From: Matthias-Christian Ott Date: Tue, 30 Dec 2014 09:58:43 +0000 (+0200) Subject: Don't call _gnutls_cipher_encrypt2 with textlen = 0 in _gnutls_auth_cipher_encrypt2_tag X-Git-Tag: gnutls_3_4_0~422 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9a6f355f2619bf04a2d72c0eca0e8bc9d41cda28;p=thirdparty%2Fgnutls.git Don't call _gnutls_cipher_encrypt2 with textlen = 0 in _gnutls_auth_cipher_encrypt2_tag If the plaintext is shorter than the block size of the used cipher, _gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with textlen = 0. By definition _gnutls_cipher_encrypt2 does nothing in this case and thus does not need to be called. --- diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c index 31b608c46f..3368bae5b4 100644 --- a/lib/gnutls_cipher_int.c +++ b/lib/gnutls_cipher_int.c @@ -266,17 +266,19 @@ int _gnutls_auth_cipher_encrypt2_tag(auth_cipher_hd_st * handle, return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); l = (textlen / blocksize) * blocksize; - ret = - _gnutls_cipher_encrypt2(&handle->cipher, text, + if (l > 0) { + ret = + _gnutls_cipher_encrypt2(&handle->cipher, text, l, ciphertext, ciphertextlen); - if (ret < 0) - return gnutls_assert_val(ret); + if (ret < 0) + return gnutls_assert_val(ret); - textlen -= l; - text += l; - ciphertext += l; - ciphertextlen -= l; + textlen -= l; + text += l; + ciphertext += l; + ciphertextlen -= l; + } if (ciphertext != text && textlen > 0) memcpy(ciphertext, text, textlen);