diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2019-09-14 09:11:28 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2019-09-14 09:11:28 +1000 |
commit | 88d870824f1f913877f0f978ae60879575daf56d (patch) | |
tree | bb9ff1ff79206a613848c95418632641ef6d4ff8 /crypto | |
parent | b4570683608a9a349aae20bfa13270cd2b5bee1d (diff) |
Fix S390X bad size_t that causes memory trash in legacy ciphers
This caused a SEGV inside tls13_enc() when using chacha_poly.
The tls code assigns the iv_length to a size_t (even though it is an int).
This is actually really bad since it could be -1, which will then trash the iv buffer.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9890)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/evp/evp_lib.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 5be04b0502..eeed7359a4 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -317,8 +317,8 @@ int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) { - int rv; - size_t len, v = EVP_CIPHER_iv_length(ctx->cipher); + int rv, len = EVP_CIPHER_iv_length(ctx->cipher); + size_t v = len; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &v); @@ -331,9 +331,9 @@ legacy: if ((EVP_CIPHER_flags(ctx->cipher) & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) { rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN, 0, &len); - return (rv == 1) ? (int)len : -1; + return (rv == 1) ? len : -1; } - return v; + return len; } int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx) |