From bb3c52398649c1e41080621f529dbb1d1cee3afb Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 10 Sep 2022 17:39:47 +0000
Subject: Use correct length for EVP CFB mode ciphers.

The BLOCK_CIPHER_* macros contained a bug where the total length is passed
to the underlying cipher implementation, rather than the length of the
current chunk. Correct this and use the chunk length instead.

Should address the remaining issues reported by Coverity.

ok tb@
---
 src/lib/libcrypto/evp/e_bf.c          |  4 ++--
 src/lib/libcrypto/evp/e_camellia.c    | 20 ++++++++++----------
 src/lib/libcrypto/evp/e_cast.c        |  4 ++--
 src/lib/libcrypto/evp/e_gost2814789.c |  4 ++--
 src/lib/libcrypto/evp/e_idea.c        |  4 ++--
 src/lib/libcrypto/evp/e_rc2.c         |  4 ++--
 src/lib/libcrypto/evp/e_sm4.c         |  4 ++--
 7 files changed, 22 insertions(+), 22 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/evp/e_bf.c b/src/lib/libcrypto/evp/e_bf.c
index 4122f701da..f97f9ed1e4 100644
--- a/src/lib/libcrypto/evp/e_bf.c
+++ b/src/lib/libcrypto/evp/e_bf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_bf.c,v 1.12 2022/09/04 15:45:25 jsing Exp $ */
+/* $OpenBSD: e_bf.c,v 1.13 2022/09/10 17:39:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -114,7 +114,7 @@ bf_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in
 		chunk = inl;
 
 	while (inl && inl >= chunk) {
-		BF_cfb64_encrypt(in, out, (long)inl, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+		BF_cfb64_encrypt(in, out, (long)chunk, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
 		inl -= chunk;
 		in += chunk;
 		out += chunk;
diff --git a/src/lib/libcrypto/evp/e_camellia.c b/src/lib/libcrypto/evp/e_camellia.c
index bff323b932..3976baaa48 100644
--- a/src/lib/libcrypto/evp/e_camellia.c
+++ b/src/lib/libcrypto/evp/e_camellia.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_camellia.c,v 1.14 2022/09/06 06:17:11 jsing Exp $ */
+/* $OpenBSD: e_camellia.c,v 1.15 2022/09/10 17:39:47 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *
@@ -113,7 +113,7 @@ camellia_128_cfb128_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsign
 		chunk = inl;
 
 	while (inl && inl >= chunk) {
-		Camellia_cfb128_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+		Camellia_cfb128_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
 		inl -= chunk;
 		in += chunk;
 		out += chunk;
@@ -271,7 +271,7 @@ camellia_192_cfb128_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsign
 		chunk = inl;
 
 	while (inl && inl >= chunk) {
-		Camellia_cfb128_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+		Camellia_cfb128_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
 		inl -= chunk;
 		in += chunk;
 		out += chunk;
@@ -429,7 +429,7 @@ camellia_256_cfb128_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsign
 		chunk = inl;
 
 	while (inl && inl >= chunk) {
-		Camellia_cfb128_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+		Camellia_cfb128_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
 		inl -= chunk;
 		in += chunk;
 		out += chunk;
@@ -573,7 +573,7 @@ camellia_128_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned
 		chunk = inl;
 
 	while (inl && inl >= chunk) {
-		Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? inl * 8 : inl), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+		Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? chunk * 8 : chunk), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
 		inl -= chunk;
 		in += chunk;
 		out += chunk;
@@ -617,7 +617,7 @@ camellia_192_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned
 		chunk = inl;
 
 	while (inl && inl >= chunk) {
-		Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? inl * 8 : inl), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+		Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? chunk * 8 : chunk), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
 		inl -= chunk;
 		in += chunk;
 		out += chunk;
@@ -661,7 +661,7 @@ camellia_256_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned
 		chunk = inl;
 
 	while (inl && inl >= chunk) {
-		Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? inl * 8 : inl), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+		Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? chunk * 8 : chunk), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
 		inl -= chunk;
 		in += chunk;
 		out += chunk;
@@ -704,7 +704,7 @@ camellia_128_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned
 		chunk = inl;
 
 	while (inl && inl >= chunk) {
-		Camellia_cfb8_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+		Camellia_cfb8_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
 		inl -= chunk;
 		in += chunk;
 		out += chunk;
@@ -746,7 +746,7 @@ camellia_192_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned
 		chunk = inl;
 
 	while (inl && inl >= chunk) {
-		Camellia_cfb8_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+		Camellia_cfb8_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
 		inl -= chunk;
 		in += chunk;
 		out += chunk;
@@ -788,7 +788,7 @@ camellia_256_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned
 		chunk = inl;
 
