public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix check of EVP_CIPHER_CTX_ctrl

Browse source 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18368)
This commit is contained in:
Peiwei Hu 2022-05-21 16:17:23 +08:00 committed by Tomas Mraz
parent 36c269c302
commit d649c51a53
9 changed files with 51 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apps/speed.c
View file

@ -3608,8 +3608,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
app_bail_out("failed to set cipher key\n");
OPENSSL_clear_free(key, keylen);
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
sizeof(no_key), no_key))
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
sizeof(no_key), no_key) <= 0)
app_bail_out("failed to set AEAD key\n");
if ((alg_name = EVP_CIPHER_get0_name(evp_cipher)) == NULL)
app_bail_out("failed to get cipher name\n");

2
crypto/evp/evp_enc.c
View file

@ -319,7 +319,7 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
/* Preserve wrap enable flag, zero everything else */
ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL) <= 0) {
ctx->cipher = NULL;
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
return 0;

8
providers/fips/self_test_kats.c
View file

@ -72,10 +72,10 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
in_tag = (unsigned char *)t->tag;
return EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)
&& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL)
&& (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL) > 0)
&& (in_tag == NULL
|| EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, t->tag_len,
in_tag))
in_tag) > 0)
&& EVP_CipherInit_ex(ctx, NULL, NULL, t->key, t->iv, enc)
&& EVP_CIPHER_CTX_set_padding(ctx, pad)
&& EVP_CipherUpdate(ctx, NULL, &tmp, t->aad, t->aad_len);
@ -117,8 +117,8 @@ static int self_test_cipher(const ST_KAT_CIPHER *t, OSSL_SELF_TEST *st,
if (t->tag != NULL) {
unsigned char tag[16] = { 0 };
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, t->tag_len,
tag)
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, t->tag_len,
tag) <= 0
|| memcmp(tag, t->tag, t->tag_len) != 0)
goto err;
}

4
providers/implementations/macs/gmac_prov.c
View file

@ -235,8 +235,8 @@ static int gmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
if (p->data_type != OSSL_PARAM_OCTET_STRING)
return 0;
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
p->data_size, NULL)
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
p->data_size, NULL) <= 0
|| !EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, p->data))
return 0;
}

14
ssl/t1_enc.c
View file

@ -352,8 +352,8 @@ int tls1_change_cipher_state(SSL *s, int which)
if (EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE) {
if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE))
|| !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k,
iv)) {
|| EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k,
iv) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
@ -365,9 +365,9 @@ int tls1_change_cipher_state(SSL *s, int which)
else
taglen = EVP_CCM_TLS_TAG_LEN;
if (!EVP_CipherInit_ex(dd, c, NULL, NULL, NULL, (which & SSL3_CC_WRITE))
|| !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL)
|| !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL)
|| !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, (int)k, iv)
|| (EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL) <= 0)
|| (EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL) <= 0)
|| (EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, (int)k, iv) <= 0)
|| !EVP_CipherInit_ex(dd, NULL, NULL, key, NULL, -1)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
@ -381,8 +381,8 @@ int tls1_change_cipher_state(SSL *s, int which)
/* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
if ((EVP_CIPHER_get_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)
&& *mac_secret_size
&& !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
(int)*mac_secret_size, mac_secret)) {
&& EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
(int)*mac_secret_size, mac_secret) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}

6
ssl/tls13_enc.c
View file

@ -385,9 +385,9 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
}
if (EVP_CipherInit_ex(ciph_ctx, ciph, NULL, NULL, NULL, sending) <= 0
|| !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
|| (taglen != 0 && !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG,
taglen, NULL))
|| EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) <= 0
|| (taglen != 0 && EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG,
taglen, NULL) <= 0)
|| EVP_CipherInit_ex(ciph_ctx, NULL, NULL, key, NULL, -1) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
return 0;

24
test/acvp_test.c
View file

@ -734,10 +734,10 @@ static int aes_ccm_enc_dec(const char *alg,
if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
|| !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
|| !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
|| !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
NULL))
|| !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
enc ? NULL : (void *)tag))
|| !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
NULL), 0)
|| !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
enc ? NULL : (void *)tag), 0)
|| !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
|| !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
|| !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, NULL, pt_len))
@ -753,8 +753,8 @@ static int aes_ccm_enc_dec(const char *alg,
goto err;
if (enc) {
out_len += len;
if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
tag_len, out + out_len))
if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
tag_len, out + out_len), 0)
|| !TEST_mem_eq(out, out_len, ct, ct_len)
|| !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
goto err;
@ -821,13 +821,13 @@ static int aes_gcm_enc_dec(const char *alg,
if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
|| !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
|| !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
|| !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
NULL)))
|| !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
NULL), 0))
goto err;
if (!enc) {
if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
(void *)tag)))
if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
(void *)tag), 0))
goto err;
}
/*
@ -850,8 +850,8 @@ static int aes_gcm_enc_dec(const char *alg,
out_len += len;
if (enc) {
if (!TEST_mem_eq(out, out_len, ct, ct_len)
|| !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
tag_len, out + out_len))
|| !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
tag_len, out + out_len), 0)
|| !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
goto err;
} else {

