[openssl/openssl] 6a83f0: Do not ignore empty associated data with AES-SIV mode

Tomáš Mráz noreply at github.com
Fri Jul 14 11:04:08 UTC 2023 

  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: 6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc
      https://github.com/openssl/openssl/commit/6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2023-07-14 (Fri, 14 Jul 2023)

  Changed paths:
    M providers/implementations/ciphers/cipher_aes_siv.c

  Log Message:
  -----------
  Do not ignore empty associated data with AES-SIV mode

The AES-SIV mode allows for multiple associated data items
authenticated separately with any of these being 0 length.

The provided implementation ignores such empty associated data
which is incorrect in regards to the RFC 5297 and is also
a security issue because such empty associated data then become
unauthenticated if an application expects to authenticate them.

Fixes CVE-2023-2975

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)

(cherry picked from commit c426c281cfc23ab182f7d7d7a35229e7db1494d9)


  Commit: 76214c4a8f3374b786811fdfeda3d98690f8faf4
      https://github.com/openssl/openssl/commit/76214c4a8f3374b786811fdfeda3d98690f8faf4
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2023-07-14 (Fri, 14 Jul 2023)

  Changed paths:
    M test/recipes/30-test_evp_data/evpciph_aes_siv.txt

  Log Message:
  -----------
  Add testcases for empty associated data entries with AES-SIV

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)

(cherry picked from commit 3993bb0c0c87e3ed0ab4274e4688aa814e164cfc)


  Commit: 3b9e2c776556e36f68b80bbb116581b7f18ca9ce
      https://github.com/openssl/openssl/commit/3b9e2c776556e36f68b80bbb116581b7f18ca9ce
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2023-07-14 (Fri, 14 Jul 2023)

  Changed paths:
    M CHANGES.md
    M NEWS.md

  Log Message:
  -----------
  Add CHANGES.md and NEWS.md entries for CVE-2023-2975

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)

(cherry picked from commit 1e398bec538978b9957e69bf9e12b3c626290bea)


Compare: https://github.com/openssl/openssl/compare/45cd2554efc8...3b9e2c776556

More information about the openssl-commits mailing list