From: Michael Brown <mcb30@ipxe.org>
Date: Tue, 8 Nov 2022 15:10:25 +0000 (+0000)
Subject: [tls] Treat invalid block padding as zero length padding
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=186306d6199096b7a7c4b4574d4be8cdb8426729;p=thirdparty%2Fipxe.git

[tls] Treat invalid block padding as zero length padding

Harden against padding oracle attacks by treating invalid block
padding as zero length padding, thereby deferring the failure until
after computing the (incorrect) MAC.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---

diff --git a/src/net/tls.c b/src/net/tls.c
index fdaa2190d..8a3ac3eed 100644
--- a/src/net/tls.c
+++ b/src/net/tls.c
@@ -2821,8 +2821,8 @@ static int tls_new_ciphertext ( struct tls_connection *tls,
 	if ( is_block_cipher ( cipher ) ) {
 		pad_len = tls_verify_padding ( tls, last );
 		if ( pad_len < 0 ) {
-			rc = pad_len;
-			return rc;
+			/* Assume zero padding length to avoid timing attacks */
+			pad_len = 0;
 		}
 		iob_unput ( last, pad_len );
 		len -= pad_len;