Timing fix mitigation for FIPS mode.

We have to use EVP in FIPS mode so we can only partially mitigate timing differences. Make an extra call to EVP_DigestSignUpdate to hash additonal blocks to cover any timing differences caused by removal of padding.
author: Dr. Stephen Henson <steve@openssl.org> 2013-01-29 14:44:36 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-01-31 12:34:10 +0000
commit: b908e88ec15aa0a74805e3f2236fc4f83f2789c2 (patch)
tree: 424b1a8703f65502460f311a42d3da7521a4085b /ssl/t1_enc.c
parent: 014265eb02e26f35c8db58e2ccbf100b0b2f0072 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index bb46f7f9ba..6fbe2c33aa 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -1025,6 +1025,13 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 		EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
 		t=EVP_DigestSignFinal(mac_ctx,md,&md_size);
 		OPENSSL_assert(t > 0);
+#ifdef OPENSSL_FIPS
+		if (!send && FIPS_mode())
+			tls_fips_digest_extra(
+	    				ssl->enc_read_ctx,
+					mac_ctx, rec->input,
+					rec->length, rec->orig_len);
+#endif
 		}
 		
 	if (!stream_mac)
author	Dr. Stephen Henson <steve@openssl.org>	2013-01-29 14:44:36 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-01-31 12:34:10 +0000
commit	b908e88ec15aa0a74805e3f2236fc4f83f2789c2 (patch)
tree	424b1a8703f65502460f311a42d3da7521a4085b /ssl/t1_enc.c
parent	014265eb02e26f35c8db58e2ccbf100b0b2f0072 (diff)