diff options
| author | Matt Caswell <matt@openssl.org> | 2019-04-26 12:11:13 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2019-07-01 10:23:54 +0100 |
| commit | 26675d1cf407fb7ba248c04767eccda56b06263f (patch) | |
| tree | 12b331ae0098987b96614b3867763527ac7d3108 /crypto/evp | |
| parent | 25ccb5896bbf28b74d4d72010948b0ac7d141622 (diff) | |
Ensure that rc5 doesn't try to use a key longer than 2040 bits
The maximum key length for rc5 is 2040 bits so we should not attempt to
use keys longer than this.
Issue found by OSS-Fuzz and Guido Vranken.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8834)
(cherry picked from commit 792cb4ee8d82e4b063f707fc9f4992271ffd65ab)
Diffstat (limited to 'crypto/evp')
| -rw-r--r-- | crypto/evp/e_rc5.c | 4 | ||||
| -rw-r--r-- | crypto/evp/evp_err.c | 3 |
2 files changed, 7 insertions, 0 deletions
diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c index a2f26d8c5f..79b36475ca 100644 --- a/crypto/evp/e_rc5.c +++ b/crypto/evp/e_rc5.c @@ -66,6 +66,10 @@ static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { + if (EVP_CIPHER_CTX_key_length(ctx) > 255) { + EVPerr(EVP_F_R_32_12_16_INIT_KEY, EVP_R_BAD_KEY_LENGTH); + return 0; + } RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key, data(ctx)->rounds); return 1; diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 40ed0d902f..84bd3c2dab 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -153,6 +153,8 @@ static const ERR_STRING_DATA EVP_str_functs[] = { {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_RC2_MAGIC_TO_METH, 0), "rc2_magic_to_meth"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_RC5_CTRL, 0), "rc5_ctrl"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_R_32_12_16_INIT_KEY, 0), + "r_32_12_16_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_CTRL, 0), "s390x_aes_gcm_ctrl"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"}, {0, NULL} @@ -164,6 +166,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ARIA_KEY_SETUP_FAILED), "aria key setup failed"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_DECRYPT), "bad decrypt"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_KEY_LENGTH), "bad key length"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BUFFER_TOO_SMALL), "buffer too small"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CAMELLIA_KEY_SETUP_FAILED), "camellia key setup failed"}, |