Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
crypto/evp: harden AEAD ciphers.
Originally a crash in 32-bit build was reported CHACHA20-POLY1305 cipher. The crash is triggered by truncated packet and is result of excessive hashing to the edge of accessible memory. Since hash operation is read-only it is not considered to be exploitable beyond a DoS condition. Other ciphers were hardened. Thanks to Robert Święcki for report. CVE-2017-3731 Reviewed-by: Rich Salz <rsalz@openssl.org>
- Loading branch information
Showing
with
15 additions
and 4 deletions.
- +12 −2 crypto/evp/e_aes.c
- +3 −2 crypto/evp/e_chacha20_poly1305.c