diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2013-01-29 14:44:36 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-02-06 14:19:08 +0000 |
commit | c4e6fb15244e27f1e93df3f59fe37b59a784f5dc (patch) | |
tree | 19fb2aa775ca60fd53f87309e64b1c5f295493c9 /ssl/ssl_locl.h | |
parent | a693ead6dc75455f7f5bbbd631b3a0e7ee457965 (diff) | |
download | openssl-new-c4e6fb15244e27f1e93df3f59fe37b59a784f5dc.tar.gz |
Timing fix mitigation for FIPS mode.
We have to use EVP in FIPS mode so we can only partially mitigate
timing differences.
Make an extra call to EVP_DigestSignUpdate to hash additonal blocks
to cover any timing differences caused by removal of padding.
(cherry picked from commit b908e88ec15aa0a74805e3f2236fc4f83f2789c2)
Diffstat (limited to 'ssl/ssl_locl.h')
-rw-r--r-- | ssl/ssl_locl.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 547dc760e4..134198e91b 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1297,4 +1297,8 @@ void ssl3_cbc_digest_record( unsigned mac_secret_length, char is_sslv3); +void tls_fips_digest_extra( + const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx, + const unsigned char *data, size_t data_len, size_t orig_len); + #endif |