Special credit to: Etienne Stalmans (SP) etie...@sensepost.com for
reporting the segfault in a first place!
On Sat, Apr 11, 2015 at 5:37 PM, Fedor Indutny via RT r...@openssl.org
wrote:
Hello!
aes-128-cbc-hmac-sha1, aes-256-cbc-hmac-sha1 ciphers expect the AEAD
payload, but fail to operate
Special credit to: Etienne Stalmans (SP) etie...@sensepost.com for
reporting the segfault in a first place!
On Sat, Apr 11, 2015 at 5:37 PM, Fedor Indutny via RT r...@openssl.org
wrote:
Hello!
aes-128-cbc-hmac-sha1, aes-256-cbc-hmac-sha1 ciphers expect the AEAD
payload, but fail to operate
Hello!
aes-128-cbc-hmac-sha1, aes-256-cbc-hmac-sha1 ciphers expect the AEAD
payload, but fail to operate if it wasn't supplied. In fact, in case of
absent payload - `plen` is going to be `NO_PAYLOAD_LENGTH` and the
memory will be corrupted (which sometimes leads to the crash).
NOTE: