diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2022-09-07 21:17:33 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2022-09-07 21:17:33 +0000 |
commit | 8fcbaa7b1facf610d0364b0b6b2537de64171b89 (patch) | |
tree | a1c1ea5f91d34bd01ee4cff99984648eb9bf0402 /regress | |
parent | e3f4ffb705dc497067624086fe75a251b832784e (diff) |
Add output length validation for EVP
From Joshua Sing
Diffstat (limited to 'regress')
-rw-r--r-- | regress/lib/libcrypto/rc4/rc4_test.c | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/regress/lib/libcrypto/rc4/rc4_test.c b/regress/lib/libcrypto/rc4/rc4_test.c index a4094854a0f..49da63540ff 100644 --- a/regress/lib/libcrypto/rc4/rc4_test.c +++ b/regress/lib/libcrypto/rc4/rc4_test.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rc4_test.c,v 1.3 2022/09/05 21:36:46 tb Exp $ */ +/* $OpenBSD: rc4_test.c,v 1.4 2022/09/07 21:17:32 tb Exp $ */ /* * Copyright (c) 2022 Joshua Sing <joshua@hypera.dev> * @@ -323,7 +323,7 @@ rc4_test(void) EVP_CIPHER_CTX *ctx = NULL; const EVP_CIPHER *cipher; uint8_t out[512]; - int in_len, out_len; + int in_len, out_len, total_len; size_t i; int j; int failed = 1; @@ -369,6 +369,7 @@ rc4_test(void) } /* EVP encryption */ + total_len = 0; memset(out, 0, sizeof(out)); if (!EVP_EncryptInit(ctx, cipher, rt->key, NULL)) { fprintf(stderr, "FAIL: EVP_EncryptInit failed\n"); @@ -380,7 +381,7 @@ rc4_test(void) if (in_len > rt->len - j) in_len = rt->len - j; - if (!EVP_EncryptUpdate(ctx, out + j, &out_len, + if (!EVP_EncryptUpdate(ctx, out + total_len, &out_len, rt->in + j, in_len)) { fprintf(stderr, "FAIL: EVP_EncryptUpdate failed\n"); @@ -388,24 +389,33 @@ rc4_test(void) } j += in_len; + total_len += out_len; } - if (!EVP_EncryptFinal_ex(ctx, out, &out_len)) { + if (!EVP_EncryptFinal_ex(ctx, out + total_len, &out_len)) { fprintf(stderr, "FAIL: EVP_EncryptFinal_ex failed\n"); goto failed; } + total_len += out_len; if (!EVP_CIPHER_CTX_reset(ctx)) { fprintf(stderr, "FAIL: EVP_CIPHER_CTX_reset failed\n"); goto failed; } + if (total_len != rt->len) { + fprintf(stderr, + "FAIL: EVP encryption length mismatch\n"); + goto failed; + } + if (memcmp(rt->out, out, rt->len) != 0) { fprintf(stderr, "FAIL: EVP encryption mismatch\n"); goto failed; } /* EVP decryption */ + total_len = 0; memset(out, 0, sizeof(out)); if (!EVP_DecryptInit(ctx, cipher, rt->key, NULL)) { fprintf(stderr, "FAIL: EVP_DecryptInit failed\n"); @@ -417,7 +427,7 @@ rc4_test(void) if (in_len > rt->len - j) in_len = rt->len - j; - if (!EVP_DecryptUpdate(ctx, out + j, &out_len, + if (!EVP_DecryptUpdate(ctx, out + total_len, &out_len, rt->in + j, in_len)) { fprintf(stderr, "FAIL: EVP_DecryptUpdate failed\n"); @@ -425,18 +435,26 @@ rc4_test(void) } j += in_len; + total_len += out_len; } - if (!EVP_DecryptFinal_ex(ctx, out, &out_len)) { + if (!EVP_DecryptFinal_ex(ctx, out + total_len, &out_len)) { fprintf(stderr, "FAIL: EVP_DecryptFinal_ex failed\n"); goto failed; } + total_len += out_len; if (!EVP_CIPHER_CTX_reset(ctx)) { fprintf(stderr, "FAIL: EVP_CIPHER_CTX_reset failed\n"); goto failed; } + if (total_len != rt->len) { + fprintf(stderr, + "FAIL: EVP decryption length mismatch\n"); + goto failed; + } + if (memcmp(rt->out, out, rt->len) != 0) { fprintf(stderr, "FAIL: EVP decryption mismatch\n"); goto failed; |