diff options
author | Richard Levitte <levitte@openssl.org> | 2019-08-27 10:12:34 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2019-08-27 18:55:01 +0200 |
commit | d5f854291336c96a3d2379ecc8c29f00ef516ad9 (patch) | |
tree | e98be7d10b42811cf8e77b83ad041fa2c836e0a8 /crypto | |
parent | 096978f09908ba0f679ff905b0db4861a57eb1c8 (diff) | |
download | openssl-d5f854291336c96a3d2379ecc8c29f00ef516ad9.zip openssl-d5f854291336c96a3d2379ecc8c29f00ef516ad9.tar.gz openssl-d5f854291336c96a3d2379ecc8c29f00ef516ad9.tar.bz2 |
Coverty fixes for MACs
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9700)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/cmac/cmac.c | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index 79936a5..b1be991 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -87,11 +87,13 @@ void CMAC_CTX_free(CMAC_CTX *ctx) int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) { int bl; + if (in->nlast_block == -1) return 0; + if ((bl = EVP_CIPHER_CTX_block_size(in->cctx)) < 0) + return 0; if (!EVP_CIPHER_CTX_copy(out->cctx, in->cctx)) return 0; - bl = EVP_CIPHER_CTX_block_size(in->cctx); memcpy(out->k1, in->k1, bl); memcpy(out->k2, in->k2, bl); memcpy(out->tbl, in->tbl, bl); @@ -104,6 +106,7 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, const EVP_CIPHER *cipher, ENGINE *impl) { static const unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH] = { 0 }; + /* All zeros means restart */ if (!key && !cipher && !impl && keylen == 0) { /* Not initialised */ @@ -121,13 +124,15 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, /* Non-NULL key means initialisation complete */ if (key) { int bl; + if (!EVP_CIPHER_CTX_cipher(ctx->cctx)) return 0; if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen)) return 0; if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv)) return 0; - bl = EVP_CIPHER_CTX_block_size(ctx->cctx); + if ((bl = EVP_CIPHER_CTX_block_size(ctx->cctx)) < 0) + return 0; if (!EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl)) return 0; make_kn(ctx->k1, ctx->tbl, bl); @@ -146,15 +151,18 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) { const unsigned char *data = in; - size_t bl; + int bl; + if (ctx->nlast_block == -1) return 0; if (dlen == 0) return 1; - bl = EVP_CIPHER_CTX_block_size(ctx->cctx); + if ((bl = EVP_CIPHER_CTX_block_size(ctx->cctx)) < 0) + return 0; /* Copy into partial block if we need to */ if (ctx->nlast_block > 0) { size_t nleft; + nleft = bl - ctx->nlast_block; if (dlen < nleft) nleft = dlen; @@ -170,7 +178,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) return 0; } /* Encrypt all but one of the complete blocks left */ - while (dlen > bl) { + while (dlen > (size_t)bl) { if (!EVP_Cipher(ctx->cctx, ctx->tbl, data, bl)) return 0; dlen -= bl; @@ -186,9 +194,11 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) { int i, bl, lb; + if (ctx->nlast_block == -1) return 0; - bl = EVP_CIPHER_CTX_block_size(ctx->cctx); + if ((bl = EVP_CIPHER_CTX_block_size(ctx->cctx)) < 0) + return 0; *poutlen = (size_t)bl; if (!out) return 1; |