diff options
author | Vitezslav Cizek <vcizek@suse.com> | 2018-02-06 16:46:31 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-09 11:56:34 +0100 |
commit | 23ab9cea554c314fb2488a89825bb8a8858b82c4 (patch) | |
tree | 671ab9bb60e45c62ee92f583f7d299e23b1832e1 | |
parent | d4db0cc63e24b6d33e7610b72a41c24daeab456a (diff) | |
download | gnutls-23ab9cea554c314fb2488a89825bb8a8858b82c4.tar.gz |
accelerated: check keysize in SSSE3 cipher setkey
aes_ssse3_cipher_setkey() accepted any key size,
which could lead to invalid memory access.
Such as with the oss-fuzz corpora file
fuzz/gnutls_pkcs8_key_parser_fuzzer.in/da59d34eacdf50a0019a457fb7c4916be48c99a5
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
-rw-r--r-- | lib/accelerated/x86/aes-cbc-x86-ssse3.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/accelerated/x86/aes-cbc-x86-ssse3.c b/lib/accelerated/x86/aes-cbc-x86-ssse3.c index 9e367cad94..2bbdeffe1e 100644 --- a/lib/accelerated/x86/aes-cbc-x86-ssse3.c +++ b/lib/accelerated/x86/aes-cbc-x86-ssse3.c @@ -65,6 +65,9 @@ aes_ssse3_cipher_setkey(void *_ctx, const void *userkey, size_t keysize) struct aes_ctx *ctx = _ctx; int ret; + if (keysize != 16 && keysize != 24 && keysize != 32) + return GNUTLS_E_INVALID_REQUEST; + if (ctx->enc) ret = vpaes_set_encrypt_key(userkey, keysize * 8, |