diff options
author | Bodo Möller <bodo@openssl.org> | 2008-07-17 22:11:53 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2008-07-17 22:11:53 +0000 |
commit | 5b331ab77af1a510b97ea57845bfbac1a5db415f (patch) | |
tree | 9fd494267f61230ba19215603e6d3e89ff59945b | |
parent | dd6f479ea8548ffc56a52ecdaba94c7d277dec83 (diff) | |
download | openssl-5b331ab77af1a510b97ea57845bfbac1a5db415f.tar.gz |
We should check the eight bytes starting at p[-9] for rollback attack
detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK
will be larger than necessary.
PR: 1695
-rw-r--r-- | crypto/rsa/rsa_ssl.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c index ea72629494..cfeff15bc9 100644 --- a/crypto/rsa/rsa_ssl.c +++ b/crypto/rsa/rsa_ssl.c @@ -130,7 +130,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING); return(-1); } - for (k= -8; k<0; k++) + for (k = -9; k<-1; k++) { if (p[k] != 0x03) break; } |