mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add CHANGES.md and NEWS.md entries for CVE-2023-2975

Browse Source 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)
This commit is contained in:
Tomas Mraz 2023-07-07 09:54:18 +02:00
parent 3993bb0c0c
commit 1e398bec53
2 changed files with 27 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
CHANGES.md
View File

@ -286,6 +286,26 @@ OpenSSL 3.1
### Changes between 3.1.1 and 3.1.2 [xx XXX xxxx]
* Do not ignore empty associated data entries with AES-SIV.
The AES-SIV algorithm allows for authentication of multiple associated
data entries along with the encryption. To authenticate empty data the
application has to call `EVP_EncryptUpdate()` (or `EVP_CipherUpdate()`)
with NULL pointer as the output buffer and 0 as the input buffer length.
The AES-SIV implementation in OpenSSL just returns success for such call
instead of performing the associated data authentication operation.
The empty data thus will not be authenticated. ([CVE-2023-2975])
Thanks to Juerg Wullschleger (Google) for discovering the issue.
The fix changes the authentication tag value and the ciphertext for
applications that use empty associated data entries with AES-SIV.
To decrypt data encrypted with previous versions of OpenSSL the application
has to skip calls to `EVP_DecryptUpdate()` for empty associated data
entries.
*Tomas Mraz*
* When building with the `enable-fips` option and using the resulting
FIPS provider, TLS 1.2 will, by default, mandate the use of an extended
master secret (FIPS 140-3 IG G.Q) and the Hash and HMAC DRBGs will
@ -20011,6 +20031,7 @@ ndif
<!-- Links -->
[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
[RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255

10
NEWS.md
View File

@ -39,10 +39,11 @@ OpenSSL 3.1
### Major changes between OpenSSL 3.1.1 and OpenSSL 3.1.2 [under development]
* When building with the `enable-fips` option and using the resulting
FIPS provider, TLS 1.2 will, by default, mandate the use of an
extended master secret and the Hash and HMAC DRBGs will not operate
with truncated digests.
* Do not ignore empty associated data entries with AES-SIV ([CVE-2023-2975])
* When building with the `enable-fips` option and using the resulting
FIPS provider, TLS 1.2 will, by default, mandate the use of an
extended master secret and the Hash and HMAC DRBGs will not operate
with truncated digests.
### Major changes between OpenSSL 3.1.0 and OpenSSL 3.1.1 [30 May 2023]
@ -1479,6 +1480,7 @@ OpenSSL 0.9.x
<!-- Links -->
[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466