Timing fix mitigation for FIPS mode.

We have to use EVP in FIPS mode so we can only partially mitigate timing differences. Make an extra call to EVP_DigestSignUpdate to hash additonal blocks to cover any timing differences caused by removal of padding. (cherry picked from commit b908e88ec15aa0a74805e3f2236fc4f83f2789c2)
author: Dr. Stephen Henson <steve@openssl.org> 2013-01-29 15:44:36 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2013-02-06 15:19:08 +0100
commit: c4e6fb15244e27f1e93df3f59fe37b59a784f5dc (patch)
tree: 19fb2aa775ca60fd53f87309e64b1c5f295493c9 /ssl/t1_enc.c
parent: Oops. Add missing file. (diff)
download: openssl-c4e6fb15244e27f1e93df3f59fe37b59a784f5dc.tar.xz
openssl-c4e6fb15244e27f1e93df3f59fe37b59a784f5dc.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index c7759ebf14..e313355fa2 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -1049,6 +1049,13 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 		EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
 		t=EVP_DigestSignFinal(mac_ctx,md,&md_size);
 		OPENSSL_assert(t > 0);
+#ifdef OPENSSL_FIPS
+		if (!send && FIPS_mode())
+			tls_fips_digest_extra(
+	    				ssl->enc_read_ctx,
+					mac_ctx, rec->input,
+					rec->length, rec->orig_len);
+#endif
 		}
 		
 	if (!stream_mac)
author	Dr. Stephen Henson <steve@openssl.org>	2013-01-29 15:44:36 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2013-02-06 15:19:08 +0100
commit	c4e6fb15244e27f1e93df3f59fe37b59a784f5dc (patch)
tree	19fb2aa775ca60fd53f87309e64b1c5f295493c9 /ssl/t1_enc.c
parent	Oops. Add missing file. (diff)
download	openssl-c4e6fb15244e27f1e93df3f59fe37b59a784f5dc.tar.xz openssl-c4e6fb15244e27f1e93df3f59fe37b59a784f5dc.zip