git.openssl.org Git - openssl.git/commit

author	Ben Laurie <ben@links.org>
	Mon, 28 Jan 2013 17:31:49 +0000 (17:31 +0000)
committer	Ben Laurie <ben@links.org>
	Mon, 28 Jan 2013 17:31:49 +0000 (17:31 +0000)
commit	e130841bccfc0bb9da254dc84e23bc6a1c78a64e
tree	025095b97a98c1bfac9ad6eb32a3b4a23a5a1d81	tree \| snapshot
parent	2ee798880a246d648ecddadc5b91367bee4a5d98	commit \| diff

Make CBC decoding constant time.

This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.

crypto/evp/c_allc.c		diff \| blob \| history
ssl/Makefile		diff \| blob \| history
ssl/d1_enc.c		diff \| blob \| history
ssl/s3_enc.c		diff \| blob \| history
ssl/s3_pkt.c		diff \| blob \| history
ssl/ssl3.h		diff \| blob \| history
ssl/ssl_algs.c		diff \| blob \| history
ssl/ssl_locl.h		diff \| blob \| history
ssl/t1_enc.c		diff \| blob \| history