diff options
author | Matt Caswell <matt@openssl.org> | 2020-07-30 12:02:06 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-09-03 09:40:52 +0100 |
commit | 3fddbb264e87a8cef2903cbd7b02b8e1a39a2a99 (patch) | |
tree | c73b3bb141d21a739ae8faedcaf090e07a4fcba6 /ssl/record | |
parent | b48ca22a56553f285d91da0ac9399fd5efd54589 (diff) |
Add an HMAC implementation that is TLS aware
The TLS HMAC implementation should take care to calculate the MAC in
constant time in the case of MAC-Then-Encrypt where we have a variable
amount of padding.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
Diffstat (limited to 'ssl/record')
-rw-r--r-- | ssl/record/ssl3_record.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 634052d342..70707da691 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1362,7 +1362,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) header[j++] = (unsigned char)(rec->length & 0xff); /* Final param == is SSLv3 */ - if (ssl3_cbc_digest_record(ssl, hash, + if (ssl3_cbc_digest_record(EVP_MD_CTX_md(hash), md, &md_size, header, rec->input, rec->length + md_size, rec->orig_len, @@ -1473,7 +1473,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) * are hashing because that gives an attacker a timing-oracle. */ /* Final param == not SSLv3 */ - if (ssl3_cbc_digest_record(ssl, mac_ctx, + if (ssl3_cbc_digest_record(EVP_MD_CTX_md(mac_ctx), md, &md_size, header, rec->input, rec->length + md_size, rec->orig_len, |