Created
December 9, 2014 14:44
-
-
Save staaldraad/b4ad4888f62f7d4f9c9f to your computer and use it in GitHub Desktop.
Patch Go libs for poodle-tls scan - Modified from https://gist.github.com/singe/f433c54f134a9390214e to work with Go 1.3.3 for Linux. -- These are mods to Adam Langley's (@agl__) work.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff -u -r b/src/pkg/crypto/tls/common.go a/src/pkg/crypto/tls/common.go | |
--- b/src/pkg/crypto/tls/common.go 2014-10-01 02:51:45.000000000 +0100 | |
+++ a/src/pkg/crypto/tls/common.go 2014-12-09 13:55:55.167748499 +0000 | |
@@ -301,6 +301,8 @@ | |
// be used. | |
CurvePreferences []CurveID | |
+ BreakCBCPadding bool | |
+ | |
serverInitOnce sync.Once // guards calling (*Config).serverInit | |
} | |
diff -u -r b/src/pkg/crypto/tls/conn.go a/src/pkg/crypto/tls/conn.go | |
--- b/src/pkg/crypto/tls/conn.go 2014-10-01 02:51:45.000000000 +0100 | |
+++ a/src/pkg/crypto/tls/conn.go 2014-12-09 13:55:55.167748499 +0000 | |
@@ -106,6 +106,8 @@ | |
// used to save allocating a new buffer for each MAC. | |
inDigestBuf, outDigestBuf []byte | |
+ | |
+ brokenCBC bool | |
} | |
func (hc *halfConn) setErrorLocked(err error) error { | |
@@ -122,10 +124,11 @@ | |
// prepareCipherSpec sets the encryption and MAC states | |
// that a subsequent changeCipherSpec will use. | |
-func (hc *halfConn) prepareCipherSpec(version uint16, cipher interface{}, mac macFunction) { | |
+func (hc *halfConn) prepareCipherSpec(version uint16, cipher interface{}, mac macFunction, brokenCBC bool) { | |
hc.version = version | |
hc.nextCipher = cipher | |
hc.nextMac = mac | |
+ hc.brokenCBC = brokenCBC | |
} | |
// changeCipherSpec changes the encryption and MAC states | |
@@ -336,14 +339,21 @@ | |
// block of payload. finalBlock is a fresh slice which contains the contents of | |
// any suffix of payload as well as the needed padding to make finalBlock a | |
// full block. | |
-func padToBlockSize(payload []byte, blockSize int) (prefix, finalBlock []byte) { | |
+func padToBlockSize(payload []byte, blockSize int, broken bool) (prefix, finalBlock []byte) { | |
overrun := len(payload) % blockSize | |
paddingLen := blockSize - overrun | |
prefix = payload[:len(payload)-overrun] | |
finalBlock = make([]byte, blockSize) | |
copy(finalBlock, payload[len(payload)-overrun:]) | |
- for i := overrun; i < blockSize; i++ { | |
- finalBlock[i] = byte(paddingLen - 1) | |
+ if !broken { | |
+ for i := overrun; i < blockSize; i++ { | |
+ finalBlock[i] = byte(paddingLen - 1) | |
+ } | |
+ } else { | |
+ for i := overrun; i < blockSize; i++ { | |
+ finalBlock[i] = byte(66-i) | |
+ } | |
+ finalBlock[blockSize-1] = byte(paddingLen-1) | |
} | |
return | |
} | |
@@ -387,7 +397,7 @@ | |
c.SetIV(payload[:explicitIVLen]) | |
payload = payload[explicitIVLen:] | |
} | |
- prefix, finalBlock := padToBlockSize(payload, blockSize) | |
+ prefix, finalBlock := padToBlockSize(payload, blockSize, hc.brokenCBC) | |
b.resize(recordHeaderLen + explicitIVLen + len(prefix) + len(finalBlock)) | |
c.CryptBlocks(b.data[recordHeaderLen+explicitIVLen:], prefix) | |
c.CryptBlocks(b.data[recordHeaderLen+explicitIVLen+len(prefix):], finalBlock) | |
diff -u -r b/src/pkg/crypto/tls/handshake_client.go a/src/pkg/crypto/tls/handshake_client.go | |
--- b/src/pkg/crypto/tls/handshake_client.go 2014-10-01 02:51:45.000000000 +0100 | |
+++ a/src/pkg/crypto/tls/handshake_client.go 2014-12-09 13:55:55.167748499 +0000 | |
@@ -463,8 +463,8 @@ | |
serverCipher = hs.suite.aead(serverKey, serverIV) | |
} | |
- c.in.prepareCipherSpec(c.vers, serverCipher, serverHash) | |
- c.out.prepareCipherSpec(c.vers, clientCipher, clientHash) | |
+ c.in.prepareCipherSpec(c.vers, serverCipher, serverHash, c.config.BreakCBCPadding) | |
+ c.out.prepareCipherSpec(c.vers, clientCipher, clientHash, c.config.BreakCBCPadding) | |
return nil | |
} | |
diff -u -r b/src/pkg/crypto/tls/handshake_server.go a/src/pkg/crypto/tls/handshake_server.go | |
--- b/src/pkg/crypto/tls/handshake_server.go 2014-10-01 02:51:45.000000000 +0100 | |
+++ a/src/pkg/crypto/tls/handshake_server.go 2014-12-09 13:55:55.168748494 +0000 | |
@@ -464,8 +464,8 @@ | |
serverCipher = hs.suite.aead(serverKey, serverIV) | |
} | |
- c.in.prepareCipherSpec(c.vers, clientCipher, clientHash) | |
- c.out.prepareCipherSpec(c.vers, serverCipher, serverHash) | |
+ c.in.prepareCipherSpec(c.vers, clientCipher, clientHash, false) | |
+ c.out.prepareCipherSpec(c.vers, serverCipher, serverHash, false) | |
return nil | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment