From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Tue, 4 Nov 2014 18:27:24 +0000 (+0100)
Subject: EtM fixes: it only applies to block ciphers
X-Git-Tag: gnutls_3_4_0~690
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f180da1a35f6eb6ec8d4a3328c95e6ffd576c0cf;p=thirdparty%2Fgnutls.git

EtM fixes: it only applies to block ciphers
---

diff --git a/lib/ext/etm.c b/lib/ext/etm.c
index 2ae9eba7fd..7556901194 100644
--- a/lib/ext/etm.c
+++ b/lib/ext/etm.c
@@ -79,7 +79,7 @@ _gnutls_ext_etm_recv_params(gnutls_session_t session,
 		const cipher_entry_st *c;
 
 		c = _gnutls_cipher_suite_get_cipher_algo(session->security_parameters.cipher_suite);
-		if (c == NULL || c->type == CIPHER_AEAD)
+		if (c == NULL || (c->type == CIPHER_AEAD || c->type == CIPHER_STREAM))
 			return 0;
 
 		session->security_parameters.etm = 1;
@@ -106,7 +106,7 @@ _gnutls_ext_etm_send_params(gnutls_session_t session,
 		extension_priv_data_t epriv;
 
 		c = _gnutls_cipher_suite_get_cipher_algo(session->security_parameters.cipher_suite);
-		if (c == NULL || c->type == CIPHER_AEAD)
+		if (c == NULL || (c->type == CIPHER_AEAD || c->type == CIPHER_STREAM))
 			return 0;
 
 		ret = _gnutls_ext_get_session_data(session,
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 82abe270e3..ba8796bad7 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -303,7 +303,7 @@ compressed_to_ciphertext(gnutls_session_t session,
 	int auth_cipher =
 	    _gnutls_auth_cipher_is_aead(&params->write.cipher_state);
 	uint8_t nonce[MAX_CIPHER_BLOCK_SIZE];
-	unsigned imp_iv_size, exp_iv_size;
+	unsigned imp_iv_size = 0, exp_iv_size = 0;
 
 	if (unlikely(ver == NULL))
 		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
@@ -396,7 +396,7 @@ compressed_to_ciphertext(gnutls_session_t session,
 		cipher_data += exp_iv_size;
 	}
 
-	if (params->etm && algo_type != CIPHER_AEAD)
+	if (params->etm && algo_type == CIPHER_BLOCK)
 		ret = length-tag_size;
 	else
 		ret = compressed->size;
@@ -506,7 +506,7 @@ ciphertext_to_compressed(gnutls_session_t session,
 	blocksize = _gnutls_cipher_get_block_size(params->cipher);
 
 	/* if EtM mode and not AEAD */
-	if (params->etm !=0 && cipher_type != CIPHER_AEAD) {
+	if (params->etm !=0 && cipher_type == CIPHER_BLOCK) {
 		if (unlikely(ciphertext->size < tag_size))
 			return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
 
@@ -626,18 +626,16 @@ ciphertext_to_compressed(gnutls_session_t session,
 		/* Pass the type, version, length and compressed through
 		 * MAC.
 		 */
-		if (params->etm == 0) {
-			preamble_size =
-			    make_preamble(UINT64DATA(*sequence), type,
-					  length, ver, preamble);
+		preamble_size =
+		    make_preamble(UINT64DATA(*sequence), type,
+				  length, ver, preamble);
 
-			ret =
-			    _gnutls_auth_cipher_add_auth(&params->read.
-							 cipher_state, preamble,
-							 preamble_size);
-			if (unlikely(ret < 0))
-				return gnutls_assert_val(ret);
-		}
+		ret =
+		    _gnutls_auth_cipher_add_auth(&params->read.
+						 cipher_state, preamble,
+						 preamble_size);
+		if (unlikely(ret < 0))
+			return gnutls_assert_val(ret);
 
 		if (unlikely
 		    ((unsigned) length_to_decrypt > compressed->size)) {
@@ -780,7 +778,7 @@ ciphertext_to_compressed(gnutls_session_t session,
 		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 	}
 
-	if (params->etm ==0 && cipher_type != CIPHER_AEAD) {
+	if (params->etm == 0 || cipher_type != CIPHER_BLOCK) {
 		ret =
 		    _gnutls_auth_cipher_tag(&params->read.cipher_state, tag,
 					    tag_size);
diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c
index 8a7c6ff552..e3a40d1aec 100644
--- a/lib/gnutls_cipher_int.c
+++ b/lib/gnutls_cipher_int.c
@@ -253,7 +253,7 @@ int _gnutls_auth_cipher_encrypt2_tag(auth_cipher_hd_st * handle,
 		} else {
 			uint8_t *orig_ciphertext = ciphertext;
 
-			if (handle->etm == 0) {
+			if (handle->etm == 0 || handle->cipher.e->type != CIPHER_BLOCK) {
 				MAC(handle, text, textlen);
 			}
 
@@ -277,7 +277,7 @@ int _gnutls_auth_cipher_encrypt2_tag(auth_cipher_hd_st * handle,
 			if (ciphertext != text && textlen > 0)
 				memcpy(ciphertext, text, textlen);
 
-			if (handle->etm == 0) {
+			if (handle->etm == 0 || handle->cipher.e->type != CIPHER_BLOCK) {
 				ret =
 				    _gnutls_auth_cipher_tag(handle,
 							    ciphertext + textlen,
@@ -302,7 +302,7 @@ int _gnutls_auth_cipher_encrypt2_tag(auth_cipher_hd_st * handle,
 			if (ret < 0)
 				return gnutls_assert_val(ret);
 
-			if (handle->etm != 0) {
+			if (handle->etm != 0 && handle->cipher.e->type == CIPHER_BLOCK) {
 				MAC(handle, orig_ciphertext, l);
 				MAC(handle, ciphertext, textlen);
 
@@ -341,7 +341,7 @@ int _gnutls_auth_cipher_decrypt2(auth_cipher_hd_st * handle,
 	if (unlikely(ciphertextlen > textlen))
 		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 
-	if (handle->is_mac && handle->etm != 0) {
+	if (handle->is_mac && (handle->etm != 0 && handle->cipher.e->type == CIPHER_BLOCK)) {
 		/* The MAC is not to be hashed */
 		ciphertextlen -= handle->tag_size;
 
@@ -357,7 +357,7 @@ int _gnutls_auth_cipher_decrypt2(auth_cipher_hd_st * handle,
 	} else if (handle->non_null == 0 && text != ciphertext)
 		memcpy(text, ciphertext, ciphertextlen);
 
-	if (handle->is_mac && handle->etm == 0) {
+	if (handle->is_mac && (handle->etm == 0 || handle->cipher.e->type != CIPHER_BLOCK)) {
 		/* The MAC is not to be hashed */
 		ciphertextlen -= handle->tag_size;