[openssl] OpenSSL_1_1_1-stable update
matthias.st.pierre at ncp-e.com
matthias.st.pierre at ncp-e.com
Fri Feb 22 17:11:25 UTC 2019
The branch OpenSSL_1_1_1-stable has been updated
via 4a81b8b6e8b908ff70d675c7173ad4923f3dc659 (commit)
from d600f3d34cf85003d11bea2b8296834874cdebcf (commit)
- Log -----------------------------------------------------------------
commit 4a81b8b6e8b908ff70d675c7173ad4923f3dc659
Author: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Date: Fri Feb 22 13:08:54 2019 +0100
engines/dasync: add explaining comments about AES-128-CBC-HMAC-SHA1
Fixes #7950
It was reported that there might be a null pointer dereference in the
implementation of the dasync_aes_128_cbc_hmac_sha1() cipher, because
EVP_aes_128_cbc_hmac_sha1() can return a null pointer if AES-NI is
not available. It took some analysis to find out that this is not
an issue in practice, and these comments explain the reason to comfort
further NPD hunters.
Detected by GitHub user @wurongxin1987 using the Sourcebrella Pinpoint
static analyzer.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8305)
(cherry picked from commit a4a0a1eb43cfccd128d085932a567e0482fbfe47)
-----------------------------------------------------------------------
Summary of changes:
engines/e_dasync.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/engines/e_dasync.c b/engines/e_dasync.c
index 0fe1d43..1c2ccf0 100644
--- a/engines/e_dasync.c
+++ b/engines/e_dasync.c
@@ -155,6 +155,14 @@ static const EVP_CIPHER *dasync_aes_128_cbc(void)
/*
* Holds the EVP_CIPHER object for aes_128_cbc_hmac_sha1 in this engine. Set up
* once only during engine bind and can then be reused many times.
+ *
+ * This 'stitched' cipher depends on the EVP_aes_128_cbc_hmac_sha1() cipher,
+ * which is implemented only if the AES-NI instruction set extension is available
+ * (see OPENSSL_IA32CAP(3)). If that's not the case, then this cipher will not
+ * be available either.
+ *
+ * Note: Since it is a legacy mac-then-encrypt cipher, modern TLS peers (which
+ * negotiate the encrypt-then-mac extension) won't negotiate it anyway.
*/
static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL;
static const EVP_CIPHER *dasync_aes_128_cbc_hmac_sha1(void)
@@ -751,6 +759,10 @@ static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *iv,
int enc)
{
+ /*
+ * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL,
+ * see comment before the definition of dasync_aes_128_cbc_hmac_sha1().
+ */
return dasync_cipher_init_key_helper(ctx, key, iv, enc,
EVP_aes_128_cbc_hmac_sha1());
}
@@ -765,5 +777,9 @@ static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx)
{
+ /*
+ * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL,
+ * see comment before the definition of dasync_aes_128_cbc_hmac_sha1().
+ */
return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc_hmac_sha1());
}
More information about the openssl-commits
mailing list