diff options
author | Matt Caswell <matt@openssl.org> | 2020-08-20 15:48:05 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-09-03 09:40:52 +0100 |
commit | e08f86ddb1b4b911da55af6d7f71f00f43529e50 (patch) | |
tree | e8fc109e3ee005bf763f4597301b85b4e72c644c /ssl/s3_cbc.c | |
parent | 2e2084dac34170fe1f9e93975e5b3cdc30360a9c (diff) |
Make ssl3_cbc_digest_record() use the real data_size
Previously we passed it the data plus mac size. Now we just pass it the
data size. We already know the mac size.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
Diffstat (limited to 'ssl/s3_cbc.c')
-rw-r--r-- | ssl/s3_cbc.c | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index bffaebb0c2..94492ca293 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -36,7 +36,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md, size_t *md_out_size, const unsigned char header[13], const unsigned char *data, - size_t data_plus_mac_size, + size_t data_size, size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret, size_t mac_secret_length, char is_sslv3); @@ -161,16 +161,13 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) * md_out_size: if non-NULL, the number of output bytes is written here. * header: the 13-byte, TLS record header. * data: the record data itself, less any preceding explicit IV. - * data_plus_mac_size: the secret, reported length of the data and MAC - * once the padding has been removed. + * data_size: the secret, reported length of the data once the MAC and padding + * has been removed. * data_plus_mac_plus_padding_size: the public length of the whole - * record, including padding. + * record, including MAC and padding. * is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS. * - * On entry: by virtue of having been through one of the remove_padding - * functions, above, we know that data_plus_mac_size is large enough to contain - * a padding byte and MAC. (If the padding was invalid, it might contain the - * padding too. ) + * On entry: we know that data is data_plus_mac_plus_padding_size in length * Returns 1 on success or 0 on error */ int ssl3_cbc_digest_record(const EVP_MD *md, @@ -178,7 +175,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md, size_t *md_out_size, const unsigned char header[13], const unsigned char *data, - size_t data_plus_mac_size, + size_t data_size, size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret, size_t mac_secret_length, char is_sslv3) @@ -343,7 +340,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md, /* * mac_end_offset is the index just past the end of the data to be MACed. */ - mac_end_offset = data_plus_mac_size + header_length - md_size; + mac_end_offset = data_size + header_length; /* * c is the index of the 0x80 byte in the final hash block that contains * application data. |