[Help-gnutls] segfault in internal function
Nikos Mavrogiannopoulos
nmav at gnutls.org
Wed Apr 27 18:49:05 CEST 2005
On Wednesday 27 April 2005 18:19, you wrote:
> Hi,
>
> I've done :
> if (pad > ciphertext.size - hash_size) {
> gnutls_assert();
> /* We do not fail here. We check below for the
> * the pad_failed. If zero means success.
> */
> pad_failed = GNUTLS_E_DECRYPTION_FAILED;
> return pad_failed;
> }
I cannot include this in gnutls since it allows for information leakage to
attackers. The next version of gnutls will include this line:
> if (ver >= GNUTLS_TLS1 && pad_failed==0)
in the next test.
so it might be better to test this instead. What does you stress test
do? This problem was triggered by wrongly encrypted data.
--
Nikos Mavrogiannopoulos
More information about the Gnutls-help
mailing list