[openssl/openssl] 87ceff: evp enc: cache cipher IV length
Pauli
noreply at github.com
Fri Aug 19 10:15:03 UTC 2022
Branch: refs/heads/openssl-3.0
Home: https://github.com/openssl/openssl
Commit: 87ceff925f5f1d43dac0413f36c8b7bba94e4a41
https://github.com/openssl/openssl/commit/87ceff925f5f1d43dac0413f36c8b7bba94e4a41
Author: Pauli <pauli at openssl.org>
Date: 2022-08-19 (Fri, 19 Aug 2022)
Changed paths:
M crypto/evp/evp_enc.c
M crypto/evp/evp_lib.c
M crypto/evp/evp_local.h
Log Message:
-----------
evp enc: cache cipher IV length
Instead of doing a heavy params based query every time a context is asked for
its IV length, this value is cached in the context and only queried if it could
have been modified.
Fixes #17064
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18995)
Commit: 2e4b074800a293c5f3049286116a0a5030ea9312
https://github.com/openssl/openssl/commit/2e4b074800a293c5f3049286116a0a5030ea9312
Author: Pauli <pauli at openssl.org>
Date: 2022-08-19 (Fri, 19 Aug 2022)
Changed paths:
M crypto/evp/evp_lib.c
Log Message:
-----------
Fix bug in EVP_CIPHER_CTX_get_iv_length()
Out of range values could possibly be returned due to a lack of range checking.
Very unlikely to be exploitable for our provider because sensible values are
returned for all ciphers.
Also fixed the defaulting code so that the cipher's IV length is returned if
the cipher ctx doesn't support getting.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18995)
Compare: https://github.com/openssl/openssl/compare/d3072f3f3ba3...2e4b074800a2
More information about the openssl-commits
mailing list