Don't reject TLS packets with zero plaintext bytes

OpenSSL sends an empty record before each new data record in TLS v1.0 to randomize the IV, as a countermeasure to the BEAST attack. Most implementations use 1/(n-1) splitting for this instead. Bug introduced with the const time changes in 1.11.23
author: Jack Lloyd <[email protected]> 2016-04-15 02:09:45 -0400
committer: Jack Lloyd <[email protected]> 2016-04-15 02:09:45 -0400
commit: 6315841fca399cf9bdc62b324fdfe0e23b9afbe9 (patch)
tree: 30aada06ff2169efe442c39ccd48e644dcfb2364 /src/lib/utils
parent: 0b06b4f61b497c7ad9869441f12ee287b65cde36 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/lib/utils/ct_utils.h b/src/lib/utils/ct_utils.h
index 5a1d03d4f..1f095ba88 100644
--- a/src/lib/utils/ct_utils.h
+++ b/src/lib/utils/ct_utils.h
@@ -129,6 +129,12 @@ inline T is_less(T x, T y)
    }
 
 template<typename T>
+inline T is_lte(T x, T y)
+   {
+   return expand_mask<T>(x <= y);
+   }
+
+template<typename T>
 inline void conditional_copy_mem(T value,
                                  T* to,
                                  const T* from0,
author	Jack Lloyd <[email protected]>	2016-04-15 02:09:45 -0400
committer	Jack Lloyd <[email protected]>	2016-04-15 02:09:45 -0400
commit	6315841fca399cf9bdc62b324fdfe0e23b9afbe9 (patch)
tree	30aada06ff2169efe442c39ccd48e644dcfb2364 /src/lib/utils
parent	0b06b4f61b497c7ad9869441f12ee287b65cde36 (diff)