diff options
author | Tomas Mraz <tomas@openssl.org> | 2022-10-12 11:30:56 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-11-11 16:54:50 +0100 |
commit | 94976a1e8d9b127999df14c2e0c38e918c2badda (patch) | |
tree | 334d92294784fad3dc0348650725988a69db1bb7 /providers | |
parent | 9270f67059e0291a2ef73acfba5a4ac54f732ef9 (diff) | |
download | openssl-new-94976a1e8d9b127999df14c2e0c38e918c2badda.tar.gz |
cmac_set_ctx_params(): Fail if cipher mode is not CBC
Also add negative test cases for CMAC and GMAC using
a cipher with wrong mode.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19401)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/macs/cmac_prov.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/providers/implementations/macs/cmac_prov.c b/providers/implementations/macs/cmac_prov.c index 96da429e84..fc9f911beb 100644 --- a/providers/implementations/macs/cmac_prov.c +++ b/providers/implementations/macs/cmac_prov.c @@ -18,6 +18,8 @@ #include <openssl/params.h> #include <openssl/evp.h> #include <openssl/cmac.h> +#include <openssl/err.h> +#include <openssl/proverr.h> #include "prov/implementations.h" #include "prov/provider_ctx.h" @@ -195,8 +197,16 @@ static int cmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) if (params == NULL) return 1; - if (!ossl_prov_cipher_load_from_params(&macctx->cipher, params, ctx)) - return 0; + if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CIPHER)) != NULL) { + if (!ossl_prov_cipher_load_from_params(&macctx->cipher, params, ctx)) + return 0; + + if (EVP_CIPHER_get_mode(ossl_prov_cipher_cipher(&macctx->cipher)) + != EVP_CIPH_CBC_MODE) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); + return 0; + } + } if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING) |