The branch master has been updated
via 28cab20916731c188180628330de27f6ce5f684e (commit)
via dfefa4c16424cb3628b2a75b53c11e0be5247baa (commit)
via 528685fe7767b376fe299a602217f3a3a7e1d21d (commit)
from f7c1b472bf0a790b9c87e1c87e48897d6413ec45 (commit)
- Log -----------------------------------------------------------------
commit 28cab20916731c188180628330de27f6ce5f684e
Author: Pauli <pa...@openssl.org>
Date: Mon May 31 16:31:18 2021 +1000
crypto: updates to pass size_t to RAND_bytes_ex()
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Shane Lontis <shane.lon...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15540)
commit dfefa4c16424cb3628b2a75b53c11e0be5247baa
Author: Pauli <pa...@openssl.org>
Date: Mon May 31 16:31:04 2021 +1000
ssl: ass size_t to RAND_bytes_ex()
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Shane Lontis <shane.lon...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15540)
commit 528685fe7767b376fe299a602217f3a3a7e1d21d
Author: Pauli <pa...@openssl.org>
Date: Mon May 31 16:30:50 2021 +1000
rand: use size_t for size argument to RAND_bytes_ex()
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Shane Lontis <shane.lon...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15540)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/p5_pbev2.c | 10 +++++-----
crypto/crmf/crmf_pbm.c | 2 +-
crypto/ec/ec_err.c | 3 ++-
crypto/ec/ecp_s390x_nistp.c | 6 +++++-
crypto/err/openssl.txt | 2 ++
crypto/ffc/ffc_params_generate.c | 4 ++--
crypto/pkcs12/p12_mutl.c | 4 +++-
crypto/rand/rand_lib.c | 12 ++++++++----
crypto/rsa/rsa_err.c | 1 +
crypto/rsa/rsa_oaep.c | 4 ++++
crypto/rsa/rsa_pk1.c | 3 +++
doc/man3/RAND_bytes.pod | 4 ++--
include/crypto/ecerr.h | 2 +-
include/openssl/ecerr.h | 1 +
include/openssl/rand.h | 4 ++--
include/openssl/rsaerr.h | 1 +
ssl/statem/statem_clnt.c | 6 +++---
ssl/statem/statem_srvr.c | 3 ++-
18 files changed, 48 insertions(+), 24 deletions(-)
diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
index d16fb8cfe3..162e31d7ba 100644
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@@ -45,7 +45,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher,
int iter,
OSSL_LIB_CTX *libctx)
{
X509_ALGOR *scheme = NULL, *ret = NULL;
- int alg_nid, keylen;
+ int alg_nid, keylen, ivlen;
EVP_CIPHER_CTX *ctx = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
PBE2PARAM *pbe2 = NULL;
@@ -66,11 +66,11 @@ X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher,
int iter,
goto merr;
/* Create random IV */
- if (EVP_CIPHER_iv_length(cipher)) {
+ ivlen = EVP_CIPHER_iv_length(cipher);
+ if (ivlen > 0) {
if (aiv)
- memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
- else if (RAND_bytes_ex(libctx, iv, EVP_CIPHER_iv_length(cipher),
- 0) <= 0)
+ memcpy(iv, aiv, ivlen);
+ else if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0)
goto err;
}
diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c
index 21808d014b..5641bee65a 100644
--- a/crypto/crmf/crmf_pbm.c
+++ b/crypto/crmf/crmf_pbm.c
@@ -55,7 +55,7 @@ OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX
*libctx, size_t slen,
*/
if ((salt = OPENSSL_malloc(slen)) == NULL)
goto err;
- if (RAND_bytes_ex(libctx, salt, (int)slen, 0) <= 0) {
+ if (RAND_bytes_ex(libctx, salt, slen, 0) <= 0) {
ERR_raise(ERR_LIB_CRMF, CRMF_R_FAILURE_OBTAINING_RANDOM);
goto err;
}
diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c
index 9e21968499..9dc143c2ac 100644
--- a/crypto/ec/ec_err.c
+++ b/crypto/ec/ec_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -62,6 +62,7 @@ static const ERR_STRING_DATA EC_str_reasons[] = {
{ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_GENERATOR), "invalid generator"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_GROUP_ORDER), "invalid group order"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_KEY), "invalid key"},
+ {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_LENGTH), "invalid length"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_NAMED_GROUP_CONVERSION),
"invalid named group conversion"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_OUTPUT_LENGTH),
diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c
index 4a676c37ad..5c70b2d678 100644
--- a/crypto/ec/ecp_s390x_nistp.c
+++ b/crypto/ec/ecp_s390x_nistp.c
@@ -173,6 +173,10 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const
unsigned char *dgst,
}
if (r == NULL || kinv == NULL) {
+ if (len < 0) {
+ ERR_raise(ERR_LIB_EC, EC_R_INVALID_LENGTH);
+ goto ret;
+ }
/*
* Generate random k and copy to param param block. RAND_priv_bytes_ex
* is used instead of BN_priv_rand_range or BN_generate_dsa_nonce
@@ -180,7 +184,7 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned
char *dgst,
* internally implementing counter-measures for RNG weakness.
