diff options
author | Neil Horman <nhorman@openssl.org> | 2023-12-09 13:40:01 -0500 |
---|---|---|
committer | Neil Horman <nhorman@openssl.org> | 2024-01-25 08:27:53 -0500 |
commit | 6f22bcd631ab622c2436bc5b299ba2677c388375 (patch) | |
tree | e62244a2a0e8f491ab3e3b582928dbc6383f7abf /crypto/cms | |
parent | ff78d94b131d7bb3b761509d3ce0dd864b1420e3 (diff) |
Add appropriate NULL checks in EVP_CIPHER api
The EVP_CIPHER api currently assumes that calls made into several APIs
have already initalized the cipher in a given context via a call to
EVP_CipherInit[_ex[2]]. If that hasnt been done, instead of an error,
the result is typically a SIGSEGV.
Correct that by adding missing NULL checks in the apropriate apis prior
to using ctx->cipher
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22995)
Diffstat (limited to 'crypto/cms')
-rw-r--r-- | crypto/cms/cms_pwri.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index 8b5beb2157..a028c5842c 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -204,6 +204,10 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, size_t blocklen = EVP_CIPHER_CTX_get_block_size(ctx); unsigned char *tmp; int outl, rv = 0; + + if (blocklen == 0) + return 0; + if (inlen < 2 * blocklen) { /* too small */ return 0; @@ -257,6 +261,10 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen, size_t blocklen = EVP_CIPHER_CTX_get_block_size(ctx); size_t olen; int dummy; + + if (blocklen == 0) + return 0; + /* * First decide length of output buffer: need header and round up to * multiple of block length. |