const cipher_entry_st *c;
c = _gnutls_cipher_suite_get_cipher_algo(session->security_parameters.cipher_suite);
- if (c == NULL || c->type == CIPHER_AEAD)
+ if (c == NULL || (c->type == CIPHER_AEAD || c->type == CIPHER_STREAM))
return 0;
session->security_parameters.etm = 1;
extension_priv_data_t epriv;
c = _gnutls_cipher_suite_get_cipher_algo(session->security_parameters.cipher_suite);
- if (c == NULL || c->type == CIPHER_AEAD)
+ if (c == NULL || (c->type == CIPHER_AEAD || c->type == CIPHER_STREAM))
return 0;
ret = _gnutls_ext_get_session_data(session,
int auth_cipher =
_gnutls_auth_cipher_is_aead(¶ms->write.cipher_state);
uint8_t nonce[MAX_CIPHER_BLOCK_SIZE];
- unsigned imp_iv_size, exp_iv_size;
+ unsigned imp_iv_size = 0, exp_iv_size = 0;
if (unlikely(ver == NULL))
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
cipher_data += exp_iv_size;
}
- if (params->etm && algo_type != CIPHER_AEAD)
+ if (params->etm && algo_type == CIPHER_BLOCK)
ret = length-tag_size;
else
ret = compressed->size;
blocksize = _gnutls_cipher_get_block_size(params->cipher);
/* if EtM mode and not AEAD */
- if (params->etm !=0 && cipher_type != CIPHER_AEAD) {
+ if (params->etm !=0 && cipher_type == CIPHER_BLOCK) {
if (unlikely(ciphertext->size < tag_size))
return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
/* Pass the type, version, length and compressed through
* MAC.
*/
- if (params->etm == 0) {
- preamble_size =
- make_preamble(UINT64DATA(*sequence), type,
- length, ver, preamble);
+ preamble_size =
+ make_preamble(UINT64DATA(*sequence), type,
+ length, ver, preamble);
- ret =
- _gnutls_auth_cipher_add_auth(¶ms->read.
- cipher_state, preamble,
- preamble_size);
- if (unlikely(ret < 0))
- return gnutls_assert_val(ret);
- }
+ ret =
+ _gnutls_auth_cipher_add_auth(¶ms->read.
+ cipher_state, preamble,
+ preamble_size);
+ if (unlikely(ret < 0))
+ return gnutls_assert_val(ret);
if (unlikely
((unsigned) length_to_decrypt > compressed->size)) {
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
}
- if (params->etm ==0 && cipher_type != CIPHER_AEAD) {
+ if (params->etm == 0 || cipher_type != CIPHER_BLOCK) {
ret =
_gnutls_auth_cipher_tag(¶ms->read.cipher_state, tag,
tag_size);
} else {
uint8_t *orig_ciphertext = ciphertext;
- if (handle->etm == 0) {
+ if (handle->etm == 0 || handle->cipher.e->type != CIPHER_BLOCK) {
MAC(handle, text, textlen);
}
if (ciphertext != text && textlen > 0)
memcpy(ciphertext, text, textlen);
- if (handle->etm == 0) {
+ if (handle->etm == 0 || handle->cipher.e->type != CIPHER_BLOCK) {
ret =
_gnutls_auth_cipher_tag(handle,
ciphertext + textlen,
if (ret < 0)
return gnutls_assert_val(ret);
- if (handle->etm != 0) {
+ if (handle->etm != 0 && handle->cipher.e->type == CIPHER_BLOCK) {
MAC(handle, orig_ciphertext, l);
MAC(handle, ciphertext, textlen);
if (unlikely(ciphertextlen > textlen))
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- if (handle->is_mac && handle->etm != 0) {
+ if (handle->is_mac && (handle->etm != 0 && handle->cipher.e->type == CIPHER_BLOCK)) {
/* The MAC is not to be hashed */
ciphertextlen -= handle->tag_size;
} else if (handle->non_null == 0 && text != ciphertext)
memcpy(text, ciphertext, ciphertextlen);
- if (handle->is_mac && handle->etm == 0) {
+ if (handle->is_mac && (handle->etm == 0 || handle->cipher.e->type != CIPHER_BLOCK)) {
/* The MAC is not to be hashed */
ciphertextlen -= handle->tag_size;
projects / thirdparty / gnutls.git / commitdiff
