diff options
-rw-r--r-- | lib/gnutls_cipher.c | 35 | ||||
-rw-r--r-- | lib/gnutls_cipher_int.c | 11 |
2 files changed, 26 insertions, 20 deletions
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index 3c7eabdd70..cca6a8fed4 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -332,7 +332,7 @@ int _gnutls_ciphertext2compressed(gnutls_session session, uint8 MAC[MAX_HASH_SIZE]; uint16 c_length; uint8 pad; - uint16 length; + int length; GNUTLS_MAC_HANDLE td; uint16 blocksize; int ret, i, pad_failed = 0; @@ -407,7 +407,8 @@ int _gnutls_ciphertext2compressed(gnutls_session session, */ if ( ver == GNUTLS_TLS1) for (i=2;i<pad;i++) { - if (ciphertext.data[ciphertext.size-i] != ciphertext.data[ciphertext.size - 1]) { + if (ciphertext.data[ciphertext.size-i] != ciphertext.data[ciphertext.size - 1]) + { pad_failed = GNUTLS_E_DECRYPTION_FAILED; } } @@ -418,15 +419,7 @@ int _gnutls_ciphertext2compressed(gnutls_session session, return GNUTLS_E_INTERNAL_ERROR; } - /* copy the decrypted stuff to compress_data. - */ - if (compress_size < length) { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; - } - - memcpy( compress_data, ciphertext.data, length); - + if (length < 0) length = 0; c_length = _gnutls_conv_uint16((uint16) length); /* Pass the type, version, length and compressed through @@ -442,12 +435,17 @@ int _gnutls_ciphertext2compressed(gnutls_session session, } _gnutls_hmac(td, &c_length, 2); - if (length!=0) - _gnutls_hmac(td, compress_data, length); + if (length > 0) + _gnutls_hmac(td, ciphertext.data, length); mac_deinit( td, MAC, ver); } + /* This one was introduced to avoid a timing attack against the TLS + * 1.0 protocol. + */ + if (pad_failed != 0) return pad_failed; + /* HMAC was not the same. */ if (memcmp @@ -455,11 +453,14 @@ int _gnutls_ciphertext2compressed(gnutls_session session, gnutls_assert(); return GNUTLS_E_DECRYPTION_FAILED; } - - /* This one was introduced to avoid a timing attack against the TLS - * 1.0 protocol. + + /* copy the decrypted stuff to compress_data. */ - if (pad_failed != 0) return pad_failed; + if (compress_size < length) { + gnutls_assert(); + return GNUTLS_E_INTERNAL_ERROR; + } + memcpy( compress_data, ciphertext.data, length); return length; } diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c index caddcebcd6..05267fff1b 100644 --- a/lib/gnutls_cipher_int.c +++ b/lib/gnutls_cipher_int.c @@ -66,7 +66,9 @@ gcry_error_t err = GPG_ERR_GENERAL; /* doesn't matter */ return ret; } -int _gnutls_cipher_encrypt(GNUTLS_CIPHER_HANDLE handle, void* text, int textlen) { +int _gnutls_cipher_encrypt(GNUTLS_CIPHER_HANDLE handle, void* text, + int textlen) +{ if (handle!=GNUTLS_CIPHER_FAILED) { if (gcry_cipher_encrypt( handle, text, textlen, NULL, textlen)!=0) { gnutls_assert(); @@ -76,7 +78,9 @@ int _gnutls_cipher_encrypt(GNUTLS_CIPHER_HANDLE handle, void* text, int textlen) return 0; } -int _gnutls_cipher_decrypt(GNUTLS_CIPHER_HANDLE handle, void* ciphertext, int ciphertextlen) { +int _gnutls_cipher_decrypt(GNUTLS_CIPHER_HANDLE handle, void* ciphertext, + int ciphertextlen) +{ if (handle!=GNUTLS_CIPHER_FAILED) { if (gcry_cipher_decrypt( handle, ciphertext, ciphertextlen, NULL, ciphertextlen)!=0) { gnutls_assert(); @@ -86,7 +90,8 @@ int _gnutls_cipher_decrypt(GNUTLS_CIPHER_HANDLE handle, void* ciphertext, int ci return 0; } -void _gnutls_cipher_deinit(GNUTLS_CIPHER_HANDLE handle) { +void _gnutls_cipher_deinit(GNUTLS_CIPHER_HANDLE handle) +{ if (handle!=GNUTLS_CIPHER_FAILED) { gcry_cipher_close(handle); } |