Please sign in to comment.
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
crypto/evp: harden RC4_MD5 cipher.
Originally a crash in 32-bit build was reported CHACHA20-POLY1305 cipher. The crash is triggered by truncated packet and is result of excessive hashing to the edge of accessible memory (or bogus MAC value is produced if x86 MD5 assembly module is involved). Since hash operation is read-only it is not considered to be exploitable beyond a DoS condition. Thanks to Robert Święcki for report. CVE-2017-3731 Reviewed-by: Rich Salz <email@example.com>
- Loading branch information