Add countermeasure against cache-based lucky 13

2025-12-23 15:55:10 +01:00 · 2015-04-29 01:35:48 +02:00 · 2015-04-29 01:35:48 +02:00 · 47fede0d6d
commit 47fede0d6d
parent 9ce1bdc151
2 changed files with 4 additions and 1 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1825,7 +1825,8 @@ static int ssl_decrypt_buf( ssl_context *ssl )
                             ssl->in_msglen );
            md_hmac_finish( &ssl->transform_in->md_ctx_dec,
                             ssl->in_msg + ssl->in_msglen );
-            for( j = 0; j < extra_run; j++ )
+            /* Call md_process at least once due to cache attacks */
+            for( j = 0; j < extra_run + 1; j++ )
                md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg );

            md_hmac_reset( &ssl->transform_in->md_ctx_dec );