The branch master has been updated via 9698a56e82da0262146c0f74b40d132f99099850 (commit) via 31656f27855ddd477349f5960b29d605d32fe38d (commit) from 69b920bb134417213adce260e15da3f751922cf4 (commit)
- Log ----------------------------------------------------------------- commit 9698a56e82da0262146c0f74b40d132f99099850 Author: Pauli <pa...@openssl.org> Date: Tue Aug 24 09:40:52 2021 +1000 aes-wrap: improve error handling The AES wrap cipher was return -1 on error from the provider rather than 0. This is fixed. There was a problem with the error handling in AES wrap which fell back to a default "final error". This adds a fix for the error and more specific errors for the different failure possibilities. Fixes #16387 Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16391) commit 31656f27855ddd477349f5960b29d605d32fe38d Author: Pauli <pa...@openssl.org> Date: Tue Aug 24 09:40:28 2021 +1000 Add invalid input length error Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16391) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 1 + include/openssl/proverr.h | 1 + providers/common/provider_err.c | 2 ++ providers/implementations/ciphers/cipher_aes_wrp.c | 28 ++++++++++++++++------ 4 files changed, 25 insertions(+), 7 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index da3fee84d1..b47293a27a 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -992,6 +992,7 @@ PROV_R_INVALID_DATA:115:invalid data PROV_R_INVALID_DIGEST:122:invalid digest PROV_R_INVALID_DIGEST_LENGTH:166:invalid digest length PROV_R_INVALID_DIGEST_SIZE:218:invalid digest size +PROV_R_INVALID_INPUT_LENGTH:230:invalid input length PROV_R_INVALID_ITERATION_COUNT:123:invalid iteration count PROV_R_INVALID_IV_LENGTH:109:invalid iv length PROV_R_INVALID_KEY:158:invalid key diff --git a/include/openssl/proverr.h b/include/openssl/proverr.h index bdfdda2c93..ad67a8f897 100644 --- a/include/openssl/proverr.h +++ b/include/openssl/proverr.h @@ -59,6 +59,7 @@ # define PROV_R_INVALID_DIGEST 122 # define PROV_R_INVALID_DIGEST_LENGTH 166 # define PROV_R_INVALID_DIGEST_SIZE 218 +# define PROV_R_INVALID_INPUT_LENGTH 230 # define PROV_R_INVALID_ITERATION_COUNT 123 # define PROV_R_INVALID_IV_LENGTH 109 # define PROV_R_INVALID_KEY 158 diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c index d08192e64b..344c122112 100644 --- a/providers/common/provider_err.c +++ b/providers/common/provider_err.c @@ -80,6 +80,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { "invalid digest length"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_DIGEST_SIZE), "invalid digest size"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_INPUT_LENGTH), + "invalid input length"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_ITERATION_COUNT), "invalid iteration count"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_IV_LENGTH), "invalid iv length"}, diff --git a/providers/implementations/ciphers/cipher_aes_wrp.c b/providers/implementations/ciphers/cipher_aes_wrp.c index f797db4596..8bddf475e2 100644 --- a/providers/implementations/ciphers/cipher_aes_wrp.c +++ b/providers/implementations/ciphers/cipher_aes_wrp.c @@ -152,16 +152,22 @@ static int aes_wrap_cipher_internal(void *vctx, unsigned char *out, return 0; /* Input length must always be non-zero */ - if (inlen == 0) + if (inlen == 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH); return -1; + } /* If decrypting need at least 16 bytes and multiple of 8 */ - if (!ctx->enc && (inlen < 16 || inlen & 0x7)) + if (!ctx->enc && (inlen < 16 || inlen & 0x7)) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH); return -1; + } /* If not padding input must be multiple of 8 */ - if (!pad && inlen & 0x7) + if (!pad && inlen & 0x7) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH); return -1; + } if (out == NULL) { if (ctx->enc) { @@ -182,7 +188,15 @@ static int aes_wrap_cipher_internal(void *vctx, unsigned char *out, rv = wctx->wrapfn(&wctx->ks.ks, ctx->iv_set ? ctx->iv : NULL, out, in, inlen, ctx->block); - return rv ? (int)rv : -1; + if (!rv) { + ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); + return -1; + } + if (rv > INT_MAX) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH); + return -1; + } + return (int)rv; } static int aes_wrap_final(void *vctx, unsigned char *out, size_t *outl, @@ -212,12 +226,12 @@ static int aes_wrap_cipher(void *vctx, if (outsize < inl) { ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return -1; + return 0; } len = aes_wrap_cipher_internal(ctx, out, in, inl); - if (len == 0) - return -1; + if (len <= 0) + return 0; *outl = len; return 1;