/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include "internal/cryptlib.h"
#include "internal/provider.h"
#include "internal/core.h"
+#include "internal/safe_math.h"
#include "crypto/evp.h"
#include "evp_local.h"
+OSSL_SAFE_MATH_SIGNED(int, int)
+
int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
{
if (ctx == NULL)
ENGINE_finish(ctx->engine);
#endif
memset(ctx, 0, sizeof(*ctx));
- ctx->iv_len = 0;
+ ctx->iv_len = -1;
return 1;
}
EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
{
- return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
+ EVP_CIPHER_CTX *ctx;
+
+ ctx = OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
+ if (ctx == NULL)
+ return NULL;
+
+ ctx->iv_len = -1;
+ return ctx;
}
void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
ENGINE *tmpimpl = NULL;
#endif
- ctx->iv_len = -1;
-
/*
* enc == 1 means we are encrypting.
* enc == 0 means we are decrypting.
return 0;
}
EVP_CIPHER_free(ctx->fetched_cipher);
+ /* Coverity false positive, the reference counting is confusing it */
+ /* coverity[use_after_free] */
ctx->fetched_cipher = (EVP_CIPHER *)cipher;
}
ctx->cipher = cipher;
/* Preserve wrap enable flag, zero everything else */
ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
+ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL) <= 0) {
ctx->cipher = NULL;
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
return 0;
case EVP_CIPH_CBC_MODE:
n = EVP_CIPHER_CTX_get_iv_length(ctx);
- if (!ossl_assert(n >= 0 && n <= (int)sizeof(ctx->iv)))
- return 0;
+ if (n < 0 || n > (int)sizeof(ctx->iv)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH);
+ return 0;
+ }
if (iv != NULL)
memcpy(ctx->oiv, iv, n);
memcpy(ctx->iv, ctx->oiv, n);
ctx->num = 0;
/* Don't reuse IV for CTR mode */
if (iv != NULL) {
- if ((n = EVP_CIPHER_CTX_get_iv_length(ctx)) <= 0)
+ n = EVP_CIPHER_CTX_get_iv_length(ctx);
+ if (n <= 0 || n > (int)sizeof(ctx->iv)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH);
return 0;
+ }
memcpy(ctx->iv, iv, n);
}
break;
int i, j, bl, cmpl = inl;
if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
- cmpl = (cmpl + 7) / 8;
+ cmpl = safe_div_round_up_int(cmpl, 8, NULL);
bl = ctx->cipher->block_size;
const unsigned char *in, int inl)
{
int ret;
- size_t soutl;
+ size_t soutl, inl_ = (size_t)inl;
int blocksize;
if (outl != NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
return 0;
}
+
ret = ctx->cipher->cupdate(ctx->algctx, out, &soutl,
- inl + (blocksize == 1 ? 0 : blocksize), in,
- (size_t)inl);
+ inl_ + (size_t)(blocksize == 1 ? 0 : blocksize),
+ in, inl_);
if (ret) {
if (soutl > INT_MAX) {
{
int fix_len, cmpl = inl, ret;
unsigned int b;
- size_t soutl;
+ size_t soutl, inl_ = (size_t)inl;
int blocksize;
if (outl != NULL) {
return 0;
}
ret = ctx->cipher->cupdate(ctx->algctx, out, &soutl,
- inl + (blocksize == 1 ? 0 : blocksize), in,
- (size_t)inl);
+ inl_ + (size_t)(blocksize == 1 ? 0 : blocksize),
+ in, inl_);
if (ret) {
if (soutl > INT_MAX) {
b = ctx->cipher->block_size;
if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
- cmpl = (cmpl + 7) / 8;
+ cmpl = safe_div_round_up_int(cmpl, 8, NULL);
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
if (b == 1 && ossl_is_partially_overlapping(out, in, cmpl)) {
r = ctx->cipher->set_ctx_params(ctx->algctx, params);
if (r > 0) {
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
- if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->key_len))
+ if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->key_len)) {
r = 0;
+ ctx->key_len = -1;
+ }
}
if (r > 0) {
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN);
- if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->iv_len))
+ if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->iv_len)) {
r = 0;
+ ctx->iv_len = -1;
+ }
}
}
return r;
projects / openssl.git / blobdiff