accelerated: check keysize in SSSE3 cipher setkey

aes_ssse3_cipher_setkey() accepted any key size, which could lead to invalid memory access. Such as with the oss-fuzz corpora file fuzz/gnutls_pkcs8_key_parser_fuzzer.in/da59d34eacdf50a0019a457fb7c4916be48c99a5 Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
author: Vitezslav Cizek <vcizek@suse.com> 2018-02-06 16:46:31 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-02-08 14:57:06 +0100
commit: eefd582a22dddef452bb469bff10664bf282fdd7 (patch)
tree: 79d944008de2f012e28b2427e3b560b257b3aa50
parent: c420266ab7ed1459e5935c91a3d66ddf0ca72e4f (diff)
download: gnutls-eefd582a22dddef452bb469bff10664bf282fdd7.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/accelerated/x86/aes-cbc-x86-ssse3.c b/lib/accelerated/x86/aes-cbc-x86-ssse3.c
index 8b90a5990a..d0f3708781 100644
--- a/lib/accelerated/x86/aes-cbc-x86-ssse3.c
+++ b/lib/accelerated/x86/aes-cbc-x86-ssse3.c
@@ -65,6 +65,9 @@ aes_ssse3_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
 	struct aes_ctx *ctx = _ctx;
 	int ret;
 
+	if (keysize != 16 && keysize != 24 && keysize != 32)
+		return GNUTLS_E_INVALID_REQUEST;
+
 	if (ctx->enc)
 		ret =
 		    vpaes_set_encrypt_key(userkey, keysize * 8,
author	Vitezslav Cizek <vcizek@suse.com>	2018-02-06 16:46:31 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-02-08 14:57:06 +0100
commit	eefd582a22dddef452bb469bff10664bf282fdd7 (patch)
tree	79d944008de2f012e28b2427e3b560b257b3aa50
parent	c420266ab7ed1459e5935c91a3d66ddf0ca72e4f (diff)
download	gnutls-eefd582a22dddef452bb469bff10664bf282fdd7.tar.gz