diff options
author | Jack Lloyd <[email protected]> | 2017-08-29 14:52:53 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-08-29 14:52:53 -0400 |
commit | d024157179b0e313dc0fd1bf228236e68b673132 (patch) | |
tree | 807de0057a95422664ab1c07898f4d1df9eb2803 | |
parent | 6b216d6d16eb0cae4c850afa02f6d25e2f75496e (diff) |
Avoid false positive valgrind in TLS CBC decryption
We poisoned the record before decrypting it, which caused failures
with Camellia ciphersuites (or AES, on platforms that use T-tables).
Instead poison it right after decrypting.
-rw-r--r-- | src/lib/tls/tls_cbc/tls_cbc.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/tls/tls_cbc/tls_cbc.cpp b/src/lib/tls/tls_cbc/tls_cbc.cpp index 9b6f511f5..9e178a457 100644 --- a/src/lib/tls/tls_cbc/tls_cbc.cpp +++ b/src/lib/tls/tls_cbc/tls_cbc.cpp @@ -422,10 +422,10 @@ void TLS_CBC_HMAC_AEAD_Decryption::finish(secure_vector<uint8_t>& buffer, size_t } else { - CT::poison(record_contents, record_len); - cbc_decrypt_record(record_contents, record_len); + CT::poison(record_contents, record_len); + // 0 if padding was invalid, otherwise 1 + padding_bytes uint16_t pad_size = check_tls_padding(record_contents, record_len); |