From 1832bb0f02e519a48f06a10467c7ce5f7f3feeeb Mon Sep 17 00:00:00 2001 From: Hugo Landau Date: Fri, 11 Mar 2022 06:57:26 +0000 Subject: Fix signed integer overflow in evp_enc Fixes #17869. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17870) --- crypto/evp/evp_enc.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'crypto/evp/evp_enc.c') diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 02566ae949..d0a62a6d46 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -605,7 +605,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { int ret; - size_t soutl; + size_t soutl, inl_ = (size_t)inl; int blocksize; if (outl != NULL) { @@ -635,9 +635,10 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); return 0; } + ret = ctx->cipher->cupdate(ctx->algctx, out, &soutl, - inl + (blocksize == 1 ? 0 : blocksize), in, - (size_t)inl); + inl_ + (size_t)(blocksize == 1 ? 0 : blocksize), + in, inl_); if (ret) { if (soutl > INT_MAX) { @@ -753,7 +754,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, { int fix_len, cmpl = inl, ret; unsigned int b; - size_t soutl; + size_t soutl, inl_ = (size_t)inl; int blocksize; if (outl != NULL) { @@ -783,8 +784,8 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return 0; } ret = ctx->cipher->cupdate(ctx->algctx, out, &soutl, - inl + (blocksize == 1 ? 0 : blocksize), in, - (size_t)inl); + inl_ + (size_t)(blocksize == 1 ? 0 : blocksize), + in, inl_); if (ret) { if (soutl > INT_MAX) { -- cgit v1.2.3