Timing fix mitigation for FIPS mode.

We have to use EVP in FIPS mode so we can only partially mitigate timing differences. Make an extra call to EVP_DigestSignUpdate to hash additonal blocks to cover any timing differences caused by removal of padding. (cherry picked from commit b908e88ec15aa0a74805e3f2236fc4f83f2789c2)
author: Dr. Stephen Henson <steve@openssl.org> 2013-01-29 14:44:36 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-02-06 13:56:13 +0000
commit: d91d9acc584dc25f39d5cc402a27ad9c8bb77535 (patch)
tree: b4f3dd53c71ba885ec5ea7812433edafe034a973 /ssl/ssl_locl.h
parent: 820988a0c09e53a2bae7a8b1464cd962661e0198 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 274803b101..f32bd5f0b9 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1299,4 +1299,8 @@ void ssl3_cbc_digest_record(
 	unsigned mac_secret_length,
 	char is_sslv3);
 
+void tls_fips_digest_extra(
+	const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
+	const unsigned char *data, size_t data_len, size_t orig_len);
+
 #endif
author	Dr. Stephen Henson <steve@openssl.org>	2013-01-29 14:44:36 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-02-06 13:56:13 +0000
commit	d91d9acc584dc25f39d5cc402a27ad9c8bb77535 (patch)
tree	b4f3dd53c71ba885ec5ea7812433edafe034a973 /ssl/ssl_locl.h
parent	820988a0c09e53a2bae7a8b1464cd962661e0198 (diff)