diff options
| author | Neil Horman <nhorman@openssl.org> | 2023-12-09 13:40:01 -0500 |
|---|---|---|
| committer | Neil Horman <nhorman@openssl.org> | 2024-01-25 08:27:53 -0500 |
| commit | 6f22bcd631ab622c2436bc5b299ba2677c388375 (patch) | |
| tree | e62244a2a0e8f491ab3e3b582928dbc6383f7abf /ssl | |
| parent | ff78d94b131d7bb3b761509d3ce0dd864b1420e3 (diff) | |
Add appropriate NULL checks in EVP_CIPHER api
The EVP_CIPHER api currently assumes that calls made into several APIs
have already initalized the cipher in a given context via a call to
EVP_CipherInit[_ex[2]]. If that hasnt been done, instead of an error,
the result is typically a SIGSEGV.
Correct that by adding missing NULL checks in the apropriate apis prior
to using ctx->cipher
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22995)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/record/methods/ssl3_meth.c | 3 | ||||
| -rw-r--r-- | ssl/record/methods/tls1_meth.c | 5 | ||||
| -rw-r--r-- | ssl/s3_enc.c | 1 | ||||
| -rw-r--r-- | ssl/ssl_ciph.c | 2 |
4 files changed, 11 insertions, 0 deletions
diff --git a/ssl/record/methods/ssl3_meth.c b/ssl/record/methods/ssl3_meth.c index 810dc0716b..145dccf0d9 100644 --- a/ssl/record/methods/ssl3_meth.c +++ b/ssl/record/methods/ssl3_meth.c @@ -119,6 +119,9 @@ static int ssl3_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *inrecs, l = rec->length; bs = EVP_CIPHER_CTX_get_block_size(ds); + if (bs == 0) + return 0; + /* COMPRESS */ if ((bs != 1) && sending && !provided) { diff --git a/ssl/record/methods/tls1_meth.c b/ssl/record/methods/tls1_meth.c index f13d530a05..f820803b8d 100644 --- a/ssl/record/methods/tls1_meth.c +++ b/ssl/record/methods/tls1_meth.c @@ -229,6 +229,11 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs, bs = EVP_CIPHER_get_block_size(EVP_CIPHER_CTX_get0_cipher(ds)); + if (bs == 0) { + RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_CIPHER); + return 0; + } + if (n_recs > 1) { if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds)) & EVP_CIPH_FLAG_PIPELINE) == 0) { diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 54c47dd3f9..d63ea56c33 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -120,6 +120,7 @@ int ssl3_change_cipher_state(SSL_CONNECTION *s, int which) md_len = (size_t)mdi; key_len = EVP_CIPHER_get_key_length(ciph); iv_len = EVP_CIPHER_get_iv_length(ciph); + if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { mac_secret = &(p[0]); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 31c0d5af1d..6e49d6b400 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -2221,6 +2221,8 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, in = 1; /* padding length byte */ out = EVP_CIPHER_get_iv_length(e_ciph); blk = EVP_CIPHER_get_block_size(e_ciph); + if (blk == 0) + return 0; } } |