summaryrefslogtreecommitdiff
path: root/regress
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2022-09-07 21:17:33 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2022-09-07 21:17:33 +0000
commit8fcbaa7b1facf610d0364b0b6b2537de64171b89 (patch)
treea1c1ea5f91d34bd01ee4cff99984648eb9bf0402 /regress
parente3f4ffb705dc497067624086fe75a251b832784e (diff)
Add output length validation for EVP
From Joshua Sing
Diffstat (limited to 'regress')
-rw-r--r--regress/lib/libcrypto/rc4/rc4_test.c30
1 files changed, 24 insertions, 6 deletions
diff --git a/regress/lib/libcrypto/rc4/rc4_test.c b/regress/lib/libcrypto/rc4/rc4_test.c
index a4094854a0f..49da63540ff 100644
--- a/regress/lib/libcrypto/rc4/rc4_test.c
+++ b/regress/lib/libcrypto/rc4/rc4_test.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rc4_test.c,v 1.3 2022/09/05 21:36:46 tb Exp $ */
+/* $OpenBSD: rc4_test.c,v 1.4 2022/09/07 21:17:32 tb Exp $ */
/*
* Copyright (c) 2022 Joshua Sing <joshua@hypera.dev>
*
@@ -323,7 +323,7 @@ rc4_test(void)
EVP_CIPHER_CTX *ctx = NULL;
const EVP_CIPHER *cipher;
uint8_t out[512];
- int in_len, out_len;
+ int in_len, out_len, total_len;
size_t i;
int j;
int failed = 1;
@@ -369,6 +369,7 @@ rc4_test(void)
}
/* EVP encryption */
+ total_len = 0;
memset(out, 0, sizeof(out));
if (!EVP_EncryptInit(ctx, cipher, rt->key, NULL)) {
fprintf(stderr, "FAIL: EVP_EncryptInit failed\n");
@@ -380,7 +381,7 @@ rc4_test(void)
if (in_len > rt->len - j)
in_len = rt->len - j;
- if (!EVP_EncryptUpdate(ctx, out + j, &out_len,
+ if (!EVP_EncryptUpdate(ctx, out + total_len, &out_len,
rt->in + j, in_len)) {
fprintf(stderr,
"FAIL: EVP_EncryptUpdate failed\n");
@@ -388,24 +389,33 @@ rc4_test(void)
}
j += in_len;
+ total_len += out_len;
}
- if (!EVP_EncryptFinal_ex(ctx, out, &out_len)) {
+ if (!EVP_EncryptFinal_ex(ctx, out + total_len, &out_len)) {
fprintf(stderr, "FAIL: EVP_EncryptFinal_ex failed\n");
goto failed;
}
+ total_len += out_len;
if (!EVP_CIPHER_CTX_reset(ctx)) {
fprintf(stderr, "FAIL: EVP_CIPHER_CTX_reset failed\n");
goto failed;
}
+ if (total_len != rt->len) {
+ fprintf(stderr,
+ "FAIL: EVP encryption length mismatch\n");
+ goto failed;
+ }
+
if (memcmp(rt->out, out, rt->len) != 0) {
fprintf(stderr, "FAIL: EVP encryption mismatch\n");
goto failed;
}
/* EVP decryption */
+ total_len = 0;
memset(out, 0, sizeof(out));
if (!EVP_DecryptInit(ctx, cipher, rt->key, NULL)) {
fprintf(stderr, "FAIL: EVP_DecryptInit failed\n");
@@ -417,7 +427,7 @@ rc4_test(void)
if (in_len > rt->len - j)
in_len = rt->len - j;
- if (!EVP_DecryptUpdate(ctx, out + j, &out_len,
+ if (!EVP_DecryptUpdate(ctx, out + total_len, &out_len,
rt->in + j, in_len)) {
fprintf(stderr,
"FAIL: EVP_DecryptUpdate failed\n");
@@ -425,18 +435,26 @@ rc4_test(void)
}
j += in_len;
+ total_len += out_len;
}
- if (!EVP_DecryptFinal_ex(ctx, out, &out_len)) {
+ if (!EVP_DecryptFinal_ex(ctx, out + total_len, &out_len)) {
fprintf(stderr, "FAIL: EVP_DecryptFinal_ex failed\n");
goto failed;
}
+ total_len += out_len;
if (!EVP_CIPHER_CTX_reset(ctx)) {
fprintf(stderr, "FAIL: EVP_CIPHER_CTX_reset failed\n");
goto failed;
}
+ if (total_len != rt->len) {
+ fprintf(stderr,
+ "FAIL: EVP decryption length mismatch\n");
+ goto failed;
+ }
+
if (memcmp(rt->out, out, rt->len) != 0) {
fprintf(stderr, "FAIL: EVP decryption mismatch\n");
goto failed;