[openssl/openssl] eea8db: Harden digest context deserialization
0 views
Skip to first unread message
Simo Sorce
Dec 19, 2025, 8:24:34 AM (3 days ago) Dec 19
to openssl...@openssl.org
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: eea8db4124f765d20b8699994cd3b57a54d74f2b
https://github.com/openssl/openssl/commit/eea8db4124f765d20b8699994cd3b57a54d74f2b
Author: Simo Sorce <si...@redhat.com>
Date: 2025-12-19 (Fri, 19 Dec 2025)
Changed paths:
M doc/man3/EVP_DigestInit.pod
M providers/implementations/digests/sha2_prov.c
M providers/implementations/digests/sha3_prov.c
Log Message:
-----------
Harden digest context deserialization
The deserialization functions for SHA2 and SHA3 digest contexts did not
sufficiently validate the incoming data. Corruption in transmission or
on saved disk data could cause a out-of-bounds memory access if buffer
sizes did not match expected values.
Add sanity checks to the SHA2 and SHA3 deserialization functions to validate
buffer-related fields before they are used. The serialization format for these
digests has been changed to place these critical fields early in the stream to
enable this validation.
Additionally, add a note to the EVP_DigestInit man page to warn users that
deserialization should only be performed on trusted data. The checks we
implement are not meant to address processing of untrusted data
maliciously crafted by an attacker.
Application that need to store data or transmit it through untrusted
media SHOULD implement proper encryption and message authentication
on their own using things like CMS or other appropriate secure message
containers.
These check have been added also to quiet a bit security researchers
that try to find any way to claim CVE bounties even in completely
unlikely or invalid scenarios.
Signed-off-by: Simo Sorce <si...@redhat.com>
Reviewed-by: Shane Lontis <shane....@oracle.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29404)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Home: https://github.com/openssl/openssl
Commit: eea8db4124f765d20b8699994cd3b57a54d74f2b
https://github.com/openssl/openssl/commit/eea8db4124f765d20b8699994cd3b57a54d74f2b
Author: Simo Sorce <si...@redhat.com>
Date: 2025-12-19 (Fri, 19 Dec 2025)
Changed paths:
M doc/man3/EVP_DigestInit.pod
M providers/implementations/digests/sha2_prov.c
M providers/implementations/digests/sha3_prov.c
Log Message:
-----------
Harden digest context deserialization
The deserialization functions for SHA2 and SHA3 digest contexts did not
sufficiently validate the incoming data. Corruption in transmission or
on saved disk data could cause a out-of-bounds memory access if buffer
sizes did not match expected values.
Add sanity checks to the SHA2 and SHA3 deserialization functions to validate
buffer-related fields before they are used. The serialization format for these
digests has been changed to place these critical fields early in the stream to
enable this validation.
Additionally, add a note to the EVP_DigestInit man page to warn users that
deserialization should only be performed on trusted data. The checks we
implement are not meant to address processing of untrusted data
maliciously crafted by an attacker.
Application that need to store data or transmit it through untrusted
media SHOULD implement proper encryption and message authentication
on their own using things like CMS or other appropriate secure message
containers.
These check have been added also to quiet a bit security researchers
that try to find any way to claim CVE bounties even in completely
unlikely or invalid scenarios.
Signed-off-by: Simo Sorce <si...@redhat.com>
Reviewed-by: Shane Lontis <shane....@oracle.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29404)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Reply all
Reply to author
Forward
0 new messages