From 0220fc9921f0aa3aea43e6b672b8f89b3eb0261a Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Thu, 5 Sep 2019 08:31:38 +0300
Subject: Disallow change EVP_CIPHER properties once set

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9764)
---
 crypto/evp/cmeth_lib.c | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

(limited to 'crypto')

diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c
index 34e85f6366..4d823f0f5e 100644
--- a/crypto/evp/cmeth_lib.c
+++ b/crypto/evp/cmeth_lib.c
@@ -54,18 +54,27 @@ void EVP_CIPHER_meth_free(EVP_CIPHER *cipher)
 
 int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len)
 {
+    if (cipher->iv_len != 0)
+        return 0;
+
     cipher->iv_len = iv_len;
     return 1;
 }
 
 int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags)
 {
+    if (cipher->flags != 0)
+        return 0;
+
     cipher->flags = flags;
     return 1;
 }
 
 int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size)
 {
+    if (cipher->ctx_size != 0)
+        return 0;
+
     cipher->ctx_size = ctx_size;
     return 1;
 }
@@ -76,6 +85,9 @@ int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
                                           const unsigned char *iv,
                                           int enc))
 {
+    if (cipher->init != NULL)
+        return 0;
+
     cipher->init = init;
     return 1;
 }
@@ -86,6 +98,9 @@ int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
                                                     const unsigned char *in,
                                                     size_t inl))
 {
+    if (cipher->do_cipher != NULL)
+        return 0;
+
     cipher->do_cipher = do_cipher;
     return 1;
 }
@@ -93,6 +108,9 @@ int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
 int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
                                 int (*cleanup) (EVP_CIPHER_CTX *))
 {
+    if (cipher->cleanup != NULL)
+        return 0;
+
     cipher->cleanup = cleanup;
     return 1;
 }
@@ -101,6 +119,9 @@ int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher,
                                         int (*set_asn1_parameters) (EVP_CIPHER_CTX *,
                                                                     ASN1_TYPE *))
 {
+    if (cipher->set_asn1_parameters != NULL)
+        return 0;
+
     cipher->set_asn1_parameters = set_asn1_parameters;
     return 1;
 }
@@ -109,6 +130,9 @@ int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher,
                                         int (*get_asn1_parameters) (EVP_CIPHER_CTX *,
                                                                     ASN1_TYPE *))
 {
+    if (cipher->get_asn1_parameters != NULL)
+        return 0;
+
     cipher->get_asn1_parameters = get_asn1_parameters;
     return 1;
 }
@@ -117,6 +141,9 @@ int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
                              int (*ctrl) (EVP_CIPHER_CTX *, int type,
                                           int arg, void *ptr))
 {
+    if (cipher->ctrl != NULL)
+        return 0;
+
     cipher->ctrl = ctrl;
     return 1;
 }
-- 
cgit v1.2.3