mirror of https://github.com/wolfSSL/wolfssl.git
Merge branch 'timing'
commit
dc88a7e8eb
|
@ -107,6 +107,7 @@ enum CyaSSL_ErrorCodes {
|
||||||
SSL_NO_PEM_HEADER = -272, /* no PEM header found */
|
SSL_NO_PEM_HEADER = -272, /* no PEM header found */
|
||||||
OUT_OF_ORDER_E = -273, /* out of order message */
|
OUT_OF_ORDER_E = -273, /* out of order message */
|
||||||
BAD_KEA_TYPE_E = -274, /* bad KEA type found */
|
BAD_KEA_TYPE_E = -274, /* bad KEA type found */
|
||||||
|
SANITY_CIPHER_E = -275, /* sanity check on cipher error */
|
||||||
/* add strings to SetErrorString !!!!! */
|
/* add strings to SetErrorString !!!!! */
|
||||||
|
|
||||||
/* begin negotiation parameter errors */
|
/* begin negotiation parameter errors */
|
||||||
|
|
|
@ -3033,10 +3033,40 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* check cipher text size for sanity */
|
||||||
|
static int SanityCheckCipherText(CYASSL* ssl, word32 encryptSz)
|
||||||
|
{
|
||||||
|
word32 minLength = 0;
|
||||||
|
|
||||||
|
if (ssl->specs.cipher_type == block) {
|
||||||
|
if (encryptSz % ssl->specs.block_size) {
|
||||||
|
CYASSL_MSG("Block ciphertext not block size");
|
||||||
|
return SANITY_CIPHER_E;
|
||||||
|
}
|
||||||
|
minLength = ssl->specs.hash_size + 1; /* pad byte */
|
||||||
|
if (ssl->specs.block_size > minLength)
|
||||||
|
minLength = ssl->specs.block_size;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (encryptSz < minLength) {
|
||||||
|
CYASSL_MSG("Ciphertext not minimum size");
|
||||||
|
return SANITY_CIPHER_E;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* decrypt input message in place */
|
/* decrypt input message in place */
|
||||||
static int DecryptMessage(CYASSL* ssl, byte* input, word32 sz, word32* idx)
|
static int DecryptMessage(CYASSL* ssl, byte* input, word32 sz, word32* idx)
|
||||||
{
|
{
|
||||||
int decryptResult = Decrypt(ssl, input, input, sz);
|
int decryptResult;
|
||||||
|
int sanityResult = SanityCheckCipherText(ssl, sz);
|
||||||
|
|
||||||
|
if (sanityResult != 0)
|
||||||
|
return sanityResult;
|
||||||
|
|
||||||
|
decryptResult = Decrypt(ssl, input, input, sz);
|
||||||
|
|
||||||
if (decryptResult == 0)
|
if (decryptResult == 0)
|
||||||
{
|
{
|
||||||
|
@ -4552,6 +4582,10 @@ void SetErrorString(int error, char* str)
|
||||||
XSTRNCPY(str, "Bad KEA type found", max);
|
XSTRNCPY(str, "Bad KEA type found", max);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case SANITY_CIPHER_E:
|
||||||
|
XSTRNCPY(str, "Sanity check on ciphertext failed", max);
|
||||||
|
break;
|
||||||
|
|
||||||
default :
|
default :
|
||||||
XSTRNCPY(str, "unknown error number", max);
|
XSTRNCPY(str, "unknown error number", max);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue