diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2023-12-20 14:05:59 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2023-12-20 14:05:59 +0000 |
| commit | 652f1f39312e9ffe6aacbb57b14a40516024a0c2 (patch) | |
| tree | 20c7ca7007620ad6cc2900c897683231a539350f /lib | |
| parent | d35cdd32c57db73d4688b1bc8fe7458d063cd576 (diff) | |
Add some sanity checks for EVP_CIPHER_meth_new()
Ensure that the nid and key length are non-negative and that the block
size is one of the three sizes 1, 8, or 16 supported by the EVP subsystem.
ok joshua jsing
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libcrypto/evp/cipher_method_lib.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/libcrypto/evp/cipher_method_lib.c b/lib/libcrypto/evp/cipher_method_lib.c index c3f510fcc74..d3931522d87 100644 --- a/lib/libcrypto/evp/cipher_method_lib.c +++ b/lib/libcrypto/evp/cipher_method_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher_method_lib.c,v 1.10 2023/07/07 19:37:53 beck Exp $ */ +/* $OpenBSD: cipher_method_lib.c,v 1.11 2023/12/20 14:05:58 tb Exp $ */ /* * Written by Richard Levitte (levitte@openssl.org) for the OpenSSL project * 2015. @@ -68,6 +68,13 @@ EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len) { EVP_CIPHER *cipher; + if (cipher_type < 0 || key_len < 0) + return NULL; + + /* EVP_CipherInit() will fail for any other value. */ + if (block_size != 1 && block_size != 8 && block_size != 16) + return NULL; + if ((cipher = calloc(1, sizeof(*cipher))) == NULL) return NULL; |