Accepting request 1100559 from home:ohollmann:branches:security:tls

- Dont pass zero length input to EVP_Cipher because assembler
  optimized AES cannot handle zero size. [bsc#1213517]
  * Add openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch

OBS-URL: https://build.opensuse.org/request/show/1100559
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=140

openssl-1_1.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Jul 24 12:40:38 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
+
+- Dont pass zero length input to EVP_Cipher because assembler
+  optimized AES cannot handle zero size. [bsc#1213517]
+  * Add openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch
+
 -------------------------------------------------------------------
 Thu Jul 20 07:48:20 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 

openssl-1_1.spec

@@ -135,6 +135,8 @@ Patch80:        openssl-1_1-openssl-config.patch
 # PATCH-FIX-UPSTREAM: bsc#1213487 CVE-2023-3446 DH_check() excessive time with over sized modulus
 Patch81:        openssl-CVE-2023-3446.patch
 Patch82:        openssl-CVE-2023-3446-test.patch
+# PATCH-FIX-SUSE bsc#1213517 Dont pass zero length input to EVP_Cipher
+Patch83:        openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(zlib)
 Provides:       ssl

openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch

@@ -0,0 +1,16 @@
+---
+ crypto/evp/e_aes.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/crypto/evp/e_aes.c
++++ b/crypto/evp/e_aes.c
+@@ -2742,6 +2742,9 @@ static int aes_cbc_cipher(EVP_CIPHER_CTX
+ {
+     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+ 
++    if (!len)
++        return 1;
++
+     if (dat->stream.cbc)
+         (*dat->stream.cbc) (in, out, len, &dat->ks,
+                             EVP_CIPHER_CTX_iv_noconst(ctx),