Sanity check lengths for AES wrap algorithm.

author Dr. Stephen Henson <steve@openssl.org>

Thu, 17 Jul 2014 01:50:48 +0000 (02:50 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Thu, 17 Jul 2014 11:57:40 +0000 (12:57 +0100)
author Dr. Stephen Henson <steve@openssl.org>
Thu, 17 Jul 2014 01:50:48 +0000 (02:50 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Thu, 17 Jul 2014 11:57:40 +0000 (12:57 +0100)
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c

index 504c75f8d12c518d55113a14b2acfe81718efa05..ce300440a89cda699b47d263bb9952946542ae92 100644 (file)
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -2098,7 +2098,11 @@ static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         EVP_AES_WRAP_CTX *wctx = ctx->cipher_data;
         size_t rv;
         if (inlen % 8)
-               return 0;
+               return -1;
+       if (ctx->encrypt && inlen < 8)
+               return -1;
+       if (!ctx->encrypt && inlen < 16)
+               return -1;
         if (!out)
                 {
                 if (ctx->encrypt)
diff --git a/crypto/modes/wrap128.c b/crypto/modes/wrap128.c

index 18785320f29ffa9a320ff400151f8b5ee58088bd..c6c14cdaaa06b9845947343543a773c6cd8afafa 100644 (file)
--- a/crypto/modes/wrap128.c
+++ b/crypto/modes/wrap128.c
@@ -106,7 +106,7 @@ size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv,
         unsigned char *A, B[16], *R;
         size_t i, j, t;
         inlen -= 8;
-       if ((inlen & 0x7) || (inlen < 8) || (inlen > CRYPTO128_WRAP_MAX))
+       if ((inlen & 0x7) || (inlen < 16) || (inlen > CRYPTO128_WRAP_MAX))
                 return 0;
         A = B;
         t =  6 * (inlen >> 3);
author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 17 Jul 2014 01:50:48 +0000 (02:50 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Thu, 17 Jul 2014 11:57:40 +0000 (12:57 +0100)
crypto/evp/e_aes.c		patch \| blob \| history
crypto/modes/wrap128.c		patch \| blob \| history