ring/openssl at 1a7456ac15c231f8581cb5bb09fa12571640a25d - ring

History

David Benjamin e7c0c9734f Don't overflow the output length in EVP_CipherUpdate calls.

CVE-2021-23840

(Imported from upstream's 6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1.)

This differs slightly from upstream's version:

- EVP_R_OUTPUT_WOULD_OVERFLOW didn't seem necessary when ERR_R_OVERFLOW
  already exists. (Also since we use CIPHER_R_*, it wouldn't have helped
  with compatibility anyway. Though there's probably something to be
  said for us folding CIPHER_R_* back into EVP_R_*.)

- For simplicity, just check in_len + bl at the top, rather than trying
  to predict the exact number of bytes written.

Update-Note: Passing extremely large input lengths into EVP_CipherUpdate
will now fail. Use EVP_AEAD instead, which is size_t-based and has more
explicit output bounds.

Change-Id: I31835c89dcdecb6b112828f57deb798dc7187db5
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45685
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

2021-02-16 20:50:26 +00:00

aead.h

Add AES-GCM AEADs with internal nonce generation.

2020-11-02 21:38:54 +00:00

aes.h

Clarify in-place rules for low-level AES mode functions.

2020-07-06 18:20:21 +00:00

arm_arch.h

aarch64: Fix name of gnu property note section

2020-11-11 14:33:36 +00:00

asn1_mac.h

Purge the remainder of asn1_mac.h.

2016-08-03 21:37:31 +00:00

asn1.h

Reject bad ASN.1 templates with implicitly-tagged CHOICEs.

2020-12-08 22:10:05 +00:00

asn1t.h

Unexport internal crypto/asn1 functions.

2020-11-06 22:02:07 +00:00

base64.h

Document alternative functions to BIO_f_base64.

2018-09-07 15:58:12 +00:00

base.h

Add basic BLAKE2b-256 support.

2021-01-26 19:59:29 +00:00

bio.h

Fix crash when flushing an SSL BIO.

2020-10-09 21:06:44 +00:00

blake2.h

Add basic BLAKE2b-256 support.

2021-01-26 19:59:29 +00:00

blowfish.h

Fix some size_t to long casts.

2019-01-03 21:46:45 +00:00

bn.h

Split BN_prime_checks into two constants for generation and validation.

2019-12-16 22:20:22 +00:00

buf.h

Rename a number of BUF_* functions to OPENSSL_*.

2019-10-21 21:06:07 +00:00

buffer.h

Add buffer.h for compatibility.

2015-05-12 00:09:57 +00:00

bytestring.h

Fix awkward wording in comment.

2021-01-05 22:49:29 +00:00

cast.h

Fix some size_t to long casts.

2019-01-03 21:46:45 +00:00

chacha.h

Add chacha.h to the list of documented headers.

2017-10-12 15:27:34 +00:00

cipher.h

Don't overflow the output length in EVP_CipherUpdate calls.

2021-02-16 20:50:26 +00:00

cmac.h

Support symbol prefixes

2018-09-06 20:07:52 +00:00

conf.h

Undo recent changes to |X509V3_EXT_conf_nid|.

2018-10-17 21:05:45 +00:00

cpu.h

Align the ARM capability functions.

2021-02-10 17:34:17 +00:00

crypto.h

Bump OPENSSL_VERSION_NUMBER to 1.1.1.

2020-09-16 17:33:33 +00:00

curve25519.h

Support symbol prefixes

2018-09-06 20:07:52 +00:00

des.h

Add a warning to des.h.

2020-09-30 20:32:54 +00:00

dh.h

Add various function calls to test_fips.

2021-02-04 17:40:21 +00:00

digest.h

Add basic BLAKE2b-256 support.

2021-01-26 19:59:29 +00:00

dsa.h

Add simpler getters for DH and DSA.

2020-04-01 18:01:12 +00:00

dtls1.h

Opaquify DTLS structs.

2015-05-08 18:02:02 +00:00

e_os2.h

Add a stub e_os2.h header.

2018-05-08 01:32:14 +00:00

ec_key.h

Clarify that we perform the point-on-curve check.

2020-01-07 17:04:27 +00:00

ec.h

A handful more compatibility functions.

2021-01-07 22:41:58 +00:00

ecdh.h

Add ECDH_compute_key_fips inside the module.

2018-07-30 22:40:31 +00:00

ecdsa.h

Add ECDSA_SIG_get0_r and ECDSA_SIG_get0_s.

2020-02-18 22:08:35 +00:00

engine.h

Give ENGINE_free a return value.

