crypto-api: refuse to run gnutls_cipher_init() in full AEAD modes

That is, there are AEAD modes like CCM that can only be used through the AEAD API. Always refuse calls to gnutls_cipher_init() in these modes. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-05-22 14:23:14 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-05-22 14:37:46 +0200
commit: c2d0881f72cc483e1fc072406a2c8e5df2f17109 (patch)
tree: 13184debbde5886e4e48a5107838906ed46441d8 /lib/crypto-api.c
parent: 165b050f957c698e8594eb1e36408ff1ed732e17 (diff)
download: gnutls-c2d0881f72cc483e1fc072406a2c8e5df2f17109.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index 6b3b065f08..1a0b13b90c 100644
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -62,7 +62,7 @@ gnutls_cipher_init(gnutls_cipher_hd_t * handle,
 	const cipher_entry_st* e;
 
 	e = cipher_to_entry(cipher);
-	if (e == NULL)
+	if (e == NULL || e->only_aead)
 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
 	*handle = gnutls_calloc(1, sizeof(api_cipher_hd_st));
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-05-22 14:23:14 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-05-22 14:37:46 +0200
commit	c2d0881f72cc483e1fc072406a2c8e5df2f17109 (patch)
tree	13184debbde5886e4e48a5107838906ed46441d8 /lib/crypto-api.c
parent	165b050f957c698e8594eb1e36408ff1ed732e17 (diff)
download	gnutls-c2d0881f72cc483e1fc072406a2c8e5df2f17109.tar.gz