From: Nikos Mavrogiannopoulos Date: Fri, 4 Nov 2011 18:55:00 +0000 (+0100) Subject: corrected NULL cipher encryption. Reported by Fabrice Gautier. X-Git-Tag: gnutls_3_0_6~13 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cb9bd9f425b7c5d01a2ccf41ae2cb0101da24c5e;p=thirdparty%2Fgnutls.git corrected NULL cipher encryption. Reported by Fabrice Gautier. --- diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c index d61d2c818c..5814d5127c 100644 --- a/lib/gnutls_cipher_int.c +++ b/lib/gnutls_cipher_int.c @@ -41,6 +41,9 @@ _gnutls_cipher_init (cipher_hd_st * handle, gnutls_cipher_algorithm_t cipher, int ret = GNUTLS_E_INTERNAL_ERROR; const gnutls_crypto_cipher_st *cc = NULL; + if (cipher == GNUTLS_CIPHER_NULL) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + handle->is_aead = _gnutls_cipher_algo_is_aead(cipher); if (handle->is_aead) handle->tag_size = gnutls_cipher_get_block_size(cipher); @@ -124,12 +127,14 @@ int ret; memset(handle, 0, sizeof(*handle)); - ret = _gnutls_cipher_init(&handle->cipher, cipher, cipher_key, iv, enc); - if (ret < 0) + if (cipher != GNUTLS_CIPHER_NULL) { - gnutls_assert(); - return ret; + ret = _gnutls_cipher_init(&handle->cipher, cipher, cipher_key, iv, enc); + if (ret < 0) + return gnutls_assert_val(ret); } + else + handle->is_null = 1; if (mac != GNUTLS_MAC_AEAD) { @@ -153,7 +158,8 @@ int ret; return 0; cleanup: - _gnutls_cipher_deinit(&handle->cipher); + if (handle->is_null == 0) + _gnutls_cipher_deinit(&handle->cipher); return ret; } @@ -196,9 +202,12 @@ int ret; if (ret < 0) return gnutls_assert_val(ret); - ret = _gnutls_cipher_encrypt2(&handle->cipher, text, textlen, ciphertext, ciphertextlen); - if (ret < 0) - return gnutls_assert_val(ret); + if (handle->is_null==0) + { + ret = _gnutls_cipher_encrypt2(&handle->cipher, text, textlen, ciphertext, ciphertextlen); + if (ret < 0) + return gnutls_assert_val(ret); + } } else if (_gnutls_cipher_is_aead(&handle->cipher)) { @@ -220,12 +229,12 @@ int _gnutls_auth_cipher_decrypt2 (auth_cipher_hd_st * handle, { int ret; - ret = _gnutls_cipher_decrypt2(&handle->cipher, ciphertext, ciphertextlen, - text, textlen); - if (ret < 0) + if (handle->is_null==0) { - gnutls_assert(); - return ret; + ret = _gnutls_cipher_decrypt2(&handle->cipher, ciphertext, ciphertextlen, + text, textlen); + if (ret < 0) + return gnutls_assert_val(ret); } if (handle->is_mac) @@ -278,5 +287,6 @@ void _gnutls_auth_cipher_deinit (auth_cipher_hd_st * handle) else _gnutls_hmac_deinit(&handle->mac, NULL); } - _gnutls_cipher_deinit(&handle->cipher); + if (handle->is_null==0) + _gnutls_cipher_deinit(&handle->cipher); } diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h index bd2b68d215..301bce8268 100644 --- a/lib/gnutls_cipher_int.h +++ b/lib/gnutls_cipher_int.h @@ -141,8 +141,9 @@ typedef struct { cipher_hd_st cipher; digest_hd_st mac; - int is_mac:1; - int ssl_hmac:1; + unsigned int is_mac:1; + unsigned int ssl_hmac:1; + unsigned int is_null:1; int tag_size; } auth_cipher_hd_st;