validate cipher length before decrypting

[swayne275]

This addresses TOB-016.

I'm not sure if erroring when the len(ciphertext) < 4 is revealing any important information to a potential attacker, so please let me know. As is, it would panic (which is less directly revealing the same information).

This will be backported back to 1.7.x

[cipherboy]

Do we also need b.decrypt to check length? It kinda looks like it doesn't:

vault/vault/barrier_aes_gcm.go

Lines 1015 to 1035 in fe5c8db

	// decrypt is used to decrypt a value using the keyring
	func (b *AESGCMBarrier) decrypt(path string, gcm cipher.AEAD, cipher []byte) ([]byte, error) {
	// Capture the parts
	nonce := cipher[5 : 5+gcm.NonceSize()]
	raw := cipher[5+gcm.NonceSize():]
	out := make([]byte, 0, len(raw)-gcm.NonceSize())
	// Attempt to open
	switch cipher[4] {
	case AESGCMVersion1:
	return gcm.Open(out, nonce, raw, nil)
	case AESGCMVersion2:
	aad := []byte(nil)
	if path != "" {
	aad = []byte(path)
	}
	return gcm.Open(out, nonce, raw, aad)
	default:
	return nil, fmt.Errorf("version bytes mis-match")
	}
	}

[swayne275]

@cipherboy it looks like it should as well

edit: 951390b

[mladlow]

@swayne275 if you'd like you can use backport-assistant to automatically create the backport PRs for stuff like this in the future. There's a google doc on how to do this, which I'll eventually move to the wiki.

[swayne275]

@mladlow oh awesome! last i'd heard my understanding was that was only for docs changes. i had been using https://docs.google.com/document/d/1uQDcq2gd-rO4PHeK9fEEZ5qauGJVsEUrG57il3mOcQw/edit#heading=h.1n8tmqhs7xas