From: Matt Caswell Date: Tue, 23 Jun 2020 13:34:45 +0000 (+0100) Subject: Decreate the length after decryption for the stitched ciphers X-Git-Tag: openssl-3.0.0-alpha5~70 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=f29dbb08668318b84d7bca0bd63c585e0169545e Decreate the length after decryption for the stitched ciphers Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) --- diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c index dc2412c7b5..12644e780f 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c @@ -60,6 +60,8 @@ static int aesni_cbc_hmac_sha1_init_key(PROV_CIPHER_CTX *vctx, ctx->payload_length = NO_PAYLOAD_LENGTH; + vctx->removetlspad = SHA_DIGEST_LENGTH + AES_BLOCK_SIZE; + return ret < 0 ? 0 : 1; } diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c index f2a233710c..35106e0171 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c @@ -62,6 +62,8 @@ static int aesni_cbc_hmac_sha256_init_key(PROV_CIPHER_CTX *vctx, ctx->payload_length = NO_PAYLOAD_LENGTH; + vctx->removetlspad = SHA256_DIGEST_LENGTH + AES_BLOCK_SIZE; + return ret < 0 ? 0 : 1; } diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c index 0b0219c7ad..9c71a7df2a 100644 --- a/providers/implementations/ciphers/ciphercommon.c +++ b/providers/implementations/ciphers/ciphercommon.c @@ -358,6 +358,18 @@ int cipher_generic_stream_update(void *vctx, unsigned char *out, size_t *outl, } *outl = inl; + /* + * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and + * cipher_aes_cbc_hmac_sha256_hw.c + */ + if (!ctx->enc && ctx->removetlspad > 0) { + /* The actual padding length */ + *outl -= out[inl - 1] + 1; + + /* MAC and explicit IV */ + *outl -= ctx->removetlspad; + } + return 1; } int cipher_generic_stream_final(void *vctx, unsigned char *out, size_t *outl, diff --git a/providers/implementations/include/prov/ciphercommon.h b/providers/implementations/include/prov/ciphercommon.h index 55adf3caa2..83f64e7728 100644 --- a/providers/implementations/include/prov/ciphercommon.h +++ b/providers/implementations/include/prov/ciphercommon.h @@ -58,6 +58,11 @@ struct prov_cipher_ctx_st { * points into the user buffer. */ size_t tlsmacsize; /* Size of the TLS MAC */ + size_t removetlspad; /* + * Length of the fixed size data to remove when + * removing TLS padding (equals mac size plus + * IV size if applicable) + */ /* * num contains the number of bytes of |iv| which are valid for modes that