[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Matt Caswell]

The branch OpenSSL_1_0_2-stable has been updated
       via  3ab937bc440371fbbe74318ce494ba95021f850a (commit)
      from  c5e603ee182b40ede7713c6e229c15a8f3fdb58a (commit)


- Log -----------------------------------------------------------------
commit 3ab937bc440371fbbe74318ce494ba95021f850a
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Mar 3 23:36:23 2016 +0000

    Fix encrypt overflow
    
    An overflow can occur in the EVP_EncryptUpdate function. If an attacker is
    able to supply very large amounts of input data after a previous call to
    EVP_EncryptUpdate with a partial block then a length check can overflow
    resulting in a heap corruption.
    
    Following an analysis of all OpenSSL internal usage of the
    EVP_EncryptUpdate function all usage is one of two forms.
    
    The first form is like this:
    EVP_EncryptInit()
    EVP_EncryptUpdate()
    
    i.e. where the EVP_EncryptUpdate() call is known to be the first called
    function after an EVP_EncryptInit(), and therefore that specific call
    must be safe.
    
    The second form is where the length passed to EVP_EncryptUpdate() can be
    seen from the code to be some small value and therefore there is no
    possibility of an overflow.
    
    Since all instances are one of these two forms, I believe that there can
    be no overflows in internal code due to this problem.
    
    It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate()
    in certain code paths. Also EVP_CipherUpdate() is a synonym for
    EVP_EncryptUpdate(). Therefore I have checked all instances of these
    calls too, and came to the same conclusion, i.e. there are no instances
    in internal usage where an overflow could occur.
    
    This could still represent a security issue for end user code that calls
    this function directly.
    
    CVE-2016-2106
    
    Issue reported by Guido Vranken.
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (cherry picked from commit 3f3582139fbb259a1c3cbb0a25236500a409bf26)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/evp_enc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 65f0e02..7d7be24 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -347,7 +347,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
     bl = ctx->cipher->block_size;
     OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
     if (i != 0) {
-        if (i + inl < bl) {
+        if (bl - i > inl) {
             memcpy(&(ctx->buf[i]), in, inl);
             ctx->buf_len += inl;
             *outl = 0;