On Wednesday 27 April 2005 18:19, you wrote:
> Hi,
>
> I've done :
> if (pad > ciphertext.size - hash_size) {
> gnutls_assert();
> /* We do not fail here. We check below for the
> * the pad_failed. If zero means success.
> */
> pad_failed = GNUTLS_E_DECRYPTION_FAILED;
> return pad_failed;
> }
I cannot include this in gnutls since it allows for information leakage to
attackers. The next version of gnutls will include this line:
> if (ver >= GNUTLS_TLS1 && pad_failed==0)
in the next test.
so it might be better to test this instead. What does you stress test
do? This problem was triggered by wrongly encrypted data.
--
Nikos Mavrogiannopoulos
_______________________________________________
Help-gnutls mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/help-gnutls
