Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
security/openssl31: Security fix for CVE-2023-2975
Security: 41c60e16-2405-11ee-a0d1-84a93843eb75
- Loading branch information
Showing
2 changed files
with
56 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| From 6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc Mon Sep 17 00:00:00 2001 | ||
| From: Tomas Mraz <tomas@openssl.org> | ||
| Date: Tue, 4 Jul 2023 17:30:35 +0200 | ||
| Subject: [PATCH] Do not ignore empty associated data with AES-SIV mode | ||
|
|
||
| The AES-SIV mode allows for multiple associated data items | ||
| authenticated separately with any of these being 0 length. | ||
|
|
||
| The provided implementation ignores such empty associated data | ||
| which is incorrect in regards to the RFC 5297 and is also | ||
| a security issue because such empty associated data then become | ||
| unauthenticated if an application expects to authenticate them. | ||
|
|
||
| Fixes CVE-2023-2975 | ||
|
|
||
| Reviewed-by: Matt Caswell <matt@openssl.org> | ||
| Reviewed-by: Paul Dale <pauli@openssl.org> | ||
| (Merged from https://github.com/openssl/openssl/pull/21384) | ||
|
|
||
| (cherry picked from commit c426c281cfc23ab182f7d7d7a35229e7db1494d9) | ||
| --- | ||
| .../implementations/ciphers/cipher_aes_siv.c | 18 +++++++++++------- | ||
| 1 file changed, 11 insertions(+), 7 deletions(-) | ||
|
|
||
| diff --git a/providers/implementations/ciphers/cipher_aes_siv.c b/providers/implementations/ciphers/cipher_aes_siv.c | ||
| index 45010b90db2a..b396c8651a32 100644 | ||
| --- providers/implementations/ciphers/cipher_aes_siv.c.orig | ||
| +++ providers/implementations/ciphers/cipher_aes_siv.c | ||
| @@ -120,14 +120,18 @@ static int siv_cipher(void *vctx, unsigned char *out, size_t *outl, | ||
| if (!ossl_prov_is_running()) | ||
| return 0; | ||
|
|
||
| - if (inl == 0) { | ||
| - *outl = 0; | ||
| - return 1; | ||
| - } | ||
| + /* Ignore just empty encryption/decryption call and not AAD. */ | ||
| + if (out != NULL) { | ||
| + if (inl == 0) { | ||
| + if (outl != NULL) | ||
| + *outl = 0; | ||
| + return 1; | ||
| + } | ||
|
|
||
| - if (outsize < inl) { | ||
| - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); | ||
| - return 0; | ||
| + if (outsize < inl) { | ||
| + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); | ||
| + return 0; | ||
| + } | ||
| } | ||
|
|
||
| if (ctx->hw->cipher(ctx, out, in, inl) <= 0) |