Disallow change EVP_CIPHER properties once set
authorDmitry Belyavskiy <beldmit@gmail.com>
Thu, 5 Sep 2019 05:31:38 +0000 (08:31 +0300)
committerDmitry Belyavskiy <beldmit@gmail.com>
Thu, 5 Sep 2019 09:47:06 +0000 (12:47 +0300)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9764)

crypto/evp/cmeth_lib.c

index 34e85f6..4d823f0 100644 (file)
@@ -54,18 +54,27 @@ void EVP_CIPHER_meth_free(EVP_CIPHER *cipher)
 
 int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len)
 {
+    if (cipher->iv_len != 0)
+        return 0;
+
     cipher->iv_len = iv_len;
     return 1;
 }
 
 int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags)
 {
+    if (cipher->flags != 0)
+        return 0;
+
     cipher->flags = flags;
     return 1;
 }
 
 int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size)
 {
+    if (cipher->ctx_size != 0)
+        return 0;
+
     cipher->ctx_size = ctx_size;
     return 1;
 }
@@ -76,6 +85,9 @@ int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
                                           const unsigned char *iv,
                                           int enc))
 {
+    if (cipher->init != NULL)
+        return 0;
+
     cipher->init = init;
     return 1;
 }
@@ -86,6 +98,9 @@ int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
                                                     const unsigned char *in,
                                                     size_t inl))
 {
+    if (cipher->do_cipher != NULL)
+        return 0;
+
     cipher->do_cipher = do_cipher;
     return 1;
 }
@@ -93,6 +108,9 @@ int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
 int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
                                 int (*cleanup) (EVP_CIPHER_CTX *))
 {
+    if (cipher->cleanup != NULL)
+        return 0;
+
     cipher->cleanup = cleanup;
     return 1;
 }
@@ -101,6 +119,9 @@ int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher,
                                         int (*set_asn1_parameters) (EVP_CIPHER_CTX *,
                                                                     ASN1_TYPE *))
 {
+    if (cipher->set_asn1_parameters != NULL)
+        return 0;
+
     cipher->set_asn1_parameters = set_asn1_parameters;
     return 1;
 }
@@ -109,6 +130,9 @@ int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher,
                                         int (*get_asn1_parameters) (EVP_CIPHER_CTX *,
                                                                     ASN1_TYPE *))
 {
+    if (cipher->get_asn1_parameters != NULL)
+        return 0;
+
     cipher->get_asn1_parameters = get_asn1_parameters;
     return 1;
 }
@@ -117,6 +141,9 @@ int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
                              int (*ctrl) (EVP_CIPHER_CTX *, int type,
                                           int arg, void *ptr))
 {
+    if (cipher->ctrl != NULL)
+        return 0;
+
     cipher->ctrl = ctrl;
     return 1;
 }