From 62a39773e9d0c4a686a3d8d2b6cca32f82c26cd7 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 12 Jun 2018 14:29:57 +0200
Subject: cbc_mac_verify: require minimum padding under SSL3.0

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/cipher.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/cipher.c b/lib/cipher.c
index 287f2e8c8a..8e7bd8227d 100644
--- a/lib/cipher.c
+++ b/lib/cipher.c
@@ -747,8 +747,12 @@ ciphertext_to_compressed(gnutls_session_t session,
 			 * because there is a timing channel in that memory access (in certain CPUs).
 			 */
 #ifdef ENABLE_SSL3
-			if (ver->id != GNUTLS_SSL3)
+			if (ver->id == GNUTLS_SSL3) {
+				if (pad >= blocksize)
+					pad_failed = 1;
+			} else
 #endif
+			{
 				for (i = 2; i <= MIN(256, ciphertext->size); i++) {
 					tmp_pad_failed |=
 					    (compressed->
@@ -756,6 +760,7 @@ ciphertext_to_compressed(gnutls_session_t session,
 					pad_failed |=
 					    ((i <= (1 + pad)) & (tmp_pad_failed));
 				}
+			}
 
 			if (unlikely
 			    (pad_failed != 0
-- 
cgit v1.2.1