[openssl-dev] Fwd: CVE-2014-8730 TLS CBC Incorrect Padding Abuse Vulnerability
Kurt Roeckx
kurt at roeckx.be
Wed Feb 3 18:12:29 UTC 2016
On Wed, Feb 03, 2016 at 05:11:34PM +0530, Shyamal Bhowmik wrote:
>
> /* enc_err is:
> * 0: (in non-constant time) if the record is publically invalid.
> * 1: if the padding is valid
> * -1: if the padding is invalid */
> if (enc_err == 0)
> {
> al=SSL_AD_DECRYPTION_FAILED;
> SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
> goto f_err;
> }
>
> As seen from above, error is thrown only for 0 return value and -1 return
> value is not handled. So if i change the code if (enc_err == 0) to if
> (enc_err <= 0) will solve my problem?
If you change that to <= 0 you will introduce a security problem
by leaking timing information. There is an other check for < 0
below.
> There was no specific way to reproduce this issue and it was seen very
> sporadically.
I'm not sure what you're trying to fix, but if you're getting
padding it's also possible that you actually received a padding
error.
This also doesn't seem to have anything to do with CVE-2014-8730
which we weren't vulnerable to, as you actually explained
yourself.
Kurt
More information about the openssl-dev
mailing list