]> granicus.if.org Git - openssl/commitdiff
evp/e_aes_cbc_hmac_sha*.c: additional CTRL to query buffer requirements.
authorAndy Polyakov <appro@openssl.org>
Wed, 5 Feb 2014 13:05:08 +0000 (14:05 +0100)
committerAndy Polyakov <appro@openssl.org>
Wed, 5 Feb 2014 13:05:08 +0000 (14:05 +0100)
crypto/evp/e_aes_cbc_hmac_sha1.c
crypto/evp/e_aes_cbc_hmac_sha256.c
crypto/evp/evp.h

index 730842047f8bc3b5f73fe82155e9b564fe4e9d4c..b14d8371c82a513863b88263f1e611f5133f659a 100644 (file)
@@ -775,6 +775,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void
                        }
                }
 #if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+       case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE:
+               return (int)(5+16+((arg+20+16)&-16));
        case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD:
                {
                EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param =
@@ -791,10 +793,17 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void
                        if ((param->inp[9]<<8|param->inp[10]) < TLS1_1_VERSION)
                                return -1;
 
-                       if (inp_len<4096) return 0;     /* too short */
+                       if (inp_len)
+                               {
+                               if (inp_len<4096) return 0;     /* too short */
 
-                       if (inp_len>=8192 && OPENSSL_ia32cap_P[2]&(1<<5))
-                               n4x=2;  /* AVX2 */
+                               if (inp_len>=8192 && OPENSSL_ia32cap_P[2]&(1<<5))
+                                       n4x=2;  /* AVX2 */
+                               }
+                       else if ((n4x=param->interleave/4) && n4x<=2)
+                               inp_len = param->len;
+                       else
+                               return -1;
 
                        key->md = key->head;
                        SHA1_Update(&key->md,param->inp,13);
index 8470bb96b815bc1514e09285465896604e6b8d75..01823d201e3af80ad735c835b8b6390e4df26700 100644 (file)
@@ -728,6 +728,8 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, vo
                        }
                }
 #if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+       case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE:
+               return (int)(5+16+((arg+32+16)&-16));
        case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD:
                {
                EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param =
@@ -744,10 +746,17 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, vo
                        if ((param->inp[9]<<8|param->inp[10]) < TLS1_1_VERSION)
                                return -1;
 
-                       if (inp_len<4096) return 0;     /* too short */
+                       if (inp_len)
+                               {
+                               if (inp_len<4096) return 0;     /* too short */
 
-                       if (inp_len>=8192 && OPENSSL_ia32cap_P[2]&(1<<5))
-                               n4x=2;  /* AVX2 */
+                               if (inp_len>=8192 && OPENSSL_ia32cap_P[2]&(1<<5))
+                                       n4x=2;  /* AVX2 */
+                               }
+                       else if ((n4x=param->interleave/4) && n4x<=2)
+                               inp_len = param->len;
+                       else
+                               return -1;
 
                        key->md = key->head;
                        SHA256_Update(&key->md,param->inp,13);
index a5aa4c87fcebe649f0182b09705a6472a6558ff9..94d1dc863b2b3a298d05032597bfb83f97a10e5b 100644 (file)
@@ -413,6 +413,7 @@ struct evp_cipher_st
 #define                EVP_CTRL_TLS1_1_MULTIBLOCK_AAD  0x19
 #define                EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT      0x1a
 #define                EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT      0x1b
+#define                EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE  0x1c
 
 typedef struct {
        unsigned char *out;