]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8ff81f9) | patch
Note finished state in cipher BIO EOF
authorViktor Dukhovni <openssl-users@dukhovni.org>
Wed, 21 May 2025 15:33:03 +0000 (01:33 +1000)
committerTomas Mraz <tomas@openssl.org>
Thu, 29 May 2025 14:02:51 +0000 (16:02 +0200)
commit40b7cbca10c4fb044670afa1b3f079903417cfdf
treef9edf577ff6bb91d031868eb9543a149ae4b0b05tree
parent8ff81f95b86bf276868427ff97f592b31b75f02ccommit | diff
Note finished state in cipher BIO EOF

When the cipher BIO encounters a non-retriable EOF (or error), mark the
state as "finished", else a subsequent BIO_flush() or attempted read may
attempt to finalise the crypto state again, and fail, leading, for
example, to users seeing erroneous apparent decryption failure.

This is not a new problem, the fix should be backported to all supported
releases.  It was made more apparent by recent changes to the base64
BIO, which returns a non-retriable EOF when padding is seen at the end
of the base64 data, even if the underlying next BIO is "retriable".

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27680)

(cherry picked from commit 005fa3e00e1ccfd83aa99d28e2eff55597dd5fc2)
crypto/evp/bio_enc.c diff | blob | blame | history
test/bio_enc_test.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git