pay attention to blocksize before attempting decryption

author: Bodo Möller <bodo@openssl.org> 2001-06-15 18:05:09 +0000
committer: Bodo Möller <bodo@openssl.org> 2001-06-15 18:05:09 +0000
commit: 285b42756ae3023d885461d819fad14fc1e363e3 (patch)
tree: 47e0c5ac6b8f4b9b596e72b28a08a5cc416aadde /ssl/s3_enc.c
parent: 508f15cdabe9c66db694efb24028cc38b9bee261 (diff)
1 files changed, 13 insertions, 2 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 8cd36a395c..d1c1946e54 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -373,7 +373,6 @@ int ssl3_enc(SSL *s, int send)
 
 		/* COMPRESS */
 
-		/* This should be using (bs-1) and bs instead of 7 and 8 */
 		if ((bs != 1) && send)
 			{
 			i=bs-((int)l%bs);
@@ -383,12 +382,24 @@ int ssl3_enc(SSL *s, int send)
 			rec->length+=i;
 			rec->input[l-1]=(i-1);
 			}
-
+		
+		if (!send)
+			{
+			if (l == 0 || l%bs != 0)
+				{
+				SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
+				return(0);
+				}
+			}
+		
 		EVP_Cipher(ds,rec->data,rec->input,l);
 
 		if ((bs != 1) && !send)
 			{
 			i=rec->data[l-1]+1;
+			/* SSL 3.0 bounds the number of padding bytes by the block size;
+			 * padding bytes (except that last) are arbitrary */
 			if (i > bs)
 				{
 				SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
author	Bodo Möller <bodo@openssl.org>	2001-06-15 18:05:09 +0000
committer	Bodo Möller <bodo@openssl.org>	2001-06-15 18:05:09 +0000
commit	285b42756ae3023d885461d819fad14fc1e363e3 (patch)
tree	47e0c5ac6b8f4b9b596e72b28a08a5cc416aadde /ssl/s3_enc.c
parent	508f15cdabe9c66db694efb24028cc38b9bee261 (diff)