[openssl/openssl] 5f69f5: evp: process key length and iv length early if pre...

Matt Caswell noreply at github.com
Tue Oct 24 13:59:25 UTC 2023


  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: 5f69f5c65e483928c4b28ed16af6e5742929f1ee
      https://github.com/openssl/openssl/commit/5f69f5c65e483928c4b28ed16af6e5742929f1ee
  Author: Pauli <pauli at openssl.org>
  Date:   2023-10-24 (Tue, 24 Oct 2023)

  Changed paths:
    M crypto/evp/evp_enc.c

  Log Message:
  -----------
  evp: process key length and iv length early if present

evp_cipher_init_internal() takes a params array argument and this is processed
late in the initialisation process for some ciphers (AEAD ones).

This means that changing the IV length as a parameter will either truncate the
IV (very bad if SP 800-38d section 8.2.1 is used) or grab extra uninitialised
bytes.

Truncation is very bad if SP 800-38d section 8.2.1 is being used to
contruct a deterministic IV.  This leads to an instant loss of confidentiality.

Grabbing extra bytes isn't so serious, it will most likely result in a bad
decryption.

Problem reported by Tony Battersby of Cybernetics.com but earlier discovered
and raised as issue #19822.

Fixes CVE-2023-5363
Fixes #19822

Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>


  Commit: 3f636830e4dcfe9b6ab57bef42c0b3a1de194399
      https://github.com/openssl/openssl/commit/3f636830e4dcfe9b6ab57bef42c0b3a1de194399
  Author: Pauli <pauli at openssl.org>
  Date:   2023-10-24 (Tue, 24 Oct 2023)

  Changed paths:
    M CHANGES.md
    M NEWS.md

  Log Message:
  -----------
  changes and news entries for CVE-2023-5363

Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>


  Commit: efce76073edc228bbbbc09e65aa076ad5f15ac2c
      https://github.com/openssl/openssl/commit/efce76073edc228bbbbc09e65aa076ad5f15ac2c
  Author: Pauli <pauli at openssl.org>
  Date:   2023-10-24 (Tue, 24 Oct 2023)

  Changed paths:
    M test/evp_extra_test.c

  Log Message:
  -----------
  test: add unit test for CVE-2023-5363

Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>


  Commit: e6e6113ebbbf9e9f871248cac09288af1f734853
      https://github.com/openssl/openssl/commit/e6e6113ebbbf9e9f871248cac09288af1f734853
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-10-24 (Tue, 24 Oct 2023)

  Changed paths:
    M apps/dhparam.c
    M apps/dsaparam.c
    M apps/gendsa.c
    M apps/genpkey.c
    M apps/genrsa.c
    M crypto/bn/bn_gcd.c
    M crypto/cms/cms_enc.c
    M crypto/dh/dh_key.c
    M crypto/dh/dh_lib.c
    M crypto/dsa/dsa_check.c
    M crypto/dsa/dsa_lib.c
    M crypto/engine/eng_pkey.c
    M crypto/evp/evp_rand.c
    M crypto/evp/legacy_sha.c
    M crypto/initthread.c
    M crypto/lhash/lhash.c
    M crypto/param_build_set.c
    M crypto/property/property_parse.c
    M crypto/rand/prov_seed.c
    M crypto/rand/rand_pool.c
    M crypto/rsa/rsa_backend.c
    M crypto/rsa/rsa_lib.c
    M doc/internal/man3/ossl_rand_get_entropy.pod
    M doc/man3/CMS_add1_signer.pod
    M doc/man3/DH_generate_parameters.pod
    M doc/man3/DSA_generate_parameters.pod
    M doc/man3/OPENSSL_LH_stats.pod
    M doc/man3/PKCS5_PBKDF2_HMAC.pod
    M doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod
    M doc/man3/SSL_CTX_set_info_callback.pod
    M doc/man3/d2i_PKCS8PrivateKey_bio.pod
    M doc/man7/EVP_RAND-TEST-RAND.pod
    M include/crypto/context.h
    M include/crypto/evp.h
    M include/crypto/rand.h
    M include/openssl/core_dispatch.h
    M include/openssl/evp.h
    M include/openssl/pkcs7.h.in
    M providers/baseprov.c
    M providers/common/provider_seeding.c
    M providers/fips/self_test_kats.c
    M providers/implementations/encode_decode/encode_key2text.c
    M providers/implementations/macs/kmac_prov.c
    M providers/implementations/rands/seed_src.c
    M providers/implementations/rands/test_rng.c
    M test/recipes/05-test_rand.t
    M test/rsa_test.c

  Log Message:
  -----------
  Copyright year updates


Reviewed-by: Tomas Mraz <tomas at openssl.org>
Release: yes


  Commit: d180ea2944694b4d329066e35e58d59baea50396
      https://github.com/openssl/openssl/commit/d180ea2944694b4d329066e35e58d59baea50396
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-10-24 (Tue, 24 Oct 2023)

  Changed paths:
    M providers/fips-sources.checksums
    M providers/fips.checksum

  Log Message:
  -----------
  make update


Reviewed-by: Tomas Mraz <tomas at openssl.org>
Release: yes


  Commit: 01d5e2318405362b4de5e670c90d9b40a351d053
      https://github.com/openssl/openssl/commit/01d5e2318405362b4de5e670c90d9b40a351d053
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-10-24 (Tue, 24 Oct 2023)

  Changed paths:
    M CHANGES.md
    M NEWS.md
    M VERSION.dat

  Log Message:
  -----------
  Prepare for release of 3.1.4


Reviewed-by: Tomas Mraz <tomas at openssl.org>
Release: yes


  Commit: 7b2163f485c51777cc812eb967076c1357ad663b
      https://github.com/openssl/openssl/commit/7b2163f485c51777cc812eb967076c1357ad663b
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-10-24 (Tue, 24 Oct 2023)

  Changed paths:
    M CHANGES.md
    M NEWS.md
    M VERSION.dat

  Log Message:
  -----------
  Prepare for 3.1.5


Reviewed-by: Tomas Mraz <tomas at openssl.org>
Release: yes


Compare: https://github.com/openssl/openssl/compare/742e766f0e19...7b2163f485c5


More information about the openssl-commits mailing list