diff options
| author | David Benjamin <davidben@chromium.org> | 2014-07-10 20:04:11 +0400 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-07-11 00:59:10 +0400 |
| commit | 7bf334a9ff0236da88424f649f6f976bd1f7bf38 (patch) | |
| tree | 86b139035698689f8f5f9cd91071a58db4f69d13 | |
| parent | 09020c2f08df11179b93e6548117806a4c0d0d45 (diff) | |
Perform bounds checks in hmac_signctx.
Match the other EVP_DigestSignFinal implementations. Fix the instances in
ssl/t1_enc.c which were not following the EVP_DigestSignFinal contract; on
entry, *out_len should contain the size of the buffer.
Change-Id: Icd44d97a4c98704dea975798c0101d5a37274d17
Reviewed-on: https://boringssl-review.googlesource.com/1130
Reviewed-by: Adam Langley <agl@google.com>
| -rw-r--r-- | crypto/evp/evp.h | 1 | ||||
| -rw-r--r-- | crypto/evp/evp_error.c | 1 | ||||
| -rw-r--r-- | crypto/evp/p_hmac.c | 11 | ||||
| -rw-r--r-- | ssl/t1_enc.c | 4 |
4 files changed, 12 insertions, 5 deletions
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 91b1a376..2d82fd92 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -792,6 +792,7 @@ struct evp_pkey_st { #define EVP_F_EVP_PKEY_get1_DSA 151 #define EVP_F_pkey_rsa_encrypt 152 #define EVP_F_pkey_rsa_decrypt 153 +#define EVP_F_hmac_signctx 154 #define EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE 100 #define EVP_R_UNSUPPORTED_SIGNATURE_TYPE 101 #define EVP_R_INVALID_DIGEST_TYPE 102 diff --git a/crypto/evp/evp_error.c b/crypto/evp/evp_error.c index c349d303..8b3d0f6d 100644 --- a/crypto/evp/evp_error.c +++ b/crypto/evp/evp_error.c @@ -52,6 +52,7 @@ const ERR_STRING_DATA EVP_error_string_data[] = { {ERR_PACK(ERR_LIB_EVP, EVP_F_eckey_pub_encode, 0), "eckey_pub_encode"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_eckey_type2param, 0), "eckey_type2param"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_evp_pkey_ctx_new, 0), "evp_pkey_ctx_new"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_hmac_signctx, 0), "hmac_signctx"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_i2d_PublicKey, 0), "i2d_PublicKey"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_old_ec_priv_decode, 0), "old_ec_priv_decode"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_old_rsa_priv_decode, 0), "old_rsa_priv_decode"}, diff --git a/crypto/evp/p_hmac.c b/crypto/evp/p_hmac.c index b55db7a2..f068f205 100644 --- a/crypto/evp/p_hmac.c +++ b/crypto/evp/p_hmac.c @@ -56,6 +56,7 @@ #include <openssl/evp.h> #include <openssl/asn1.h> +#include <openssl/err.h> #include <openssl/hmac.h> #include <openssl/mem.h> #include <openssl/obj.h> @@ -153,14 +154,14 @@ static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, EVP_MD_CTX *mctx) { unsigned int hlen; HMAC_PKEY_CTX *hctx = ctx->data; - int l = EVP_MD_CTX_size(mctx); + size_t md_size = EVP_MD_CTX_size(mctx); - if (l < 0) { - return 0; - } - *siglen = l; if (!sig) { + *siglen = md_size; return 1; + } else if (*siglen < md_size) { + OPENSSL_PUT_ERROR(EVP, hmac_signctx, EVP_R_BUFFER_TOO_SMALL); + return 0; } if (!HMAC_Final(&hctx->ctx, sig, &hlen)) { diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index dac71b4d..d32315ea 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -186,6 +186,7 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, goto err; if (seed5 && !EVP_DigestSignUpdate(&ctx,seed5,seed5_len)) goto err; + A1_len = EVP_MAX_MD_SIZE; if (!EVP_DigestSignFinal(&ctx,A1,&A1_len)) goto err; @@ -211,16 +212,19 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, if (olen > chunk) { + j = olen; if (!EVP_DigestSignFinal(&ctx,out,&j)) goto err; out+=j; olen-=j; /* calc the next A1 value */ + A1_len = EVP_MAX_MD_SIZE; if (!EVP_DigestSignFinal(&ctx_tmp,A1,&A1_len)) goto err; } else /* last one */ { + A1_len = EVP_MAX_MD_SIZE; if (!EVP_DigestSignFinal(&ctx,A1,&A1_len)) goto err; memcpy(out,A1,olen); |