From: Bodo Möller Date: Thu, 17 Jul 2008 22:11:24 +0000 (+0000) Subject: We should check the eight bytes starting at p[-9] for rollback attack X-Git-Tag: OpenSSL_0_9_8i~27 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=df1f7b4b0241ac52f6a67af0521566d857e8f038;p=oweals%2Fopenssl.git We should check the eight bytes starting at p[-9] for rollback attack detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK will be larger than necessary. PR: 1695 --- diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c index ea72629494..cfeff15bc9 100644 --- a/crypto/rsa/rsa_ssl.c +++ b/crypto/rsa/rsa_ssl.c @@ -130,7 +130,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING); return(-1); } - for (k= -8; k<0; k++) + for (k = -9; k<-1; k++) { if (p[k] != 0x03) break; }