Blob Blame History Raw
diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c
index 0527ca4f1..a39acd49f 100644
--- a/lib/algorithms/mac.c
+++ b/lib/algorithms/mac.c
@@ -37,9 +37,9 @@ static const mac_entry_st hash_algorithms[] = {
 	{"SHA256", HASH_OID_SHA256, MAC_OID_SHA256, GNUTLS_MAC_SHA256, 32, 32, 0, 0, 1,
 	 64},
 	{"SHA384", HASH_OID_SHA384, MAC_OID_SHA384, GNUTLS_MAC_SHA384, 48, 48, 0, 0, 1,
-	 64},
+	 128},
 	{"SHA512", HASH_OID_SHA512, MAC_OID_SHA512, GNUTLS_MAC_SHA512, 64, 64, 0, 0, 1,
-	 64},
+	 128},
 	{"SHA224", HASH_OID_SHA224, MAC_OID_SHA224, GNUTLS_MAC_SHA224, 28, 28, 0, 0, 1,
 	 64},
 	{"UMAC-96", NULL, NULL, GNUTLS_MAC_UMAC_96, 12, 16, 8, 0, 1, 0},
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 58ce79775..37478a4c3 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -440,7 +440,7 @@ static void dummy_wait(record_parameters_st * params,
 {
 	/* this hack is only needed on CBC ciphers */
 	if (_gnutls_cipher_is_block(params->cipher) == CIPHER_BLOCK) {
-		unsigned len;
+		unsigned len, v;
 
 		/* force an additional hash compression function evaluation to prevent timing 
 		 * attacks that distinguish between wrong-mac + correct pad, from wrong-mac + incorrect pad.
@@ -448,11 +448,14 @@ static void dummy_wait(record_parameters_st * params,
 		if (pad_failed == 0 && pad > 0) {
 			len = _gnutls_mac_block_size(params->mac);
 			if (len > 0) {
-				/* This is really specific to the current hash functions.
-				 * It should be removed once a protocol fix is in place.
-				 */
-				if ((pad + total) % len > len - 9
-				    && total % len <= len - 9) {
+				if (params->mac && params->mac->id == GNUTLS_MAC_SHA384)
+					/* v = 1 for the hash function padding + 16 for message length */
+					v = 17;
+				else /* v = 1 for the hash function padding + 8 for message length */
+					v = 9;
+
+				if ((pad + total) % len > len - v
+				    && total % len <= len - v) {
 					if (len < plaintext->size)
 						_gnutls_auth_cipher_add_auth
 						    (&params->read.
-- 
2.14.3