Modified: trunk/Source/ThirdParty/libwebrtc/ChangeLog (273428 => 273429)
--- trunk/Source/ThirdParty/libwebrtc/ChangeLog 2021-02-24 20:45:56 UTC (rev 273428)
+++ trunk/Source/ThirdParty/libwebrtc/ChangeLog 2021-02-24 21:00:43 UTC (rev 273429)
@@ -1,5 +1,20 @@
2021-02-24 Youenn Fablet <you...@apple.com>
+ Update fipsmodule cipher.c to handle EVP_CipherUpdate
+ https://bugs.webkit.org/show_bug.cgi?id=222354
+ <rdar://problem/74436356>
+
+ Reviewed by Eric Carlson.
+
+ Cherry-picking of https://boringssl.googlesource.com/boringssl/+/e7c0c9734f5491e62665ea156603209a80fbb235%5E%21/.
+
+ * Source/third_party/boringssl/src/crypto/fipsmodule/cipher/cipher.c:
+ (EVP_EncryptUpdate):
+ (EVP_DecryptUpdate):
+ * Source/third_party/boringssl/src/include/openssl/cipher.h:
+
+2021-02-24 Youenn Fablet <you...@apple.com>
+
Fix null pointer deref in X509_issuer_and_serial_hash
https://bugs.webkit.org/show_bug.cgi?id=222353
<rdar://problem/74446806>
Modified: trunk/Source/ThirdParty/libwebrtc/Source/third_party/boringssl/src/crypto/fipsmodule/cipher/cipher.c (273428 => 273429)
--- trunk/Source/ThirdParty/libwebrtc/Source/third_party/boringssl/src/crypto/fipsmodule/cipher/cipher.c 2021-02-24 20:45:56 UTC (rev 273428)
+++ trunk/Source/ThirdParty/libwebrtc/Source/third_party/boringssl/src/crypto/fipsmodule/cipher/cipher.c 2021-02-24 21:00:43 UTC (rev 273429)
@@ -57,6 +57,7 @@
#include <openssl/cipher.h>
#include <assert.h>
+#include <limits.h>
#include <string.h>
#include <openssl/err.h>
@@ -240,14 +241,20 @@
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
const uint8_t *in, int in_len) {
- int i, j, bl;
+ // Ciphers that use blocks may write up to |bl| extra bytes. Ensure the output
+ // does not overflow |*out_len|.
+ int bl = ctx->cipher->block_size;
+ if (bl > 1 && in_len > INT_MAX - bl) {
+ OPENSSL_PUT_ERROR(CIPHER, ERR_R_OVERFLOW);
+ return 0;
+ }
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
- i = ctx->cipher->cipher(ctx, out, in, in_len);
- if (i < 0) {
+ int ret = ctx->cipher->cipher(ctx, out, in, in_len);
+ if (ret < 0) {
return 0;
} else {
- *out_len = i;
+ *out_len = ret;
}
return 1;
}
@@ -267,8 +274,7 @@
}
}
- i = ctx->buf_len;
- bl = ctx->cipher->block_size;
+ int i = ctx->buf_len;
assert(bl <= (int)sizeof(ctx->buf));
if (i != 0) {
if (bl - i > in_len) {
@@ -277,7 +283,7 @@
*out_len = 0;
return 1;
} else {
- j = bl - i;
+ int j = bl - i;
OPENSSL_memcpy(&ctx->buf[i], in, j);
if (!ctx->cipher->cipher(ctx, out, ctx->buf, bl)) {
return 0;
@@ -353,8 +359,13 @@
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
const uint8_t *in, int in_len) {
- int fix_len;
- unsigned int b;
+ // Ciphers that use blocks may write up to |bl| extra bytes. Ensure the output
+ // does not overflow |*out_len|.
+ unsigned int b = ctx->cipher->block_size;
+ if (b > 1 && in_len > INT_MAX - (int)b) {
+ OPENSSL_PUT_ERROR(CIPHER, ERR_R_OVERFLOW);
+ return 0;
+ }
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
int r = ctx->cipher->cipher(ctx, out, in, in_len);
@@ -376,15 +387,12 @@
return EVP_EncryptUpdate(ctx, out, out_len, in, in_len);
}
- b = ctx->cipher->block_size;
assert(b <= sizeof(ctx->final));
-
+ int fix_len = 0;
if (ctx->final_used) {
OPENSSL_memcpy(out, ctx->final, b);
out += b;
fix_len = 1;
- } else {
- fix_len = 0;
}
if (!EVP_EncryptUpdate(ctx, out, out_len, in, in_len)) {
Modified: trunk/Source/ThirdParty/libwebrtc/Source/third_party/boringssl/src/include/openssl/cipher.h (273428 => 273429)
--- trunk/Source/ThirdParty/libwebrtc/Source/third_party/boringssl/src/include/openssl/cipher.h 2021-02-24 20:45:56 UTC (rev 273428)
+++ trunk/Source/ThirdParty/libwebrtc/Source/third_party/boringssl/src/include/openssl/cipher.h 2021-02-24 21:00:43 UTC (rev 273429)
@@ -543,6 +543,10 @@
// block_mask contains |cipher->block_size| minus one. (The block size
// assumed to be a power of two.)
+ //
+ // TODO(davidben): This is redundant with |cipher->block_size| and constant
+ // for the whole |EVP_CIPHER|. Move it there, or possibly even remove it and
+ // do the subtraction on demand.
int block_mask;
uint8_t final[EVP_MAX_BLOCK_LENGTH]; // possible final block
