cms_RecipientInfo_pwri_crypt: fix incorrect return checklibressl-v4.0.1 OPENBSD_7_6

cms_RecipientInfo_pwri_crypt: plug leak of kekalg cms: fix incorrect length check in kek_unwrap_key() An incorrect length check can result in a 4-byte overwrite and an 8-byte overread. From Stanislav Fort and Viktor Dukhovni via OpenSSL. CVE-2025-9230. ok jsing this is errata/7.6/023_libcrypto.patch.sig
author: tb <> 2025-09-30 12:54:59 +0000
committer: tb <> 2025-09-30 12:54:59 +0000
commit: 2357352b8d9b0c6ac07e7240d0660f70c8d38da2 (patch)
tree: f9c4ecfc04b5609acb4752173991bb11eaf7ba79
parent: ce488b78e0bd994780569df718596b9776ff681a (diff)
download: openbsd-OPENBSD_7_6.tar.gz
openbsd-OPENBSD_7_6.tar.bz2
openbsd-OPENBSD_7_6.zip
1 files changed, 6 insertions, 6 deletions
diff --git a/src/lib/libcrypto/cms/cms_pwri.c b/src/lib/libcrypto/cms/cms_pwri.c
index b6fe5df961..99eb60a940 100644
--- a/src/lib/libcrypto/cms/cms_pwri.c
+++ b/src/lib/libcrypto/cms/cms_pwri.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_pwri.c,v 1.31 2024/01/14 18:40:24 tb Exp $ */
+/* $OpenBSD: cms_pwri.c,v 1.31.4.1 2025/09/30 12:54:59 tb Exp $ */
 /*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
@@ -267,7 +267,7 @@ kek_unwrap_key(unsigned char *out, size_t *outlen, const unsigned char *in,
                /* Check byte failure */
                goto err;
        }
-        if (inlen < (size_t)(tmp[0] - 4)) {
+        if (inlen < 4 + (size_t)tmp[0]) {
                /* Invalid length value */
                goto err;
        }
@@ -368,13 +368,13 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
        kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
        if (!kekcipher) {
                CMSerror(CMS_R_UNKNOWN_CIPHER);
-                return 0;
+                goto err;
        }
        kekctx = EVP_CIPHER_CTX_new();
        if (kekctx == NULL) {
                CMSerror(ERR_R_MALLOC_FAILURE);
-                return 0;
+                goto err;
        }
        /* Fixup cipher based on AlgorithmIdentifier to set IV etc */
        if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))
@@ -389,8 +389,8 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
        /* Finish password based key derivation to setup key in "ctx" */
-        if (EVP_PBE_CipherInit(algtmp->algorithm, (char *)pwri->pass,
+        if (!EVP_PBE_CipherInit(algtmp->algorithm, (char *)pwri->pass,
-            pwri->passlen, algtmp->parameter, kekctx, en_de) < 0) {
+            pwri->passlen, algtmp->parameter, kekctx, en_de)) {
                CMSerror(ERR_R_EVP_LIB);
                goto err;
        }
author	tb <>	2025-09-30 12:54:59 +0000
committer	tb <>	2025-09-30 12:54:59 +0000
commit	2357352b8d9b0c6ac07e7240d0660f70c8d38da2 (patch)
tree	f9c4ecfc04b5609acb4752173991bb11eaf7ba79
parent	ce488b78e0bd994780569df718596b9776ff681a (diff)
download	openbsd-OPENBSD_7_6.tar.gz openbsd-OPENBSD_7_6.tar.bz2 openbsd-OPENBSD_7_6.zip

diff --git a/src/lib/libcrypto/cms/cms_pwri.c b/src/lib/libcrypto/cms/cms_pwri.c index b6fe5df961..99eb60a940 100644 --- a/src/lib/libcrypto/cms/cms_pwri.c +++ b/src/lib/libcrypto/cms/cms_pwri.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: cms_pwri.c,v 1.31 2024/01/14 18:40:24 tb Exp $ */	1	/* $OpenBSD: cms_pwri.c,v 1.31.4.1 2025/09/30 12:54:59 tb Exp $ */
2	/*	2	/*
3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4	* project.	4	* project.
@@ -267,7 +267,7 @@ kek_unwrap_key(unsigned char out, size_t outlen, const unsigned char *in,
267	/* Check byte failure */	267	/* Check byte failure */
268	goto err;	268	goto err;
269	}	269	}
270	if (inlen < (size_t)(tmp[0] - 4)) {	270	if (inlen < 4 + (size_t)tmp[0]) {
271	/* Invalid length value */	271	/* Invalid length value */
272	goto err;	272	goto err;
273	}	273	}
@@ -368,13 +368,13 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo cms, CMS_RecipientInfo ri,
368	kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);	368	kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
369	if (!kekcipher) {	369	if (!kekcipher) {
370	CMSerror(CMS_R_UNKNOWN_CIPHER);	370	CMSerror(CMS_R_UNKNOWN_CIPHER);
371	return 0;	371	goto err;
372	}	372	}
373		373
374	kekctx = EVP_CIPHER_CTX_new();	374	kekctx = EVP_CIPHER_CTX_new();
375	if (kekctx == NULL) {	375	if (kekctx == NULL) {
376	CMSerror(ERR_R_MALLOC_FAILURE);	376	CMSerror(ERR_R_MALLOC_FAILURE);
377	return 0;	377	goto err;
378	}	378	}
379	/* Fixup cipher based on AlgorithmIdentifier to set IV etc */	379	/* Fixup cipher based on AlgorithmIdentifier to set IV etc */
380	if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))	380	if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))
@@ -389,8 +389,8 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo cms, CMS_RecipientInfo ri,
389		389
390	/* Finish password based key derivation to setup key in "ctx" */	390	/* Finish password based key derivation to setup key in "ctx" */
391		391
392	if (EVP_PBE_CipherInit(algtmp->algorithm, (char *)pwri->pass,	392	if (!EVP_PBE_CipherInit(algtmp->algorithm, (char *)pwri->pass,
393	pwri->passlen, algtmp->parameter, kekctx, en_de) < 0) {	393	pwri->passlen, algtmp->parameter, kekctx, en_de)) {
394	CMSerror(ERR_R_EVP_LIB);	394	CMSerror(ERR_R_EVP_LIB);
395	goto err;	395	goto err;
396	}	396	}