openssl/crypto
Pauli f3a7e6c057 evp: process key length and iv length early if present
evp_cipher_init_internal() takes a params array argument and this is processed
late in the initialisation process for some ciphers (AEAD ones).

This means that changing the IV length as a parameter will either truncate the
IV (very bad if SP 800-38d section 8.2.1 is used) or grab extra uninitialised
bytes.

Truncation is very bad if SP 800-38d section 8.2.1 is being used to
contruct a deterministic IV.  This leads to an instant loss of confidentiality.

Grabbing extra bytes isn't so serious, it will most likely result in a bad
decryption.

Problem reported by Tony Battersby of Cybernetics.com but earlier discovered
and raised as issue #19822.

Fixes CVE-2023-5363
Fixes #19822

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2023-10-24 14:32:24 +01:00
..
aes Improve performance for 6x unrolling with vpermxor instruction 2023-10-02 14:00:23 +02:00
aria
asn1 Do not include crypto/asn1.h from internal/cryptlib.h 2023-10-19 10:15:56 +02:00
async
bf
bio embed bio_dgram_data inside bio_dgram_sctp_data 2023-10-05 19:09:06 +02:00
bn BN_gcd(): Avoid shifts of negative values 2023-10-05 12:05:16 +02:00
buffer
camellia
cast Copyright year updates 2023-09-07 09:59:15 +01:00
chacha LoongArch64 assembly pack: add ChaCha20 modules 2023-09-11 08:49:09 +10:00
cmac Copyright year updates 2023-09-07 09:59:15 +01:00
cmp CMP: fix OSSL_CMP_MSG_http_perform() by adding option OSSL_CMP_OPT_USE_TLS 2023-10-10 20:36:06 +02:00
cms cms_enc.c: Include crypto/asn1.h for struct asn1_object_st 2023-10-19 10:15:56 +02:00
comp Copyright year updates 2023-09-07 09:59:15 +01:00
conf "foo * bar" should be "foo *bar" 2023-09-11 10:15:30 +02:00
crmf Copyright year updates 2023-09-07 09:59:15 +01:00
ct
des Copyright year updates 2023-09-07 09:59:15 +01:00
dh DH_check_pub_key() should not fail when setting result code 2023-10-11 16:22:27 +02:00
dsa DH_check_pub_key() should not fail when setting result code 2023-10-11 16:22:27 +02:00
dso Copyright year updates 2023-09-07 09:59:15 +01:00
ec Copyright year updates 2023-09-28 14:23:29 +01:00
encode_decode Copyright year updates 2023-09-07 09:59:15 +01:00
engine Improved detection of engine-provided private "classic" keys 2023-10-04 11:02:00 +11:00
err Ensure that the ERR_STATE is left in a consistent state 2023-10-23 10:08:12 +01:00
ess
evp evp: process key length and iv length early if present 2023-10-24 14:32:24 +01:00
ffc DH_check_pub_key() should not fail when setting result code 2023-10-11 16:22:27 +02:00
hmac
hpke Copyright year updates 2023-09-07 09:59:15 +01:00
http Remove repeated words 2023-09-11 10:15:30 +02:00
idea
kdf
lhash All lh_stats functions were deprecated in 3.1 2023-10-04 07:52:41 +11:00
md2
md4
md5 Copyright year updates 2023-09-07 09:59:15 +01:00
mdc2
modes * Enable extra Arm64 optimization on Windows for GHASH, RAND and AES 2023-10-10 15:37:41 +02:00
objects ensure that ossl_obj_nid_lock is allocated before use 2023-10-18 16:52:45 +02:00
ocsp Copyright year updates 2023-09-07 09:59:15 +01:00
pem Copyright year updates 2023-09-28 14:23:29 +01:00
perlasm Copyright year updates 2023-09-07 09:59:15 +01:00
pkcs7 Copyright year updates 2023-09-07 09:59:15 +01:00
pkcs12 Copyright year updates 2023-09-28 14:23:29 +01:00
poly1305 Copyright year updates 2023-09-07 09:59:15 +01:00
property ossl_property_list_to_string: handle quoted strings 2023-10-05 08:09:13 +11:00
rand rand: fix seeding from a weak entropy source 2023-10-24 11:14:11 +01:00
rc2 Copyright year updates 2023-09-07 09:59:15 +01:00
rc4 Copyright year updates 2023-09-07 09:59:15 +01:00
rc5 Copyright year updates 2023-09-07 09:59:15 +01:00
ripemd
rsa Dont require CRT params on ossl_rsa_set0_all_params 2023-10-18 18:08:02 +02:00
seed
sha Copyright year updates 2023-09-28 14:23:29 +01:00
siphash
sm2 Copyright year updates 2023-09-07 09:59:15 +01:00
