diff options
author | Martin Willi <martin@revosec.ch> | 2011-09-28 17:00:48 +0200 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2011-09-28 17:16:09 +0200 |
commit | b79bb79a66a3fad05bddacbe67f93e22fd60c283 (patch) | |
tree | bfcd3bbf6fa44b9d3943a31b49ce46f7ed4d1c0b /src/libtls/tls_protection.c | |
parent | 21ee300d5cf5ff8d3b47dae8e36881f745286990 (diff) | |
download | strongswan-b79bb79a66a3fad05bddacbe67f93e22fd60c283.tar.bz2 strongswan-b79bb79a66a3fad05bddacbe67f93e22fd60c283.tar.xz |
Verify TLS MAC even if padding is invalid to prevent timing attacks
Diffstat (limited to 'src/libtls/tls_protection.c')
-rw-r--r-- | src/libtls/tls_protection.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/src/libtls/tls_protection.c b/src/libtls/tls_protection.c index e85ded016..dcc983b9c 100644 --- a/src/libtls/tls_protection.c +++ b/src/libtls/tls_protection.c @@ -154,13 +154,11 @@ METHOD(tls_protection_t, process, status_t, } padding_length = data.ptr[data.len - 1]; - if (padding_length >= data.len) - { - DBG1(DBG_TLS, "invalid TLS record padding"); - this->alert->add(this->alert, TLS_FATAL, TLS_BAD_RECORD_MAC); - return NEED_MORE; + if (padding_length < data.len) + { /* remove padding if it looks valid. Continue with no padding, try + * to prevent timing attacks. */ + data.len -= padding_length + 1; } - data.len -= padding_length + 1; } if (this->signer_in) { |