Make CBC decoding constant time.

This patch makes the decoding of SSLv3 and TLS CBC records constant time. Without this, a timing side-channel can be used to build a padding oracle and mount Vaudenay's attack. This patch also disables the stitched AESNI+SHA mode pending a similar fix to that code. In order to be easy to backport, this change is implemented in ssl/, rather than as a generic AEAD mode. In the future this should be changed around so that HMAC isn't in ssl/, but crypto/ as FIPS expects. (cherry picked from commit e130841bccfc0bb9da254dc84e23bc6a1c78a64e) Conflicts: crypto/evp/c_allc.c ssl/ssl_algs.c ssl/ssl_locl.h ssl/t1_enc.c (cherry picked from commit 3622239826698a0e534dcf0473204c724bb9b4b4) Conflicts: ssl/d1_enc.c ssl/s3_enc.c ssl/s3_pkt.c ssl/ssl3.h ssl/ssl_algs.c ssl/t1_enc.c
author: Ben Laurie <ben@links.org> 2013-01-28 17:31:49 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-02-05 16:50:32 +0000
commit: 35a65e814beb899fa1c69a7673a8956c6059dce7 (patch)
tree: 9c17f5efd8e81b7fee9a5d403a2371ad5f2e3af2 /crypto
parent: 7ad132b1335807d0017e2546b3a869ca77f111c3 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
index e45cee8ab0..354090f21f 100644
--- a/crypto/evp/c_allc.c
+++ b/crypto/evp/c_allc.c
@@ -194,6 +194,7 @@ void OpenSSL_add_all_ciphers(void)
 	EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
 	EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
 #endif
+#endif
 
 #ifndef OPENSSL_NO_CAMELLIA
 	EVP_add_cipher(EVP_camellia_128_ecb());
author	Ben Laurie <ben@links.org>	2013-01-28 17:31:49 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-02-05 16:50:32 +0000
commit	35a65e814beb899fa1c69a7673a8956c6059dce7 (patch)
tree	9c17f5efd8e81b7fee9a5d403a2371ad5f2e3af2 /crypto
parent	7ad132b1335807d0017e2546b3a869ca77f111c3 (diff)