Perform bounds checks in hmac_signctx.

Match the other EVP_DigestSignFinal implementations. Fix the instances in ssl/t1_enc.c which were not following the EVP_DigestSignFinal contract; on entry, *out_len should contain the size of the buffer. Change-Id: Icd44d97a4c98704dea975798c0101d5a37274d17 Reviewed-on: https://boringssl-review.googlesource.com/1130 Reviewed-by: Adam Langley <agl@google.com>
2014-07-10 12:04:11 -04:00 · 2014-07-10 12:04:11 -04:00 · 7bf334a9ff
commit 7bf334a9ff
parent 09020c2f08
4 changed files with 12 additions and 5 deletions
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@ -792,6 +792,7 @@ struct evp_pkey_st {
 #define EVP_F_EVP_PKEY_get1_DSA 151
 #define EVP_F_pkey_rsa_encrypt 152
 #define EVP_F_pkey_rsa_decrypt 153
+#define EVP_F_hmac_signctx 154
 #define EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE 100
 #define EVP_R_UNSUPPORTED_SIGNATURE_TYPE 101
 #define EVP_R_INVALID_DIGEST_TYPE 102
--- a/crypto/evp/evp_error.c
+++ b/crypto/evp/evp_error.c
@ -52,6 +52,7 @@ const ERR_STRING_DATA EVP_error_string_data[] = {
  {ERR_PACK(ERR_LIB_EVP, EVP_F_eckey_pub_encode, 0), "eckey_pub_encode"},
  {ERR_PACK(ERR_LIB_EVP, EVP_F_eckey_type2param, 0), "eckey_type2param"},
  {ERR_PACK(ERR_LIB_EVP, EVP_F_evp_pkey_ctx_new, 0), "evp_pkey_ctx_new"},
+  {ERR_PACK(ERR_LIB_EVP, EVP_F_hmac_signctx, 0), "hmac_signctx"},
  {ERR_PACK(ERR_LIB_EVP, EVP_F_i2d_PublicKey, 0), "i2d_PublicKey"},
  {ERR_PACK(ERR_LIB_EVP, EVP_F_old_ec_priv_decode, 0), "old_ec_priv_decode"},
  {ERR_PACK(ERR_LIB_EVP, EVP_F_old_rsa_priv_decode, 0), "old_rsa_priv_decode"},
--- a/crypto/evp/p_hmac.c
+++ b/crypto/evp/p_hmac.c
@ -56,6 +56,7 @@
 #include <openssl/evp.h>

 #include <openssl/asn1.h>
+#include <openssl/err.h>
 #include <openssl/hmac.h>
 #include <openssl/mem.h>
 #include <openssl/obj.h>
@ -153,14 +154,14 @@ static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                        EVP_MD_CTX *mctx) {
  unsigned int hlen;
  HMAC_PKEY_CTX *hctx = ctx->data;
-  int l = EVP_MD_CTX_size(mctx);
+  size_t md_size = EVP_MD_CTX_size(mctx);

-  if (l < 0) {
-    return 0;
-  }
-  *siglen = l;
  if (!sig) {
+    *siglen = md_size;
    return 1;
+  } else if (*siglen < md_size) {
+    OPENSSL_PUT_ERROR(EVP, hmac_signctx, EVP_R_BUFFER_TOO_SMALL);
+    return 0;
  }

  if (!HMAC_Final(&hctx->ctx, sig, &hlen)) {
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@ -186,6 +186,7 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
 		goto err;
 	if (seed5 && !EVP_DigestSignUpdate(&ctx,seed5,seed5_len))
 		goto err;
+	A1_len = EVP_MAX_MD_SIZE;
 	if (!EVP_DigestSignFinal(&ctx,A1,&A1_len))
 		goto err;

@ -211,16 +212,19 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,

 		if (olen > chunk)
 			{
+			j = olen;
 			if (!EVP_DigestSignFinal(&ctx,out,&j))
 				goto err;
 			out+=j;
 			olen-=j;
 			/* calc the next A1 value */
+			A1_len = EVP_MAX_MD_SIZE;
 			if (!EVP_DigestSignFinal(&ctx_tmp,A1,&A1_len))
 				goto err;
 			}
 		else	/* last one */
 			{
+			A1_len = EVP_MAX_MD_SIZE;
 			if (!EVP_DigestSignFinal(&ctx,A1,&A1_len))
 				goto err;
 			memcpy(out,A1,olen);