[openssl] OpenSSL_1_1_1-stable update

[matthias.st.pierre at ncp-e.com]

The branch OpenSSL_1_1_1-stable has been updated
       via  6527714c25a4266504e323395fd9ffd1bccb2041 (commit)
       via  3948408f2a6370556d833dc4947ffaaca82ebb78 (commit)
      from  0f68b771b0ab4764d542da649bb9a2c229bfe939 (commit)


- Log -----------------------------------------------------------------
commit 6527714c25a4266504e323395fd9ffd1bccb2041
Author: kinichiro <kinichiro.inoguchi at gmail.com>
Date:   Sun Jan 12 17:35:39 2020 +0900

    Avoid leak in error path of PKCS5_PBE_keyivgen
    
    CLA: trivial
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/10816)
    
    (cherry picked from commit adc9086beb21a91ca59aaf0c619b38b82c223f9b)

commit 3948408f2a6370556d833dc4947ffaaca82ebb78
Author: Pauli <paul.dale at oracle.com>
Date:   Tue May 7 10:42:58 2019 +1000

    Coverity CID 1444960: Error handling issues
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/8888)
    
    (cherry picked from commit a05bf83c7964bb3928b323fe356b9f70f105036d)

-----------------------------------------------------------------------

Summary of changes:
 crypto/err/openssl.txt   |  1 +
 crypto/evp/evp_err.c     |  1 +
 crypto/evp/p5_crpt.c     | 24 ++++++++++++++++++------
 include/openssl/evperr.h |  1 +
 4 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index e4b8ebf228..e4cda9735e 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2255,6 +2255,7 @@ EVP_R_INITIALIZATION_ERROR:134:initialization error
 EVP_R_INPUT_NOT_INITIALIZED:111:input not initialized
 EVP_R_INVALID_DIGEST:152:invalid digest
 EVP_R_INVALID_FIPS_MODE:168:invalid fips mode
+EVP_R_INVALID_IV_LENGTH:194:invalid iv length
 EVP_R_INVALID_KEY:163:invalid key
 EVP_R_INVALID_KEY_LENGTH:130:invalid key length
 EVP_R_INVALID_OPERATION:148:invalid operation
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 84bd3c2dab..42e70e931a 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -213,6 +213,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
     "input not initialized"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST), "invalid digest"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_IV_LENGTH), "invalid iv length"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_OPERATION), "invalid operation"},
diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c
index 7e55d0bfb8..95e2d9c5dc 100644
--- a/crypto/evp/p5_crpt.c
+++ b/crypto/evp/p5_crpt.c
@@ -28,7 +28,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
     EVP_MD_CTX *ctx;
     unsigned char md_tmp[EVP_MAX_MD_SIZE];
     unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
-    int i;
+    int i, ivl, kl;
     PBEPARAM *pbe;
     int saltlen, iter;
     unsigned char *salt;
@@ -48,6 +48,19 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
         return 0;
     }
 
+    ivl = EVP_CIPHER_iv_length(cipher);
+    if (ivl < 0 || ivl > 16) {
+        EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_IV_LENGTH);
+        PBEPARAM_free(pbe);
+        return 0;
+    }
+    kl = EVP_CIPHER_key_length(cipher);
+    if (kl < 0 || kl > (int)sizeof(md_tmp)) {
+        EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_KEY_LENGTH);
+        PBEPARAM_free(pbe);
+        return 0;
+    }
+
     if (!pbe->iter)
         iter = 1;
     else
@@ -73,6 +86,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
     if (!EVP_DigestUpdate(ctx, salt, saltlen))
         goto err;
     PBEPARAM_free(pbe);
+    pbe = NULL;
     if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
         goto err;
     mdsize = EVP_MD_size(md);
@@ -86,11 +100,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
         if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
             goto err;
     }
-    OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));
-    memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
-    OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
-    memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
-           EVP_CIPHER_iv_length(cipher));
+    memcpy(key, md_tmp, kl);
+    memcpy(iv, md_tmp + (16 - ivl), ivl);
     if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
         goto err;
     OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
@@ -98,6 +109,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
     OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
     rv = 1;
  err:
+    PBEPARAM_free(pbe);
     EVP_MD_CTX_free(ctx);
     return rv;
 }
diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h
index 6a651f5563..52413d181b 100644
--- a/include/openssl/evperr.h
+++ b/include/openssl/evperr.h
@@ -160,6 +160,7 @@ int ERR_load_EVP_strings(void);
 # define EVP_R_INPUT_NOT_INITIALIZED                      111
 # define EVP_R_INVALID_DIGEST                             152
 # define EVP_R_INVALID_FIPS_MODE                          168
+# define EVP_R_INVALID_IV_LENGTH                          194
 # define EVP_R_INVALID_KEY                                163
 # define EVP_R_INVALID_KEY_LENGTH                         130
 # define EVP_R_INVALID_OPERATION                          148