Thank you so much for addressing the issue, Andy!
AES-ECB was not suffering from the issue as aes_ecb_cipher() was already
checking the input length.
However, you are right that the problem probably exists in DES as well.
We'll verify your fix and get back to you.
Thank you.
Best Regards,
-- misaki
On 03/07/14 03:56, Andy Polyakov via RT wrote:
We've been testing OpenSSL 1.0.2 AES-CBC, and we encountered a seg fault
when the input length is less than a block size.
Looking at e_aes.c, aes_cbc_cipher() doesn't have the length check seen
in aes_ecb_cipher().
I patched aes_cbc_cipher() as follows, and that seems to fix the seg
fault issue.
Could you elaborate on SEGV? I mean basically it shouldn't happen in
sense that caller, which is EVP, should not call this function with
length non-divisible by cipher block size. Of course there is corner
case of 0 being divisible by cipher block size. So that it might be more
appropriate to check for len==0 when returning 1 indicating success.
Meaning that ECB might have to be modified accordingly.
AES-CBC is not the only one that should suffer from this and for the
moment I've chosen to patch assembly modules in
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=cc6dc9b2294f7dd59899452470b4bbeaed1eb57d.
Yes, it's kind of quick-n-dirty resolution, as we arguably need more
sanity checks in *_cipher methods...
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
