| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
branches it needs to be in a "gap".
(cherry picked from commit 81ce0e14e72e8e255ad1bd9c7cfaa47a6291919c)
|
|
(cherry picked from commit 35d732fc2e1badce13be22a044187ebd4d769552)
|
|
|
|
(cherry picked from commit 134c00659a1bc67ad35a1e4620e16bc4315e6e37)
|
|
PR: 2963 and a number of others
(cherry picked from commit 4568182a8b8cbfd15cbc175189029ac547bd1762)
|
|
|
|
(cherry picked from commit d5371324d978e4096bf99b9d0fe71b2cb65d9dc8)
|
|
RISCs are picky and alignment granted by compiler for md_state can be
insufficient for SHA512.
(cherry picked from commit 36260233e7e3396feed884d3f501283e0453c04f)
|
|
Break dependency on uint64_t. It's possible to declare bits as
unsigned int, because TLS packets are limited in size and 32-bit
value can't overflow.
(cherry picked from commit cab13fc8473856a43556d41d8dac5605f4ba1f91)
|
|
This change updates the DTLS code to match the constant-time CBC
behaviour in the TLS.
(cherry picked from commit 9f27de170d1b7bef3d46d41382dc4dafde8b3900)
|
|
The previous CBC patch was bugged in that there was a path through enc()
in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left
at the previous value which could suggest that the packet was a
sufficient length when it wasn't.
(cherry picked from commit 6cb19b7681f600b2f165e4adc57547b097b475fd)
|
|
|
|
(cherry picked from commit 014265eb02e26f35c8db58e2ccbf100b0b2f0072)
|
|
|
|
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.
This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.
In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bccfc0bb9da254dc84e23bc6a1c78a64e)
Conflicts:
crypto/evp/c_allc.c
ssl/ssl_algs.c
ssl/ssl_locl.h
ssl/t1_enc.c
|
|
This change adds CRYPTO_memcmp, which compares two vectors of bytes in
an amount of time that's independent of their contents. It also changes
several MAC compares in the code to use this over the standard memcmp,
which may leak information about the size of a matching prefix.
(cherry picked from commit 2ee798880a246d648ecddadc5b91367bee4a5d98)
Conflicts:
crypto/crypto.h
ssl/t1_lib.c
|
|
Add additional check to catch this in ASN1_item_verify too.
|
|
|
|
PR: 2963 and a number of others
|
|
|
|
Submitted by: Dmitry Belyavsky, Seguei Leontiev
PR: 2821
|
|
|
|
|
|
|
|
|
|
|
|
Reported by: Daniel Black <daniel.black@openquery.com>
Support renewing session tickets (backport from HEAD).
|
|
Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.
|
|
|
|
|
|
Submitted by: jean-etienne.schwartz@bull.net
In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
|
|
|
|
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>
Fix DH double free if parameter generation fails.
|
|
|
|
|
|
Submitted by: "Florian Rüchel" <florian.ruechel@ruhr-uni-bochum.de>
Correctly handle local machine keys in the capi ENGINE.
|
|
PR: 2896
|
|
Submitted by: Adam Langley
|
|
|
|
|
|
|
|
little maze of #ifs, all different).
|
|
Submitted by: Adam Langley
|
|
|
|
debugging code that's seldom used.
|
|
Submitted by: Chromium Authors
|
|
|
|
Multiple copies of the ENGINE will cause problems when it is cleaned up as
the methods are stored in static structures which will be overwritten and
freed up more than once.
Set static methods to NULL when the ENGINE is freed so it can be reloaded.
|
