projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8e20499) | patch
crypto/evp: harden AEAD ciphers.
authorAndy Polyakov <appro@openssl.org>
Wed, 18 Jan 2017 23:20:49 +0000 (00:20 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 26 Jan 2017 10:54:01 +0000 (10:54 +0000)
commit2198b3a55de681e1f3c23edb0586afe13f438051
tree8db94da0ed2bd6354ba723fc5dc491ad8dd7b614tree | snapshot
parent8e20499629b6bcf868d0072c7011e590b5c2294dcommit | diff
crypto/evp: harden AEAD ciphers.

Originally a crash in 32-bit build was reported CHACHA20-POLY1305
cipher. The crash is triggered by truncated packet and is result
of excessive hashing to the edge of accessible memory. Since hash
operation is read-only it is not considered to be exploitable
beyond a DoS condition. Other ciphers were hardened.

Thanks to Robert Święcki for report.

CVE-2017-3731

Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/evp/e_aes.c diff | blob | history
crypto/evp/e_chacha20_poly1305.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.