[openssl] master update

Dr. Paul Dale pauli at openssl.org
Sun May 26 22:06:25 UTC 2019 

The branch master has been updated
       via  d4d89a076262aa118c07a4766daf17202aef17f0 (commit)
      from  2e9d61ecd81a6a512a0700486ccc1b3784b4c969 (commit)


- Log -----------------------------------------------------------------
commit d4d89a076262aa118c07a4766daf17202aef17f0
Author: Simo Sorce <simo at redhat.com>
Date:   Fri May 24 17:35:04 2019 -0400

    Fix input checks wrt legacy code
    
    In all legacy code ctx->cipher is dereferenced without checks, so it
    makes no sense to jump there is ctx->cipher is NULL as it will just lead
    to a crash. Catch it separately and return an error.
    
    This is simlar to the fix in d2c2e49eab69c7446c1c2c7227f63f8618ca99a5
    
    Signed-off-by: Simo Sorce <simo at redhat.com>
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/9002)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/evp_enc.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index b3e97d0..02f0e00 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -587,7 +587,12 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
         return 0;
     }
 
-    if (ctx->cipher == NULL || ctx->cipher->prov == NULL)
+    if (ctx->cipher == NULL) {
+        EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_NO_CIPHER_SET);
+        return 0;
+    }
+
+    if (ctx->cipher->prov == NULL)
         goto legacy;
 
     blocksize = EVP_CIPHER_CTX_block_size(ctx);
@@ -831,7 +836,12 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
         return 0;
     }
 
-    if (ctx->cipher == NULL || ctx->cipher->prov == NULL)
+    if (ctx->cipher == NULL) {
+        EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_NO_CIPHER_SET);
+        return 0;
+    }
+
+    if (ctx->cipher->prov == NULL)
         goto legacy;
 
     blocksize = EVP_CIPHER_CTX_block_size(ctx);
@@ -858,11 +868,6 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  legacy:
 
     *outl = 0;
-    if (ctx->cipher == NULL) {
-        EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_NO_CIPHER_SET);
-        return 0;
-    }
-
     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
         i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
         if (i < 0)

More information about the openssl-commits mailing list