We inherited the constant time CBC padding removal from BoringSSL, but - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2020-06-19 21:26:40 +0000
committer	tb <>	2020-06-19 21:26:40 +0000
commit	d3fc4a3d813db5a52ae85ac61643301a5f27a818 (patch)
tree	a0416e45ad6fcaa33901e33b7aafcca7267fe381 /src/lib/libssl/tls13_server.c
parent	b2bf88255a16b8db1a723ae88eb44a46f5405f16 (diff)
download	openbsd-d3fc4a3d813db5a52ae85ac61643301a5f27a818.tar.gz openbsd-d3fc4a3d813db5a52ae85ac61643301a5f27a818.tar.bz2 openbsd-d3fc4a3d813db5a52ae85ac61643301a5f27a818.zip

We inherited the constant time CBC padding removal from BoringSSL, but

missed a subsequent fix for an off-by-one in that code. If the first byte of a CBC padding of length 255 is mangled, we don't detect that. Adam Langley's BoringSSL commit 80842bdb44855dd7f1dde64a3fa9f4e782310fc7 Fixes the failing tlsfuzzer lucky 13 test case. ok beck inoguchi

Diffstat (limited to 'src/lib/libssl/tls13_server.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: