fixup! Add support for integrity-only cipher suites for TLS v1.3

siemens · Mar 7, 2024 · 7436311 · 7436311
1 parent 0b3234f
commit 7436311
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 7 deletions.
diff --git a/providers/implementations/ciphers/cipher_enull_hmac.c b/providers/implementations/ciphers/cipher_enull_hmac.c
@@ -58,15 +58,12 @@ static void *enull_hmac_dupctx(void *vctx)
     if (dupctx == NULL)
         return NULL;
 
+    if (!ossl_assert(dupctx->base.tlsmac == NULL))
+        goto err;
+
     if (!ossl_prov_digest_copy(&dupctx->md, &ctx->md))
         goto err;
 
-    if (dupctx->base.tlsmac != NULL && dupctx->base.alloced) {
-        dupctx->base.tlsmac = OPENSSL_memdup(dupctx->base.tlsmac,
-                                             dupctx->base.tlsmacsize);
-        if (dupctx->base.tlsmac == NULL)
-            goto err;
-    }
     if ((dupctx->hmac = HMAC_CTX_new()) == NULL)
         goto err;
 

diff --git a/providers/implementations/ciphers/cipher_enull_hmac_hw.c b/providers/implementations/ciphers/cipher_enull_hmac_hw.c
@@ -66,7 +66,8 @@ static int enull_hmac_cipher(PROV_CIPHER_CTX *bctx, unsigned char *out,
             return 0;
 
         if (!bctx->enc) {
-            if (CRYPTO_memcmp(ltag, ctx->tag, ctx->tag_len) != 0)
+            if (ltag_len != ctx->tag_len
+                || CRYPTO_memcmp(ltag, ctx->tag, ctx->tag_len) != 0)
                 return 0;
         }
     }