Use correct length for EVP CFB mode ciphers.

The BLOCK_CIPHER_* macros contained a bug where the total length is passed
to the underlying cipher implementation, rather than the length of the
current chunk. Correct this and use the chunk length instead.

Should address the remaining issues reported by Coverity.

ok tb@

diff --git a/lib/libcrypto/evp/e_bf.c b/lib/libcrypto/evp/e_bf.c
index 4122f70..f97f9ed 100644 (file)
--- a/lib/libcrypto/evp/e_bf.c
+++ b/lib/libcrypto/evp/e_bf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_bf.c,v 1.12 2022/09/04 15:45:25 jsing Exp $ */
+/* $OpenBSD: e_bf.c,v 1.13 2022/09/10 17:39:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -114,7 +114,7 @@ bf_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in
                chunk = inl;
 
        while (inl && inl >= chunk) {
-               BF_cfb64_encrypt(in, out, (long)inl, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+               BF_cfb64_encrypt(in, out, (long)chunk, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
                inl -= chunk;
                in += chunk;
                out += chunk;

diff --git a/lib/libcrypto/evp/e_camellia.c b/lib/libcrypto/evp/e_camellia.c
index bff323b..3976baa 100644 (file)
--- a/lib/libcrypto/evp/e_camellia.c
+++ b/lib/libcrypto/evp/e_camellia.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_camellia.c,v 1.14 2022/09/06 06:17:11 jsing Exp $ */
+/* $OpenBSD: e_camellia.c,v 1.15 2022/09/10 17:39:47 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *
@@ -113,7 +113,7 @@ camellia_128_cfb128_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsign
                chunk = inl;
 
        while (inl && inl >= chunk) {
-               Camellia_cfb128_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+               Camellia_cfb128_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
                inl -= chunk;
                in += chunk;
                out += chunk;
@@ -271,7 +271,7 @@ camellia_192_cfb128_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsign
                chunk = inl;
 
        while (inl && inl >= chunk) {
-               Camellia_cfb128_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+               Camellia_cfb128_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
                inl -= chunk;
                in += chunk;
                out += chunk;
@@ -429,7 +429,7 @@ camellia_256_cfb128_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsign
                chunk = inl;
 
        while (inl && inl >= chunk) {
-               Camellia_cfb128_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+               Camellia_cfb128_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
                inl -= chunk;
                in += chunk;
                out += chunk;
@@ -573,7 +573,7 @@ camellia_128_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned
                chunk = inl;
 
        while (inl && inl >= chunk) {
-               Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? inl * 8 : inl), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+               Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? chunk * 8 : chunk), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
                inl -= chunk;
                in += chunk;
                out += chunk;
@@ -617,7 +617,7 @@ camellia_192_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned
                chunk = inl;
 
        while (inl && inl >= chunk) {
-               Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? inl * 8 : inl), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+               Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? chunk * 8 : chunk), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
                inl -= chunk;
                in += chunk;
                out += chunk;
@@ -661,7 +661,7 @@ camellia_256_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned
                chunk = inl;
 
        while (inl && inl >= chunk) {
-               Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? inl * 8 : inl), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+               Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? chunk * 8 : chunk), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
                inl -= chunk;
                in += chunk;
                out += chunk;
@@ -704,7 +704,7 @@ camellia_128_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned
                chunk = inl;
 
        while (inl && inl >= chunk) {
-               Camellia_cfb8_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+               Camellia_cfb8_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
                inl -= chunk;
                in += chunk;
                out += chunk;
@@ -746,7 +746,7 @@ camellia_192_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned
                chunk = inl;
 
        while (inl && inl >= chunk) {
-               Camellia_cfb8_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+               Camellia_cfb8_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
                inl -= chunk;
                in += chunk;
                out += chunk;
@@ -788,7 +788,7 @@ camellia_256_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned
                chunk = inl;
 
        while (inl && inl >= chunk) {
-               Camellia_cfb8_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+               Camellia_cfb8_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
                inl -= chunk;
                in += chunk;
                out += chunk;

