diff options
| author | Michael Brown <mcb30@ipxe.org> | 2022-11-08 15:10:25 +0000 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2022-11-08 15:14:06 +0000 |
| commit | 186306d6199096b7a7c4b4574d4be8cdb8426729 (patch) | |
| tree | 6cf369ae4a95f936ebdef95284caa64c7f0db025 | |
| parent | 634a86093af9a6d134be8662f25616f4edfec683 (diff) | |
| download | ipxe-186306d6199096b7a7c4b4574d4be8cdb8426729.tar.gz | |
[tls] Treat invalid block padding as zero length padding
Harden against padding oracle attacks by treating invalid block
padding as zero length padding, thereby deferring the failure until
after computing the (incorrect) MAC.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
| -rw-r--r-- | src/net/tls.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/net/tls.c b/src/net/tls.c index fdaa2190d..8a3ac3eed 100644 --- a/src/net/tls.c +++ b/src/net/tls.c @@ -2821,8 +2821,8 @@ static int tls_new_ciphertext ( struct tls_connection *tls, if ( is_block_cipher ( cipher ) ) { pad_len = tls_verify_padding ( tls, last ); if ( pad_len < 0 ) { - rc = pad_len; - return rc; + /* Assume zero padding length to avoid timing attacks */ + pad_len = 0; } iob_unput ( last, pad_len ); len -= pad_len; |