diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-03-03 16:08:21 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-03-03 16:08:21 +0000 |
commit | 2fbcfbc3c3039b311c3c80650da5e00a9e9b5952 (patch) | |
tree | 4b9a2ed886e5cba993a451c5415dd779c1080430 | |
parent | 12f135e099a570991ace460a83a291a136604c71 (diff) | |
download | gnutls-2fbcfbc3c3039b311c3c80650da5e00a9e9b5952.tar.gz |
Added protection against the new TLS 1.0 record layer timing attack.
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | lib/gnutls_cipher.c | 16 | ||||
-rw-r--r-- | lib/gnutls_cipher_int.c | 4 |
3 files changed, 18 insertions, 6 deletions
@@ -15,6 +15,10 @@ Version 0.9.0 can now hold only one temporary parameter of a kind. - Added a new Certificate, CRL, Private key and PKCS7 structures handling API, defined in gnutls/x509.h +- Added gnutls_certificate_set_verify_flags() function to allow setting the + verification flags in the credentials structure. They will be used in the + *verify_peers functions. +- Added protection against the new TLS 1.0 record layer timing attack. - Added support for Certificate revocation lists. Functions defined in gnutls/x509.h - The only functions were removed are: diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index 69787242a6..c31ac04da5 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos + * Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos * * This file is part of GNUTLS. * @@ -336,7 +336,7 @@ int _gnutls_ciphertext2compressed(gnutls_session session, uint16 length; GNUTLS_MAC_HANDLE td; uint16 blocksize; - int ret, i; + int ret, i, pad_failed = 0; uint8 major, minor; gnutls_protocol_version ver; int hash_size = _gnutls_mac_get_digest_size(session->security_parameters.read_mac_algorithm); @@ -398,7 +398,10 @@ int _gnutls_ciphertext2compressed(gnutls_session session, if (pad > ciphertext.size - hash_size) { gnutls_assert(); - return GNUTLS_E_DECRYPTION_FAILED; + /* We do not fail here. We check below for the + * the pad_failed. If zero means success. + */ + pad_failed = GNUTLS_E_DECRYPTION_FAILED; } /* Check the pading bytes (TLS 1.0 only) @@ -407,7 +410,7 @@ int _gnutls_ciphertext2compressed(gnutls_session session, for (i=2;i<pad;i++) { if (ciphertext.data[ciphertext.size-i] != ciphertext.data[ciphertext.size - 1]) { gnutls_assert(); - return GNUTLS_E_DECRYPTION_FAILED; + pad_failed = GNUTLS_E_DECRYPTION_FAILED; } } @@ -456,6 +459,11 @@ int _gnutls_ciphertext2compressed(gnutls_session session, gnutls_assert(); return GNUTLS_E_DECRYPTION_FAILED; } + + /* This one was introduced to avoid a timing attack against the TLS + * 1.0 protocol. + */ + if (pad_failed != 0) return pad_failed; return length; } diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c index 49dc86cfb0..7ca96386a2 100644 --- a/lib/gnutls_cipher_int.c +++ b/lib/gnutls_cipher_int.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2000 Nikos Mavroyanopoulos + * Copyright (C) 2000 Nikos Mavroyanopoulos * - * This file is part of GNUTLS. + * This file is part of GNUTLS. * * The GNUTLS library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public |