20735615 Upgrade OpenSSL version to 1.0.1m
20735495 problem in LIBRARY/OPENSSL
20735520 problem in LIBRARY/OPENSSL
20735531 problem in LIBRARY/OPENSSL
20735537 problem in LIBRARY/OPENSSL
20735541 problem in LIBRARY/OPENSSL
20735555 problem in LIBRARY/OPENSSL
20735563 problem in LIBRARY/OPENSSL
20688058 problem in LIBRARY/OPENSSL
#
# This was developed in house and reported to the upstream.
#
--- openssl-1.0.1e/crypto/evp/e_aes.c Tue Jul 2 11:03:12 2013
+++ openssl-1.0.1e/crypto/evp/e_aes.c.new Tue Jul 2 11:04:56 2013
@@ -536,8 +536,12 @@
static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
+ size_t bl = ctx->cipher->block_size;
EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+ if (len < bl)
+ return 1;
+
if (dat->stream.cbc)
(*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, ctx->encrypt);
else if (ctx->encrypt)