[openssl/openssl] 0df406: evp: process key length and iv length early if pre...
Matt Caswell
noreply at github.com
Tue Oct 24 13:59:27 UTC 2023
Branch: refs/heads/openssl-3.0
Home: https://github.com/openssl/openssl
Commit: 0df40630850fb2740e6be6890bb905d3fc623b2d
https://github.com/openssl/openssl/commit/0df40630850fb2740e6be6890bb905d3fc623b2d
Author: Pauli <pauli at openssl.org>
Date: 2023-10-24 (Tue, 24 Oct 2023)
Changed paths:
M crypto/evp/evp_enc.c
Log Message:
-----------
evp: process key length and iv length early if present
evp_cipher_init_internal() takes a params array argument and this is processed
late in the initialisation process for some ciphers (AEAD ones).
This means that changing the IV length as a parameter will either truncate the
IV (very bad if SP 800-38d section 8.2.1 is used) or grab extra uninitialised
bytes.
Truncation is very bad if SP 800-38d section 8.2.1 is being used to
contruct a deterministic IV. This leads to an instant loss of confidentiality.
Grabbing extra bytes isn't so serious, it will most likely result in a bad
decryption.
Problem reported by Tony Battersby of Cybernetics.com but earlier discovered
and raised as issue #19822.
Fixes CVE-2023-5363
Fixes #19822
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(cherry picked from commit 5f69f5c65e483928c4b28ed16af6e5742929f1ee)
Commit: 1449ba25899b94d4b4be8d478252996de0111c5d
https://github.com/openssl/openssl/commit/1449ba25899b94d4b4be8d478252996de0111c5d
Author: Pauli <pauli at openssl.org>
Date: 2023-10-24 (Tue, 24 Oct 2023)
Changed paths:
M CHANGES.md
M NEWS.md
Log Message:
-----------
changes and news entries for CVE-2023-5363
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(cherry picked from commit 3f636830e4dcfe9b6ab57bef42c0b3a1de194399)
Commit: e37f0fa3a2d7f50f48d2ad68adf13eba1fa0cc73
https://github.com/openssl/openssl/commit/e37f0fa3a2d7f50f48d2ad68adf13eba1fa0cc73
Author: Pauli <pauli at openssl.org>
Date: 2023-10-24 (Tue, 24 Oct 2023)
Changed paths:
M test/evp_extra_test.c
Log Message:
-----------
test: add unit test for CVE-2023-5363
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(cherry picked from commit efce76073edc228bbbbc09e65aa076ad5f15ac2c)
Commit: f3cb3697ac64bcb97104171c6ee575be5131820c
https://github.com/openssl/openssl/commit/f3cb3697ac64bcb97104171c6ee575be5131820c
Author: Matt Caswell <matt at openssl.org>
Date: 2023-10-24 (Tue, 24 Oct 2023)
Changed paths:
M apps/dhparam.c
M apps/dsaparam.c
M apps/gendsa.c
M apps/genpkey.c
M apps/genrsa.c
M crypto/arm_arch.h
M crypto/bn/bn_gcd.c
M crypto/cms/cms_enc.c
M crypto/dh/dh_key.c
M crypto/dh/dh_lib.c
M crypto/dsa/dsa_check.c
M crypto/dsa/dsa_lib.c
M crypto/engine/eng_pkey.c
M crypto/evp/evp_enc.c
M crypto/evp/legacy_sha.c
M crypto/ex_data.c
M crypto/lhash/lhash.c
M crypto/modes/asm/ghashv8-armx.pl
M crypto/param_build_set.c
M crypto/poly1305/asm/poly1305-armv8.pl
M crypto/property/property_parse.c
M crypto/rsa/rsa_backend.c
M crypto/rsa/rsa_lib.c
M doc/man3/CMS_add1_signer.pod
M doc/man3/DH_generate_parameters.pod
M doc/man3/DSA_generate_parameters.pod
M doc/man3/PKCS5_PBKDF2_HMAC.pod
M doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod
M doc/man3/SSL_CTX_set_info_callback.pod
M doc/man3/d2i_PKCS8PrivateKey_bio.pod
M include/openssl/evp.h
M include/openssl/pkcs7.h.in
M providers/implementations/encode_decode/encode_key2text.c
M providers/implementations/macs/kmac_prov.c
M test/recipes/05-test_rand.t
M test/rsa_test.c
Log Message:
-----------
Copyright year updates
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Release: yes
Commit: 651721972d2a4fe7bd9473f64558067964b72fc5
https://github.com/openssl/openssl/commit/651721972d2a4fe7bd9473f64558067964b72fc5
Author: Matt Caswell <matt at openssl.org>
Date: 2023-10-24 (Tue, 24 Oct 2023)
Changed paths:
M providers/fips-sources.checksums
M providers/fips.checksum
Log Message:
-----------
make update
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Release: yes
Commit: c3cc0f1386b0544383a61244a4beeb762b67498f
https://github.com/openssl/openssl/commit/c3cc0f1386b0544383a61244a4beeb762b67498f
Author: Matt Caswell <matt at openssl.org>
Date: 2023-10-24 (Tue, 24 Oct 2023)
Changed paths:
M CHANGES.md
M NEWS.md
M VERSION.dat
Log Message:
-----------
Prepare for release of 3.0.12
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Release: yes
Commit: 17e72c7e2831d82d32ddc1c5519bc351a3d111bc
https://github.com/openssl/openssl/commit/17e72c7e2831d82d32ddc1c5519bc351a3d111bc
Author: Matt Caswell <matt at openssl.org>
Date: 2023-10-24 (Tue, 24 Oct 2023)
Changed paths:
M CHANGES.md
M NEWS.md
M VERSION.dat
Log Message:
-----------
Prepare for 3.0.13
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Release: yes
Compare: https://github.com/openssl/openssl/compare/23d21359e355...17e72c7e2831
More information about the openssl-commits
mailing list