diff options
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/cmac/cmac.c | 12 | ||||
| -rw-r--r-- | crypto/cms/cms_pwri.c | 8 | ||||
| -rw-r--r-- | crypto/evp/bio_enc.c | 4 | ||||
| -rw-r--r-- | crypto/evp/evp_key.c | 2 | ||||
| -rw-r--r-- | crypto/evp/evp_lib.c | 34 | ||||
| -rw-r--r-- | crypto/pkcs12/p12_decr.c | 10 |
6 files changed, 56 insertions, 14 deletions
diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index 50c8511ba7..95e531f68b 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -95,7 +95,7 @@ int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) if (in->nlast_block == -1) return 0; - if ((bl = EVP_CIPHER_CTX_get_block_size(in->cctx)) < 0) + if ((bl = EVP_CIPHER_CTX_get_block_size(in->cctx)) == 0) return 0; if (!EVP_CIPHER_CTX_copy(out->cctx, in->cctx)) return 0; @@ -111,6 +111,7 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, const EVP_CIPHER *cipher, ENGINE *impl) { static const unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH] = { 0 }; + int block_len; /* All zeros means restart */ if (!key && !cipher && !impl && keylen == 0) { @@ -119,7 +120,10 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, return 0; if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv)) return 0; - memset(ctx->tbl, 0, EVP_CIPHER_CTX_get_block_size(ctx->cctx)); + block_len = EVP_CIPHER_CTX_get_block_size(ctx->cctx); + if (block_len == 0) + return 0; + memset(ctx->tbl, 0, block_len); ctx->nlast_block = 0; return 1; } @@ -170,7 +174,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) return 0; if (dlen == 0) return 1; - if ((bl = EVP_CIPHER_CTX_get_block_size(ctx->cctx)) < 0) + if ((bl = EVP_CIPHER_CTX_get_block_size(ctx->cctx)) == 0) return 0; /* Copy into partial block if we need to */ if (ctx->nlast_block > 0) { @@ -234,7 +238,7 @@ int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) if (ctx->nlast_block == -1) return 0; - if ((bl = EVP_CIPHER_CTX_get_block_size(ctx->cctx)) < 0) + if ((bl = EVP_CIPHER_CTX_get_block_size(ctx->cctx)) == 0) return 0; if (poutlen != NULL) *poutlen = (size_t)bl; diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index 8b5beb2157..a028c5842c 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -204,6 +204,10 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, size_t blocklen = EVP_CIPHER_CTX_get_block_size(ctx); unsigned char *tmp; int outl, rv = 0; + + if (blocklen == 0) + return 0; + if (inlen < 2 * blocklen) { /* too small */ return 0; @@ -257,6 +261,10 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen, size_t blocklen = EVP_CIPHER_CTX_get_block_size(ctx); size_t olen; int dummy; + + if (blocklen == 0) + return 0; + /* * First decide length of output buffer: need header and round up to * multiple of block length. diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c index ece3f6d57f..fc6eec7764 100644 --- a/crypto/evp/bio_enc.c +++ b/crypto/evp/bio_enc.c @@ -132,6 +132,10 @@ static int enc_read(BIO *b, char *out, int outl) } blocksize = EVP_CIPHER_CTX_get_block_size(ctx->cipher); + + if (blocksize == 0) + return 0; + if (blocksize == 1) blocksize = 0; diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 607d45ee23..a4ba76cd83 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -88,7 +88,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, nkey = EVP_CIPHER_get_key_length(type); niv = EVP_CIPHER_get_iv_length(type); OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH); - OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH); + OPENSSL_assert(niv >= 0 && niv <= EVP_MAX_IV_LENGTH); if (data == NULL) return nkey; diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index f29d592e0f..e539a76a78 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -81,8 +81,12 @@ int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, evp_cipher_aead_asn1_params *asn1_params) { int ret = -1; /* Assume the worst */ - const EVP_CIPHER *cipher = c->cipher; + const EVP_CIPHER *cipher; + if (c == NULL || c->cipher == NULL) + goto err; + + cipher = c->cipher; /* * For legacy implementations, we detect custom AlgorithmIdentifier * parameter handling by checking if the function pointer @@ -172,8 +176,12 @@ int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, evp_cipher_aead_asn1_params *asn1_params) { int ret = -1; /* Assume the worst */ - const EVP_CIPHER *cipher = c->cipher; + const EVP_CIPHER *cipher; + + if (c == NULL || c->cipher == NULL) + goto err; + cipher = c->cipher; /* * For legacy implementations, we detect custom AlgorithmIdentifier * parameter handling by checking if there the function pointer @@ -230,6 +238,7 @@ int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, ret = -2; } +err: if (ret == -2) ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_CIPHER); else if (ret <= 0) @@ -387,7 +396,7 @@ int evp_cipher_cache_constants(EVP_CIPHER *cipher) int EVP_CIPHER_get_block_size(const EVP_CIPHER *cipher) { - return cipher->block_size; + return (cipher == NULL) ? 0 : cipher->block_size; } int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx) @@ -403,6 +412,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e) int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { + if (ctx == NULL || ctx->cipher == NULL) + return 0; + if (ctx->cipher->prov != NULL) { /* * If the provided implementation has a ccipher function, we use it, @@ -415,6 +427,9 @@ int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, size_t outl = 0; size_t blocksize = EVP_CIPHER_CTX_get_block_size(ctx); + if (blocksize == 0) + return 0; + if (ctx->cipher->ccipher != NULL) ret = ctx->cipher->ccipher(ctx->algctx, out, &outl, inl + (blocksize == 1 ? 0 : blocksize), @@ -454,7 +469,7 @@ EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(EVP_CIPHER_CTX *ctx) { EVP_CIPHER *cipher; - if (ctx == NULL) + if (ctx == NULL || ctx->cipher == NULL) return NULL; cipher = (EVP_CIPHER *)ctx->cipher; if (!EVP_CIPHER_up_ref(cipher)) @@ -469,7 +484,7 @@ int EVP_CIPHER_CTX_is_encrypting(const EVP_CIPHER_CTX *ctx) unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *cipher) { - return cipher->flags; + return cipher == NULL ? 0 : cipher->flags; } void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) @@ -499,11 +514,14 @@ void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data) int EVP_CIPHER_get_iv_length(const EVP_CIPHER *cipher) { - return cipher->iv_len; + return (cipher == NULL) ? 0 : cipher->iv_len; } int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx) { + if (ctx->cipher == NULL) + return 0; + if (ctx->iv_len < 0) { int rv, len = EVP_CIPHER_get_iv_length(ctx->cipher); size_t v = len; @@ -678,12 +696,12 @@ int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx) int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher) { - return cipher->nid; + return (cipher == NULL) ? NID_undef : cipher->nid; } int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx) { - return ctx->cipher->nid; + return EVP_CIPHER_get_nid(ctx->cipher); } int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name) diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c index b916db0ab1..498632a0bc 100644 --- a/crypto/pkcs12/p12_decr.c +++ b/crypto/pkcs12/p12_decr.c @@ -26,6 +26,7 @@ unsigned char *PKCS12_pbe_crypt_ex(const X509_ALGOR *algor, int outlen, i; EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); int max_out_len, mac_len = 0; + int block_size; if (ctx == NULL) { ERR_raise(ERR_LIB_PKCS12, ERR_R_EVP_LIB); @@ -43,7 +44,14 @@ unsigned char *PKCS12_pbe_crypt_ex(const X509_ALGOR *algor, * It's appended to encrypted text on encrypting * MAC should be processed on decrypting separately from plain text */ - max_out_len = inlen + EVP_CIPHER_CTX_get_block_size(ctx); + block_size = EVP_CIPHER_CTX_get_block_size(ctx); + + if (block_size == 0) { + ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER); + goto err; + } + + max_out_len = inlen + block_size; if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) { if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, 0, &mac_len) < 0) { |