From: Matt Caswell <matt@openssl.org>
Date: Thu, 20 Aug 2020 14:48:05 +0000 (+0100)
Subject: Make ssl3_cbc_digest_record() use the real data_size
X-Git-Tag: openssl-3.0.0-alpha7~412
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e08f86ddb1b4b911da55af6d7f71f00f43529e50;p=thirdparty%2Fopenssl.git

Make ssl3_cbc_digest_record() use the real data_size

Previously we passed it the data plus mac size. Now we just pass it the
data size. We already know the mac size.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
---

diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c
index 3376395a172..f6cb544f64e 100644
--- a/providers/implementations/macs/hmac_prov.c
+++ b/providers/implementations/macs/hmac_prov.c
@@ -65,7 +65,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
                            size_t *md_out_size,
                            const unsigned char header[13],
                            const unsigned char *data,
-                           size_t data_plus_mac_size,
+                           size_t data_size,
                            size_t data_plus_mac_plus_padding_size,
                            const unsigned char *mac_secret,
                            size_t mac_secret_length, char is_sslv3);
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 6708a832412..baa4f239bf5 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -1365,7 +1365,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
         if (ssl3_cbc_digest_record(EVP_MD_CTX_md(hash),
                                    md, &md_size,
                                    header, rec->input,
-                                   rec->length + md_size, rec->orig_len,
+                                   rec->length, rec->orig_len,
                                    mac_sec, md_size, 1) <= 0)
             return 0;
     } else {
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index bffaebb0c21..94492ca293e 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -36,7 +36,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
                            size_t *md_out_size,
                            const unsigned char header[13],
                            const unsigned char *data,
-                           size_t data_plus_mac_size,
+                           size_t data_size,
                            size_t data_plus_mac_plus_padding_size,
                            const unsigned char *mac_secret,
                            size_t mac_secret_length, char is_sslv3);
@@ -161,16 +161,13 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
  *   md_out_size: if non-NULL, the number of output bytes is written here.
  *   header: the 13-byte, TLS record header.
  *   data: the record data itself, less any preceding explicit IV.
- *   data_plus_mac_size: the secret, reported length of the data and MAC
- *     once the padding has been removed.
+ *   data_size: the secret, reported length of the data once the MAC and padding
+ *              has been removed.
  *   data_plus_mac_plus_padding_size: the public length of the whole
- *     record, including padding.
+ *     record, including MAC and padding.
  *   is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS.
  *
- * On entry: by virtue of having been through one of the remove_padding
- * functions, above, we know that data_plus_mac_size is large enough to contain
- * a padding byte and MAC. (If the padding was invalid, it might contain the
- * padding too. )
+ * On entry: we know that data is data_plus_mac_plus_padding_size in length
  * Returns 1 on success or 0 on error
  */
 int ssl3_cbc_digest_record(const EVP_MD *md,
@@ -178,7 +175,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
                            size_t *md_out_size,
                            const unsigned char header[13],
                            const unsigned char *data,
-                           size_t data_plus_mac_size,
+                           size_t data_size,
                            size_t data_plus_mac_plus_padding_size,
                            const unsigned char *mac_secret,
                            size_t mac_secret_length, char is_sslv3)
@@ -343,7 +340,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
     /*
      * mac_end_offset is the index just past the end of the data to be MACed.
      */
-    mac_end_offset = data_plus_mac_size + header_length - md_size;
+    mac_end_offset = data_size + header_length;
     /*
      * c is the index of the 0x80 byte in the final hash block that contains
      * application data.
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index c54ced6a1db..49d24e6a96b 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -2766,7 +2766,7 @@ __owur int ssl3_cbc_digest_record(const EVP_MD *md,
                                   size_t *md_out_size,
                                   const unsigned char header[13],
                                   const unsigned char *data,
-                                  size_t data_plus_mac_size,
+                                  size_t data_size,
                                   size_t data_plus_mac_plus_padding_size,
                                   const unsigned char *mac_secret,
                                   size_t mac_secret_length, char is_sslv3);