[openssl] OpenSSL_1_1_1-stable update
bernd.edlinger at hotmail.de
bernd.edlinger at hotmail.de
Thu May 23 14:15:45 UTC 2019
The branch OpenSSL_1_1_1-stable has been updated
via 69fd7d17c08559eec248389b052b49f2cb8b0c3b (commit)
from 9fc194321e2037c403f52242ca6e1c2beff7a009 (commit)
- Log -----------------------------------------------------------------
commit 69fd7d17c08559eec248389b052b49f2cb8b0c3b
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: Sat Apr 13 10:01:09 2019 +0200
Fix a crash in the speed command with wrap ciphers
e.g. openssl speed -evp id-aes256-wrap-pad
was crashing because the return code from EVP_CipherInit_ex
was ignored.
Not going to allow that cipher mode because wrap ciphers
produces more bytes output than the input length
and EVP_Update_loop is not really prepared for that.
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8739)
(cherry picked from commit 5d238a1032fee0e4759c2ed7fbd09cb9d7125a72)
-----------------------------------------------------------------------
Summary of changes:
apps/speed.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/apps/speed.c b/apps/speed.c
index e47ba30..8d4b169 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -2629,16 +2629,28 @@ int speed_main(int argc, char **argv)
for (k = 0; k < loopargs_len; k++) {
loopargs[k].ctx = EVP_CIPHER_CTX_new();
- EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL, NULL,
- iv, decrypt ? 0 : 1);
+ if (loopargs[k].ctx == NULL) {
+ BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n");
+ exit(1);
+ }
+ if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL,
+ NULL, iv, decrypt ? 0 : 1)) {
+ BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
keylen = EVP_CIPHER_CTX_key_length(loopargs[k].ctx);
loopargs[k].key = app_malloc(keylen, "evp_cipher key");
EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key);
- EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
- loopargs[k].key, NULL, -1);
+ if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
+ loopargs[k].key, NULL, -1)) {
+ BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
OPENSSL_clear_free(loopargs[k].key, keylen);
}
More information about the openssl-commits
mailing list