[SCM] GNU gnutls branch, master, updated. gnutls_3_0

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_3_0_10-4-g35e26ca

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls_3_0_10-4-g35e26ca
Date:	Fri, 06 Jan 2012 18:45:41 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=35e26ca63c6da01db460d93e9c4bf86cd668534c

The branch, master has been updated
       via  35e26ca63c6da01db460d93e9c4bf86cd668534c (commit)
      from  38718fe94ae05a81a2acc437dd3bf24af0173143 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 35e26ca63c6da01db460d93e9c4bf86cd668534c
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Fri Jan 6 19:49:24 2012 +0100

    provide less timing information when decoding packets. Patch by Nadhem 
Alfardan.

-----------------------------------------------------------------------

Summary of changes:
 NEWS                |    9 +++++++++
 lib/gnutls_cipher.c |    7 ++++++-
 2 files changed, 15 insertions(+), 1 deletions(-)

diff --git a/NEWS b/NEWS
index 58b6a81..49372ad 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,15 @@ GnuTLS NEWS -- History of user-visible changes.                
-*- outline -*-
 Copyright (C) 2000-2011 Free Software Foundation, Inc.
 See the end for copying conditions.
 
+* Version 3.0.11 (unreleased)
+
+** libgnutls: Provide less timing information when decoding
+TLS/DTLS record packets. Patch by Nadhem Alfardan.
+
+** API and ABI modifications:
+No changes since last version.
+
+
 * Version 3.0.10 (released 2012-01-04)
 
 ** gnutls-cli/serv: Set don't fragment bit in DTLS sessions
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index f041821..e593cfe 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -560,7 +560,12 @@ ciphertext_to_compressed (gnutls_session_t session,
           }
 
       if (length < 0)
-        length = 0;
+        {
+          /* Setting a proper length to prevent timing differences in
+           * processing of records with invalid encryption.
+           */
+          length = ciphertext.size - tag_size;
+        }
 
       /* Pass the type, version, length and compressed through
        * MAC.


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, master, updated. gnutls_3_0_10-4-g35e26ca, Nikos Mavrogiannopoulos <=

Prev by Date: [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_14a-4-g8ae99fc
Next by Date: [SCM] GNU gnutls branch, master, updated. gnutls_3_0_10-5-g92c407a
Previous by thread: [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_14a-4-g8ae99fc
Next by thread: [SCM] GNU gnutls branch, master, updated. gnutls_3_0_10-5-g92c407a
Index(es):
- Date
- Thread