EVP_EncryptUpdate, EVP_EncryptFinal_ex: don't branch on uninitialized memory
authorGuido Vranken <guidovranken@gmail.com>
Fri, 3 May 2019 13:44:38 +0000 (15:44 +0200)
committerPauli <paul.dale@oracle.com>
Wed, 8 May 2019 01:02:36 +0000 (11:02 +1000)
If ctx->cipher->cupdate/ctx->cipher->cfinal failed, 'soutl' is left
uninitialized.

This patch incorporates the same logic as present in EVP_DecryptUpdate and
EVP_DecryptFinal_ex: only branch on 'soutl' if the preceding call succeeded.

Bug found by OSS-Fuzz.

Signed-off-by: Guido Vranken <guidovranken@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8874)

crypto/evp/evp_enc.c

index 4bc6370..29b707a 100644 (file)
@@ -590,11 +590,14 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                                inl + (blocksize == 1 ? 0 : blocksize), in,
                                (size_t)inl);
 
-    if (soutl > INT_MAX) {
-        EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_UPDATE_ERROR);
-        return 0;
+    if (ret) {
+        if (soutl > INT_MAX) {
+            EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_UPDATE_ERROR);
+            return 0;
+        }
+        *outl = soutl;
     }
-    *outl = soutl;
+
     return ret;
 
     /* TODO(3.0): Remove legacy code below */
@@ -640,11 +643,13 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
     ret = ctx->cipher->cfinal(ctx->provctx, out, &soutl,
                               blocksize == 1 ? 0 : blocksize);
 
-    if (soutl > INT_MAX) {
-        EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_FINAL_ERROR);
-        return 0;
+    if (ret) {
+        if (soutl > INT_MAX) {
+            EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_FINAL_ERROR);
+            return 0;
+        }
+        *outl = soutl;
     }
-    *outl = soutl;
 
     return ret;