 2011-11-25 00:18:10 +00:00
ssl_task.c Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
ssl_txt.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
ssltest.c Reduce version skew. 2012-06-08 09:18:47 +00:00
t1_clnt.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
t1_enc.c Timing fix mitigation for FIPS mode. 2013-01-31 12:34:10 +00:00
t1_lib.c Add and use a constant-time memcmp. 2013-01-28 17:30:38 +00:00
t1_meth.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
t1_reneg.c Update RI to match latest spec. 2009-12-27 22:59:09 +00:00
t1_srvr.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
tls1.h Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> 2012-03-09 18:37:41 +00:00
tls_srp.c Reduce version skew. 2012-06-08 09:18:47 +00:00