[erlang-patches] [PATCH] fix handling of ssl_cipher:block_decipher/5 failure
Ingela Anderton Andin
ingela@REDACTED
Tue Oct 4 18:13:59 CEST 2011
Hi!
This patch is to late for R14B04, but I think it is a good patch and I
want to include it for the next release.
I was just thinking that should not the aes_decipher_fail-test test
that the Contetent and Mac values are
not the expected ones and not only test that they are "something" of the
expected size?
Regards Ingela Erlang/OTP team - Ericsson AB
Andreas Schultz wrote:
> Hi all,
>
> Included is a change to fix a badmatch error in
> ssl_cipher:generic_block_cipher_from_bin/2 and implement a CBC
> timming attack counter measure in ssl_cipher:block_decipher/5.
> Both changes are closely related.
>
> git fetch git@REDACTED:RoadRunnr/otp.git ssl-cbc-fix
>
> ssl_cipher:generic_block_cipher_from_bin/2 would generate a badmatch
> error when the padding length was greater than the overall data. This
> can happen when the decryption resulted in invalid data. It seems to
> me, that the try in block_decipher/5 was supposed to catch that, but
> it did not.
>
> Also, RFC 5246 suggests a counter measure for a CBC timing attack on
> the MAC calculation. This can easily be implemented by not generating
> the error alert in block_decipher/5 and invalidating the decoded text.
>
> It would also be possible to extend the return value of block_decipher
> with the result of the padding check and test that value later. However,
> this would also require changes to generic_block_cipher_from_bin/2.
>
> Thanks
> Andreas
>
>
More information about the erlang-patches
mailing list