[erlang-patches] [PATCH] fix handling of ssl_cipher:block_decipher/5 failure

Andreas Schultz <>
Mon Oct 3 14:05:40 CEST 2011

Hi all,

Included is a change to fix a badmatch error in
ssl_cipher:generic_block_cipher_from_bin/2 and implement a CBC
timming attack counter measure in ssl_cipher:block_decipher/5.
Both changes are closely related.

   git fetch :RoadRunnr/otp.git ssl-cbc-fix

ssl_cipher:generic_block_cipher_from_bin/2 would generate a badmatch
error when the padding length was greater than the overall data. This
can happen when the decryption resulted in invalid data. It seems to
me, that the try in block_decipher/5 was supposed to catch that, but
it did not.

Also, RFC 5246 suggests a counter measure for a CBC timing attack on
the MAC calculation. This can easily be implemented by not generating
the error alert in block_decipher/5 and invalidating the decoded text.

It would also be possible to extend the return value of block_decipher
with the result of the padding check and test that value later. However,
this would also require changes to generic_block_cipher_from_bin/2.


Dipl. Inform.
Andreas Schultz

phone: +49-391-819099-224
mobil: +49-179-7654368

------------------ managed broadband access ------------------

Travelping GmbH               phone:           +49-391-8190990
Roentgenstr. 13               fax:           +49-391-819099299
D-39108 Magdeburg             email:       
GERMANY                       web:   http://www.travelping.com

Company Registration: HRB21276 Handelsregistergericht Chemnitz
Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780

More information about the erlang-patches mailing list