diff options
author | Tomas Mraz <tomas@openssl.org> | 2023-07-07 09:54:18 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-07-14 13:05:17 +0200 |
commit | aff80b19e03486ef1b55cbc3af3488d5a67973f6 (patch) | |
tree | 45b29259dac812ccb08bb2dbc75203ed28833550 /CHANGES.md | |
parent | 96318a8d21bed334d78797eca5b32790775d5f05 (diff) |
Add CHANGES.md and NEWS.md entries for CVE-2023-2975
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)
(cherry picked from commit 1e398bec538978b9957e69bf9e12b3c626290bea)
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/CHANGES.md b/CHANGES.md index dbfe20a2e5..2b928c7720 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -30,7 +30,25 @@ breaking changes, and mappings for the large list of deprecated functions. ### Changes between 3.0.9 and 3.0.10 [xx XXX xxxx] - * none yet + * Do not ignore empty associated data entries with AES-SIV. + + The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call `EVP_EncryptUpdate()` (or `EVP_CipherUpdate()`) + with NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated. ([CVE-2023-2975]) + + Thanks to Juerg Wullschleger (Google) for discovering the issue. + + The fix changes the authentication tag value and the ciphertext for + applications that use empty associated data entries with AES-SIV. + To decrypt data encrypted with previous versions of OpenSSL the application + has to skip calls to `EVP_DecryptUpdate()` for empty associated data + entries. + + *Tomas Mraz* ### Changes between 3.0.8 and 3.0.9 [30 May 2023] @@ -19654,6 +19672,7 @@ ndif <!-- Links --> +[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975 [RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5 [CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650 [CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255 |