Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
gnutls.10768
0003-cbc_mac_verify-require-minimum-padding-und...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0003-cbc_mac_verify-require-minimum-padding-under-SSL3.0.patch of Package gnutls.10768
From cc91db2fb8efeb1e5e3c56a5ff86ea8cb3ef8915 Mon Sep 17 00:00:00 2001 From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Date: Wed, 20 Jun 2018 11:07:47 +0200 Subject: [PATCH 3/4] cbc_mac_verify: require minimum padding under SSL3.0 --- lib/gnutls_cipher.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) Index: gnutls-3.6.2/lib/cipher.c =================================================================== --- gnutls-3.6.2.orig/lib/cipher.c 2018-09-03 13:58:09.932075063 +0200 +++ gnutls-3.6.2/lib/cipher.c 2018-09-03 14:00:14.312890014 +0200 @@ -669,8 +669,12 @@ decrypt_packet(gnutls_session_t session, * because there is a timing channel in that memory access (in certain CPUs). */ #ifdef ENABLE_SSL3 - if (ver->id != GNUTLS_SSL3) + if (ver->id == GNUTLS_SSL3) { + if (pad >= blocksize) + pad_failed = 1; + } else #endif + { for (i = 2; i <= MIN(256, ciphertext->size); i++) { tmp_pad_failed |= (plain-> @@ -678,6 +682,7 @@ decrypt_packet(gnutls_session_t session, pad_failed |= ((i <= (1 + pad)) & (tmp_pad_failed)); } + } if (unlikely (pad_failed != 0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor