From 88d870824f1f913877f0f978ae60879575daf56d Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Sat, 14 Sep 2019 09:11:28 +1000 Subject: [PATCH] Fix S390X bad size_t that causes memory trash in legacy ciphers This caused a SEGV inside tls13_enc() when using chacha_poly. The tls code assigns the iv_length to a size_t (even though it is an int). This is actually really bad since it could be -1, which will then trash the iv buffer. Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9890) --- crypto/evp/evp_lib.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 5be04b0502..eeed7359a4 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -317,8 +317,8 @@ int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) { - int rv; - size_t len, v = EVP_CIPHER_iv_length(ctx->cipher); + int rv, len = EVP_CIPHER_iv_length(ctx->cipher); + size_t v = len; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &v); @@ -331,9 +331,9 @@ legacy: if ((EVP_CIPHER_flags(ctx->cipher) & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) { rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN, 0, &len); - return (rv == 1) ? (int)len : -1; + return (rv == 1) ? len : -1; } - return v; + return len; } int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx) -- 2.25.1