summaryrefslogtreecommitdiffstats
path: root/ssl
diff options
context:
space:
mode:
authorBodo Möller <bodo@openssl.org>2001-06-15 20:05:09 +0200
committerBodo Möller <bodo@openssl.org>2001-06-15 20:05:09 +0200
commit285b42756ae3023d885461d819fad14fc1e363e3 (patch)
tree47e0c5ac6b8f4b9b596e72b28a08a5cc416aadde /ssl
parentFor MSDOS, the tty filename still is "con", not "/dev/tty" ... (diff)
downloadopenssl-285b42756ae3023d885461d819fad14fc1e363e3.tar.xz
openssl-285b42756ae3023d885461d819fad14fc1e363e3.zip
pay attention to blocksize before attempting decryption
Diffstat (limited to 'ssl')
-rw-r--r--ssl/s3_enc.c15
-rw-r--r--ssl/t1_enc.c14
2 files changed, 26 insertions, 3 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 8cd36a395c..d1c1946e54 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -373,7 +373,6 @@ int ssl3_enc(SSL *s, int send)
/* COMPRESS */
- /* This should be using (bs-1) and bs instead of 7 and 8 */
if ((bs != 1) && send)
{
i=bs-((int)l%bs);
@@ -383,12 +382,24 @@ int ssl3_enc(SSL *s, int send)
rec->length+=i;
rec->input[l-1]=(i-1);
}
-
+
+ if (!send)
+ {
+ if (l == 0 || l%bs != 0)
+ {
+ SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
+ return(0);
+ }
+ }
+
EVP_Cipher(ds,rec->data,rec->input,l);
if ((bs != 1) && !send)
{
i=rec->data[l-1]+1;
+ /* SSL 3.0 bounds the number of padding bytes by the block size;
+ * padding bytes (except that last) are arbitrary */
if (i > bs)
{
SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 5f0976f9e7..d3a15e3441 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -509,6 +509,16 @@ int tls1_enc(SSL *s, int send)
}
#endif /* KSSL_DEBUG */
+ if (!send)
+ {
+ if (l == 0 || l%bs != 0)
+ {
+ SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
+ return(0);
+ }
+ }
+
EVP_Cipher(ds,rec->data,rec->input,l);
#ifdef KSSL_DEBUG
@@ -522,7 +532,7 @@ int tls1_enc(SSL *s, int send)
if ((bs != 1) && !send)
{
- ii=i=rec->data[l-1];
+ ii=i=rec->data[l-1]; /* padding_length */
i++;
if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
{
@@ -533,6 +543,8 @@ int tls1_enc(SSL *s, int send)
if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
i--;
}
+ /* TLS 1.0 does not bound the number of padding bytes by the block size.
+ * All of them must have value 'padding_length'. */
if (i > (int)rec->length)
{
SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);