summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortedu <>2016-05-03 12:39:26 +0000
committertedu <>2016-05-03 12:39:26 +0000
commit09e01e8eaf2e2073521649b395f43d20782f6286 (patch)
tree440d360a3c21572bfdcdfcd7c4754f753492f661
parenteee0f2cb5c2c81b2e91f1de7f6272299d560761b (diff)
downloadopenbsd-09e01e8eaf2e2073521649b395f43d20782f6286.tar.gz
openbsd-09e01e8eaf2e2073521649b395f43d20782f6286.tar.bz2
openbsd-09e01e8eaf2e2073521649b395f43d20782f6286.zip
backport patch from openssl for multiple issues:
missing padding check in aesni functions overflow in evp encode functions use of invalid negative asn.1 types ok beck
-rw-r--r--src/lib/libssl/src/crypto/asn1/a_d2i_fp.c51
-rw-r--r--src/lib/libssl/src/crypto/asn1/a_type.c4
-rw-r--r--src/lib/libssl/src/crypto/asn1/tasn_dec.c4
-rw-r--r--src/lib/libssl/src/crypto/asn1/tasn_enc.c4
-rw-r--r--src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c5
-rw-r--r--src/lib/libssl/src/crypto/evp/encode.c14
-rw-r--r--src/lib/libssl/src/crypto/evp/evp_enc.c4
7 files changed, 56 insertions, 30 deletions
diff --git a/src/lib/libssl/src/crypto/asn1/a_d2i_fp.c b/src/lib/libssl/src/crypto/asn1/a_d2i_fp.c
index c0fb0a3802..2666653863 100644
--- a/src/lib/libssl/src/crypto/asn1/a_d2i_fp.c
+++ b/src/lib/libssl/src/crypto/asn1/a_d2i_fp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: a_d2i_fp.c,v 1.11 2014/07/13 11:10:20 miod Exp $ */ 1/* $OpenBSD: a_d2i_fp.c,v 1.11.8.1 2016/05/03 12:39:23 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -144,6 +144,7 @@ ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
144} 144}
145 145
146#define HEADER_SIZE 8 146#define HEADER_SIZE 8
147#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
147static int 148static int
148asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) 149asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
149{ 150{
@@ -167,18 +168,22 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
167 if (want >= (len - off)) { 168 if (want >= (len - off)) {
168 want -= (len - off); 169 want -= (len - off);
169 170
170 if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) { 171 if (len + want < len ||
171 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); 172 !BUF_MEM_grow_clean(b, len + want)) {
173 ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
174 ERR_R_MALLOC_FAILURE);
172 goto err; 175 goto err;
173 } 176 }
174 i = BIO_read(in, &(b->data[len]), want); 177 i = BIO_read(in, &(b->data[len]), want);
175 if ((i < 0) && ((len - off) == 0)) { 178 if ((i < 0) && ((len - off) == 0)) {
176 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA); 179 ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
180 ASN1_R_NOT_ENOUGH_DATA);
177 goto err; 181 goto err;
178 } 182 }
179 if (i > 0) { 183 if (i > 0) {
180 if (len + i < len) { 184 if (len + i < len) {
181 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); 185 ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
186 ASN1_R_TOO_LONG);
182 goto err; 187 goto err;
183 } 188 }
184 len += i; 189 len += i;
@@ -206,7 +211,8 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
206 /* no data body so go round again */ 211 /* no data body so go round again */
207 eos++; 212 eos++;
208 if (eos < 0) { 213 if (eos < 0) {
209 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG); 214 ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
215 ASN1_R_HEADER_TOO_LONG);
210 goto err; 216 goto err;
211 } 217 }
212 want = HEADER_SIZE; 218 want = HEADER_SIZE;
@@ -221,28 +227,45 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
221 /* suck in c.slen bytes of data */ 227 /* suck in c.slen bytes of data */
222 want = c.slen; 228 want = c.slen;
223 if (want > (len - off)) { 229 if (want > (len - off)) {
230 size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
231
224 want -= (len - off); 232 want -= (len - off);
225 if (want > INT_MAX /* BIO_read takes an int length */ || 233 if (want > INT_MAX /* BIO_read takes an int length */ ||
226 len+want < len) { 234 len+want < len) {
227 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); 235 ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
236 ASN1_R_TOO_LONG);
228 goto err; 237 goto err;
229 } 238 }
230 if (!BUF_MEM_grow_clean(b, len + want)) { 239 /*
231 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); 240 * Read content in chunks of increasing size
241 * so we can return an error for EOF without
242 * having to allocate the entire content length
243 * in one go.
