diff options
| author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2020-05-24 16:14:02 +0200 |
|---|---|---|
| committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2021-10-11 16:25:17 +0200 |
| commit | 14fd5a0d55652a7539c66df18d1120baed42248e (patch) | |
| tree | 98e8d01e3cd12cab3a28cec7937692434868c39f /ssl | |
| parent | 549675c54686b8fb0527720abf760313a78a1ae7 (diff) | |
Replace the AES-128-CBC-HMAC-SHA1 cipher in e_ossltest.c
This replaces the AES-128-CBC-HMAC-SHA1 cipher with a
non-encrypting version for use the test suite.
[extended tests]
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16693)
(cherry picked from commit 64da15c40d15aac58e211fd25d00e9ae84d0379b)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/record/ssl3_record.c | 23 | ||||
| -rw-r--r-- | ssl/record/tls_pad.c | 2 | ||||
| -rw-r--r-- | ssl/tls_depr.c | 10 |
3 files changed, 12 insertions, 23 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index b6ac61e0e8..c713f231ca 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1218,23 +1218,17 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, } if (!sending) { - /* Adjust the record to remove the explicit IV/MAC/Tag */ - if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_GCM_MODE) { - for (ctr = 0; ctr < n_recs; ctr++) { + for (ctr = 0; ctr < n_recs; ctr++) { + /* Adjust the record to remove the explicit IV/MAC/Tag */ + if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_GCM_MODE) { recs[ctr].data += EVP_GCM_TLS_EXPLICIT_IV_LEN; recs[ctr].input += EVP_GCM_TLS_EXPLICIT_IV_LEN; recs[ctr].length -= EVP_GCM_TLS_EXPLICIT_IV_LEN; - } - } else if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_CCM_MODE) { - for (ctr = 0; ctr < n_recs; ctr++) { + } else if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_CCM_MODE) { recs[ctr].data += EVP_CCM_TLS_EXPLICIT_IV_LEN; recs[ctr].input += EVP_CCM_TLS_EXPLICIT_IV_LEN; recs[ctr].length -= EVP_CCM_TLS_EXPLICIT_IV_LEN; - } - } - - for (ctr = 0; ctr < n_recs; ctr++) { - if (bs != 1 && SSL_USE_EXPLICIT_IV(s)) { + } else if (bs != 1 && SSL_USE_EXPLICIT_IV(s)) { if (recs[ctr].length < bs) return 0; recs[ctr].data += bs; @@ -1254,17 +1248,12 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, (macs != NULL) ? &macs[ctr].alloced : NULL, bs, - macsize, + pad ? (size_t)pad : macsize, (EVP_CIPHER_get_flags(enc) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0, s->ctx->libctx)) return 0; } - if (pad) { - for (ctr = 0; ctr < n_recs; ctr++) { - recs[ctr].length -= pad; - } - } } } } diff --git a/ssl/record/tls_pad.c b/ssl/record/tls_pad.c index 46614e143b..528c605554 100644 --- a/ssl/record/tls_pad.c +++ b/ssl/record/tls_pad.c @@ -138,8 +138,6 @@ int tls1_cbc_remove_padding_and_mac(size_t *reclen, if (aead) { /* padding is already verified and we don't need to check the MAC */ *reclen -= padding_length + 1 + mac_size; - *mac = NULL; - *alloced = 0; return 1; } diff --git a/ssl/tls_depr.c b/ssl/tls_depr.c index 0b21ff7669..1761ba1d8e 100644 --- a/ssl/tls_depr.c +++ b/ssl/tls_depr.c @@ -27,6 +27,7 @@ void tls_engine_finish(ENGINE *e) const EVP_CIPHER *tls_get_cipher_from_engine(int nid) { + const EVP_CIPHER *ret = NULL; #ifndef OPENSSL_NO_ENGINE ENGINE *eng; @@ -36,15 +37,16 @@ const EVP_CIPHER *tls_get_cipher_from_engine(int nid) */ eng = ENGINE_get_cipher_engine(nid); if (eng != NULL) { + ret = ENGINE_get_cipher(eng, nid); ENGINE_finish(eng); - return EVP_get_cipherbynid(nid); } #endif - return NULL; + return ret; } const EVP_MD *tls_get_digest_from_engine(int nid) { + const EVP_MD *ret = NULL; #ifndef OPENSSL_NO_ENGINE ENGINE *eng; @@ -54,11 +56,11 @@ const EVP_MD *tls_get_digest_from_engine(int nid) */ eng = ENGINE_get_digest_engine(nid); if (eng != NULL) { + ret = ENGINE_get_digest(eng, nid); ENGINE_finish(eng); - return EVP_get_digestbynid(nid); } #endif - return NULL; + return ret; } #ifndef OPENSSL_NO_ENGINE |