Brad Bishop | 37a0e4d | 2017-12-04 01:01:44 -0500 | [diff] [blame^] | 1 | From 6427f1accc54b515bb899370f1a662bfcb1caa52 Mon Sep 17 00:00:00 2001 |
| 2 | From: Alexandru Moise <alexandru.moise@windriver.com> |
| 3 | Date: Tue, 7 Feb 2017 11:16:13 +0200 |
| 4 | Subject: [PATCH 2/2] crypto/evp: harden AEAD ciphers. |
| 5 | MIME-Version: 1.0 |
| 6 | Content-Type: text/plain; charset=UTF-8 |
| 7 | Content-Transfer-Encoding: 8bit |
| 8 | |
| 9 | Originally a crash in 32-bit build was reported CHACHA20-POLY1305 |
| 10 | cipher. The crash is triggered by truncated packet and is result |
| 11 | of excessive hashing to the edge of accessible memory. Since hash |
| 12 | operation is read-only it is not considered to be exploitable |
| 13 | beyond a DoS condition. Other ciphers were hardened. |
| 14 | |
| 15 | Thanks to Robert Święcki for report. |
| 16 | |
| 17 | CVE-2017-3731 |
| 18 | |
| 19 | Backported from upstream commit: |
| 20 | 2198b3a55de681e1f3c23edb0586afe13f438051 |
| 21 | |
| 22 | Upstream-Status: Backport |
| 23 | |
| 24 | Reviewed-by: Rich Salz <rsalz@openssl.org> |
| 25 | Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com> |
| 26 | --- |
| 27 | crypto/evp/e_aes.c | 7 ++++++- |
| 28 | 1 file changed, 6 insertions(+), 1 deletion(-) |
| 29 | |
| 30 | diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c |
| 31 | index 1734a82..16dcd10 100644 |
| 32 | --- a/crypto/evp/e_aes.c |
| 33 | +++ b/crypto/evp/e_aes.c |
| 34 | @@ -1235,10 +1235,15 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) |
| 35 | { |
| 36 | unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1]; |
| 37 | /* Correct length for explicit IV */ |
| 38 | + if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN) |
| 39 | + return 0; |
| 40 | len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; |
| 41 | /* If decrypting correct for tag too */ |
| 42 | - if (!c->encrypt) |
| 43 | + if (!c->encrypt) { |
| 44 | + if (len < EVP_GCM_TLS_TAG_LEN) |
| 45 | + return 0; |
| 46 | len -= EVP_GCM_TLS_TAG_LEN; |
| 47 | + } |
| 48 | c->buf[arg - 2] = len >> 8; |
| 49 | c->buf[arg - 1] = len & 0xff; |
| 50 | } |
| 51 | -- |
| 52 | 2.10.2 |
| 53 | |