accelerated: check keysize in SSSE3 cipher setkey

aes_ssse3_cipher_setkey() accepted any key size, which could lead to invalid memory access. Such as with the oss-fuzz corpora file fuzz/gnutls_pkcs8_key_parser_fuzzer.in/da59d34eacdf50a0019a457fb7c4916be48c99a5 Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
author: Vitezslav Cizek <vcizek@suse.com> 2018-02-06 16:46:31 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-02-09 11:57:57 +0100
commit: 9177b2519d721f46286b303937d2b59c69abf23a (patch)
tree: ae450cacb08849f51e865bf67c88c11ba2e83ed9
parent: 8e66155ad3c5934208fe2a3214ac84d4c1256191 (diff)
download: gnutls-9177b2519d721f46286b303937d2b59c69abf23a.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/accelerated/x86/aes-cbc-x86-ssse3.c b/lib/accelerated/x86/aes-cbc-x86-ssse3.c
index 0617d203c8..bbcd2934d9 100644
--- a/lib/accelerated/x86/aes-cbc-x86-ssse3.c
+++ b/lib/accelerated/x86/aes-cbc-x86-ssse3.c
@@ -65,6 +65,9 @@ aes_ssse3_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
 	struct aes_ctx *ctx = _ctx;
 	int ret;
 
+	if (keysize != 16 && keysize != 24 && keysize != 32)
+		return GNUTLS_E_INVALID_REQUEST;
+
 	if (ctx->enc)
 		ret =
 		    vpaes_set_encrypt_key(userkey, keysize * 8,
author	Vitezslav Cizek <vcizek@suse.com>	2018-02-06 16:46:31 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-02-09 11:57:57 +0100
commit	9177b2519d721f46286b303937d2b59c69abf23a (patch)
tree	ae450cacb08849f51e865bf67c88c11ba2e83ed9
parent	8e66155ad3c5934208fe2a3214ac84d4c1256191 (diff)
download	gnutls-9177b2519d721f46286b303937d2b59c69abf23a.tar.gz