Skip to content

Commit

Permalink
Cryptlib/OpenSSL/crypto/cmac/cmac.c: fix overflow
Browse files Browse the repository at this point in the history 
Check that bl - 1 is not negative to fix the following k1 stringop-overflow:

In function 'make_kn',
    inlined from 'make_kn' at crypto/cmac/cmac.c:81:13,
    inlined from 'CMAC_Init' at crypto/cmac/cmac.c:205:9:
crypto/cmac/cmac.c:92:20: error: writing 1 byte into a region of size 0 [-Werror=stringop-overflow=]
   92 |         k1[bl - 1] ^= bl == 16 ? 0x87 : 0x1b;
      |         ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~
crypto/cmac/cmac.c: In function 'CMAC_Init':
crypto/cmac/cmac.c:69:19: note: at offset [-2147483649, -1] into destination object 'k1' of size 32
   69 |     unsigned char k1[EVP_MAX_BLOCK_LENGTH];
      |                   ^~

Fixes:
 - http://autobuild.buildroot.org/results/97b6333cdc7bad24aba7af1b04890679e0058299

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
  • Loading branch information
@ffontaine
ffontaine committed Apr 8, 2024
1 parent 126a07e commit 8215433
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion Cryptlib/OpenSSL/crypto/cmac/cmac.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ static void make_kn(unsigned char *k1, unsigned char *l, int bl)
k1[i] |= 1;
}
/* If MSB set fixup with R */
if (l[0] & 0x80)
if (((bl - 1) >= 0) && (l[0] & 0x80))
k1[bl - 1] ^= bl == 16 ? 0x87 : 0x1b;
}

Expand Down

0 comments on commit 8215433

Please sign in to comment.