wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto
History
Matt Caswell 335d0a4646 Fix undefined behaviour in e_aes_cbc_hmac_sha256.c and e_aes_cbc_hmac_sha1.c 
In TLS mode of operation the padding value "pad" is obtained along with the
maximum possible padding value "maxpad". If pad > maxpad then the data is
invalid. However we must continue anyway because this is constant time code.

We calculate the payload length like this:

    inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);

However if pad is invalid then inp_len ends up -ve (actually large +ve
because it is a size_t).

Later we do this:

    /* verify HMAC */
    out += inp_len;
    len -= inp_len;

This ends up with "out" pointing before the buffer which is undefined
behaviour. Next we calculate "p" like this:

    unsigned char *p =
        out + len - 1 - maxpad - SHA256_DIGEST_LENGTH;

Because of the "out + len" term the -ve inp_len value is cancelled out
so "p" points to valid memory (although technically the pointer arithmetic
is undefined behaviour again).

We only ever then dereference "p" and never "out" directly so there is
never an invalid read based on the bad pointer - so there is no security
issue.

This commit fixes the undefined behaviour by ensuring we use maxpad in
place of pad, if the supplied pad is invalid.

With thanks to Brian Carpenter for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3832)
2017-07-19 11:49:08 +01:00
..
aes x86_64 assembly pack: fill some blanks in Ryzen results. 2017-07-03 18:17:00 +02:00
aria Correct Oracle copyrights & clarify. 2017-06-15 15:50:50 +10:00
asn1 Change return (x) to return x 2017-07-14 07:32:58 +10:00
async make error tables const and separate header file 2017-06-07 15:12:03 -04:00
bf Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00
bio BIO range checking. 2017-07-07 07:18:41 +10:00
blake2 Fix some extra or missing whitespaces... 2017-01-25 09:06:34 +00:00
bn Address potential buffer overflows. 2017-07-07 13:37:06 +10:00
buffer Fix crash in BUF_MEM_grow_clean. 2017-07-10 16:25:43 +02:00
camellia Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00
cast Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00
chacha x86_64 assembly pack: fill some blanks in Ryzen results. 2017-07-03 18:17:00 +02:00
cmac Don't use deprecated EVP_CIPHER_CTX_cleanup() internally 2017-03-01 11:42:50 +01:00
cms make error tables const and separate header file 2017-06-07 15:12:03 -04:00
comp make error tables const and separate header file 2017-06-07 15:12:03 -04:00
conf Trivial bounds checking. 2017-07-07 15:45:55 +10:00
ct Fix memory leaks in CTLOG_new_from_base64 2017-06-09 13:32:29 -04:00
des Trivial bounds checking. 2017-07-07 15:45:55 +10:00
dh Change to check last return value of BN_CTX_get 2017-06-26 15:40:16 +02:00
dsa Fix a possible crash in dsa_builtin_paramgen2. 2017-06-14 09:35:48 -04:00
dso Put message strings in state files 2017-06-12 15:03:40 -04:00
ec Cleanup some copyright stuff 2017-06-30 21:56:44 -04:00
engine Undo commit d420ac2 2017-07-05 11:32:35 +10:00
err Add DRBG random method 2017-07-19 03:25:16 -04:00
evp Fix undefined behaviour in e_aes_cbc_hmac_sha256.c and e_aes_cbc_hmac_sha1.c 2017-07-19 11:49:08 +01:00
hmac PBKDF2 computation speedup (15-40%) 2017-04-04 10:44:17 -04:00
idea Fix gcc-7 warnings. 2017-05-11 19:39:38 +02:00
include/internal Add fork handlers, based on pthread_atfork 2017-06-29 16:19:41 -04:00
kdf make error tables const and separate header file 2017-06-07 15:12:03 -04:00
lhash coding style: remove extra whitespace charactor 2017-07-12 21:27:35 +02:00
md2 Convert memset calls to OPENSSL_cleanse 2016-06-30 15:51:57 +01:00
md4 Remove/rename some old files. 2016-06-01 11:29:57 -04:00
md5 Cleanup some copyright stuff 2017-06-30 21:56:44 -04:00
mdc2 Convert mdc2 test print to internal test 2016-11-03 13:13:31 +01:00
modes Undo commit cd359b2 2017-07-05 17:06:57 -04:00
objects Trivial bounds checking. 2017-07-07 15:45:55 +10:00
ocsp Fix return-value checks in OCSP_resp_get1_id() 2017-06-27 10:49:53 -05:00
pem Fix error handling in get_header_and_data. 2017-07-10 16:25:43 +02:00
perlasm perlasm/ppc-xlate.pl: add PowerISA 3.0B instructions. 2017-06-13 18:37:08 +02:00
pkcs7 make error tables const and separate header file 2017-06-07 15:12:03 -04:00
pkcs12 make error tables const and separate header file 2017-06-07 15:12:03 -04:00
poly1305 x86_64 assembly pack: fill some blanks in Ryzen results. 2017-07-03 18:17:00 +02:00
rand Add DRBG random method 2017-07-19 03:25:16 -04:00
rc2 Fix gcc-7 warnings. 2017-05-11 19:39:38 +02:00
rc4 Cleanup some copyright stuff 2017-06-30 21:56:44 -04:00
