--- openssl1.0-1.0.2u.orig/crypto/evp/evp_err.c +++ openssl1.0-1.0.2u/crypto/evp/evp_err.c @@ -215,6 +215,7 @@ static ERR_STRING_DATA EVP_str_reasons[] {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, + {ERR_REASON(EVP_R_OUTPUT_WOULD_OVERFLOW), "output would overflow"}, {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), "pkcs8 unknown broken type"}, {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"}, --- openssl1.0-1.0.2u.orig/crypto/evp/evp_enc.c +++ openssl1.0-1.0.2u/crypto/evp/evp_enc.c @@ -357,6 +357,20 @@ static int evp_EncryptDecryptUpdate(EVP_ return 1; } else { j = bl - i; + + /* + * Once we've processed the first j bytes from in, the amount of + * data left that is a multiple of the block length is: + * (inl - j) & ~(bl - 1) + * We must ensure that this amount of data, plus the one block that + * we process from ctx->buf does not exceed INT_MAX + */ + if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) { + EVPerr(EVP_F_EVP_ENCRYPTUPDATE, + EVP_R_OUTPUT_WOULD_OVERFLOW); + return 0; + } + memcpy(&(ctx->buf[i]), in, j); if (!M_do_cipher(ctx, out, ctx->buf, bl)) return 0; @@ -482,6 +496,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ct OPENSSL_assert(b <= sizeof(ctx->final)); if (ctx->final_used) { + /* + * final_used is only ever set if buf_len is 0. Therefore the maximum + * length output we will ever see from evp_EncryptDecryptUpdate is + * the maximum multiple of the block length that is <= inl, or just: + * inl & ~(b - 1) + * Since final_used has been set then the final output length is: + * (inl & ~(b - 1)) + b + * This must never exceed INT_MAX + */ + if ((inl & ~(b - 1)) > INT_MAX - b) { + EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW); + return 0; + } memcpy(out, ctx->final, b); out += b; fix_len = 1; --- openssl1.0-1.0.2u.orig/crypto/evp/evp.h +++ openssl1.0-1.0.2u/crypto/evp/evp.h @@ -1582,6 +1582,7 @@ void ERR_load_EVP_strings(void); # define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 # define EVP_R_INITIALIZATION_ERROR 134 # define EVP_R_INPUT_NOT_INITIALIZED 111 +# define EVP_R_OUTPUT_WOULD_OVERFLOW 184 # define EVP_R_INVALID_DIGEST 152 # define EVP_R_INVALID_FIPS_MODE 168 # define EVP_R_INVALID_KEY 171