calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx));
/* Generate a random IV if we need one */
ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
+ if (ivlen < 0) {
+ ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB);
+ goto err;
+ }
+
if (ivlen > 0) {
if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0)
goto err;
}
ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
+ if (ivlen < 0) {
+ ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB);
+ goto err;
+ }
if (ivlen > 0) {
if (RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), iv, ivlen, 0) <= 0)
case SSL_AES128GCM:
case SSL_AES256GCM:
crypto_info->cipher_algorithm = CRYPTO_AES_NIST_GCM_16;
- if (s->version == TLS1_3_VERSION)
+ if (s->version == TLS1_3_VERSION) {
crypto_info->iv_len = EVP_CIPHER_CTX_get_iv_length(dd);
+ if (crypto_info->iv_len < 0)
+ return 0;
+ }
else
crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
break;
case SSL_CHACHA20POLY1305:
crypto_info->cipher_algorithm = CRYPTO_CHACHA20_POLY1305;
crypto_info->iv_len = EVP_CIPHER_CTX_get_iv_length(dd);
+ if (crypto_info->iv_len < 0)
+ return 0;
break;
# endif
case SSL_AES128:
int mode = EVP_CIPHER_CTX_get_mode(sc->enc_write_ctx);
if (mode == EVP_CIPH_CBC_MODE) {
eivlen = EVP_CIPHER_CTX_get_iv_length(sc->enc_write_ctx);
+ if (eivlen < 0) {
+ SSLfatal(sc, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG);
+ return -1;
+ }
if (eivlen <= 1)
eivlen = 0;
}
int mode = EVP_CIPHER_CTX_get_mode(s->enc_write_ctx);
if (mode == EVP_CIPH_CBC_MODE) {
eivlen = EVP_CIPHER_CTX_get_iv_length(s->enc_write_ctx);
+ if (eivlen < 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG);
+ return -1;
+ }
if (eivlen <= 1)
eivlen = 0;
} else if (mode == EVP_CIPH_GCM_MODE) {
{
EVP_CIPHER_CTX *ctx;
unsigned char iv[EVP_MAX_IV_LENGTH], recheader[SSL3_RT_HEADER_LENGTH];
- size_t ivlen, taglen, offset, loop, hdrlen;
+ size_t taglen, offset, loop, hdrlen;
+ int ivlen;
unsigned char *staticiv;
unsigned char *seq;
int lenu, lenf;
}
ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
+ if (ivlen < 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
if (s->early_data_state == SSL_EARLY_DATA_WRITING
|| s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) {
goto err;
}
iv_len = EVP_CIPHER_CTX_get_iv_length(ctx);
+ if (iv_len < 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
} else {
EVP_CIPHER *cipher = EVP_CIPHER_fetch(sctx->libctx, "AES-256-CBC",
sctx->propq);
SSL_SESSION *sess = NULL;
unsigned char *sdec;
const unsigned char *p;
- int slen, renew_ticket = 0, declen;
+ int slen, ivlen, renew_ticket = 0, declen;
SSL_TICKET_STATUS ret = SSL_TICKET_FATAL_ERR_OTHER;
size_t mlen;
unsigned char tick_hmac[EVP_MAX_MD_SIZE];
goto end;
}
+ ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
+ if (ivlen < 0) {
+ ret = SSL_TICKET_FATAL_ERR_OTHER;
+ goto end;
+ }
+
/* Sanity check ticket length: must exceed keyname + IV + HMAC */
- if (eticklen <=
- TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx) + mlen) {
+ if (eticklen <= TLSEXT_KEYNAME_LENGTH + ivlen + mlen) {
ret = SSL_TICKET_NO_DECRYPT;
goto end;
}
}
/* Attempt to decrypt session data */
/* Move p after IV to start of encrypted ticket, update length */
- p = etick + TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx);
- eticklen -= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx);
+ p = etick + TLSEXT_KEYNAME_LENGTH + ivlen;
+ eticklen -= TLSEXT_KEYNAME_LENGTH + ivlen;
sdec = OPENSSL_malloc(eticklen);
if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p,
(int)eticklen) <= 0) {