diff options
Diffstat (limited to 'crypto/evp')
| -rw-r--r-- | crypto/evp/Makefile | 13 | ||||
| -rw-r--r-- | crypto/evp/digest.c | 4 | ||||
| -rw-r--r-- | crypto/evp/e_aes_cbc_hmac_sha1.c | 3 | ||||
| -rw-r--r-- | crypto/evp/e_aes_cbc_hmac_sha256.c | 3 | ||||
| -rw-r--r-- | crypto/evp/encode.c | 12 | ||||
| -rw-r--r-- | crypto/evp/evp_enc.c | 2 |
6 files changed, 26 insertions, 11 deletions
diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index aaaad986e0e85..fa138d0b10149 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -199,8 +199,8 @@ e_aes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h e_aes.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h e_aes.o: ../modes/modes_lcl.h e_aes.c evp_locl.h -e_aes_cbc_hmac_sha1.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -e_aes_cbc_hmac_sha1.o: ../../include/openssl/bio.h +e_aes_cbc_hmac_sha1.o: ../../e_os.h ../../include/openssl/aes.h +e_aes_cbc_hmac_sha1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h e_aes_cbc_hmac_sha1.o: ../../include/openssl/crypto.h e_aes_cbc_hmac_sha1.o: ../../include/openssl/e_os2.h e_aes_cbc_hmac_sha1.o: ../../include/openssl/evp.h @@ -214,9 +214,9 @@ e_aes_cbc_hmac_sha1.o: ../../include/openssl/rand.h e_aes_cbc_hmac_sha1.o: ../../include/openssl/safestack.h e_aes_cbc_hmac_sha1.o: ../../include/openssl/sha.h e_aes_cbc_hmac_sha1.o: ../../include/openssl/stack.h -e_aes_cbc_hmac_sha1.o: ../../include/openssl/symhacks.h ../modes/modes_lcl.h -e_aes_cbc_hmac_sha1.o: e_aes_cbc_hmac_sha1.c -e_aes_cbc_hmac_sha256.o: ../../include/openssl/aes.h +e_aes_cbc_hmac_sha1.o: ../../include/openssl/symhacks.h ../constant_time_locl.h +e_aes_cbc_hmac_sha1.o: ../modes/modes_lcl.h e_aes_cbc_hmac_sha1.c +e_aes_cbc_hmac_sha256.o: ../../e_os.h ../../include/openssl/aes.h e_aes_cbc_hmac_sha256.o: ../../include/openssl/asn1.h e_aes_cbc_hmac_sha256.o: ../../include/openssl/bio.h e_aes_cbc_hmac_sha256.o: ../../include/openssl/crypto.h @@ -232,7 +232,8 @@ e_aes_cbc_hmac_sha256.o: ../../include/openssl/rand.h e_aes_cbc_hmac_sha256.o: ../../include/openssl/safestack.h e_aes_cbc_hmac_sha256.o: ../../include/openssl/sha.h e_aes_cbc_hmac_sha256.o: ../../include/openssl/stack.h -e_aes_cbc_hmac_sha256.o: ../../include/openssl/symhacks.h ../modes/modes_lcl.h +e_aes_cbc_hmac_sha256.o: ../../include/openssl/symhacks.h +e_aes_cbc_hmac_sha256.o: ../constant_time_locl.h ../modes/modes_lcl.h e_aes_cbc_hmac_sha256.o: e_aes_cbc_hmac_sha256.c e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index f2643f32486ad..5b642b23fc1c6 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -212,8 +212,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) } #endif if (ctx->digest != type) { - if (ctx->digest && ctx->digest->ctx_size) + if (ctx->digest && ctx->digest->ctx_size) { OPENSSL_free(ctx->md_data); + ctx->md_data = NULL; + } ctx->digest = type; if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { ctx->update = type->update; diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index 8330964ee16b0..6dfd590a4a2c8 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -60,6 +60,7 @@ # include <openssl/sha.h> # include <openssl/rand.h> # include "modes_lcl.h" +# include "constant_time_locl.h" # ifndef EVP_CIPH_FLAG_AEAD_CIPHER # define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 @@ -578,6 +579,8 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); maxpad &= 255; + ret &= constant_time_ge(maxpad, pad); + inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1))); inp_len &= mask; diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index 37800213c764e..46c9d033895b8 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -60,6 +60,7 @@ # include <openssl/sha.h> # include <openssl/rand.h> # include "modes_lcl.h" +# include "constant_time_locl.h" # ifndef EVP_CIPH_FLAG_AEAD_CIPHER # define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 @@ -589,6 +590,8 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); maxpad &= 255; + ret &= constant_time_ge(maxpad, pad); + inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1); mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1))); inp_len &= mask; diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index c6abc4ae8e47b..c6c775e0a0cd1 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -57,6 +57,7 @@ */ #include <stdio.h> +#include <limits.h> #include "cryptlib.h" #include <openssl/evp.h> @@ -151,13 +152,13 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { int i, j; - unsigned int total = 0; + size_t total = 0; *outl = 0; if (inl <= 0) return; OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); - if ((ctx->num + inl) < ctx->length) { + if (ctx->length - ctx->num > inl) { memcpy(&(ctx->enc_data[ctx->num]), in, inl); ctx->num += inl; return; @@ -174,7 +175,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, *out = '\0'; total = j + 1; } - while (inl >= ctx->length) { + while (inl >= ctx->length && total <= INT_MAX) { j = EVP_EncodeBlock(out, in, ctx->length); in += ctx->length; inl -= ctx->length; @@ -183,6 +184,11 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, *out = '\0'; total += j + 1; } + if (total > INT_MAX) { + /* Too much output data! */ + *outl = 0; + return; + } if (inl != 0) memcpy(&(ctx->enc_data[0]), in, inl); ctx->num = inl; diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 65f0e0244dce4..7d7be245b021a 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -347,7 +347,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, bl = ctx->cipher->block_size; OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); if (i != 0) { - if (i + inl < bl) { + if (bl - i > inl) { memcpy(&(ctx->buf[i]), in, inl); ctx->buf_len += inl; *outl = 0; |