Hi
We've been testing OpenSSL 1.0.2 AES-CBC, and we encountered a seg fault
when the input length is less than a block size.
Looking at e_aes.c, aes_cbc_cipher() doesn't have the length check seen
in aes_ecb_cipher().
I patched aes_cbc_cipher() as follows, and that seems to fix the seg
fault issue.
--- openssl-1.0.1e/crypto/evp/e_aes.c Tue Jul 2 11:03:12 2013
+++ openssl-1.0.1e/crypto/evp/e_aes.c.new Tue Jul 2 11:04:56 2013
@@ -574,8 +574,11 @@
static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
const unsigned char *in, size_t len)
{
+ size_t bl = ctx->cipher->block_size;
EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
+ if (len<bl) return 1;
+
if (dat->stream.cbc)
(*dat->stream.cbc)(in,out,len,&dat->ks,ctx->iv,ctx->encrypt);
else if (ctx->encrypt)
Any help in integrating this fix is much appreciated.
Thank you
-- misaki
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
