generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues.

Browse Source 
Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch.
(cherry picked from commit 125093b59f)
This commit is contained in:
Andy Polyakov
2013-02-02 19:29:59 +01:00
committed by Dr. Stephen Henson
parent 2aec073a52
commit 9970308c88
4 changed files with 208 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/ssl_algs.c
View File

@@ -90,12 +90,10 @@ int SSL_library_init(void)
EVP_add_cipher(EVP_aes_256_cbc());
EVP_add_cipher(EVP_aes_128_gcm());
EVP_add_cipher(EVP_aes_256_gcm());
#if 0 /* Disabled because of timing side-channel leaks. */
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
#endif
#endif
#endif
#ifndef OPENSSL_NO_CAMELLIA