Decreate the length after decryption for the stitched ciphers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)

diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
index dc2412c7b5fa96ff6ec0e1bc6724106c84c82352..12644e780ffe935c0ed84c57017231b0877d6c08 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
@@ -60,6 +60,8 @@ static int aesni_cbc_hmac_sha1_init_key(PROV_CIPHER_CTX *vctx,
 
     ctx->payload_length = NO_PAYLOAD_LENGTH;
 
+    vctx->removetlspad = SHA_DIGEST_LENGTH + AES_BLOCK_SIZE;
+
     return ret < 0 ? 0 : 1;
 }
 

diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
index f2a233710ca865e30843ff3f56833fc9ba2f4957..35106e017156bf9179c8bc39b1a751ee3992e76e 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
@@ -62,6 +62,8 @@ static int aesni_cbc_hmac_sha256_init_key(PROV_CIPHER_CTX *vctx,
 
     ctx->payload_length = NO_PAYLOAD_LENGTH;
 
+    vctx->removetlspad = SHA256_DIGEST_LENGTH + AES_BLOCK_SIZE;
+
     return ret < 0 ? 0 : 1;
 }
 

diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c
index 0b0219c7adfe92e573174f98c067c5a19d8ce785..9c71a7df2a2ab45ccab8a067422694146705d3a3 100644 (file)
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
@@ -358,6 +358,18 @@ int cipher_generic_stream_update(void *vctx, unsigned char *out, size_t *outl,
     }
 
     *outl = inl;
+    /*
+     * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and
+     * cipher_aes_cbc_hmac_sha256_hw.c
+     */
+    if (!ctx->enc && ctx->removetlspad > 0) {
+        /* The actual padding length */
+        *outl -= out[inl - 1] + 1;
+
+        /* MAC and explicit IV */
+        *outl -= ctx->removetlspad;
+    }
+
     return 1;
 }
 int cipher_generic_stream_final(void *vctx, unsigned char *out, size_t *outl,

diff --git a/providers/implementations/include/prov/ciphercommon.h b/providers/implementations/include/prov/ciphercommon.h
index 55adf3caa2f590cc034943125aa942a4b1ff29b0..83f64e772810d4d1e0ba53fb673f65cab2b29c56 100644 (file)
--- a/providers/implementations/include/prov/ciphercommon.h
+++ b/providers/implementations/include/prov/ciphercommon.h
@@ -58,6 +58,11 @@ struct prov_cipher_ctx_st {
                               * points into the user buffer.
                               */
     size_t tlsmacsize;       /* Size of the TLS MAC */
+    size_t removetlspad;     /*
+                              * Length of the fixed size data to remove when
+                              * removing TLS padding (equals mac size plus
+                              * IV size if applicable)
+                              */
 
     /*
      * num contains the number of bytes of |iv| which are valid for modes that