Around line 519 in evp_enc.c:
// Line 519 below
if (b > 1)
{
if (ctx->buf_len || !ctx->final_used)
{
EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
return(0);
}
OPENSSL_assert(b <= sizeof ctx->final);
n=ctx->final[b-1];
// Line 528 below
if (n == 0 || n > (int)b)
{
EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
return(0);
}
for (i=0; i<n; i++)
{
// Line 535 below
if (ctx->final[--b] != n)
{
EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
return(0);
}
}
n=ctx->cipher->block_size-n;
for (i=0; i<n; i++)
out[i]=ctx->final[i];
*outl=n;
}
The line at 535 looks like it could leak information.
And to some extent, it looks like the line at 528 could also leak. The
528 leak looks equivalent to ctx->final[b-1] != n (i.e., the first
test of Line 535).
**********
$ git pull
Already up-to-date.
$ git log --name-status HEAD^..HEAD
commit a5a317872869255ab61565f487cd4467a3756fc7
Author: Rich Salz <[email protected]>
Date: Wed Jul 2 23:18:39 2014 -0400
RT3408; fix some (not all suggested) typo's in openssl.cnf
M apps/openssl.cnf
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
