We should check the eight bytes starting at p[-9] for rollback attack

detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK will be larger than necessary. PR: 1695
author: Bodo Möller <bodo@openssl.org> 2008-07-17 22:11:53 +0000
committer: Bodo Möller <bodo@openssl.org> 2008-07-17 22:11:53 +0000
commit: 5b331ab77af1a510b97ea57845bfbac1a5db415f (patch)
tree: 9fd494267f61230ba19215603e6d3e89ff59945b /crypto/rsa/rsa_ssl.c
parent: dd6f479ea8548ffc56a52ecdaba94c7d277dec83 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c
index ea72629494..cfeff15bc9 100644
--- a/crypto/rsa/rsa_ssl.c
+++ b/crypto/rsa/rsa_ssl.c
@@ -130,7 +130,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
 		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING);
 		return(-1);
 		}
-	for (k= -8; k<0; k++)
+	for (k = -9; k<-1; k++)
 		{
 		if (p[k] !=  0x03) break;
 		}
author	Bodo Möller <bodo@openssl.org>	2008-07-17 22:11:53 +0000
committer	Bodo Möller <bodo@openssl.org>	2008-07-17 22:11:53 +0000
commit	5b331ab77af1a510b97ea57845bfbac1a5db415f (patch)
tree	9fd494267f61230ba19215603e6d3e89ff59945b /crypto/rsa/rsa_ssl.c
parent	dd6f479ea8548ffc56a52ecdaba94c7d277dec83 (diff)