LibTLS: Count the mac size towards the packet length in CBC mode

This is a regression introduced in 1172746, where the padding would be done without accounting for the added MAC bytes. Fixes #4098.
author: AnotherTest <ali.mpfard@gmail.com> 2020-11-16 14:11:57 +0330
committer: Andreas Kling <kling@serenityos.org> 2020-11-16 13:21:18 +0100
commit: de4061ff945ab660be1799386a9c707e05b3cfdc (patch)
tree: 76f4b16472efbf33c404b556c2d82883c94deb35 /Libraries/LibTLS
parent: 2a06b026efd068962c04c515d0ed164783b6945f (diff)
download: serenity-de4061ff945ab660be1799386a9c707e05b3cfdc.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/Libraries/LibTLS/Record.cpp b/Libraries/LibTLS/Record.cpp
index 338528c130..521bee2705 100644
--- a/Libraries/LibTLS/Record.cpp
+++ b/Libraries/LibTLS/Record.cpp
@@ -77,10 +77,10 @@ void TLSv12::update_packet(ByteBuffer& packet)
                 // If the length is already a multiple a block_size,
                 // an entire block of padding is added.
                 // In short, we _never_ have no padding.
-                padding = block_size - length % block_size;
-                length += padding;
                 mac_size = mac_length();
                 length += mac_size;
+                padding = block_size - length % block_size;
+                length += padding;
             } else {
                 block_size = m_aes_local.gcm->cipher().block_size();
                 padding = 0;
author	AnotherTest <ali.mpfard@gmail.com>	2020-11-16 14:11:57 +0330
committer	Andreas Kling <kling@serenityos.org>	2020-11-16 13:21:18 +0100
commit	de4061ff945ab660be1799386a9c707e05b3cfdc (patch)
tree	76f4b16472efbf33c404b556c2d82883c94deb35 /Libraries/LibTLS
parent	2a06b026efd068962c04c515d0ed164783b6945f (diff)
download	serenity-de4061ff945ab660be1799386a9c707e05b3cfdc.zip