diff options
| author | beck <> | 2001-08-01 19:51:17 +0000 |
|---|---|---|
| committer | beck <> | 2001-08-01 19:51:17 +0000 |
| commit | 4b790f68539c49ef91f5e82506c2624900c92106 (patch) | |
| tree | d14ff9f79630cb04ad006cd2730646f44f62d786 /src/lib/libssl/t1_enc.c | |
| parent | edbfd6c7e91e15e92ef0df548474ac76b6dddca0 (diff) | |
| download | openbsd-4b790f68539c49ef91f5e82506c2624900c92106.tar.gz openbsd-4b790f68539c49ef91f5e82506c2624900c92106.tar.bz2 openbsd-4b790f68539c49ef91f5e82506c2624900c92106.zip | |
merge openssl 0.9.6b-engine
Note that this is a maintenence release, API's appear *not* to have changed.
As such, I have only increased the minor number on these libraries
Diffstat (limited to 'src/lib/libssl/t1_enc.c')
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index d10a23af8e..a0758e9261 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -420,7 +420,7 @@ int tls1_enc(SSL *s, int send) | |||
| 420 | if ((s->session == NULL) || (ds == NULL) || | 420 | if ((s->session == NULL) || (ds == NULL) || |
| 421 | (enc == NULL)) | 421 | (enc == NULL)) |
| 422 | { | 422 | { |
| 423 | memcpy(rec->data,rec->input,rec->length); | 423 | memmove(rec->data,rec->input,rec->length); |
| 424 | rec->input=rec->data; | 424 | rec->input=rec->data; |
| 425 | } | 425 | } |
| 426 | else | 426 | else |
| @@ -447,11 +447,21 @@ int tls1_enc(SSL *s, int send) | |||
| 447 | rec->length+=i; | 447 | rec->length+=i; |
| 448 | } | 448 | } |
| 449 | 449 | ||
| 450 | if (!send) | ||
| 451 | { | ||
| 452 | if (l == 0 || l%bs != 0) | ||
| 453 | { | ||
| 454 | SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); | ||
| 455 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR); | ||
| 456 | return(0); | ||
| 457 | } | ||
| 458 | } | ||
| 459 | |||
| 450 | EVP_Cipher(ds,rec->data,rec->input,l); | 460 | EVP_Cipher(ds,rec->data,rec->input,l); |
| 451 | 461 | ||
| 452 | if ((bs != 1) && !send) | 462 | if ((bs != 1) && !send) |
| 453 | { | 463 | { |
| 454 | ii=i=rec->data[l-1]; | 464 | ii=i=rec->data[l-1]; /* padding_length */ |
| 455 | i++; | 465 | i++; |
| 456 | if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) | 466 | if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) |
| 457 | { | 467 | { |
| @@ -462,6 +472,8 @@ int tls1_enc(SSL *s, int send) | |||
| 462 | if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) | 472 | if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) |
| 463 | i--; | 473 | i--; |
| 464 | } | 474 | } |
| 475 | /* TLS 1.0 does not bound the number of padding bytes by the block size. | ||
| 476 | * All of them must have value 'padding_length'. */ | ||
| 465 | if (i > (int)rec->length) | 477 | if (i > (int)rec->length) |
| 466 | { | 478 | { |
| 467 | SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); | 479 | SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); |