diff options
author | Matt Caswell <matt@openssl.org> | 2020-11-10 16:01:11 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-11-25 10:14:43 +0000 |
commit | 01c6551ce63005d65aa03edaa4c57d04438cc0d0 (patch) | |
tree | 8ae5e68af6e88c6fc7b759e6d05e2bc9237d9132 /providers | |
parent | 1950e0e3e796a066a0de95330f67d2da9d2c93e5 (diff) |
Ensure Stream ciphers know how to remove a TLS MAC
We previously updated the block ciphers to know how to remove a TLS
MAC when using Encrypt-then-MAC. We also need to do the same for stream
ciphers.
Fixes #13363
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13378)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/ciphers/ciphercommon.c | 29 |
1 files changed, 20 insertions, 9 deletions
diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c index 8d45d7a7d7..23f191fbbf 100644 --- a/providers/implementations/ciphers/ciphercommon.c +++ b/providers/implementations/ciphers/ciphercommon.c @@ -429,16 +429,27 @@ int ossl_cipher_generic_stream_update(void *vctx, unsigned char *out, } *outl = inl; - /* - * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and - * cipher_aes_cbc_hmac_sha256_hw.c - */ - if (!ctx->enc && ctx->removetlspad > 0) { - /* The actual padding length */ - *outl -= out[inl - 1] + 1; + if (!ctx->enc) { + /* + * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and + * cipher_aes_cbc_hmac_sha256_hw.c + */ + if (ctx->removetlspad > 0) { + /* The actual padding length */ + *outl -= out[inl - 1] + 1; + + /* MAC and explicit IV */ + *outl -= ctx->removetlspad; + } - /* MAC and explicit IV */ - *outl -= ctx->removetlspad; + /* Extract the MAC if there is one */ + if (ctx->tlsmacsize > 0) { + if (*outl < ctx->tlsmacsize) + return 0; + + ctx->tlsmac = out + *outl - ctx->tlsmacsize; + *outl -= ctx->tlsmacsize; + } } return 1; |