Add some sanity checks for EVP_CIPHER_meth_new()

Ensure that the nid and key length are non-negative and that the block size is one of the three sizes 1, 8, or 16 supported by the EVP subsystem. ok joshua jsing
author: tb <> 2023-12-20 14:05:58 +0000
committer: tb <> 2023-12-20 14:05:58 +0000
commit: 0860c7a2282e8afc22822138e0bf454a40698418 (patch)
tree: 7157ff717dfe5a6c37ab3e5503e6cdeeb98ceba1 /src
parent: f65d9341c156c976ca2b50ffb7befb28af325318 (diff)
download: openbsd-0860c7a2282e8afc22822138e0bf454a40698418.tar.gz
openbsd-0860c7a2282e8afc22822138e0bf454a40698418.tar.bz2
openbsd-0860c7a2282e8afc22822138e0bf454a40698418.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/src/lib/libcrypto/evp/cipher_method_lib.c b/src/lib/libcrypto/evp/cipher_method_lib.c
index c3f510fcc7..d3931522d8 100644
--- a/src/lib/libcrypto/evp/cipher_method_lib.c
+++ b/src/lib/libcrypto/evp/cipher_method_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: cipher_method_lib.c,v 1.10 2023/07/07 19:37:53 beck Exp $ */
+/*      $OpenBSD: cipher_method_lib.c,v 1.11 2023/12/20 14:05:58 tb Exp $ */
 /*
 * Written by Richard Levitte (levitte@openssl.org) for the OpenSSL project
 * 2015.
@@ -68,6 +68,13 @@ EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)
 {
        EVP_CIPHER *cipher;
+        if (cipher_type < 0 || key_len < 0)
+                return NULL;
+        /* EVP_CipherInit() will fail for any other value. */
+        if (block_size != 1 && block_size != 8 && block_size != 16)
+                return NULL;
        if ((cipher = calloc(1, sizeof(*cipher))) == NULL)
                return NULL;
author	tb <>	2023-12-20 14:05:58 +0000
committer	tb <>	2023-12-20 14:05:58 +0000
commit	0860c7a2282e8afc22822138e0bf454a40698418 (patch)
tree	7157ff717dfe5a6c37ab3e5503e6cdeeb98ceba1 /src
parent	f65d9341c156c976ca2b50ffb7befb28af325318 (diff)
download	openbsd-0860c7a2282e8afc22822138e0bf454a40698418.tar.gz openbsd-0860c7a2282e8afc22822138e0bf454a40698418.tar.bz2 openbsd-0860c7a2282e8afc22822138e0bf454a40698418.zip