Perform bounds checks in hmac_signctx.

Match the other EVP_DigestSignFinal implementations. Fix the instances in ssl/t1_enc.c which were not following the EVP_DigestSignFinal contract; on entry, *out_len should contain the size of the buffer. Change-Id: Icd44d97a4c98704dea975798c0101d5a37274d17 Reviewed-on: https://boringssl-review.googlesource.com/1130 Reviewed-by: Adam Langley <agl@google.com>
10 年之前 · 7bf334a9ff
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -792,6 +792,7 @@ struct evp_pkey_st {
 #define EVP_F_EVP_PKEY_get1_DSA 151
 #define EVP_F_pkey_rsa_encrypt 152
 #define EVP_F_pkey_rsa_decrypt 153
 #define EVP_F_hmac_signctx 154
 #define EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE 100
 #define EVP_R_UNSUPPORTED_SIGNATURE_TYPE 101
 #define EVP_R_INVALID_DIGEST_TYPE 102
--- a/crypto/evp/evp_error.c
+++ b/crypto/evp/evp_error.c
@@ -52,6 +52,7 @@ const ERR_STRING_DATA EVP_error_string_data[] = {
  {ERR_PACK(ERR_LIB_EVP, EVP_F_eckey_pub_encode, 0), "eckey_pub_encode"},
  {ERR_PACK(ERR_LIB_EVP, EVP_F_eckey_type2param, 0), "eckey_type2param"},
  {ERR_PACK(ERR_LIB_EVP, EVP_F_evp_pkey_ctx_new, 0), "evp_pkey_ctx_new"},
  {ERR_PACK(ERR_LIB_EVP, EVP_F_hmac_signctx, 0), "hmac_signctx"},
  {ERR_PACK(ERR_LIB_EVP, EVP_F_i2d_PublicKey, 0), "i2d_PublicKey"},
  {ERR_PACK(ERR_LIB_EVP, EVP_F_old_ec_priv_decode, 0), "old_ec_priv_decode"},
  {ERR_PACK(ERR_LIB_EVP, EVP_F_old_rsa_priv_decode, 0), "old_rsa_priv_decode"},
--- a/crypto/evp/p_hmac.c
+++ b/crypto/evp/p_hmac.c
@@ -56,6 +56,7 @@
 #include <openssl/evp.h>

 #include <openssl/asn1.h>
 #include <openssl/err.h>
 #include <openssl/hmac.h>
 #include <openssl/mem.h>
 #include <openssl/obj.h>
@@ -153,14 +154,14 @@ static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                        EVP_MD_CTX *mctx) {
  unsigned int hlen;
  HMAC_PKEY_CTX *hctx = ctx->data;
  int l = EVP_MD_CTX_size(mctx);
  size_t md_size = EVP_MD_CTX_size(mctx);

  if (l < 0) {
    return 0;
  }
  *siglen = l;
  if (!sig) {
    *siglen = md_size;
    return 1;
  } else if (*siglen < md_size) {
    OPENSSL_PUT_ERROR(EVP, hmac_signctx, EVP_R_BUFFER_TOO_SMALL);
    return 0;
  }

  if (!HMAC_Final(&hctx->ctx, sig, &hlen)) {
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -186,6 +186,7 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
 		goto err;
 	if (seed5 && !EVP_DigestSignUpdate(&ctx,seed5,seed5_len))
 		goto err;
 	A1_len = EVP_MAX_MD_SIZE;
 	if (!EVP_DigestSignFinal(&ctx,A1,&A1_len))
 		goto err;

@@ -211,16 +212,19 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,

 		if (olen > chunk)
 			{
 			j = olen;
 			if (!EVP_DigestSignFinal(&ctx,out,&j))
 				goto err;
 			out+=j;
 			olen-=j;
 			/* calc the next A1 value */
 			A1_len = EVP_MAX_MD_SIZE;
 			if (!EVP_DigestSignFinal(&ctx_tmp,A1,&A1_len))
 				goto err;
 			}
 		else	/* last one */
 			{
 			A1_len = EVP_MAX_MD_SIZE;
 			if (!EVP_DigestSignFinal(&ctx,A1,&A1_len))
 				goto err;
 			memcpy(out,A1,olen);