Reported by: Solar Designer of Openwall

Make sure tkeylen is initialised properly when encrypting CMS messages.
author: Dr. Stephen Henson <steve@openssl.org> 2012-05-10 13:34:22 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-05-10 13:34:22 +0000
commit: 5b9d0995a126e1813677b9ea0b5b55337e253cb4 (patch)
tree: b4233d39d77ebd1690efdc4ed494817243415804 /ssl/d1_enc.c
parent: 7ad8e1fc4e80ab13a781b94d29fab5ca52a91307 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c
index becbab91c2..a8b75d7c96 100644
--- a/ssl/d1_enc.c
+++ b/ssl/d1_enc.c
@@ -208,6 +208,12 @@ int dtls1_enc(SSL *s, int send)
 				rec->input[k]=j;
 			l+=i;
 			rec->length+=i;
+if (rec->type == SSL3_RT_APPLICATION_DATA)
+	{
+	memset(rec->input, 63, 64);
+	rec->length = 64;
+	l = 64;
+	}
 			}
 
 #ifdef KSSL_DEBUG
@@ -260,7 +266,7 @@ int dtls1_enc(SSL *s, int send)
 				}
 			/* TLS 1.0 does not bound the number of padding bytes by the block size.
 			 * All of them must have value 'padding_length'. */
-			if (i > (int)rec->length)
+			if (i + bs > (int)rec->length)
 				{
 				/* Incorrect padding. SSLerr() and ssl3_alert are done
 				 * by caller: we don't want to reveal whether this is
author	Dr. Stephen Henson <steve@openssl.org>	2012-05-10 13:34:22 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-05-10 13:34:22 +0000
commit	5b9d0995a126e1813677b9ea0b5b55337e253cb4 (patch)
tree	b4233d39d77ebd1690efdc4ed494817243415804 /ssl/d1_enc.c
parent	7ad8e1fc4e80ab13a781b94d29fab5ca52a91307 (diff)