diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-11-04 19:55:00 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-11-04 19:55:51 +0100 |
commit | cb9bd9f425b7c5d01a2ccf41ae2cb0101da24c5e (patch) | |
tree | fabc885e8a0a6c63d29f2eea587edbeaa71ec324 | |
parent | 6e47f6043aa7c25055e43b2a9d5322db63604d52 (diff) | |
download | gnutls-cb9bd9f425b7c5d01a2ccf41ae2cb0101da24c5e.tar.gz |
corrected NULL cipher encryption. Reported by Fabrice Gautier.
-rw-r--r-- | lib/gnutls_cipher_int.c | 38 | ||||
-rw-r--r-- | lib/gnutls_cipher_int.h | 5 |
2 files changed, 27 insertions, 16 deletions
diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c index d61d2c818c..5814d5127c 100644 --- a/lib/gnutls_cipher_int.c +++ b/lib/gnutls_cipher_int.c @@ -41,6 +41,9 @@ _gnutls_cipher_init (cipher_hd_st * handle, gnutls_cipher_algorithm_t cipher, int ret = GNUTLS_E_INTERNAL_ERROR; const gnutls_crypto_cipher_st *cc = NULL; + if (cipher == GNUTLS_CIPHER_NULL) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + handle->is_aead = _gnutls_cipher_algo_is_aead(cipher); if (handle->is_aead) handle->tag_size = gnutls_cipher_get_block_size(cipher); @@ -124,12 +127,14 @@ int ret; memset(handle, 0, sizeof(*handle)); - ret = _gnutls_cipher_init(&handle->cipher, cipher, cipher_key, iv, enc); - if (ret < 0) + if (cipher != GNUTLS_CIPHER_NULL) { - gnutls_assert(); - return ret; + ret = _gnutls_cipher_init(&handle->cipher, cipher, cipher_key, iv, enc); + if (ret < 0) + return gnutls_assert_val(ret); } + else + handle->is_null = 1; if (mac != GNUTLS_MAC_AEAD) { @@ -153,7 +158,8 @@ int ret; return 0; cleanup: - _gnutls_cipher_deinit(&handle->cipher); + if (handle->is_null == 0) + _gnutls_cipher_deinit(&handle->cipher); return ret; } @@ -196,9 +202,12 @@ int ret; if (ret < 0) return gnutls_assert_val(ret); - ret = _gnutls_cipher_encrypt2(&handle->cipher, text, textlen, ciphertext, ciphertextlen); - if (ret < 0) - return gnutls_assert_val(ret); + if (handle->is_null==0) + { + ret = _gnutls_cipher_encrypt2(&handle->cipher, text, textlen, ciphertext, ciphertextlen); + if (ret < 0) + return gnutls_assert_val(ret); + } } else if (_gnutls_cipher_is_aead(&handle->cipher)) { @@ -220,12 +229,12 @@ int _gnutls_auth_cipher_decrypt2 (auth_cipher_hd_st * handle, { int ret; - ret = _gnutls_cipher_decrypt2(&handle->cipher, ciphertext, ciphertextlen, - text, textlen); - if (ret < 0) + if (handle->is_null==0) { - gnutls_assert(); - return ret; + ret = _gnutls_cipher_decrypt2(&handle->cipher, ciphertext, ciphertextlen, + text, textlen); + if (ret < 0) + return gnutls_assert_val(ret); } if (handle->is_mac) @@ -278,5 +287,6 @@ void _gnutls_auth_cipher_deinit (auth_cipher_hd_st * handle) else _gnutls_hmac_deinit(&handle->mac, NULL); } - _gnutls_cipher_deinit(&handle->cipher); + if (handle->is_null==0) + _gnutls_cipher_deinit(&handle->cipher); } diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h index bd2b68d215..301bce8268 100644 --- a/lib/gnutls_cipher_int.h +++ b/lib/gnutls_cipher_int.h @@ -141,8 +141,9 @@ typedef struct { cipher_hd_st cipher; digest_hd_st mac; - int is_mac:1; - int ssl_hmac:1; + unsigned int is_mac:1; + unsigned int ssl_hmac:1; + unsigned int is_null:1; int tag_size; } auth_cipher_hd_st; |