diff options
author | Ben Laurie <ben@links.org> | 2013-01-28 17:31:49 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-02-05 16:50:32 +0000 |
commit | 35a65e814beb899fa1c69a7673a8956c6059dce7 (patch) | |
tree | 9c17f5efd8e81b7fee9a5d403a2371ad5f2e3af2 /crypto | |
parent | 7ad132b1335807d0017e2546b3a869ca77f111c3 (diff) |
Make CBC decoding constant time.
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.
This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.
In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bccfc0bb9da254dc84e23bc6a1c78a64e)
Conflicts:
crypto/evp/c_allc.c
ssl/ssl_algs.c
ssl/ssl_locl.h
ssl/t1_enc.c
(cherry picked from commit 3622239826698a0e534dcf0473204c724bb9b4b4)
Conflicts:
ssl/d1_enc.c
ssl/s3_enc.c
ssl/s3_pkt.c
ssl/ssl3.h
ssl/ssl_algs.c
ssl/t1_enc.c
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/evp/c_allc.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index e45cee8ab0..354090f21f 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -194,6 +194,7 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher_alias(SN_aes_256_cbc,"AES256"); EVP_add_cipher_alias(SN_aes_256_cbc,"aes256"); #endif +#endif #ifndef OPENSSL_NO_CAMELLIA EVP_add_cipher(EVP_camellia_128_ecb()); |