[openssl] OpenSSL_1_1_1-stable update
Matt Caswell
matt at openssl.org
Mon Jul 1 09:28:51 UTC 2019
The branch OpenSSL_1_1_1-stable has been updated
via 26675d1cf407fb7ba248c04767eccda56b06263f (commit)
from 25ccb5896bbf28b74d4d72010948b0ac7d141622 (commit)
- Log -----------------------------------------------------------------
commit 26675d1cf407fb7ba248c04767eccda56b06263f
Author: Matt Caswell <matt at openssl.org>
Date: Fri Apr 26 12:11:13 2019 +0100
Ensure that rc5 doesn't try to use a key longer than 2040 bits
The maximum key length for rc5 is 2040 bits so we should not attempt to
use keys longer than this.
Issue found by OSS-Fuzz and Guido Vranken.
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8834)
(cherry picked from commit 792cb4ee8d82e4b063f707fc9f4992271ffd65ab)
-----------------------------------------------------------------------
Summary of changes:
crypto/err/openssl.txt | 2 ++
crypto/evp/e_rc5.c | 4 ++++
crypto/evp/evp_err.c | 3 +++
doc/man3/EVP_rc5_32_12_16_cbc.pod | 25 ++++++++++++++++++++-----
include/openssl/evperr.h | 2 ++
5 files changed, 31 insertions(+), 5 deletions(-)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index bb6b932..655bfb6 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -812,6 +812,7 @@ EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen
EVP_F_PKEY_SET_TYPE:158:pkey_set_type
EVP_F_RC2_MAGIC_TO_METH:109:rc2_magic_to_meth
EVP_F_RC5_CTRL:125:rc5_ctrl
+EVP_F_R_32_12_16_INIT_KEY:242:r_32_12_16_init_key
EVP_F_S390X_AES_GCM_CTRL:201:s390x_aes_gcm_ctrl
EVP_F_UPDATE:173:update
KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str
@@ -2223,6 +2224,7 @@ ENGINE_R_VERSION_INCOMPATIBILITY:145:version incompatibility
EVP_R_AES_KEY_SETUP_FAILED:143:aes key setup failed
EVP_R_ARIA_KEY_SETUP_FAILED:176:aria key setup failed
EVP_R_BAD_DECRYPT:100:bad decrypt
+EVP_R_BAD_KEY_LENGTH:195:bad key length
EVP_R_BUFFER_TOO_SMALL:155:buffer too small
EVP_R_CAMELLIA_KEY_SETUP_FAILED:157:camellia key setup failed
EVP_R_CIPHER_PARAMETER_ERROR:122:cipher parameter error
diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c
index a2f26d8..79b3647 100644
--- a/crypto/evp/e_rc5.c
+++ b/crypto/evp/e_rc5.c
@@ -66,6 +66,10 @@ static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
+ if (EVP_CIPHER_CTX_key_length(ctx) > 255) {
+ EVPerr(EVP_F_R_32_12_16_INIT_KEY, EVP_R_BAD_KEY_LENGTH);
+ return 0;
+ }
RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
key, data(ctx)->rounds);
return 1;
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 40ed0d9..84bd3c2 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -153,6 +153,8 @@ static const ERR_STRING_DATA EVP_str_functs[] = {
{ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_RC2_MAGIC_TO_METH, 0), "rc2_magic_to_meth"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_RC5_CTRL, 0), "rc5_ctrl"},
+ {ERR_PACK(ERR_LIB_EVP, EVP_F_R_32_12_16_INIT_KEY, 0),
+ "r_32_12_16_init_key"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_CTRL, 0), "s390x_aes_gcm_ctrl"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"},
{0, NULL}
@@ -164,6 +166,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ARIA_KEY_SETUP_FAILED),
"aria key setup failed"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_DECRYPT), "bad decrypt"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_KEY_LENGTH), "bad key length"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BUFFER_TOO_SMALL), "buffer too small"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CAMELLIA_KEY_SETUP_FAILED),
"camellia key setup failed"},
diff --git a/doc/man3/EVP_rc5_32_12_16_cbc.pod b/doc/man3/EVP_rc5_32_12_16_cbc.pod
index 442a114..6e411b0 100644
--- a/doc/man3/EVP_rc5_32_12_16_cbc.pod
+++ b/doc/man3/EVP_rc5_32_12_16_cbc.pod
@@ -33,7 +33,26 @@ EVP_rc5_32_12_16_ofb()
RC5 encryption algorithm in CBC, CFB, ECB and OFB modes respectively. This is a
variable key length cipher with an additional "number of rounds" parameter. By
-default the key length is set to 128 bits and 12 rounds.
+default the key length is set to 128 bits and 12 rounds. Alternative key lengths
+can be set using L<EVP_CIPHER_CTX_set_key_length(3)>. The maximum key length is
+2040 bits.
+
+The following rc5 specific I<ctrl>s are supported (see
+L<EVP_CIPHER_CTX_ctrl(3)>).
+
+=over 4
+
+=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL)
+
+Sets the number of rounds to B<rounds>. This must be one of RC5_8_ROUNDS,
+RC5_12_ROUNDS or RC5_16_ROUNDS.
+
+=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &rounds)
+
+Stores the number of rounds currently configured in B<*rounds> where B<*rounds>
+is an int.
+
+=back
=back
@@ -43,10 +62,6 @@ These functions return an B<EVP_CIPHER> structure that contains the
implementation of the symmetric cipher. See L<EVP_CIPHER_meth_new(3)> for
details of the B<EVP_CIPHER> structure.
-=head1 BUGS
-
-Currently the number of rounds in RC5 can only be set to 8, 12 or 16.
-This is a limitation of the current RC5 code rather than the EVP interface.
=head1 SEE ALSO
diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h
index 0a5b7e2..3a14fd5 100644
--- a/include/openssl/evperr.h
+++ b/include/openssl/evperr.h
@@ -118,6 +118,7 @@ int ERR_load_EVP_strings(void);
# define EVP_F_PKEY_SET_TYPE 158
# define EVP_F_RC2_MAGIC_TO_METH 109
# define EVP_F_RC5_CTRL 125
+# define EVP_F_R_32_12_16_INIT_KEY 242
# define EVP_F_S390X_AES_GCM_CTRL 201
# define EVP_F_UPDATE 173
@@ -127,6 +128,7 @@ int ERR_load_EVP_strings(void);
# define EVP_R_AES_KEY_SETUP_FAILED 143
# define EVP_R_ARIA_KEY_SETUP_FAILED 176
# define EVP_R_BAD_DECRYPT 100
+# define EVP_R_BAD_KEY_LENGTH 195
# define EVP_R_BUFFER_TOO_SMALL 155
# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157
# define EVP_R_CIPHER_PARAMETER_ERROR 122
More information about the openssl-commits
mailing list