}
if (ctx->base.tlsversion == SSL3_VERSION
|| ctx->base.tlsversion == TLS1_VERSION) {
- if (!ossl_assert(ctx->base.removetlspad >= AES_BLOCK_SIZE)) {
+ if (!ossl_assert(ctx->base.removetlsfixed >= AES_BLOCK_SIZE)) {
ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
return 0;
}
* There is no explicit IV with these TLS versions, so don't attempt
* to remove it.
*/
- ctx->base.removetlspad -= AES_BLOCK_SIZE;
+ ctx->base.removetlsfixed -= AES_BLOCK_SIZE;
}
}
return ret;
ctx->payload_length = NO_PAYLOAD_LENGTH;
- vctx->removetlspad = SHA_DIGEST_LENGTH + AES_BLOCK_SIZE;
+ vctx->removetlspad = 1;
+ vctx->removetlsfixed = SHA_DIGEST_LENGTH + AES_BLOCK_SIZE;
return ret < 0 ? 0 : 1;
}
ctx->payload_length = NO_PAYLOAD_LENGTH;
- vctx->removetlspad = SHA256_DIGEST_LENGTH + AES_BLOCK_SIZE;
+ vctx->removetlspad = 1;
+ vctx->removetlsfixed = SHA256_DIGEST_LENGTH + AES_BLOCK_SIZE;
return ret < 0 ? 0 : 1;
}
ctx->tail = ctx->head;
ctx->md = ctx->head;
ctx->payload_length = NO_PAYLOAD_LENGTH;
+ bctx->removetlsfixed = MD5_DIGEST_LENGTH;
return 1;
}
* Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and
* cipher_aes_cbc_hmac_sha256_hw.c
*/
- if (ctx->removetlspad > 0) {
+ if (ctx->removetlspad) {
+ /*
+ * We should have already failed in the cipher() call above if this
+ * isn't true.
+ */
+ if (!ossl_assert(*outl >= (size_t)(out[inl - 1] + 1)))
+ return 0;
/* The actual padding length */
*outl -= out[inl - 1] + 1;
-
- /* MAC and explicit IV */
- *outl -= ctx->removetlspad;
}
+ /* TLS MAC and explicit IV if relevant. We should have already failed
+ * in the cipher() call above if *outl is too short.
+ */
+ if (!ossl_assert(*outl >= ctx->removetlsfixed))
+ return 0;
+ *outl -= ctx->removetlsfixed;
+
/* Extract the MAC if there is one */
if (ctx->tlsmacsize > 0) {
if (*outl < ctx->tlsmacsize)
* points into the user buffer.
*/
size_t tlsmacsize; /* Size of the TLS MAC */
- size_t removetlspad; /*
+ int removetlspad; /* Whether TLS padding should be removed or not */
+ size_t removetlsfixed; /*
* Length of the fixed size data to remove when
- * removing TLS padding (equals mac size plus
+ * processing TLS data (equals mac size plus
* IV size if applicable)
*/