Bug 1758587

Summary: OpenSSL will send unexpected alert for too short ciphertext with specific ciphersuites [rhel-8]
Product: Red Hat Enterprise Linux 8 Reporter: Alicja Kario <hkario>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: Alicja Kario <hkario>
Severity: low Docs Contact:
Priority: low    
Version: 8.0Keywords: Triaged
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openssl-1.1.1c-9.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1758602 (view as bug list) Environment:
Last Closed: 2020-04-28 16:52:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1758602    

Description Alicja Kario 2019-10-04 14:42:37 UTC 
Description of problem:
When the ciphertext is too small to contain IV, MAC and padding, openssl will send decryption_failed alert instead of the bad_record_mac.
This happens only for ciphers that do not use the "stiched" implementation of a cipher that combines the symmetric cipher with the HMAC.

Version-Release number of selected component (if applicable):
openssl-1.1.1c-2.el8

How reproducible:
always

Steps to Reproduce:
1. send a 16 bytes long ciphertext in a TLS record after negotiating TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 or TLS_RSA_WITH_3DES_EDE_CBC_SHA

Actual results:
server replies with decryption_failed

Expected results:
bad_record_mac alert

Additional info:
since the check is based on publicly visible data (the length of ciphertext), the difference in alert returned can't be used as a padding oracle for decryption
Comment 1 Tomas Mraz 2019-10-04 15:05:00 UTC 
Trivial fix.
Comment 11 errata-xmlrpc 2020-04-28 16:52:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1840
Comment 12 Fedora Update System 2020-05-29 00:57:11 UTC 
FEDORA-EPEL-2020-ff94ccbdec has been pushed to the Fedora EPEL 7 stable repository.
If problem still persists, please make note of it in this bug report.