|
 |
17c662 |
diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c
|
|
|
17c662 |
index 0527ca4f1..a39acd49f 100644
|
|
|
17c662 |
--- a/lib/algorithms/mac.c
|
|
|
17c662 |
+++ b/lib/algorithms/mac.c
|
|
|
17c662 |
@@ -37,9 +37,9 @@ static const mac_entry_st hash_algorithms[] = {
|
|
|
17c662 |
{"SHA256", HASH_OID_SHA256, MAC_OID_SHA256, GNUTLS_MAC_SHA256, 32, 32, 0, 0, 1,
|
|
|
17c662 |
64},
|
|
|
17c662 |
{"SHA384", HASH_OID_SHA384, MAC_OID_SHA384, GNUTLS_MAC_SHA384, 48, 48, 0, 0, 1,
|
|
|
17c662 |
- 64},
|
|
|
17c662 |
+ 128},
|
|
|
17c662 |
{"SHA512", HASH_OID_SHA512, MAC_OID_SHA512, GNUTLS_MAC_SHA512, 64, 64, 0, 0, 1,
|
|
|
17c662 |
- 64},
|
|
|
17c662 |
+ 128},
|
|
|
17c662 |
{"SHA224", HASH_OID_SHA224, MAC_OID_SHA224, GNUTLS_MAC_SHA224, 28, 28, 0, 0, 1,
|
|
|
17c662 |
64},
|
|
|
17c662 |
{"UMAC-96", NULL, NULL, GNUTLS_MAC_UMAC_96, 12, 16, 8, 0, 1, 0},
|
|
|
17c662 |
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
|
|
|
17c662 |
index 58ce79775..37478a4c3 100644
|
|
|
17c662 |
--- a/lib/gnutls_cipher.c
|
|
|
17c662 |
+++ b/lib/gnutls_cipher.c
|
|
|
17c662 |
@@ -440,7 +440,7 @@ static void dummy_wait(record_parameters_st * params,
|
|
|
17c662 |
{
|
|
|
17c662 |
/* this hack is only needed on CBC ciphers */
|
|
|
17c662 |
if (_gnutls_cipher_is_block(params->cipher) == CIPHER_BLOCK) {
|
|
|
17c662 |
- unsigned len;
|
|
|
17c662 |
+ unsigned len, v;
|
|
|
17c662 |
|
|
|
17c662 |
/* force an additional hash compression function evaluation to prevent timing
|
|
|
17c662 |
* attacks that distinguish between wrong-mac + correct pad, from wrong-mac + incorrect pad.
|
|
|
17c662 |
@@ -448,11 +448,14 @@ static void dummy_wait(record_parameters_st * params,
|
|
|
17c662 |
if (pad_failed == 0 && pad > 0) {
|
|
|
17c662 |
len = _gnutls_mac_block_size(params->mac);
|
|
|
17c662 |
if (len > 0) {
|
|
|
17c662 |
- /* This is really specific to the current hash functions.
|
|
|
17c662 |
- * It should be removed once a protocol fix is in place.
|
|
|
17c662 |
- */
|
|
|
17c662 |
- if ((pad + total) % len > len - 9
|
|
|
17c662 |
- && total % len <= len - 9) {
|
|
|
17c662 |
+ if (params->mac && params->mac->id == GNUTLS_MAC_SHA384)
|
|
|
17c662 |
+ /* v = 1 for the hash function padding + 16 for message length */
|
|
|
17c662 |
+ v = 17;
|
|
|
17c662 |
+ else /* v = 1 for the hash function padding + 8 for message length */
|
|
|
17c662 |
+ v = 9;
|
|
|
17c662 |
+
|
|
|
17c662 |
+ if ((pad + total) % len > len - v
|
|
|
17c662 |
+ && total % len <= len - v) {
|
|
|
17c662 |
if (len < plaintext->size)
|
|
|
17c662 |
_gnutls_auth_cipher_add_auth
|
|
|
17c662 |
(¶ms->read.
|
|
|
17c662 |
--
|
|
|
17c662 |
2.14.3
|
|
|
17c662 |
|