minor bug in EVP_DecryptFinal_ex

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

minor bug in EVP_DecryptFinal_ex

K.S.Sreeram
when block padding is used, byte value 0 can never
be the final byte of the padded plain text, the only
valid range is [1 .. block_size].
The check for 0 is not performed when detecting
malformed padding in EVP_DecryptFinal_ex.
I've attached the one-line patch for this.

regards
Sreeram

diff -ur openssl-0.9.8-orig/crypto/evp/evp_enc.c openssl-0.9.8/crypto/evp/evp_enc.c
--- openssl-0.9.8-orig/crypto/evp/evp_enc.c 2005-05-11 09:15:30.000000000 +0530
+++ openssl-0.9.8/crypto/evp/evp_enc.c 2005-07-19 01:27:38.378272000 +0530
@@ -449,7 +449,7 @@
  }
  OPENSSL_assert(b <= sizeof ctx->final);
  n=ctx->final[b-1];
- if (n > (int)b)
+ if ( (n == 0) || (n > (int)b) )
  {
  EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
  return(0);
Reply | Threaded
Open this post in threaded view
|

Re: minor bug in EVP_DecryptFinal_ex

Nils Larsch
K S Sreeram wrote:
> when block padding is used, byte value 0 can never
> be the final byte of the padded plain text, the only
> valid range is [1 .. block_size].
> The check for 0 is not performed when detecting
> malformed padding in EVP_DecryptFinal_ex.
> I've attached the one-line patch for this.

ok, fixed.

Thanks,
Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]