[openssh-commits] [openssh] 01/02: upstream: Fix EVP_CIPHER_CTX_ctrl() return checks

git+noreply at mindrot.org git+noreply at mindrot.org
Tue Mar 18 15:56:48 AEDT 2025 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 0ce5281f017c3ad7bdcc2bbd9745119a73e0cbb8
Author: tb at openbsd.org <tb at openbsd.org>
AuthorDate: Fri Mar 14 09:49:49 2025 +0000

    upstream: Fix EVP_CIPHER_CTX_ctrl() return checks
    
    While this API tries to translate negative return values (i.e. -1) to 0
    in BoringSSL and LibreSSL, it is still possible for it to return negative
    values in prinicple. We even incorrectly document that -1 can be returned
    while Boring and OpenSSL plead the Fifth.
    
    In OpenSSL 3 there are now code paths that explicitly return -1 and they
    started shifting their return checks to <= 0 - of course they do this in
    inconsistent and sometimes incorrect manner. While these paths aren't
    reachable from ssh right now, who can really tell what happens in the two
    hundred lines of inscrutable bloated mess this has become.
    
    So error check with <= 0 to ensure that we don't accidentally translate an
    error to success.
    
    ok markus schwarze
    
    OpenBSD-Commit-ID: a855c833cf4ecfce43bedc761f26ad924f70483c
---
 cipher.c | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/cipher.c b/cipher.c
index 7d6e7d8c..8a18da2d 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.123 2024/08/23 04:51:00 deraadt Exp $ */
+/* $OpenBSD: cipher.c,v 1.124 2025/03/14 09:49:49 tb Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -298,8 +298,8 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher,
 		goto out;
 	}
 	if (cipher_authlen(cipher) &&
-	    !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_IV_FIXED,
-	    -1, (u_char *)iv)) {
+	    EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_IV_FIXED,
+	    -1, (u_char *)iv) <= 0) {
 		ret = SSH_ERR_LIBCRYPTO_ERROR;
 		goto out;
 	}
@@ -369,13 +369,13 @@ cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest,
 		if (authlen != cipher_authlen(cc->cipher))
 			return SSH_ERR_INVALID_ARGUMENT;
 		/* increment IV */
-		if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
-		    1, lastiv))
+		if (EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
+		    1, lastiv) <= 0)
 			return SSH_ERR_LIBCRYPTO_ERROR;
 		/* set tag on decryption */
 		if (!cc->encrypt &&
-		    !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_TAG,
-		    authlen, (u_char *)src + aadlen + len))
+		    EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_TAG,
+		    authlen, (u_char *)src + aadlen + len) <= 0)
 			return SSH_ERR_LIBCRYPTO_ERROR;
 	}
 	if (aadlen) {
@@ -395,8 +395,8 @@ cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest,
 			return cc->encrypt ?
 			    SSH_ERR_LIBCRYPTO_ERROR : SSH_ERR_MAC_INVALID;
 		if (cc->encrypt &&
-		    !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_GET_TAG,
-		    authlen, dest + aadlen + len))
+		    EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_GET_TAG,
+		    authlen, dest + aadlen + len) <= 0)
 			return SSH_ERR_LIBCRYPTO_ERROR;
 	}
 	return 0;
@@ -465,10 +465,10 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, size_t len)
 	if ((size_t)evplen != len)
 		return SSH_ERR_INVALID_ARGUMENT;
 	if (cipher_authlen(c)) {
-		if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
-		    len, iv))
+		if (EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, len,
+		    iv) <= 0)
 			return SSH_ERR_LIBCRYPTO_ERROR;
-	} else if (!EVP_CIPHER_CTX_get_iv(cc->evp, iv, len))
+	} else if (EVP_CIPHER_CTX_get_iv(cc->evp, iv, len) <= 0)
 		return SSH_ERR_LIBCRYPTO_ERROR;
 #endif
 	return 0;
@@ -495,8 +495,8 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv, size_t len)
 		return SSH_ERR_INVALID_ARGUMENT;
 	if (cipher_authlen(c)) {
 		/* XXX iv arg is const, but EVP_CIPHER_CTX_ctrl isn't */
-		if (!EVP_CIPHER_CTX_ctrl(cc->evp,
-		    EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv))
+		if (EVP_CIPHER_CTX_ctrl(cc->evp,
+		    EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv) <= 0)
 			return SSH_ERR_LIBCRYPTO_ERROR;
 	} else if (!EVP_CIPHER_CTX_set_iv(cc->evp, iv, evplen))
 		return SSH_ERR_LIBCRYPTO_ERROR;

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list