diff options
author | Dmitry Belyavskiy <beldmit@gmail.com> | 2022-07-27 12:15:07 +0200 |
---|---|---|
committer | Dmitry Belyavskiy <beldmit@gmail.com> | 2022-08-02 14:38:57 +0200 |
commit | cc750a9a81e24d46076b5de0b700aec478c2bd13 (patch) | |
tree | bddeb9970cd6d91a07bb6cc51ac3b8047d868609 /ssl/t1_lib.c | |
parent | 2db226ce01be804fbd2d60b019c897305a8f091e (diff) |
Check that IV length is not less than zero
As EVP_CIPHER_CTX_get_iv_length indicates failure with -1, this error
should be processed. Also the result of this function shouldn't be
assigned to an unsigned variable.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Signed-off-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18922)
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r-- | ssl/t1_lib.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 48a0b7f6e5..51c2283db9 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1785,7 +1785,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, SSL_SESSION *sess = NULL; unsigned char *sdec; const unsigned char *p; - int slen, renew_ticket = 0, declen; + int slen, ivlen, renew_ticket = 0, declen; SSL_TICKET_STATUS ret = SSL_TICKET_FATAL_ERR_OTHER; size_t mlen; unsigned char tick_hmac[EVP_MAX_MD_SIZE]; @@ -1898,9 +1898,14 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, goto end; } + ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); + if (ivlen < 0) { + ret = SSL_TICKET_FATAL_ERR_OTHER; + goto end; + } + /* Sanity check ticket length: must exceed keyname + IV + HMAC */ - if (eticklen <= - TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx) + mlen) { + if (eticklen <= TLSEXT_KEYNAME_LENGTH + ivlen + mlen) { ret = SSL_TICKET_NO_DECRYPT; goto end; } @@ -1918,8 +1923,8 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, } /* Attempt to decrypt session data */ /* Move p after IV to start of encrypted ticket, update length */ - p = etick + TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx); - eticklen -= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx); + p = etick + TLSEXT_KEYNAME_LENGTH + ivlen; + eticklen -= TLSEXT_KEYNAME_LENGTH + ivlen; sdec = OPENSSL_malloc(eticklen); if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, (int)eticklen) <= 0) { |