ltc: check range in _rijndael_ecb_ functions

There is no check that the 'skey' structure has been properly initialized. For example, the skey->rijndael.Nr is assumed to contain a positive number corresponding to the number of AES rounds to perform. In _rijndael_ecb_encrypt the skey->rijndael.Nr is subtracted by two, which can result in an integer underflow if the structure hasn't been initialized correctly. By clamping the value for skey->rijndael.Nr into the valid rounds for AES we can return an error instead of ending up reading outside the boundaries (of skey->rijndael.eK). Patch manually picked from [1]. Link: [1] libtom/libtomcrypt@7b4a5c1 Signed-off-by: Joakim Bech <[email protected]> Tested-by: Joakim Bech <[email protected]> (QEMU v7) Reported-by: Martijn Bogaard <[email protected]> Acked-by: Jerome Forissier <[email protected]>
weo · Oct 9, 2019 · a253662 · a253662
1 parent c4108ef
commit a253662
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/core/lib/libtomcrypt/src/ciphers/aes/aes.c b/core/lib/libtomcrypt/src/ciphers/aes/aes.c
@@ -296,6 +296,10 @@ int ECB_ENC(const unsigned char *pt, unsigned char *ct, const symmetric_key *ske
     LTC_ARGCHK(skey != NULL);
 
     Nr = skey->rijndael.Nr;
+
+    if (Nr < 2 || Nr > 16)
+        return CRYPT_INVALID_ROUNDS;
+
     rk = skey->rijndael.eK;
 
     /*
@@ -476,6 +480,10 @@ int ECB_DEC(const unsigned char *ct, unsigned char *pt, const symmetric_key *ske
     LTC_ARGCHK(skey != NULL);
 
     Nr = skey->rijndael.Nr;
+
+    if (Nr < 2 || Nr > 16)
+        return CRYPT_INVALID_ROUNDS;
+
     rk = skey->rijndael.dK;
 
     /*