*/
if (RAND_priv_bytes_ex(eckey->libctx, param + S390X_OFF_RN(len),
- len, 0) != 1) {
+ (size_t)len, 0) != 1) {
ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED);
goto ret;
}
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 48d1175bce..eb0ace5474 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -555,6 +555,7 @@ EC_R_INVALID_FORM:104:invalid form
EC_R_INVALID_GENERATOR:173:invalid generator
EC_R_INVALID_GROUP_ORDER:122:invalid group order
EC_R_INVALID_KEY:116:invalid key
+EC_R_INVALID_LENGTH:117:invalid length
EC_R_INVALID_NAMED_GROUP_CONVERSION:174:invalid named group conversion
EC_R_INVALID_OUTPUT_LENGTH:161:invalid output length
EC_R_INVALID_P:172:invalid p
@@ -1152,6 +1153,7 @@ RSA_R_INVALID_HEADER:137:invalid header
RSA_R_INVALID_KEYPAIR:171:invalid keypair
RSA_R_INVALID_KEY_LENGTH:173:invalid key length
RSA_R_INVALID_LABEL:160:invalid label
+RSA_R_INVALID_LENGTH:181:invalid length
RSA_R_INVALID_MESSAGE_LENGTH:131:invalid message length
RSA_R_INVALID_MGF1_MD:156:invalid mgf1 md
RSA_R_INVALID_MODULUS:174:invalid modulus
diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c
index 3c6f789c3e..85ae524015 100644
--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@@ -329,7 +329,7 @@ static int generate_q_fips186_4(BN_CTX *ctx, BIGNUM *q,
const EVP_MD *evpmd,
/* A.1.1.2 Step (5) : generate seed with size seed_len */
if (generate_seed
- && RAND_bytes_ex(libctx, seed, (int)seedlen, 0) < 0)
+ && RAND_bytes_ex(libctx, seed, seedlen, 0) < 0)
goto err;
/*
* A.1.1.2 Step (6) AND
@@ -399,7 +399,7 @@ static int generate_q_fips186_2(BN_CTX *ctx, BIGNUM *q,
const EVP_MD *evpmd,
if (!BN_GENCB_call(cb, 0, m++))
goto err;
- if (generate_seed && RAND_bytes_ex(libctx, seed, (int)qsize, 0) <= 0)
+ if (generate_seed && RAND_bytes_ex(libctx, seed, qsize, 0) <= 0)
goto err;
memcpy(buf, seed, qsize);
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index 041711d7d4..be4ed16ab7 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -259,8 +259,10 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char
*salt, int saltlen,
}
p12->mac->salt->length = saltlen;
if (!salt) {
+ if (saltlen < 0)
+ return 0;
if (RAND_bytes_ex(p12->authsafes->ctx.libctx, p12->mac->salt->data,
- saltlen, 0) <= 0)
+ (size_t)saltlen, 0) <= 0)
return 0;
} else
memcpy(p12->mac->salt->data, salt, saltlen);
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 7ad05ea008..56e615f6b9 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -315,7 +315,7 @@ const RAND_METHOD *RAND_get_rand_method(void)
* the default method, then just call RAND_bytes(). Otherwise make
* sure we're instantiated and use the private DRBG.
