diff options
author | Bodo Möller <bodo@openssl.org> | 2001-09-20 18:35:52 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2001-09-20 18:35:52 +0000 |
commit | ee60d9fb282030be3f25e951b86d74d8f2dd1bdd (patch) | |
tree | 307f2414af069a1717aaa5a9906dd586024d2f2e /CHANGES | |
parent | be6d77005f0d474462ed5df896596d06402c05b2 (diff) |
Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
reveal whether illegal block cipher padding was found or a MAC
verification error occured.
In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -12,6 +12,19 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only + *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't + reveal whether illegal block cipher padding was found or a MAC + verification error occured. (Neither SSLerr() codes nor alerts + are directly visible to potential attackers, but the information + may leak via logfiles.) + + Similar changes are not required for the SSL 2.0 implementation + because the number of padding bytes is sent in clear for SSL 2.0, + and the extra bytes are just ignored. However ssl/s2_pkt.c + failed to verify that the purported number of padding bytes is in + the legal range. + [Bodo Moeller] + +) Add some demos for certificate and certificate request creation. [Steve Henson] |