root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Check that IV length is not less than zero 

As EVP_CIPHER_CTX_get_iv_length indicates failure with -1, this error
should be processed. Also the result of this function shouldn't be
assigned to an unsigned variable.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18891)
This commit is contained in:
Dmitry Belyavskiy 2022-07-27 12:15:07 +02:00 committed by Hugo Landau
parent 4000827fdb
commit 83ab43da0c
8 changed files with 43 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
crypto/cms/cms_enc.c
View File

@ -83,6 +83,11 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec,
calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx));
/* Generate a random IV if we need one */
ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
if (ivlen < 0) {
ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB);
goto err;
}
if (ivlen > 0) {
if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0)
goto err;

4
crypto/cms/cms_pwri.c
View File

@ -96,6 +96,10 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
}
ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
if (ivlen < 0) {
ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB);
goto err;
}
if (ivlen > 0) {
if (RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), iv, ivlen, 0) <= 0)

7
ssl/ktls.c
View File

@ -132,8 +132,11 @@ int ktls_configure_crypto(SSL_CONNECTION *s, const EVP_CIPHER *c,
case SSL_AES128GCM:
case SSL_AES256GCM:
crypto_info->cipher_algorithm = CRYPTO_AES_NIST_GCM_16;
if (s->version == TLS1_3_VERSION)
if (s->version == TLS1_3_VERSION) {
crypto_info->iv_len = EVP_CIPHER_CTX_get_iv_length(dd);
if (crypto_info->iv_len < 0)
return 0;
}
else
crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
break;
@ -141,6 +144,8 @@ int ktls_configure_crypto(SSL_CONNECTION *s, const EVP_CIPHER *c,
case SSL_CHACHA20POLY1305:
crypto_info->cipher_algorithm = CRYPTO_CHACHA20_POLY1305;
crypto_info->iv_len = EVP_CIPHER_CTX_get_iv_length(dd);
if (crypto_info->iv_len < 0)
return 0;
break;
# endif
case SSL_AES128:

4
ssl/record/rec_layer_d1.c
View File

@ -883,6 +883,10 @@ int do_dtls1_write(SSL_CONNECTION *sc, int type, const unsigned char *buf,
int mode = EVP_CIPHER_CTX_get_mode(sc->enc_write_ctx);
if (mode == EVP_CIPH_CBC_MODE) {
eivlen = EVP_CIPHER_CTX_get_iv_length(sc->enc_write_ctx);
if (eivlen < 0) {
SSLfatal(sc, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG);
return -1;
}
if (eivlen <= 1)
eivlen = 0;
}

4
ssl/record/rec_layer_s3.c
View File

@ -874,6 +874,10 @@ int do_ssl3_write(SSL_CONNECTION *s, int type, const unsigned char *buf,
int mode = EVP_CIPHER_CTX_get_mode(s->enc_write_ctx);
if (mode == EVP_CIPH_CBC_MODE) {
eivlen = EVP_CIPHER_CTX_get_iv_length(s->enc_write_ctx);
if (eivlen < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG);
return -1;
}
if (eivlen <= 1)
eivlen = 0;
} else if (mode == EVP_CIPH_GCM_MODE) {

7
ssl/record/ssl3_record_tls13.c
View File

@ -25,7 +25,8 @@ int tls13_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending,
{
EVP_CIPHER_CTX *ctx;
unsigned char iv[EVP_MAX_IV_LENGTH], recheader[SSL3_RT_HEADER_LENGTH];
size_t ivlen, taglen, offset, loop, hdrlen;
size_t taglen, offset, loop, hdrlen;
int ivlen;
unsigned char *staticiv;
unsigned char *seq;
int lenu, lenf;
@ -62,6 +63,10 @@ int tls13_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending,
}
ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
if (ivlen < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
if (s->early_data_state == SSL_EARLY_DATA_WRITING
|| s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) {

4
ssl/statem/statem_srvr.c
View File

@ -3809,6 +3809,10 @@ static int construct_stateless_ticket(SSL_CONNECTION *s, WPACKET *pkt,
goto err;
}
iv_len = EVP_CIPHER_CTX_get_iv_length(ctx);
if (iv_len < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
} else {
EVP_CIPHER *cipher = EVP_CIPHER_fetch(sctx->libctx, "AES-256-CBC",
sctx->propq);

15
ssl/t1_lib.c
View File

@ -1875,7 +1875,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL_CONNECTION *s,
SSL_SESSION *sess = NULL;
unsigned char *sdec;
const unsigned char *p;
int slen, renew_ticket = 0, declen;
int slen, ivlen, renew_ticket = 0, declen;
SSL_TICKET_STATUS ret = SSL_TICKET_FATAL_ERR_OTHER;
size_t mlen;
unsigned char tick_hmac[EVP_MAX_MD_SIZE];
@ -1989,9 +1989,14 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL_CONNECTION *s,
goto end;
}
ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
if (ivlen < 0) {
ret = SSL_TICKET_FATAL_ERR_OTHER;
goto end;
}
/* Sanity check ticket length: must exceed keyname + IV + HMAC */
if (eticklen <=
TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx) + mlen) {
if (eticklen <= TLSEXT_KEYNAME_LENGTH + ivlen + mlen) {
ret = SSL_TICKET_NO_DECRYPT;
goto end;
}
@ -2009,8 +2014,8 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL_CONNECTION *s,
}
/* Attempt to decrypt session data */
/* Move p after IV to start of encrypted ticket, update length */
p = etick + TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx);
eticklen -= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx);
p = etick + TLSEXT_KEYNAME_LENGTH + ivlen;
eticklen -= TLSEXT_KEYNAME_LENGTH + ivlen;
sdec = OPENSSL_malloc(eticklen);
if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p,
(int)eticklen) <= 0) {