diff options
author | Matt Caswell <matt@openssl.org> | 2020-06-17 17:16:22 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-07-06 09:26:09 +0100 |
commit | 524cb684ac00922c4a21235a8ae2c66596893437 (patch) | |
tree | 8573cd013ac83ce9b4ba788d1c8abaf414e10b3a /ssl/t1_enc.c | |
parent | e71fd827bcff720fb47e39c69cc468da9452935d (diff) |
Make libssl start using the TLS provider CBC support
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
Diffstat (limited to 'ssl/t1_enc.c')
-rw-r--r-- | ssl/t1_enc.c | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index e929121cd2..9a6c1799f7 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -396,6 +396,38 @@ int tls1_change_cipher_state(SSL *s, int which) ERR_R_INTERNAL_ERROR); goto err; } + if (EVP_CIPHER_provider(c) != NULL) { + /* + * Provided cipher, the TLS padding/MAC removal is performed provider + * side so we need to tell the ctx about our TLS version and mac size + */ + OSSL_PARAM params[3], *pprm = params; + size_t macsize = 0; + int imacsize = -1; + + if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) == 0 + /* + * We look at s->ext.use_etm instead of SSL_READ_ETM() or + * SSL_WRITE_ETM() because this test applies to both reading + * and writing. + */ + && !s->ext.use_etm) + imacsize = EVP_MD_size(m); + if (imacsize >= 0) + macsize = (size_t)imacsize; + + *pprm++ = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION, + &s->version); + *pprm++ = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE, + &macsize); + *pprm = OSSL_PARAM_construct_end(); + + if (!EVP_CIPHER_CTX_set_params(dd, params)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; + } + } #ifndef OPENSSL_NO_KTLS if (s->compress) goto skip_ktls; |