From 2f913441f29f1f81d45eb8d13b12bdfd75a57d70 Mon Sep 17 00:00:00 2001 From: tb <> Date: Tue, 30 Sep 2025 12:54:18 +0000 Subject: cms_RecipientInfo_pwri_crypt: fix incorrect return check cms_RecipientInfo_pwri_crypt: plug leak of kekalg cms: fix incorrect length check in kek_unwrap_key() An incorrect length check can result in a 4-byte overwrite and an 8-byte overread. From Stanislav Fort and Viktor Dukhovni via OpenSSL. CVE-2025-9230. ok jsing this is errata/7.7/010_libcrypto.patch.sig --- src/lib/libcrypto/cms/cms_pwri.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libcrypto/cms/cms_pwri.c b/src/lib/libcrypto/cms/cms_pwri.c index b6fe5df961..cbcb7e09d3 100644 --- a/src/lib/libcrypto/cms/cms_pwri.c +++ b/src/lib/libcrypto/cms/cms_pwri.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_pwri.c,v 1.31 2024/01/14 18:40:24 tb Exp $ */ +/* $OpenBSD: cms_pwri.c,v 1.31.8.1 2025/09/30 12:54:18 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -267,7 +267,7 @@ kek_unwrap_key(unsigned char *out, size_t *outlen, const unsigned char *in, /* Check byte failure */ goto err; } - if (inlen < (size_t)(tmp[0] - 4)) { + if (inlen < 4 + (size_t)tmp[0]) { /* Invalid length value */ goto err; } @@ -368,13 +368,13 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, kekcipher = EVP_get_cipherbyobj(kekalg->algorithm); if (!kekcipher) { CMSerror(CMS_R_UNKNOWN_CIPHER); - return 0; + goto err; } kekctx = EVP_CIPHER_CTX_new(); if (kekctx == NULL) { CMSerror(ERR_R_MALLOC_FAILURE); - return 0; + goto err; } /* Fixup cipher based on AlgorithmIdentifier to set IV etc */ if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de)) @@ -389,8 +389,8 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, /* Finish password based key derivation to setup key in "ctx" */ - if (EVP_PBE_CipherInit(algtmp->algorithm, (char *)pwri->pass, - pwri->passlen, algtmp->parameter, kekctx, en_de) < 0) { + if (!EVP_PBE_CipherInit(algtmp->algorithm, (char *)pwri->pass, + pwri->passlen, algtmp->parameter, kekctx, en_de)) { CMSerror(ERR_R_EVP_LIB); goto err; } -- cgit v1.2.3-55-g6feb