RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-03-23 11:46:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

upstream: Fix EVP_CIPHER_CTX_ctrl() return checks

Browse Source 
While this API tries to translate negative return values (i.e. -1) to 0
in BoringSSL and LibreSSL, it is still possible for it to return negative
values in prinicple. We even incorrectly document that -1 can be returned
while Boring and OpenSSL plead the Fifth.

In OpenSSL 3 there are now code paths that explicitly return -1 and they
started shifting their return checks to <= 0 - of course they do this in
inconsistent and sometimes incorrect manner. While these paths aren't
reachable from ssh right now, who can really tell what happens in the two
hundred lines of inscrutable bloated mess this has become.

So error check with <= 0 to ensure that we don't accidentally translate an
error to success.

ok markus schwarze

OpenBSD-Commit-ID: a855c833cf4ecfce43bedc761f26ad924f70483c
This commit is contained in:
tb@openbsd.org 2025-03-14 09:49:49 +00:00 committed by Damien Miller
parent 2e81100763
commit 0ce5281f01
No known key found for this signature in database
1 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
cipher.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cipher.c,v 1.123 2024/08/23 04:51:00 deraadt Exp $ */
/* $OpenBSD: cipher.c,v 1.124 2025/03/14 09:49:49 tb Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -298,8 +298,8 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher,
goto out;
}
if (cipher_authlen(cipher) &&
!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_IV_FIXED,
-1, (u_char *)iv)) {
EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_IV_FIXED,
-1, (u_char *)iv) <= 0) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
@ -369,13 +369,13 @@ cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest,
if (authlen != cipher_authlen(cc->cipher))
return SSH_ERR_INVALID_ARGUMENT;
/* increment IV */
if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
1, lastiv))
if (EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
1, lastiv) <= 0)
return SSH_ERR_LIBCRYPTO_ERROR;
/* set tag on decryption */
if (!cc->encrypt &&
!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_TAG,
authlen, (u_char *)src + aadlen + len))
EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_TAG,
authlen, (u_char *)src + aadlen + len) <= 0)
return SSH_ERR_LIBCRYPTO_ERROR;
}
if (aadlen) {
@ -395,8 +395,8 @@ cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest,
return cc->encrypt ?
SSH_ERR_LIBCRYPTO_ERROR : SSH_ERR_MAC_INVALID;
if (cc->encrypt &&
!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_GET_TAG,
authlen, dest + aadlen + len))
EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_GET_TAG,
authlen, dest + aadlen + len) <= 0)
return SSH_ERR_LIBCRYPTO_ERROR;
}
return 0;
@ -465,10 +465,10 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, size_t len)
if ((size_t)evplen != len)
return SSH_ERR_INVALID_ARGUMENT;
if (cipher_authlen(c)) {
if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
len, iv))
if (EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, len,
iv) <= 0)
return SSH_ERR_LIBCRYPTO_ERROR;
} else if (!EVP_CIPHER_CTX_get_iv(cc->evp, iv, len))
} else if (EVP_CIPHER_CTX_get_iv(cc->evp, iv, len) <= 0)
return SSH_ERR_LIBCRYPTO_ERROR;
#endif
return 0;
@ -495,8 +495,8 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv, size_t len)
return SSH_ERR_INVALID_ARGUMENT;
if (cipher_authlen(c)) {
/* XXX iv arg is const, but EVP_CIPHER_CTX_ctrl isn't */
if (!EVP_CIPHER_CTX_ctrl(cc->evp,
EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv))
if (EVP_CIPHER_CTX_ctrl(cc->evp,
EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv) <= 0)
return SSH_ERR_LIBCRYPTO_ERROR;
} else if (!EVP_CIPHER_CTX_set_iv(cc->evp, iv, evplen))
return SSH_ERR_LIBCRYPTO_ERROR;