16
test/evp_extra_test.c
View file

@ -3531,7 +3531,7 @@ static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
int res = 0;
if (t->ivlen != 0) {
if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
goto err;
}
if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
@ -3597,8 +3597,8 @@ static int test_evp_init_seq(int idx)
}
if (t->finalenc == 0 && t->tag != NULL) {
/* Set expected tag */
if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
t->taglen, (void *)t->tag))) {
if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
t->taglen, (void *)t->tag), 0)) {
errmsg = "SET_TAG";
goto err;
}
@ -3612,7 +3612,7 @@ static int test_evp_init_seq(int idx)
goto err;
}
if (t->finalenc != 0 && t->tag != NULL) {
if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
errmsg = "GET_TAG";
goto err;
}
@ -3873,7 +3873,7 @@ static int test_gcm_reinit(int idx)
errmsg = "ENC_INIT";
goto err;
}
if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
errmsg = "SET_IVLEN1";
goto err;
}
@ -3899,7 +3899,7 @@ static int test_gcm_reinit(int idx)
errmsg = "WRONG_RESULT1";
goto err;
}
if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
errmsg = "GET_TAG1";
goto err;
}
@ -3908,7 +3908,7 @@ static int test_gcm_reinit(int idx)
goto err;
}
/* Now reinit */
if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
errmsg = "SET_IVLEN2";
goto err;
}
@ -3933,7 +3933,7 @@ static int test_gcm_reinit(int idx)
errmsg = "WRONG_RESULT2";
goto err;
}
if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
errmsg = "GET_TAG2";
goto err;
}

24
test/evp_test.c
View file

@ -769,8 +769,8 @@ static int cipher_test_enc(EVP_TEST *t, int enc,
}
if (expected->iv) {
if (expected->aead) {
if (!EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_IVLEN,
expected->iv_len, 0)) {
if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_IVLEN,
expected->iv_len, 0) <= 0) {
t->err = "INVALID_IV_LENGTH";
goto err;
}
@ -793,8 +793,8 @@ static int cipher_test_enc(EVP_TEST *t, int enc,
tag = expected->tag;
}
if (tag || expected->aead != EVP_CIPH_GCM_MODE) {
if (!EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_TAG,
expected->tag_len, tag))
if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_TAG,
expected->tag_len, tag) <= 0)
goto err;
}
}
@ -802,7 +802,7 @@ static int cipher_test_enc(EVP_TEST *t, int enc,
if (expected->rounds > 0) {
int rounds = (int)expected->rounds;
if (!EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL)) {
if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL) <= 0) {
t->err = "INVALID_ROUNDS";
goto err;
}
@ -815,7 +815,7 @@ static int cipher_test_enc(EVP_TEST *t, int enc,
if (expected->key_bits > 0) {
int bits = (int)expected->key_bits;
if (!EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC2_KEY_BITS, bits, NULL)) {
if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC2_KEY_BITS, bits, NULL) <= 0) {
t->err = "INVALID KEY BITS";
goto err;
}
@ -856,9 +856,9 @@ static int cipher_test_enc(EVP_TEST *t, int enc,
ERR_pop_to_mark();
if (expected->mac_key != NULL
&& !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
&& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
(int)expected->mac_key_len,
(void *)expected->mac_key)) {
(void *)expected->mac_key) <= 0) {
t->err = "SET_MAC_KEY_ERROR";
goto err;
}
@ -934,8 +934,8 @@ static int cipher_test_enc(EVP_TEST *t, int enc,
OPENSSL_free(tls_aad);
} else if (!enc && (expected->aead == EVP_CIPH_OCB_MODE
|| expected->tag_late)) {
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
expected->tag_len, expected->tag)) {
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
expected->tag_len, expected->tag) <= 0) {
t->err = "TAG_SET_ERROR";
goto err;
}
@ -997,8 +997,8 @@ static int cipher_test_enc(EVP_TEST *t, int enc,
t->err = "TAG_LENGTH_INTERNAL_ERROR";
goto err;
}
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
expected->tag_len, rtag)) {
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
expected->tag_len, rtag) <= 0) {
t->err = "TAG_RETRIEVE_ERROR";
goto err;
}