Sanity check lengths for AES wrap algorithm.

Reviewed-by: Tim Hudson <tjh@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2014-07-17 02:50:48 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2014-07-17 12:57:40 +0100
commit: d12eef15016e49fc09d6c96653c61624e032d1a3 (patch)
tree: a93f51a724ee9b14fca2083560821eb41e20dbc8 /crypto
parent: d48e78f0cf22aaddb563f4bcfccf25b1a45ac8a4 (diff)
2 files changed, 6 insertions, 2 deletions
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 504c75f8d1..ce300440a8 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -2098,7 +2098,11 @@ static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	EVP_AES_WRAP_CTX *wctx = ctx->cipher_data;
 	size_t rv;
 	if (inlen % 8)
-		return 0;
+		return -1;
+	if (ctx->encrypt && inlen < 8)
+		return -1;
+	if (!ctx->encrypt && inlen < 16)
+		return -1;
 	if (!out)
 		{
 		if (ctx->encrypt)
diff --git a/crypto/modes/wrap128.c b/crypto/modes/wrap128.c
index 18785320f2..c6c14cdaaa 100644
--- a/crypto/modes/wrap128.c
+++ b/crypto/modes/wrap128.c
@@ -106,7 +106,7 @@ size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv,
 	unsigned char *A, B[16], *R;
 	size_t i, j, t;
 	inlen -= 8;
-	if ((inlen & 0x7) || (inlen < 8) || (inlen > CRYPTO128_WRAP_MAX))
+	if ((inlen & 0x7) || (inlen < 16) || (inlen > CRYPTO128_WRAP_MAX))
 		return 0;
 	A = B;
 	t =  6 * (inlen >> 3);
author	Dr. Stephen Henson <steve@openssl.org>	2014-07-17 02:50:48 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2014-07-17 12:57:40 +0100
commit	d12eef15016e49fc09d6c96653c61624e032d1a3 (patch)
tree	a93f51a724ee9b14fca2083560821eb41e20dbc8 /crypto
parent	d48e78f0cf22aaddb563f4bcfccf25b1a45ac8a4 (diff)