pay attention to blocksize before attempting decryption
This commit is contained in:
Bodo Möller
parent
508f15cdab
commit
285b42756a
3 changed files with 30 additions and 3 deletions
4
CHANGES
4
CHANGES
|
|
@ -11,6 +11,10 @@
|
|||
*) applies to 0.9.6a (/0.9.6b) and 0.9.7
|
||||
+) applies to 0.9.7 only
|
||||
|
||||
*) Verify that incoming data obeys the block size in
|
||||
ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c).
|
||||
[Bodo Moeller]
|
||||
|
||||
+) Tidy up PKCS#12 attribute handling. Add support for the CSP name
|
||||
attribute in PKCS#12 files, add new -CSP option to pkcs12 utility.
|
||||
[Steve Henson]
|
||||
|
|
|
|||
15
ssl/s3_enc.c
15
ssl/s3_enc.c
|
|
@ -373,7 +373,6 @@ int ssl3_enc(SSL *s, int send)
|
|||
|
||||
/* COMPRESS */
|
||||
|
||||
/* This should be using (bs-1) and bs instead of 7 and 8 */
|
||||
if ((bs != 1) && send)
|
||||
{
|
||||
i=bs-((int)l%bs);
|
||||
|
|
@ -383,12 +382,24 @@ int ssl3_enc(SSL *s, int send)
|
|||
rec->length+=i;
|
||||
rec->input[l-1]=(i-1);
|
||||
}
|
||||
|
||||
|
||||
if (!send)
|
||||
{
|
||||
if (l == 0 || l%bs != 0)
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
|
||||
return(0);
|
||||
}
|
||||
}
|
||||
|
||||
EVP_Cipher(ds,rec->data,rec->input,l);
|
||||
|
||||
if ((bs != 1) && !send)
|
||||
{
|
||||
i=rec->data[l-1]+1;
|
||||
/* SSL 3.0 bounds the number of padding bytes by the block size;
|
||||
* padding bytes (except that last) are arbitrary */
|
||||
if (i > bs)
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
|
||||
|
|
|
|||
14
ssl/t1_enc.c
14
ssl/t1_enc.c
|
|
@ -509,6 +509,16 @@ int tls1_enc(SSL *s, int send)
|
|||
}
|
||||
#endif /* KSSL_DEBUG */
|
||||
|
||||
if (!send)
|
||||
{
|
||||
if (l == 0 || l%bs != 0)
|
||||
{
|
||||
SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
|
||||
return(0);
|
||||
}
|
||||
}
|
||||
|
||||
EVP_Cipher(ds,rec->data,rec->input,l);
|
||||
|
||||
#ifdef KSSL_DEBUG
|
||||
|
|
@ -522,7 +532,7 @@ int tls1_enc(SSL *s, int send)
|
|||
|
||||
if ((bs != 1) && !send)
|
||||
{
|
||||
ii=i=rec->data[l-1];
|
||||
ii=i=rec->data[l-1]; /* padding_length */
|
||||
i++;
|
||||
if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
|
||||
{
|
||||
|
|
@ -533,6 +543,8 @@ int tls1_enc(SSL *s, int send)
|
|||
if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
|
||||
i--;
|
||||
}
|
||||
/* TLS 1.0 does not bound the number of padding bytes by the block size.
|
||||
* All of them must have value 'padding_length'. */
|
||||
if (i > (int)rec->length)
|
||||
{
|
||||
SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
|
||||
|
|
|
|||
Loading…
Reference in a new issue