File openssl-CVE-2021-23840.patch of Package compat-openssl098.29129

Overview Repositories Revisions Requests Users Attributes Meta

File openssl-CVE-2021-23840.patch of Package compat-openssl098.29129

From 6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 2 Feb 2021 17:17:23 +0000
Subject: [PATCH] Don't overflow the output length in EVP_CipherUpdate calls

CVE-2021-23840

Reviewed-by: Paul Dale <pauli@openssl.org>
---
 crypto/err/openssl.txt   |  3 ++-
 crypto/evp/evp_enc.c     | 27 +++++++++++++++++++++++++++
 crypto/evp/evp_err.c     |  4 +++-
 include/openssl/evperr.h |  7 +++----
 4 files changed, 35 insertions(+), 6 deletions(-)

Index: openssl-0.9.8j/crypto/evp/evp_enc.c
===================================================================
--- openssl-0.9.8j.orig/crypto/evp/evp_enc.c
+++ openssl-0.9.8j/crypto/evp/evp_enc.c
@@ -57,6 +57,7 @@
  */
 
 #include <stdio.h>
+#include <limits.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -177,6 +178,18 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ct
 		else
 			{
 			j=bl-i;
+			/*
+             * Once we've processed the first j bytes from in, the amount of
+             * data left that is a multiple of the block length is:
+             * (inl - j) & ~(bl - 1)
+             * We must ensure that this amount of data, plus the one block that
+             * we process from ctx->buf does not exceed INT_MAX
+             */
+            if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
+                EVPerr(EVP_F_EVP_ENCRYPTUPDATE,
+                       EVP_R_OUTPUT_WOULD_OVERFLOW);
+                return 0;
+            }
 			memcpy(&(ctx->buf[i]),in,j);
 			if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;
 			inl-=j;
@@ -264,6 +277,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ct
 
 	if(ctx->final_used)
 		{
+		/*
+         * final_used is only ever set if buf_len is 0. Therefore the maximum
+         * length output we will ever see from evp_EncryptUpdate is
+         * the maximum multiple of the block length that is <= inl, or just:
+         * inl & ~(b - 1)
+         * Since final_used has been set then the final output length is:
+         * (inl & ~(b - 1)) + b
+         * This must never exceed INT_MAX
+         */
+		if ((inl & ~(b - 1)) > INT_MAX - b) {
+			EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW);
+			return 0;
+        }
 		memcpy(out,ctx->final,b);
 		out+=b;
 		fix_len = 1;
Index: openssl-0.9.8j/crypto/evp/evp_err.c
===================================================================
--- openssl-0.9.8j.orig/crypto/evp/evp_err.c
+++ openssl-0.9.8j/crypto/evp/evp_err.c
@@ -87,9 +87,11 @@ static ERR_STRING_DATA EVP_str_functs[]=
 {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL),	"EVP_CIPHER_CTX_ctrl"},
 {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH),	"EVP_CIPHER_CTX_set_key_length"},
 {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX),	"EVP_DecryptFinal_ex"},
+{ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"},
 {ERR_FUNC(EVP_F_EVP_DIGESTINIT),	"EVP_DigestInit"},
 {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX),	"EVP_DigestInit_ex"},
 {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX),	"EVP_EncryptFinal_ex"},
+{ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"},
 {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX),	"EVP_MD_CTX_copy_ex"},
 {ERR_FUNC(EVP_F_EVP_OPENINIT),	"EVP_OpenInit"},
 {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD),	"EVP_PBE_alg_add"},
@@ -155,6 +157,7 @@ static ERR_STRING_DATA EVP_str_reasons[]
 {ERR_REASON(EVP_R_NO_DSA_PARAMETERS)     ,"no dsa parameters"},
 {ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),"no sign function configured"},
 {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"},
+{ERR_REASON(EVP_R_OUTPUT_WOULD_OVERFLOW), "output would overflow"},
 {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"},
 {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},
 {ERR_REASON(EVP_R_SEED_KEY_SETUP_FAILED) ,"seed key setup failed"},
Index: openssl-0.9.8j/crypto/evp/evp.h
===================================================================
--- openssl-0.9.8j.orig/crypto/evp/evp.h
+++ openssl-0.9.8j/crypto/evp/evp.h
@@ -972,9 +972,11 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_EVP_CIPHER_CTX_CTRL			 124
 #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH		 122
 #define EVP_F_EVP_DECRYPTFINAL_EX			 101
+#define EVP_F_EVP_DECRYPTUPDATE              180
 #define EVP_F_EVP_DIGESTINIT				 136
 #define EVP_F_EVP_DIGESTINIT_EX				 128
 #define EVP_F_EVP_ENCRYPTFINAL_EX			 127
+#define EVP_F_EVP_ENCRYPTUPDATE              181
 #define EVP_F_EVP_MD_CTX_COPY_EX			 110
 #define EVP_F_EVP_OPENINIT				 102
 #define EVP_F_EVP_PBE_ALG_ADD				 115
@@ -1037,6 +1039,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_NO_DSA_PARAMETERS				 116
 #define EVP_R_NO_SIGN_FUNCTION_CONFIGURED		 104
 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED		 105
+#define EVP_R_OUTPUT_WOULD_OVERFLOW              184
 #define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE			 117
 #define EVP_R_PUBLIC_KEY_NOT_RSA			 106
 #define EVP_R_UNKNOWN_OPTION				 149

Places

File openssl-CVE-2021-23840.patch of Package compat-openssl098.29129

Places