From: Emilia Kasper <emilia@openssl.org>
Date: Wed, 17 Dec 2014 11:25:28 +0000 (+0100)
Subject: Add a comment noting the padding oracle.
X-Git-Tag: OpenSSL_1_0_2-pre-reformat~53
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9ca2cc78a98297091f4e264e2378312ab906a93c;p=openssl

Add a comment noting the padding oracle.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 03af843039af758fc9bbb4ae6c09ec2bc715f2c5)
---

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index a3d231dd20..757c5ae6f6 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -549,6 +549,11 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 			return(0);
 			}
 		OPENSSL_assert(b <= sizeof ctx->final);
+
+		/*
+		 * The following assumes that the ciphertext has been authenticated.
+		 * Otherwise it provides a padding oracle.
+		 */
 		n=ctx->final[b-1];
 		if (n == 0 || n > (int)b)
 			{