diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-06-12 14:29:57 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-06-13 11:49:31 +0200 |
commit | 62a39773e9d0c4a686a3d8d2b6cca32f82c26cd7 (patch) | |
tree | cc28aaf7b544dccbcc2d6f1edc3bd24643e8a783 | |
parent | c2e094acd68f7159025b2e2556d6fb4427b41dd7 (diff) | |
download | gnutls-62a39773e9d0c4a686a3d8d2b6cca32f82c26cd7.tar.gz |
cbc_mac_verify: require minimum padding under SSL3.0
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/cipher.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/cipher.c b/lib/cipher.c index 287f2e8c8a..8e7bd8227d 100644 --- a/lib/cipher.c +++ b/lib/cipher.c @@ -747,8 +747,12 @@ ciphertext_to_compressed(gnutls_session_t session, * because there is a timing channel in that memory access (in certain CPUs). */ #ifdef ENABLE_SSL3 - if (ver->id != GNUTLS_SSL3) + if (ver->id == GNUTLS_SSL3) { + if (pad >= blocksize) + pad_failed = 1; + } else #endif + { for (i = 2; i <= MIN(256, ciphertext->size); i++) { tmp_pad_failed |= (compressed-> @@ -756,6 +760,7 @@ ciphertext_to_compressed(gnutls_session_t session, pad_failed |= ((i <= (1 + pad)) & (tmp_pad_failed)); } + } if (unlikely (pad_failed != 0 |