feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

TLS_hmac: when no raw hash, make sure maxSz is not neg

Browse Source 
When padding byte is invalid, the maxSz can be negative.
Make maxSz 0 in this case so that blocks doesn't get very large and
cause delays.
This commit is contained in:
Sean Parkinson
2023-11-23 09:51:44 +10:00
parent 0306d07c47
commit bc36202087
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/tls.c
View File

@@ -1139,6 +1139,8 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in,
msgSz &= ~(0 - (msgSz >> 31)); msgSz &= ~(0 - (msgSz >> 31));
realSz = WOLFSSL_TLS_HMAC_INNER_SZ + msgSz; realSz = WOLFSSL_TLS_HMAC_INNER_SZ + msgSz;
maxSz = WOLFSSL_TLS_HMAC_INNER_SZ + (sz - 1) - macSz; maxSz = WOLFSSL_TLS_HMAC_INNER_SZ + (sz - 1) - macSz;
/* Make negative result 0 */
maxSz &= ~(0 - (maxSz >> 31));
/* Calculate #blocks processed in HMAC for max and real data. */ /* Calculate #blocks processed in HMAC for max and real data. */
blocks = maxSz >> blockBits; blocks = maxSz >> blockBits;