generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make CBC decoding constant time.

Browse Source 
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bcc)

Conflicts:
	crypto/evp/c_allc.c
	ssl/ssl_algs.c
	ssl/ssl_locl.h
	ssl/t1_enc.c
This commit is contained in:
Ben Laurie
2013-01-28 17:31:49 +00:00
committed by Dr. Stephen Henson
parent 9c00a95060
commit e5420be6cd
9 changed files with 214 additions and 188 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/ssl_algs.c
View File

@@ -86,6 +86,8 @@ int SSL_library_init(void)
EVP_add_cipher(EVP_aes_192_cbc());
EVP_add_cipher(EVP_aes_256_cbc());
#endif
#endif
#ifndef OPENSSL_NO_CAMELLIA
EVP_add_cipher(EVP_camellia_128_cbc());
EVP_add_cipher(EVP_camellia_256_cbc());