]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ffff78c) | patch
Note finished state in cipher BIO EOF
authorViktor Dukhovni <openssl-users@dukhovni.org>
Wed, 21 May 2025 15:33:03 +0000 (01:33 +1000)
committerTomas Mraz <tomas@openssl.org>
Thu, 29 May 2025 14:02:45 +0000 (16:02 +0200)
commitf4084629a9069df2332eb3693d547bf6d8ac6efc
tree17240820343f8262462e43556050c94be3b21d25tree | snapshot
parentffff78cce08ae9e8e8ac629607f08b5aaf64912ecommit | diff
Note finished state in cipher BIO EOF

When the cipher BIO encounters a non-retriable EOF (or error), mark the
state as "finished", else a subsequent BIO_flush() or attempted read may
attempt to finalise the crypto state again, and fail, leading, for
example, to users seeing erroneous apparent decryption failure.

This is not a new problem, the fix should be backported to all supported
releases.  It was made more apparent by recent changes to the base64
BIO, which returns a non-retriable EOF when padding is seen at the end
of the base64 data, even if the underlying next BIO is "retriable".

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27680)

(cherry picked from commit 005fa3e00e1ccfd83aa99d28e2eff55597dd5fc2)
crypto/evp/bio_enc.c diff | blob | blame | history
test/bio_enc_test.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git