summaryrefslogtreecommitdiffstats
path: root/ssl/ssl_local.h
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2020-06-03 17:42:01 +0100
committerMatt Caswell <matt@openssl.org>2020-07-06 09:26:00 +0100
commitec27e619e86c6ce4dfa905044eb4737eeba28a9d (patch)
tree463fa1af1ce6d48b1c20f62c06fbacfbed92b68b /ssl/ssl_local.h
parent1b726e9b91a032298dc96ad117b23e18e1583246 (diff)
Move MAC removal responsibility to the various protocol "enc" functions
For CBC ciphersuites using Mac-then-encrypt we have to be careful about removing the MAC from the record in constant time. Currently that happens immediately before MAC verification. Instead we move this responsibility to the various protocol "enc" functions so that MAC removal is handled at the same time as padding removal. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12288)
Diffstat (limited to 'ssl/ssl_local.h')
-rw-r--r--ssl/ssl_local.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 58bc1f99c4..17b856fabc 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -2069,7 +2069,7 @@ typedef struct cert_st {
* of a mess of functions, but hell, think of it as an opaque structure :-)
*/
typedef struct ssl3_enc_method {
- int (*enc) (SSL *, SSL3_RECORD *, size_t, int);
+ int (*enc) (SSL *, SSL3_RECORD *, size_t, int, SSL_MAC_BUF *, size_t);
int (*mac) (SSL *, SSL3_RECORD *, unsigned char *, int);
int (*setup_key_block) (SSL *);
int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *,