| #
f756fb43 |
| 18-Aug-2014 |
Justin Blanchard |
RT1815: More const'ness improvements
Add a dozen more const declarations where appropriate.
These are from Justin; while adding his patch, I noticed
ASN1_BIT_STRING_check could be fi
RT1815: More const'ness improvements
Add a dozen more const declarations where appropriate.
These are from Justin; while adding his patch, I noticed
ASN1_BIT_STRING_check could be fixed, too.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
show more ...
|
| #
687721a7 |
| 10-Jun-2014 |
Matt Caswell |
Fixed incorrect return code handling in ssl3_final_finish_mac.
Based on an original patch by Joel Sing (OpenBSD) who also originally identified the issue.
|
| #
043fd646 |
| 13-Jun-2014 |
Matt Caswell |
Revert "Fixed incorrect return code handling in ssl3_final_finish_mac"
This reverts commit 2f1dffa88e1b120add4f0b3a794fbca65aa7768d.
Missing attribution.
|
| #
2f1dffa8 |
| 10-Jun-2014 |
Matt Caswell |
Fixed incorrect return code handling in ssl3_final_finish_mac
|
|
Revision tags: OpenSSL-fips-2_0_3 |
|
| #
5e3ff62c |
| 22-Mar-2013 |
Dr. Stephen Henson |
Experimental encrypt-then-mac support.
Experimental support for encrypt then mac from
draft-gutmann-tls-encrypt-then-mac-02.txt
To enable it set the appropriate extension number
Experimental encrypt-then-mac support.
Experimental support for encrypt then mac from
draft-gutmann-tls-encrypt-then-mac-02.txt
To enable it set the appropriate extension number (0x10 for the test server)
using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10
For non-compliant peers (i.e. just about everything) this should have no
effect.
show more ...
|
| #
478b50cf |
| 12-Jun-2013 |
Veres Lajos |
misspellings fixes by https://github.com/vlajos/misspell_fixer
|
|
Revision tags: OpenSSL_1_0_1e |
|
| #
dd7e60bd |
| 08-Feb-2013 |
Andy Polyakov |
ssl/*: revert "remove SSL_RECORD->orig_len" and merge "fix IV".
Revert is appropriate because binary compatibility is not an issue
in 1.1.
|
|
Revision tags: OpenSSL_0_9_8y, OpenSSL_1_0_0k, OpenSSL_1_0_1d |
|
| #
2aec073a |
| 01-Feb-2013 |
Andy Polyakov |
ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility.
Kludge alert. This is arranged by passing padding length in unused
bits of SSL3_RECORD->type, so that orig_len can be
ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility.
Kludge alert. This is arranged by passing padding length in unused
bits of SSL3_RECORD->type, so that orig_len can be reconstructed.
(cherry picked from commit 8bfd4c659f180a6ce34f21c0e62956b362067fba)
show more ...
|
| #
e33ac0e7 |
| 28-Jan-2013 |
Ben Laurie |
Update DTLS code to match CBC decoding in TLS.
This change updates the DTLS code to match the constant-time CBC
behaviour in the TLS.
(cherry picked from commit 9f27de170d1b7bef3d46d
Update DTLS code to match CBC decoding in TLS.
This change updates the DTLS code to match the constant-time CBC
behaviour in the TLS.
(cherry picked from commit 9f27de170d1b7bef3d46d41382dc4dafde8b3900)
show more ...
|
| #
93cab6b3 |
| 28-Jan-2013 |
Ben Laurie |
Don't crash when processing a zero-length, TLS >= 1.1 record.
The previous CBC patch was bugged in that there was a path through enc()
in s3_pkt.c/d1_pkt.c which didn't set orig_len. ori
Don't crash when processing a zero-length, TLS >= 1.1 record.
The previous CBC patch was bugged in that there was a path through enc()
in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left
at the previous value which could suggest that the packet was a
sufficient length when it wasn't.
(cherry picked from commit 6cb19b7681f600b2f165e4adc57547b097b475fd)
show more ...
|
| #
2acc020b |
| 28-Jan-2013 |
Ben Laurie |
Make CBC decoding constant time.
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle a
Make CBC decoding constant time.
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.
This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.
