From e0741a5912e5da654a7fdda7d468997aae547970 Mon Sep 17 00:00:00 2001 From: Logan007 Date: Thu, 26 Mar 2020 09:44:03 +0100 Subject: [PATCH] added additional length check after evp-en/decryption --- transform_aes.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/transform_aes.c b/transform_aes.c index d8e1831..6db3569 100644 --- a/transform_aes.c +++ b/transform_aes.c @@ -155,6 +155,9 @@ static int transop_encode_aes( n2n_trans_op_t * arg, evp_ciphertext_len = evp_len; if (1 == EVP_EncryptFinal_ex(ctx, outbuf + TRANSOP_AES_PREAMBLE_SIZE + evp_len, &evp_len)) { evp_ciphertext_len += evp_len; + if ( evp_ciphertext_len != len2) + traceEvent (TRACE_ERROR, "encode_aes openssl encryption: encrypted %u bytes where %u were expected.\n", + evp_ciphertext_len, len2); } else traceEvent(TRACE_ERROR, "encode_aes openssl final encryption: %s\n", openssl_err_as_string()); } else @@ -223,10 +226,13 @@ static int transop_decode_aes( n2n_trans_op_t * arg, evp_plaintext_len = evp_len; if (1 == EVP_DecryptFinal_ex(ctx, assembly + evp_len, &evp_len)) { evp_plaintext_len += evp_len; + if ( evp_plaintext_len != len) + traceEvent (TRACE_ERROR, "encode_aes openssl decryption: decrypted %u bytes where %u were expected.\n", + evp_plaintext_len, len); } else - traceEvent(TRACE_ERROR, "decode_aes openssl final encryption: %s\n", openssl_err_as_string()); + traceEvent(TRACE_ERROR, "decode_aes openssl final decryption: %s\n", openssl_err_as_string()); } else - traceEvent(TRACE_ERROR, "decode_aes openssl encrpytion: %s\n", openssl_err_as_string()); + traceEvent(TRACE_ERROR, "decode_aes openssl decrpytion: %s\n", openssl_err_as_string()); } else traceEvent(TRACE_ERROR, "decode_aes openssl padding setup: %s\n", openssl_err_as_string()); } else