diff options
| author | Niels Dossche <niels.dossche@ugent.be> | 2023-01-23 17:16:34 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2023-01-25 14:39:57 +0000 |
| commit | 9c92c4917e122b636f1660ef9911d890e1587e75 (patch) | |
| tree | 45790a6702d39e34072998e505fe4b3530fd410e /crypto | |
| parent | ce7193b123371035f60b820d7c7a98915bf57615 (diff) | |
Fix incomplete checks for EVP_CIPHER_asn1_to_param
EVP_CIPHER_asn1_to_param() returns a value <= 0 in case of an error, and
a value greater than 0 in case of success. Two callsites only check for
< 0 instead of <= 0. The other callsites perform this check correctly.
Change the two callsites to <= 0. Additionally correctly handle a zero
return value from EVP_CIPHER_get_asn1_iv as success.
Fixes: #20116
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/201213)
(cherry picked from commit 114d99b46bfb212ffc510865df317ca2c1542623)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/evp/evp_lib.c | 2 | ||||
| -rw-r--r-- | crypto/evp/p5_crpt2.c | 2 | ||||
| -rw-r--r-- | crypto/pkcs7/pk7_doit.c | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index cf2ea37215..6992219ca2 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -209,7 +209,7 @@ int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, break; default: - ret = EVP_CIPHER_get_asn1_iv(c, type); + ret = EVP_CIPHER_get_asn1_iv(c, type) >= 0 ? 1 : -1; } } else if (cipher->prov != NULL) { OSSL_PARAM params[3], *p = params; diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 8e3fccb213..33763b18af 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -159,7 +159,7 @@ int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, /* Fixup cipher based on AlgorithmIdentifier */ if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de)) goto err; - if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { + if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) <= 0) { ERR_raise(ERR_LIB_EVP, EVP_R_CIPHER_PARAMETER_ERROR); goto err; } diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index f116e46411..2a4f9482e8 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -588,7 +588,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) BIO_get_cipher_ctx(etmp, &evp_ctx); if (EVP_CipherInit_ex(evp_ctx, cipher, NULL, NULL, NULL, 0) <= 0) goto err; - if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0) + if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) <= 0) goto err; /* Generate random key as MMA defence */ len = EVP_CIPHER_CTX_get_key_length(evp_ctx); |