From b1a4775310a4e30d8fd5c1cc91e60971f922e64a Mon Sep 17 00:00:00 2001
From: Zbigniew Halas <zhalas@gmail.com>
Date: Wed, 27 Feb 2013 23:44:02 +0000
Subject: [PATCH] epass2003: properly disable padding

EVP_CIPHER_CTX_set_padding needs to be called after EVP_EncryptInit_ex
and EVP_DecryptInit_ex, otherwise padding is re-enabled, which in turn
causes buffer overruns
---
 src/libopensc/card-epass2003.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/libopensc/card-epass2003.c b/src/libopensc/card-epass2003.c
index 80088b9..6f04573 100644
--- a/src/libopensc/card-epass2003.c
+++ b/src/libopensc/card-epass2003.c
@@ -117,8 +117,8 @@
 
 	memcpy(iv_tmp, iv, EVP_MAX_IV_LENGTH);
 	EVP_CIPHER_CTX_init(&ctx);
-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
 	EVP_EncryptInit_ex(&ctx, cipher, NULL, key, iv_tmp);
+	EVP_CIPHER_CTX_set_padding(&ctx, 0);
 
 	if (!EVP_EncryptUpdate(&ctx, output, &outl, input, length))
 		goto out;
@@ -146,8 +146,8 @@
 
 	memcpy(iv_tmp, iv, EVP_MAX_IV_LENGTH);
 	EVP_CIPHER_CTX_init(&ctx);
-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
 	EVP_DecryptInit_ex(&ctx, cipher, NULL, key, iv_tmp);
+	EVP_CIPHER_CTX_set_padding(&ctx, 0);
 
 	if (!EVP_DecryptUpdate(&ctx, output, &outl, input, length))
 		goto out;
-- 
1.8.4