In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bccfc0bb9da254dc84e23bc6a1c78a64e)
show more ...
|
|
Revision tags: OpenSSL-fips-2_0-pl1, OpenSSL-fips-2_0_2, OpenSSL-fips-2_0_1 |
|
| #
81f57e5a |
| 28-Aug-2012 |
Dr. Stephen Henson |
oops, typo
|
| #
1cf218bc |
| 28-Aug-2012 |
Dr. Stephen Henson |
New compile time option OPENSSL_SSL_TRACE_CRYPTO, when set this passes
all derived keys to the message callback.
Add code to SSL_trace to include support for printing out keys.
|
|
Revision tags: OpenSSL_1_0_1c, OpenSSL_1_0_0j, OpenSSL_0_9_8x, OpenSSL_1_0_1b, OpenSSL_0_9_8w, OpenSSL_1_0_1a, OpenSSL_0_9_8v, OpenSSL_1_0_0i, OpenSSL_1_0_1, OpenSSL_1_0_0h, OpenSSL_0_9_8u, OpenSSL_1_0_1-beta3, OpenSSL_1_0_1-beta2, OpenSSL-fips-2_0, OpenSSL_1_0_0g, OpenSSL_0_9_8t |
|
| #
27dfffd5 |
| 04-Jan-2012 |
Dr. Stephen Henson |
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)
|
|
Revision tags: OpenSSL_0_9_8s, OpenSSL_1_0_0f, OpenSSL-fips-2_0-rc8, OpenSSL_1_0_1-beta1, OpenSSL-fips-2_0-rc7, OpenSSL-fips-2_0-rc6, OpenSSL-fips-2_0-rc5, OpenSSL-fips-2_0-rc4, OpenSSL-fips-2_0-rc3, OpenSSL-fips-2_0-rc2, OpenSSL-fips-2_0-rc1, OpenSSL-fips-1_2_3, OpenSSL-fips-1_2_2, OpenSSL-fips-1_2_1, OpenSSL_1_0_0e |
|
| #
8f119a03 |
| 31-May-2011 |
Dr. Stephen Henson |
set FIPS permitted flag before initalising digest
|
| #
f37f20ff |
| 20-May-2011 |
Dr. Stephen Henson |
PR: 2295
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve
OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
|
| #
086e32a6 |
| 19-May-2011 |
Dr. Stephen Henson |
Implement FIPS_mode and FIPS_mode_set
|
| #
7409d7ad |
| 29-Apr-2011 |
Dr. Stephen Henson |
Initial incomplete TLS v1.2 support. New ciphersuites added, new version
checking added, SHA256 PRF support added.
At present only RSA key exchange ciphersuites work with TLS v1.2 as the
Initial incomplete TLS v1.2 support. New ciphersuites added, new version
checking added, SHA256 PRF support added.
At present only RSA key exchange ciphersuites work with TLS v1.2 as the
new signature format is not yet implemented.
show more ...
|
|
Revision tags: OpenSSL_1_0_0d, OpenSSL_0_9_8r, OpenSSL_0_9_8q, OpenSSL_1_0_0c, OpenSSL_0_9_8p, OpenSSL_1_0_0b |
|
| #
c8bbd98a |
| 12-Jun-2010 |
Ben Laurie |
Fix warnings.
|
|
Revision tags: OpenSSL_0_9_8o, OpenSSL_1_0_0a, OpenSSL_1_0_0, OpenSSL_0_9_8n, OpenSSL_0_9_8m, OpenSSL_0_9_8m-beta1, OpenSSL_1_0_0-beta5, OpenSSL_1_0_0-beta4, OpenSSL_0_9_8l, OpenSSL_1_0_0-beta3, OpenSSL_1_0_0-beta2 |
|
| #
8711efb4 |
| 20-Apr-2009 |
Dr. Stephen Henson |
Updates from 1.0.0-stable branch.
|
| #
220bd849 |
| 06-Apr-2009 |
Dr. Stephen Henson |
Updates from 1.0.0-stable
|
|
Revision tags: OpenSSL_1_0_0-beta1, OpenSSL_0_9_8k, OpenSSL_0_9_8j |
|
| #
0eab41fb |
| 29-Dec-2008 |
Ben Laurie |
If we're going to return errors (no matter how stupid), then we should
test for them!
|
| #
85e878f2 |
| 29-Dec-2008 |
Ben Laurie |
Die earlier if hash is NULL. (Coverity IDs 137 & 138).
|
| #
0e941da6 |
| 29-Dec-2008 |
Ben Laurie |
Die earlier if we have no hash function.
|
| #
6ba71a71 |
| 27-Dec-2008 |
Ben Laurie |
Handle the unlikely event that BIO_get_mem_data() returns -ve.
|
