[gnutls-devel] [PATCH] Don't call _gnutls_cipher_encrypt2 with textlen = 0 in _gnutls_auth_cipher_encrypt2_tag

Matthias-Christian Ott ott at mirix.org
Tue Dec 30 03:21:55 CET 2014

On 2014-12-30 02:15, Matthias-Christian Ott wrote:
> If the plaintext is shorter than the block size of the used cipher,
> _gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with
> textlen = 0. By definition _gnutls_cipher_encrypt2 does nothing in this
> case and thus does not need to be called.

There are more uses of _gnutls_cipher_encrypt2 where textlen could be
zero. Probably this needs some more thought and GnuTLS needs to make the
contracts between the functions explicit, especially the preconditions.

Please review the patch thoroughly. I'm not sure whether it introduces a
timing side channel.


More information about the Gnutls-devel mailing list