Skip to content

Commit 9d44125

Browse files
JeremiahM37JeremiahM37
committed
Chunk large inputs to prevent word32 truncation
1 parent 5c9dc05 commit 9d44125

6 files changed

Lines changed: 128 additions & 70 deletions

File tree

src/wp_aes_block.c

Lines changed: 52 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -431,45 +431,65 @@ static int wp_aes_block_dinit(wp_AesBlockCtx *ctx, const unsigned char *key,
431431
static int wp_aes_block_doit(wp_AesBlockCtx *ctx, unsigned char *out,
432432
const unsigned char *in, size_t inLen)
433433
{
434-
int rc;
435-
436-
#ifdef WP_HAVE_AESCBC
437-
if (ctx->mode == EVP_CIPH_CBC_MODE) {
438-
if (ctx->enc) {
439-
rc = wc_AesCbcEncrypt(&ctx->aes, out, in, (word32)inLen);
440-
if (rc != 0) {
441-
WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesCbcEncrypt", rc);
434+
int rc = 0;
435+
436+
while ((rc == 0) && (inLen > 0)) {
437+
/* Chunk must be block-aligned (AES block size = 16). */
438+
word32 chunk = (inLen > 0xFFFFFFF0U) ? 0xFFFFFFF0U : (word32)inLen;
439+
440+
#ifdef WP_HAVE_AESCBC
441+
if (ctx->mode == EVP_CIPH_CBC_MODE) {
442+
if (ctx->enc) {
443+
rc = wc_AesCbcEncrypt(&ctx->aes, out, in, chunk);
444+
if (rc != 0) {
445+
WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG,
446+
"wc_AesCbcEncrypt", rc);
447+
}
442448
}
443-
}
444-
else {
445-
rc = wc_AesCbcDecrypt(&ctx->aes, out, in, (word32)inLen);
446-
if (rc != 0) {
447-
WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesCbcDecrypt", rc);
449+
else {
450+
rc = wc_AesCbcDecrypt(&ctx->aes, out, in, chunk);
451+
if (rc != 0) {
452+
WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG,
453+
"wc_AesCbcDecrypt", rc);
454+
}
448455
}
449456
}
450-
XMEMCPY(ctx->iv, ctx->aes.reg, ctx->ivLen);
451-
}
452-
else
453-
#endif
454-
#ifdef WP_HAVE_AESECB
455-
if (ctx->mode == EVP_CIPH_ECB_MODE) {
456-
if (ctx->enc) {
457-
rc = wc_AesEcbEncrypt(&ctx->aes, out, in, (word32)inLen);
458-
if (rc != 0) {
459-
WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesEcbEncrypt", rc);
457+
else
458+
#endif
459+
#ifdef WP_HAVE_AESECB
460+
if (ctx->mode == EVP_CIPH_ECB_MODE) {
461+
if (ctx->enc) {
462+
rc = wc_AesEcbEncrypt(&ctx->aes, out, in, chunk);
463+
if (rc != 0) {
464+
WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG,
465+
"wc_AesEcbEncrypt", rc);
466+
}
460467
}
461-
}
462-
else {
463-
rc = wc_AesEcbDecrypt(&ctx->aes, out, in, (word32)inLen);
464-
if (rc != 0) {
465-
WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesEcbDecrypt", rc);
468+
else {
469+
rc = wc_AesEcbDecrypt(&ctx->aes, out, in, chunk);
470+
if (rc != 0) {
471+
WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG,
472+
"wc_AesEcbDecrypt", rc);
473+
}
466474
}
467475
}
476+
else
477+
#endif
478+
{
479+
rc = -1;
480+
}
481+
482+
in += chunk;
483+
out += chunk;
484+
inLen -= chunk;
468485
}
469-
else
470-
#endif
471-
{
472-
rc = -1;
486+
487+
if (rc == 0) {
488+
#ifdef WP_HAVE_AESCBC
489+
if (ctx->mode == EVP_CIPH_CBC_MODE) {
490+
XMEMCPY(ctx->iv, ctx->aes.reg, ctx->ivLen);
491+
}
492+
#endif
473493
}
474494

475495
return rc == 0;

src/wp_aes_stream.c

Lines changed: 31 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -532,13 +532,18 @@ static int wp_aes_stream_doit(wp_AesStreamCtx *ctx, unsigned char *out,
532532

