diff options
author | Dmitry Belyavskiy <beldmit@gmail.com> | 2022-07-27 12:15:07 +0200 |
---|---|---|
committer | Hugo Landau <hlandau@openssl.org> | 2022-08-01 08:14:23 +0100 |
commit | 83ab43da0c9f67c5069605552b1332ca5fadecf1 (patch) | |
tree | 750114cf1a5a764b5d0c8406710fd9fd39ff6235 /ssl/t1_lib.c | |
parent | 4000827fdbf3f6d70949186fdd2bc57638500885 (diff) |
Check that IV length is not less than zero
As EVP_CIPHER_CTX_get_iv_length indicates failure with -1, this error
should be processed. Also the result of this function shouldn't be
assigned to an unsigned variable.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18891)
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r-- | ssl/t1_lib.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 42fe13f12a..cb1e4055ec 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1875,7 +1875,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL_CONNECTION *s, SSL_SESSION *sess = NULL; unsigned char *sdec; const unsigned char *p; - int slen, renew_ticket = 0, declen; + int slen, ivlen, renew_ticket = 0, declen; SSL_TICKET_STATUS ret = SSL_TICKET_FATAL_ERR_OTHER; size_t mlen; unsigned char tick_hmac[EVP_MAX_MD_SIZE]; @@ -1989,9 +1989,14 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL_CONNECTION *s, goto end; } + ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); + if (ivlen < 0) { + ret = SSL_TICKET_FATAL_ERR_OTHER; + goto end; + } + /* Sanity check ticket length: must exceed keyname + IV + HMAC */ - if (eticklen <= - TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx) + mlen) { + if (eticklen <= TLSEXT_KEYNAME_LENGTH + ivlen + mlen) { ret = SSL_TICKET_NO_DECRYPT; goto end; } @@ -2009,8 +2014,8 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL_CONNECTION *s, } /* Attempt to decrypt session data */ /* Move p after IV to start of encrypted ticket, update length */ - p = etick + TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx); - eticklen -= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx); + p = etick + TLSEXT_KEYNAME_LENGTH + ivlen; + eticklen -= TLSEXT_KEYNAME_LENGTH + ivlen; sdec = OPENSSL_malloc(eticklen); if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, (int)eticklen) <= 0) { |