mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
335d0a4646
openssl/crypto
History
Matt Caswell 335d0a4646 Fix undefined behaviour in e_aes_cbc_hmac_sha256.c and e_aes_cbc_hmac_sha1.c 
In TLS mode of operation the padding value "pad" is obtained along with the
maximum possible padding value "maxpad". If pad > maxpad then the data is
invalid. However we must continue anyway because this is constant time code.

We calculate the payload length like this:

    inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);

However if pad is invalid then inp_len ends up -ve (actually large +ve
because it is a size_t).

Later we do this:

    /* verify HMAC */
    out += inp_len;
    len -= inp_len;

This ends up with "out" pointing before the buffer which is undefined
behaviour. Next we calculate "p" like this:

    unsigned char *p =
        out + len - 1 - maxpad - SHA256_DIGEST_LENGTH;

Because of the "out + len" term the -ve inp_len value is cancelled out
so "p" points to valid memory (although technically the pointer arithmetic
is undefined behaviour again).

We only ever then dereference "p" and never "out" directly so there is
never an invalid read based on the bad pointer - so there is no security
issue.

This commit fixes the undefined behaviour by ensuring we use maxpad in
place of pad, if the supplied pad is invalid.

With thanks to Brian Carpenter for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3832)
2017-07-19 11:49:08 +01:00
..
aes x86_64 assembly pack: fill some blanks in Ryzen results. 2017-07-03 18:17:00 +02:00
aria Correct Oracle copyrights & clarify. 2017-06-15 15:50:50 +10:00
asn1 Change return (x) to return x 2017-07-14 07:32:58 +10:00
async make error tables const and separate header file 2017-06-07 15:12:03 -04:00
bf Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00
bio BIO range checking. 2017-07-07 07:18:41 +10:00
blake2
bn Address potential buffer overflows. 2017-07-07 13:37:06 +10:00
buffer Fix crash in BUF_MEM_grow_clean. 2017-07-10 16:25:43 +02:00
camellia Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00
cast Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00
chacha x86_64 assembly pack: fill some blanks in Ryzen results. 2017-07-03 18:17:00 +02:00
cmac Don't use deprecated EVP_CIPHER_CTX_cleanup() internally 2017-03-01 11:42:50 +01:00
cms make error tables const and separate header file 2017-06-07 15:12:03 -04:00
comp make error tables const and separate header file 2017-06-07 15:12:03 -04:00
conf Trivial bounds checking. 2017-07-07 15:45:55 +10:00
ct Fix memory leaks in CTLOG_new_from_base64 2017-06-09 13:32:29 -04:00
des Trivial bounds checking. 2017-07-07 15:45:55 +10:00
dh Change to check last return value of BN_CTX_get 2017-06-26 15:40:16 +02:00
dsa Fix a possible crash in dsa_builtin_paramgen2. 2017-06-14 09:35:48 -04:00
dso Put message strings in state files 2017-06-12 15:03:40 -04:00
ec Cleanup some copyright stuff 2017-06-30 21:56:44 -04:00
engine Undo commit d420ac2 2017-07-05 11:32:35 +10:00
err Add DRBG random method 2017-07-19 03:25:16 -04:00
evp Fix undefined behaviour in e_aes_cbc_hmac_sha256.c and e_aes_cbc_hmac_sha1.c 2017-07-19 11:49:08 +01:00
hmac PBKDF2 computation speedup (15-40%) 2017-04-04 10:44:17 -04:00
idea Fix gcc-7 warnings. 2017-05-11 19:39:38 +02:00
include/internal Add fork handlers, based on pthread_atfork 2017-06-29 16:19:41 -04:00
kdf make error tables const and separate header file 2017-06-07 15:12:03 -04:00
lhash coding style: remove extra whitespace charactor 2017-07-12 21:27:35 +02:00
md2
md4
md5 Cleanup some copyright stuff 2017-06-30 21:56:44 -04:00
mdc2
modes Undo commit cd359b2 2017-07-05 17:06:57 -04:00
objects Trivial bounds checking. 2017-07-07 15:45:55 +10:00
ocsp Fix return-value checks in OCSP_resp_get1_id() 2017-06-27 10:49:53 -05:00
