Skip to content

Commit 5f69f5c

Browse files
paulidalemattcaswell
authored andcommitted
evp: process key length and iv length early if present
evp_cipher_init_internal() takes a params array argument and this is processed late in the initialisation process for some ciphers (AEAD ones). This means that changing the IV length as a parameter will either truncate the IV (very bad if SP 800-38d section 8.2.1 is used) or grab extra uninitialised bytes. Truncation is very bad if SP 800-38d section 8.2.1 is being used to contruct a deterministic IV. This leads to an instant loss of confidentiality. Grabbing extra bytes isn't so serious, it will most likely result in a bad decryption. Problem reported by Tony Battersby of Cybernetics.com but earlier discovered and raised as issue #19822. Fixes CVE-2023-5363 Fixes #19822 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
1 parent 742e766 commit 5f69f5c

File tree

1 file changed

+36
-0
lines changed

1 file changed

+36
-0
lines changed

Diff for: crypto/evp/evp_enc.c

+36
Original file line numberDiff line numberDiff line change
@@ -228,6 +228,42 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
228228
return 0;
229229
}
230230

231+
#ifndef FIPS_MODULE
232+
/*
233+
* Fix for CVE-2023-5363
234+
* Passing in a size as part of the init call takes effect late
235+
* so, force such to occur before the initialisation.
236+
*
237+
* The FIPS provider's internal library context is used in a manner
238+
* such that this is not an issue.
239+
*/
240+
if (params != NULL) {
241+
OSSL_PARAM param_lens[3] = { OSSL_PARAM_END, OSSL_PARAM_END,
242+
OSSL_PARAM_END };
243+
OSSL_PARAM *q = param_lens;
244+
const OSSL_PARAM *p;
245+
246+
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
247+
if (p != NULL)
248+
memcpy(q++, p, sizeof(*q));
249+
250+
/*
251+
* Note that OSSL_CIPHER_PARAM_AEAD_IVLEN is a synomym for
252+
* OSSL_CIPHER_PARAM_IVLEN so both are covered here.
253+
*/
254+
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN);
255+
if (p != NULL)
256+
memcpy(q++, p, sizeof(*q));
257+
258+
if (q != param_lens) {
259+
if (!EVP_CIPHER_CTX_set_params(ctx, param_lens)) {
260+
ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
261+
return 0;
262+
}
263+
}
264+
}
265+
#endif
266+
231267
if (enc) {
232268
if (ctx->cipher->einit == NULL) {
233269
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);

0 commit comments

Comments
 (0)