From 7a606269dcb36c62043465a6e9c3e91542bf07b9 Mon Sep 17 00:00:00 2001 From: jsing Date: Sat, 10 Sep 2022 17:39:47 +0000 Subject: [PATCH] Use correct length for EVP CFB mode ciphers. The BLOCK_CIPHER_* macros contained a bug where the total length is passed to the underlying cipher implementation, rather than the length of the current chunk. Correct this and use the chunk length instead. Should address the remaining issues reported by Coverity. ok tb@ --- lib/libcrypto/evp/e_bf.c | 4 ++-- lib/libcrypto/evp/e_camellia.c | 20 ++++++++++---------- lib/libcrypto/evp/e_cast.c | 4 ++-- lib/libcrypto/evp/e_gost2814789.c | 4 ++-- lib/libcrypto/evp/e_idea.c | 4 ++-- lib/libcrypto/evp/e_rc2.c | 4 ++-- lib/libcrypto/evp/e_sm4.c | 4 ++-- 7 files changed, 22 insertions(+), 22 deletions(-) diff --git a/lib/libcrypto/evp/e_bf.c b/lib/libcrypto/evp/e_bf.c index 4122f701dad..f97f9ed1e42 100644 --- a/lib/libcrypto/evp/e_bf.c +++ b/lib/libcrypto/evp/e_bf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_bf.c,v 1.12 2022/09/04 15:45:25 jsing Exp $ */ +/* $OpenBSD: e_bf.c,v 1.13 2022/09/10 17:39:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -114,7 +114,7 @@ bf_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in chunk = inl; while (inl && inl >= chunk) { - BF_cfb64_encrypt(in, out, (long)inl, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + BF_cfb64_encrypt(in, out, (long)chunk, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); inl -= chunk; in += chunk; out += chunk; diff --git a/lib/libcrypto/evp/e_camellia.c b/lib/libcrypto/evp/e_camellia.c index bff323b9326..3976baaa48a 100644 --- a/lib/libcrypto/evp/e_camellia.c +++ b/lib/libcrypto/evp/e_camellia.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_camellia.c,v 1.14 2022/09/06 06:17:11 jsing Exp $ */ +/* $OpenBSD: e_camellia.c,v 1.15 2022/09/10 17:39:47 jsing Exp $ */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * @@ -113,7 +113,7 @@ camellia_128_cfb128_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsign chunk = inl; while (inl && inl >= chunk) { - Camellia_cfb128_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + Camellia_cfb128_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); inl -= chunk; in += chunk; out += chunk; @@ -271,7 +271,7 @@ camellia_192_cfb128_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsign chunk = inl; while (inl && inl >= chunk) { - Camellia_cfb128_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + Camellia_cfb128_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); inl -= chunk; in += chunk; out += chunk; @@ -429,7 +429,7 @@ camellia_256_cfb128_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsign chunk = inl; while (inl && inl >= chunk) { - Camellia_cfb128_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + Camellia_cfb128_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); inl -= chunk; in += chunk; out += chunk; @@ -573,7 +573,7 @@ camellia_128_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned chunk = inl; while (inl && inl >= chunk) { - Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? inl * 8 : inl), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? chunk * 8 : chunk), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); inl -= chunk; in += chunk; out += chunk; @@ -617,7 +617,7 @@ camellia_192_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned chunk = inl; while (inl && inl >= chunk) { - Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? inl * 8 : inl), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? chunk * 8 : chunk), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); inl -= chunk; in += chunk; out += chunk; @@ -661,7 +661,7 @@ camellia_256_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned chunk = inl; while (inl && inl >= chunk) { - Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? inl * 8 : inl), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? chunk * 8 : chunk), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); inl -= chunk; in += chunk; out += chunk; @@ -704,7 +704,7 @@ camellia_128_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned chunk = inl; while (inl && inl >= chunk) { - Camellia_cfb8_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + Camellia_cfb8_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); inl -= chunk; in += chunk; out += chunk; @@ -746,7 +746,7 @@ camellia_192_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned chunk = inl; while (inl && inl >= chunk) { - Camellia_cfb8_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + Camellia_cfb8_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); inl -= chunk; in += chunk; out += chunk; @@ -788,7 +788,7 @@ camellia_256_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned chunk = inl; while (inl && inl >= chunk) { - Camellia_cfb8_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + Camellia_cfb8_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); inl -= chunk; in += chunk; out += chunk; diff --git a/lib/libcrypto/evp/e_cast.c b/lib/libcrypto/evp/e_cast.c index e654962c756..f5654d9f3e1 100644 --- a/lib/libcrypto/evp/e_cast.c +++ b/lib/libcrypto/evp/e_cast.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_cast.c,v 1.11 2022/09/04 15:45:25 jsing Exp $ */ +/* $OpenBSD: e_cast.c,v 1.12 2022/09/10 17:39:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -114,7 +114,7 @@ cast5_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char chunk = inl; while (inl && inl >= chunk) { - CAST_cfb64_encrypt(in, out, (long)inl, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + CAST_cfb64_encrypt(in, out, (long)chunk, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); inl -= chunk; in += chunk; out += chunk; diff --git a/lib/libcrypto/evp/e_gost2814789.c b/lib/libcrypto/evp/e_gost2814789.c index f4b903b9130..cff66e8c79c 100644 --- a/lib/libcrypto/evp/e_gost2814789.c +++ b/lib/libcrypto/evp/e_gost2814789.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_gost2814789.c,v 1.9 2022/09/06 06:17:11 jsing Exp $ */ +/* $OpenBSD: e_gost2814789.c,v 1.10 2022/09/10 17:39:47 jsing Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -213,7 +213,7 @@ gost2814789_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned chunk = inl; while (inl && inl >= chunk) { - Gost2814789_cfb64_encrypt(in, out, inl, &((EVP_GOST2814789_CTX *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + Gost2814789_cfb64_encrypt(in, out, chunk, &((EVP_GOST2814789_CTX *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); inl -= chunk; in += chunk; out += chunk; diff --git a/lib/libcrypto/evp/e_idea.c b/lib/libcrypto/evp/e_idea.c index c7f2b30a44f..8696fb24507 100644 --- a/lib/libcrypto/evp/e_idea.c +++ b/lib/libcrypto/evp/e_idea.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_idea.c,v 1.15 2022/09/04 15:45:25 jsing Exp $ */ +/* $OpenBSD: e_idea.c,v 1.16 2022/09/10 17:39:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -172,7 +172,7 @@ idea_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char * chunk = inl; while (inl && inl >= chunk) { - idea_cfb64_encrypt(in, out, (long)inl, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + idea_cfb64_encrypt(in, out, (long)chunk, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); inl -= chunk; in += chunk; out += chunk; diff --git a/lib/libcrypto/evp/e_rc2.c b/lib/libcrypto/evp/e_rc2.c index 72e582d5e01..4f92365e7e7 100644 --- a/lib/libcrypto/evp/e_rc2.c +++ b/lib/libcrypto/evp/e_rc2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_rc2.c,v 1.17 2022/09/04 15:45:25 jsing Exp $ */ +/* $OpenBSD: e_rc2.c,v 1.18 2022/09/10 17:39:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -116,7 +116,7 @@ rc2_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *i chunk = inl; while (inl && inl >= chunk) { - RC2_cfb64_encrypt(in, out, (long)inl, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + RC2_cfb64_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); inl -= chunk; in += chunk; out += chunk; diff --git a/lib/libcrypto/evp/e_sm4.c b/lib/libcrypto/evp/e_sm4.c index 4fecae9671d..11e9a74d69c 100644 --- a/lib/libcrypto/evp/e_sm4.c +++ b/lib/libcrypto/evp/e_sm4.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_sm4.c,v 1.5 2022/09/06 06:17:11 jsing Exp $ */ +/* $OpenBSD: e_sm4.c,v 1.6 2022/09/10 17:39:47 jsing Exp $ */ /* * Copyright (c) 2017, 2019 Ribose Inc * @@ -99,7 +99,7 @@ sm4_cfb128_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char * chunk = inl; while (inl && inl >= chunk) { - sm4_cfb128_encrypt(in, out, inl, &((EVP_SM4_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + sm4_cfb128_encrypt(in, out, chunk, &((EVP_SM4_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); inl -= chunk; in += chunk; out += chunk; -- 2.20.1