Cryptlib/OpenSSL/crypto/cmac/cmac.c: fix overflow

ffontaine · ffontaine · commit 82154338d542 · 2024-04-08T11:22:03.000+02:00
Check that bl - 1 is not negative to fix the following k1 stringop-overflow: In function 'make_kn', inlined from 'make_kn' at crypto/cmac/cmac.c:81:13, inlined from 'CMAC_Init' at crypto/cmac/cmac.c:205:9: crypto/cmac/cmac.c:92:20: error: writing 1 byte into a region of size 0 [-Werror=stringop-overflow=] 92 | k1[bl - 1] ^= bl == 16 ? 0x87 : 0x1b; | ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~ crypto/cmac/cmac.c: In function 'CMAC_Init': crypto/cmac/cmac.c:69:19: note: at offset [-2147483649, -1] into destination object 'k1' of size 32 69 | unsigned char k1[EVP_MAX_BLOCK_LENGTH]; | ^~ Fixes: - http://autobuild.buildroot.org/results/97b6333cdc7bad24aba7af1b04890679e0058299 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
diff --git a/Cryptlib/OpenSSL/crypto/cmac/cmac.c b/Cryptlib/OpenSSL/crypto/cmac/cmac.c
@@ -88,7 +88,7 @@ static void make_kn(unsigned char *k1, unsigned char *l, int bl)
             k1[i] |= 1;
     }
     /* If MSB set fixup with R */
-    if (l[0] & 0x80)
+    if (((bl - 1) >= 0) && (l[0] & 0x80))
         k1[bl - 1] ^= bl == 16 ? 0x87 : 0x1b;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -88,7 +88,7 @@ static void make_kn(unsigned char k1, unsigned char l, int bl)`
`88`	`88`	`k1[i] \|= 1;`
`89`	`89`	`}`
`90`	`90`	`/* If MSB set fixup with R */`
`91`		`- if (l[0] & 0x80)`
	`91`	`+ if (((bl - 1) >= 0) && (l[0] & 0x80))`
`92`	`92`	`k1[bl - 1] ^= bl == 16 ? 0x87 : 0x1b;`
`93`	`93`	`}`
`94`	`94`