diff options
| author | Matt Caswell <matt@openssl.org> | 2020-06-23 14:34:45 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-07-06 09:26:09 +0100 |
| commit | f29dbb08668318b84d7bca0bd63c585e0169545e (patch) | |
| tree | 1531079494aadd739ff09b15449a255928448006 /providers | |
| parent | 09ce6e0854b9dee49a25662e1aaaa869b2afc2a1 (diff) | |
Decreate the length after decryption for the stitched ciphers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
Diffstat (limited to 'providers')
4 files changed, 21 insertions, 0 deletions
diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c index dc2412c7b5..12644e780f 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c @@ -60,6 +60,8 @@ static int aesni_cbc_hmac_sha1_init_key(PROV_CIPHER_CTX *vctx, ctx->payload_length = NO_PAYLOAD_LENGTH; + vctx->removetlspad = SHA_DIGEST_LENGTH + AES_BLOCK_SIZE; + return ret < 0 ? 0 : 1; } diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c index f2a233710c..35106e0171 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c @@ -62,6 +62,8 @@ static int aesni_cbc_hmac_sha256_init_key(PROV_CIPHER_CTX *vctx, ctx->payload_length = NO_PAYLOAD_LENGTH; + vctx->removetlspad = SHA256_DIGEST_LENGTH + AES_BLOCK_SIZE; + return ret < 0 ? 0 : 1; } diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c index 0b0219c7ad..9c71a7df2a 100644 --- a/providers/implementations/ciphers/ciphercommon.c +++ b/providers/implementations/ciphers/ciphercommon.c @@ -358,6 +358,18 @@ int cipher_generic_stream_update(void *vctx, unsigned char *out, size_t *outl, } *outl = inl; + /* + * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and + * cipher_aes_cbc_hmac_sha256_hw.c + */ + if (!ctx->enc && ctx->removetlspad > 0) { + /* The actual padding length */ + *outl -= out[inl - 1] + 1; + + /* MAC and explicit IV */ + *outl -= ctx->removetlspad; + } + return 1; } int cipher_generic_stream_final(void *vctx, unsigned char *out, size_t *outl, diff --git a/providers/implementations/include/prov/ciphercommon.h b/providers/implementations/include/prov/ciphercommon.h index 55adf3caa2..83f64e7728 100644 --- a/providers/implementations/include/prov/ciphercommon.h +++ b/providers/implementations/include/prov/ciphercommon.h @@ -58,6 +58,11 @@ struct prov_cipher_ctx_st { * points into the user buffer. */ size_t tlsmacsize; /* Size of the TLS MAC */ + size_t removetlspad; /* + * Length of the fixed size data to remove when + * removing TLS padding (equals mac size plus + * IV size if applicable) + */ /* * num contains the number of bytes of |iv| which are valid for modes that |