Please sign in to comment.
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
crypto/evp: harden AEAD ciphers.
Originally a crash in 32-bit build was reported CHACHA20-POLY1305 cipher. The crash is triggered by truncated packet and is result of excessive hashing to the edge of accessible memory. Since hash operation is read-only it is not considered to be exploitable beyond a DoS condition. Other ciphers were hardened. Thanks to Robert Święcki for report. CVE-2017-3731 Reviewed-by: Rich Salz <email@example.com>
- Loading branch information
Showing with 15 additions and 4 deletions.