summaryrefslogtreecommitdiff
path: root/ssl/ssl_locl.h
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2013-01-29 14:44:36 +0000
committerDr. Stephen Henson <steve@openssl.org>2013-02-06 14:19:08 +0000
commitc4e6fb15244e27f1e93df3f59fe37b59a784f5dc (patch)
tree19fb2aa775ca60fd53f87309e64b1c5f295493c9 /ssl/ssl_locl.h
parenta693ead6dc75455f7f5bbbd631b3a0e7ee457965 (diff)
downloadopenssl-new-c4e6fb15244e27f1e93df3f59fe37b59a784f5dc.tar.gz
Timing fix mitigation for FIPS mode.
We have to use EVP in FIPS mode so we can only partially mitigate timing differences. Make an extra call to EVP_DigestSignUpdate to hash additonal blocks to cover any timing differences caused by removal of padding. (cherry picked from commit b908e88ec15aa0a74805e3f2236fc4f83f2789c2)
Diffstat (limited to 'ssl/ssl_locl.h')
-rw-r--r--ssl/ssl_locl.h4
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 547dc760e4..134198e91b 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1297,4 +1297,8 @@ void ssl3_cbc_digest_record(
unsigned mac_secret_length,
char is_sslv3);
+void tls_fips_digest_extra(
+ const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
+ const unsigned char *data, size_t data_len, size_t orig_len);
+
#endif
View Lorry Controller Status