[openssl] master update
shane.lontis at oracle.com
shane.lontis at oracle.com
Fri Sep 13 23:13:06 UTC 2019
The branch master has been updated
via 88d870824f1f913877f0f978ae60879575daf56d (commit)
from b4570683608a9a349aae20bfa13270cd2b5bee1d (commit)
- Log -----------------------------------------------------------------
commit 88d870824f1f913877f0f978ae60879575daf56d
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Sat Sep 14 09:11:28 2019 +1000
Fix S390X bad size_t that causes memory trash in legacy ciphers
This caused a SEGV inside tls13_enc() when using chacha_poly.
The tls code assigns the iv_length to a size_t (even though it is an int).
This is actually really bad since it could be -1, which will then trash the iv buffer.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9890)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/evp_lib.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 5be04b0502..eeed7359a4 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -317,8 +317,8 @@ int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
{
- int rv;
- size_t len, v = EVP_CIPHER_iv_length(ctx->cipher);
+ int rv, len = EVP_CIPHER_iv_length(ctx->cipher);
+ size_t v = len;
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &v);
@@ -331,9 +331,9 @@ legacy:
if ((EVP_CIPHER_flags(ctx->cipher) & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) {
rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN,
0, &len);
- return (rv == 1) ? (int)len : -1;
+ return (rv == 1) ? len : -1;
}
- return v;
+ return len;
}
int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx)
More information about the openssl-commits
mailing list