Skip to content
Commit 8e204996 authored by Andy Polyakov's avatar Andy Polyakov Committed by Matt Caswell
Browse files

crypto/evp: harden RC4_MD5 cipher.



Originally a crash in 32-bit build was reported CHACHA20-POLY1305
cipher. The crash is triggered by truncated packet and is result
of excessive hashing to the edge of accessible memory (or bogus
MAC value is produced if x86 MD5 assembly module is involved). Since
hash operation is read-only it is not considered to be exploitable
beyond a DoS condition.

Thanks to Robert Święcki for report.

CVE-2017-3731

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent f0deb4d3
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment