New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Always reset IV for CBC mode on cipher context reinitialization #14811
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CFB mode was mentioned in the bug report. Is that covered here?
Good catch! Actually both CFB and OFB modes need this as well. |
This is necessary to keep compatibility with 1.1.1 implementation of the CBC, OFB, and CFB mode ciphers. Fixes openssl#14704
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One wonders if we should support this IV reset for all mode?
Or do we want it to go away quietly?
IIRC these are the only modes for which the "IV" changes -- the other modes don't need a reset because it would be a noop. |
24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually. |
Merged to master. Thank you for the review! |
This is necessary to keep compatibility with 1.1.1 implementation
of the CBC mode ciphers.
Fixes #14704
Checklist