projects / oweals / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Timing fix mitigation for FIPS mode.
[oweals/openssl.git] / ssl / t1_enc.c
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index bb46f7f9ba5b7e5bceb183787f569db003d264fc..6fbe2c33aa7ed88beaa7a8a2d413a5c86705d302 100644 (file)
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -1025,6 +1025,13 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
                EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
                t=EVP_DigestSignFinal(mac_ctx,md,&md_size);
                OPENSSL_assert(t > 0);
+#ifdef OPENSSL_FIPS
+               if (!send && FIPS_mode())
+                       tls_fips_digest_extra(
+                                       ssl->enc_read_ctx,
+                                       mac_ctx, rec->input,
+                                       rec->length, rec->orig_len);
+#endif
                }
                
        if (!stream_mac)
Unnamed repository; edit this file 'description' to name the repository.