CVE-2023-2975

Issue summary: The AES-SIV cipher implementation contains a bug that causes<br /> it to ignore empty associated data entries which are unauthenticated as<br /> a consequence.<br /> <br /> Impact summary: Applications that use the AES-SIV algorithm and want to<br /> authenticate empty data entries as associated data can be misled by removing,<br /> adding or reordering such empty entries as these are ignored by the OpenSSL<br /> implementation. We are currently unaware of any such applications.<br /> <br /> The AES-SIV algorithm allows for authentication of multiple associated<br /> data entries along with the encryption. To authenticate empty data the<br /> application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with<br /> NULL pointer as the output buffer and 0 as the input buffer length.<br /> The AES-SIV implementation in OpenSSL just returns success for such a call<br /> instead of performing the associated data authentication operation.<br /> The empty data thus will not be authenticated.<br /> <br /> As this issue does not affect non-empty associated data authentication and<br /> we expect it to be rare for an application to use empty associated data<br /> entries this is qualified as Low severity issue.