Wireshark-bugs: [Wireshark-bugs] [Bug 9144] [PATCH] Update TLS Ciphers
Date: Thu, 19 Sep 2013 11:04:38 +0000

changed bug 9144

What Removed Added
Attachment #11603 is obsolete   1
Attachment #11603 Flags review_for_checkin?  
Attachment #11610 Flags   review_for_checkin?

Comment # 22 on bug 9144 from
Created attachment 11610 [details]
Use IV from record for CBC mode, add padding/IV length check

Add summary of RFCs to make it more obvious why certain parts (IV, MAC,
padding) are used. Merge DTLS and TLS blocks for extracting IV. This
saves an unnecessary memmove() because the input pointer is, well, just
a local variable and can therefore be incremented.

Validate padding and IV lengths before using it. A crash could occur
if the explicit IV is missing (this would make memmove write before its
buffer). The missing padding check had as implication that a misleading
error is returning with a negative length (not exploitable).

Use IV from record for CBC mode, previously it decrypted the first block
incorrectly and then threw this "decrypted" IV away. Now it extracts the
IV and uses this for decrypting the first fragment block. (remember that
CBC xor's the output of the block cipher with the previous ciphertext
(or IV for the first block)).

This is a preparation for GCM which does not have a MAC. The skip_mac
branch is necessary to make the compiler happy in this patch, 'mac'
could otherwise be uninitialised.


You are receiving this mail because:
  • You are watching all bug changes.