-
Type: Question
-
Resolution: Unresolved
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
Labels:None
-
Server Security
-
Security 2021-04-05
BF-20495 resulted from a bug in symmetric_crypto_test.cpp that didn't reset a buffer before checking that decryption with a wrong key failed. However, this bug only appeared whenever the decryptor returned an OK status and did not modify the passed-in buffer at all, which only seemed to occur frequently enough to be caught in MacOS's CCCryptor. This behavior should be compared with OpenSSL to see whether there are certain ciphertexts that, when decrypted with the same (incorrect) key/IV combination, result in an OK status and an empty plaintext on OS X but result in different behavior on OpenSSL.