Merge pull request #2226 from tmael/defectEVP

Verify input parameters of EVP_CipherFinal
2019-05-09 14:35:16 -06:00 · 2019-05-09 14:35:16 -06:00 · e43e03c30a
commit e43e03c30a
parent 34dc41fe75 1605ab86d2
1 changed files with 7 additions and 1 deletions
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@ -408,7 +408,9 @@ WOLFSSL_API int  wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
                                   unsigned char *out, int *outl)
 {
    int fl;
-    if (ctx == NULL || out == NULL) return BAD_FUNC_ARG;
+    if (ctx == NULL || out == NULL || outl == NULL || (*outl < 0))
+        return BAD_FUNC_ARG;
+
    WOLFSSL_ENTER("wolfSSL_EVP_CipherFinal");
    if (ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING) {
        if (ctx->bufUsed != 0) return WOLFSSL_FAILURE;
@ -446,6 +448,10 @@ WOLFSSL_API int  wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
                *outl = fl;
            } else return 0;
        }
+       /* return error in cases where the block length is incorrect */
+        if (ctx->lastUsed == 0 && ctx->bufUsed == 0) {
+            return WOLFSSL_FAILURE;
+        }
    }
    return WOLFSSL_SUCCESS;
 }