Timing fix mitigation for FIPS mode.

[openssl.git] / ssl / t1_enc.c

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index d621293a74b24e7087c11dd6924d21d272c357e3..e75a66ba9d5a8410e7c0bbc24c1a4a7047bd0760 100644 (file)
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -758,6 +758,14 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
                HMAC_Update(&hmac,rec->input,rec->length);
                HMAC_Final(&hmac,md,&mds);
                md_size = mds;
+#ifdef OPENSSL_FIPS
+               if (!send && FIPS_mode())
+                       tls_fips_digest_extra(
+                                       ssl->enc_read_ctx,
+                                       hash,
+                                       &hmac, rec->input,
+                                       rec->length, rec->orig_len);
+#endif
                }
                
        HMAC_CTX_cleanup(&hmac);