From f29dbb08668318b84d7bca0bd63c585e0169545e Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 23 Jun 2020 14:34:45 +0100 Subject: [PATCH] Decreate the length after decryption for the stitched ciphers Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) --- .../ciphers/cipher_aes_cbc_hmac_sha1_hw.c | 2 ++ .../ciphers/cipher_aes_cbc_hmac_sha256_hw.c | 2 ++ providers/implementations/ciphers/ciphercommon.c | 12 ++++++++++++ .../implementations/include/prov/ciphercommon.h | 5 +++++ 4 files changed, 21 insertions(+) diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c index dc2412c7b5..12644e780f 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c @@ -60,6 +60,8 @@ static int aesni_cbc_hmac_sha1_init_key(PROV_CIPHER_CTX *vctx, ctx->payload_length = NO_PAYLOAD_LENGTH; + vctx->removetlspad = SHA_DIGEST_LENGTH + AES_BLOCK_SIZE; + return ret < 0 ? 0 : 1; } diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c index f2a233710c..35106e0171 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c @@ -62,6 +62,8 @@ static int aesni_cbc_hmac_sha256_init_key(PROV_CIPHER_CTX *vctx, ctx->payload_length = NO_PAYLOAD_LENGTH; + vctx->removetlspad = SHA256_DIGEST_LENGTH + AES_BLOCK_SIZE; + return ret < 0 ? 0 : 1; } diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c index 0b0219c7ad..9c71a7df2a 100644 --- a/providers/implementations/ciphers/ciphercommon.c +++ b/providers/implementations/ciphers/ciphercommon.c @@ -358,6 +358,18 @@ int cipher_generic_stream_update(void *vctx, unsigned char *out, size_t *outl, } *outl = inl; + /* + * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and + * cipher_aes_cbc_hmac_sha256_hw.c + */ + if (!ctx->enc && ctx->removetlspad > 0) { + /* The actual padding length */ + *outl -= out[inl - 1] + 1; + + /* MAC and explicit IV */ + *outl -= ctx->removetlspad; + } + return 1; } int cipher_generic_stream_final(void *vctx, unsigned char *out, size_t *outl, diff --git a/providers/implementations/include/prov/ciphercommon.h b/providers/implementations/include/prov/ciphercommon.h index 55adf3caa2..83f64e7728 100644 --- a/providers/implementations/include/prov/ciphercommon.h +++ b/providers/implementations/include/prov/ciphercommon.h @@ -58,6 +58,11 @@ struct prov_cipher_ctx_st { * points into the user buffer. */ size_t tlsmacsize; /* Size of the TLS MAC */ + size_t removetlspad; /* + * Length of the fixed size data to remove when + * removing TLS padding (equals mac size plus + * IV size if applicable) + */ /* * num contains the number of bytes of |iv| which are valid for modes that -- 2.34.1