CVE-2013-0169: Make CBC decoding constant time (cherry-picked from 2c082d25fc3f0dd6e56c45407fe10638b904083c) Bug: 8017911 Bug: 8095088 Change-Id: I57556e120fd1f585d38739d0d6aaf02bcbe45fbd

commit: fa75fdba32eae335f286afb1dc93ef1b5ec72615 [log] [tgz]
author: Brian Carlstrom <bdc@google.com> Fri Feb 01 23:44:05 2013 -0800
committer: Brian Carlstrom <bdc@google.com> Mon Feb 04 10:56:20 2013 -0800
tree: 6feddc5bf7c637ed8425aae362fecc235f66a030
parent: 4b0baa1ed0dba48c5f450864e0369c601040f84d [diff] [blame]
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index f4578aa..879be13 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h

@@ -355,6 +355,10 @@
 /*r */	unsigned char *comp;    /* only used with decompression - malloc()ed */
 /*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */
 /*r */  unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
+/*rw*/	unsigned int orig_len;  /* How many bytes were available before padding
+				   was removed? This is used to implement the
+				   MAC check in constant time for CBC records.
+				 */
 	} SSL3_RECORD;
 
 typedef struct ssl3_buffer_st
commit	fa75fdba32eae335f286afb1dc93ef1b5ec72615	[log] [tgz]
author	Brian Carlstrom <bdc@google.com>	Fri Feb 01 23:44:05 2013 -0800
committer	Brian Carlstrom <bdc@google.com>	Mon Feb 04 10:56:20 2013 -0800
tree	6feddc5bf7c637ed8425aae362fecc235f66a030
parent	4b0baa1ed0dba48c5f450864e0369c601040f84d [diff] [blame]