Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Do not ignore empty associated data with AES-SIV mode
The AES-SIV mode allows for multiple associated data items authenticated separately with any of these being 0 length. The provided implementation ignores such empty associated data which is incorrect in regards to the RFC 5297 and is also a security issue because such empty associated data then become unauthenticated if an application expects to authenticate them. Fixes CVE-2023-2975 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #21384) (cherry picked from commit c426c28)
- Loading branch information