diff options
| author | Ted Unangst <tedu@cvs.openbsd.org> | 2016-05-04 15:01:34 +0000 |
|---|---|---|
| committer | Ted Unangst <tedu@cvs.openbsd.org> | 2016-05-04 15:01:34 +0000 |
| commit | 0bf9289206bff820f1f01fc27ff5bd16a92d1aee (patch) | |
| tree | 59a345c6ff2c085eb027e20b32ed1e4b7e85e0a9 /lib | |
| parent | 3ea2b5d9e5e38d15316f0dab2f0e3628ee306f50 (diff) | |
fix a padding oracle in aesni cbc mac check. there must be enough data
for both the mac and padding bytes.
CVE-2016-2107 from openssl
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c b/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c index 42aa20701b9..8574823aed3 100644 --- a/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c +++ b/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.11 2016/05/04 14:53:29 tedu Exp $ */ +/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.12 2016/05/04 15:01:33 tedu Exp $ */ /* ==================================================================== * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. * @@ -60,6 +60,7 @@ #include <openssl/aes.h> #include <openssl/sha.h> #include "evp_locl.h" +#include "constant_time_locl.h" #ifndef EVP_CIPH_FLAG_AEAD_CIPHER #define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 @@ -282,6 +283,8 @@ aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); maxpad &= 255; + ret &= constant_time_ge(maxpad, pad); + inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1))); |