From: Matt Caswell Date: Tue, 10 Nov 2020 16:01:11 +0000 (+0000) Subject: Ensure Stream ciphers know how to remove a TLS MAC X-Git-Tag: openssl-3.0.0-alpha9~10 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=01c6551ce63005d65aa03edaa4c57d04438cc0d0;p=thirdparty%2Fopenssl.git Ensure Stream ciphers know how to remove a TLS MAC We previously updated the block ciphers to know how to remove a TLS MAC when using Encrypt-then-MAC. We also need to do the same for stream ciphers. Fixes #13363 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/13378) --- diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c index 8d45d7a7d73..23f191fbbff 100644 --- a/providers/implementations/ciphers/ciphercommon.c +++ b/providers/implementations/ciphers/ciphercommon.c @@ -429,16 +429,27 @@ int ossl_cipher_generic_stream_update(void *vctx, unsigned char *out, } *outl = inl; - /* - * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and - * cipher_aes_cbc_hmac_sha256_hw.c - */ - if (!ctx->enc && ctx->removetlspad > 0) { - /* The actual padding length */ - *outl -= out[inl - 1] + 1; + if (!ctx->enc) { + /* + * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and + * cipher_aes_cbc_hmac_sha256_hw.c + */ + if (ctx->removetlspad > 0) { + /* The actual padding length */ + *outl -= out[inl - 1] + 1; + + /* MAC and explicit IV */ + *outl -= ctx->removetlspad; + } - /* MAC and explicit IV */ - *outl -= ctx->removetlspad; + /* Extract the MAC if there is one */ + if (ctx->tlsmacsize > 0) { + if (*outl < ctx->tlsmacsize) + return 0; + + ctx->tlsmac = out + *outl - ctx->tlsmacsize; + *outl -= ctx->tlsmacsize; + } } return 1;