Add a comment noting the padding oracle.

[openssl.git] / crypto / evp / evp_enc.c

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 177fe43ac6da6b3dc164fd892f2b6b7489f4ea00..757c5ae6f652aa592ca5e70a967ff1f5742c5856 100644 (file)
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -174,7 +174,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                        {
                        const EVP_CIPHER *fcipher;
                        if (cipher)
-                               fcipher = FIPS_get_cipherbynid(EVP_CIPHER_type(cipher));
+                               fcipher = evp_get_fips_cipher(cipher);
                        if (fcipher)
                                cipher = fcipher;
                        return FIPS_cipherinit(ctx, cipher, key, iv, enc);
@@ -549,6 +549,11 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
                        return(0);
                        }
                OPENSSL_assert(b <= sizeof ctx->final);
+
+               /*
+                * The following assumes that the ciphertext has been authenticated.
+                * Otherwise it provides a padding oracle.
+                */
                n=ctx->final[b-1];
                if (n == 0 || n > (int)b)
                        {
@@ -694,4 +699,3 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
                return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
        return 1;
        }
-