summaryrefslogtreecommitdiffstats
path: root/providers/implementations/ciphers
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2020-06-23 14:34:45 +0100
committerMatt Caswell <matt@openssl.org>2020-07-06 09:26:09 +0100
commitf29dbb08668318b84d7bca0bd63c585e0169545e (patch)
tree1531079494aadd739ff09b15449a255928448006 /providers/implementations/ciphers
parent09ce6e0854b9dee49a25662e1aaaa869b2afc2a1 (diff)
Decreate the length after decryption for the stitched ciphers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12288)
Diffstat (limited to 'providers/implementations/ciphers')
-rw-r--r--providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c2
-rw-r--r--providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c2
-rw-r--r--providers/implementations/ciphers/ciphercommon.c12
3 files changed, 16 insertions, 0 deletions
diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
index dc2412c7b5..12644e780f 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
@@ -60,6 +60,8 @@ static int aesni_cbc_hmac_sha1_init_key(PROV_CIPHER_CTX *vctx,
ctx->payload_length = NO_PAYLOAD_LENGTH;
+ vctx->removetlspad = SHA_DIGEST_LENGTH + AES_BLOCK_SIZE;
+
return ret < 0 ? 0 : 1;
}
diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
index f2a233710c..35106e0171 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
@@ -62,6 +62,8 @@ static int aesni_cbc_hmac_sha256_init_key(PROV_CIPHER_CTX *vctx,
ctx->payload_length = NO_PAYLOAD_LENGTH;
+ vctx->removetlspad = SHA256_DIGEST_LENGTH + AES_BLOCK_SIZE;
+
return ret < 0 ? 0 : 1;
}
diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c
index 0b0219c7ad..9c71a7df2a 100644
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
@@ -358,6 +358,18 @@ int cipher_generic_stream_update(void *vctx, unsigned char *out, size_t *outl,
}
*outl = inl;
+ /*
+ * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and
+ * cipher_aes_cbc_hmac_sha256_hw.c
+ */
+ if (!ctx->enc && ctx->removetlspad > 0) {
+ /* The actual padding length */
+ *outl -= out[inl - 1] + 1;
+
+ /* MAC and explicit IV */
+ *outl -= ctx->removetlspad;
+ }
+
return 1;
}
int cipher_generic_stream_final(void *vctx, unsigned char *out, size_t *outl,
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-23 06:56:41 +0000