generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/crypto/evp
History
Ben Laurie e5420be6cd Make CBC decoding constant time. 
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bccfc0bb9da254dc84e23bc6a1c78a64e)

Conflicts:
	crypto/evp/c_allc.c
	ssl/ssl_algs.c
	ssl/ssl_locl.h
	ssl/t1_enc.c
2013-02-05 16:46:16 +00:00
..
.cvsignore
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
bio_b64.c
PR: 2258
2010-05-27 12:41:20 +00:00
bio_enc.c
Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy
2010-02-07 13:41:23 +00:00
bio_md.c
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
2009-03-18 18:53:08 +00:00
bio_ok.c
Fix compiler warnings in crypto/evp/bio_ok.c as pointed out by Geoff.
2004-08-29 16:19:27 +00:00
c_all.c
PR: 1974 (partial)
2009-07-01 14:55:59 +00:00
c_allc.c
Make CBC decoding constant time.
2013-02-05 16:46:16 +00:00
c_alld.c
Delete MD2 from algorithm tables and default compilation.
2009-07-08 08:50:53 +00:00
digest.c
Fix memory leak: free up ENGINE functional reference if digest is not
2010-03-05 13:33:43 +00:00
e_aes.c
Add the missing parts for DES CFB1 and CFB8.
2004-01-28 19:05:35 +00:00
e_bf.c
Make sure we get the definition of OPENSSL_NO_BF.
2003-03-20 23:28:16 +00:00
e_camellia.c
Fix C++ style comments, change assert to OPENSSL_assert, stop warning with
2006-08-31 20:56:20 +00:00
e_cast.c
Make sure we get the definition of OPENSSL_NO_CAST.
2003-03-20 23:28:27 +00:00
e_des3.c
Fix "possible loss of data" Win64 compiler warnings.
2008-12-29 12:35:49 +00:00
e_des.c
Fix "possible loss of data" Win64 compiler warnings.
2008-12-29 12:35:49 +00:00
e_dsa.c
Change #include filenames from <foo.h> to <openssl.h>.
1999-04-23 22:13:45 +00:00
e_idea.c
size_t-fy EVP_CIPHER. Note that being size_t-fied it doesn't require
2008-10-31 19:48:25 +00:00
e_null.c
size_t-fy EVP_CIPHER. Note that being size_t-fied it doesn't require
2008-10-31 19:48:25 +00:00
e_old.c
Use OPENSSL_NO_CAST, not OPENSSL_NO_CAST5 in e_old.c
2005-04-25 23:09:00 +00:00
e_rc2.c
Fix a variety of warnings generated by some elevated compiler-fascism,
2008-03-16 21:05:46 +00:00
e_rc4.c
size_t-fy EVP_CIPHER. Note that being size_t-fied it doesn't require
2008-10-31 19:48:25 +00:00
e_rc5.c
Make sure we get the definition of OPENSSL_NO_RC5.
2003-03-20 23:29:26 +00:00
e_seed.c
Add SEED encryption algorithm.
2007-04-23 23:48:59 +00:00
e_xcbc_d.c
size_t-fy EVP_CIPHER. Note that being size_t-fied it doesn't require
2008-10-31 19:48:25 +00:00
encode.c
Fix warnings (From HEAD, original patch by Ben).
2010-06-15 17:25:15 +00:00
evp_acnf.c
Update obsolete email address...
2008-11-05 18:39:08 +00:00
evp_enc.c
PR: 2295
2010-10-11 23:24:51 +00:00
evp_err.c
Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy
2010-02-07 13:41:23 +00:00
evp_key.c
PR: 1904
2010-03-27 19:27:51 +00:00
evp_lib.c
Add flags functions which were added to 0.9.8 for fips but not 1.0.0 and
2010-01-26 14:33:52 +00:00
evp_locl.h
Revert CFB block length change. Despite what SP800-38a says the input to
2010-02-26 14:41:48 +00:00
evp_pbe.c
PR: 2127
2009-12-17 15:28:45 +00:00
evp_pkey.c
Update obsolete email address...
2008-11-05 18:39:08 +00:00
evp_test.c
PR: 2588
2011-09-01 13:48:57 +00:00
evp.h
PR: 1904
2010-03-27 19:27:51 +00:00
evptests.txt
Add SEED encryption algorithm.
2007-04-23 23:48:59 +00:00
m_dss1.c
Remove link between digests and signature algorithms.
2006-04-19 17:05:59 +00:00
m_dss.c
Remove link between digests and signature algorithms.
2006-04-19 17:05:59 +00:00
m_ecdsa.c
Remove link between digests and signature algorithms.
2006-04-19 17:05:59 +00:00
m_md2.c
make
2005-07-16 12:37:36 +00:00
m_md4.c
make
2005-07-16 12:37:36 +00:00
m_md5.c
make
2005-07-16 12:37:36 +00:00
m_mdc2.c
PR: 2161
2010-02-02 13:36:05 +00:00
m_null.c
size_t-fication of message digest APIs. We should size_t-fy more APIs...
2004-05-15 11:29:55 +00:00
m_ripemd.c
make
2005-07-16 12:37:36 +00:00
m_sha1.c
And so it begins...
2008-03-12 21:14:28 +00:00
m_sha.c
make
2005-07-16 12:37:36 +00:00
m_sigver.c
Some of the MS_STATIC use in crypto/evp is a legacy from the days when
2010-11-27 17:34:57 +00:00
m_wp.c
Add Whirlpool to EVP.
2005-11-30 20:57:23 +00:00
Makefile
make update
2010-12-02 18:26:12 +00:00
names.c
don't add digest alias if signature algorithm is undefined
2010-03-06 20:47:45 +00:00
openbsd_hw.c
This changes EVP's cipher and digest code to hook via the ENGINE support.
2001-09-25 21:37:02 +00:00
p5_crpt2.c
If we're going to return errors (no matter how stupid), then we should
2008-12-29 16:11:58 +00:00
p5_crpt.c
If we're going to return errors (no matter how stupid), then we should
2008-12-29 16:11:58 +00:00
p_dec.c
Initial DSA EVP_PKEY_METHOD. Fixup some error codes.
2006-04-12 10:20:47 +00:00
p_enc.c
Initial DSA EVP_PKEY_METHOD. Fixup some error codes.
2006-04-12 10:20:47 +00:00
p_lib.c
PR: 2385
2010-11-30 19:37:33 +00:00
p_open.c
Revert the size_t modifications from HEAD that had led to more
2008-11-12 03:58:08 +00:00
p_seal.c
Initial functions for main EVP_PKEY_METHOD operations.
2006-04-07 16:42:09 +00:00
p_sign.c
Some of the MS_STATIC use in crypto/evp is a legacy from the days when
2010-11-27 17:34:57 +00:00
p_verify.c
Some of the MS_STATIC use in crypto/evp is a legacy from the days when
2010-11-27 17:34:57 +00:00
pmeth_fn.c
Updates from HEAD.
2009-06-16 16:39:20 +00:00
pmeth_gn.c
Update obsolete email address...
2008-11-05 18:39:08 +00:00
pmeth_lib.c
If EVP_PKEY structure contains an ENGINE the key is ENGINE specific and
2010-11-16 12:11:15 +00:00