GCM cipher in provider now fails if passed bad keylength

Fixes #9500 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9512)
author: Shane Lontis <shane.lontis@oracle.com> 2019-08-07 11:39:04 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2019-08-07 11:39:04 +1000
commit: e9c116ebcbaf6a0d089a2f8d615eee5be69ab66a (patch)
tree: 43645bddc891871b3b1c07206cf691a02bb9e81d /test/aesgcmtest.c
parent: 88f19d86d9fb2d50b5a80b6cad0a6b38dfc2bf12 (diff)
download: openssl-new-e9c116ebcbaf6a0d089a2f8d615eee5be69ab66a.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/test/aesgcmtest.c b/test/aesgcmtest.c
index c616438b00..a13e9b856c 100644
--- a/test/aesgcmtest.c
+++ b/test/aesgcmtest.c
@@ -100,6 +100,20 @@ static int kat_test(void)
            && do_decrypt(gcm_iv, ct, ctlen, tag, taglen);
 }
 
+static int badkeylen_test(void)
+{
+    int ret;
+    EVP_CIPHER_CTX *ctx = NULL;
+    const EVP_CIPHER *cipher;
+
+    ret = TEST_ptr(cipher = EVP_aes_192_gcm())
+          && TEST_ptr(ctx = EVP_CIPHER_CTX_new())
+          && TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL))
+          && TEST_false(EVP_CIPHER_CTX_set_key_length(ctx, 2));
+    EVP_CIPHER_CTX_free(ctx);
+    return ret;
+}
+
 #ifdef FIPS_MODE
 static int ivgen_test(void)
 {
@@ -116,6 +130,7 @@ static int ivgen_test(void)
 int setup_tests(void)
 {
     ADD_TEST(kat_test);
+    ADD_TEST(badkeylen_test);
 #ifdef FIPS_MODE
     ADD_TEST(ivgen_test);
 #endif /* FIPS_MODE */
author	Shane Lontis <shane.lontis@oracle.com>	2019-08-07 11:39:04 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2019-08-07 11:39:04 +1000
commit	e9c116ebcbaf6a0d089a2f8d615eee5be69ab66a (patch)
tree	43645bddc891871b3b1c07206cf691a02bb9e81d /test/aesgcmtest.c
parent	88f19d86d9fb2d50b5a80b6cad0a6b38dfc2bf12 (diff)
download	openssl-new-e9c116ebcbaf6a0d089a2f8d615eee5be69ab66a.tar.gz