diff options
author | Matt Caswell <matt@openssl.org> | 2020-06-03 17:42:01 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-07-06 09:26:00 +0100 |
commit | ec27e619e86c6ce4dfa905044eb4737eeba28a9d (patch) | |
tree | 463fa1af1ce6d48b1c20f62c06fbacfbed92b68b /ssl/ssl_local.h | |
parent | 1b726e9b91a032298dc96ad117b23e18e1583246 (diff) |
Move MAC removal responsibility to the various protocol "enc" functions
For CBC ciphersuites using Mac-then-encrypt we have to be careful about
removing the MAC from the record in constant time. Currently that happens
immediately before MAC verification. Instead we move this responsibility
to the various protocol "enc" functions so that MAC removal is handled at
the same time as padding removal.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
Diffstat (limited to 'ssl/ssl_local.h')
-rw-r--r-- | ssl/ssl_local.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 58bc1f99c4..17b856fabc 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2069,7 +2069,7 @@ typedef struct cert_st { * of a mess of functions, but hell, think of it as an opaque structure :-) */ typedef struct ssl3_enc_method { - int (*enc) (SSL *, SSL3_RECORD *, size_t, int); + int (*enc) (SSL *, SSL3_RECORD *, size_t, int, SSL_MAC_BUF *, size_t); int (*mac) (SSL *, SSL3_RECORD *, unsigned char *, int); int (*setup_key_block) (SSL *); int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *, |