diff --git a/lib/libcrypto/evp/e_cast.c b/lib/libcrypto/evp/e_cast.c
index e654962..f5654d9 100644 (file)
--- a/lib/libcrypto/evp/e_cast.c
+++ b/lib/libcrypto/evp/e_cast.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_cast.c,v 1.11 2022/09/04 15:45:25 jsing Exp $ */
+/* $OpenBSD: e_cast.c,v 1.12 2022/09/10 17:39:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -114,7 +114,7 @@ cast5_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char
                chunk = inl;
 
        while (inl && inl >= chunk) {
-               CAST_cfb64_encrypt(in, out, (long)inl, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+               CAST_cfb64_encrypt(in, out, (long)chunk, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
                inl -= chunk;
                in += chunk;
                out += chunk;

diff --git a/lib/libcrypto/evp/e_gost2814789.c b/lib/libcrypto/evp/e_gost2814789.c
index f4b903b..cff66e8 100644 (file)
--- a/lib/libcrypto/evp/e_gost2814789.c
+++ b/lib/libcrypto/evp/e_gost2814789.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_gost2814789.c,v 1.9 2022/09/06 06:17:11 jsing Exp $ */
+/* $OpenBSD: e_gost2814789.c,v 1.10 2022/09/10 17:39:47 jsing Exp $ */
 /*
  * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  * Copyright (c) 2005-2006 Cryptocom LTD
@@ -213,7 +213,7 @@ gost2814789_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned
                chunk = inl;
 
        while (inl && inl >= chunk) {
-               Gost2814789_cfb64_encrypt(in, out, inl, &((EVP_GOST2814789_CTX *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+               Gost2814789_cfb64_encrypt(in, out, chunk, &((EVP_GOST2814789_CTX *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
                inl -= chunk;
                in += chunk;
                out += chunk;

diff --git a/lib/libcrypto/evp/e_idea.c b/lib/libcrypto/evp/e_idea.c
index c7f2b30..8696fb2 100644 (file)
--- a/lib/libcrypto/evp/e_idea.c
+++ b/lib/libcrypto/evp/e_idea.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_idea.c,v 1.15 2022/09/04 15:45:25 jsing Exp $ */
+/* $OpenBSD: e_idea.c,v 1.16 2022/09/10 17:39:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -172,7 +172,7 @@ idea_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *
                chunk = inl;
 
        while (inl && inl >= chunk) {
-               idea_cfb64_encrypt(in, out, (long)inl, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+               idea_cfb64_encrypt(in, out, (long)chunk, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
                inl -= chunk;
                in += chunk;
                out += chunk;

diff --git a/lib/libcrypto/evp/e_rc2.c b/lib/libcrypto/evp/e_rc2.c
index 72e582d..4f92365 100644 (file)
--- a/lib/libcrypto/evp/e_rc2.c
+++ b/lib/libcrypto/evp/e_rc2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_rc2.c,v 1.17 2022/09/04 15:45:25 jsing Exp $ */
+/* $OpenBSD: e_rc2.c,v 1.18 2022/09/10 17:39:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -116,7 +116,7 @@ rc2_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *i
                chunk = inl;
 
        while (inl && inl >= chunk) {
-               RC2_cfb64_encrypt(in, out, (long)inl, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+               RC2_cfb64_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
                inl -= chunk;
                in += chunk;
                out += chunk;

diff --git a/lib/libcrypto/evp/e_sm4.c b/lib/libcrypto/evp/e_sm4.c
index 4fecae9..11e9a74 100644 (file)
--- a/lib/libcrypto/evp/e_sm4.c
+++ b/lib/libcrypto/evp/e_sm4.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: e_sm4.c,v 1.5 2022/09/06 06:17:11 jsing Exp $ */
+/*     $OpenBSD: e_sm4.c,v 1.6 2022/09/10 17:39:47 jsing Exp $ */
 /*
  * Copyright (c) 2017, 2019 Ribose Inc
  *
@@ -99,7 +99,7 @@ sm4_cfb128_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *
                chunk = inl;
 
        while (inl && inl >= chunk) {
-               sm4_cfb128_encrypt(in, out, inl, &((EVP_SM4_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
+               sm4_cfb128_encrypt(in, out, chunk, &((EVP_SM4_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
                inl -= chunk;
                in += chunk;
                out += chunk;