generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/crypto/evp
History
Ben Laurie fb0a59cc58 Make CBC decoding constant time. 
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bccfc0bb9da254dc84e23bc6a1c78a64e)
2013-02-06 13:56:12 +00:00
..
.cvsignore
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
bio_b64.c
PR: 2258
2010-05-27 12:41:20 +00:00
bio_enc.c
Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy
2010-02-07 13:41:23 +00:00
bio_md.c
Backport libcrypto audit: check return values of EVP functions instead
2011-06-03 20:53:00 +00:00
bio_ok.c
Backport libcrypto audit: check return values of EVP functions instead
2011-06-03 20:53:00 +00:00
c_all.c
PR: 1974 (partial)
2009-07-01 14:55:59 +00:00
c_allc.c
Make CBC decoding constant time.
2013-02-06 13:56:12 +00:00
c_alld.c
Delete MD2 from algorithm tables and default compilation.
2009-07-08 08:50:53 +00:00
digest.c
type
2012-07-13 11:17:56 +00:00
e_aes_cbc_hmac_sha1.c
revert more "version skew" changes that break FIPS builds
2012-06-10 23:02:06 +00:00
e_aes.c
Don't require tag before ciphertext in AESGCM mode
2012-10-16 22:46:32 +00:00
e_bf.c
Make sure we get the definition of OPENSSL_NO_BF.
2003-03-20 23:28:16 +00:00
e_camellia.c
Fix C++ style comments, change assert to OPENSSL_assert, stop warning with
2006-08-31 20:56:20 +00:00
e_cast.c
Make sure we get the definition of OPENSSL_NO_CAST.
2003-03-20 23:28:27 +00:00
e_des3.c
Experimental multi-implementation support for FIPS capable OpenSSL.
2012-05-13 18:40:12 +00:00
e_des.c
Fix "possible loss of data" Win64 compiler warnings.
2008-12-29 12:35:49 +00:00
e_dsa.c
Change #include filenames from <foo.h> to <openssl.h>.
1999-04-23 22:13:45 +00:00
e_idea.c
size_t-fy EVP_CIPHER. Note that being size_t-fied it doesn't require
2008-10-31 19:48:25 +00:00
e_null.c
Experimental multi-implementation support for FIPS capable OpenSSL.
2012-05-13 18:40:12 +00:00
e_old.c
Use OPENSSL_NO_CAST, not OPENSSL_NO_CAST5 in e_old.c
2005-04-25 23:09:00 +00:00
e_rc2.c
Backport libcrypto audit: check return values of EVP functions instead
2011-06-03 20:53:00 +00:00
e_rc4_hmac_md5.c
e_rc4_hmac_md5.c: reapply commit#21726, which was erroneously omitted [from 1.0.1].
2012-04-20 21:45:21 +00:00
e_rc4.c
revert more "version skew" changes that break FIPS builds
2012-06-10 23:02:06 +00:00
e_rc5.c
Make sure we get the definition of OPENSSL_NO_RC5.
2003-03-20 23:29:26 +00:00
e_seed.c
Add SEED encryption algorithm.
2007-04-23 23:48:59 +00:00
e_xcbc_d.c
size_t-fy EVP_CIPHER. Note that being size_t-fied it doesn't require
2008-10-31 19:48:25 +00:00
encode.c
Fix warnings (From HEAD, original patch by Ben).
2010-06-15 17:25:15 +00:00
evp_acnf.c
Update obsolete email address...
2008-11-05 18:39:08 +00:00
evp_cnf.c
add missing evp_cnf.c file
2012-07-04 13:14:44 +00:00
evp_enc.c
Experimental multi-implementation support for FIPS capable OpenSSL.
2012-05-13 18:40:12 +00:00
evp_err.c
PR: 2840
2012-07-03 20:20:11 +00:00
evp_fips.c
Redirect null cipher to FIPS module.
