[openssl/openssl] 54b5ae: Fix BIO_f_cipher() flushing
Matt Caswell
noreply at github.com
Thu Dec 22 10:07:07 UTC 2022
Branch: refs/heads/openssl-3.1
Home: https://github.com/openssl/openssl
Commit: 54b5aeb94c34cc78166dec7cf756c12ee858eb29
https://github.com/openssl/openssl/commit/54b5aeb94c34cc78166dec7cf756c12ee858eb29
Author: Matt Caswell <matt at openssl.org>
Date: 2022-12-22 (Thu, 22 Dec 2022)
Changed paths:
M crypto/evp/bio_enc.c
Log Message:
-----------
Fix BIO_f_cipher() flushing
If an error occurs during a flush on a BIO_f_cipher() then in some cases
we could get into an infinite loop. We add a check to make sure we are
making progress during flush and exit if not.
This issue was reported by Octavio Galland who also demonstrated an
infinite loop in CMS encryption as a result of this bug.
The security team has assessed this issue as not a CVE. This occurs on
*encryption* only which is typically processing trusted data. We are not
aware of a way to trigger this with untrusted data.
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19919)
Commit: 6259cf34eab1abdcfde12b7b3892b4780844091b
https://github.com/openssl/openssl/commit/6259cf34eab1abdcfde12b7b3892b4780844091b
Author: Matt Caswell <matt at openssl.org>
Date: 2022-12-22 (Thu, 22 Dec 2022)
Changed paths:
M crypto/asn1/asn_mime.c
M test/bio_memleak_test.c
Log Message:
-----------
Fix SMIME_crlf_copy() to properly report an error
If the BIO unexpectedly fails to flush then SMIME_crlf_copy() was not
correctly reporting the error. We modify it to properly propagate the
error condition.
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19919)
Commit: 903e96599b53639d6a72f9b05514f93136eaf03b
https://github.com/openssl/openssl/commit/903e96599b53639d6a72f9b05514f93136eaf03b
Author: Matt Caswell <matt at openssl.org>
Date: 2022-12-22 (Thu, 22 Dec 2022)
Changed paths:
M crypto/asn1/bio_asn1.c
Log Message:
-----------
Fix BIO_f_asn1() to properly report some errors
Some things that may go wrong in asn1_bio_write() are serious errors
that should be reported as -1, rather than 0 (which just means "we wrote
no data").
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19919)
Commit: cc122995d1fa12fb8f93562e0aca4a62cd83fc5b
https://github.com/openssl/openssl/commit/cc122995d1fa12fb8f93562e0aca4a62cd83fc5b
Author: Matt Caswell <matt at openssl.org>
Date: 2022-12-22 (Thu, 22 Dec 2022)
Changed paths:
M crypto/cms/cms_enc.c
M crypto/cms/cms_err.c
M crypto/err/openssl.txt
M include/openssl/cmserr.h
Log Message:
-----------
Ensure ossl_cms_EncryptedContent_init_bio() reports an error on no OID
If the cipher being used in ossl_cms_EncryptedContent_init_bio() has no
associated OID then we should report an error rather than continuing on
regardless. Continuing on still ends up failing - but later on and with a
more cryptic error message.
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19919)
Commit: 0c5fe6e4e740e7150ecb9f0a1954ef085f1fcf10
https://github.com/openssl/openssl/commit/0c5fe6e4e740e7150ecb9f0a1954ef085f1fcf10
Author: Matt Caswell <matt at openssl.org>
Date: 2022-12-22 (Thu, 22 Dec 2022)
Changed paths:
M test/recipes/80-test_cms.t
Log Message:
-----------
Add a CMS test for a bad encryption algorithm
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19919)
Compare: https://github.com/openssl/openssl/compare/92d86b387ead...0c5fe6e4e740
More information about the openssl-commits
mailing list