accelerated: check keysize in SSSE3 cipher setkey

aes_ssse3_cipher_setkey() accepted any key size, which could lead to invalid memory access. Such as with the oss-fuzz corpora file fuzz/gnutls_pkcs8_key_parser_fuzzer.in/da59d34eacdf50a0019a457fb7c4916be48c99a5 Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
author: Vitezslav Cizek <vcizek@suse.com> 2018-02-06 16:46:31 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-02-09 11:56:34 +0100
commit: 23ab9cea554c314fb2488a89825bb8a8858b82c4 (patch)
tree: 671ab9bb60e45c62ee92f583f7d299e23b1832e1
parent: d4db0cc63e24b6d33e7610b72a41c24daeab456a (diff)
download: gnutls-23ab9cea554c314fb2488a89825bb8a8858b82c4.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/accelerated/x86/aes-cbc-x86-ssse3.c b/lib/accelerated/x86/aes-cbc-x86-ssse3.c
index 9e367cad94..2bbdeffe1e 100644
--- a/lib/accelerated/x86/aes-cbc-x86-ssse3.c
+++ b/lib/accelerated/x86/aes-cbc-x86-ssse3.c
@@ -65,6 +65,9 @@ aes_ssse3_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
 	struct aes_ctx *ctx = _ctx;
 	int ret;
 
+	if (keysize != 16 && keysize != 24 && keysize != 32)
+		return GNUTLS_E_INVALID_REQUEST;
+
 	if (ctx->enc)
 		ret =
 		    vpaes_set_encrypt_key(userkey, keysize * 8,
author	Vitezslav Cizek <vcizek@suse.com>	2018-02-06 16:46:31 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-02-09 11:56:34 +0100
commit	23ab9cea554c314fb2488a89825bb8a8858b82c4 (patch)
tree	671ab9bb60e45c62ee92f583f7d299e23b1832e1
parent	d4db0cc63e24b6d33e7610b72a41c24daeab456a (diff)
download	gnutls-23ab9cea554c314fb2488a89825bb8a8858b82c4.tar.gz