244 */
245 size_t chunk = want > chunk_max ? chunk_max : want;
246
247 if (!BUF_MEM_grow_clean(b, len + chunk)) {
248 ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
249 ERR_R_MALLOC_FAILURE);
232 goto err; 250 goto err;
233 } 251 }
234 while (want > 0) { 252 want -= chunk;
235 i = BIO_read(in, &(b->data[len]), want); 253 while (chunk > 0) {
254 i = BIO_read(in, &(b->data[len]), chunk);
236 if (i <= 0) { 255 if (i <= 0) {
237 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, 256 ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
238 ASN1_R_NOT_ENOUGH_DATA); 257 ASN1_R_NOT_ENOUGH_DATA);
239 goto err; 258 goto err;
240 } 259 }
241 /* This can't overflow because 260 /*
242 * |len+want| didn't overflow. */ 261 * This can't overflow because |len+want|
262 * didn't overflow.
263 */
243 len += i; 264 len += i;
244 want -= i; 265 chunk -= i;
245 } 266 }
267 if (chunk_max < INT_MAX/2)
268 chunk_max *= 2;
246 } 269 }
247 if (off + c.slen < off) { 270 if (off + c.slen < off) {
248 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); 271 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
diff --git a/src/lib/libssl/src/crypto/asn1/a_type.c b/src/lib/libssl/src/crypto/asn1/a_type.c
index 38b3c65beb..fa21413c97 100644
--- a/src/lib/libssl/src/crypto/asn1/a_type.c
+++ b/src/lib/libssl/src/crypto/asn1/a_type.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: a_type.c,v 1.16 2015/03/19 14:00:22 tedu Exp $ */ 1/* $OpenBSD: a_type.c,v 1.16.4.1 2016/05/03 12:39:23 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -127,9 +127,7 @@ ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b)
127 break; 127 break;
128 128
129 case V_ASN1_INTEGER: 129 case V_ASN1_INTEGER:
130 case V_ASN1_NEG_INTEGER:
131 case V_ASN1_ENUMERATED: 130 case V_ASN1_ENUMERATED:
132 case V_ASN1_NEG_ENUMERATED:
133 case V_ASN1_BIT_STRING: 131 case V_ASN1_BIT_STRING:
134 case V_ASN1_OCTET_STRING: 132 case V_ASN1_OCTET_STRING:
135 case V_ASN1_SEQUENCE: 133 case V_ASN1_SEQUENCE:
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
index c5f9ff9943..7ac49865c5 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tasn_dec.c,v 1.27.4.1 2015/12/04 04:21:36 beck Exp $ */ 1/* $OpenBSD: tasn_dec.c,v 1.27.4.2 2016/05/03 12:39:23 tedu Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -860,9 +860,7 @@ asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype,
860 break; 860 break;
861 861
862 case V_ASN1_INTEGER: 862 case V_ASN1_INTEGER:
863 case V_ASN1_NEG_INTEGER:
864 case V_ASN1_ENUMERATED: 863 case V_ASN1_ENUMERATED:
865 case V_ASN1_NEG_ENUMERATED:
866 tint = (ASN1_INTEGER **)pval; 864 tint = (ASN1_INTEGER **)pval;
867 if (!c2i_ASN1_INTEGER(tint, &cont, len)) 865 if (!c2i_ASN1_INTEGER(tint, &cont, len))
868 goto err; 866 goto err;
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_enc.c b/src/lib/libssl/src/crypto/asn1/tasn_enc.c
index c59033e54d..24d338597b 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_enc.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tasn_enc.c,v 1.16 2015/02/14 15:23:57 miod Exp $ */ 1/* $OpenBSD: tasn_enc.c,v 1.16.6.1 2016/05/03 12:39:23 tedu Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -603,9 +603,7 @@ asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
603 break; 603 break;
604 604
605 case V_ASN1_INTEGER: 605 case V_ASN1_INTEGER:
606 case V_ASN1_NEG_INTEGER:
607 case V_ASN1_ENUMERATED: 606 case V_ASN1_ENUMERATED:
608 case V_ASN1_NEG_ENUMERATED:
609 /* These are all have the same content format 607 /* These are all have the same content format
610 * as ASN1_INTEGER 608 * as ASN1_INTEGER
611 */ 609 */
diff --git a/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c b/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c
index 7c23face34..479621b297 100644
--- a/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.8 2014/07/12 20:37:07 miod Exp $ */ 1/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.8.8.1 2016/05/03 12:39:23 tedu Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -60,6 +60,7 @@
