return(0);
}
+/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+ *
+ * Returns:
+ * 0: (in non-constant time) if the record is publically invalid (i.e. too
+ * short etc).
+ * 1: if the record's padding is valid / the encryption was successful.
+ * -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
+ * an internal error occured.
+ */
int tls1_enc(SSL *s, int send)
{
SSL3_RECORD *rec;
if (!send)
{
if (l == 0 || l%bs != 0)
- {
- SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
return 0;
- }
}
EVP_Cipher(ds,rec->data,rec->input,l);
}
#endif /* KSSL_DEBUG */
- rec->orig_len = rec->length;
-
ret = 1;
if (s->read_hash != NULL)
mac_size = EVP_MD_size(s->read_hash);
SSL3_RECORD *rec;
unsigned char *mac_sec,*seq;
const EVP_MD *hash;
- size_t md_size;
+ size_t md_size, orig_len;
int i;
HMAC_CTX hmac;
unsigned char header[13];
else
memcpy(header, seq, 8);
+ /* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
+ orig_len = rec->length+md_size+((unsigned int)rec->type>>8);
+ rec->type &= 0xff;
+
header[8]=rec->type;
header[9]=(unsigned char)(ssl->version>>8);
header[10]=(unsigned char)(ssl->version);
hash,
md, &md_size,
header, rec->input,
- rec->length + md_size, rec->orig_len,
+ rec->length + md_size, orig_len,
ssl->s3->read_mac_secret,
EVP_MD_size(ssl->read_hash),
0 /* not SSLv3 */);
HMAC_Update(&hmac,rec->input,rec->length);
HMAC_Final(&hmac,md,&mds);
md_size = mds;
+#ifdef OPENSSL_FIPS
+ if (!send && FIPS_mode())
+ tls_fips_digest_extra(
+ ssl->enc_read_ctx,
+ hash,
+ &hmac, rec->input,
+ rec->length, rec->orig_len);
+#endif
}
HMAC_CTX_cleanup(&hmac);
projects / openssl.git / blobdiff