[tls] Treat invalid block padding as zero length padding

Harden against padding oracle attacks by treating invalid block padding as zero length padding, thereby deferring the failure until after computing the (incorrect) MAC. Signed-off-by: Michael Brown <mcb30@ipxe.org>
author: Michael Brown <mcb30@ipxe.org> 2022-11-08 15:10:25 +0000
committer: Michael Brown <mcb30@ipxe.org> 2022-11-08 15:14:06 +0000
commit: 186306d6199096b7a7c4b4574d4be8cdb8426729 (patch)
tree: 6cf369ae4a95f936ebdef95284caa64c7f0db025
parent: 634a86093af9a6d134be8662f25616f4edfec683 (diff)
download: ipxe-186306d6199096b7a7c4b4574d4be8cdb8426729.zip
ipxe-186306d6199096b7a7c4b4574d4be8cdb8426729.tar.gz
ipxe-186306d6199096b7a7c4b4574d4be8cdb8426729.tar.bz2
1 files changed, 2 insertions, 2 deletions
diff --git a/src/net/tls.c b/src/net/tls.c
index fdaa219..8a3ac3e 100644
--- a/src/net/tls.c
+++ b/src/net/tls.c
@@ -2821,8 +2821,8 @@ static int tls_new_ciphertext ( struct tls_connection *tls,
 	if ( is_block_cipher ( cipher ) ) {
 		pad_len = tls_verify_padding ( tls, last );
 		if ( pad_len < 0 ) {
-			rc = pad_len;
-			return rc;
+			/* Assume zero padding length to avoid timing attacks */
+			pad_len = 0;
 		}
 		iob_unput ( last, pad_len );
 		len -= pad_len;
author	Michael Brown <mcb30@ipxe.org>	2022-11-08 15:10:25 +0000
committer	Michael Brown <mcb30@ipxe.org>	2022-11-08 15:14:06 +0000
commit	186306d6199096b7a7c4b4574d4be8cdb8426729 (patch)
tree	6cf369ae4a95f936ebdef95284caa64c7f0db025
parent	634a86093af9a6d134be8662f25616f4edfec683 (diff)
download	ipxe-186306d6199096b7a7c4b4574d4be8cdb8426729.zip ipxe-186306d6199096b7a7c4b4574d4be8cdb8426729.tar.gz ipxe-186306d6199096b7a7c4b4574d4be8cdb8426729.tar.bz2