From f79858ac4d90a450d0620d1ecb713bc35d7d9f8d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 30 Apr 2019 14:01:52 +0200 Subject: [PATCH] Replumbing: make the oneshot proider cipher function like the others The OP_cipher_final function takes a return output size and an output buffer size argument. The oneshot OP_cipher_cipher function should do the same. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8849) --- crypto/evp/evp_lib.c | 8 +++++++- include/openssl/core_numbers.h | 5 +++-- providers/common/ciphers/aes.c | 11 +++++++++-- 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 189c953266d9e..34b938281efdd 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -232,8 +232,14 @@ int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { if (ctx->cipher->prov != NULL) { + size_t outl = 0; /* ignored */ + int blocksize = EVP_CIPHER_CTX_block_size(ctx); + if (ctx->cipher->ccipher != NULL) - return ctx->cipher->ccipher(ctx->provctx, out, in, (size_t)inl); + return + ctx->cipher->ccipher(ctx->provctx, out, &outl, + inl + (blocksize == 1 ? 0 : blocksize), + in, (size_t)inl); return 0; } diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index d58888607e7b5..74b3fdfda980a 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -140,8 +140,9 @@ OSSL_CORE_MAKE_FUNC(int, OP_cipher_update, OSSL_CORE_MAKE_FUNC(int, OP_cipher_final, (void *, unsigned char *out, size_t *outl, size_t outsize)) OSSL_CORE_MAKE_FUNC(int, OP_cipher_cipher, - (void *, unsigned char *out, const unsigned char *in, - size_t inl)) + (void *, + unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl)) OSSL_CORE_MAKE_FUNC(void, OP_cipher_freectx, (void *vctx)) OSSL_CORE_MAKE_FUNC(void *, OP_cipher_dupctx, (void *vctx)) OSSL_CORE_MAKE_FUNC(size_t, OP_cipher_key_length, (void)) diff --git a/providers/common/ciphers/aes.c b/providers/common/ciphers/aes.c index 5c6e6703f8d3a..2e93461621c2b 100644 --- a/providers/common/ciphers/aes.c +++ b/providers/common/ciphers/aes.c @@ -235,16 +235,23 @@ static int aes_stream_final(void *vctx, unsigned char *out, size_t *outl, return 1; } -static int aes_cipher(void *vctx, unsigned char *out, const unsigned char *in, - size_t inl) +static int aes_cipher(void *vctx, + unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl) { PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; + if (outsize < inl) { + PROVerr(PROV_F_AES_CIPHER, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return 0; + } + if (!ctx->ciph->cipher(ctx, out, in, inl)) { PROVerr(PROV_F_AES_CIPHER, PROV_R_CIPHER_OPERATION_FAILED); return 0; } + *outl = inl; return 1; }