Commit d099e33e57 for openssl.org
commit d099e33e5733bb9d3975fc4f3ac4a85b6ed1a4cb
Author: 007bsd <22483432+007bsd@users.noreply.github.com>
Date: Tue May 26 00:10:43 2026 +0300
aes_wrap: prevent crash on update without a key
EVP_CipherInit_ex2 with a NULL key followed by EVP_CipherUpdate
on AES-WRAP/WRAP-PAD/WRAP-INV ciphers dereferenced an uninitialised
function pointer because aes_wrap_init installs ctx->block only
when a key is supplied. aes_wrap_cipher_internal had no guard
before dispatching.
Track key state in ctx->key_set, matching OCB/CCM/GCM/Poly1305,
and refuse update if no key has been installed.
Added a regression test covering AES-256-WRAP, AES-256-WRAP-PAD
and AES-256-WRAP-INV.
CLA: trivial
Fixes: ca392b294359 "Add aes_wrap cipher to providers"
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Wed Jun 3 11:52:05 2026
(Merged from https://github.com/openssl/openssl/pull/31292)
diff --git a/providers/implementations/ciphers/cipher_aes_wrp.c b/providers/implementations/ciphers/cipher_aes_wrp.c
index ff8c38f704..2122756b28 100644
--- a/providers/implementations/ciphers/cipher_aes_wrp.c
+++ b/providers/implementations/ciphers/cipher_aes_wrp.c
@@ -144,6 +144,7 @@ static int aes_wrap_init(void *vctx, const unsigned char *key,
AES_set_decrypt_key(key, (int)(keylen * 8), &wctx->ks.ks);
ctx->block = (block128_f)AES_decrypt;
}
+ ctx->key_set = 1;
}
return aes_wrap_set_ctx_params(ctx, params);
}
@@ -217,6 +218,10 @@ static int aes_wrap_cipher_internal(void *vctx, unsigned char *out,
ERR_raise(ERR_LIB_PROV, EVP_R_UPDATE_ERROR);
return -1;
}
+ if (!ctx->key_set) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
+ return -1;
+ }
wctx->updated = 1;
rv = wctx->wrapfn(&wctx->ks.ks, ctx->iv_set ? ctx->iv : NULL, out, in,
diff --git a/test/aeswrap_test.c b/test/aeswrap_test.c
index 539536f4a8..1ec763e8f5 100644
--- a/test/aeswrap_test.c
+++ b/test/aeswrap_test.c
@@ -8,6 +8,7 @@
*/
#include "testutil.h"
+#include "internal/nelem.h"
/* Test that calling EVP_CipherUpdate() twice fails for AES_WRAP_PAD */
static int aeswrap_multi_update_fail_test(void)
@@ -56,9 +57,37 @@ err:
return ret;
}
+static const char *aeswrap_null_key_ciphers[] = {
+ "AES-256-WRAP", "AES-256-WRAP-PAD", "AES-256-WRAP-INV"
+};
+
+/* Test that EVP_CipherUpdate fails after EVP_CipherInit_ex2 with NULL key */
+static int aeswrap_null_key_init_fail_test(int idx)
+{
+ int ret = 0;
+ EVP_CIPHER_CTX *ctx = NULL;
+ EVP_CIPHER *cipher = NULL;
+ uint8_t in[32] = { 0 };
+ uint8_t out[64];
+ int outlen = sizeof(in) + 8;
+
+ if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
+ || !TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, aeswrap_null_key_ciphers[idx], NULL))
+ || !TEST_int_eq(EVP_CipherInit_ex2(ctx, cipher, NULL, NULL, 1, NULL), 1)
+ || !TEST_int_eq(EVP_CipherUpdate(ctx, out, &outlen, in, sizeof(in)), 0))
+ goto err;
+ ret = 1;
+err:
+ EVP_CIPHER_free(cipher);
+ EVP_CIPHER_CTX_free(ctx);
+ return ret;
+}
+
int setup_tests(void)
{
ADD_TEST(aeswrap_input_size_fail_test);
ADD_TEST(aeswrap_multi_update_fail_test);
+ ADD_ALL_TESTS(aeswrap_null_key_init_fail_test,
+ OSSL_NELEM(aeswrap_null_key_ciphers));
return 1;
}