Peter Wu
changed
bug 9144
| What |
Removed |
Added |
| Attachment #11603 is obsolete |
|
1
|
| Attachment #11603 Flags |
review_for_checkin?
|
|
| Attachment #11610 Flags |
|
review_for_checkin?
|
Comment # 22
on bug 9144
from Peter Wu
Created attachment 11610 [details]
Use IV from record for CBC mode, add padding/IV length check
Add summary of RFCs to make it more obvious why certain parts (IV, MAC,
padding) are used. Merge DTLS and TLS blocks for extracting IV. This
saves an unnecessary memmove() because the input pointer is, well, just
a local variable and can therefore be incremented.
Validate padding and IV lengths before using it. A crash could occur
if the explicit IV is missing (this would make memmove write before its
buffer). The missing padding check had as implication that a misleading
error is returning with a negative length (not exploitable).
Use IV from record for CBC mode, previously it decrypted the first block
incorrectly and then threw this "decrypted" IV away. Now it extracts the
IV and uses this for decrypting the first fragment block. (remember that
CBC xor's the output of the block cipher with the previous ciphertext
(or IV for the first block)).
This is a preparation for GCM which does not have a MAC. The skip_mac
branch is necessary to make the compiler happy in this patch, 'mac'
could otherwise be uninitialised.
You are receiving this mail because:
- You are watching all bug changes.
