Fix multiple vulnerabilities in OpenSSL.
Approved by: so Security: SA-21:17.openssl Security: CVE-2021-23840 Security: CVE-2021-23841
This commit is contained in:
parent
59892f6f86
commit
e47450a056
|
@ -1,4 +1,4 @@
|
|||
# Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -2275,6 +2275,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported
|
|||
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
|
||||
operation not supported for this keytype
|
||||
EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
|
||||
EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow
|
||||
EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
|
||||
EVP_R_PBKDF2_ERROR:181:pbkdf2 error
|
||||
EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <limits.h>
|
||||
#include <assert.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include <openssl/evp.h>
|
||||
|
@ -348,6 +349,19 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
|
|||
return 1;
|
||||
} else {
|
||||
j = bl - i;
|
||||
|
||||
/*
|
||||
* Once we've processed the first j bytes from in, the amount of
|
||||
* data left that is a multiple of the block length is:
|
||||
* (inl - j) & ~(bl - 1)
|
||||
* We must ensure that this amount of data, plus the one block that
|
||||
* we process from ctx->buf does not exceed INT_MAX
|
||||
*/
|
||||
if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
|
||||
EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE,
|
||||
EVP_R_OUTPUT_WOULD_OVERFLOW);
|
||||
return 0;
|
||||
}
|
||||
memcpy(&(ctx->buf[i]), in, j);
|
||||
inl -= j;
|
||||
in += j;
|
||||
|
@ -489,6 +503,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
|
|||
EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
|
||||
return 0;
|
||||
}
|
||||
/*
|
||||
* final_used is only ever set if buf_len is 0. Therefore the maximum
|
||||
* length output we will ever see from evp_EncryptDecryptUpdate is
|
||||
* the maximum multiple of the block length that is <= inl, or just:
|
||||
* inl & ~(b - 1)
|
||||
* Since final_used has been set then the final output length is:
|
||||
* (inl & ~(b - 1)) + b
|
||||
* This must never exceed INT_MAX
|
||||
*/
|
||||
if ((inl & ~(b - 1)) > INT_MAX - b) {
|
||||
EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW);
|
||||
return 0;
|
||||
}
|
||||
memcpy(out, ctx->final, b);
|
||||
out += b;
|
||||
fix_len = 1;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -238,6 +238,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
|
|||
"operation not supported for this keytype"},
|
||||
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
|
||||
"operaton not initialized"},
|
||||
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW),
|
||||
"output would overflow"},
|
||||
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
|
||||
"partially overlapping buffers"},
|
||||
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
|
||||
|
|
|
@ -39,6 +39,8 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
|
|||
if (ctx == NULL)
|
||||
goto err;
|
||||
f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
|
||||
if (f == NULL)
|
||||
goto err;
|
||||
if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
|
||||
goto err;
|
||||
if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f)))
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -11,9 +11,7 @@
|
|||
#ifndef HEADER_EVPERR_H
|
||||
# define HEADER_EVPERR_H
|
||||
|
||||
# ifndef HEADER_SYMHACKS_H
|
||||
# include <openssl/symhacks.h>
|
||||
# endif
|
||||
# include <openssl/symhacks.h>
|
||||
|
||||
# ifdef __cplusplus
|
||||
extern "C"
|
||||
|
@ -178,6 +176,7 @@ int ERR_load_EVP_strings(void);
|
|||
# define EVP_R_ONLY_ONESHOT_SUPPORTED 177
|
||||
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
|
||||
# define EVP_R_OPERATON_NOT_INITIALIZED 151
|
||||
# define EVP_R_OUTPUT_WOULD_OVERFLOW 184
|
||||
# define EVP_R_PARTIALLY_OVERLAPPING 162
|
||||
# define EVP_R_PBKDF2_ERROR 181
|
||||
# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
|
||||
|
|
Loading…
Reference in New Issue