From d12eef15016e49fc09d6c96653c61624e032d1a3 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 17 Jul 2014 02:50:48 +0100 Subject: [PATCH] Sanity check lengths for AES wrap algorithm. Reviewed-by: Tim Hudson --- crypto/evp/e_aes.c | 6 +++++- crypto/modes/wrap128.c | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 504c75f8d1..ce300440a8 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -2098,7 +2098,11 @@ static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, EVP_AES_WRAP_CTX *wctx = ctx->cipher_data; size_t rv; if (inlen % 8) - return 0; + return -1; + if (ctx->encrypt && inlen < 8) + return -1; + if (!ctx->encrypt && inlen < 16) + return -1; if (!out) { if (ctx->encrypt) diff --git a/crypto/modes/wrap128.c b/crypto/modes/wrap128.c index 18785320f2..c6c14cdaaa 100644 --- a/crypto/modes/wrap128.c +++ b/crypto/modes/wrap128.c @@ -106,7 +106,7 @@ size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, unsigned char *A, B[16], *R; size_t i, j, t; inlen -= 8; - if ((inlen & 0x7) || (inlen < 8) || (inlen > CRYPTO128_WRAP_MAX)) + if ((inlen & 0x7) || (inlen < 16) || (inlen > CRYPTO128_WRAP_MAX)) return 0; A = B; t = 6 * (inlen >> 3); -- 2.25.1