OpenSSL 3.1 and 3.0 are vulnerable to this issue.īabel is a compiler for writingJavaScript. The issue lies outside of the FIPS provider boundary. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because The OpenSSL SSL/TLS implementation is not affected by this issue. However if an application is vulnerable then For these reasons we expect the probability of an application being Furthermore it is likely thatĪpplication developers will have spotted this problem during testing sinceĭecryption would fail unless both peers in the communication were similarly However, these issues are not currently assessed as securityĬhanging the key and/or IV lengths is not considered to be a common operationĪnd the vulnerable API was recently introduced. Produce incorrect results and could, in some cases, trigger a memoryĮxception. GCM mode, truncation of the counter portion could lead to IV reuse.īoth truncations and overruns of the key and overruns of the IV will Section 8.2.1 guidance for constructing a deterministic IV for AES in For example, when following NIST's SP 800-38D The following ciphersĪnd cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.įor the CCM, GCM and OCB cipher modes, truncation of the IV can result in Within the OSSL_PARAM array will not take effect as intended, potentiallyĬausing truncation or overreading of these values. Via the "keylen" parameter or the IV length, via the "ivlen" parameter, When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orĮVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after Which could result in loss of confidentiality for some cipher modes. Impact summary: A truncation in the IV can result in non-uniqueness, Or overruns during the initialisation of some symmetric ciphers. Issue summary: A bug has been identified in the processing of key and
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |