[SERVER-62922] Add explicit bounds checks for OpenSSL EVP outputs Created: 24/Jan/22  Updated: 29/Oct/23  Resolved: 30/Apr/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.1.0-rc0

Type: Task Priority: Major - P3
Reporter: Spencer Jackson Assignee: Brad Moore
Resolution: Fixed Votes: 0
Labels: auto-reverted, neweng, neweng-brad
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Problem/Incident
Assigned Teams:
Server Security
Backwards Compatibility: Fully Compatible
Sprint: Security 2022-02-07, Security 2023-04-03, Security 2023-04-17, Security 2023-05-01
Participants:
Linked BF Score: 0

 Description   

OpenSSL exposes a uniform interface for encryption and decryption called "EVP". EVP functions generally accept an input, input length, and and output buffer and an output length(outl). EVP will process every byte in the input, and write it into the output. The exact cipher being used will determine how many bytes will be written into the output. For example, stream ciphers will generally add no overhead, while block ciphers can create as much as a block's worth of extra data. According to the OpenSSL documentation, OpenSSL will return however many bytes were written into the output buffer into outl. It does not appear to actually read data from this argument, and their example code shows the address of an uninitialized int being passed into EVP_EncryptUpdate.

While there are no known issues due to this behaviour, the Apple and Windows cryptography implementations appear to accept the size of the output buffer in their encryption/decryption routines and likely enforce invariants.

We should attempt to compute however many bytes we believe OpenSSL will consume from the output buffer, and throw a bad Status if it would overrun, before invoking EVP methods.



 Comments   
Comment by Githook User [ 29/Apr/23 ]

Author:

{'name': 'W. Brad Moore', 'email': 'brad.moore@mongodb.com', 'username': 'wbradmoore'}

Message: SERVER-62922: Add explicit bounds checks for OpenSSL EVP outputs; linux-only unit tests
Branch: master
https://github.com/mongodb/mongo/commit/7119eeb3c88cd787c686b8fc201a720f1c9e91e4

Comment by xgen-buildbaron-user [ 26/Apr/23 ]

Ticket re-opened due to revert. run_unittests began a consistent failure of build\install\bin\crypto_test.exe

Comment by Githook User [ 26/Apr/23 ]

Author:

{'name': 'auto-revert-processor', 'email': 'dev-prod-dag@mongodb.com', 'username': ''}

Message: Revert "SERVER-62922: Add explicit bounds checks for OpenSSL EVP outputs"

This reverts commit a199d5f7b81b303f0eb155469593889db5d8c4ef.
Branch: master
https://github.com/mongodb/mongo/commit/bc26bc0fcb01ffb24bba056c5625d09a47985fb3

Comment by Githook User [ 26/Apr/23 ]

Author:

{'name': 'W. Brad Moore', 'email': 'brad.moore@mongodb.com', 'username': 'wbradmoore'}

Message: SERVER-62922: Add explicit bounds checks for OpenSSL EVP outputs
Branch: master
https://github.com/mongodb/mongo/commit/a199d5f7b81b303f0eb155469593889db5d8c4ef

Generated at Thu Feb 08 05:56:26 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.