ret = _gnutls_rnd (GNUTLS_RND_NONCE, data_ptr, blocksize);
if (ret < 0)
return gnutls_assert_val(ret);
-
+
_gnutls_auth_cipher_setiv(¶ms->write.cipher_state, data_ptr, blocksize);
data_ptr += blocksize;
break;
case CIPHER_BLOCK:
- if (ciphertext->size < MAX(blocksize, tag_size) || (ciphertext->size % blocksize != 0))
+ if (ciphertext->size < blocksize || (ciphertext->size % blocksize != 0))
return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
/* ignore the IV in TLS 1.1+
ciphertext->size -= blocksize;
ciphertext->data += blocksize;
-
- if (ciphertext->size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_DECRYPTION_FAILED;
- }
}
+ if (ciphertext->size < tag_size)
+ return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+
/* we don't use the auth_cipher interface here, since
* TLS with block ciphers is impossible to be used under such
* an API. (the length of plaintext is required to calculate
pad = ciphertext->data[ciphertext->size - 1] + 1; /* pad */
+
if ((int) pad > (int) ciphertext->size - tag_size)
{
gnutls_assert ();