[openssl/openssl] e51dd6: Fix BIO_f_cipher() flushing
Matt Caswell
noreply at github.com
Thu Dec 22 10:05:09 UTC 2022
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: e51dd6ee1bac6b54debea3f48c6f58b761229b73
https://github.com/openssl/openssl/commit/e51dd6ee1bac6b54debea3f48c6f58b761229b73
Author: Matt Caswell <matt at openssl.org>
Date: 2022-12-22 (Thu, 22 Dec 2022)
Changed paths:
M crypto/evp/bio_enc.c
Log Message:
-----------
Fix BIO_f_cipher() flushing
If an error occurs during a flush on a BIO_f_cipher() then in some cases
we could get into an infinite loop. We add a check to make sure we are
making progress during flush and exit if not.
This issue was reported by Octavio Galland who also demonstrated an
infinite loop in CMS encryption as a result of this bug.
The security team has assessed this issue as not a CVE. This occurs on
*encryption* only which is typically processing trusted data. We are not
aware of a way to trigger this with untrusted data.
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19918)
Commit: 9e5bd8923bff3e4f0cbba05c7dadfe289c66eb6f
https://github.com/openssl/openssl/commit/9e5bd8923bff3e4f0cbba05c7dadfe289c66eb6f
Author: Matt Caswell <matt at openssl.org>
Date: 2022-12-22 (Thu, 22 Dec 2022)
Changed paths:
M crypto/asn1/asn_mime.c
M test/bio_memleak_test.c
Log Message:
-----------
Fix SMIME_crlf_copy() to properly report an error
If the BIO unexpectedly fails to flush then SMIME_crlf_copy() was not
correctly reporting the error. We modify it to properly propagate the
error condition.
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19918)
Commit: 0f48050b5a8881870b8e25382f817b3a3dc14f16
https://github.com/openssl/openssl/commit/0f48050b5a8881870b8e25382f817b3a3dc14f16
Author: Matt Caswell <matt at openssl.org>
Date: 2022-12-22 (Thu, 22 Dec 2022)
Changed paths:
M crypto/asn1/bio_asn1.c
Log Message:
-----------
Fix BIO_f_asn1() to properly report some errors
Some things that may go wrong in asn1_bio_write() are serious errors
that should be reported as -1, rather than 0 (which just means "we wrote
no data").
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19918)
Commit: bf3f8f2c0ea7bdfb007079aade8e01a06e79874f
https://github.com/openssl/openssl/commit/bf3f8f2c0ea7bdfb007079aade8e01a06e79874f
Author: Matt Caswell <matt at openssl.org>
Date: 2022-12-22 (Thu, 22 Dec 2022)
Changed paths:
M crypto/cms/cms_enc.c
M crypto/cms/cms_err.c
M crypto/err/openssl.txt
M include/openssl/cmserr.h
Log Message:
-----------
Ensure ossl_cms_EncryptedContent_init_bio() reports an error on no OID
If the cipher being used in ossl_cms_EncryptedContent_init_bio() has no
associated OID then we should report an error rather than continuing on
regardless. Continuing on still ends up failing - but later on and with a
more cryptic error message.
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19918)
Commit: 5a8fcd27bb1be7db7945adb77125015553efdbdd
https://github.com/openssl/openssl/commit/5a8fcd27bb1be7db7945adb77125015553efdbdd
Author: Matt Caswell <matt at openssl.org>
Date: 2022-12-22 (Thu, 22 Dec 2022)
Changed paths:
M test/recipes/80-test_cms.t
Log Message:
-----------
Add a CMS test for a bad encryption algorithm
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19918)
Compare: https://github.com/openssl/openssl/compare/42061268ee8f...5a8fcd27bb1b
More information about the openssl-commits
mailing list