git.openssl.org Git - openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Tue, 6 Dec 2022 14:18:53 +0000 (14:18 +0000)
committer	Tomas Mraz <tomas@openssl.org>
	Thu, 22 Dec 2022 10:07:07 +0000 (11:07 +0100)
commit	6446cb444c2a4fd8a12ccafe9329b1b1b268460d
tree	2b5959235180ca8392b8bc173cdd9a086e780263	tree \| snapshot
parent	ed8af0502167c80ba70522d88e719f874e24ebfd	commit \| diff

Fix BIO_f_cipher() flushing

If an error occurs during a flush on a BIO_f_cipher() then in some cases
we could get into an infinite loop. We add a check to make sure we are
making progress during flush and exit if not.

This issue was reported by Octavio Galland who also demonstrated an
infinite loop in CMS encryption as a result of this bug.

The security team has assessed this issue as not a CVE. This occurs on
*encryption* only which is typically processing trusted data. We are not
aware of a way to trigger this with untrusted data.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19920)