Check that we have enough padding characters

https://nvd.nist.gov/vuln/detail/CVE-2016-2107

https://git.openssl.org/?p=openssl.git;a=commit;h=68595c0c2886e7942a14f98c17a55a88afb6c292
Reviewed-by: Emilia Käsper <emilia@openssl.org>
CVE-2016-2107
MR: #2572

Change-Id: I63f9b88dab5cfeb85841578851a528407acdf1cb
Signed-off-by: jaekuk, lee <juku1999@samsung.com>

2 files changed, 4 insertions, 0 deletions

diff --git a/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c b/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
index 8330964ee..ccf304384 100644..100755
--- a/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -578,6 +578,8 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
             maxpad &= 255;
 
+            ret &= constant_time_ge(maxpad, pad);
+
             inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
             mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
             inp_len &= mask;
diff --git a/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c b/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
index 37800213c..3faae6309 100644..100755
--- a/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -589,6 +589,8 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
             maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
             maxpad &= 255;
 
+            ret &= constant_time_ge(maxpad, pad);
+
             inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1);
             mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
             inp_len &= mask;