Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't

reveal whether illegal block cipher padding was found or a MAC verification error occured. In ssl/s2_pkt.c, verify that the purported number of padding bytes is in the legal range.
author: Bodo Möller <bodo@openssl.org> 2001-09-20 18:35:52 +0000
committer: Bodo Möller <bodo@openssl.org> 2001-09-20 18:35:52 +0000
commit: ee60d9fb282030be3f25e951b86d74d8f2dd1bdd (patch)
tree: 307f2414af069a1717aaa5a9906dd586024d2f2e /CHANGES
parent: be6d77005f0d474462ed5df896596d06402c05b2 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 4986190821..ffe4c9cba6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,19 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
+     reveal whether illegal block cipher padding was found or a MAC
+     verification error occured.  (Neither SSLerr() codes nor alerts
+     are directly visible to potential attackers, but the information
+     may leak via logfiles.)
+
+     Similar changes are not required for the SSL 2.0 implementation
+     because the number of padding bytes is sent in clear for SSL 2.0,
+     and the extra bytes are just ignored.  However ssl/s2_pkt.c
+     failed to verify that the purported number of padding bytes is in
+     the legal range.
+     [Bodo Moeller]
+
   +) Add some demos for certificate and certificate request creation.
      [Steve Henson]
author	Bodo Möller <bodo@openssl.org>	2001-09-20 18:35:52 +0000
committer	Bodo Möller <bodo@openssl.org>	2001-09-20 18:35:52 +0000
commit	ee60d9fb282030be3f25e951b86d74d8f2dd1bdd (patch)
tree	307f2414af069a1717aaa5a9906dd586024d2f2e /CHANGES
parent	be6d77005f0d474462ed5df896596d06402c05b2 (diff)