SHA256
1
0
forked from pool/openssl-1_1

Accepting request 1100559 from home:ohollmann:branches:security:tls

- Dont pass zero length input to EVP_Cipher because assembler
  optimized AES cannot handle zero size. [bsc#1213517]
  * Add openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch

OBS-URL: https://build.opensuse.org/request/show/1100559
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=140
This commit is contained in:
Otto Hollmann 2023-07-25 08:04:18 +00:00 committed by Git OBS Bridge
parent 2f6ae03793
commit a620e0aeaf
3 changed files with 25 additions and 0 deletions

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Mon Jul 24 12:40:38 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
- Dont pass zero length input to EVP_Cipher because assembler
optimized AES cannot handle zero size. [bsc#1213517]
* Add openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch
-------------------------------------------------------------------
Thu Jul 20 07:48:20 UTC 2023 - Pedro Monreal <pmonreal@suse.com>

View File

@ -135,6 +135,8 @@ Patch80: openssl-1_1-openssl-config.patch
# PATCH-FIX-UPSTREAM: bsc#1213487 CVE-2023-3446 DH_check() excessive time with over sized modulus
Patch81: openssl-CVE-2023-3446.patch
Patch82: openssl-CVE-2023-3446-test.patch
# PATCH-FIX-SUSE bsc#1213517 Dont pass zero length input to EVP_Cipher
Patch83: openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch
BuildRequires: pkgconfig
BuildRequires: pkgconfig(zlib)
Provides: ssl

View File

@ -0,0 +1,16 @@
---
crypto/evp/e_aes.c | 3 +++
1 file changed, 3 insertions(+)
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -2742,6 +2742,9 @@ static int aes_cbc_cipher(EVP_CIPHER_CTX
{
EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+ if (!len)
+ return 1;
+
if (dat->stream.cbc)
(*dat->stream.cbc) (in, out, len, &dat->ks,
EVP_CIPHER_CTX_iv_noconst(ctx),