From 463c4f4962eaa7bc509e705e41bec8c7f68813b6 Mon Sep 17 00:00:00 2001 From: Rajeev Ranjan Date: Fri, 26 Jan 2024 07:46:22 +0100 Subject: [PATCH] fixup! Add support for integrity-only cipher suites for TLS v1.3 --- providers/implementations/ciphers/cipher_enull_hmac.c | 9 +++------ providers/implementations/ciphers/cipher_enull_hmac_hw.c | 3 ++- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/providers/implementations/ciphers/cipher_enull_hmac.c b/providers/implementations/ciphers/cipher_enull_hmac.c index 290e5b2a92b55..7a9423a2ac7ad 100644 --- a/providers/implementations/ciphers/cipher_enull_hmac.c +++ b/providers/implementations/ciphers/cipher_enull_hmac.c @@ -58,15 +58,12 @@ static void *enull_hmac_dupctx(void *vctx) if (dupctx == NULL) return NULL; + if (!ossl_assert(dupctx->base.tlsmac == NULL)) + goto err; + if (!ossl_prov_digest_copy(&dupctx->md, &ctx->md)) goto err; - if (dupctx->base.tlsmac != NULL && dupctx->base.alloced) { - dupctx->base.tlsmac = OPENSSL_memdup(dupctx->base.tlsmac, - dupctx->base.tlsmacsize); - if (dupctx->base.tlsmac == NULL) - goto err; - } if ((dupctx->hmac = HMAC_CTX_new()) == NULL) goto err; diff --git a/providers/implementations/ciphers/cipher_enull_hmac_hw.c b/providers/implementations/ciphers/cipher_enull_hmac_hw.c index f3e585ebe3326..06d29508d302e 100644 --- a/providers/implementations/ciphers/cipher_enull_hmac_hw.c +++ b/providers/implementations/ciphers/cipher_enull_hmac_hw.c @@ -66,7 +66,8 @@ static int enull_hmac_cipher(PROV_CIPHER_CTX *bctx, unsigned char *out, return 0; if (!bctx->enc) { - if (CRYPTO_memcmp(ltag, ctx->tag, ctx->tag_len) != 0) + if (ltag_len != ctx->tag_len + || CRYPTO_memcmp(ltag, ctx->tag, ctx->tag_len) != 0) return 0; } }