Project

General

Profile

« Previous | Next » 

Revision e7e87b3c

Added by nahi (Hiroshi Nakamura) over 12 years ago

  • ext/openssl/ossl_cipher.c (ossl_cipher_initialize): Avoid possible
    SEGV from AES encryption/decryption. Processing data by
    Cipher#update without initializing key (meaningless usage of Cipher
    object since we don't offer a way to export a key) could cause SEGV.

    In OpenSSL, the EVP which has EVP_CIPH_RAND_KEY flag (such as DES3)
    allows uninitialized key, but other EVPs (such as AES) does not
    allow it. Calling EVP_CipherUpdate() without initializing key causes
    SEGV so we set the data filled with "\0" as the key by default. See
    #2768.

  • test/openssl/test_cipher.rb: test it.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32723 b2dd03c8-39d4-4d8f-98ff-823fe69b080e