sm3 * Enable extra Arm64 optimization on Windows for GHASH, RAND and AES 2023-10-10 15:37:41 +02:00
sm4 Copyright year updates 2023-09-07 09:59:15 +01:00
srp Copyright year updates 2023-09-28 14:23:29 +01:00
stack Copyright year updates 2023-09-07 09:59:15 +01:00
store Copyright year updates 2023-09-28 14:23:29 +01:00
thread Copyright year updates 2023-09-07 09:59:15 +01:00
ts Copyright year updates 2023-09-07 09:59:15 +01:00
txt_db Copyright year updates 2023-09-07 09:59:15 +01:00
ui Copyright year updates 2023-09-07 09:59:15 +01:00
whrlpool Copyright year updates 2023-09-07 09:59:15 +01:00
x509 Do not include crypto/asn1.h from internal/cryptlib.h 2023-10-19 10:15:56 +02:00
alphacpuid.pl
arm64cpuid.pl
arm_arch.h * Enable extra Arm64 optimization on Windows for GHASH, RAND and AES 2023-10-10 15:37:41 +02:00
armcap.c Update with ARMV8_HAVE_SHA3_AND_WORTH_USING 2023-07-21 10:19:19 +10:00
armv4cpuid.pl Copyright year updates 2023-09-07 09:59:15 +01:00
asn1_dsa.c
bsearch.c
build.info Do not include sparse_array.o in libssl 2023-09-22 20:42:48 +02:00
c64xpluscpuid.pl
context.c Copyright year updates 2023-09-07 09:59:15 +01:00
core_algorithm.c
core_fetch.c
core_namemap.c Copyright year updates 2023-09-07 09:59:15 +01:00
cpt_err.c
cpuid.c Copyright year updates 2023-09-28 14:23:29 +01:00
cryptlib.c Copyright year updates 2023-09-07 09:59:15 +01:00
ctype.c Copyright year updates 2023-09-07 09:59:15 +01:00
cversion.c
der_writer.c
deterministic_nonce.c Copyright year updates 2023-09-07 09:59:15 +01:00
dllmain.c
ebcdic.c
ex_data.c Fix error handling in CRYPTO_get_ex_new_index 2023-09-21 14:43:08 +02:00
getenv.c
ia64cpuid.S
info.c Copyright year updates 2023-09-07 09:59:15 +01:00
init.c Copyright year updates 2023-09-07 09:59:15 +01:00
initthread.c Copyright year updates 2023-09-28 14:23:29 +01:00
loongarch64cpuid.pl
loongarch_arch.h Copyright year updates 2023-09-07 09:59:15 +01:00
loongarchcap.c Copyright year updates 2023-09-07 09:59:15 +01:00
LPdir_nyi.c
LPdir_unix.c Copyright year updates 2023-09-07 09:59:15 +01:00
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_sec.c Copyright year updates 2023-09-07 09:59:15 +01:00
mem.c Windows: use srand() instead of srandom() 2023-10-13 15:04:42 +02:00
mips_arch.h
o_dir.c
o_fopen.c
o_init.c
o_str.c Copyright year updates 2023-09-28 14:23:29 +01:00
o_time.c
packet.c Copyright year updates 2023-09-07 09:59:15 +01:00
param_build_set.c ossl_param_build_set_multi_key_bn(): Do not set NULL BIGNUMs 2023-10-18 18:07:13 +02:00
param_build.c Copyright year updates 2023-09-07 09:59:15 +01:00
params_dup.c
params_from_text.c
params_idx.c.in
params.c Copyright year updates 2023-09-07 09:59:15 +01:00
pariscid.pl
passphrase.c
ppccap.c
ppccpuid.pl
provider_child.c Copyright year updates 2023-09-07 09:59:15 +01:00
provider_conf.c Copyright year updates 2023-09-07 09:59:15 +01:00
provider_core.c rand: add callbacks to cleanup the user entropy resp. nonce 2023-10-20 09:48:34 +01:00
provider_local.h
provider_predefined.c
provider.c Copyright year updates 2023-09-07 09:59:15 +01:00
punycode.c Copyright year updates 2023-09-07 09:59:15 +01:00
quic_vlint.c
README-sparse_array.md
riscv32cpuid.pl
riscv64cpuid.pl
riscvcap.c
s390x_arch.h Copyright year updates 2023-09-07 09:59:15 +01:00
s390xcap.c Copyright year updates 2023-09-07 09:59:15 +01:00
s390xcpuid.pl
self_test_core.c
sleep.c Copyright year updates 2023-09-07 09:59:15 +01:00
sparccpuid.S
sparcv9cap.c
sparse_array.c
threads_lib.c
threads_none.c Copyright year updates 2023-09-07 09:59:15 +01:00
threads_pthread.c Copyright year updates 2023-09-07 09:59:15 +01:00
threads_win.c Copyright year updates 2023-09-07 09:59:15 +01:00
time.c Copyright year updates 2023-09-07 09:59:15 +01:00
trace.c "foo * bar" should be "foo *bar" 2023-09-11 10:15:30 +02:00
uid.c Copyright year updates 2023-09-07 09:59:15 +01:00
vms_rms.h
x86_64cpuid.pl
x86cpuid.pl