Hi, > We've been testing OpenSSL 1.0.2 AES-CBC, and we encountered a seg fault > when the input length is less than a block size. > > Looking at e_aes.c, aes_cbc_cipher() doesn't have the length check seen > in aes_ecb_cipher(). > I patched aes_cbc_cipher() as follows, and that seems to fix the seg > fault issue.
Could you elaborate on SEGV? I mean basically it shouldn't happen in sense that caller, which is EVP, should not call this function with length non-divisible by cipher block size. Of course there is corner case of 0 being divisible by cipher block size. So that it might be more appropriate to check for len==0 when returning 1 indicating success. Meaning that ECB might have to be modified accordingly. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
