|
 |
bc5401 |
diff -up openssl-1.0.2k/crypto/evp/evp_enc.c.int-overflow openssl-1.0.2k/crypto/evp/evp_enc.c
|
|
|
bc5401 |
--- openssl-1.0.2k/crypto/evp/evp_enc.c.int-overflow 2021-09-01 14:17:32.813927827 +0200
|
|
|
bc5401 |
+++ openssl-1.0.2k/crypto/evp/evp_enc.c 2021-09-01 14:17:32.909929103 +0200
|
|
|
bc5401 |
@@ -57,6 +57,7 @@
|
|
|
bc5401 |
*/
|
|
|
bc5401 |
|
|
|
bc5401 |
#include <stdio.h>
|
|
|
bc5401 |
+#include <limits.h>
|
|
|
bc5401 |
#include "cryptlib.h"
|
|
|
bc5401 |
#include <openssl/evp.h>
|
|
|
bc5401 |
#include <openssl/err.h>
|
|
|
bc5401 |
@@ -417,6 +418,18 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ct
|
|
|
bc5401 |
return 1;
|
|
|
bc5401 |
} else {
|
|
|
bc5401 |
j = bl - i;
|
|
|
bc5401 |
+ /*
|
|
|
bc5401 |
+ * Once we've processed the first j bytes from in, the amount of
|
|
|
bc5401 |
+ * data left that is a multiple of the block length is:
|
|
|
bc5401 |
+ * (inl - j) & ~(bl - 1)
|
|
|
bc5401 |
+ * We must ensure that this amount of data, plus the one block that
|
|
|
bc5401 |
+ * we process from ctx->buf does not exceed INT_MAX
|
|
|
bc5401 |
+ */
|
|
|
bc5401 |
+ if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
|
|
|
bc5401 |
+ EVPerr(EVP_F_EVP_ENCRYPTUPDATE,
|
|
|
bc5401 |
+ EVP_R_OUTPUT_WOULD_OVERFLOW);
|
|
|
bc5401 |
+ return 0;
|
|
|
bc5401 |
+ }
|
|
|
bc5401 |
memcpy(&(ctx->buf[i]), in, j);
|
|
|
bc5401 |
if (!M_do_cipher(ctx, out, ctx->buf, bl))
|
|
|
bc5401 |
return 0;
|
|
|
bc5401 |
@@ -518,6 +531,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ct
|
|
|
bc5401 |
OPENSSL_assert(b <= sizeof ctx->final);
|
|
|
bc5401 |
|
|
|
bc5401 |
if (ctx->final_used) {
|
|
|
bc5401 |
+ /*
|
|
|
bc5401 |
+ * final_used is only ever set if buf_len is 0. Therefore the maximum
|
|
|
bc5401 |
+ * length output we will ever see from evp_EncryptDecryptUpdate is
|
|
|
bc5401 |
+ * the maximum multiple of the block length that is <= inl, or just:
|
|
|
bc5401 |
+ * inl & ~(b - 1)
|
|
|
bc5401 |
+ * Since final_used has been set then the final output length is:
|
|
|
bc5401 |
+ * (inl & ~(b - 1)) + b
|
|
|
bc5401 |
+ * This must never exceed INT_MAX
|
|
|
bc5401 |
+ */
|
|
|
bc5401 |
+ if ((inl & ~(b - 1)) > INT_MAX - b) {
|
|
|
bc5401 |
+ EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW);
|
|
|
bc5401 |
+ return 0;
|
|
|
bc5401 |
+ }
|
|
|
bc5401 |
memcpy(out, ctx->final, b);
|
|
|
bc5401 |
out += b;
|
|
|
bc5401 |
fix_len = 1;
|
|
|
bc5401 |
diff -up openssl-1.0.2k/crypto/evp/evp_err.c.int-overflow openssl-1.0.2k/crypto/evp/evp_err.c
|
|
|
bc5401 |
--- openssl-1.0.2k/crypto/evp/evp_err.c.int-overflow 2017-01-26 14:22:03.000000000 +0100
|
|
|
bc5401 |
+++ openssl-1.0.2k/crypto/evp/evp_err.c 2021-09-01 14:17:32.909929103 +0200
|
|
|
bc5401 |
@@ -1,6 +1,6 @@
|
|
|
bc5401 |
/* crypto/evp/evp_err.c */
|
|
|
bc5401 |
/* ====================================================================
|
|
|
bc5401 |
- * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
|
|
|
bc5401 |
+ * Copyright (c) 1999-2021 The OpenSSL Project. All rights reserved.
