diff options
Diffstat (limited to '')
-rw-r--r-- | src/lib/libssl/s3_cbc.c | 51 |
1 files changed, 0 insertions, 51 deletions
diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c index d6cc9b4771..964266e5b2 100644 --- a/src/lib/libssl/s3_cbc.c +++ b/src/lib/libssl/s3_cbc.c | |||
@@ -386,10 +386,6 @@ tls1_sha512_final_raw(void* ctx, unsigned char *md_out) | |||
386 | char | 386 | char |
387 | ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) | 387 | ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) |
388 | { | 388 | { |
389 | #ifdef OPENSSL_FIPS | ||
390 | if (FIPS_mode()) | ||
391 | return 0; | ||
392 | #endif | ||
393 | switch (EVP_MD_CTX_type(ctx)) { | 389 | switch (EVP_MD_CTX_type(ctx)) { |
394 | case NID_md5: | 390 | case NID_md5: |
395 | case NID_sha1: | 391 | case NID_sha1: |
@@ -710,50 +706,3 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, | |||
710 | *md_out_size = md_out_size_u; | 706 | *md_out_size = md_out_size_u; |
711 | EVP_MD_CTX_cleanup(&md_ctx); | 707 | EVP_MD_CTX_cleanup(&md_ctx); |
712 | } | 708 | } |
713 | |||
714 | #ifdef OPENSSL_FIPS | ||
715 | |||
716 | /* Due to the need to use EVP in FIPS mode we can't reimplement digests but | ||
717 | * we can ensure the number of blocks processed is equal for all cases | ||
718 | * by digesting additional data. | ||
719 | */ | ||
720 | |||
721 | void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx, | ||
722 | EVP_MD_CTX *mac_ctx, const unsigned char *data, size_t data_len, | ||
723 | size_t orig_len) | ||
724 | { | ||
725 | size_t block_size, digest_pad, blocks_data, blocks_orig; | ||
726 | if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE) | ||
727 | return; | ||
728 | block_size = EVP_MD_CTX_block_size(mac_ctx); | ||
729 | /* We are in FIPS mode if we get this far so we know we have only SHA* | ||
730 | * digests and TLS to deal with. | ||
731 | * Minimum digest padding length is 17 for SHA384/SHA512 and 9 | ||
732 | * otherwise. | ||
733 | * Additional header is 13 bytes. To get the number of digest blocks | ||
734 | * processed round up the amount of data plus padding to the nearest | ||
735 | * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise. | ||
736 | * So we have: | ||
737 | * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size | ||
738 | * equivalently: | ||
739 | * blocks = (payload_len + digest_pad + 12)/block_size + 1 | ||
740 | * HMAC adds a constant overhead. | ||
741 | * We're ultimately only interested in differences so this becomes | ||
742 | * blocks = (payload_len + 29)/128 | ||
743 | * for SHA384/SHA512 and | ||
744 | * blocks = (payload_len + 21)/64 | ||
745 | * otherwise. | ||
746 | */ | ||
747 | digest_pad = block_size == 64 ? 21 : 29; | ||
748 | blocks_orig = (orig_len + digest_pad)/block_size; | ||
749 | blocks_data = (data_len + digest_pad)/block_size; | ||
750 | /* MAC enough blocks to make up the difference between the original | ||
751 | * and actual lengths plus one extra block to ensure this is never a | ||
752 | * no op. The "data" pointer should always have enough space to | ||
753 | * perform this operation as it is large enough for a maximum | ||
754 | * length TLS buffer. | ||
755 | */ | ||
756 | EVP_DigestSignUpdate(mac_ctx, data, | ||
757 | (blocks_orig - blocks_data + 1) * block_size); | ||
758 | } | ||
759 | #endif | ||