533533
#ifdef WP_HAVE_AESCTR
534534
if (ctx->mode == EVP_CIPH_CTR_MODE) {
535-
int rc;
536-
537535
XMEMCPY(&ctx->aes.reg, ctx->iv, ctx->ivLen);
538-
rc = wc_AesCtrEncrypt(&ctx->aes, out, in, (word32)inLen);
539-
if (rc != 0) {
540-
WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesCtrEncrypt", rc);
541-
ok = 0;
536+
while (ok && (inLen > 0)) {
537+
word32 chunk = (inLen > 0xFFFFFFFFU) ? 0xFFFFFFFFU : (word32)inLen;
538+
int rc = wc_AesCtrEncrypt(&ctx->aes, out, in, chunk);
539+
if (rc != 0) {
540+
WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG,
541+
"wc_AesCtrEncrypt", rc);
542+
ok = 0;
543+
}
544+
in += chunk;
545+
out += chunk;
546+
inLen -= chunk;
542547
}
543548
if (ok) {
544549
XMEMCPY(ctx->iv, ctx->aes.reg, ctx->ivLen);
@@ -548,17 +553,24 @@ static int wp_aes_stream_doit(wp_AesStreamCtx *ctx, unsigned char *out,
548553
#endif
549554
#ifdef WP_HAVE_AESCFB
550555
if (ctx->mode == EVP_CIPH_CFB_MODE) {
551-
int rc;
552-
553556
XMEMCPY(&ctx->aes.reg, ctx->iv, ctx->ivLen);
554-
if (ctx->enc) {
555-
rc = wc_AesCfbEncrypt(&ctx->aes, out, in, (word32)inLen);
556-
}else {
557-
rc = wc_AesCfbDecrypt(&ctx->aes, out, in, (word32)inLen);
558-
}
559-
if (rc != 0) {
560-
WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesCfbEncrypt/wc_AesCfbDecrypt", rc);
561-
ok = 0;
557+
while (ok && (inLen > 0)) {
558+
word32 chunk = (inLen > 0xFFFFFFFFU) ? 0xFFFFFFFFU : (word32)inLen;
559+
int rc;
560+
if (ctx->enc) {
561+
rc = wc_AesCfbEncrypt(&ctx->aes, out, in, chunk);
562+
}
563+
else {
564+
rc = wc_AesCfbDecrypt(&ctx->aes, out, in, chunk);
565+
}
566+
if (rc != 0) {
567+
WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG,
568+
"wc_AesCfbEncrypt/wc_AesCfbDecrypt", rc);
569+
ok = 0;
570+
}
571+
in += chunk;
572+
out += chunk;
573+
inLen -= chunk;
562574
}
563575
if (ok) {
564576
XMEMCPY(ctx->iv, ctx->aes.reg, ctx->ivLen);
@@ -682,7 +694,9 @@ static int wp_aes_stream_cipher(wp_AesStreamCtx* ctx, unsigned char* out,
682694
ok = 0;
683695
}
684696

685-
*outLen = inLen;
697+
if (ok) {
698+
*outLen = inLen;
699+
}
686700
WOLFPROV_LEAVE(WP_LOG_COMP_AES, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
687701
return ok;
688702
}

src/wp_cmac.c

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -91,7 +91,7 @@ static void wp_cmac_free(wp_CmacCtx* macCtx)
9191
{
9292
if (macCtx != NULL) {
9393
OPENSSL_cleanse(macCtx->key, macCtx->keyLen);
94-
OPENSSL_free(macCtx);
94+
OPENSSL_clear_free(macCtx, sizeof(*macCtx));
9595
}
9696
}
9797

@@ -222,14 +222,19 @@ static int wp_cmac_update(wp_CmacCtx* macCtx, const unsigned char* data,
222222
size_t dataLen)
223223
{
224224
int ok = 1;
225-
int rc;
226225

227226
WOLFPROV_ENTER(WP_LOG_COMP_MAC, "wp_cmac_update");
228227

229-
rc = wc_CmacUpdate(&macCtx->cmac, data, (word32)dataLen);
230-
if (rc != 0) {
231-
WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_CmacUpdate", rc);
232-
ok = 0;
228+
while (ok && (dataLen > 0)) {
229+
word32 chunk = (dataLen > 0xFFFFFFFFU) ? 0xFFFFFFFFU : (word32)dataLen;
230+
int rc = wc_CmacUpdate(&macCtx->cmac, data, chunk);
231+
if (rc != 0) {
232+
WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_CmacUpdate",
233+
rc);
234+
ok = 0;
235+
}
236+
data += chunk;
237+
dataLen -= chunk;
233238
}
234239

235240
WOLFPROV_LEAVE(WP_LOG_COMP_MAC, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);

src/wp_des.c

Lines changed: 15 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -374,16 +374,25 @@ static int wp_des3_block_dinit(wp_Des3BlockCtx *ctx, const unsigned char *key,
374374
static int wp_des3_block_doit(wp_Des3BlockCtx *ctx, unsigned char *out,
375375
const unsigned char *in, size_t inLen)
376376
{
377-
int rc;
377+
int rc = 0;
378378

379379
if (ctx->mode == EVP_CIPH_CBC_MODE) {
380-
if (ctx->enc) {
381-
rc = wc_Des3_CbcEncrypt(&ctx->des3, out, in, (word32)inLen);
380+
while ((rc == 0) && (inLen > 0)) {
381+
/* Chunk must be block-aligned (DES3 block size = 8). */
382+
word32 chunk = (inLen > 0xFFFFFFF8U) ? 0xFFFFFFF8U : (word32)inLen;
383+
if (ctx->enc) {
384+
rc = wc_Des3_CbcEncrypt(&ctx->des3, out, in, chunk);
385+
}
386+
else {
387+
rc = wc_Des3_CbcDecrypt(&ctx->des3, out, in, chunk);
388+
}
389+
in += chunk;
390+
out += chunk;
391+
inLen -= chunk;
382392
}
383-
else {
384-
rc = wc_Des3_CbcDecrypt(&ctx->des3, out, in, (word32)inLen);
393+
if (rc == 0) {
394+
XMEMCPY(ctx->iv, ctx->des3.reg, ctx->ivLen);
385395
}
386-
XMEMCPY(ctx->iv, ctx->des3.reg, ctx->ivLen);
387396
}
388397
else
389398
{

src/wp_digests.c

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -153,10 +153,15 @@ static int name##_update(void* ctx, const unsigned char* in, size_t inLen) \
153153
{ \
154154
int ok = 1; \
155155
WOLFPROV_ENTER(WP_LOG_COMP_DIGEST, #name "_update"); \
156-
int rc = upd(ctx, in, (word32)inLen); \
157-
if (rc != 0) { \
158-
WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, #upd, rc); \
159-
ok = 0; \
156+
while (ok && (inLen > 0)) { \
157+
word32 chunk = (inLen > 0xFFFFFFFFU) ? 0xFFFFFFFFU : (word32)inLen; \
158+
int rc = upd(ctx, in, chunk); \
159+
if (rc != 0) { \
160+
WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, #upd, rc); \
161+
ok = 0; \
162+
} \
163+
in += chunk; \
164+
inLen -= chunk; \
160165
} \
161166
WOLFPROV_LEAVE(WP_LOG_COMP_DIGEST, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);\
162167
return ok; \

src/wp_hmac.c

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -248,14 +248,19 @@ static int wp_hmac_update(wp_HmacCtx* macCtx, const unsigned char* data,
248248
size_t dataLen)
249249
{
250250
int ok = 1;
251-
int rc;
252251

253252
WOLFPROV_ENTER(WP_LOG_COMP_MAC, "wp_hmac_update");
254253

255-
rc = wc_HmacUpdate(&macCtx->hmac, data, (word32)dataLen);
256-
if (rc != 0) {
257-
WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_HmacUpdate", rc);
258-
ok = 0;
254+
while (ok && (dataLen > 0)) {
255+
word32 chunk = (dataLen > 0xFFFFFFFFU) ? 0xFFFFFFFFU : (word32)dataLen;
256+
int rc = wc_HmacUpdate(&macCtx->hmac, data, chunk);
257+
if (rc != 0) {
258+
WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_HmacUpdate",
259+
rc);
260+
ok = 0;
261+
}
262+
data += chunk;
263+
dataLen -= chunk;
259264
}
260265

261266
WOLFPROV_LEAVE(WP_LOG_COMP_MAC, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);

0 commit comments

Comments
 (0)