]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
projects / thirdparty / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 21ee300)
Verify TLS MAC even if padding is invalid to prevent timing attacks
authorMartin Willi <martin@revosec.ch>
Wed, 28 Sep 2011 15:00:48 +0000 (17:00 +0200)
committerMartin Willi <martin@revosec.ch>
Wed, 28 Sep 2011 15:16:09 +0000 (17:16 +0200)
src/libtls/tls_protection.c patch | blob | blame | history

diff --git a/src/libtls/tls_protection.c b/src/libtls/tls_protection.c
index e85ded016d8506600035299db084fddeb335ee77..dcc983b9c20bd5a3210231e4bee537e1bee18841 100644 (file)
--- a/src/libtls/tls_protection.c
+++ b/src/libtls/tls_protection.c
@@ -154,13 +154,11 @@ METHOD(tls_protection_t, process, status_t,
                }
 
                padding_length = data.ptr[data.len - 1];
-               if (padding_length >= data.len)
-               {
-                       DBG1(DBG_TLS, "invalid TLS record padding");
-                       this->alert->add(this->alert, TLS_FATAL, TLS_BAD_RECORD_MAC);
-                       return NEED_MORE;
+               if (padding_length < data.len)
+               {       /* remove padding if it looks valid. Continue with no padding, try
+                        * to prevent timing attacks. */
+                       data.len -= padding_length + 1;
                }
-               data.len -= padding_length + 1;
        }
        if (this->signer_in)
        {
Unnamed repository; edit this file 'description' to name the repository.