diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-02 11:20:45 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-02 13:50:15 +0100 |
| commit | 78b4d1c1c2b55bd59fb1e8428665d6caa70365f8 (patch) | |
| tree | 8d44918016b5c5d61c7ca441559f0a6a41e9717a /lib/accelerated | |
| parent | 1c99a138f42205d8da98d96bed5a55c8a6205d97 (diff) | |
| download | gnutls-78b4d1c1c2b55bd59fb1e8428665d6caa70365f8.tar.gz | |
nettle: added a safety net on wrap_nettle_cipher_setiv()
Return error if attempting to set invalid IV size.
Diffstat (limited to 'lib/accelerated')
| -rw-r--r-- | lib/accelerated/aarch64/aes-cbc-aarch64.c | 3 | ||||
| -rw-r--r-- | lib/accelerated/cryptodev.c | 3 | ||||
| -rw-r--r-- | lib/accelerated/x86/aes-cbc-x86-aesni.c | 3 | ||||
| -rw-r--r-- | lib/accelerated/x86/aes-cbc-x86-ssse3.c | 3 | ||||
| -rw-r--r-- | lib/accelerated/x86/aes-padlock.c | 2 |
5 files changed, 13 insertions, 1 deletions
diff --git a/lib/accelerated/aarch64/aes-cbc-aarch64.c b/lib/accelerated/aarch64/aes-cbc-aarch64.c index 649145999f..9022362e44 100644 --- a/lib/accelerated/aarch64/aes-cbc-aarch64.c +++ b/lib/accelerated/aarch64/aes-cbc-aarch64.c @@ -107,6 +107,9 @@ static int aes_setiv(void *_ctx, const void *iv, size_t iv_size) { struct aes_ctx *ctx = _ctx; + if (iv_size != 16) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + memcpy(ctx->iv, iv, 16); return 0; } diff --git a/lib/accelerated/cryptodev.c b/lib/accelerated/cryptodev.c index 03a5d66360..71b3365301 100644 --- a/lib/accelerated/cryptodev.c +++ b/lib/accelerated/cryptodev.c @@ -106,6 +106,9 @@ static int cryptodev_setiv(void *_ctx, const void *iv, size_t iv_size) { struct cryptodev_ctx *ctx = _ctx; + if (iv_size > EALG_MAX_BLOCK_LEN) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + memcpy(ctx->iv, iv, iv_size); return 0; diff --git a/lib/accelerated/x86/aes-cbc-x86-aesni.c b/lib/accelerated/x86/aes-cbc-x86-aesni.c index b935db9723..91d50e9bf0 100644 --- a/lib/accelerated/x86/aes-cbc-x86-aesni.c +++ b/lib/accelerated/x86/aes-cbc-x86-aesni.c @@ -84,6 +84,9 @@ static int aes_setiv(void *_ctx, const void *iv, size_t iv_size) { struct aes_ctx *ctx = _ctx; + if (iv_size != 16) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + memcpy(ctx->iv, iv, 16); return 0; } diff --git a/lib/accelerated/x86/aes-cbc-x86-ssse3.c b/lib/accelerated/x86/aes-cbc-x86-ssse3.c index 9e367cad94..8b90a5990a 100644 --- a/lib/accelerated/x86/aes-cbc-x86-ssse3.c +++ b/lib/accelerated/x86/aes-cbc-x86-ssse3.c @@ -107,6 +107,9 @@ static int aes_setiv(void *_ctx, const void *iv, size_t iv_size) { struct aes_ctx *ctx = _ctx; + if (iv_size != 16) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + memcpy(ctx->iv, iv, 16); return 0; } diff --git a/lib/accelerated/x86/aes-padlock.c b/lib/accelerated/x86/aes-padlock.c index ceda0faa5f..cf154ab2d8 100644 --- a/lib/accelerated/x86/aes-padlock.c +++ b/lib/accelerated/x86/aes-padlock.c @@ -115,7 +115,7 @@ static int aes_setiv(void *_ctx, const void *iv, size_t iv_size) pce = ALIGN16(&ctx->expanded_key); - if (iv_size < 16) + if (iv_size != 16) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); memcpy(pce->iv, iv, 16); |