forked from wolfSSL/wolfssl
Check keyLen matches cipher in wolfSSL_CMAC_Init.
Fixes ZD15607.
This commit is contained in:
jordan
@ -28567,6 +28567,13 @@ int wolfSSL_CMAC_Init(WOLFSSL_CMAC_CTX* ctx, const void *key, size_t keyLen,
|
|||||||
ret = WOLFSSL_FAILURE;
|
ret = WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (ret == WOLFSSL_SUCCESS) {
|
||||||
|
/* Check input keyLen matches input cipher. */
|
||||||
|
if ((int) keyLen != wolfSSL_EVP_Cipher_key_length(cipher)) {
|
||||||
|
ret = WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (ret == WOLFSSL_SUCCESS) {
|
if (ret == WOLFSSL_SUCCESS) {
|
||||||
ret = wc_InitCmac((Cmac*)ctx->internal, (const byte*)key,
|
ret = wc_InitCmac((Cmac*)ctx->internal, (const byte*)key,
|
||||||
(word32)keyLen, WC_CMAC_AES, NULL);
|
(word32)keyLen, WC_CMAC_AES, NULL);
|
||||||
|
|||||||
@ -39705,6 +39705,14 @@ static int test_wolfSSL_CMAC(void)
|
|||||||
AssertIntEQ(outLen, AES_BLOCK_SIZE);
|
AssertIntEQ(outLen, AES_BLOCK_SIZE);
|
||||||
CMAC_CTX_free(cmacCtx);
|
CMAC_CTX_free(cmacCtx);
|
||||||
|
|
||||||
|
/* give a key too small for the cipher, verify we get failure */
|
||||||
|
cmacCtx = NULL;
|
||||||
|
AssertNotNull(cmacCtx = CMAC_CTX_new());
|
||||||
|
AssertNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx));
|
||||||
|
AssertIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_192_cbc(),
|
||||||
|
NULL), SSL_FAILURE);
|
||||||
|
CMAC_CTX_free(cmacCtx);
|
||||||
|
|
||||||
res = TEST_RES_CHECK(1);
|
res = TEST_RES_CHECK(1);
|
||||||
#endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */
|
#endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */
|
||||||
return res;
|
return res;
|
||||||
|
|||||||
Reference in New Issue
Block a user