openssl/crypto
Benjamin Kaduk b8a437ffa0 Fix out-of-bounds read in ctr_XOR
Looking at
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf
we see that in the CTR_DRBG_Update() algorithm (internal page number 51),
the provided input data is (after truncation to seedlen) xor-d with the
key and V vector (of length keylen and blocklen respectively).  The comment
in ctr_XOR notes that xor-ing with 0 is the identity function, so we can
just ignore the case when the provided input is shorter than seedlen.

The code in ctr_XOR() then proceeds to xor the key with the input, up
to the amount of input present, and computes the remaining input that
could be used to xor with the V vector, before accessing a full 16-byte
stretch of the input vector and ignoring the calculated length.  The correct
behavior is to respect the supplied input length and only xor the
indicated number of bytes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3971)
2017-07-20 12:12:36 -05:00
..
aes x86_64 assembly pack: fill some blanks in Ryzen results. 2017-07-03 18:17:00 +02:00
aria Correct Oracle copyrights & clarify. 2017-06-15 15:50:50 +10:00
asn1 Change return (x) to return x 2017-07-14 07:32:58 +10:00
async make error tables const and separate header file 2017-06-07 15:12:03 -04:00
bf Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00
bio BIO range checking. 2017-07-07 07:18:41 +10:00
blake2
bn Address potential buffer overflows. 2017-07-07 13:37:06 +10:00
buffer Fix crash in BUF_MEM_grow_clean. 2017-07-10 16:25:43 +02:00
camellia Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00
cast Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00
chacha x86_64 assembly pack: fill some blanks in Ryzen results. 2017-07-03 18:17:00 +02:00
cmac Don't use deprecated EVP_CIPHER_CTX_cleanup() internally 2017-03-01 11:42:50 +01:00
cms make error tables const and separate header file 2017-06-07 15:12:03 -04:00
comp make error tables const and separate header file 2017-06-07 15:12:03 -04:00
conf Trivial bounds checking. 2017-07-07 15:45:55 +10:00
ct Fix memory leaks in CTLOG_new_from_base64 2017-06-09 13:32:29 -04:00
des Trivial bounds checking. 2017-07-07 15:45:55 +10:00
dh Change to check last return value of BN_CTX_get 2017-06-26 15:40:16 +02:00
dsa Fix a possible crash in dsa_builtin_paramgen2. 2017-06-14 09:35:48 -04:00
dso Put message strings in state files 2017-06-12 15:03:40 -04:00
ec Cleanup some copyright stuff 2017-06-30 21:56:44 -04:00
engine Undo commit d420ac2 2017-07-05 11:32:35 +10:00
err Add DRBG random method 2017-07-19 03:25:16 -04:00
evp Remove some dead code 2017-07-19 11:49:08 +01:00
hmac PBKDF2 computation speedup (15-40%) 2017-04-04 10:44:17 -04:00
idea Fix gcc-7 warnings. 2017-05-11 19:39:38 +02:00
include/internal Rename internal rand.h file 2017-07-20 10:20:47 -04:00
kdf make error tables const and separate header file 2017-06-07 15:12:03 -04:00
lhash coding style: remove extra whitespace charactor 2017-07-12 21:27:35 +02:00
md2
md4
md5 Cleanup some copyright stuff 2017-06-30 21:56:44 -04:00
mdc2
modes Undo commit cd359b2 2017-07-05 17:06:57 -04:00
objects Trivial bounds checking. 2017-07-07 15:45:55 +10:00
ocsp Fix return-value checks in OCSP_resp_get1_id() 2017-06-27 10:49:53 -05:00
pem Fix error handling in get_header_and_data. 2017-07-10 16:25:43 +02:00
perlasm perlasm/ppc-xlate.pl: add PowerISA 3.0B instructions. 2017-06-13 18:37:08 +02:00
pkcs7 make error tables const and separate header file 2017-06-07 15:12:03 -04:00
