Commit 5b331ab7 authored by Bodo Möller's avatar Bodo Möller
Browse files

We should check the eight bytes starting at p[-9] for rollback attack 

detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK
will be larger than necessary.

PR: 1695
parent dd6f479e

crypto/rsa/rsa_ssl.c

+1 −1
Original line number Diff line number Diff line
@@ -130,7 +130,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, 
		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING);

		return(-1);

		}

	for (k= -8; k<0; k++)

	for (k = -9; k<-1; k++)

		{

		if (p[k] !=  0x03) break;

		}