diff options
author | Dmitry Belyavskiy <beldmit@gmail.com> | 2022-07-27 12:15:07 +0200 |
---|---|---|
committer | Hugo Landau <hlandau@openssl.org> | 2022-08-01 08:14:23 +0100 |
commit | 83ab43da0c9f67c5069605552b1332ca5fadecf1 (patch) | |
tree | 750114cf1a5a764b5d0c8406710fd9fd39ff6235 /crypto | |
parent | 4000827fdbf3f6d70949186fdd2bc57638500885 (diff) |
Check that IV length is not less than zero
As EVP_CIPHER_CTX_get_iv_length indicates failure with -1, this error
should be processed. Also the result of this function shouldn't be
assigned to an unsigned variable.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18891)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/cms/cms_enc.c | 5 | ||||
-rw-r--r-- | crypto/cms/cms_pwri.c | 4 |
2 files changed, 9 insertions, 0 deletions
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index a896148dd8..150b9ee4e1 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -83,6 +83,11 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx)); /* Generate a random IV if we need one */ ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); + if (ivlen < 0) { + ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB); + goto err; + } + if (ivlen > 0) { if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0) goto err; diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index 380240561f..1f73cb1008 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -96,6 +96,10 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, } ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); + if (ivlen < 0) { + ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB); + goto err; + } if (ivlen > 0) { if (RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), iv, ivlen, 0) <= 0) |