Add a comment noting the padding oracle.

author Emilia Kasper <emilia@openssl.org>

Wed, 17 Dec 2014 11:25:28 +0000 (12:25 +0100)

committer Emilia Kasper <emilia@openssl.org>

Wed, 17 Dec 2014 13:56:25 +0000 (14:56 +0100)
author Emilia Kasper <emilia@openssl.org>
Wed, 17 Dec 2014 11:25:28 +0000 (12:25 +0100)
committer Emilia Kasper <emilia@openssl.org>
Wed, 17 Dec 2014 13:56:25 +0000 (14:56 +0100)
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c

index e3e11479692c97d0ff35f9e6fd8dcc53086dc5a3..2e863ac54204ec8c2693ee88926c791e967f66dc 100644 (file)
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -533,6 +533,11 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
                         return(0);
                         }
                 OPENSSL_assert(b <= sizeof ctx->final);
+
+               /*
+                * The following assumes that the ciphertext has been authenticated.
+                * Otherwise it provides a padding oracle.
+                */
                 n=ctx->final[b-1];
                 if (n == 0 || n > (int)b)
                         {
author	Emilia Kasper <emilia@openssl.org>
	Wed, 17 Dec 2014 11:25:28 +0000 (12:25 +0100)
committer	Emilia Kasper <emilia@openssl.org>
	Wed, 17 Dec 2014 13:56:25 +0000 (14:56 +0100)