[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Mon Dec 10 09:07:22 UTC 2018
The branch master has been updated
via f2f734d4f9e34643a1d3e5b79d2447cd643519f8 (commit)
via a8bf2f8f24bda57c860e4356f31264fff63fe8b9 (commit)
from 1057c2c39f5df45c36c0fc4d78dc9d3b91f78bc6 (commit)
- Log -----------------------------------------------------------------
commit f2f734d4f9e34643a1d3e5b79d2447cd643519f8
Author: Richard Levitte <levitte at openssl.org>
Date: Sun Dec 9 14:20:30 2018 +0100
make update
Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7852)
commit a8bf2f8f24bda57c860e4356f31264fff63fe8b9
Author: Richard Levitte <levitte at openssl.org>
Date: Sun Dec 9 14:18:50 2018 +0100
Prevent calling decryption in an encryption context and vice versa
Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7852)
-----------------------------------------------------------------------
Summary of changes:
crypto/err/openssl.txt | 1 +
crypto/evp/evp_enc.c | 45 +++++++++++++++++++++++++++++++++++++++------
crypto/evp/evp_err.c | 2 ++
include/openssl/evperr.h | 1 +
4 files changed, 43 insertions(+), 6 deletions(-)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 1c45b47..fba1dc3 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -738,6 +738,7 @@ EVP_F_EVP_DECRYPTFINAL_EX:101:EVP_DecryptFinal_ex
EVP_F_EVP_DECRYPTUPDATE:166:EVP_DecryptUpdate
EVP_F_EVP_DIGESTFINALXOF:174:EVP_DigestFinalXOF
EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestInit_ex
+EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate
EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex
EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate
EVP_F_EVP_MAC_CTRL:209:EVP_MAC_ctrl
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index d05c1f7..7fdf759 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -294,8 +294,9 @@ int is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
return overlapped;
}
-int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
- const unsigned char *in, int inl)
+static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
+ unsigned char *out, int *outl,
+ const unsigned char *in, int inl)
{
int i, j, bl, cmpl = inl;
@@ -307,7 +308,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
/* If block size > 1 then the cipher will have to do this check */
if (bl == 1 && is_partially_overlapping(out, in, cmpl)) {
- EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+ EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
return 0;
}
@@ -324,7 +325,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
return inl == 0;
}
if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
- EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+ EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
return 0;
}
@@ -371,6 +372,19 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
return 1;
}
+
+int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+ const unsigned char *in, int inl)
+{
+ /* Prevent accidental use of decryption context when encrypting */
+ if (!ctx->encrypt) {
+ EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_INVALID_OPERATION);
+ return 0;
+ }
+
+ return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
+}
+
int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
int ret;
@@ -383,6 +397,12 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
int n, ret;
unsigned int i, b, bl;
+ /* Prevent accidental use of decryption context when encrypting */
+ if (!ctx->encrypt) {
+ EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_INVALID_OPERATION);
+ return 0;
+ }
+
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
if (ret < 0)
@@ -426,6 +446,12 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
int fix_len, cmpl = inl;
unsigned int b;
+ /* Prevent accidental use of encryption context when decrypting */
+ if (ctx->encrypt) {
+ EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_INVALID_OPERATION);
+ return 0;
+ }
+
b = ctx->cipher->block_size;
if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
@@ -452,7 +478,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
}
if (ctx->flags & EVP_CIPH_NO_PADDING)
- return EVP_EncryptUpdate(ctx, out, outl, in, inl);
+ return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
OPENSSL_assert(b <= sizeof(ctx->final));
@@ -469,7 +495,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
} else
fix_len = 0;
- if (!EVP_EncryptUpdate(ctx, out, outl, in, inl))
+ if (!evp_EncryptDecryptUpdate(ctx, out, outl, in, inl))
return 0;
/*
@@ -500,6 +526,13 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
int i, n;
unsigned int b;
+
+ /* Prevent accidental use of encryption context when decrypting */
+ if (ctx->encrypt) {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_INVALID_OPERATION);
+ return 0;
+ }
+
*outl = 0;
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 07be1ab..14e5ed6 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -51,6 +51,8 @@ static const ERR_STRING_DATA EVP_str_functs[] = {
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTUPDATE, 0), "EVP_DecryptUpdate"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTFINALXOF, 0), "EVP_DigestFinalXOF"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTINIT_EX, 0), "EVP_DigestInit_ex"},
+ {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTDECRYPTUPDATE, 0),
+ "evp_EncryptDecryptUpdate"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0),
"EVP_EncryptFinal_ex"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTUPDATE, 0), "EVP_EncryptUpdate"},
diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h
index 796c84b..0f78d36 100644
--- a/include/openssl/evperr.h
+++ b/include/openssl/evperr.h
@@ -48,6 +48,7 @@ int ERR_load_EVP_strings(void);
# define EVP_F_EVP_DECRYPTUPDATE 166
# define EVP_F_EVP_DIGESTFINALXOF 174
# define EVP_F_EVP_DIGESTINIT_EX 128
+# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219
# define EVP_F_EVP_ENCRYPTFINAL_EX 127
# define EVP_F_EVP_ENCRYPTUPDATE 167
# define EVP_F_EVP_MAC_CTRL 209
More information about the openssl-commits
mailing list