| Age | Commit message (Collapse) | Author |
|---|
|
There are lots of calls to EVP functions from within libssl There were
various places where we should probably check the return value but don't.
This adds these checks.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 56d913467541506572f908a34c32ca7071f77a94)
Conflicts:
ssl/s3_enc.c
ssl/s3_srvr.c
|
|
Cleanse various intermediate buffers used by the PRF (backported version
from master).
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 35fafc4dbc0b3a717ad1b208fe2867e8c64867de)
Conflicts:
ssl/s3_enc.c
|
|
This should be a one off operation (subsequent invokation of the
script should not move them)
This commit is for the 1.0.1 changes
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Conflicts:
apps/ciphers.c
ssl/s3_pkt.c
Conflicts:
crypto/ec/ec_curve.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
failure.
PR#1767
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Based on an original patch by Joel Sing (OpenBSD) who also originally identified the issue.
|
|
This reverts commit 9ab788aa23feaa0e3b9efc2213e0c27913f8d987.
Missing attribution
|
|
|
|
|
|
This change updates the DTLS code to match the constant-time CBC
behaviour in the TLS.
|
|
The previous CBC patch was bugged in that there was a path through enc()
in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left
at the previous value which could suggest that the packet was a
sufficient length when it wasn't.
|
|
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.
This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.
In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
|
|
|
|
|
|
than client side as we need to keep the handshake record cache frozen when
it contains all the records need to process the certificate verify message.
(backport from HEAD).
|
|
no FIPS compilation support
|
|
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
|
|
|
|
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org
Fix various typos and stuff.
|
|
|
|
test for them!
|
|
|
|
|
|
|
|
and cast from pointer to int of different size (linux-x86_64 and align).
|
|
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
|
|
|
|
This change resolves a number of problems and obviates multiple kludges.
A new feature is that you can now say "AES256" or "AES128" (not just
"AES", which enables both).
In some cases the ciphersuite list generated from a given string is
affected by this change. I hope this is just in those cases where the
previous behaviour did not make sense.
|
|
PR: 1490
|
|
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
|
|
|
|
Submitted by: Peter Sylvester
|
|
|
|
|
|
|
|
Submitted by: Nils Larsch
|
|
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
|
|
|
|
I've covered all the memset()s I felt safe modifying, but may have missed some.
|
|
|
|
des_old.h redefines crypt:
#define crypt(b,s)\
DES_crypt((b),(s))
This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:
|
|
(but noone uses it anyway)
fix t1_enc.c: use OPENSSL_NO_RC4, not NO_RC4
|
|
vulnerability workaround (included in SSL_OP_ALL).
PR: #90
|
|
Fix length checks in ssl3_get_client_hello().
Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
|
|
|
|
to digests to retain compatibility.
|
|
with existing code.
Modify library to use digest *_ex() functions.
|
