source-changes: CVS commit: [netbsd-1-6] src/crypto/dist/openssl/ssl

Subject: CVS commit: [netbsd-1-6] src/crypto/dist/openssl/ssl
To: None <source-changes@netbsd.org>
From: Matthias Scheler <tron@netbsd.org>
List: source-changes
Date: 02/20/2003 11:51:57

Module Name:	src
Committed By:	tron
Date:		Thu Feb 20 09:51:56 UTC 2003

Modified Files:
	src/crypto/dist/openssl/ssl [netbsd-1-6]: s3_pkt.c

Log Message:
Pull up revision 1.2 (requested by wiz in ticket #1179):
In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
via timing by performing a MAC computation even if incorrect
block cipher padding has been found.  This is a countermeasure
against active attacks where the attacker has to distinguish
between bad padding and a MAC verification error. (CAN-2003-0078)


To generate a diff of this commit:
cvs rdiff -r1.1.1.3.2.1 -r1.1.1.3.2.2 src/crypto/dist/openssl/ssl/s3_pkt.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.