diff options
author | Jiasheng Jiang <jiasheng@purdue.edu> | 2024-03-22 18:41:58 +0000 |
---|---|---|
committer | Neil Horman <nhorman@openssl.org> | 2024-04-02 05:37:00 -0400 |
commit | bcf81f742dded19321dc7f76c1d729f615f8656c (patch) | |
tree | feaa8540896787e49aff246a92b5022e57b81b0c /ssl | |
parent | 9f6a48749afdcd5f35fb671651fc6af2b0b7d97a (diff) |
ssl/tls13_enc.c: Replace size_t with int and add the checks
Replace the type of variables with int to avoid implicit cast when they are assigned by EVP_MD_get_size().
Moreover, add the checks to avoid integer overflow.
Fixes: 6612d87b89 ("Use the correct size for TLSv1.3 finished keys")
Fixes: 34574f193b ("Add support for TLS1.3 secret generation")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23942)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/tls13_enc.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 772a6fc173..17e9cb8688 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -247,8 +247,14 @@ int tls13_generate_master_secret(SSL_CONNECTION *s, unsigned char *out, size_t *secret_size) { const EVP_MD *md = ssl_handshake_md(s); + int tmpsize; - *secret_size = EVP_MD_get_size(md); + tmpsize = EVP_MD_get_size(md); + if (tmpsize <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return 0; + } + *secret_size = (size_t)tmpsize; /* Calls SSLfatal() if required */ return tls13_generate_secret(s, md, prev, NULL, 0, out); } @@ -436,7 +442,7 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which) unsigned char *insecret; unsigned char *finsecret = NULL; const char *log_label = NULL; - size_t finsecretlen = 0; + int finsecretlen = 0; const unsigned char *label; size_t labellen, hashlen = 0; int ret = 0; @@ -541,6 +547,10 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which) insecret = s->handshake_secret; finsecret = s->client_finished_secret; finsecretlen = EVP_MD_get_size(ssl_handshake_md(s)); + if (finsecretlen <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } label = client_handshake_traffic; labellen = sizeof(client_handshake_traffic) - 1; log_label = CLIENT_HANDSHAKE_LABEL; @@ -573,6 +583,10 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which) insecret = s->handshake_secret; finsecret = s->server_finished_secret; finsecretlen = EVP_MD_get_size(ssl_handshake_md(s)); + if (finsecretlen <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } label = server_handshake_traffic; labellen = sizeof(server_handshake_traffic) - 1; log_label = SERVER_HANDSHAKE_LABEL; @@ -657,7 +671,7 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which) if (finsecret != NULL && !tls13_derive_finishedkey(s, ssl_handshake_md(s), secret, - finsecret, finsecretlen)) { + finsecret, (size_t)finsecretlen)) { /* SSLfatal() already called */ goto err; } |