packages/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openssl/CVE-2021-23840.patch

141 lines
5.5 KiB
Diff
Raw Normal View History

fix CVE-2021-23840 and CVE-2021-23841 (cherry picked from commit 42d8e0f5258e521b754e260ac985990120e85c7b)
2021-03-10 15:20:07 +08:00
From 6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 2 Feb 2021 17:17:23 +0000
Subject: [PATCH] Don't overflow the output length in EVP_CipherUpdate calls
CVE-2021-23840
Reviewed-by: Paul Dale <pauli@openssl.org>
---
crypto/err/openssl.txt | 3 ++-
crypto/evp/evp_enc.c | 27 +++++++++++++++++++++++++++
crypto/evp/evp_err.c | 4 +++-
include/openssl/evperr.h | 7 +++----
4 files changed, 35 insertions(+), 6 deletions(-)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 815460b..7e17763 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -2283,6 +2283,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
operation not supported for this keytype
EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
+EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow
EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
EVP_R_PBKDF2_ERROR:181:pbkdf2 error
EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index b9b6490..0843caf 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -8,6 +8,7 @@
*/
#include <stdio.h>
+#include <limits.h>
#include <assert.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
@@ -355,6 +356,19 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
return 1;
} else {
j = bl - i;
+
+ /*
+ * Once we've processed the first j bytes from in, the amount of
+ * data left that is a multiple of the block length is:
+ * (inl - j) & ~(bl - 1)
+ * We must ensure that this amount of data, plus the one block that
+ * we process from ctx->buf does not exceed INT_MAX
+ */
+ if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
+ EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE,
+ EVP_R_OUTPUT_WOULD_OVERFLOW);
+ return 0;
+ }
memcpy(&(ctx->buf[i]), in, j);
inl -= j;
in += j;
@@ -502,6 +516,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
return 0;
}
+ /*
+ * final_used is only ever set if buf_len is 0. Therefore the maximum
+ * length output we will ever see from evp_EncryptDecryptUpdate is
+ * the maximum multiple of the block length that is <= inl, or just:
+ * inl & ~(b - 1)
+ * Since final_used has been set then the final output length is:
+ * (inl & ~(b - 1)) + b
+ * This must never exceed INT_MAX
+ */
+ if ((inl & ~(b - 1)) > INT_MAX - b) {
+ EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW);
+ return 0;
+ }
memcpy(out, ctx->final, b);
out += b;
fix_len = 1;
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 05481d8..32ac012 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -239,6 +239,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
"operation not supported for this keytype"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
"operaton not initialized"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW),
+ "output would overflow"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
"partially overlapping buffers"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h
index d2b26ea..b4ea90a 100644
--- a/include/openssl/evperr.h
+++ b/include/openssl/evperr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -11,9 +11,7 @@
#ifndef HEADER_EVPERR_H
# define HEADER_EVPERR_H
-# ifndef HEADER_SYMHACKS_H
-# include <openssl/symhacks.h>
-# endif
+# include <openssl/symhacks.h>
# ifdef __cplusplus
extern "C"
@@ -179,6 +177,7 @@ int ERR_load_EVP_strings(void);
# define EVP_R_ONLY_ONESHOT_SUPPORTED 177
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
# define EVP_R_OPERATON_NOT_INITIALIZED 151
+# define EVP_R_OUTPUT_WOULD_OVERFLOW 184
# define EVP_R_PARTIALLY_OVERLAPPING 162
# define EVP_R_PBKDF2_ERROR 181
# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
--
1.8.3.1
Reference in New Issue Copy Permalink