Staging pr comments

aws · Jan 23, 2024 · 08af546 · 08af546
1 parent 8d6f0b4
commit 08af546
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/crypto/fipsmodule/cipher/cipher.c b/crypto/fipsmodule/cipher/cipher.c
@@ -540,6 +540,8 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len) {
 
 int EVP_Cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
                size_t in_len) {
+  GUARD_PTR(ctx);
+  GUARD_PTR(ctx->cipher);
   const int ret = ctx->cipher->cipher(ctx, out, in, in_len);
 
   // |EVP_CIPH_FLAG_CUSTOM_CIPHER| never sets the FIPS indicator via
@@ -562,6 +564,7 @@ int EVP_Cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
 
 int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
                      const uint8_t *in, int in_len) {
+  GUARD_PTR(ctx);
   if (ctx->encrypt) {
     return EVP_EncryptUpdate(ctx, out, out_len, in, in_len);
   } else {
@@ -570,6 +573,7 @@ int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
 }
 
 int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len) {
+  GUARD_PTR(ctx);
   if (ctx->encrypt) {
     return EVP_EncryptFinal_ex(ctx, out, out_len);
   } else {

diff --git a/crypto/internal.h b/crypto/internal.h
@@ -1150,7 +1150,7 @@ OPENSSL_EXPORT int OPENSSL_vasprintf_internal(char **str, const char *format,
     OPENSSL_PRINTF_FORMAT_FUNC(2, 0);
 
 
-// Safety Macros
+// Experimental Safety Macros
 
 // Inspired by s2n-tls
 
@@ -1165,9 +1165,10 @@ OPENSSL_EXPORT int OPENSSL_vasprintf_internal(char **str, const char *format,
 #define AWS_LC_ERROR 0
 #define AWS_LC_SUCCESS 1
 
-// RESULT_GUARD_PTR checks if |ptr|, if it is null it adds ERR_R_PASSED_NULL_PARAMETER
-// to the error queue and returns 0. NOTE: this macro should only be used with
-// functions that return 0 (for error) and 1 (for success).
+// RESULT_GUARD_PTR checks |ptr|: if it is null it adds ERR_R_PASSED_NULL_PARAMETER
+// to the error queue and returns 0, if it is not null nothing happens.
+// NOTE: this macro should only be used with functions that return 0 (for error)
+// and 1 (for success).
 #define GUARD_PTR(ptr) __AWS_LC_ENSURE((ptr) != NULL, OPENSSL_PUT_ERROR(CRYPTO, ERR_R_PASSED_NULL_PARAMETER); \
                                        return AWS_LC_ERROR)