rc5 Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00
ripemd Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00
rsa Remove resolved TODO 2017-07-17 16:18:28 +02:00
seed Use _WIN32 over WIN32 for preprocessor conditional 2017-02-16 08:59:47 -05:00
sha sha/asm/keccak1600-avx2.pl: optimized remodelled version. 2017-07-15 23:04:38 +02:00
siphash Fix gcc-7 warnings. 2017-05-11 19:39:38 +02:00
srp Correct some badly formated preprocessor lines 2017-04-25 15:44:48 +02:00
stack Don't leak on an OPENSSL_realloc() failure 2016-09-21 20:27:15 +01:00
store OSSL_STORE "file" scheme loader: check that a DOS device is correctly named 2017-07-15 18:53:07 +02:00
ts Put message strings in state files 2017-06-12 15:03:40 -04:00
txt_db Fix a few memleaks in TXT_DB. 2017-02-21 14:13:58 -05:00
ui Fix small UI issues 2017-07-05 11:15:37 +02:00
whrlpool Fix a read off the end of the input buffer 2017-06-08 16:05:52 -04:00
x509 Trivial bounds checking. 2017-07-07 15:45:55 +10:00
x509v3 Trivial bounds checking. 2017-07-07 15:45:55 +10:00
alphacpuid.pl Add assembly CRYPTO_memcmp. 2016-05-19 22:33:00 +02:00
arm64cpuid.pl Add assembly CRYPTO_memcmp. 2016-05-19 22:33:00 +02:00
arm_arch.h Copyright consolidation 07/10 2016-05-17 14:51:26 -04:00
armcap.c Modify type of variable in OPENSSL_cpuid_setup function 2017-06-16 16:58:51 -04:00
armv4cpuid.pl ARMv4 assembly pack: harmonize Thumb-ification of iOS build. 2017-02-15 23:16:01 +01:00
build.info Move OS-specific fopen quirks to o_fopen.c. 2016-06-22 21:51:53 +02:00
c64xpluscpuid.pl Add assembly CRYPTO_memcmp. 2016-05-19 22:33:00 +02:00
cpt_err.c make error tables const and separate header file 2017-06-07 15:12:03 -04:00
cryptlib.c Modify Sun copyright to follow OpenSSL style 2017-06-20 11:13:45 -04:00
cversion.c Undo commit d420ac2 2017-07-05 11:32:35 +10:00
dllmain.c Copyright consolidation 09/10 2016-05-17 14:53:16 -04:00
ebcdic.c Copyright consolidation 05/10 2016-05-17 15:38:09 -04:00
ex_data.c Fix ex_data and session_dup issues 2017-06-02 12:11:38 -04:00
ia64cpuid.S Add final(?) set of copyrights. 2016-06-01 11:27:25 -04:00
init.c Fix atfork flag. Avoid double-negatives :) 2017-06-30 14:47:02 -04:00
LPdir_nyi.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_unix.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_vms.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_win.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_win32.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_wince.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
mem.c Use the return value from write(2) 2017-07-04 09:56:05 +10:00
mem_clr.c Fix some style issues... 2016-08-02 09:59:23 +02:00
mem_dbg.c Address potential buffer overflows. 2017-07-07 13:37:06 +10:00
mem_sec.c Cleanup some copyright stuff 2017-06-30 21:56:44 -04:00
mips_arch.h Remove trailing whitespace from some files. 2016-10-10 23:36:21 +01:00
o_dir.c Fix typo, missing || 2017-02-22 19:51:04 +01:00
o_fips.c Clean up references to FIPS 2017-02-28 15:26:25 +01:00
o_fopen.c Fix a few if(, for(, while( inside code. 2016-07-20 07:21:53 -04:00
o_init.c Clean up references to FIPS 2017-02-28 15:26:25 +01:00
o_str.c Address some -Wold-style-declaration warnings 2017-05-01 14:23:28 -04:00
o_time.c Reset executable bits on files where not needed. 2017-03-03 09:13:40 +01:00
pariscid.pl Add assembly CRYPTO_memcmp. 2016-05-19 22:33:00 +02:00
ppc_arch.h GH919: Fix wrappers for two headers 2016-05-24 11:04:38 -04:00
ppccap.c crypto/ppccap.c: SIGILL-free processor capabilities detection on MacOS X. 2017-04-02 20:45:59 +02:00
ppccpuid.pl Add assembly CRYPTO_memcmp. 2016-05-19 22:33:00 +02:00
s390xcap.c Fix strict-warnings build 2016-10-18 17:09:47 +01:00
s390xcpuid.S s390x assembly pack: improve portability. 2016-06-06 11:08:04 +02:00
sparc_arch.h Copyright consolidation 09/10 2016-05-17 14:53:16 -04:00
sparccpuid.S Clean up references to FIPS 2017-02-28 15:26:25 +01:00
sparcv9cap.c crypto/sparcv9cap.c: add missing declaration. 2016-08-12 10:26:20 +02:00
threads_none.c Fix build with no-threads no-ec 2017-06-30 19:55:47 +01:00
threads_pthread.c Add fork handlers, based on pthread_atfork 2017-06-29 16:19:41 -04:00
threads_win.c Add fork handlers, based on pthread_atfork 2017-06-29 16:19:41 -04:00
uid.c Cleaning UEFI Build with additional OPENSSL_SYS_UEFI flags 2017-03-29 07:35:59 +02:00
vms_rms.h Copyright consolidation 09/10 2016-05-17 14:53:16 -04:00
x86_64cpuid.pl crypto/x86*cpuid.pl: move extended feature detection. 2017-03-13 18:42:10 +01:00
x86cpuid.pl Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00