The branch OpenSSL_1_1_1-stable has been updated via 6527714c25a4266504e323395fd9ffd1bccb2041 (commit) via 3948408f2a6370556d833dc4947ffaaca82ebb78 (commit) from 0f68b771b0ab4764d542da649bb9a2c229bfe939 (commit)
- Log ----------------------------------------------------------------- commit 6527714c25a4266504e323395fd9ffd1bccb2041 Author: kinichiro <kinichiro.inogu...@gmail.com> Date: Sun Jan 12 17:35:39 2020 +0900 Avoid leak in error path of PKCS5_PBE_keyivgen CLA: trivial Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Matthias St. Pierre <matthias.st.pie...@ncp-e.com> Reviewed-by: Tomas Mraz <tm...@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10816) (cherry picked from commit adc9086beb21a91ca59aaf0c619b38b82c223f9b) commit 3948408f2a6370556d833dc4947ffaaca82ebb78 Author: Pauli <paul.d...@oracle.com> Date: Tue May 7 10:42:58 2019 +1000 Coverity CID 1444960: Error handling issues Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888) (cherry picked from commit a05bf83c7964bb3928b323fe356b9f70f105036d) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 1 + crypto/evp/evp_err.c | 1 + crypto/evp/p5_crpt.c | 24 ++++++++++++++++++------ include/openssl/evperr.h | 1 + 4 files changed, 21 insertions(+), 6 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index e4b8ebf228..e4cda9735e 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2255,6 +2255,7 @@ EVP_R_INITIALIZATION_ERROR:134:initialization error EVP_R_INPUT_NOT_INITIALIZED:111:input not initialized EVP_R_INVALID_DIGEST:152:invalid digest EVP_R_INVALID_FIPS_MODE:168:invalid fips mode +EVP_R_INVALID_IV_LENGTH:194:invalid iv length EVP_R_INVALID_KEY:163:invalid key EVP_R_INVALID_KEY_LENGTH:130:invalid key length EVP_R_INVALID_OPERATION:148:invalid operation diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 84bd3c2dab..42e70e931a 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -213,6 +213,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { "input not initialized"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST), "invalid digest"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_FIPS_MODE), "invalid fips mode"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_IV_LENGTH), "invalid iv length"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_OPERATION), "invalid operation"}, diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index 7e55d0bfb8..95e2d9c5dc 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -28,7 +28,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, EVP_MD_CTX *ctx; unsigned char md_tmp[EVP_MAX_MD_SIZE]; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; - int i; + int i, ivl, kl; PBEPARAM *pbe; int saltlen, iter; unsigned char *salt; @@ -48,6 +48,19 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, return 0; } + ivl = EVP_CIPHER_iv_length(cipher); + if (ivl < 0 || ivl > 16) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_IV_LENGTH); + PBEPARAM_free(pbe); + return 0; + } + kl = EVP_CIPHER_key_length(cipher); + if (kl < 0 || kl > (int)sizeof(md_tmp)) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_KEY_LENGTH); + PBEPARAM_free(pbe); + return 0; + } + if (!pbe->iter) iter = 1; else @@ -73,6 +86,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, if (!EVP_DigestUpdate(ctx, salt, saltlen)) goto err; PBEPARAM_free(pbe); + pbe = NULL; if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) goto err; mdsize = EVP_MD_size(md); @@ -86,11 +100,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) goto err; } - OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); - memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); - OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); - memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), - EVP_CIPHER_iv_length(cipher)); + memcpy(key, md_tmp, kl); + memcpy(iv, md_tmp + (16 - ivl), ivl); if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de)) goto err; OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); @@ -98,6 +109,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); rv = 1; err: + PBEPARAM_free(pbe); EVP_MD_CTX_free(ctx); return rv; } diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 6a651f5563..52413d181b 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -160,6 +160,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_INPUT_NOT_INITIALIZED 111 # define EVP_R_INVALID_DIGEST 152 # define EVP_R_INVALID_FIPS_MODE 168 +# define EVP_R_INVALID_IV_LENGTH 194 # define EVP_R_INVALID_KEY 163 # define EVP_R_INVALID_KEY_LENGTH 130 # define EVP_R_INVALID_OPERATION 148