#
# Fixes a problem where SSH client triggered 0 len encrypt
# which made the aes_cbc_cipher() core dump the process.
#
--- openssl/crypto/evp/e_aes.c.orig	2019-07-19 15:43:26.458680387 +0200
+++ openssl/crypto/evp/e_aes.c	2019-07-19 15:44:07.982875147 +0200
@@ -2670,8 +2670,12 @@
 static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                           const unsigned char *in, size_t len)
 {
-    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+    size_t bl = ctx->cipher->block_size;
+    EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
 
+    if (len < bl)
+        return 1;
+
     if (dat->stream.cbc)
         (*dat->stream.cbc) (in, out, len, &dat->ks,
                             EVP_CIPHER_CTX_iv_noconst(ctx),