)]}' { "commit": "e7c0c9734f5491e62665ea156603209a80fbb235", "tree": "424b29038db2299542987e4256dbc11c499e2c82", "parents": [ "ca2162d71902385dc740a385d20977d551d14e8f" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Tue Feb 16 12:20:08 2021 -0500" }, "committer": { "name": "CQ bot account: commit-bot@chromium.org", "email": "commit-bot@chromium.org", "time": "Tue Feb 16 20:50:26 2021 +0000" }, "message": "Don\u0027t overflow the output length in EVP_CipherUpdate calls.\n\nCVE-2021-23840\n\n(Imported from upstream\u0027s 6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1.)\n\nThis differs slightly from upstream\u0027s version:\n\n- EVP_R_OUTPUT_WOULD_OVERFLOW didn\u0027t seem necessary when ERR_R_OVERFLOW\n already exists. (Also since we use CIPHER_R_*, it wouldn\u0027t have helped\n with compatibility anyway. Though there\u0027s probably something to be\n said for us folding CIPHER_R_* back into EVP_R_*.)\n\n- For simplicity, just check in_len + bl at the top, rather than trying\n to predict the exact number of bytes written.\n\nUpdate-Note: Passing extremely large input lengths into EVP_CipherUpdate\nwill now fail. Use EVP_AEAD instead, which is size_t-based and has more\nexplicit output bounds.\n\nChange-Id: I31835c89dcdecb6b112828f57deb798dc7187db5\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45685\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "c50c6c5cc013e6d25db750b5985882cdd93cba9a", "old_mode": 33188, "old_path": "crypto/fipsmodule/cipher/cipher.c", "new_id": "1522379c9fc244e9e65998f8fead62543126bf0e", "new_mode": 33188, "new_path": "crypto/fipsmodule/cipher/cipher.c" }, { "type": "modify", "old_id": "c6bec489b51ca2e71b7f81e64a8e59b534e2e91a", "old_mode": 33188, "old_path": "include/openssl/cipher.h", "new_id": "3feadea85aa2f60b3c4e2956040cf015a72aa5b1", "new_mode": 33188, "new_path": "include/openssl/cipher.h" } ] }