pkcs12 make error tables const and separate header file 2017-06-07 15:12:03 -04:00
poly1305 x86_64 assembly pack: fill some blanks in Ryzen results. 2017-07-03 18:17:00 +02:00
rand Fix out-of-bounds read in ctr_XOR 2017-07-20 12:12:36 -05:00
rc2 Fix gcc-7 warnings. 2017-05-11 19:39:38 +02:00
rc4 Cleanup some copyright stuff 2017-06-30 21:56:44 -04:00
rc5 Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00
ripemd Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00
rsa Typo: should check mgf1md 2017-07-19 14:02:20 +01:00
seed
sha sha/asm/keccak1600-avx2.pl: optimized remodelled version. 2017-07-15 23:04:38 +02:00
siphash Fix gcc-7 warnings. 2017-05-11 19:39:38 +02:00
srp Correct some badly formated preprocessor lines 2017-04-25 15:44:48 +02:00
stack
store OSSL_STORE "file" scheme loader: check that a DOS device is correctly named 2017-07-15 18:53:07 +02:00
ts Put message strings in state files 2017-06-12 15:03:40 -04:00
txt_db Fix a few memleaks in TXT_DB. 2017-02-21 14:13:58 -05:00
ui Fix small UI issues 2017-07-05 11:15:37 +02:00
whrlpool Fix a read off the end of the input buffer 2017-06-08 16:05:52 -04:00
x509 Trivial bounds checking. 2017-07-07 15:45:55 +10:00
x509v3 Trivial bounds checking. 2017-07-07 15:45:55 +10:00
alphacpuid.pl
arm64cpuid.pl
arm_arch.h
armcap.c Modify type of variable in OPENSSL_cpuid_setup function 2017-06-16 16:58:51 -04:00
armv4cpuid.pl
build.info
c64xpluscpuid.pl
cpt_err.c make error tables const and separate header file 2017-06-07 15:12:03 -04:00
cryptlib.c Modify Sun copyright to follow OpenSSL style 2017-06-20 11:13:45 -04:00
cversion.c Undo commit d420ac2 2017-07-05 11:32:35 +10:00
dllmain.c
ebcdic.c
ex_data.c Fix ex_data and session_dup issues 2017-06-02 12:11:38 -04:00
ia64cpuid.S
init.c Rename internal rand.h file 2017-07-20 10:20:47 -04:00
LPdir_nyi.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_unix.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_vms.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_win32.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_win.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_wince.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
mem_clr.c
mem_dbg.c Address potential buffer overflows. 2017-07-07 13:37:06 +10:00
mem_sec.c Cleanup some copyright stuff 2017-06-30 21:56:44 -04:00
mem.c Use the return value from write(2) 2017-07-04 09:56:05 +10:00
mips_arch.h
o_dir.c Fix typo, missing || 2017-02-22 19:51:04 +01:00
o_fips.c Clean up references to FIPS 2017-02-28 15:26:25 +01:00
o_fopen.c
o_init.c Clean up references to FIPS 2017-02-28 15:26:25 +01:00
o_str.c Address some -Wold-style-declaration warnings 2017-05-01 14:23:28 -04:00
o_time.c Reset executable bits on files where not needed. 2017-03-03 09:13:40 +01:00
pariscid.pl
ppc_arch.h
ppccap.c crypto/ppccap.c: SIGILL-free processor capabilities detection on MacOS X. 2017-04-02 20:45:59 +02:00
ppccpuid.pl
s390xcap.c
s390xcpuid.S
sparc_arch.h
sparccpuid.S Clean up references to FIPS 2017-02-28 15:26:25 +01:00
sparcv9cap.c
threads_none.c Fix build with no-threads no-ec 2017-06-30 19:55:47 +01:00
threads_pthread.c Add fork handlers, based on pthread_atfork 2017-06-29 16:19:41 -04:00
threads_win.c Add fork handlers, based on pthread_atfork 2017-06-29 16:19:41 -04:00
uid.c Cleaning UEFI Build with additional OPENSSL_SYS_UEFI flags 2017-03-29 07:35:59 +02:00
vms_rms.h
x86_64cpuid.pl crypto/x86*cpuid.pl: move extended feature detection. 2017-03-13 18:42:10 +01:00
x86cpuid.pl Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00