If ctx->cipher->cupdate/ctx->cipher->cfinal failed, 'soutl' is left
uninitialized.
This patch incorporates the same logic as present in EVP_DecryptUpdate and
EVP_DecryptFinal_ex: only branch on 'soutl' if the preceding call succeeded.
Bug found by OSS-Fuzz.
Signed-off-by: Guido Vranken <guidovranken@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8874)
inl + (blocksize == 1 ? 0 : blocksize), in,
(size_t)inl);
- if (soutl > INT_MAX) {
- EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_UPDATE_ERROR);
- return 0;
+ if (ret) {
+ if (soutl > INT_MAX) {
+ EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_UPDATE_ERROR);
+ return 0;
+ }
+ *outl = soutl;
}
- *outl = soutl;
+
return ret;
/* TODO(3.0): Remove legacy code below */
ret = ctx->cipher->cfinal(ctx->provctx, out, &soutl,
blocksize == 1 ? 0 : blocksize);
- if (soutl > INT_MAX) {
- EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_FINAL_ERROR);
- return 0;
+ if (ret) {
+ if (soutl > INT_MAX) {
+ EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_FINAL_ERROR);
+ return 0;
+ }
+ *outl = soutl;
}
- *outl = soutl;
return ret;