evp: fix improper use of negative value issues

Coverity issues 1485662, 1485663 & 1485664. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15635)
author: Pauli <pauli@openssl.org> 2021-06-07 09:28:49 +1000
committer: Pauli <pauli@openssl.org> 2021-06-08 19:32:17 +1000
commit: 042f8f70cb8fb21445ed20d07e2624d5a2bba4e4 (patch)
tree: 71fec2fcb66df66cabee06ed2b28f6c8f5a38530 /crypto
parent: b0a0ab07b4313cc893b17880b4399bdb804837c5 (diff)
3 files changed, 18 insertions, 3 deletions
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 2c2a4ba90c..e43076752f 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -2516,9 +2516,14 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                           const unsigned char *in, size_t len)
 {
-    unsigned int num = EVP_CIPHER_CTX_get_num(ctx);
+    int n = EVP_CIPHER_CTX_get_num(ctx);
+    unsigned int num;
     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
 
+    if (n < 0)
+        return 0;
+    num = (unsigned int)n;
+
     if (dat->stream.ctr)
         CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
                                     ctx->iv,
diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c
index f53528ea5c..7e1fda33e1 100644
--- a/crypto/evp/e_aria.c
+++ b/crypto/evp/e_aria.c
@@ -175,9 +175,14 @@ const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \
 static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                const unsigned char *in, size_t len)
 {
-    unsigned int num = EVP_CIPHER_CTX_get_num(ctx);
+    int n = EVP_CIPHER_CTX_get_num(ctx);
+    unsigned int num;
     EVP_ARIA_KEY *dat = EVP_C_DATA(EVP_ARIA_KEY, ctx);
 
+    if (n < 0)
+        return 0;
+    num = (unsigned int)n;
+
     CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv,
                           EVP_CIPHER_CTX_buf_noconst(ctx), &num,
                           (block128_f) ossl_aria_encrypt);
diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c
index 39bec569f7..abd603015c 100644
--- a/crypto/evp/e_sm4.c
+++ b/crypto/evp/e_sm4.c
@@ -74,9 +74,14 @@ IMPLEMENT_BLOCK_CIPHER(sm4, ks, sm4, EVP_SM4_KEY, NID_sm4,
 static int sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                           const unsigned char *in, size_t len)
 {
-    unsigned int num = EVP_CIPHER_CTX_get_num(ctx);
+    int n = EVP_CIPHER_CTX_get_num(ctx);
+    unsigned int num;
     EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx);
 
+    if (n < 0)
+        return 0;
+    num = (unsigned int)n;
+
     CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv,
                           EVP_CIPHER_CTX_buf_noconst(ctx), &num,
                           (block128_f)ossl_sm4_encrypt);
author	Pauli <pauli@openssl.org>	2021-06-07 09:28:49 +1000
committer	Pauli <pauli@openssl.org>	2021-06-08 19:32:17 +1000
commit	042f8f70cb8fb21445ed20d07e2624d5a2bba4e4 (patch)
tree	71fec2fcb66df66cabee06ed2b28f6c8f5a38530 /crypto
parent	b0a0ab07b4313cc893b17880b4399bdb804837c5 (diff)