pay attention to blocksize before attempting decryption
This commit is contained in:
Bodo Möller
parent
508f15cdab
commit
285b42756a
4
CHANGES
4
CHANGES
@ -11,6 +11,10 @@
|
|||||||
*) applies to 0.9.6a (/0.9.6b) and 0.9.7
|
*) applies to 0.9.6a (/0.9.6b) and 0.9.7
|
||||||
+) applies to 0.9.7 only
|
+) applies to 0.9.7 only
|
||||||
|
|
||||||
|
*) Verify that incoming data obeys the block size in
|
||||||
|
ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c).
|
||||||
|
[Bodo Moeller]
|
||||||
|
|
||||||
+) Tidy up PKCS#12 attribute handling. Add support for the CSP name
|
+) Tidy up PKCS#12 attribute handling. Add support for the CSP name
|
||||||
attribute in PKCS#12 files, add new -CSP option to pkcs12 utility.
|
attribute in PKCS#12 files, add new -CSP option to pkcs12 utility.
|
||||||
[Steve Henson]
|
[Steve Henson]
|
||||||
|
|||||||
15
ssl/s3_enc.c
15
ssl/s3_enc.c
@ -373,7 +373,6 @@ int ssl3_enc(SSL *s, int send)
|
|||||||
|
|
||||||
/* COMPRESS */
|
/* COMPRESS */
|
||||||
|
|
||||||
/* This should be using (bs-1) and bs instead of 7 and 8 */
|
|
||||||
if ((bs != 1) && send)
|
if ((bs != 1) && send)
|
||||||
{
|
{
|
||||||
i=bs-((int)l%bs);
|
i=bs-((int)l%bs);
|
||||||
@ -383,12 +382,24 @@ int ssl3_enc(SSL *s, int send)
|
|||||||
rec->length+=i;
|
rec->length+=i;
|
||||||
rec->input[l-1]=(i-1);
|
rec->input[l-1]=(i-1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!send)
|
||||||
|
{
|
||||||
|
if (l == 0 || l%bs != 0)
|
||||||
|
{
|
||||||
|
SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
|
||||||
|
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
EVP_Cipher(ds,rec->data,rec->input,l);
|
EVP_Cipher(ds,rec->data,rec->input,l);
|
||||||
|
|
||||||
if ((bs != 1) && !send)
|
if ((bs != 1) && !send)
|
||||||
{
|
{
|
||||||
i=rec->data[l-1]+1;
|
i=rec->data[l-1]+1;
|
||||||
|
/* SSL 3.0 bounds the number of padding bytes by the block size;
|
||||||
|
* padding bytes (except that last) are arbitrary */
|
||||||
if (i > bs)
|
if (i > bs)
|
||||||
{
|
{
|
||||||
SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
|
SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
|
||||||
|
|||||||
14
ssl/t1_enc.c
14
ssl/t1_enc.c
@ -509,6 +509,16 @@ int tls1_enc(SSL *s, int send)
|
|||||||
}
|
}
|
||||||
#endif /* KSSL_DEBUG */
|
#endif /* KSSL_DEBUG */
|
||||||
|
|
||||||
|
if (!send)
|
||||||
|
{
|
||||||
|
if (l == 0 || l%bs != 0)
|
||||||
|
{
|
||||||
|
SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
|
||||||
|
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
EVP_Cipher(ds,rec->data,rec->input,l);
|
EVP_Cipher(ds,rec->data,rec->input,l);
|
||||||
|
|
||||||
#ifdef KSSL_DEBUG
|
#ifdef KSSL_DEBUG
|
||||||
@ -522,7 +532,7 @@ int tls1_enc(SSL *s, int send)
|
|||||||
|
|
||||||
if ((bs != 1) && !send)
|
if ((bs != 1) && !send)
|
||||||
{
|
{
|
||||||
ii=i=rec->data[l-1];
|
ii=i=rec->data[l-1]; /* padding_length */
|
||||||
i++;
|
i++;
|
||||||
if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
|
if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
|
||||||
{
|
{
|
||||||
@ -533,6 +543,8 @@ int tls1_enc(SSL *s, int send)
|
|||||||
if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
|
if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
|
||||||
i--;
|
i--;
|
||||||
}
|
}
|
||||||
|
/* TLS 1.0 does not bound the number of padding bytes by the block size.
|
||||||
|
* All of them must have value 'padding_length'. */
|
||||||
if (i > (int)rec->length)
|
if (i > (int)rec->length)
|
||||||
{
|
{
|
||||||
SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
|
SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user