/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include "internal/cryptlib.h"
#include "internal/provider.h"
#include "internal/core.h"
+#include "internal/safe_math.h"
#include "crypto/evp.h"
#include "evp_local.h"
+OSSL_SAFE_MATH_SIGNED(int, int)
+
int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
{
if (ctx == NULL)
return 0;
}
EVP_CIPHER_free(ctx->fetched_cipher);
+ /* Coverity false positive, the reference counting is confusing it */
+ /* coverity[use_after_free] */
ctx->fetched_cipher = (EVP_CIPHER *)cipher;
}
ctx->cipher = cipher;
/* Preserve wrap enable flag, zero everything else */
ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
+ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL) <= 0) {
ctx->cipher = NULL;
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
return 0;
case EVP_CIPH_CBC_MODE:
n = EVP_CIPHER_CTX_get_iv_length(ctx);
- if (!ossl_assert(n >= 0 && n <= (int)sizeof(ctx->iv)))
- return 0;
+ if (n < 0 || n > (int)sizeof(ctx->iv)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH);
+ return 0;
+ }
if (iv != NULL)
memcpy(ctx->oiv, iv, n);
memcpy(ctx->iv, ctx->oiv, n);
ctx->num = 0;
/* Don't reuse IV for CTR mode */
if (iv != NULL) {
- if ((n = EVP_CIPHER_CTX_get_iv_length(ctx)) <= 0)
+ n = EVP_CIPHER_CTX_get_iv_length(ctx);
+ if (n <= 0 || n > (int)sizeof(ctx->iv)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH);
return 0;
+ }
memcpy(ctx->iv, iv, n);
}
break;
int i, j, bl, cmpl = inl;
if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
- cmpl = (cmpl + 7) / 8;
+ cmpl = safe_div_round_up_int(cmpl, 8, NULL);
bl = ctx->cipher->block_size;
b = ctx->cipher->block_size;
if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
- cmpl = (cmpl + 7) / 8;
+ cmpl = safe_div_round_up_int(cmpl, 8, NULL);
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
if (b == 1 && ossl_is_partially_overlapping(out, in, cmpl)) {