 	while (inl && inl >= chunk) {
-		Camellia_cfb8_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+		Camellia_cfb8_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
 		inl -= chunk;
 		in += chunk;
 		out += chunk;
diff --git a/src/lib/libcrypto/evp/e_cast.c b/src/lib/libcrypto/evp/e_cast.c
index e654962c75..f5654d9f3e 100644
--- a/src/lib/libcrypto/evp/e_cast.c
+++ b/src/lib/libcrypto/evp/e_cast.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_cast.c,v 1.11 2022/09/04 15:45:25 jsing Exp $ */
+/* $OpenBSD: e_cast.c,v 1.12 2022/09/10 17:39:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -114,7 +114,7 @@ cast5_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char
 		chunk = inl;
 
 	while (inl && inl >= chunk) {
-		CAST_cfb64_encrypt(in, out, (long)inl, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+		CAST_cfb64_encrypt(in, out, (long)chunk, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
 		inl -= chunk;
 		in += chunk;
 		out += chunk;
diff --git a/src/lib/libcrypto/evp/e_gost2814789.c b/src/lib/libcrypto/evp/e_gost2814789.c
index f4b903b913..cff66e8c79 100644
--- a/src/lib/libcrypto/evp/e_gost2814789.c
+++ b/src/lib/libcrypto/evp/e_gost2814789.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_gost2814789.c,v 1.9 2022/09/06 06:17:11 jsing Exp $ */
+/* $OpenBSD: e_gost2814789.c,v 1.10 2022/09/10 17:39:47 jsing Exp $ */
 /*
  * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  * Copyright (c) 2005-2006 Cryptocom LTD
@@ -213,7 +213,7 @@ gost2814789_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned
 		chunk = inl;
 
 	while (inl && inl >= chunk) {
-		Gost2814789_cfb64_encrypt(in, out, inl, &((EVP_GOST2814789_CTX *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+		Gost2814789_cfb64_encrypt(in, out, chunk, &((EVP_GOST2814789_CTX *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
 		inl -= chunk;
 		in += chunk;
 		out += chunk;
diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c
index c7f2b30a44..8696fb2450 100644
--- a/src/lib/libcrypto/evp/e_idea.c
+++ b/src/lib/libcrypto/evp/e_idea.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_idea.c,v 1.15 2022/09/04 15:45:25 jsing Exp $ */
+/* $OpenBSD: e_idea.c,v 1.16 2022/09/10 17:39:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -172,7 +172,7 @@ idea_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *
 		chunk = inl;
 
 	while (inl && inl >= chunk) {
-		idea_cfb64_encrypt(in, out, (long)inl, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+		idea_cfb64_encrypt(in, out, (long)chunk, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
 		inl -= chunk;
 		in += chunk;
 		out += chunk;
diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c
index 72e582d5e0..4f92365e7e 100644
--- a/src/lib/libcrypto/evp/e_rc2.c
+++ b/src/lib/libcrypto/evp/e_rc2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_rc2.c,v 1.17 2022/09/04 15:45:25 jsing Exp $ */
+/* $OpenBSD: e_rc2.c,v 1.18 2022/09/10 17:39:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -116,7 +116,7 @@ rc2_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *i
 		chunk = inl;
 
 	while (inl && inl >= chunk) {
-		RC2_cfb64_encrypt(in, out, (long)inl, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+		RC2_cfb64_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
 		inl -= chunk;
 		in += chunk;
 		out += chunk;
diff --git a/src/lib/libcrypto/evp/e_sm4.c b/src/lib/libcrypto/evp/e_sm4.c
index 4fecae9671..11e9a74d69 100644
--- a/src/lib/libcrypto/evp/e_sm4.c
+++ b/src/lib/libcrypto/evp/e_sm4.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: e_sm4.c,v 1.5 2022/09/06 06:17:11 jsing Exp $	*/
+/*	$OpenBSD: e_sm4.c,v 1.6 2022/09/10 17:39:47 jsing Exp $	*/
 /*
  * Copyright (c) 2017, 2019 Ribose Inc
  *
@@ -99,7 +99,7 @@ sm4_cfb128_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *
 		chunk = inl;
 
 	while (inl && inl >= chunk) {
-		sm4_cfb128_encrypt(in, out, inl, &((EVP_SM4_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+		sm4_cfb128_encrypt(in, out, chunk, &((EVP_SM4_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
 		inl -= chunk;
 		in += chunk;
 		out += chunk;
-- 
cgit v1.2.3-55-g6feb