diff options
author | Matt Caswell <matt@openssl.org> | 2019-11-14 16:05:19 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-11-19 13:33:54 +0000 |
commit | d23adad1133c5445cd834cab0e598d7817effc6b (patch) | |
tree | dc8c9bc7b108d453097a85898541d1bcc225df0c /providers/implementations/ciphers/cipher_blowfish.c | |
parent | dbca036435e210348e73d43a8dad14f0de6a9a18 (diff) | |
download | openssl-new-d23adad1133c5445cd834cab0e598d7817effc6b.tar.gz |
EVP_CIPHER_CTX_set_keylen should not succeed if a bad keylen is passed
EVP_CIPHER_CTX_set_keylen() was succeeding even though a bad key length
is passed to it. This is because the set_ctx_params() were all accepting
this parameter and blindly changing the keylen even though the cipher did
not accept a variable key length. Even removing this didn't entirely
resolve the issue because set_ctx_params() functions succeed even if
passed a parameter they do not recognise.
This should fix various issues found by OSSfuzz/Cryptofuzz.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10449)
Diffstat (limited to 'providers/implementations/ciphers/cipher_blowfish.c')
-rw-r--r-- | providers/implementations/ciphers/cipher_blowfish.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/providers/implementations/ciphers/cipher_blowfish.c b/providers/implementations/ciphers/cipher_blowfish.c index 786cc15189..1ffb9452a8 100644 --- a/providers/implementations/ciphers/cipher_blowfish.c +++ b/providers/implementations/ciphers/cipher_blowfish.c @@ -39,10 +39,10 @@ static void *blowfish_dupctx(void *ctx) } /* bf_ecb_functions */ -IMPLEMENT_generic_cipher(blowfish, BLOWFISH, ecb, ECB, BF_FLAGS, 128, 64, 0, block) +IMPLEMENT_var_keylen_cipher(blowfish, BLOWFISH, ecb, ECB, BF_FLAGS, 128, 64, 0, block) /* bf_cbc_functions */ -IMPLEMENT_generic_cipher(blowfish, BLOWFISH, cbc, CBC, BF_FLAGS, 128, 64, 64, block) +IMPLEMENT_var_keylen_cipher(blowfish, BLOWFISH, cbc, CBC, BF_FLAGS, 128, 64, 64, block) /* bf_ofb_functions */ -IMPLEMENT_generic_cipher(blowfish, BLOWFISH, ofb64, OFB, BF_FLAGS, 64, 8, 64, stream) +IMPLEMENT_var_keylen_cipher(blowfish, BLOWFISH, ofb64, OFB, BF_FLAGS, 64, 8, 64, stream) /* bf_cfb_functions */ -IMPLEMENT_generic_cipher(blowfish, BLOWFISH, cfb64, CFB, BF_FLAGS, 64, 8, 64, stream) +IMPLEMENT_var_keylen_cipher(blowfish, BLOWFISH, cfb64, CFB, BF_FLAGS, 64, 8, 64, stream) |