e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag
countermeasure [from HEAD]. PR: 2778
This commit is contained in:
Andy Polyakov
parent
e6255a7d1e
commit
eb8a65db16
2 changed files with 11 additions and 5 deletions
|
|
@ -83,6 +83,8 @@ typedef struct
|
|||
} aux;
|
||||
} EVP_AES_HMAC_SHA1;
|
||||
|
||||
#define NO_PAYLOAD_LENGTH ((size_t)-1)
|
||||
|
||||
#if defined(AES_ASM) && ( \
|
||||
defined(__x86_64) || defined(__x86_64__) || \
|
||||
defined(_M_AMD64) || defined(_M_X64) || \
|
||||
|
|
@ -124,7 +126,7 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
|
|||
key->tail = key->head;
|
||||
key->md = key->head;
|
||||
|
||||
key->payload_length = 0;
|
||||
key->payload_length = NO_PAYLOAD_LENGTH;
|
||||
|
||||
return ret<0?0:1;
|
||||
}
|
||||
|
|
@ -185,7 +187,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|||
if (len%AES_BLOCK_SIZE) return 0;
|
||||
|
||||
if (ctx->encrypt) {
|
||||
if (plen==0)
|
||||
if (plen==NO_PAYLOAD_LENGTH)
|
||||
plen = len;
|
||||
else if (len!=((plen+SHA_DIGEST_LENGTH+AES_BLOCK_SIZE)&-AES_BLOCK_SIZE))
|
||||
return 0;
|
||||
|
|
@ -271,7 +273,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|||
}
|
||||
}
|
||||
|
||||
key->payload_length = 0;
|
||||
key->payload_length = NO_PAYLOAD_LENGTH;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -664,10 +664,14 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
|
|||
if ( (sess == NULL) ||
|
||||
(s->enc_write_ctx == NULL) ||
|
||||
(EVP_MD_CTX_md(s->write_hash) == NULL))
|
||||
{
|
||||
#if 1
|
||||
clear=s->enc_write_ctx?0:1; /* must be AEAD cipher */
|
||||
#else
|
||||
clear=1;
|
||||
|
||||
if (clear)
|
||||
#endif
|
||||
mac_size=0;
|
||||
}
|
||||
else
|
||||
{
|
||||
mac_size=EVP_MD_CTX_size(s->write_hash);
|
||||
|
|
|
|||
Loading…
Reference in a new issue