e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag

author Andy Polyakov <appro@openssl.org>

Sun, 15 Apr 2012 14:14:22 +0000 (14:14 +0000)

committer Andy Polyakov <appro@openssl.org>

Sun, 15 Apr 2012 14:14:22 +0000 (14:14 +0000)
author Andy Polyakov <appro@openssl.org>
Sun, 15 Apr 2012 14:14:22 +0000 (14:14 +0000)
committer Andy Polyakov <appro@openssl.org>
Sun, 15 Apr 2012 14:14:22 +0000 (14:14 +0000)
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c

index 43fc26d0d164814cefc5500161ff1ae36ea523ee..a5034d72c0f2d099d350f9bd33c5e30b9a919c38 100644 (file)
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -82,6 +82,8 @@ typedef struct
      } aux;
      } EVP_AES_HMAC_SHA1;
  
+#define NO_PAYLOAD_LENGTH      ((size_t)-1)
+
  #if    defined(AES_ASM) &&     ( \
         defined(__x86_64)       || defined(__x86_64__)  || \
         defined(_M_AMD64)       || defined(_M_X64)      || \
@@ -123,7 +125,7 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
         key->tail = key->head;
         key->md   = key->head;
  
-       key->payload_length = 0;
+       key->payload_length = NO_PAYLOAD_LENGTH;
  
         return ret<0?0:1;
         }
@@ -184,7 +186,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         if (len%AES_BLOCK_SIZE) return 0;
  
         if (ctx->encrypt) {
-               if (plen==0)
+               if (plen==NO_PAYLOAD_LENGTH)
                         plen = len;
                 else if (len!=((plen+SHA_DIGEST_LENGTH+AES_BLOCK_SIZE)&-AES_BLOCK_SIZE))
                         return 0;
@@ -270,7 +272,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 }
         }
  
-       key->payload_length = 0;
+       key->payload_length = NO_PAYLOAD_LENGTH;
  
         return 1;
         }
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c

index b2d9b1683b1b203a8bb9f56b520f5ca52cebf457..ca5412dc2a4c15dfc7e0baf8f0986b8fd6c2a00c 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -664,10 +664,14 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
         if (    (sess == NULL) ||
                 (s->enc_write_ctx == NULL) ||
                 (EVP_MD_CTX_md(s->write_hash) == NULL))
+               {
+#if 1
+               clear=s->enc_write_ctx?0:1;     /* must be AEAD cipher */
+#else
                 clear=1;
-
-       if (clear)
+#endif
                 mac_size=0;
+               }
         else
                 {
                 mac_size=EVP_MD_CTX_size(s->write_hash);
author	Andy Polyakov <appro@openssl.org>
	Sun, 15 Apr 2012 14:14:22 +0000 (14:14 +0000)
committer	Andy Polyakov <appro@openssl.org>
	Sun, 15 Apr 2012 14:14:22 +0000 (14:14 +0000)
crypto/evp/e_aes_cbc_hmac_sha1.c		patch \| blob \| history
ssl/s3_pkt.c		patch \| blob \| history