Ensure TLS padding is added during encryption on the provider side

Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12288)
author: Matt Caswell <matt@openssl.org> 2020-06-26 18:22:18 +0100
committer: Matt Caswell <matt@openssl.org> 2020-07-06 09:26:09 +0100
commit: 2d9f56e9992ef3725b87a0a8e6165a18d038b784 (patch)
tree: 3d206e641a8b27bcfefb627f305e91887dac5c6e /ssl
parent: b5588178232f5cbf32662dfa173c72a001d54aeb (diff)
1 files changed, 16 insertions, 4 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 6359c79bb1..80990e8296 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -869,13 +869,19 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending,
         memmove(rec->data, rec->input, rec->length);
         rec->input = rec->data;
     } else {
+        int provided = (EVP_CIPHER_provider(enc) != NULL);
+
         l = rec->length;
         /* TODO(size_t): Convert this call */
         bs = EVP_CIPHER_CTX_block_size(ds);
 
         /* COMPRESS */
 
-        if ((bs != 1) && sending) {
+        if ((bs != 1) && sending && !provided) {
+            /*
+             * We only do this for legacy ciphers. Provided ciphers add the
+             * padding on the provider side.
+             */
             i = bs - (l % bs);
 
             /* we need to add 'i-1' padding bytes */
@@ -1038,6 +1044,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
             recs[ctr].input = recs[ctr].data;
         }
     } else {
+        int provided = (EVP_CIPHER_provider(enc) != NULL);
+
         bs = EVP_CIPHER_block_size(EVP_CIPHER_CTX_cipher(ds));
 
         if (n_recs > 1) {
@@ -1097,7 +1105,11 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
                     recs[ctr].length += pad;
                 }
 
-            } else if ((bs != 1) && sending) {
+            } else if ((bs != 1) && sending && !provided) {
+                /*
+                 * We only do this for legacy ciphers. Provided ciphers add the
+                 * padding on the provider side.
+                 */
                 padnum = bs - (reclen[ctr] % bs);
 
                 /* Add weird padding of up to 256 bytes */
@@ -1170,7 +1182,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
             }
         }
 
-        if (EVP_CIPHER_provider(enc) != NULL) {
+        if (provided) {
             int outlen;
 
             /* Provided cipher - we do not support pipelining on this path */
@@ -1275,7 +1287,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
                                                         : NULL,
                                          bs,
                                          macsize,
-                                         (EVP_CIPHER_CTX_flags(s->enc_read_ctx)
+                                         (EVP_CIPHER_flags(enc)
                                          & EVP_CIPH_FLAG_AEAD_CIPHER) != 0,
                                          s->ctx->libctx))
                         return 0;
author	Matt Caswell <matt@openssl.org>	2020-06-26 18:22:18 +0100
committer	Matt Caswell <matt@openssl.org>	2020-07-06 09:26:09 +0100
commit	2d9f56e9992ef3725b87a0a8e6165a18d038b784 (patch)
tree	3d206e641a8b27bcfefb627f305e91887dac5c6e /ssl
parent	b5588178232f5cbf32662dfa173c72a001d54aeb (diff)