diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-04-13 10:01:09 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-05-23 16:15:33 +0200 |
commit | 69fd7d17c08559eec248389b052b49f2cb8b0c3b (patch) | |
tree | 885535fac944970d9e81399f1b3cfcaffa0ecc5b | |
parent | 9fc194321e2037c403f52242ca6e1c2beff7a009 (diff) |
Fix a crash in the speed command with wrap ciphers
e.g. openssl speed -evp id-aes256-wrap-pad
was crashing because the return code from EVP_CipherInit_ex
was ignored.
Not going to allow that cipher mode because wrap ciphers
produces more bytes output than the input length
and EVP_Update_loop is not really prepared for that.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8739)
(cherry picked from commit 5d238a1032fee0e4759c2ed7fbd09cb9d7125a72)
-rw-r--r-- | apps/speed.c | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/apps/speed.c b/apps/speed.c index e47ba30a6f..8d4b1695d8 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2629,16 +2629,28 @@ int speed_main(int argc, char **argv) for (k = 0; k < loopargs_len; k++) { loopargs[k].ctx = EVP_CIPHER_CTX_new(); - EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL, NULL, - iv, decrypt ? 0 : 1); + if (loopargs[k].ctx == NULL) { + BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n"); + exit(1); + } + if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL, + NULL, iv, decrypt ? 0 : 1)) { + BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n"); + ERR_print_errors(bio_err); + exit(1); + } EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0); keylen = EVP_CIPHER_CTX_key_length(loopargs[k].ctx); loopargs[k].key = app_malloc(keylen, "evp_cipher key"); EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key); - EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL, - loopargs[k].key, NULL, -1); + if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL, + loopargs[k].key, NULL, -1)) { + BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n"); + ERR_print_errors(bio_err); + exit(1); + } OPENSSL_clear_free(loopargs[k].key, keylen); } |