lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Removed possible cache-timing difference for pad check

Browse Source
This commit is contained in:
Paul Bakker
2013-09-25 18:52:37 +02:00
parent 8b817dc47e
commit ca9c87ed2b
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
library/ssl_tls.c
View File

@ -1510,17 +1510,17 @@ static int ssl_decrypt_buf( ssl_context *ssl )
* TLSv1+: always check the padding up to the first failure * TLSv1+: always check the padding up to the first failure
* and fake check up to 256 bytes of padding * and fake check up to 256 bytes of padding
*/ */
size_t pad_count = 0, fake_pad_count = 0; size_t pad_count = 0, real_count = 1;
size_t padding_idx = ssl->in_msglen - padlen - 1; size_t padding_idx = ssl->in_msglen - padlen - 1;
for( i = 1; i <= padlen; i++ ) for( i = 1; i <= 256; i++ )
pad_count += ( ssl->in_msg[padding_idx + i] == padlen - 1 ); {
real_count &= ( i <= padlen );
for( ; i <= 256; i++ ) pad_count += real_count *
fake_pad_count += ( ssl->in_msg[padding_idx + i] == padlen - 1 ); ( ssl->in_msg[padding_idx + i] == padlen - 1 );
}
correct &= ( pad_count == padlen ); /* Only 1 on correct padding */ correct &= ( pad_count == padlen ); /* Only 1 on correct padding */
correct &= ( pad_count + fake_pad_count < 512 ); /* Always 1 */
#if defined(POLARSSL_SSL_DEBUG_ALL) #if defined(POLARSSL_SSL_DEBUG_ALL)
if( padlen > 0 && correct == 0) if( padlen > 0 && correct == 0)