Start using the provider side TLS HMAC implementation

This commit just moves the TLS1 and above implementation to use the TLS
HMAC implementation in the providers.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)

1 files changed, 4 insertions, 4 deletions

diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c
index f32841152a..3376395a17 100644
--- a/providers/implementations/macs/hmac_prov.c
+++ b/providers/implementations/macs/hmac_prov.c
@@ -51,7 +51,7 @@ struct hmac_data_st {
     PROV_DIGEST digest;
     unsigned char *key;
     size_t keylen;
-    /* Length of TLS data including the MAC but excluding padding */
+    /* Length of full TLS record including the MAC and any padding */
     size_t tls_data_size;
     unsigned char tls_header[13];
     int tls_header_set;
@@ -166,8 +166,8 @@ static int hmac_update(void *vmacctx, const unsigned char *data,
             macctx->tls_header_set = 1;
             return 1;
         }
-        /* datalen is macctx->tls_data_size plus the padding length */
-        if (datalen < macctx->tls_data_size)
+        /* macctx->tls_data_size is datalen plus the padding length */
+        if (macctx->tls_data_size < datalen)
             return 0;
 
         return ssl3_cbc_digest_record(ossl_prov_digest_md(&macctx->digest),
@@ -175,8 +175,8 @@ static int hmac_update(void *vmacctx, const unsigned char *data,
                                       &macctx->tls_mac_out_size,
                                       macctx->tls_header,
                                       data,
-                                      macctx->tls_data_size,
                                       datalen,
+                                      macctx->tls_data_size,
                                       macctx->key,
                                       macctx->keylen,
                                       0);