|
|
|
bc5401 |
*
|
|
|
bc5401 |
* Redistribution and use in source and binary forms, with or without
|
|
|
bc5401 |
* modification, are permitted provided that the following conditions
|
|
|
bc5401 |
@@ -93,6 +93,8 @@ static ERR_STRING_DATA EVP_str_functs[]
|
|
|
bc5401 |
"EVP_CIPHER_CTX_set_key_length"},
|
|
|
bc5401 |
{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
|
|
|
bc5401 |
{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
|
|
|
bc5401 |
+ {ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"},
|
|
|
bc5401 |
+ {ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"},
|
|
|
bc5401 |
{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
|
|
|
bc5401 |
{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
|
|
|
bc5401 |
{ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"},
|
|
|
bc5401 |
@@ -213,6 +215,8 @@ static ERR_STRING_DATA EVP_str_reasons[]
|
|
|
bc5401 |
{ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
|
|
|
bc5401 |
"operation not supported for this keytype"},
|
|
|
bc5401 |
{ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"},
|
|
|
bc5401 |
+ {ERR_REASON(EVP_R_OUTPUT_WOULD_OVERFLOW),
|
|
|
bc5401 |
+ "output would overflow"},
|
|
|
bc5401 |
{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),
|
|
|
bc5401 |
"pkcs8 unknown broken type"},
|
|
|
bc5401 |
{ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"},
|
|
|
bc5401 |
diff -up openssl-1.0.2k/crypto/evp/evp.h.int-overflow openssl-1.0.2k/crypto/evp/evp.h
|
|
|
bc5401 |
--- openssl-1.0.2k/crypto/evp/evp.h.int-overflow 2021-09-01 14:17:32.871928598 +0200
|
|
|
bc5401 |
+++ openssl-1.0.2k/crypto/evp/evp.h 2021-09-01 14:24:37.803577096 +0200
|
|
|
bc5401 |
@@ -1,5 +1,5 @@
|
|
|
bc5401 |
/* crypto/evp/evp.h */
|
|
|
bc5401 |
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|
|
bc5401 |
+/* Copyright (C) 1995-2021 Eric Young (eay@cryptsoft.com)
|
|
|
bc5401 |
* All rights reserved.
|
|
|
bc5401 |
*
|
|
|
bc5401 |
* This package is an SSL implementation written
|
|
|
bc5401 |
@@ -1404,6 +1404,8 @@ void ERR_load_EVP_strings(void);
|
|
|
bc5401 |
# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
|
|
|
bc5401 |
# define EVP_F_EVP_DECRYPTFINAL_EX 101
|
|
|
bc5401 |
# define EVP_F_EVP_DIGESTINIT_EX 128
|
|
|
bc5401 |
+# define EVP_F_EVP_DECRYPTUPDATE 180
|
|
|
bc5401 |
+# define EVP_F_EVP_ENCRYPTUPDATE 181
|
|
|
bc5401 |
# define EVP_F_EVP_ENCRYPTFINAL_EX 127
|
|
|
bc5401 |
# define EVP_F_EVP_MD_CTX_COPY_EX 110
|
|
|
bc5401 |
# define EVP_F_EVP_MD_SIZE 162
|
|
|
bc5401 |
@@ -1514,6 +1516,7 @@ void ERR_load_EVP_strings(void);
|
|
|
bc5401 |
# define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105
|
|
|
bc5401 |
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
|
|
|
bc5401 |
# define EVP_R_OPERATON_NOT_INITIALIZED 151
|
|
|
bc5401 |
+# define EVP_R_OUTPUT_WOULD_OVERFLOW 184
|
|
|
bc5401 |
# define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117
|
|
|
bc5401 |
# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
|
|
|
bc5401 |
# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
|