merge openssl 0.9.6b-engine

Note that this is a maintenence release, API's appear *not* to have changed.
As such, I have only increased the minor number on these libraries

1 files changed, 14 insertions, 2 deletions

diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c
index d10a23af8eb..a0758e92614 100644
--- a/lib/libssl/t1_enc.c
+++ b/lib/libssl/t1_enc.c
@@ -420,7 +420,7 @@ int tls1_enc(SSL *s, int send)
 	if ((s->session == NULL) || (ds == NULL) ||
 		(enc == NULL))
 		{
-		memcpy(rec->data,rec->input,rec->length);
+		memmove(rec->data,rec->input,rec->length);
 		rec->input=rec->data;
 		}
 	else
@@ -447,11 +447,21 @@ int tls1_enc(SSL *s, int send)
 			rec->length+=i;
 			}
 
+		if (!send)
+			{
+			if (l == 0 || l%bs != 0)
+				{
+				SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
+				return(0);
+				}
+			}
+		
 		EVP_Cipher(ds,rec->data,rec->input,l);
 
 		if ((bs != 1) && !send)
 			{
-			ii=i=rec->data[l-1];
+			ii=i=rec->data[l-1]; /* padding_length */
 			i++;
 			if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
 				{
@@ -462,6 +472,8 @@ int tls1_enc(SSL *s, int send)
 				if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
 					i--;
 				}
+			/* TLS 1.0 does not bound the number of padding bytes by the block size.
+			 * All of them must have value 'padding_length'. */
 			if (i > (int)rec->length)
 				{
 				SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);