The branch OpenSSL_1_0_2-stable has been updated via b99f1023f8ac357ffb8d009cf78fba586de26b5a (commit) from fb2345a1aeecb51a2426a5890102f402dceee618 (commit)
- Log ----------------------------------------------------------------- commit b99f1023f8ac357ffb8d009cf78fba586de26b5a Author: Rich Salz <rs...@openssl.org> Date: Mon Apr 24 10:30:26 2017 -0400 check length sanity before correcting in EVP_CTRL_AEAD_TLS1_AAD Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3276) ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_aes.c | 7 ++++++- crypto/evp/e_aes_cbc_hmac_sha1.c | 2 ++ crypto/evp/e_aes_cbc_hmac_sha256.c | 2 ++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 47fcd82..b45b364 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1237,10 +1237,15 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1]; /* Correct length for explicit IV */ + if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN) + return 0; len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; /* If decrypting correct for tag too */ - if (!c->encrypt) + if (!c->encrypt) { + if (len < EVP_GCM_TLS_TAG_LEN) + return 0; len -= EVP_GCM_TLS_TAG_LEN; + } c->buf[arg - 2] = len >> 8; c->buf[arg - 1] = len & 0xff; } diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index 6dfd590..d114710 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -859,6 +859,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, key->payload_length = len; if ((key->aux.tls_ver = p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { + if (len < AES_BLOCK_SIZE) + return 0; len -= AES_BLOCK_SIZE; p[arg - 2] = len >> 8; p[arg - 1] = len; diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index 8422aee..917ae07 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -836,6 +836,8 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, key->payload_length = len; if ((key->aux.tls_ver = p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { + if (len < AES_BLOCK_SIZE) + return 0; len -= AES_BLOCK_SIZE; p[arg - 2] = len >> 8; p[arg - 1] = len; _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits