aboutsummaryrefslogtreecommitdiffstats
path: root/src/libtls/tls_protection.c
diff options
context:
space:
mode:
authorMartin Willi <martin@revosec.ch>2011-09-28 17:00:48 +0200
committerMartin Willi <martin@revosec.ch>2011-09-28 17:16:09 +0200
commitb79bb79a66a3fad05bddacbe67f93e22fd60c283 (patch)
treebfcd3bbf6fa44b9d3943a31b49ce46f7ed4d1c0b /src/libtls/tls_protection.c
parent21ee300d5cf5ff8d3b47dae8e36881f745286990 (diff)
downloadstrongswan-b79bb79a66a3fad05bddacbe67f93e22fd60c283.tar.bz2
strongswan-b79bb79a66a3fad05bddacbe67f93e22fd60c283.tar.xz
Verify TLS MAC even if padding is invalid to prevent timing attacks
Diffstat (limited to 'src/libtls/tls_protection.c')
-rw-r--r--src/libtls/tls_protection.c10
1 files changed, 4 insertions, 6 deletions
diff --git a/src/libtls/tls_protection.c b/src/libtls/tls_protection.c
index e85ded016..dcc983b9c 100644
--- a/src/libtls/tls_protection.c
+++ b/src/libtls/tls_protection.c
@@ -154,13 +154,11 @@ METHOD(tls_protection_t, process, status_t,
}
padding_length = data.ptr[data.len - 1];
- if (padding_length >= data.len)
- {
- DBG1(DBG_TLS, "invalid TLS record padding");
- this->alert->add(this->alert, TLS_FATAL, TLS_BAD_RECORD_MAC);
- return NEED_MORE;
+ if (padding_length < data.len)
+ { /* remove padding if it looks valid. Continue with no padding, try
+ * to prevent timing attacks. */
+ data.len -= padding_length + 1;
}
- data.len -= padding_length + 1;
}
if (this->signer_in)
{