From e7e87b3c4e5979ab81e924c3f1d26b7a28edbf74 Mon Sep 17 00:00:00 2001
From: nahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 28 Jul 2011 13:48:05 +0000
Subject: * ext/openssl/ossl_cipher.c (ossl_cipher_initialize): Avoid possible 
  SEGV from AES encryption/decryption. Processing data by   Cipher#update
 without initializing key (meaningless usage of Cipher   object since we don't
 offer a way to export a key) could cause SEGV.

  In OpenSSL, the EVP which has EVP_CIPH_RAND_KEY flag (such as DES3)
  allows uninitialized key, but other EVPs (such as AES) does not
  allow it. Calling EVP_CipherUpdate() without initializing key causes
  SEGV so we set the data filled with "\0" as the key by default. See
  #2768.

* test/openssl/test_cipher.rb: test it.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32723 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 test/openssl/test_cipher.rb | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'test/openssl')

diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb
index 70c963bbb0..eb2f4fec57 100644
--- a/test/openssl/test_cipher.rb
+++ b/test/openssl/test_cipher.rb
@@ -90,6 +90,15 @@ class OpenSSL::TestCipher < Test::Unit::TestCase
         assert_equal(pt, c2.update(ct) + c2.final)
       }
     end
+
+    def test_AES_crush
+      500.times do
+        assert_nothing_raised("[Bug #2768]") do
+          # it caused OpenSSL SEGV by uninitialized key
+          OpenSSL::Cipher::AES128.new("ECB").update "." * 17
+        end
+      end
+    end
   end
 end
 
-- 
cgit v1.2.3