*/
-int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num,
unsigned int strength)
{
EVP_RAND_CTX *rand;
@@ -339,10 +339,12 @@ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char
*buf, int num,
int RAND_priv_bytes(unsigned char *buf, int num)
{
- return RAND_priv_bytes_ex(NULL, buf, num, 0);
+ if (num < 0)
+ return 0;
+ return RAND_priv_bytes_ex(NULL, buf, (size_t)num, 0);
}
-int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num,
unsigned int strength)
{
EVP_RAND_CTX *rand;
@@ -366,7 +368,9 @@ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf,
int num,
int RAND_bytes(unsigned char *buf, int num)
{
- return RAND_bytes_ex(NULL, buf, num, 0);
+ if (num < 0)
+ return 0;
+ return RAND_bytes_ex(NULL, buf, (size_t)num, 0);
}
typedef struct rand_global_st {
diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
index 85bee965fc..269971c07b 100644
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -57,6 +57,7 @@ static const ERR_STRING_DATA RSA_str_reasons[] = {
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_KEYPAIR), "invalid keypair"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_KEY_LENGTH), "invalid key length"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_LABEL), "invalid label"},
+ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_LENGTH), "invalid length"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MESSAGE_LENGTH),
"invalid message length"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MGF1_MD), "invalid mgf1 md"},
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index 5068057fd1..00646648c7 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -77,6 +77,10 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX
*libctx,
mgf1md = md;
mdlen = EVP_MD_size(md);
+ if (mdlen <= 0) {
+ ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH);
+ return 0;
+ }
/* step 2b: check KLen > nLen - 2 HLen - 2 */
if (flen > emlen - 2 * mdlen - 1) {
diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c
index 9094b1ac50..f1eabf177c 100644
--- a/crypto/rsa/rsa_pk1.c
+++ b/crypto/rsa/rsa_pk1.c
@@ -128,6 +128,9 @@ int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX
*libctx, unsigned char *to
if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
return 0;
+ } else if (flen < 0) {
+ ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH);
+ return 0;
}
p = (unsigned char *)to;
diff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod
index 832790fb95..3267d8fbb1 100644
--- a/doc/man3/RAND_bytes.pod
+++ b/doc/man3/RAND_bytes.pod
@@ -12,9 +12,9 @@ RAND_pseudo_bytes - generate random data
int RAND_bytes(unsigned char *buf, int num);
int RAND_priv_bytes(unsigned char *buf, int num);
- int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num,
unsigned int strength);
- int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num,
unsigned int strength);
Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining
diff --git a/include/crypto/ecerr.h b/include/crypto/ecerr.h
index e08a4dba97..07b6c7aa62 100644
--- a/include/crypto/ecerr.h
+++ b/include/crypto/ecerr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h
index a017fbeb76..49088d208b 100644
--- a/include/openssl/ecerr.h
+++ b/include/openssl/ecerr.h
@@ -56,6 +56,7 @@
# define EC_R_INVALID_GENERATOR 173
# define EC_R_INVALID_GROUP_ORDER 122
# define EC_R_INVALID_KEY 116
+# define EC_R_INVALID_LENGTH 117
# define EC_R_INVALID_NAMED_GROUP_CONVERSION 174
# define EC_R_INVALID_OUTPUT_LENGTH 161
# define EC_R_INVALID_P 172
diff --git a/include/openssl/rand.h b/include/openssl/rand.h
index 304fd9fe1e..ad3054fd57 100644
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h
@@ -65,14 +65,14 @@ int RAND_priv_bytes(unsigned char *buf, int num);
* Equivalent of RAND_priv_bytes() but additionally taking an OSSL_LIB_CTX and
* a strength.
*/
-int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num,
unsigned int strength);
/*
* Equivalent of RAND_bytes() but additionally taking an OSSL_LIB_CTX and
* a strength.
*/
-int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num,
unsigned int strength);
# ifndef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/include/openssl/rsaerr.h b/include/openssl/rsaerr.h
index 4335f1cb33..c58463c7c1 100644
--- a/include/openssl/rsaerr.h
+++ b/include/openssl/rsaerr.h
@@ -48,6 +48,7 @@
# define RSA_R_INVALID_KEYPAIR 171
# define RSA_R_INVALID_KEY_LENGTH 173
# define RSA_R_INVALID_LABEL 160
+# define RSA_R_INVALID_LENGTH 181
# define RSA_R_INVALID_MESSAGE_LENGTH 131
# define RSA_R_INVALID_MGF1_MD 156
# define RSA_R_INVALID_MODULUS 174
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index c10a1e46b2..82bb013865 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2853,7 +2853,7 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt)
pms[0] = s->client_version >> 8;
pms[1] = s->client_version & 0xff;
/* TODO(size_t): Convert this function */
- if (RAND_bytes_ex(s->ctx->libctx, pms + 2, (int)(pmslen - 2), 0) <= 0) {
+ if (RAND_bytes_ex(s->ctx->libctx, pms + 2, pmslen - 2, 0) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -3060,7 +3060,7 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt)
/* Generate session key
* TODO(size_t): Convert this function
*/
- || RAND_bytes_ex(s->ctx->libctx, pms, (int)pmslen, 0) <= 0) {
+ || RAND_bytes_ex(s->ctx->libctx, pms, pmslen, 0) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
};
@@ -3185,7 +3185,7 @@ static int tls_construct_cke_gost18(SSL *s, WPACKET *pkt)
goto err;
}
- if (RAND_bytes_ex(s->ctx->libctx, pms, (int)pmslen, 0) <= 0) {
+ if (RAND_bytes_ex(s->ctx->libctx, pms, pmslen, 0) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index bf4a486a8d..15bcdae387 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3778,7 +3778,8 @@ static int construct_stateless_ticket(SSL *s, WPACKET
*pkt, uint32_t age_add,
}
iv_len = EVP_CIPHER_iv_length(cipher);
- if (RAND_bytes_ex(s->ctx->libctx, iv, iv_len, 0) <= 0
+ if (iv_len < 0
+ || RAND_bytes_ex(s->ctx->libctx, iv, iv_len, 0) <= 0
|| !EVP_EncryptInit_ex(ctx, cipher, NULL,
tctx->ext.secure->tick_aes_key, iv)
|| !ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key,
