mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
Fix incomplete checks for EVP_CIPHER_asn1_to_param
EVP_CIPHER_asn1_to_param() returns a value <= 0 in case of an error, and a value greater than 0 in case of success. Two callsites only check for < 0 instead of <= 0. The other callsites perform this check correctly. Change the two callsites to <= 0. Additionally correctly handle a zero return value from EVP_CIPHER_get_asn1_iv as success. Fixes: #20116 CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/201213)
This commit is contained in:
parent
e95d6e1eec
commit
114d99b46b
@ -209,7 +209,7 @@ int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
|
||||
break;
|
||||
|
||||
default:
|
||||
ret = EVP_CIPHER_get_asn1_iv(c, type);
|
||||
ret = EVP_CIPHER_get_asn1_iv(c, type) >= 0 ? 1 : -1;
|
||||
}
|
||||
} else if (cipher->prov != NULL) {
|
||||
OSSL_PARAM params[3], *p = params;
|
||||
|
@ -159,7 +159,7 @@ int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
|
||||
/* Fixup cipher based on AlgorithmIdentifier */
|
||||
if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
|
||||
goto err;
|
||||
if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
|
||||
if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) <= 0) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_CIPHER_PARAMETER_ERROR);
|
||||
goto err;
|
||||
}
|
||||
|
@ -589,7 +589,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
||||
BIO_get_cipher_ctx(etmp, &evp_ctx);
|
||||
if (EVP_CipherInit_ex(evp_ctx, cipher, NULL, NULL, NULL, 0) <= 0)
|
||||
goto err;
|
||||
if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0)
|
||||
if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) <= 0)
|
||||
goto err;
|
||||
/* Generate random key as MMA defence */
|
||||
len = EVP_CIPHER_CTX_get_key_length(evp_ctx);
|
||||
|
Loading…
Reference in New Issue
Block a user