diff options
author | Emilia Kasper <emilia@openssl.org> | 2014-12-17 12:25:28 +0100 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2014-12-17 14:55:47 +0100 |
commit | 9ca2cc78a98297091f4e264e2378312ab906a93c (patch) | |
tree | 6b03b15710a1f58f4c42d9f85a67dcae48a69a67 /crypto/evp | |
parent | 0cf552230ee1508b903e8b76462ce4c648e68bc5 (diff) |
Add a comment noting the padding oracle.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 03af843039af758fc9bbb4ae6c09ec2bc715f2c5)
Diffstat (limited to 'crypto/evp')
-rw-r--r-- | crypto/evp/evp_enc.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index a3d231dd20..757c5ae6f6 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -549,6 +549,11 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) return(0); } OPENSSL_assert(b <= sizeof ctx->final); + + /* + * The following assumes that the ciphertext has been authenticated. + * Otherwise it provides a padding oracle. + */ n=ctx->final[b-1]; if (n == 0 || n > (int)b) { |