From 06ad158da685c16adafadfcff434641236cac37c Mon Sep 17 00:00:00 2001
From: inoguchi <>
Date: Tue, 31 Jan 2017 13:17:21 +0000
Subject: LibreSSL : Truncated packet could crash via OOB read

This patch is originally from master branch of OpenSSL.
- 2198b3a crypto/evp: harden AEAD ciphers.
- 8e20499 crypto/evp: harden RC4_MD5 cipher.

ok tom@
---
 src/lib/libcrypto/evp/e_aes.c          | 9 +++++++--
 src/lib/libcrypto/evp/e_rc4_hmac_md5.c | 4 +++-
 2 files changed, 10 insertions(+), 3 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 71a18363f1..97cb5154a5 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.32 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: e_aes.c,v 1.33 2017/01/31 13:17:21 inoguchi Exp $ */
 /* ====================================================================
  * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -807,11 +807,16 @@ aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 			    c->buf[arg - 1];
 
 			/* Correct length for explicit IV */
+			if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
+				return 0;
 			len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
 
 			/* If decrypting correct for tag too */
-			if (!c->encrypt)
+			if (!c->encrypt) {
+				if (len < EVP_GCM_TLS_TAG_LEN)
+					return 0;
 				len -= EVP_GCM_TLS_TAG_LEN;
+			}
 			c->buf[arg - 2] = len >> 8;
 			c->buf[arg - 1] = len & 0xff;
 		}
diff --git a/src/lib/libcrypto/evp/e_rc4_hmac_md5.c b/src/lib/libcrypto/evp/e_rc4_hmac_md5.c
index a1fc0066e6..ac73361fa3 100644
--- a/src/lib/libcrypto/evp/e_rc4_hmac_md5.c
+++ b/src/lib/libcrypto/evp/e_rc4_hmac_md5.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_rc4_hmac_md5.c,v 1.7 2016/11/05 10:47:57 miod Exp $ */
+/* $OpenBSD: e_rc4_hmac_md5.c,v 1.8 2017/01/31 13:17:21 inoguchi Exp $ */
 /* ====================================================================
  * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
  *
@@ -262,6 +262,8 @@ rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
 			unsigned int len = p[arg - 2] << 8 | p[arg - 1];
 
 			if (!ctx->encrypt) {
+				if (len < MD5_DIGEST_LENGTH)
+					return -1;
 				len -= MD5_DIGEST_LENGTH;
 				p[arg - 2] = len >> 8;
 				p[arg - 1] = len;
-- 
cgit v1.2.3-55-g6feb