diff options
author | lloyd <[email protected]> | 2013-04-16 18:50:39 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2013-04-16 18:50:39 +0000 |
commit | f1d38d7a08b3939148b3426d00244bad89d23948 (patch) | |
tree | ad07060895a32bfa26c26cc76c43d8e44c231d9c | |
parent | 41ae930f6c224575c4dce6979df8b225778b6d5b (diff) |
Rewrite the TLS padding comparison to be constant time
-rw-r--r-- | src/tls/tls_record.cpp | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/tls/tls_record.cpp b/src/tls/tls_record.cpp index 0c663c18f..d9b222a85 100644 --- a/src/tls/tls_record.cpp +++ b/src/tls/tls_record.cpp @@ -371,9 +371,6 @@ size_t tls_padding_check(bool sslv3_padding, const byte record[], size_t record_len) { - if(block_size == 0 || record_len == 0 || record_len % block_size != 0) - return 0; - const size_t padding_length = record[(record_len-1)]; if(padding_length >= record_len) @@ -395,11 +392,14 @@ size_t tls_padding_check(bool sslv3_padding, * TLS v1.0 and up require all the padding bytes be the same value * and allows up to 255 bytes. */ + const size_t pad_start = record_len - padding_length - 1; + + volatile size_t cmp = 0; + for(size_t i = 0; i != padding_length; ++i) - if(record[(record_len-i-1)] != padding_length) - return 0; + cmp += record[pad_start + i] ^ padding_length; - return padding_length + 1; + return cmp ? 0 : padding_length + 1; } void cbc_decrypt_record(byte record_contents[], size_t record_len, |