enc: fix coverity 1451499, 1451501, 1451506, 1451507, 1351511, 1451514, 1451517,...

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14638)

diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c
index f3a68eb09d1fe54a0e0721484d3765fee7281d70..3e64e45f89e34cc4f7330a307ab43681d52152d9 100644 (file)
--- a/crypto/evp/e_aria.c
+++ b/crypto/evp/e_aria.c
@@ -171,7 +171,7 @@ static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                const unsigned char *in, size_t len)
 {
     unsigned int num = EVP_CIPHER_CTX_num(ctx);
-    EVP_ARIA_KEY *dat = EVP_C_DATA(EVP_ARIA_KEY,ctx);
+    EVP_ARIA_KEY *dat = EVP_C_DATA(EVP_ARIA_KEY, ctx);
 
     CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv,
                           EVP_CIPHER_CTX_buf_noconst(ctx), &num,

diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c
index 0d338b8b2fae26a57b27d2d9debe4dd2c889522b..3e7cd76934636a71a600ae08cf41154762bf74f3 100644 (file)
--- a/crypto/evp/e_camellia.c
+++ b/crypto/evp/e_camellia.c
@@ -316,9 +316,13 @@ static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                const unsigned char *in, size_t len)
 {
-    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    int snum = EVP_CIPHER_CTX_num(ctx);
+    unsigned int num;
     EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
 
+    if (snum < 0)
+        return 0;
+    num = snum;
     if (dat->stream.ctr)
         CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, ctx->iv,
                                     EVP_CIPHER_CTX_buf_noconst(ctx), &num,

diff --git a/crypto/idea/i_cfb64.c b/crypto/idea/i_cfb64.c
index b9db1639cf363512356e9dbf9c875c40fd6584dc..a477799edf6acfd04f99afede6fccef29dd76a03 100644 (file)
--- a/crypto/idea/i_cfb64.c
+++ b/crypto/idea/i_cfb64.c
@@ -33,6 +33,11 @@ void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
     unsigned long ti[2];
     unsigned char *iv, c, cc;
 
+    if (n < 0) {
+        *num = -1;
+        return;
+    }
+
     iv = (unsigned char *)ivec;
     if (encrypt) {
         while (l--) {

diff --git a/crypto/idea/i_ofb64.c b/crypto/idea/i_ofb64.c
index 89ac18ce9189b91c077493423a9885269cfaf11d..246886bdc43ca494ffbef3cf73532d397db92c2e 100644 (file)
--- a/crypto/idea/i_ofb64.c
+++ b/crypto/idea/i_ofb64.c
@@ -35,6 +35,11 @@ void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out,
     unsigned char *iv;
     int save = 0;
 
+    if (n < 0) {
+        *num = -1;
+        return;
+    }
+
     iv = (unsigned char *)ivec;
     n2l(iv, v0);
     n2l(iv, v1);

diff --git a/crypto/modes/cfb128.c b/crypto/modes/cfb128.c
index fa94f047b5540f63ed461e27520fb186240f6ac7..f9c3c6053698f0a2813aca120b97aeb01ac5fed4 100644 (file)
--- a/crypto/modes/cfb128.c
+++ b/crypto/modes/cfb128.c
@@ -30,6 +30,11 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
     unsigned int n;
     size_t l = 0;
 
+    if (*num < 0) {
+        /* There is no good way to signal an error return from here */
+        *num = -1;
+        return;
+    }
     n = *num;
 
     if (enc) {

diff --git a/crypto/modes/ctr128.c b/crypto/modes/ctr128.c
index b902ee9b0b7f1aa53fe80345421a91e5e1c4a626..2147751c588644b059c9f7732269ec12288012d3 100644 (file)
--- a/crypto/modes/ctr128.c
+++ b/crypto/modes/ctr128.c
@@ -155,7 +155,7 @@ void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
 {
     unsigned int n, ctr32;
 
-    n = *num;
+   n = *num;
 
     while (n && len) {
         *(out++) = *(in++) ^ ecount_buf[n];

diff --git a/crypto/modes/ofb128.c b/crypto/modes/ofb128.c
index 829d724e2ae1e2426f8bedb6cb7c1fb6188b5508..0b213802083a3dc988ea5ba8a74e9e999cd4fd0d 100644 (file)
--- a/crypto/modes/ofb128.c
+++ b/crypto/modes/ofb128.c
@@ -29,6 +29,11 @@ void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
     unsigned int n;
     size_t l = 0;
 
+    if (*num < 0) {
+        /* There is no good way to signal an error return from here */
+        *num = -1;
+        return;
+    }
     n = *num;
 
 #if !defined(OPENSSL_SMALL_FOOTPRINT)