summaryrefslogtreecommitdiffstats
path: root/ssl/s3_cbc.c
AgeCommit message (Collapse)Author
2015-01-22Re-align some comments after running the reformat script.OpenSSL_1_0_1-post-reformatMatt Caswell
This should be a one off operation (subsequent invokation of the script should not move them) This commit is for the 1.0.1 changes Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Run util/openssl-format-source -v -c .Matt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22mark all block comments that need format preserving so thatTim Hudson
indent will not alter them when reformatting comments (cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960) Conflicts: crypto/bn/bn_lcl.h crypto/bn/bn_prime.c crypto/engine/eng_all.c crypto/rc4/rc4_utl.c crypto/sha/sha.h ssl/kssl.c ssl/t1_lib.c Conflicts: crypto/rc4/rc4_enc.c crypto/x509v3/v3_scts.c crypto/x509v3/v3nametest.c ssl/d1_both.c ssl/s3_srvr.c ssl/ssl.h ssl/ssl_locl.h ssl/ssltest.c ssl/t1_lib.c Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-24RT3066: rewrite RSA padding checks to be slightly more constant time.Emilia Kasper
Also tweak s3_cbc.c to use new constant-time methods. Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1 This patch is based on the original RT submission by Adam Langley <agl@chromium.org>, as well as code from BoringSSL and OpenSSL. Reviewed-by: Kurt Roeckx <kurt@openssl.org> Conflicts: crypto/rsa/rsa_oaep.c
2014-08-28Constant-time utilitiesEmilia Kasper
Pull constant-time methods out to a separate header, add tests. Reviewed-by: Bodo Moeller <bodo@openssl.org> (cherry picked from commit 9a9b0c0401cae443f115ff19921d347b20aa396b) Conflicts: test/Makefile
2013-02-12Check DTLS_BAD_VER for version number.David Woodhouse
The version check for DTLS1_VERSION was redundant as DTLS1_VERSION > TLS1_1_VERSION, however we do need to check for DTLS1_BAD_VER for compatibility. PR:2984 (cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc)
2013-02-08s3_cbc.c: make CBC_MAC_ROTATE_IN_PLACE universal.Andy Polyakov
(cherry picked from commit f93a41877d8d7a287debb7c63d7b646abaaf269c)
2013-02-08s3_cbc.c: get rid of expensive divisions [from master].Andy Polyakov
(cherry picked from commit e9baceab5a385e570706ca98dec768b2d89d1ac6)
2013-02-07Fix IV check and padding removal.Dr. Stephen Henson
Fix the calculation that checks there is enough room in a record after removing padding and optional explicit IV. (by Steve) For AEAD remove the correct number of padding bytes (by Andy)
2013-02-06Fix for EXP-RC2-CBC-MD5Adam Langley
MD5 should use little endian order. Fortunately the only ciphersuite affected is EXP-RC2-CBC-MD5 (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) which is a rarely used export grade ciphersuite.
2013-02-02e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues.Andy Polyakov
Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch.
2013-02-01ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility.Andy Polyakov
2013-02-01Don't access EVP_MD_CTX internals directly.Dr. Stephen Henson
2013-02-01s3/s3_cbc.c: allow for compilations with NO_SHA256|512.Andy Polyakov
2013-02-01ssl/s3_cbc.c: md_state alignment portability fix.Andy Polyakov
RISCs are picky and alignment granted by compiler for md_state can be insufficient for SHA512.
2013-02-01ssl/s3_cbc.c: uint64_t portability fix.Andy Polyakov
Break dependency on uint64_t. It's possible to declare bits as unsigned int, because TLS packets are limited in size and 32-bit value can't overflow.
2013-01-31typo.Dr. Stephen Henson
2013-01-31Timing fix mitigation for FIPS mode.Dr. Stephen Henson
We have to use EVP in FIPS mode so we can only partially mitigate timing differences. Make an extra call to EVP_DigestSignUpdate to hash additonal blocks to cover any timing differences caused by removal of padding.
2013-01-28Oops. Add missing file.Ben Laurie
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-29 05:05:34 +0000