diff options
author | Andreas Schultz <[email protected]> | 2011-10-03 12:46:12 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2011-10-24 11:36:03 +0200 |
commit | 32c475cfe5bbc2c2eb55d83102112233d799a01a (patch) | |
tree | 5f5c925d4aeadc52fca690d8e2044f3d0d32c4b0 /lib/ssh/test/ssh_sftp_SUITE.erl | |
parent | 1fd0ef56ce4432ea6e6ddbcd0af81c71b7921b38 (diff) | |
download | otp-32c475cfe5bbc2c2eb55d83102112233d799a01a.tar.gz otp-32c475cfe5bbc2c2eb55d83102112233d799a01a.tar.bz2 otp-32c475cfe5bbc2c2eb55d83102112233d799a01a.zip |
fix handling of block_decipher/5 failure
A wrong decryption key would cause a badmatch in
generic_block_cipher_from_bin/2. The try in block_decipher/5 was
probably intendend to deal with that, but was misplace for this.
Additionaly, generating a failure alert erly, without computing the
record MAC, creates vector for a timing attack on CBC padding (for
details check TLS 1.2 RFC 5246, Sect. 6.2.3.2.). This attach vector
and the counter meassure applies to all SSL/TLS versions.
As a counter messure, compute the MAC even when decryption or padding
checks fail. A invalid padding will force a MAC failure by intentionaly
invalidating the content.
Diffstat (limited to 'lib/ssh/test/ssh_sftp_SUITE.erl')
0 files changed, 0 insertions, 0 deletions