2019-04-17 20:57:57 +00:00

err.h

Add missing ERR_LIB_TRUST_TOKEN constants.

2020-04-22 15:07:24 +00:00

evp.h

Document some defaults for the EVP RSA interface.

2020-11-17 21:46:25 +00:00

ex_data.h

Run comment conversion script on include/

2017-08-18 23:38:51 +00:00

hkdf.h

Run comment conversion script on include/

2017-08-18 23:38:51 +00:00

hmac.h

Support symbol prefixes

2018-09-06 20:07:52 +00:00

hrss.h

HRSS: flatten sample distribution.

2019-01-22 22:06:43 +00:00

is_boringssl.h

Run comment conversion script on include/

2017-08-18 23:38:51 +00:00

lhash.h

Clear out a bunch of -Wextra-semi warnings.

2019-02-21 19:12:39 +00:00

md4.h

Rename 'md' output parameter to 'out' and add bounds.

2019-04-08 18:19:01 +00:00

md5.h

Rename 'md' output parameter to 'out' and add bounds.

2019-04-08 18:19:01 +00:00

mem.h

Rename a number of BUF_* functions to OPENSSL_*.

2019-10-21 21:06:07 +00:00

nid.h

Add SHA-512-256.

2020-04-15 21:23:37 +00:00

obj_mac.h

Rename obj_mac.h to nid.h and make it a multiply-includable header.

2016-03-31 20:45:35 +00:00

obj.h

Add some more compatibility functions.

2018-05-08 20:51:15 +00:00

objects.h

Move public headers to include/openssl/

2014-07-14 22:42:18 +00:00

opensslconf.h

Add a few more OPENSSL_NO_* constants.

2020-09-29 16:55:12 +00:00

opensslv.h

2015-05-20 22:58:14 +00:00

ossl_typ.h

Move public headers to include/openssl/

2014-07-14 22:42:18 +00:00

pem.h

Document low-level PEM read/write functions.

2020-10-09 21:04:05 +00:00

pkcs7.h

Support symbol prefixes

2018-09-06 20:07:52 +00:00

pkcs8.h

Align PKCS12_parse closer to OpenSSL.

2019-05-21 17:08:43 +00:00

pkcs12.h

Move public headers to include/openssl/

2014-07-14 22:42:18 +00:00

poly1305.h

Remove alignment requirement on CRYPTO_poly1305_finish.

2020-01-06 19:10:12 +00:00

pool.h

Support symbol prefixes

2018-09-06 20:07:52 +00:00

rand.h

Add some OpenSSL-compatibility aliases

2021-01-07 16:44:54 +00:00

rc4.h

Run comment conversion script on include/

2017-08-18 23:38:51 +00:00

ripemd.h

Rename 'md' output parameter to 'out' and add bounds.

2019-04-08 18:19:01 +00:00

rsa.h

Harden against fork via MADV_WIPEONFORK.

2020-04-26 18:31:56 +00:00

safestack.h

Rename safe_stack.h to safestack.h.

2015-02-20 23:33:48 +00:00

sha.h

Add SHA-512-256.

2020-04-15 21:23:37 +00:00

siphash.h

Add SipHash-2-4.

2019-07-10 21:14:32 +00:00

span.h

Use stdlib.h instead of cstdlib in span.h.

2020-12-15 19:24:32 +00:00

srtp.h

Fold srtp.h into ssl.h.

2015-09-14 23:59:37 +00:00

ssl3.h

Modernize OPENSSL_COMPILE_ASSERT, part 2.

2018-11-14 16:06:37 +00:00

ssl.h

Honor SSL_TLSEXT_ERR_ALERT_FATAL in the ALPN callback.

2021-02-11 23:36:22 +00:00

stack.h

Clear out a bunch of -Wextra-semi warnings.

2019-02-21 19:12:39 +00:00

thread.h

Rename OPENSSL_NO_THREADS, part 1.

2018-09-26 19:10:02 +00:00

tls1.h

Define TLSEXT_TYPE_quic_transport_parameters to the old code point for now.

2021-01-20 22:57:32 +00:00

trust_token.h

Add raw redeem API.

2020-11-02 17:06:41 +00:00

type_check.h

Modernize OPENSSL_COMPILE_ASSERT, part 2.

2018-11-14 16:06:37 +00:00

x509_vfy.h

Add X509_STORE_CTX_get0_chain.

2020-03-24 01:51:30 +00:00

x509.h

Remove X509_issuer_and_serial_hash.

2021-02-16 18:22:32 +00:00

x509v3.h

Const-correct GENERAL_NAME_cmp.

2020-12-08 18:13:14 +00:00