diff options
author | nahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-07-28 13:52:57 +0000 |
---|---|---|
committer | nahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-07-28 13:52:57 +0000 |
commit | be10ad2072798a82ceedf38456047f518dfe6da7 (patch) | |
tree | 0c9b049f020a2e7188a0a2a9611cf5a2487f2438 /test/openssl | |
parent | 02345202cad585f0750e3f3c022a377d61f57cc5 (diff) |
* backport r32723 from trunk.
* ext/openssl/ossl_cipher.c (ossl_cipher_initialize): Avoid possible
SEGV from AES encryption/decryption. Processing data by
Cipher#update without initializing key (meaningless usage of Cipher
object since we don't offer a way to export a key) could cause SEGV.
In OpenSSL, the EVP which has EVP_CIPH_RAND_KEY flag (such as DES3)
allows uninitialized key, but other EVPs (such as AES) does not
allow it. Calling EVP_CipherUpdate() without initializing key causes
SEGV so we set the data filled with "\0" as the key by default. See
#2768.
* test/openssl/test_cipher.rb: test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@32724 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/openssl')
-rw-r--r-- | test/openssl/test_cipher.rb | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb index 70c963bbb0..eb2f4fec57 100644 --- a/test/openssl/test_cipher.rb +++ b/test/openssl/test_cipher.rb @@ -90,6 +90,15 @@ class OpenSSL::TestCipher < Test::Unit::TestCase assert_equal(pt, c2.update(ct) + c2.final) } end + + def test_AES_crush + 500.times do + assert_nothing_raised("[Bug #2768]") do + # it caused OpenSSL SEGV by uninitialized key + OpenSSL::Cipher::AES128.new("ECB").update "." * 17 + end + end + end end end |