diff options
| author | Matt Caswell <matt@openssl.org> | 2020-06-03 17:42:01 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-07-06 09:26:00 +0100 |
| commit | ec27e619e86c6ce4dfa905044eb4737eeba28a9d (patch) | |
| tree | 463fa1af1ce6d48b1c20f62c06fbacfbed92b68b /ssl/ssl_lib.c | |
| parent | 1b726e9b91a032298dc96ad117b23e18e1583246 (diff) | |
Move MAC removal responsibility to the various protocol "enc" functions
For CBC ciphersuites using Mac-then-encrypt we have to be careful about
removing the MAC from the record in constant time. Currently that happens
immediately before MAC verification. Instead we move this responsibility
to the various protocol "enc" functions so that MAC removal is handled at
the same time as padding removal.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
Diffstat (limited to 'ssl/ssl_lib.c')
| -rw-r--r-- | ssl/ssl_lib.c | 25 |
1 files changed, 2 insertions, 23 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index a252761ca4..c3174a7c91 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -34,51 +34,37 @@ DEFINE_STACK_OF(OCSP_RESPID) DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE) DEFINE_STACK_OF(SCT) -static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t) +static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t, + SSL_MAC_BUF *mac, size_t macsize) { - (void)r; - (void)s; - (void)t; return ssl_undefined_function(ssl); } static int ssl_undefined_function_2(SSL *ssl, SSL3_RECORD *r, unsigned char *s, int t) { - (void)r; - (void)s; - (void)t; return ssl_undefined_function(ssl); } static int ssl_undefined_function_3(SSL *ssl, unsigned char *r, unsigned char *s, size_t t, size_t *u) { - (void)r; - (void)s; - (void)t; - (void)u; return ssl_undefined_function(ssl); } static int ssl_undefined_function_4(SSL *ssl, int r) { - (void)r; return ssl_undefined_function(ssl); } static size_t ssl_undefined_function_5(SSL *ssl, const char *r, size_t s, unsigned char *t) { - (void)r; - (void)s; - (void)t; return ssl_undefined_function(ssl); } static int ssl_undefined_function_6(int r) { - (void)r; return ssl_undefined_function(NULL); } @@ -86,13 +72,6 @@ static int ssl_undefined_function_7(SSL *ssl, unsigned char *r, size_t s, const char *t, size_t u, const unsigned char *v, size_t w, int x) { - (void)r; - (void)s; - (void)t; - (void)u; - (void)v; - (void)w; - (void)x; return ssl_undefined_function(ssl); } |