Merge branch 'master' of github.com:cyassl/cyassl
This commit is contained in:
John Safranek
commit
6913a46331
@ -33,6 +33,7 @@ EXTRA_DIST+= cyassl.vcproj
|
||||
EXTRA_DIST+= cyassl-iphone.xcodeproj/project.pbxproj
|
||||
EXTRA_DIST+= cyassl-ntru.sln
|
||||
EXTRA_DIST+= cyassl.sln
|
||||
EXTRA_DIST+= valgrind-error.sh
|
||||
|
||||
include cyassl/include.am
|
||||
include certs/include.am
|
||||
|
||||
@ -107,6 +107,7 @@ enum CyaSSL_ErrorCodes {
|
||||
SSL_NO_PEM_HEADER = -272, /* no PEM header found */
|
||||
OUT_OF_ORDER_E = -273, /* out of order message */
|
||||
BAD_KEA_TYPE_E = -274, /* bad KEA type found */
|
||||
SANITY_CIPHER_E = -275, /* sanity check on cipher error */
|
||||
/* add strings to SetErrorString !!!!! */
|
||||
|
||||
/* begin negotiation parameter errors */
|
||||
|
||||
@ -159,7 +159,7 @@ case ${host_os} in
|
||||
ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags"
|
||||
;;
|
||||
|
||||
darwin12*)
|
||||
darwin12* | darwin11.4*)
|
||||
ax_pthread_flags="$ax_pthread_flags"
|
||||
;;
|
||||
|
||||
|
||||
@ -3033,10 +3033,49 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
|
||||
}
|
||||
|
||||
|
||||
/* check cipher text size for sanity */
|
||||
static int SanityCheckCipherText(CYASSL* ssl, word32 encryptSz)
|
||||
{
|
||||
word32 minLength = 0;
|
||||
|
||||
if (ssl->specs.cipher_type == block) {
|
||||
if (encryptSz % ssl->specs.block_size) {
|
||||
CYASSL_MSG("Block ciphertext not block size");
|
||||
return SANITY_CIPHER_E;
|
||||
}
|
||||
minLength = ssl->specs.hash_size + 1; /* pad byte */
|
||||
if (ssl->specs.block_size > minLength)
|
||||
minLength = ssl->specs.block_size;
|
||||
|
||||
if (ssl->options.tls1_1)
|
||||
minLength += ssl->specs.block_size; /* explicit IV */
|
||||
}
|
||||
else if (ssl->specs.cipher_type == stream) {
|
||||
minLength = ssl->specs.hash_size;
|
||||
}
|
||||
else if (ssl->specs.cipher_type == aead) {
|
||||
minLength = ssl->specs.block_size; /* actual min? */
|
||||
}
|
||||
|
||||
if (encryptSz < minLength) {
|
||||
CYASSL_MSG("Ciphertext not minimum size");
|
||||
return SANITY_CIPHER_E;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* decrypt input message in place */
|
||||
static int DecryptMessage(CYASSL* ssl, byte* input, word32 sz, word32* idx)
|
||||
{
|
||||
int decryptResult = Decrypt(ssl, input, input, sz);
|
||||
int decryptResult;
|
||||
int sanityResult = SanityCheckCipherText(ssl, sz);
|
||||
|
||||
if (sanityResult != 0)
|
||||
return sanityResult;
|
||||
|
||||
decryptResult = Decrypt(ssl, input, input, sz);
|
||||
|
||||
if (decryptResult == 0)
|
||||
{
|
||||
@ -4552,6 +4591,10 @@ void SetErrorString(int error, char* str)
|
||||
XSTRNCPY(str, "Bad KEA type found", max);
|
||||
break;
|
||||
|
||||
case SANITY_CIPHER_E:
|
||||
XSTRNCPY(str, "Sanity check on ciphertext failed", max);
|
||||
break;
|
||||
|
||||
default :
|
||||
XSTRNCPY(str, "unknown error number", max);
|
||||
}
|
||||
|
||||
@ -685,11 +685,6 @@ void test_client_nofail(void* args)
|
||||
int input;
|
||||
int msgSz = (int)strlen(msg);
|
||||
|
||||
int argc = ((func_args*)args)->argc;
|
||||
char** argv = ((func_args*)args)->argv;
|
||||
(void)argc;
|
||||
(void)argv;
|
||||
|
||||
((func_args*)args)->return_code = TEST_FAIL;
|
||||
method = CyaSSLv23_client_method();
|
||||
ctx = CyaSSL_CTX_new(method);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user