* https://www.openssl.org/source/license.html
*/
+#include <assert.h>
#include "../ssl_locl.h"
#include "internal/constant_time_locl.h"
#include <openssl/rand.h>
* If in encrypt-then-mac mode calculate mac from encrypted record. All
* the details below are public so no timing details can leak.
*/
- if (SSL_USE_ETM(s) && s->read_hash) {
+ if (SSL_READ_ETM(s) && s->read_hash) {
unsigned char *mac;
/* TODO(size_t): convert this to do size_t properly */
imac_size = EVP_MD_CTX_size(s->read_hash);
- if (imac_size < 0) {
+ assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE);
+ if (imac_size < 0 || imac_size > EVP_MAX_MD_SIZE) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_RECORD, ERR_LIB_EVP);
goto f_err;
}
mac_size = (size_t)imac_size;
- OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
for (j = 0; j < num_recs; j++) {
thisrr = &rr[j];
/* r->length is now the compressed data plus mac */
if ((sess != NULL) &&
(s->enc_read_ctx != NULL) &&
- (EVP_MD_CTX_md(s->read_hash) != NULL) && !SSL_USE_ETM(s)) {
+ (!SSL_READ_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL)) {
/* s->read_hash != NULL => mac_size != -1 */
unsigned char *mac = NULL;
unsigned char mac_tmp[EVP_MAX_MD_SIZE];
}
ret = 1;
- if (!SSL_USE_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL) {
+ if (!SSL_READ_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL) {
imac_size = EVP_MD_CTX_size(s->read_hash);
if (imac_size < 0)
return -1;
header[11] = (unsigned char)(rec->length >> 8);
header[12] = (unsigned char)(rec->length & 0xff);
- if (!send && !SSL_USE_ETM(ssl) &&
+ if (!send && !SSL_READ_ETM(ssl) &&
EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
ssl3_cbc_record_digest_supported(mac_ctx)) {
/*
EVP_MD_CTX_free(hmac);
return 0;
}
- if (!send && !SSL_USE_ETM(ssl) && FIPS_mode())
- if (!tls_fips_digest_extra(ssl->enc_read_ctx,
- mac_ctx, rec->input,
- rec->length, rec->orig_len)) {
- EVP_MD_CTX_free(hmac);
- return 0;
- }
}
EVP_MD_CTX_free(hmac);
rr->data = rr->input;
rr->orig_len = rr->length;
- if (SSL_USE_ETM(s) && s->read_hash) {
+ if (SSL_READ_ETM(s) && s->read_hash) {
unsigned char *mac;
mac_size = EVP_MD_CTX_size(s->read_hash);
OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
#endif
/* r->length is now the compressed data plus mac */
- if ((sess != NULL) && !SSL_USE_ETM(s) &&
+ if ((sess != NULL) && !SSL_READ_ETM(s) &&
(s->enc_read_ctx != NULL) && (EVP_MD_CTX_md(s->read_hash) != NULL)) {
/* s->read_hash != NULL => mac_size != -1 */
unsigned char *mac = NULL;