Ensure Stream ciphers know how to remove a TLS MAC

We previously updated the block ciphers to know how to remove a TLS MAC when using Encrypt-then-MAC. We also need to do the same for stream ciphers. Fixes #13363 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13378)
2025-04-30 19:54:39 +00:00 · 2020-11-10 16:01:11 +00:00 · 2020-11-10 16:01:11 +00:00 · 01c6551ce6
commit 01c6551ce6
parent 1950e0e3e7
1 changed files with 20 additions and 9 deletions
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
@ -429,16 +429,27 @@ int ossl_cipher_generic_stream_update(void *vctx, unsigned char *out,
    }

    *outl = inl;
-    /*
-     * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and
-     * cipher_aes_cbc_hmac_sha256_hw.c
-     */
-    if (!ctx->enc && ctx->removetlspad > 0) {
-        /* The actual padding length */
-        *outl -= out[inl - 1] + 1;
+    if (!ctx->enc) {
+        /*
+        * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and
+        * cipher_aes_cbc_hmac_sha256_hw.c
+        */
+        if (ctx->removetlspad > 0) {
+            /* The actual padding length */
+            *outl -= out[inl - 1] + 1;

-        /* MAC and explicit IV */
-        *outl -= ctx->removetlspad;
+            /* MAC and explicit IV */
+            *outl -= ctx->removetlspad;
+        }
+
+        /* Extract the MAC if there is one */
+        if (ctx->tlsmacsize > 0) {
+            if (*outl < ctx->tlsmacsize)
+                return 0;
+
+            ctx->tlsmac = out + *outl - ctx->tlsmacsize;
+            *outl -= ctx->tlsmacsize;
+        }
    }

    return 1;