aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-08-29 14:52:53 -0400
committerJack Lloyd <[email protected]>2017-08-29 14:52:53 -0400
commitd024157179b0e313dc0fd1bf228236e68b673132 (patch)
tree807de0057a95422664ab1c07898f4d1df9eb2803
parent6b216d6d16eb0cae4c850afa02f6d25e2f75496e (diff)
Avoid false positive valgrind in TLS CBC decryption
We poisoned the record before decrypting it, which caused failures with Camellia ciphersuites (or AES, on platforms that use T-tables). Instead poison it right after decrypting.
-rw-r--r--src/lib/tls/tls_cbc/tls_cbc.cpp4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/tls/tls_cbc/tls_cbc.cpp b/src/lib/tls/tls_cbc/tls_cbc.cpp
index 9b6f511f5..9e178a457 100644
--- a/src/lib/tls/tls_cbc/tls_cbc.cpp
+++ b/src/lib/tls/tls_cbc/tls_cbc.cpp
@@ -422,10 +422,10 @@ void TLS_CBC_HMAC_AEAD_Decryption::finish(secure_vector<uint8_t>& buffer, size_t
}
else
{
- CT::poison(record_contents, record_len);
-
cbc_decrypt_record(record_contents, record_len);
+ CT::poison(record_contents, record_len);
+
// 0 if padding was invalid, otherwise 1 + padding_bytes
uint16_t pad_size = check_tls_padding(record_contents, record_len);