Start using the provider side TLS HMAC implementation

This commit just moves the TLS1 and above implementation to use the TLS HMAC implementation in the providers. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12732)
author: Matt Caswell <matt@openssl.org> 2020-07-30 13:16:39 +0100
committer: Matt Caswell <matt@openssl.org> 2020-09-03 09:40:52 +0100
commit: 2e2084dac34170fe1f9e93975e5b3cdc30360a9c (patch)
tree: ddffa939a515c01ffc521099766f76b5bdb8e831 /ssl/record
parent: 3fddbb264e87a8cef2903cbd7b02b8e1a39a2a99 (diff)
1 files changed, 18 insertions, 24 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 70707da691..6708a83241 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -1465,31 +1465,25 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
     header[12] = (unsigned char)(rec->length & 0xff);
 
     if (!sending && !SSL_READ_ETM(ssl) &&
-        EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
-        ssl3_cbc_record_digest_supported(mac_ctx)) {
-        /*
-         * This is a CBC-encrypted record. We must avoid leaking any
-         * timing-side channel information about how many blocks of data we
-         * are hashing because that gives an attacker a timing-oracle.
-         */
-        /* Final param == not SSLv3 */
-        if (ssl3_cbc_digest_record(EVP_MD_CTX_md(mac_ctx),
-                                   md, &md_size,
-                                   header, rec->input,
-                                   rec->length + md_size, rec->orig_len,
-                                   ssl->s3.read_mac_secret,
-                                   ssl->s3.read_mac_secret_size, 0) <= 0) {
-            EVP_MD_CTX_free(hmac);
-            return 0;
-        }
-    } else {
-        /* TODO(size_t): Convert these calls */
-        if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
-            || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
-            || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
-            EVP_MD_CTX_free(hmac);
+            EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+            ssl3_cbc_record_digest_supported(mac_ctx)) {
+        OSSL_PARAM tls_hmac_params[2], *p = tls_hmac_params;
+
+        *p++ = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_TLS_DATA_SIZE,
+                                           &rec->orig_len);
+        *p++ = OSSL_PARAM_construct_end();
+
+        if (!EVP_PKEY_CTX_set_params(EVP_MD_CTX_pkey_ctx(mac_ctx),
+                                     tls_hmac_params))
             return 0;
-        }
+    }
+
+    /* TODO(size_t): Convert these calls */
+    if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
+        || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
+        || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
+        EVP_MD_CTX_free(hmac);
+        return 0;
     }
 
     EVP_MD_CTX_free(hmac);
author	Matt Caswell <matt@openssl.org>	2020-07-30 13:16:39 +0100
committer	Matt Caswell <matt@openssl.org>	2020-09-03 09:40:52 +0100
commit	2e2084dac34170fe1f9e93975e5b3cdc30360a9c (patch)
tree	ddffa939a515c01ffc521099766f76b5bdb8e831 /ssl/record
parent	3fddbb264e87a8cef2903cbd7b02b8e1a39a2a99 (diff)