|
@@ -552,7 +552,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
|
|
|
key->md = key->head;
|
|
|
SHA256_Update(&key->md, key->aux.tls_aad, plen);
|
|
|
|
|
|
-# if 1
|
|
|
+# if 1 /* see original reference version in #else */
|
|
|
len -= SHA256_DIGEST_LENGTH; /* amend mac */
|
|
|
if (len >= (256 + SHA256_CBLOCK)) {
|
|
|
j = (len - (256 + SHA256_CBLOCK)) & (0 - SHA256_CBLOCK);
|
|
@@ -680,7 +680,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
|
|
|
for (; inp_blocks < pad_blocks; inp_blocks++)
|
|
|
sha1_block_data_order(&key->md, data, 1);
|
|
|
}
|
|
|
-# endif
|
|
|
+# endif /* pre-lucky-13 reference version of above */
|
|
|
key->md = key->tail;
|
|
|
SHA256_Update(&key->md, pmac->c, SHA256_DIGEST_LENGTH);
|
|
|
SHA256_Final(pmac->c, &key->md);
|
|
@@ -688,7 +688,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
|
|
|
/* verify HMAC */
|
|
|
out += inp_len;
|
|
|
len -= inp_len;
|
|
|
-# if 1
|
|
|
+# if 1 /* see original reference version in #else */
|
|
|
{
|
|
|
unsigned char *p =
|
|
|
out + len - 1 - maxpad - SHA256_DIGEST_LENGTH;
|
|
@@ -711,7 +711,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
|
|
|
res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
|
|
|
ret &= (int)~res;
|
|
|
}
|
|
|
-# else
|
|
|
+# else /* pre-lucky-13 reference version of above */
|
|
|
for (res = 0, i = 0; i < SHA256_DIGEST_LENGTH; i++)
|
|
|
res |= out[i] ^ pmac->c[i];
|
|
|
res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
|