Fix a crash in the speed command with wrap ciphers

e.g. openssl speed -evp id-aes256-wrap-pad was crashing because the return code from EVP_CipherInit_ex was ignored. Not going to allow that cipher mode because wrap ciphers produces more bytes output than the input length and EVP_Update_loop is not really prepared for that. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8739)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2019-04-13 10:01:09 +0200
committer: Bernd Edlinger <bernd.edlinger@hotmail.de> 2019-05-23 16:12:27 +0200
commit: 5d238a1032fee0e4759c2ed7fbd09cb9d7125a72 (patch)
tree: e21a55889bfc6474060b9027414a59505d4aeb40 /apps
parent: b1eb3fd732adc9afaae730426f48bbfec17694d1 (diff)
1 files changed, 16 insertions, 4 deletions
diff --git a/apps/speed.c b/apps/speed.c
index 72826f821c..5f16b13954 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -2717,16 +2717,28 @@ int speed_main(int argc, char **argv)
 
                 for (k = 0; k < loopargs_len; k++) {
                     loopargs[k].ctx = EVP_CIPHER_CTX_new();
-                    EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL, NULL,
-                                      iv, decrypt ? 0 : 1);
+                    if (loopargs[k].ctx == NULL) {
+                        BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n");
+                        exit(1);
+                    }
+                    if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL,
+                                           NULL, iv, decrypt ? 0 : 1)) {
+                        BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");
+                        ERR_print_errors(bio_err);
+                        exit(1);
+                    }
 
                     EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
 
                     keylen = EVP_CIPHER_CTX_key_length(loopargs[k].ctx);
                     loopargs[k].key = app_malloc(keylen, "evp_cipher key");
                     EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key);
-                    EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
-                                      loopargs[k].key, NULL, -1);
+                    if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
+                                           loopargs[k].key, NULL, -1)) {
+                        BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");
+                        ERR_print_errors(bio_err);
+                        exit(1);
+                    }
                     OPENSSL_clear_free(loopargs[k].key, keylen);
 
                     /* SIV mode only allows for a single Update operation */
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2019-04-13 10:01:09 +0200
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>	2019-05-23 16:12:27 +0200
commit	5d238a1032fee0e4759c2ed7fbd09cb9d7125a72 (patch)
tree	e21a55889bfc6474060b9027414a59505d4aeb40 /apps
parent	b1eb3fd732adc9afaae730426f48bbfec17694d1 (diff)