f643deac41
There are two copy-paste errors in handling CTR mode. When dealing with a 2 or 3 block tail, the code branches to the CBC decryption exit path, rather than to the CTR exit path. This can lead to data corruption: in the Linux kernel we have a copy of this file, and the bug leads to corruption of the IV, which leads to data corruption when we call the encryption function again later to encrypt subsequent blocks. Originally reported to the Linux kernel by Ondrej Mosnáček <omosnacek@gmail.com> CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8510) |
||
|---|---|---|
| .. | ||
| asm | ||
| aes_cbc.c | ||
| aes_cfb.c | ||
| aes_core.c | ||
| aes_ecb.c | ||
| aes_ige.c | ||
| aes_locl.h | ||
| aes_misc.c | ||
| aes_ofb.c | ||
| aes_wrap.c | ||
| aes_x86core.c | ||
| build.info | ||