[SERVER-55577] Investigate potential decryption differences between CCCryptor and OpenSSL Created: 26/Mar/21  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Question Priority: Major - P3
Reporter: Varun Ravichandran Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Assigned Teams:
Server Security
Sprint: Security 2021-04-05
Participants:

 Description   

BF-20495 resulted from a bug in symmetric_crypto_test.cpp that didn't reset a buffer before checking that decryption with a wrong key failed. However, this bug only appeared whenever the decryptor returned an OK status and did not modify the passed-in buffer at all, which only seemed to occur frequently enough to be caught in MacOS's CCCryptor. This behavior should be compared with OpenSSL to see whether there are certain ciphertexts that, when decrypted with the same (incorrect) key/IV combination, result in an OK status and an empty plaintext on OS X but result in different behavior on OpenSSL. 


Generated at Thu Feb 08 05:36:51 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.