[openssl] master update

Dr. Paul Dale pauli at openssl.org
Wed Aug 25 23:34:21 UTC 2021 

The branch master has been updated
       via  9698a56e82da0262146c0f74b40d132f99099850 (commit)
       via  31656f27855ddd477349f5960b29d605d32fe38d (commit)
      from  69b920bb134417213adce260e15da3f751922cf4 (commit)


- Log -----------------------------------------------------------------
commit 9698a56e82da0262146c0f74b40d132f99099850
Author: Pauli <pauli at openssl.org>
Date:   Tue Aug 24 09:40:52 2021 +1000

    aes-wrap: improve error handling
    
    The AES wrap cipher was return -1 on error from the provider rather than 0.
    This is fixed.
    
    There was a problem with the error handling in AES wrap which fell back to a
    default "final error".  This adds a fix for the error and more specific errors
    for the different failure possibilities.
    
    Fixes #16387
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16391)

commit 31656f27855ddd477349f5960b29d605d32fe38d
Author: Pauli <pauli at openssl.org>
Date:   Tue Aug 24 09:40:28 2021 +1000

    Add invalid input length error
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16391)

-----------------------------------------------------------------------

Summary of changes:
 crypto/err/openssl.txt                             |  1 +
 include/openssl/proverr.h                          |  1 +
 providers/common/provider_err.c                    |  2 ++
 providers/implementations/ciphers/cipher_aes_wrp.c | 28 ++++++++++++++++------
 4 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index da3fee84d1..b47293a27a 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -992,6 +992,7 @@ PROV_R_INVALID_DATA:115:invalid data
 PROV_R_INVALID_DIGEST:122:invalid digest
 PROV_R_INVALID_DIGEST_LENGTH:166:invalid digest length
 PROV_R_INVALID_DIGEST_SIZE:218:invalid digest size
+PROV_R_INVALID_INPUT_LENGTH:230:invalid input length
 PROV_R_INVALID_ITERATION_COUNT:123:invalid iteration count
 PROV_R_INVALID_IV_LENGTH:109:invalid iv length
 PROV_R_INVALID_KEY:158:invalid key
diff --git a/include/openssl/proverr.h b/include/openssl/proverr.h
index bdfdda2c93..ad67a8f897 100644
--- a/include/openssl/proverr.h
+++ b/include/openssl/proverr.h
@@ -59,6 +59,7 @@
 # define PROV_R_INVALID_DIGEST                            122
 # define PROV_R_INVALID_DIGEST_LENGTH                     166
 # define PROV_R_INVALID_DIGEST_SIZE                       218
+# define PROV_R_INVALID_INPUT_LENGTH                      230
 # define PROV_R_INVALID_ITERATION_COUNT                   123
 # define PROV_R_INVALID_IV_LENGTH                         109
 # define PROV_R_INVALID_KEY                               158
diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c
index d08192e64b..344c122112 100644
--- a/providers/common/provider_err.c
+++ b/providers/common/provider_err.c
@@ -80,6 +80,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
     "invalid digest length"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_DIGEST_SIZE),
     "invalid digest size"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_INPUT_LENGTH),
+    "invalid input length"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_ITERATION_COUNT),
     "invalid iteration count"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_IV_LENGTH), "invalid iv length"},
diff --git a/providers/implementations/ciphers/cipher_aes_wrp.c b/providers/implementations/ciphers/cipher_aes_wrp.c
index f797db4596..8bddf475e2 100644
--- a/providers/implementations/ciphers/cipher_aes_wrp.c
+++ b/providers/implementations/ciphers/cipher_aes_wrp.c
@@ -152,16 +152,22 @@ static int aes_wrap_cipher_internal(void *vctx, unsigned char *out,
         return 0;
 
     /* Input length must always be non-zero */
-    if (inlen == 0)
+    if (inlen == 0) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH);
         return -1;
+    }
 
     /* If decrypting need at least 16 bytes and multiple of 8 */
-    if (!ctx->enc && (inlen < 16 || inlen & 0x7))
+    if (!ctx->enc && (inlen < 16 || inlen & 0x7)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH);
         return -1;
+    }
 
     /* If not padding input must be multiple of 8 */
-    if (!pad && inlen & 0x7)
+    if (!pad && inlen & 0x7) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH);
         return -1;
+    }
 
     if (out == NULL) {
         if (ctx->enc) {
@@ -182,7 +188,15 @@ static int aes_wrap_cipher_internal(void *vctx, unsigned char *out,
 
     rv = wctx->wrapfn(&wctx->ks.ks, ctx->iv_set ? ctx->iv : NULL, out, in,
                       inlen, ctx->block);
-    return rv ? (int)rv : -1;
+    if (!rv) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
+        return -1;
+    }
+    if (rv > INT_MAX) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH);
+        return -1;
+    }
+    return (int)rv;
 }
 
 static int aes_wrap_final(void *vctx, unsigned char *out, size_t *outl,
@@ -212,12 +226,12 @@ static int aes_wrap_cipher(void *vctx,
 
     if (outsize < inl) {
         ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
-        return -1;
+        return 0;
     }
 
     len = aes_wrap_cipher_internal(ctx, out, in, inl);
-    if (len == 0)
-        return -1;
+    if (len <= 0)
+        return 0;
 
     *outl = len;
     return 1;

More information about the openssl-commits mailing list