diff options
author | Jung-uk Kim <jkim@FreeBSD.org> | 2015-06-11 17:56:16 +0000 |
---|---|---|
committer | Jung-uk Kim <jkim@FreeBSD.org> | 2015-06-11 17:56:16 +0000 |
commit | a9745f9a849725cad34f84351bed202839aade59 (patch) | |
tree | 686ec4279139441a2f9d947dceec492e54ff569c /ssl/s3_cbc.c | |
parent | 3d2030852da420b820a661e7b19bb757487e2599 (diff) | |
download | src-a9745f9a849725cad34f84351bed202839aade59.tar.gz src-a9745f9a849725cad34f84351bed202839aade59.zip |
Import OpenSSL 1.0.1n.vendor/openssl/1.0.1n
Notes
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=284278
svn path=/vendor-crypto/openssl/1.0.1n/; revision=284279; tag=vendor/openssl/1.0.1n
Diffstat (limited to 'ssl/s3_cbc.c')
-rw-r--r-- | ssl/s3_cbc.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 598d27edccb5..2fb71f277e9c 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -149,7 +149,7 @@ int tls1_cbc_remove_padding(const SSL *s, */ if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) { /* First packet is even in size, so check */ - if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) && + if ((CRYPTO_memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) && !(padding_length & 1)) { s->s3->flags |= TLS1_FLAGS_TLS_PADDING_BUG; } @@ -639,12 +639,22 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, if (k > 0) { if (is_sslv3) { + unsigned overhang; + /* * The SSLv3 header is larger than a single block. overhang is * the number of bytes beyond a single block that the header - * consumes: either 7 bytes (SHA1) or 11 bytes (MD5). + * consumes: either 7 bytes (SHA1) or 11 bytes (MD5). There are no + * ciphersuites in SSLv3 that are not SHA1 or MD5 based and + * therefore we can be confident that the header_length will be + * greater than |md_block_size|. However we add a sanity check just + * in case */ - unsigned overhang = header_length - md_block_size; + if (header_length <= md_block_size) { + /* Should never happen */ + return; + } + overhang = header_length - md_block_size; md_transform(md_state.c, header); memcpy(first_block, header + md_block_size, overhang); memcpy(first_block + overhang, data, md_block_size - overhang); |