diff options
author | Vitezslav Cizek <vcizek@suse.com> | 2018-02-06 16:46:31 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-08 14:57:06 +0100 |
commit | eefd582a22dddef452bb469bff10664bf282fdd7 (patch) | |
tree | 79d944008de2f012e28b2427e3b560b257b3aa50 | |
parent | c420266ab7ed1459e5935c91a3d66ddf0ca72e4f (diff) | |
download | gnutls-eefd582a22dddef452bb469bff10664bf282fdd7.tar.gz |
accelerated: check keysize in SSSE3 cipher setkey
aes_ssse3_cipher_setkey() accepted any key size,
which could lead to invalid memory access.
Such as with the oss-fuzz corpora file
fuzz/gnutls_pkcs8_key_parser_fuzzer.in/da59d34eacdf50a0019a457fb7c4916be48c99a5
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
-rw-r--r-- | lib/accelerated/x86/aes-cbc-x86-ssse3.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/accelerated/x86/aes-cbc-x86-ssse3.c b/lib/accelerated/x86/aes-cbc-x86-ssse3.c index 8b90a5990a..d0f3708781 100644 --- a/lib/accelerated/x86/aes-cbc-x86-ssse3.c +++ b/lib/accelerated/x86/aes-cbc-x86-ssse3.c @@ -65,6 +65,9 @@ aes_ssse3_cipher_setkey(void *_ctx, const void *userkey, size_t keysize) struct aes_ctx *ctx = _ctx; int ret; + if (keysize != 16 && keysize != 24 && keysize != 32) + return GNUTLS_E_INVALID_REQUEST; + if (ctx->enc) ret = vpaes_set_encrypt_key(userkey, keysize * 8, |