CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2020/06/19 15:26:40
Modified files:
lib/libssl : s3_cbc.c
Log message:
We inherited the constant time CBC padding removal from BoringSSL, but
missed a subsequent fix for an off-by-one in that code. If the first
byte of a CBC padding of length 255 is mangled, we don't detect that.
Adam Langley's BoringSSL commit 80842bdb44855dd7f1dde64a3fa9f4e782310fc7
Fixes the failing tlsfuzzer lucky 13 test case.
ok beck inoguchi
