Ensure Stream ciphers know how to remove a TLS MAC

We previously updated the block ciphers to know how to remove a TLS MAC when using Encrypt-then-MAC. We also need to do the same for stream ciphers. Fixes #13363 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13378)
2025-05-02 12:39:38 +00:00 · 2020-11-10 16:01:11 +00:00 · 2020-11-10 16:01:11 +00:00 · 01c6551ce6
commit 01c6551ce6
parent 1950e0e3e7
1 changed files with 20 additions and 9 deletions
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
@ -429,16 +429,27 @@ int ossl_cipher_generic_stream_update(void *vctx, unsigned char *out,
    }
    *outl = inl;
-    /*
+    if (!ctx->enc) {
-     * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and
+        /*
-     * cipher_aes_cbc_hmac_sha256_hw.c
+        * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and
-     */
+        * cipher_aes_cbc_hmac_sha256_hw.c
-    if (!ctx->enc && ctx->removetlspad > 0) {
+        */
-        /* The actual padding length */
+        if (ctx->removetlspad > 0) {
-        *outl -= out[inl - 1] + 1;
+            /* The actual padding length */
            *outl -= out[inl - 1] + 1;
-        /* MAC and explicit IV */
+            /* MAC and explicit IV */
-        *outl -= ctx->removetlspad;
+            *outl -= ctx->removetlspad;
        }
        /* Extract the MAC if there is one */
        if (ctx->tlsmacsize > 0) {
            if (*outl < ctx->tlsmacsize)
                return 0;
            ctx->tlsmac = out + *outl - ctx->tlsmacsize;
            *outl -= ctx->tlsmacsize;
        }
    }
    return 1;