pem Fix error handling in get_header_and_data. 2017-07-10 16:25:43 +02:00
perlasm perlasm/ppc-xlate.pl: add PowerISA 3.0B instructions. 2017-06-13 18:37:08 +02:00
pkcs7 make error tables const and separate header file 2017-06-07 15:12:03 -04:00
pkcs12 make error tables const and separate header file 2017-06-07 15:12:03 -04:00
poly1305 x86_64 assembly pack: fill some blanks in Ryzen results. 2017-07-03 18:17:00 +02:00
rand Add DRBG random method 2017-07-19 03:25:16 -04:00
rc2 Fix gcc-7 warnings. 2017-05-11 19:39:38 +02:00
rc4 Cleanup some copyright stuff 2017-06-30 21:56:44 -04:00
rc5 Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00
ripemd Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00
rsa Remove resolved TODO 2017-07-17 16:18:28 +02:00
seed
sha sha/asm/keccak1600-avx2.pl: optimized remodelled version. 2017-07-15 23:04:38 +02:00
siphash Fix gcc-7 warnings. 2017-05-11 19:39:38 +02:00
srp Correct some badly formated preprocessor lines 2017-04-25 15:44:48 +02:00
stack
store OSSL_STORE "file" scheme loader: check that a DOS device is correctly named 2017-07-15 18:53:07 +02:00
ts Put message strings in state files 2017-06-12 15:03:40 -04:00
txt_db Fix a few memleaks in TXT_DB. 2017-02-21 14:13:58 -05:00
ui Fix small UI issues 2017-07-05 11:15:37 +02:00
whrlpool Fix a read off the end of the input buffer 2017-06-08 16:05:52 -04:00
x509 Trivial bounds checking. 2017-07-07 15:45:55 +10:00
x509v3 Trivial bounds checking. 2017-07-07 15:45:55 +10:00
alphacpuid.pl
arm64cpuid.pl
arm_arch.h
armcap.c Modify type of variable in OPENSSL_cpuid_setup function 2017-06-16 16:58:51 -04:00
armv4cpuid.pl
build.info
c64xpluscpuid.pl
cpt_err.c make error tables const and separate header file 2017-06-07 15:12:03 -04:00
cryptlib.c Modify Sun copyright to follow OpenSSL style 2017-06-20 11:13:45 -04:00
cversion.c Undo commit d420ac2 2017-07-05 11:32:35 +10:00
dllmain.c
ebcdic.c
ex_data.c Fix ex_data and session_dup issues 2017-06-02 12:11:38 -04:00
ia64cpuid.S
init.c Fix atfork flag. Avoid double-negatives :) 2017-06-30 14:47:02 -04:00
LPdir_nyi.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_unix.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_vms.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_win32.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_win.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_wince.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
mem_clr.c
mem_dbg.c Address potential buffer overflows. 2017-07-07 13:37:06 +10:00
mem_sec.c Cleanup some copyright stuff 2017-06-30 21:56:44 -04:00
mem.c Use the return value from write(2) 2017-07-04 09:56:05 +10:00
mips_arch.h
o_dir.c Fix typo, missing || 2017-02-22 19:51:04 +01:00
o_fips.c Clean up references to FIPS 2017-02-28 15:26:25 +01:00
o_fopen.c
o_init.c Clean up references to FIPS 2017-02-28 15:26:25 +01:00
o_str.c Address some -Wold-style-declaration warnings 2017-05-01 14:23:28 -04:00
o_time.c Reset executable bits on files where not needed. 2017-03-03 09:13:40 +01:00
pariscid.pl
ppc_arch.h
ppccap.c crypto/ppccap.c: SIGILL-free processor capabilities detection on MacOS X. 2017-04-02 20:45:59 +02:00
ppccpuid.pl
s390xcap.c
s390xcpuid.S
sparc_arch.h
sparccpuid.S Clean up references to FIPS 2017-02-28 15:26:25 +01:00
sparcv9cap.c
threads_none.c Fix build with no-threads no-ec 2017-06-30 19:55:47 +01:00
threads_pthread.c Add fork handlers, based on pthread_atfork 2017-06-29 16:19:41 -04:00
threads_win.c Add fork handlers, based on pthread_atfork 2017-06-29 16:19:41 -04:00
uid.c Cleaning UEFI Build with additional OPENSSL_SYS_UEFI flags 2017-03-29 07:35:59 +02:00
vms_rms.h
x86_64cpuid.pl crypto/x86*cpuid.pl: move extended feature detection. 2017-03-13 18:42:10 +01:00
x86cpuid.pl Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00