Segv at chacha/chacha-merged.c:107 #7
Comments
|
Fixed in OpenBSD, will be merged soon. Thanks for the report! |
|
fixed in d8ea561 |
busterb
pushed a commit
that referenced
this issue
Aug 20, 2019
Cryptographic Message Syntax (CMS) is a standard for cryptographically protecting messages, as defined in RFC 5652. It is derived from PKCS #7 version 1.5 and utilises various ASN.1 structures, making it complex and fairly heavyweight. Various protocols - including RPKI (RFC 6480) - have been built on top of it, which means it is necessary to support CMS, in order to support RPKI. This imports around 6,000 lines of code from OpenSSL 1.1.1, which is still under the original OpenSSL license. Further work will occur in tree. Requested by and discussed with many. ok deraadt@ tb@
botovq
pushed a commit
that referenced
this issue
Jan 25, 2024
The PKCS #7 ContentInfo has a mandatory contentType, but the content itself is OPTIONAL. Various unpacking API assumed presence of the content type is enough to access members of the content, resulting in crashes. Reported by Bahaa Naamneh on libressl-security, many thanks ok jsing
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When
EVP_CipherInit_excall withkey != NULLandiv == NULL,iv[n]are accessed without NULL check at https://github.com/libressl-portable/openbsd/blob/6e5b37ae2618b181b18de9cb33262259e681fb85/src/lib/libssl/src/crypto/chacha/chacha-merged.c#L108 .Related backtraces are https://gist.github.com/znz/5cfd09976460a406bb6d#file-backtrace-txt-L69-L72
The text was updated successfully, but these errors were encountered: