Ensure TLS padding is added during encryption on the provider side

Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12288)
author: Matt Caswell <matt@openssl.org> 2020-06-26 18:22:18 +0100
committer: Matt Caswell <matt@openssl.org> 2020-07-06 09:26:09 +0100
commit: 2d9f56e9992ef3725b87a0a8e6165a18d038b784 (patch)
tree: 3d206e641a8b27bcfefb627f305e91887dac5c6e /providers
parent: b5588178232f5cbf32662dfa173c72a001d54aeb (diff)
1 files changed, 42 insertions, 2 deletions
diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c
index 2cd5b6f571..a8905d1242 100644
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
@@ -11,6 +11,8 @@
  * Generic dispatch table functions for ciphers.
  */
 
+/* For SSL3_VERSION */
+#include <openssl/ssl.h>
 #include "ciphercommon_local.h"
 #include "prov/provider_ctx.h"
 #include "prov/providercommonerr.h"
@@ -181,6 +183,9 @@ int cipher_generic_dinit(void *vctx, const unsigned char *key, size_t keylen,
                                         iv, ivlen, 0);
 }
 
+/* Max padding including padding length byte */
+#define MAX_PADDING 256
+
 int cipher_generic_block_update(void *vctx, unsigned char *out, size_t *outl,
                                 size_t outsize, const unsigned char *in,
                                 size_t inl)
@@ -197,8 +202,7 @@ int cipher_generic_block_update(void *vctx, unsigned char *out, size_t *outl,
          */
 
         /* Sanity check inputs */
-        if (in == 0
-                || (inl % blksz) != 0
+        if (in == NULL
                 || in != out
                 || outsize < inl
                 || !ctx->pad) {
@@ -206,6 +210,42 @@ int cipher_generic_block_update(void *vctx, unsigned char *out, size_t *outl,
             return 0;
         }
 
+        if (ctx->enc) {
+            unsigned char padval;
+            size_t padnum, loop;
+
+            /* Add padding */
+
+            padnum = blksz - (inl % blksz);
+
+            if (outsize < inl + padnum) {
+                ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
+                return 0;
+            }
+
+            if (padnum > MAX_PADDING) {
+                ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
+                return 0;
+            }
+            padval = (unsigned char)(padnum - 1);
+            if (ctx->tlsversion == SSL3_VERSION) {
+                if (padnum > 1)
+                    memset(out + inl, 0, padnum - 1);
+                *(out + inl + padnum - 1) = padval;
+            } else {
+                /* we need to add 'padnum' padding bytes of value padval */
+                for (loop = inl; loop < inl + padnum; loop++)
+                    out[loop] = padval;
+            }
+            inl += padnum;
+        }
+
+        if ((inl % blksz) != 0) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
+            return 0;
+        }
+
+
         /* Shouldn't normally fail */
         if (!ctx->hw->cipher(ctx, out, in, inl)) {
             ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
author	Matt Caswell <matt@openssl.org>	2020-06-26 18:22:18 +0100
committer	Matt Caswell <matt@openssl.org>	2020-07-06 09:26:09 +0100
commit	2d9f56e9992ef3725b87a0a8e6165a18d038b784 (patch)
tree	3d206e641a8b27bcfefb627f305e91887dac5c6e /providers
parent	b5588178232f5cbf32662dfa173c72a001d54aeb (diff)