feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge branch 'master' of github.com:cyassl/cyassl

Browse Source
This commit is contained in:
John Safranek
2012-12-26 10:40:28 -08:00
parent 831c760edc 59419bef89
commit 6913a46331
5 changed files with 47 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile.am
View File

@ -33,6 +33,7 @@ EXTRA_DIST+= cyassl.vcproj
EXTRA_DIST+= cyassl-iphone.xcodeproj/project.pbxproj EXTRA_DIST+= cyassl-iphone.xcodeproj/project.pbxproj
EXTRA_DIST+= cyassl-ntru.sln EXTRA_DIST+= cyassl-ntru.sln
EXTRA_DIST+= cyassl.sln EXTRA_DIST+= cyassl.sln
EXTRA_DIST+= valgrind-error.sh
include cyassl/include.am include cyassl/include.am
include certs/include.am include certs/include.am

1
cyassl/error.h
View File

@ -107,6 +107,7 @@ enum CyaSSL_ErrorCodes {
SSL_NO_PEM_HEADER = -272, /* no PEM header found */ SSL_NO_PEM_HEADER = -272, /* no PEM header found */
OUT_OF_ORDER_E = -273, /* out of order message */ OUT_OF_ORDER_E = -273, /* out of order message */
BAD_KEA_TYPE_E = -274, /* bad KEA type found */ BAD_KEA_TYPE_E = -274, /* bad KEA type found */
SANITY_CIPHER_E = -275, /* sanity check on cipher error */
/* add strings to SetErrorString !!!!! */ /* add strings to SetErrorString !!!!! */
/* begin negotiation parameter errors */ /* begin negotiation parameter errors */

2
m4/ax_pthread.m4
View File

@ -159,7 +159,7 @@ case ${host_os} in
ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags" ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags"
;; ;;
darwin12*) darwin12* | darwin11.4*)
ax_pthread_flags="$ax_pthread_flags" ax_pthread_flags="$ax_pthread_flags"
;; ;;

45
src/internal.c
View File

@ -3033,10 +3033,49 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
} }
/* check cipher text size for sanity */
static int SanityCheckCipherText(CYASSL* ssl, word32 encryptSz)
{
word32 minLength = 0;
if (ssl->specs.cipher_type == block) {
if (encryptSz % ssl->specs.block_size) {
CYASSL_MSG("Block ciphertext not block size");
return SANITY_CIPHER_E;
}
minLength = ssl->specs.hash_size + 1; /* pad byte */
if (ssl->specs.block_size > minLength)
minLength = ssl->specs.block_size;
if (ssl->options.tls1_1)
minLength += ssl->specs.block_size; /* explicit IV */
}
else if (ssl->specs.cipher_type == stream) {
minLength = ssl->specs.hash_size;
}
else if (ssl->specs.cipher_type == aead) {
minLength = ssl->specs.block_size; /* actual min? */
}
if (encryptSz < minLength) {
CYASSL_MSG("Ciphertext not minimum size");
return SANITY_CIPHER_E;
}
return 0;
}
/* decrypt input message in place */ /* decrypt input message in place */
static int DecryptMessage(CYASSL* ssl, byte* input, word32 sz, word32* idx) static int DecryptMessage(CYASSL* ssl, byte* input, word32 sz, word32* idx)
{ {
int decryptResult = Decrypt(ssl, input, input, sz); int decryptResult;
int sanityResult = SanityCheckCipherText(ssl, sz);
if (sanityResult != 0)
return sanityResult;
decryptResult = Decrypt(ssl, input, input, sz);
if (decryptResult == 0) if (decryptResult == 0)
{ {
@ -4552,6 +4591,10 @@ void SetErrorString(int error, char* str)
XSTRNCPY(str, "Bad KEA type found", max); XSTRNCPY(str, "Bad KEA type found", max);
break; break;
case SANITY_CIPHER_E:
XSTRNCPY(str, "Sanity check on ciphertext failed", max);
break;
default : default :
XSTRNCPY(str, "unknown error number", max); XSTRNCPY(str, "unknown error number", max);
} }

5
tests/api.c
View File

@ -685,11 +685,6 @@ void test_client_nofail(void* args)
int input; int input;
int msgSz = (int)strlen(msg); int msgSz = (int)strlen(msg);
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
(void)argc;
(void)argv;
((func_args*)args)->return_code = TEST_FAIL; ((func_args*)args)->return_code = TEST_FAIL;
method = CyaSSLv23_client_method(); method = CyaSSLv23_client_method();
ctx = CyaSSL_CTX_new(method); ctx = CyaSSL_CTX_new(method);