Timing fix mitigation for FIPS mode.
[openssl.git] / ssl / t1_enc.c
index c7759eb..e313355 100644 (file)
@@ -1049,6 +1049,13 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
                EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
                t=EVP_DigestSignFinal(mac_ctx,md,&md_size);
                OPENSSL_assert(t > 0);
+#ifdef OPENSSL_FIPS
+               if (!send && FIPS_mode())
+                       tls_fips_digest_extra(
+                                       ssl->enc_read_ctx,
+                                       mac_ctx, rec->input,
+                                       rec->length, rec->orig_len);
+#endif
                }
                
        if (!stream_mac)