Commit 69fd7d17 authored by Bernd Edlinger's avatar Bernd Edlinger
Browse files

Fix a crash in the speed command with wrap ciphers 



e.g. openssl speed -evp id-aes256-wrap-pad
was crashing because the return code from EVP_CipherInit_ex
was ignored.
Not going to allow that cipher mode because wrap ciphers
produces more bytes output than the input length
and EVP_Update_loop is not really prepared for that.

Reviewed-by: default avatarDmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8739)

(cherry picked from commit 5d238a10)
parent 9fc19432

apps/speed.c

+16 −4
Original line number Diff line number Diff line
@@ -2629,16 +2629,28 @@ int speed_main(int argc, char **argv) 


                for (k = 0; k < loopargs_len; k++) {

                    loopargs[k].ctx = EVP_CIPHER_CTX_new();

                    EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL, NULL,

                                      iv, decrypt ? 0 : 1);

                    if (loopargs[k].ctx == NULL) {

                        BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n");

                        exit(1);

                    }

                    if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL,

                                           NULL, iv, decrypt ? 0 : 1)) {

                        BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");

                        ERR_print_errors(bio_err);

                        exit(1);

                    }



                    EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);



                    keylen = EVP_CIPHER_CTX_key_length(loopargs[k].ctx);

                    loopargs[k].key = app_malloc(keylen, "evp_cipher key");

                    EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key);

                    EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,

                                      loopargs[k].key, NULL, -1);

                    if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,

                                           loopargs[k].key, NULL, -1)) {

                        BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");

                        ERR_print_errors(bio_err);

                        exit(1);

                    }

                    OPENSSL_clear_free(loopargs[k].key, keylen);

                }