Make CBC decoding constant time.

[openssl.git] / crypto / evp / c_allc.c

diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
index 8765cfbf92f06acf7ac11af45e467a658fd1043d..e230e6081e3ccf8ff5d99a6088c164d63ce11499 100644 (file)
--- a/crypto/evp/c_allc.c
+++ b/crypto/evp/c_allc.c
@@ -171,6 +171,7 @@ void OpenSSL_add_all_ciphers(void)
        EVP_add_cipher(EVP_aes_128_ofb());
        EVP_add_cipher(EVP_aes_128_ctr());
        EVP_add_cipher(EVP_aes_128_gcm());
+       EVP_add_cipher(EVP_aes_128_xts());
        EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");
        EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");
        EVP_add_cipher(EVP_aes_192_ecb());
@@ -191,13 +192,16 @@ void OpenSSL_add_all_ciphers(void)
        EVP_add_cipher(EVP_aes_256_ofb());
        EVP_add_cipher(EVP_aes_256_ctr());
        EVP_add_cipher(EVP_aes_256_gcm());
+       EVP_add_cipher(EVP_aes_256_xts());
        EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
        EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
+#if 0  /* Disabled because of timing side-channel leaks. */
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
        EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
        EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
 #endif
 #endif
+#endif
 
 #ifndef OPENSSL_NO_CAMELLIA
        EVP_add_cipher(EVP_camellia_128_ecb());