CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2020/06/05 12:44:42
Modified files:
lib/libcrypto/evp: e_aes.c
Log message:
Add a custom copy handler for AES key wrap
This is necessary because ctx->cipher_data is an EVP_AES_WRAP_CTX
containing a pointer to ctx->iv. EVP_CIPHER_CTX_copy() uses memcpy
to copy cipher_data to the target struct. The result is that the
copy contains a pointer to the wrong struct, which then leads to a
use-after-free. The custom copy handler fixes things up to avoid
that.
Issue reported by Guido Vranken
ok beck inoguchi jsing
