CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2020/06/19 15:26:40
Modified files: lib/libssl : s3_cbc.c Log message: We inherited the constant time CBC padding removal from BoringSSL, but missed a subsequent fix for an off-by-one in that code. If the first byte of a CBC padding of length 255 is mangled, we don't detect that. Adam Langley's BoringSSL commit 80842bdb44855dd7f1dde64a3fa9f4e782310fc7 Fixes the failing tlsfuzzer lucky 13 test case. ok beck inoguchi