generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add a comment noting the padding oracle.

Browse Source 
Reviewed-by: Andy Polyakov <appro@openssl.org>
This commit is contained in:
Emilia Kasper 2014-12-17 12:25:28 +01:00
parent 4ad2d3ac0e
commit 03af843039
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
crypto/evp/evp_enc.c
View File

@ -524,6 +524,11 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
return(0); return(0);
} }
OPENSSL_assert(b <= sizeof ctx->final); OPENSSL_assert(b <= sizeof ctx->final);
/*
* The following assumes that the ciphertext has been authenticated.
* Otherwise it provides a padding oracle.
*/
n=ctx->final[b-1]; n=ctx->final[b-1];
if (n == 0 || n > (int)b) if (n == 0 || n > (int)b)
{ {