generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
35a65e814beb899fa1c69a7673a8956c6059dce7
openssl/crypto/evp
History
Ben Laurie 35a65e814b Make CBC decoding constant time. 
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bcc)

Conflicts:
	crypto/evp/c_allc.c
	ssl/ssl_algs.c
	ssl/ssl_locl.h
	ssl/t1_enc.c
(cherry picked from commit 3622239826698a0e534dcf0473204c724bb9b4b4)

Conflicts:
	ssl/d1_enc.c
	ssl/s3_enc.c
	ssl/s3_pkt.c
	ssl/ssl3.h
	ssl/ssl_algs.c
	ssl/t1_enc.c
2013-02-05 16:50:32 +00:00
..
.cvsignore
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
bio_b64.c
PR: 2258
2010-05-27 12:41:33 +00:00
bio_enc.c
Increase offset for BIO_f_enc() to avoid problems with overlapping buffers
2005-04-28 00:21:29 +00:00
bio_md.c
Merge EVP changes in from FIPS branch.
2008-09-15 22:21:42 +00:00
bio_ok.c
Fix compiler warnings in crypto/evp/bio_ok.c as pointed out by Geoff.
2004-08-29 16:19:27 +00:00
c_all.c
OPENSSL_ia32cap final touches. Note that OPENSSL_ia32cap is no longer a
2004-08-29 16:36:05 +00:00
c_allc.c
Make CBC decoding constant time.
2013-02-05 16:50:32 +00:00
c_alld.c
Remove MD2 from digest algorithm table. This follows the recommendation in
2009-07-08 08:33:27 +00:00
dig_eng.c
Merge EVP changes in from FIPS branch.
2008-09-15 22:21:42 +00:00
digest.c
Fix memory leak: free up ENGINE functional reference if digest is not
2010-03-05 13:35:06 +00:00
e_aes.c
Merge EVP changes in from FIPS branch.
2008-09-15 22:21:42 +00:00
e_bf.c
Make sure we get the definition of OPENSSL_NO_BF.
2003-03-20 23:28:16 +00:00
e_camellia.c
Make camellia work with updated EVP macros.
2008-09-21 10:24:08 +00:00
e_cast.c
Make sure we get the definition of OPENSSL_NO_CAST.
2003-03-20 23:28:27 +00:00
e_des3.c
Make -DKSSL_DEBUG work again.
2008-11-10 18:55:07 +00:00
e_des.c
Merge EVP changes in from FIPS branch.
2008-09-15 22:21:42 +00:00
e_dsa.c
Change #include filenames from <foo.h> to <openssl.h>.
1999-04-23 22:13:45 +00:00
e_idea.c
Make sure we get the definition of OPENSSL_NO_IDEA.
2003-03-20 23:28:55 +00:00
e_null.c
Merge EVP changes in from FIPS branch.
2008-09-15 22:21:42 +00:00
e_old.c
Use OPENSSL_NO_CAST, not OPENSSL_NO_CAST5 in e_old.c
2005-04-25 23:09:00 +00:00
e_rc2.c
A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
2003-10-29 20:24:15 +00:00
e_rc4.c
Merge EVP changes in from FIPS branch.
2008-09-15 22:21:42 +00:00
e_rc5.c
Make sure we get the definition of OPENSSL_NO_RC5.
2003-03-20 23:29:26 +00:00
e_seed.c
Fix warnings: C++ comments and computed value not used.
2007-07-04 12:56:33 +00:00
e_xcbc_d.c
fix warnings when building openssl with (gcc 3.3.1):
2005-08-28 23:20:52 +00:00
enc_min.c
PR: 2295
2010-10-11 23:28:54 +00:00
encode.c
Fix gcc 4.6 warnings. Check TLS server hello extension length.
2010-06-12 13:18:58 +00:00
evp_acnf.c
Change old obsolete email address...
2008-11-05 18:36:57 +00:00
evp_cnf.c
Don't attempt to enter FIPS mode in autoconfig module if already in FIPS mode.
2008-11-11 12:52:14 +00:00
evp_enc.c
Oops, restore change that got reverted accidentally.
2008-09-15 22:32:23 +00:00
evp_err.c
Merge EVP changes in from FIPS branch.
2008-09-15 22:21:42 +00:00
evp_key.c
Update from HEAD.
2006-03-01 21:17:50 +00:00
evp_lib.c
Traditional Yuletide commit ;-)
2009-12-25 14:11:18 +00:00
evp_locl.h
Revert CFB block length change. Despite what SP800-38a says the input to
2010-02-26 14:41:38 +00:00
evp_pbe.c
initialise pbe_tmp
2010-07-08 16:51:48 +00:00
evp_pkey.c
Change old obsolete email address...
2008-11-05 18:36:57 +00:00
evp_test.c
PR: 2588
2011-09-01 13:48:48 +00:00
evp.h
Make update: delete duplicate error code.
2008-09-17 17:11:09 +00:00
evptests.txt
Add SEED encryption algorithm.
2007-04-23 23:50:26 +00:00
m_dss1.c
Merge EVP changes in from FIPS branch.
2008-09-15 22:21:42 +00:00
m_dss.c
Merge EVP changes in from FIPS branch.
2008-09-15 22:21:42 +00:00
m_ecdsa.c
size_t-fication of message digest APIs. We should size_t-fy more APIs...
2004-05-15 11:29:55 +00:00
m_md2.c
Merge EVP changes in from FIPS branch.
2008-09-15 22:21:42 +00:00
m_md4.c
Merge EVP changes in from FIPS branch.
2008-09-15 22:21:42 +00:00
m_md5.c
Merge EVP changes in from FIPS branch.
2008-09-15 22:21:42 +00:00
m_mdc2.c
Merge EVP changes in from FIPS branch.
2008-09-15 22:21:42 +00:00
m_null.c
size_t-fication of message digest APIs. We should size_t-fy more APIs...
2004-05-15 11:29:55 +00:00
m_ripemd.c
make
2005-07-16 11:13:10 +00:00
m_sha1.c
Merge EVP changes in from FIPS branch.
2008-09-15 22:21:42 +00:00
m_sha.c
Merge EVP changes in from FIPS branch.
2008-09-15 22:21:42 +00:00
Makefile
Make update: delete duplicate error code.
2008-09-17 17:11:09 +00:00
names.c
don't add digest alias if signature algorithm is undefined
2010-03-06 20:52:33 +00:00
openbsd_hw.c
This changes EVP's cipher and digest code to hook via the ENGINE support.
2001-09-25 21:37:02 +00:00
p5_crpt2.c
Change old obsolete email address...
2008-11-05 18:36:57 +00:00
p5_crpt.c
Change old obsolete email address...
2008-11-05 18:36:57 +00:00
p_dec.c
Constify d2i, s2i, c2i and r2i functions and other associated
2004-03-15 23:15:26 +00:00
p_enc.c
Constify d2i, s2i, c2i and r2i functions and other associated
2004-03-15 23:15:26 +00:00
p_lib.c
make
2005-07-16 11:13:10 +00:00
p_open.c
(oops) Apologies all, that last header-cleanup commit was from the wrong
2004-04-19 18:09:28 +00:00
p_seal.c
Enhance EVP code to generate random symmetric keys of the
2004-03-28 17:38:00 +00:00
p_sign.c
../comm.txt
2010-11-27 17:33:34 +00:00
p_verify.c
../comm.txt
2010-11-27 17:33:34 +00:00