base/SOURCES/gnutls-3.3.29-dummy-wait-ac...

diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c
index 0527ca4f1..a39acd49f 100644
--- a/lib/algorithms/mac.c
+++ b/lib/algorithms/mac.c
@@ -37,9 +37,9 @@ static const mac_entry_st hash_algorithms[] = {
 	{"SHA256", HASH_OID_SHA256, MAC_OID_SHA256, GNUTLS_MAC_SHA256, 32, 32, 0, 0, 1,
 	 64},
 	{"SHA384", HASH_OID_SHA384, MAC_OID_SHA384, GNUTLS_MAC_SHA384, 48, 48, 0, 0, 1,
-	 64},
+	 128},
 	{"SHA512", HASH_OID_SHA512, MAC_OID_SHA512, GNUTLS_MAC_SHA512, 64, 64, 0, 0, 1,
-	 64},
+	 128},
 	{"SHA224", HASH_OID_SHA224, MAC_OID_SHA224, GNUTLS_MAC_SHA224, 28, 28, 0, 0, 1,
 	 64},
 	{"UMAC-96", NULL, NULL, GNUTLS_MAC_UMAC_96, 12, 16, 8, 0, 1, 0},
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 58ce79775..37478a4c3 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -440,7 +440,7 @@ static void dummy_wait(record_parameters_st * params,
 {
 	/* this hack is only needed on CBC ciphers */
 	if (_gnutls_cipher_is_block(params->cipher) == CIPHER_BLOCK) {
-		unsigned len;
+		unsigned len, v;
 
 		/* force an additional hash compression function evaluation to prevent timing 
 		 * attacks that distinguish between wrong-mac + correct pad, from wrong-mac + incorrect pad.
@@ -448,11 +448,14 @@ static void dummy_wait(record_parameters_st * params,
 		if (pad_failed == 0 && pad > 0) {
 			len = _gnutls_mac_block_size(params->mac);
 			if (len > 0) {
-				/* This is really specific to the current hash functions.
-				 * It should be removed once a protocol fix is in place.
-				 */
-				if ((pad + total) % len > len - 9
-				    && total % len <= len - 9) {
+				if (params->mac && params->mac->id == GNUTLS_MAC_SHA384)
+					/* v = 1 for the hash function padding + 16 for message length */
+					v = 17;
+				else /* v = 1 for the hash function padding + 8 for message length */
+					v = 9;
+
+				if ((pad + total) % len > len - v
+				    && total % len <= len - v) {
 					if (len < plaintext->size)
 						_gnutls_auth_cipher_add_auth
 						    (&params->read.
-- 
2.14.3
gnutls package update Signed-off-by: basebuilder_pel7ppc64lebuilder0 <basebuilder@powerel.org> 5 years ago			`diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c`
			`index 0527ca4f1..a39acd49f 100644`
			`--- a/lib/algorithms/mac.c`
			`+++ b/lib/algorithms/mac.c`
			`@@ -37,9 +37,9 @@ static const mac_entry_st hash_algorithms[] = {`
			`{"SHA256", HASH_OID_SHA256, MAC_OID_SHA256, GNUTLS_MAC_SHA256, 32, 32, 0, 0, 1,`
			`64},`
			`{"SHA384", HASH_OID_SHA384, MAC_OID_SHA384, GNUTLS_MAC_SHA384, 48, 48, 0, 0, 1,`
			`- 64},`
			`+ 128},`
			`{"SHA512", HASH_OID_SHA512, MAC_OID_SHA512, GNUTLS_MAC_SHA512, 64, 64, 0, 0, 1,`
			`- 64},`
			`+ 128},`
			`{"SHA224", HASH_OID_SHA224, MAC_OID_SHA224, GNUTLS_MAC_SHA224, 28, 28, 0, 0, 1,`
			`64},`
			`{"UMAC-96", NULL, NULL, GNUTLS_MAC_UMAC_96, 12, 16, 8, 0, 1, 0},`
			`diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c`
			`index 58ce79775..37478a4c3 100644`
			`--- a/lib/gnutls_cipher.c`
			`+++ b/lib/gnutls_cipher.c`
			`@@ -440,7 +440,7 @@ static void dummy_wait(record_parameters_st * params,`
			`{`
			`/* this hack is only needed on CBC ciphers */`
			`if (_gnutls_cipher_is_block(params->cipher) == CIPHER_BLOCK) {`
			`- unsigned len;`
			`+ unsigned len, v;`

			`/* force an additional hash compression function evaluation to prevent timing`
			`* attacks that distinguish between wrong-mac + correct pad, from wrong-mac + incorrect pad.`
			`@@ -448,11 +448,14 @@ static void dummy_wait(record_parameters_st * params,`
			`if (pad_failed == 0 && pad > 0) {`
			`len = _gnutls_mac_block_size(params->mac);`
			`if (len > 0) {`
			`- /* This is really specific to the current hash functions.`
			`- * It should be removed once a protocol fix is in place.`
			`- */`
			`- if ((pad + total) % len > len - 9`
			`- && total % len <= len - 9) {`
			`+ if (params->mac && params->mac->id == GNUTLS_MAC_SHA384)`
			`+ /* v = 1 for the hash function padding + 16 for message length */`
			`+ v = 17;`
			`+ else /* v = 1 for the hash function padding + 8 for message length */`
			`+ v = 9;`
			`+`
			`+ if ((pad + total) % len > len - v`
			`+ && total % len <= len - v) {`
			`if (len < plaintext->size)`
			`_gnutls_auth_cipher_add_auth`
			`(&params->read.`
			`--`
			`2.14.3`