git.openssl.org Git - openssl.git/commit

author	Andy Polyakov <appro@openssl.org>
	Wed, 18 Jan 2017 23:20:49 +0000 (00:20 +0100)
committer	Matt Caswell <matt@openssl.org>
	Thu, 26 Jan 2017 10:54:36 +0000 (10:54 +0000)
commit	00d965474b22b54e4275232bc71ee0c699c5cd21
tree	0c997300a771ccb0a40f19235668233d21697a9f	tree \| snapshot
parent	f3a7e57c92b2c9b87dc4b2997f2ebda6781300d0	commit \| diff

crypto/evp: harden AEAD ciphers.

Originally a crash in 32-bit build was reported CHACHA20-POLY1305
cipher. The crash is triggered by truncated packet and is result
of excessive hashing to the edge of accessible memory. Since hash
operation is read-only it is not considered to be exploitable
beyond a DoS condition. Other ciphers were hardened.

Thanks to Robert Święcki for report.

CVE-2017-3731

Reviewed-by: Rich Salz <rsalz@openssl.org>

crypto/evp/e_aes.c		diff \| blob \| history
crypto/evp/e_chacha20_poly1305.c		diff \| blob \| history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom