projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f3a7e57) | patch
crypto/evp: harden AEAD ciphers.
authorAndy Polyakov <appro@openssl.org>
Wed, 18 Jan 2017 23:20:49 +0000 (00:20 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 26 Jan 2017 10:54:36 +0000 (10:54 +0000)
commit00d965474b22b54e4275232bc71ee0c699c5cd21
tree0c997300a771ccb0a40f19235668233d21697a9ftree | snapshot
parentf3a7e57c92b2c9b87dc4b2997f2ebda6781300d0commit | diff
crypto/evp: harden AEAD ciphers.

Originally a crash in 32-bit build was reported CHACHA20-POLY1305
cipher. The crash is triggered by truncated packet and is result
of excessive hashing to the edge of accessible memory. Since hash
operation is read-only it is not considered to be exploitable
beyond a DoS condition. Other ciphers were hardened.

Thanks to Robert Święcki for report.

CVE-2017-3731

Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/evp/e_aes.c diff | blob | history
crypto/evp/e_chacha20_poly1305.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.