diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2013-01-31 14:35:34 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2013-02-05 16:50:34 +0000 |
| commit | 924b11742296c13816a9f301e76fea023003920c (patch) | |
| tree | ddbfd39aa0fe46e61101c623a637fe55791641f8 /ssl/t1_enc.c | |
| parent | 24b28060975c01b749391778d13ec2ea1323a1aa (diff) | |
Timing fix mitigation for FIPS mode.
We have to use EVP in FIPS mode so we can only partially mitigate
timing differences.
Make an extra call to HMAC_Update to hash additonal blocks
to cover any timing differences caused by removal of padding.
Diffstat (limited to 'ssl/t1_enc.c')
| -rw-r--r-- | ssl/t1_enc.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index d621293a74..e75a66ba9d 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -758,6 +758,14 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) HMAC_Update(&hmac,rec->input,rec->length); HMAC_Final(&hmac,md,&mds); md_size = mds; +#ifdef OPENSSL_FIPS + if (!send && FIPS_mode()) + tls_fips_digest_extra( + ssl->enc_read_ctx, + hash, + &hmac, rec->input, + rec->length, rec->orig_len); +#endif } HMAC_CTX_cleanup(&hmac); |