60#include <openssl/aes.h> 60#include <openssl/aes.h>
61#include <openssl/sha.h> 61#include <openssl/sha.h>
62#include "evp_locl.h" 62#include "evp_locl.h"
63#include "constant_time_locl.h"
63 64
64#ifndef EVP_CIPH_FLAG_AEAD_CIPHER 65#ifndef EVP_CIPH_FLAG_AEAD_CIPHER
65#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 66#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
@@ -282,6 +283,8 @@ aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
282 maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); 283 maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
283 maxpad &= 255; 284 maxpad &= 255;
284 285
286 ret &= constant_time_ge(maxpad, pad);
287
285 inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); 288 inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
286 mask = (0 - ((inp_len - len) >> 289 mask = (0 - ((inp_len - len) >>
287 (sizeof(inp_len) * 8 - 1))); 290 (sizeof(inp_len) * 8 - 1)));
diff --git a/src/lib/libssl/src/crypto/evp/encode.c b/src/lib/libssl/src/crypto/evp/encode.c
index 725667bfff..a2b86e962b 100644
--- a/src/lib/libssl/src/crypto/evp/encode.c
+++ b/src/lib/libssl/src/crypto/evp/encode.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: encode.c,v 1.20 2015/02/07 13:19:15 doug Exp $ */ 1/* $OpenBSD: encode.c,v 1.20.6.1 2016/05/03 12:39:23 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -56,6 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#include <sys/limits.h>
59#include <stdio.h> 60#include <stdio.h>
60#include <string.h> 61#include <string.h>
61 62
@@ -124,13 +125,13 @@ EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
124 const unsigned char *in, int inl) 125 const unsigned char *in, int inl)
125{ 126{
126 int i, j; 127 int i, j;
127 unsigned int total = 0; 128 size_t total = 0;
128 129
129 *outl = 0; 130 *outl = 0;
130 if (inl == 0) 131 if (inl == 0)
131 return; 132 return;
132 OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); 133 OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
133 if ((ctx->num + inl) < ctx->length) { 134 if (ctx->length - ctx->num > inl) {
134 memcpy(&(ctx->enc_data[ctx->num]), in, inl); 135 memcpy(&(ctx->enc_data[ctx->num]), in, inl);
135 ctx->num += inl; 136 ctx->num += inl;
136 return; 137 return;
@@ -147,7 +148,7 @@ EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
147 *out = '\0'; 148 *out = '\0';
148 total = j + 1; 149 total = j + 1;
149 } 150 }
150 while (inl >= ctx->length) { 151 while (inl >= ctx->length && total <= INT_MAX) {
151 j = EVP_EncodeBlock(out, in, ctx->length); 152 j = EVP_EncodeBlock(out, in, ctx->length);
152 in += ctx->length; 153 in += ctx->length;
153 inl -= ctx->length; 154 inl -= ctx->length;
@@ -156,6 +157,11 @@ EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
156 *out = '\0'; 157 *out = '\0';
157 total += j + 1; 158 total += j + 1;
158 } 159 }
160 if (total > INT_MAX) {
161 /* Too much output data! */
162 *outl = 0;
163 return;
164 }
159 if (inl != 0) 165 if (inl != 0)
160 memcpy(&(ctx->enc_data[0]), in, inl); 166 memcpy(&(ctx->enc_data[0]), in, inl);
161 ctx->num = inl; 167 ctx->num = inl;
diff --git a/src/lib/libssl/src/crypto/evp/evp_enc.c b/src/lib/libssl/src/crypto/evp/evp_enc.c
index 42ccfceec9..7467c47dd5 100644
--- a/src/lib/libssl/src/crypto/evp/evp_enc.c
+++ b/src/lib/libssl/src/crypto/evp/evp_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: evp_enc.c,v 1.26 2015/02/10 09:52:35 miod Exp $ */ 1/* $OpenBSD: evp_enc.c,v 1.26.6.1 2016/05/03 12:39:23 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -334,7 +334,7 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
334 return 0; 334 return 0;
335 } 335 }
336 if (i != 0) { 336 if (i != 0) {
337 if (i + inl < bl) { 337 if (bl - i > inl) {
338 memcpy(&(ctx->buf[i]), in, inl); 338 memcpy(&(ctx->buf[i]), in, inl);
339 ctx->buf_len += inl; 339 ctx->buf_len += inl;
340 *outl = 0; 340 *outl = 0;