generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/crypto/evp
History
Ben Laurie 2acc020b77 Make CBC decoding constant time. 
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bccfc0bb9da254dc84e23bc6a1c78a64e)
2013-02-06 14:19:07 +00:00
..
.cvsignore
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
bio_b64.c
PR: 2258
2010-05-27 12:41:05 +00:00
bio_enc.c
Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy
2010-02-07 13:39:39 +00:00
bio_md.c
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
bio_ok.c
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
c_all.c
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
c_allc.c
Make CBC decoding constant time.
2013-02-06 14:19:07 +00:00
c_alld.c
Delete MD2 from algorithm tables as in 0.9.8-stable. However since this is
2009-07-08 08:49:17 +00:00
digest.c
Fix memory leak: free up ENGINE functional reference if digest is not
2010-03-05 13:33:21 +00:00
e_aes_cbc_hmac_sha1.c
e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag
2012-04-15 14:14:22 +00:00
e_aes.c
AES for SPARC T4: add XTS, reorder subroutines to improve TLB locality.
2012-11-24 21:55:23 +00:00
e_bf.c
Make sure we get the definition of OPENSSL_NO_BF.
2003-03-20 23:28:16 +00:00
e_camellia.c
correct error function code
2012-11-05 13:34:29 +00:00
e_cast.c
Make sure we get the definition of OPENSSL_NO_CAST.
2003-03-20 23:28:27 +00:00
e_des3.c
Extensive reorganisation of PRNG handling in FIPS module: all calls
2011-04-05 15:24:10 +00:00
e_des.c
Fix "possible loss of data" Win64 compiler warnings.
2008-12-29 12:35:49 +00:00
e_dsa.c
Change #include filenames from <foo.h> to <openssl.h>.
1999-04-23 22:13:45 +00:00
e_idea.c
size_t-fy EVP_CIPHER. Note that being size_t-fied it doesn't require
2008-10-31 19:48:25 +00:00
e_null.c
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
e_old.c
Use OPENSSL_NO_CAST, not OPENSSL_NO_CAST5 in e_old.c
2005-04-25 23:09:00 +00:00
e_rc2.c
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
e_rc4_hmac_md5.c
Revert random changes from commit#22606.
2012-06-04 22:12:10 +00:00
e_rc4.c
size_t-fy EVP_CIPHER. Note that being size_t-fied it doesn't require
2008-10-31 19:48:25 +00:00
e_rc5.c
Make sure we get the definition of OPENSSL_NO_RC5.
2003-03-20 23:29:26 +00:00
e_seed.c
Add SEED encryption algorithm.
2007-04-23 23:48:59 +00:00
e_xcbc_d.c
size_t-fy EVP_CIPHER. Note that being size_t-fied it doesn't require
2008-10-31 19:48:25 +00:00
encode.c
Fix warnings.
2010-06-12 14:13:23 +00:00
evp_acnf.c
Update obsolete email address...
2008-11-05 18:39:08 +00:00
evp_cnf.c
add missing evp_cnf.c file
2012-07-04 13:15:10 +00:00
evp_enc.c
only cleanup ctx if we need to, save ctx flags when we do
2012-02-10 16:55:17 +00:00
evp_err.c
correct error function code
2012-11-05 13:34:29 +00:00
evp_key.c
PR: 1904
2010-03-27 19:31:55 +00:00
evp_lib.c
Use default ASN1 if flag set.
2011-02-07 12:47:16 +00:00
evp_locl.h
FIPS mode EVP changes:
2011-01-26 15:25:33 +00:00
evp_pbe.c
PR: 2127
2009-12-17 15:27:57 +00:00
evp_pkey.c
Update obsolete email address...
2008-11-05 18:39:08 +00:00
evp_test.c
PR: 2588
2011-09-01 13:49:16 +00:00
evp.h
correct error function code
2012-11-05 13:34:29 +00:00
evptests.txt
Add AES counter mode to EVP.
2010-02-23 16:48:41 +00:00
m_dss1.c
Remove x509.h from SHA1 clone digests, update dependencies.
2011-06-10 13:52:44 +00:00
m_dss.c
Update dependencies for m_dss.c too.
2011-06-10 14:00:02 +00:00
m_ecdsa.c
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
m_md2.c
make
2005-07-16 12:37:36 +00:00
m_md4.c
make
2005-07-16 12:37:36 +00:00
m_md5.c
make
2005-07-16 12:37:36 +00:00
m_mdc2.c
PR: 2161
2010-02-02 13:35:27 +00:00
m_null.c
size_t-fication of message digest APIs. We should size_t-fy more APIs...
2004-05-15 11:29:55 +00:00
m_ripemd.c
make
2005-07-16 12:37:36 +00:00
m_sha1.c
Remove unnecessary dependencies.
2011-02-21 17:35:53 +00:00
m_sha.c
make
2005-07-16 12:37:36 +00:00
m_sigver.c
Some of the MS_STATIC use in crypto/evp is a legacy from the days when
2010-11-27 17:37:03 +00:00
m_wp.c
Add Whirlpool to EVP.
2005-11-30 20:57:23 +00:00
Makefile
Make "make depend" work on MacOS out of the box.
2013-01-19 14:14:30 +00:00
names.c
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
openbsd_hw.c
This changes EVP's cipher and digest code to hook via the ENGINE support.
2001-09-25 21:37:02 +00:00
p5_crpt2.c
Fix warnings (note that gcc 4.2 has a bug that makes one of its
2010-02-28 14:22:56 +00:00
p5_crpt.c
fix leak
2012-03-22 16:28:07 +00:00
p_dec.c
Initial DSA EVP_PKEY_METHOD. Fixup some error codes.
2006-04-12 10:20:47 +00:00
p_enc.c
Initial DSA EVP_PKEY_METHOD. Fixup some error codes.
2006-04-12 10:20:47 +00:00
p_lib.c
recognise X9.42 DH certificates on servers
2012-04-18 17:03:29 +00:00
p_open.c
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
p_seal.c
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
p_sign.c
Some of the MS_STATIC use in crypto/evp is a legacy from the days when
2010-11-27 17:37:03 +00:00
p_verify.c
Some of the MS_STATIC use in crypto/evp is a legacy from the days when
2010-11-27 17:37:03 +00:00
pmeth_fn.c
Submitted by: Artem Chuprina <ran@cryptocom.ru>
2009-06-16 16:38:47 +00:00
pmeth_gn.c
constify EVP_PKEY_new_mac_key()
2010-11-24 13:13:49 +00:00
pmeth_lib.c
Initial experimental support for X9.42 DH parameter format to handle
2011-12-07 00:32:34 +00:00