From 01c6551ce63005d65aa03edaa4c57d04438cc0d0 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 10 Nov 2020 16:01:11 +0000 Subject: [PATCH] Ensure Stream ciphers know how to remove a TLS MAC We previously updated the block ciphers to know how to remove a TLS MAC when using Encrypt-then-MAC. We also need to do the same for stream ciphers. Fixes #13363 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/13378) --- .../implementations/ciphers/ciphercommon.c | 29 +++++++++++++------ 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c index 8d45d7a7d7..23f191fbbf 100644 --- a/providers/implementations/ciphers/ciphercommon.c +++ b/providers/implementations/ciphers/ciphercommon.c @@ -429,16 +429,27 @@ int ossl_cipher_generic_stream_update(void *vctx, unsigned char *out, } *outl = inl; - /* - * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and - * cipher_aes_cbc_hmac_sha256_hw.c - */ - if (!ctx->enc && ctx->removetlspad > 0) { - /* The actual padding length */ - *outl -= out[inl - 1] + 1; + if (!ctx->enc) { + /* + * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and + * cipher_aes_cbc_hmac_sha256_hw.c + */ + if (ctx->removetlspad > 0) { + /* The actual padding length */ + *outl -= out[inl - 1] + 1; - /* MAC and explicit IV */ - *outl -= ctx->removetlspad; + /* MAC and explicit IV */ + *outl -= ctx->removetlspad; + } + + /* Extract the MAC if there is one */ + if (ctx->tlsmacsize > 0) { + if (*outl < ctx->tlsmacsize) + return 0; + + ctx->tlsmac = out + *outl - ctx->tlsmacsize; + *outl -= ctx->tlsmacsize; + } } return 1;