root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Add CHANGES.md and NEWS.md entries for CVE-2023-2975 

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)

(cherry picked from commit 1e398bec53)
This commit is contained in:
Tomas Mraz 2023-07-07 09:54:18 +02:00
parent 96318a8d21
commit aff80b19e0
2 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
CHANGES.md
View File

@ -30,7 +30,25 @@ breaking changes, and mappings for the large list of deprecated functions.
### Changes between 3.0.9 and 3.0.10 [xx XXX xxxx]
* none yet
* Do not ignore empty associated data entries with AES-SIV.
The AES-SIV algorithm allows for authentication of multiple associated
data entries along with the encryption. To authenticate empty data the
application has to call `EVP_EncryptUpdate()` (or `EVP_CipherUpdate()`)
with NULL pointer as the output buffer and 0 as the input buffer length.
The AES-SIV implementation in OpenSSL just returns success for such call
instead of performing the associated data authentication operation.
The empty data thus will not be authenticated. ([CVE-2023-2975])
Thanks to Juerg Wullschleger (Google) for discovering the issue.
The fix changes the authentication tag value and the ciphertext for
applications that use empty associated data entries with AES-SIV.
To decrypt data encrypted with previous versions of OpenSSL the application
has to skip calls to `EVP_DecryptUpdate()` for empty associated data
entries.
*Tomas Mraz*
### Changes between 3.0.8 and 3.0.9 [30 May 2023]
@ -19654,6 +19672,7 @@ ndif
<!-- Links -->
[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
[RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255

3
NEWS.md
View File

@ -20,7 +20,7 @@ OpenSSL 3.0
### Major changes between OpenSSL 3.0.9 and OpenSSL 3.0.10 [under development]
* none
* Do not ignore empty associated data entries with AES-SIV ([CVE-2023-2975])
### Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [30 May 2023]
@ -1446,6 +1446,7 @@ OpenSSL 0.9.x
<!-- Links -->
[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466