[gnutls-devel] [PATCH] Handle zero length plaintext for VIA PadLock functions

Matthias-Christian Ott ott at mirix.org
Tue Dec 30 02:14:51 CET 2014


If the plaintext is shorter than the block size of the used cipher,
_gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with
textlen = 0. padlock_ecb_encrypt and padlock_cbc_encrypt assume that the
plaintext length (last parameter) is greater than zero and segfault
otherwise. The assembler code for both functions is automatically
generated and imported from OpenSSL, so to ease maintenance the length
should be validated in the functions that call padlock_ecb_encrypt or
padlock_cbc_encrypt.
---
 lib/accelerated/x86/aes-gcm-padlock.c | 3 ++-
 lib/accelerated/x86/aes-padlock.c     | 6 ++++--
 2 files changed, 6 insertions(+), 3 deletions(-)




-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Handle-zero-length-plaintext-for-VIA-PadLock-functio.patch
Type: text/x-patch
Size: 1221 bytes
Desc: not available
URL: </pipermail/attachments/20141230/189b76cf/attachment-0001.bin>


More information about the Gnutls-devel mailing list