From: Alexander Sosedkin Date: Tue, 25 Jan 2022 12:36:19 +0000 (+0100) Subject: lib/accelerated: report GNUTLS_E_SHORT_MEMORY_BUFFER in many places X-Git-Tag: 3.7.4~30^2~5 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=45d4635216d0bdc885ff45efd393f6f8afb81f98;p=thirdparty%2Fgnutls.git lib/accelerated: report GNUTLS_E_SHORT_MEMORY_BUFFER in many places Signed-off-by: Alexander Sosedkin --- diff --git a/lib/accelerated/aarch64/aes-cbc-aarch64.c b/lib/accelerated/aarch64/aes-cbc-aarch64.c index 68434f3656..299a0808de 100644 --- a/lib/accelerated/aarch64/aes-cbc-aarch64.c +++ b/lib/accelerated/aarch64/aes-cbc-aarch64.c @@ -91,6 +91,9 @@ aes_aarch64_encrypt(void *_ctx, const void *src, size_t src_size, if (unlikely(src_size % 16 != 0)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + if (unlikely(dst_size < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + aes_v8_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key), ctx->iv, 1); return 0; @@ -105,6 +108,9 @@ aes_aarch64_decrypt(void *_ctx, const void *src, size_t src_size, if (unlikely(src_size % 16 != 0)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + if (unlikely(dst_size < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + aes_v8_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key), ctx->iv, 0); diff --git a/lib/accelerated/aarch64/aes-ccm-aarch64.c b/lib/accelerated/aarch64/aes-ccm-aarch64.c index 5de7ab0e89..a2ba259e99 100644 --- a/lib/accelerated/aarch64/aes-ccm-aarch64.c +++ b/lib/accelerated/aarch64/aes-ccm-aarch64.c @@ -126,6 +126,9 @@ aes_ccm_aead_decrypt(void *_ctx, if (unlikely(encr_size < tag_size)) return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED); + if (unlikely(plain_size < encr_size - tag_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + ret = ccm_decrypt_message(&ctx->key, aarch64_aes_encrypt, nonce_size, nonce, auth_size, auth, diff --git a/lib/accelerated/aarch64/aes-gcm-aarch64.c b/lib/accelerated/aarch64/aes-gcm-aarch64.c index 01f22136a6..901bd9f60f 100644 --- a/lib/accelerated/aarch64/aes-gcm-aarch64.c +++ b/lib/accelerated/aarch64/aes-gcm-aarch64.c @@ -233,6 +233,9 @@ aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size, if (unlikely(ctx->finished)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + if (unlikely(length < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + if (blocks > 0) { ctr32_encrypt_blocks(src, dst, blocks, @@ -268,6 +271,9 @@ aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size, if (unlikely(ctx->finished)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + if (unlikely(dst_size < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + gcm_ghash(ctx, src, src_size); ctx->gcm.len.u[1] += src_size; diff --git a/lib/accelerated/afalg.c b/lib/accelerated/afalg.c index 12d4df7a5d..6348e3f197 100644 --- a/lib/accelerated/afalg.c +++ b/lib/accelerated/afalg.c @@ -134,8 +134,11 @@ static int afalg_cipher_encrypt(void *_ctx, const void *src, size_t src_size, return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED); } + if (unlikely(dst_size < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + iov.iov_base = (void *)dst; - iov.iov_len = (src_size > dst_size) ? dst_size : src_size; + iov.iov_len = src_size; if (kcapi_cipher_stream_op(ctx->handle, &iov, 1) < 0) { gnutls_assert(); @@ -162,8 +165,11 @@ static int afalg_cipher_decrypt(void *_ctx, const void *src, size_t src_size, return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED); } + if (unlikely(dst_size < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + iov.iov_base = (void *)dst; - iov.iov_len = (src_size > dst_size) ? dst_size : src_size; + iov.iov_len = src_size; if (kcapi_cipher_stream_op(ctx->handle, &iov, 1) < 0) { gnutls_assert(); @@ -313,6 +319,12 @@ static int afalg_aead_decrypt(void *_ctx, goto end; } + if (unlikely(plain_size < encr_size - tag_size)) { + gnutls_assert(); + ret = GNUTLS_E_SHORT_MEMORY_BUFFER; + goto end; + } + /* Init stream once. */ if (!ctx->taglen_set) { ctx->taglen_set = 1; diff --git a/lib/accelerated/cryptodev-gcm.c b/lib/accelerated/cryptodev-gcm.c index 876756094e..a847f821c4 100644 --- a/lib/accelerated/cryptodev-gcm.c +++ b/lib/accelerated/cryptodev-gcm.c @@ -138,7 +138,7 @@ aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size, * encrypted data. */ if (dst_size < src_size + GCM_BLOCK_SIZE) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); ctx->cryp.len = src_size; ctx->cryp.src = (void *) src; @@ -176,6 +176,9 @@ aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size, ctx->cryp.auth_len = ctx->auth_data_size; ctx->cryp.auth_src = ctx->auth_data; + if (dst_size < src_size - GCM_BLOCK_SIZE) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + if (ioctl(ctx->cfd, CIOCAUTHCRYPT, &ctx->cryp)) { gnutls_assert(); return GNUTLS_E_CRYPTODEV_IOCTL_ERROR; diff --git a/lib/accelerated/cryptodev.c b/lib/accelerated/cryptodev.c index d28322967d..dca3aa8ee8 100644 --- a/lib/accelerated/cryptodev.c +++ b/lib/accelerated/cryptodev.c @@ -128,6 +128,11 @@ cryptodev_encrypt(void *_ctx, const void *src, size_t src_size, ctx->cryp.op = COP_ENCRYPT; ctx->cryp.flags = COP_FLAG_WRITE_IV; + if (unlikely(dst_size < src_size)) { + gnutls_assert(); + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + if (ioctl(ctx->cfd, CIOCCRYPT, &ctx->cryp)) { gnutls_assert(); return GNUTLS_E_CRYPTODEV_IOCTL_ERROR; @@ -148,6 +153,11 @@ cryptodev_decrypt(void *_ctx, const void *src, size_t src_size, ctx->cryp.op = COP_DECRYPT; ctx->cryp.flags = COP_FLAG_WRITE_IV; + if (unlikely(dst_size < src_size)) { + gnutls_assert(); + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + if (ioctl(ctx->cfd, CIOCCRYPT, &ctx->cryp)) { gnutls_assert(); return GNUTLS_E_CRYPTODEV_IOCTL_ERROR; diff --git a/lib/accelerated/x86/aes-cbc-x86-aesni.c b/lib/accelerated/x86/aes-cbc-x86-aesni.c index e4364d54a1..fa9858d1a1 100644 --- a/lib/accelerated/x86/aes-cbc-x86-aesni.c +++ b/lib/accelerated/x86/aes-cbc-x86-aesni.c @@ -100,6 +100,9 @@ aes_encrypt(void *_ctx, const void *src, size_t src_size, { struct aes_ctx *ctx = _ctx; + if (unlikely(dst_size < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + if (unlikely(src_size % 16 != 0)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); @@ -114,6 +117,9 @@ aes_decrypt(void *_ctx, const void *src, size_t src_size, { struct aes_ctx *ctx = _ctx; + if (unlikely(dst_size < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + if (unlikely(src_size % 16 != 0)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); diff --git a/lib/accelerated/x86/aes-cbc-x86-ssse3.c b/lib/accelerated/x86/aes-cbc-x86-ssse3.c index fe09f502c3..7999fc1320 100644 --- a/lib/accelerated/x86/aes-cbc-x86-ssse3.c +++ b/lib/accelerated/x86/aes-cbc-x86-ssse3.c @@ -89,6 +89,9 @@ aes_ssse3_encrypt(void *_ctx, const void *src, size_t src_size, { struct aes_ctx *ctx = _ctx; + if (unlikely(dst_size < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + if (unlikely(src_size % 16 != 0)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); @@ -103,6 +106,9 @@ aes_ssse3_decrypt(void *_ctx, const void *src, size_t src_size, { struct aes_ctx *ctx = _ctx; + if (unlikely(dst_size < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + if (unlikely(src_size % 16 != 