Skip to content
Commit 00d96547 authored by Andy Polyakov's avatar Andy Polyakov Committed by Matt Caswell
Browse files

crypto/evp: harden AEAD ciphers.



Originally a crash in 32-bit build was reported CHACHA20-POLY1305
cipher. The crash is triggered by truncated packet and is result
of excessive hashing to the edge of accessible memory. Since hash
operation is read-only it is not considered to be exploitable
beyond a DoS condition. Other ciphers were hardened.

Thanks to Robert Święcki for report.

CVE-2017-3731

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent f3a7e57c
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment