[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Rich Salz rsalz at openssl.org
Tue Feb 21 00:30:59 UTC 2017


The branch OpenSSL_1_1_0-stable has been updated
       via  fd1ea63f9fcababfc4d4ea38ad5dd49a76fa6023 (commit)
      from  f4cdd19a6a8a0845c08c8101538347f2d5a0d96c (commit)


- Log -----------------------------------------------------------------
commit fd1ea63f9fcababfc4d4ea38ad5dd49a76fa6023
Author: Rich Salz <rsalz at openssl.org>
Date:   Mon Feb 20 19:17:53 2017 -0500

    Don't call memcpy if len is zero.
    
    Prevent undefined behavior in CRYPTO_cbc128_encrypt: calling this function
    with the 'len' parameter being 0 would result in a memcpy where the source
    and destination parameters are the same, which is undefined behavior.
    Do same for AES_ige_encrypt.
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2671)
    
    (cherry picked from commit b1498c98f3fb5b8a340acc9ce20b0fd5346294e5)

-----------------------------------------------------------------------

Summary of changes:
 crypto/aes/aes_ige.c  | 3 +++
 crypto/modes/cbc128.c | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c
index 9125264..75f796c 100644
--- a/crypto/aes/aes_ige.c
+++ b/crypto/aes/aes_ige.c
@@ -41,6 +41,9 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
     size_t n;
     size_t len = length;
 
+    if (length == 0)
+        return;
+
     OPENSSL_assert(in && out && key && ivec);
     OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
     OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
diff --git a/crypto/modes/cbc128.c b/crypto/modes/cbc128.c
index 4c9bc85..4ce5eb2 100644
--- a/crypto/modes/cbc128.c
+++ b/crypto/modes/cbc128.c
@@ -22,6 +22,9 @@ void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
     size_t n;
     const unsigned char *iv = ivec;
 
+    if (len == 0)
+        return;
+
 #if !defined(OPENSSL_SMALL_FOOTPRINT)
     if (STRICT_ALIGNMENT &&
         ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
@@ -73,6 +76,9 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
         unsigned char c[16];
     } tmp;
 
+    if (len == 0)
+        return;
+
 #if !defined(OPENSSL_SMALL_FOOTPRINT)
     if (in != out) {
         const unsigned char *iv = ivec;


More information about the openssl-commits mailing list