0)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); diff --git a/lib/accelerated/x86/aes-ccm-x86-aesni.c b/lib/accelerated/x86/aes-ccm-x86-aesni.c index 95607b95c1..701c0f992a 100644 --- a/lib/accelerated/x86/aes-ccm-x86-aesni.c +++ b/lib/accelerated/x86/aes-ccm-x86-aesni.c @@ -118,6 +118,9 @@ aes_ccm_aead_decrypt(void *_ctx, if (unlikely(encr_size < tag_size)) return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED); + if (unlikely(plain_size < encr_size - tag_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + ret = ccm_decrypt_message(&ctx->key, x86_aes_encrypt, nonce_size, nonce, auth_size, auth, diff --git a/lib/accelerated/x86/aes-gcm-aead.h b/lib/accelerated/x86/aes-gcm-aead.h index f8cb5a5ea1..3f473b51d5 100644 --- a/lib/accelerated/x86/aes-gcm-aead.h +++ b/lib/accelerated/x86/aes-gcm-aead.h @@ -10,7 +10,7 @@ aes_gcm_aead_encrypt(void *ctx, void *encr, size_t encr_size) { /* proper AEAD cipher */ - if (encr_size < plain_size + tag_size) + if (unlikely(encr_size < plain_size + tag_size)) return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); aes_gcm_setiv(ctx, nonce, nonce_size); @@ -32,9 +32,12 @@ aes_gcm_aead_decrypt(void *ctx, { uint8_t tag[MAX_HASH_SIZE]; - if (encr_size < tag_size) + if (unlikely(encr_size < tag_size)) return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED); + if (unlikely(plain_size < encr_size - tag_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + aes_gcm_setiv(ctx, nonce, nonce_size); aes_gcm_auth(ctx, auth, auth_size); diff --git a/lib/accelerated/x86/aes-gcm-padlock.c b/lib/accelerated/x86/aes-gcm-padlock.c index d651d0aed5..a9c7441d65 100644 --- a/lib/accelerated/x86/aes-gcm-padlock.c +++ b/lib/accelerated/x86/aes-gcm-padlock.c @@ -137,6 +137,9 @@ aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size, { struct gcm_padlock_aes_ctx *ctx = _ctx; + if (unlikely(length < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + GCM_ENCRYPT(ctx, padlock_aes_encrypt, src_size, dst, src); return 0; @@ -148,6 +151,9 @@ aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size, { struct gcm_padlock_aes_ctx *ctx = _ctx; + if (unlikely(dst_size < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + GCM_DECRYPT(ctx, padlock_aes_encrypt, src_size, dst, src); return 0; } diff --git a/lib/accelerated/x86/aes-gcm-x86-aesni.c b/lib/accelerated/x86/aes-gcm-x86-aesni.c index 6c1bb1f6fd..b0edaebfba 100644 --- a/lib/accelerated/x86/aes-gcm-x86-aesni.c +++ b/lib/accelerated/x86/aes-gcm-x86-aesni.c @@ -133,6 +133,9 @@ aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size, { struct gcm_x86_aes_ctx *ctx = _ctx; + if (unlikely(length < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + GCM_ENCRYPT(ctx, x86_aes_encrypt, src_size, dst, src); return 0; @@ -144,6 +147,9 @@ aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size, { struct gcm_x86_aes_ctx *ctx = _ctx; + if (unlikely(dst_size < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + GCM_DECRYPT(ctx, x86_aes_encrypt, src_size, dst, src); return 0; } diff --git a/lib/accelerated/x86/aes-gcm-x86-pclmul-avx.c b/lib/accelerated/x86/aes-gcm-x86-pclmul-avx.c index f601c0b282..21aef94440 100644 --- a/lib/accelerated/x86/aes-gcm-x86-pclmul-avx.c +++ b/lib/accelerated/x86/aes-gcm-x86-pclmul-avx.c @@ -188,6 +188,9 @@ aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size, if (unlikely(ctx->finished)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + if (unlikely(length < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + if (blocks > 0) { aesni_ctr32_encrypt_blocks(src, dst, blocks, @@ -334,14 +337,14 @@ aesni_gcm_aead_decrypt(void *_ctx, if (unlikely(encr_size < tag_size)) return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED); + if (unlikely(plain_size < encr_size - tag_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + aes_gcm_setiv(ctx, nonce, nonce_size); aes_gcm_auth(ctx, auth, auth_size); encr_size -= tag_size; - if (unlikely(plain_size < encr_size)) - return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); - if (encr_size >= 96) { s = aesni_gcm_decrypt(encr, plain, encr_size, ALIGN16(&ctx->expanded_key), ctx->gcm.Yi.c, ctx->gcm.Xi.u); diff --git a/lib/accelerated/x86/aes-gcm-x86-pclmul.c b/lib/accelerated/x86/aes-gcm-x86-pclmul.c index dc1e68dfe8..e6b4990cbf 100644 --- a/lib/accelerated/x86/aes-gcm-x86-pclmul.c +++ b/lib/accelerated/x86/aes-gcm-x86-pclmul.c @@ -188,6 +188,9 @@ aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size, if (unlikely(ctx->finished)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + if (unlikely(length < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + if (blocks > 0) { aesni_ctr32_encrypt_blocks(src, dst, blocks, @@ -223,6 +226,9 @@ aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size, if (unlikely(ctx->finished)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + if (unlikely(dst_size < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + gcm_ghash(ctx, src, src_size); ctx->gcm.len.u[1] += src_size; diff --git a/lib/accelerated/x86/aes-gcm-x86-ssse3.c b/lib/accelerated/x86/aes-gcm-x86-ssse3.c index f6b14681c9..7a2ac50869 100644 --- a/lib/accelerated/x86/aes-gcm-x86-ssse3.c +++ b/lib/accelerated/x86/aes-gcm-x86-ssse3.c @@ -142,6 +142,9 @@ aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size, { struct gcm_x86_aes_ctx *ctx = _ctx; + if (unlikely(length < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + GCM_ENCRYPT(ctx, x86_aes_encrypt, src_size, dst, src); return 0; @@ -153,6 +156,9 @@ aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size, { struct gcm_x86_aes_ctx *ctx = _ctx; + if (unlikely(dst_size < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + GCM_DECRYPT(ctx, x86_aes_encrypt, src_size, dst, src); return 0; } diff --git a/lib/accelerated/x86/aes-padlock.c b/lib/accelerated/x86/aes-padlock.c index 1e9b77c215..4fa6389a00 100644 --- a/lib/accelerated/x86/aes-padlock.c +++ b/lib/accelerated/x86/aes-padlock.c @@ -134,6 +134,9 @@ padlock_aes_cbc_encrypt(void *_ctx, const void *src, size_t src_size, struct padlock_cipher_data *pce; int ret = 1; + if (unlikely(dst_size < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + pce = ALIGN16(&ctx->expanded_key); if (src_size > 0) @@ -151,6 +154,9 @@ padlock_aes_cbc_decrypt(void *_ctx, const void *src, size_t src_size, struct padlock_cipher_data *pcd; int ret = 1; + if (unlikely(dst_size < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + pcd = ALIGN16(&ctx->expanded_key); if (src_size > 0) diff --git a/lib/accelerated/x86/aes-xts-x86-aesni.c b/lib/accelerated/x86/aes-xts-x86-aesni.c index b904cbf008..0588d0bd55 100644 --- a/lib/accelerated/x86/aes-xts-x86-aesni.c +++ b/lib/accelerated/x86/aes-xts-x86-aesni.c @@ -119,6 +119,9 @@ x86_aes_xts_encrypt(void *_ctx, const void *src, size_t src_size, { struct x86_aes_xts_ctx *ctx = _ctx; + if (unlikely(dst_size < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + if (src_size < 16) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); @@ -133,6 +136,9 @@ x86_aes_xts_decrypt(void *_ctx, const void *src, size_t src_size, { struct x86_aes_xts_ctx *ctx = _ctx; + if (unlikely(dst_size < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + if (src_size < 16) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);