summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/freebl/ctr.c
diff options
context:
space:
mode:
authorKevin Jacobs <kjacobs@mozilla.com>2019-10-24 16:47:28 +0200
committerwolfbeast <mcwerewolf@wolfbeast.com>2019-10-24 16:47:28 +0200
commitc525bb791873ecdcce59c0da4ceafc8f5f557b2f (patch)
treef35f574e4213bd9a0cfaafbc8c283d7653ac063d /security/nss/lib/freebl/ctr.c
parentedfba06ce39f155f9394381d4f445a0c986bac77 (diff)
downloadUXP-c525bb791873ecdcce59c0da4ceafc8f5f557b2f.tar
UXP-c525bb791873ecdcce59c0da4ceafc8f5f557b2f.tar.gz
UXP-c525bb791873ecdcce59c0da4ceafc8f5f557b2f.tar.lz
UXP-c525bb791873ecdcce59c0da4ceafc8f5f557b2f.tar.xz
UXP-c525bb791873ecdcce59c0da4ceafc8f5f557b2f.zip
Add length checks for cryptographic primitives
This rollup patch adds additional length checks around cryptographic primitives.
Diffstat (limited to 'security/nss/lib/freebl/ctr.c')
-rw-r--r--security/nss/lib/freebl/ctr.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/security/nss/lib/freebl/ctr.c b/security/nss/lib/freebl/ctr.c
index d7652c060..4d26a5b06 100644
--- a/security/nss/lib/freebl/ctr.c
+++ b/security/nss/lib/freebl/ctr.c
@@ -128,6 +128,12 @@ CTR_Update(CTRContext *ctr, unsigned char *outbuf,
unsigned int tmp;
SECStatus rv;
+ // Limit block count to 2^counterBits - 2
+ if (ctr->counterBits < (sizeof(unsigned int) * 8) &&
+ inlen > ((1 << ctr->counterBits) - 2) * AES_BLOCK_SIZE) {
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return SECFailure;
+ }
if (maxout < inlen) {
*outlen = inlen;
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
@@ -199,6 +205,12 @@ CTR_Update_HW_AES(CTRContext *ctr, unsigned char *outbuf,
unsigned int tmp;
SECStatus rv;
+ // Limit block count to 2^counterBits - 2
+ if (ctr->counterBits < (sizeof(unsigned int) * 8) &&
+ inlen > ((1 << ctr->counterBits) - 2) * AES_BLOCK_SIZE) {
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return SECFailure;
+ }
if (maxout < inlen) {
*outlen = inlen;
PORT_SetError(SEC_ERROR_OUTPUT_LEN);