]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 864333b) | patch
Note finished state in cipher BIO EOF
authorViktor Dukhovni <openssl-users@dukhovni.org>
Wed, 21 May 2025 15:33:03 +0000 (01:33 +1000)
committerTomas Mraz <tomas@openssl.org>
Thu, 29 May 2025 14:02:26 +0000 (16:02 +0200)
commit005fa3e00e1ccfd83aa99d28e2eff55597dd5fc2
treef23681b9a5fdecfca39661d613353c70f721a29atree
parent864333b455eb36ba84562d6482547bf4c8b49581commit | diff
Note finished state in cipher BIO EOF

When the cipher BIO encounters a non-retriable EOF (or error), mark the
state as "finished", else a subsequent BIO_flush() or attempted read may
attempt to finalise the crypto state again, and fail, leading, for
example, to users seeing erroneous apparent decryption failure.

This is not a new problem, the fix should be backported to all supported
releases.  It was made more apparent by recent changes to the base64
BIO, which returns a non-retriable EOF when padding is seen at the end
of the base64 data, even if the underlying next BIO is "retriable".

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27680)
crypto/evp/bio_enc.c diff | blob | blame | history
test/bio_enc_test.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git