2011-06-20 20:00:10 +00:00
evp_key.c
Backport libcrypto audit: check return values of EVP functions instead
2011-06-03 20:53:00 +00:00
evp_lib.c
Add default ASN1 handling to support FIPS.
2011-05-29 02:32:05 +00:00
evp_locl.h
undef some symbols that cause problems with make depend for fips builds
2012-01-18 01:40:36 +00:00
evp_pbe.c
Backport of password based CMS support from HEAD.
2011-10-09 15:28:02 +00:00
evp_pkey.c
Update obsolete email address...
2008-11-05 18:39:08 +00:00
evp_test.c
PR: 2588
2011-09-01 13:49:08 +00:00
evp.h
PR: 2840
2012-07-03 20:20:11 +00:00
evptests.txt
backport AES EVP ctr mode changes from HEAD
2010-11-17 17:46:23 +00:00
m_dss1.c
Reduce version skew: trivia (I hope).
2012-06-03 22:03:37 +00:00
m_dss.c
Reduce version skew: trivia (I hope).
2012-06-03 22:03:37 +00:00
m_ecdsa.c
Experimental multi-implementation support for FIPS capable OpenSSL.
2012-05-13 18:40:12 +00:00
m_md2.c
make
2005-07-16 12:37:36 +00:00
m_md4.c
revert more "version skew" changes that break FIPS builds
2012-06-10 23:02:06 +00:00
m_md5.c
revert more "version skew" changes that break FIPS builds
2012-06-10 23:02:06 +00:00
m_mdc2.c
revert more "version skew" changes that break FIPS builds
2012-06-10 23:02:06 +00:00
m_null.c
size_t-fication of message digest APIs. We should size_t-fy more APIs...
2004-05-15 11:29:55 +00:00
m_ripemd.c
revert more "version skew" changes that break FIPS builds
2012-06-10 23:02:06 +00:00
m_sha1.c
Reduce version skew: trivia (I hope).
2012-06-03 22:03:37 +00:00
m_sha.c
revert more "version skew" changes that break FIPS builds
2012-06-10 23:02:06 +00:00
m_sigver.c
Some of the MS_STATIC use in crypto/evp is a legacy from the days when
2010-11-27 17:35:56 +00:00
m_wp.c
revert more "version skew" changes that break FIPS builds
2012-06-10 23:02:06 +00:00
Makefile
make update
2013-01-15 16:24:07 +00:00
names.c
Add RC4-MD5 and AESNI-SHA1 "stitched" implementations [from HEAD].
2011-08-23 20:53:34 +00:00
openbsd_hw.c
This changes EVP's cipher and digest code to hook via the ENGINE support.
2001-09-25 21:37:02 +00:00
p5_crpt2.c
Fix warnings.
2011-12-02 14:39:41 +00:00
p5_crpt.c
fix leak
2012-03-22 16:28:21 +00:00
p_dec.c
Initial DSA EVP_PKEY_METHOD. Fixup some error codes.
2006-04-12 10:20:47 +00:00
p_enc.c
Initial DSA EVP_PKEY_METHOD. Fixup some error codes.
2006-04-12 10:20:47 +00:00
p_lib.c
recognise X9.42 DH certificates on servers
2012-04-18 17:03:45 +00:00
p_open.c
Backport libcrypto audit: check return values of EVP functions instead
2011-06-03 20:53:00 +00:00
p_seal.c
Backport libcrypto audit: check return values of EVP functions instead
2011-06-03 20:53:00 +00:00
p_sign.c
Reduce version skew: trivia (I hope).
2012-06-03 22:03:37 +00:00
p_verify.c
Reduce version skew: trivia (I hope).
2012-06-03 22:03:37 +00:00
pmeth_fn.c
Updates from HEAD.
2009-06-16 16:39:20 +00:00
pmeth_gn.c
constify EVP_PKEY_new_mac_key()
2010-11-24 13:14:03 +00:00
pmeth_lib.c
Initial experimental support for X9.42 DH parameter format to handle
2012-04-07 20:22:11 +00:00