Skip to content

Comments

GCM cipher in provider now fails if passed bad keylength#9512

Closed
slontis wants to merge 2 commits intoopenssl:masterfrom
slontis:gcm_cmac_oob_read_fix
Closed

GCM cipher in provider now fails if passed bad keylength#9512
slontis wants to merge 2 commits intoopenssl:masterfrom
slontis:gcm_cmac_oob_read_fix

Conversation

@slontis
Copy link
Member

@slontis slontis commented Aug 2, 2019

Fixes #9500

Checklist
  • documentation is added or updated
  • tests are added or updated

@slontis
Copy link
Member Author

slontis commented Aug 4, 2019

ping

levitte
levitte requested changes Aug 4, 2019
View reviewed changes
Copy link
Member

@levitte levitte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a solution for sure, but not a tenable solution for the future, as the implication is that every implementation will have to check for every parameter thrown their way that they think affects other implementations of their kind. With 3rd party providers in the mix, it will be an impossible task.

So I see this as an interim solution until we've resolved the discussion going on in #9510, and to be acceptable, it should be marked with /* TODO(3.0) ...*/ comments explaining this.

@slontis
Copy link
Member Author

slontis commented Aug 4, 2019

to be acceptable, it should be marked with /* TODO(3.0)

Updated with a TODO.
I imagine any existing set_params / get_params will need to be looked at once this is changed, so it is kind of redundant.

@mattcaswell mattcaswell mentioned this pull request Aug 5, 2019
Closed
mattcaswell
mattcaswell approved these changes Aug 5, 2019
View reviewed changes
Copy link
Member

@mattcaswell mattcaswell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As a temporary solution this is ok. Definitely not a long term solution though.

levitte pushed a commit that referenced this pull request Aug 7, 2019
@slontis
GCM cipher in provider now fails if passed bad keylength
e9c116e 
Fixes #9500

Reviewed-by: Matt Caswell <[email protected]>
(Merged from #9512)
@slontis
Copy link
Member Author

slontis commented Aug 7, 2019

This has been merged to master. Thanks..

@slontis slontis closed this Aug 7, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@levitte levitte levitte requested changes

@mattcaswell mattcaswell mattcaswell approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ARIA CMAC OOB read

3 participants

@slontis @levitte @mattcaswell