]> git.ipfire.org Git - thirdparty/hostap.git/commit
projects / thirdparty / hostap.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 26296a8) | patch
TLS: Add protection against record layer CBC attacks
authorJouni Malinen <j@w1.fi>
Sun, 25 Sep 2011 13:57:35 +0000 (16:57 +0300)
committerJouni Malinen <j@w1.fi>
Sun, 25 Sep 2011 13:57:35 +0000 (16:57 +0300)
commit85b7187ffc086a4e034d0cc0f1db5b1e051e43b1
treed0602a4037cb6f10e76bbb1880b00643bdab5182tree
parent26296a8a7c76ef9ec20159f3b9a2e8e708431757commit | diff
TLS: Add protection against record layer CBC attacks

Instead of using separate bad_record_mac and decryption_failed alerts,
use only bad_record_mac alert regardless of how the CBC decryption
failed. This provides less information to attackers that could modify
packets. In addition, instead of returning immediately on error, run
through the MAC check to make timing attacks more difficult.
src/tls/tlsv1_record.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.