diff options
author | Neil Horman <nhorman@openssl.org> | 2023-12-09 13:40:01 -0500 |
---|---|---|
committer | Neil Horman <nhorman@openssl.org> | 2024-01-25 08:27:53 -0500 |
commit | 6f22bcd631ab622c2436bc5b299ba2677c388375 (patch) | |
tree | e62244a2a0e8f491ab3e3b582928dbc6383f7abf /crypto/cmac/cmac.c | |
parent | ff78d94b131d7bb3b761509d3ce0dd864b1420e3 (diff) |
Add appropriate NULL checks in EVP_CIPHER api
The EVP_CIPHER api currently assumes that calls made into several APIs
have already initalized the cipher in a given context via a call to
EVP_CipherInit[_ex[2]]. If that hasnt been done, instead of an error,
the result is typically a SIGSEGV.
Correct that by adding missing NULL checks in the apropriate apis prior
to using ctx->cipher
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22995)
Diffstat (limited to 'crypto/cmac/cmac.c')
-rw-r--r-- | crypto/cmac/cmac.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index 50c8511ba7..95e531f68b 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -95,7 +95,7 @@ int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) if (in->nlast_block == -1) return 0; - if ((bl = EVP_CIPHER_CTX_get_block_size(in->cctx)) < 0) + if ((bl = EVP_CIPHER_CTX_get_block_size(in->cctx)) == 0) return 0; if (!EVP_CIPHER_CTX_copy(out->cctx, in->cctx)) return 0; @@ -111,6 +111,7 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, const EVP_CIPHER *cipher, ENGINE *impl) { static const unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH] = { 0 }; + int block_len; /* All zeros means restart */ if (!key && !cipher && !impl && keylen == 0) { @@ -119,7 +120,10 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, return 0; if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv)) return 0; - memset(ctx->tbl, 0, EVP_CIPHER_CTX_get_block_size(ctx->cctx)); + block_len = EVP_CIPHER_CTX_get_block_size(ctx->cctx); + if (block_len == 0) + return 0; + memset(ctx->tbl, 0, block_len); ctx->nlast_block = 0; return 1; } @@ -170,7 +174,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) return 0; if (dlen == 0) return 1; - if ((bl = EVP_CIPHER_CTX_get_block_size(ctx->cctx)) < 0) + if ((bl = EVP_CIPHER_CTX_get_block_size(ctx->cctx)) == 0) return 0; /* Copy into partial block if we need to */ if (ctx->nlast_block > 0) { @@ -234,7 +238,7 @@ int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) if (ctx->nlast_block == -1) return 0; - if ((bl = EVP_CIPHER_CTX_get_block_size(ctx->cctx)) < 0) + if ((bl = EVP_CIPHER_CTX_get_block_size(ctx->cctx)) == 0) return 0; if (poutlen != NULL) *poutlen = (size_t)bl; |