Add some sanity checks for EVP_CIPHER_meth_new()

Ensure that the nid and key length are non-negative and that the block size is one of the three sizes 1, 8, or 16 supported by the EVP subsystem. ok joshua jsing
author: tb <> 2023-12-20 14:05:58 +0000
committer: tb <> 2023-12-20 14:05:58 +0000
commit: 240622084098dcd1091638abfa6c1f6ce67b21a0 (patch)
tree: 7157ff717dfe5a6c37ab3e5503e6cdeeb98ceba1 /src
parent: 2535233d3f094a8d2e4108902ad731f96e2d4ad7 (diff)
download: openbsd-240622084098dcd1091638abfa6c1f6ce67b21a0.tar.gz
openbsd-240622084098dcd1091638abfa6c1f6ce67b21a0.tar.bz2
openbsd-240622084098dcd1091638abfa6c1f6ce67b21a0.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/src/lib/libcrypto/evp/cipher_method_lib.c b/src/lib/libcrypto/evp/cipher_method_lib.c
index c3f510fcc7..d3931522d8 100644
--- a/src/lib/libcrypto/evp/cipher_method_lib.c
+++ b/src/lib/libcrypto/evp/cipher_method_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: cipher_method_lib.c,v 1.10 2023/07/07 19:37:53 beck Exp $ */
+/*      $OpenBSD: cipher_method_lib.c,v 1.11 2023/12/20 14:05:58 tb Exp $ */
 /*
 * Written by Richard Levitte (levitte@openssl.org) for the OpenSSL project
 * 2015.
@@ -68,6 +68,13 @@ EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)
 {
        EVP_CIPHER *cipher;
+        if (cipher_type < 0 || key_len < 0)
+                return NULL;
+        /* EVP_CipherInit() will fail for any other value. */
+        if (block_size != 1 && block_size != 8 && block_size != 16)
+                return NULL;
        if ((cipher = calloc(1, sizeof(*cipher))) == NULL)
                return NULL;
author	tb <>	2023-12-20 14:05:58 +0000
committer	tb <>	2023-12-20 14:05:58 +0000
commit	240622084098dcd1091638abfa6c1f6ce67b21a0 (patch)
tree	7157ff717dfe5a6c37ab3e5503e6cdeeb98ceba1 /src
parent	2535233d3f094a8d2e4108902ad731f96e2d4ad7 (diff)
download	openbsd-240622084098dcd1091638abfa6c1f6ce67b21a0.tar.gz openbsd-240622084098dcd1091638abfa6c1f6ce67b21a0.tar.bz2 openbsd-240622084098dcd1091638abfa6c1f6ce67b21a0.zip