wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Check keyLen matches cipher in wolfSSL_CMAC_Init.

Browse Source 
Fixes ZD15607.
This commit is contained in:
jordan
2023-02-12 18:26:40 -06:00
parent 55a7e24cfe
commit 909aa86d2d
2 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/ssl.c
View File

@ -28567,6 +28567,13 @@ int wolfSSL_CMAC_Init(WOLFSSL_CMAC_CTX* ctx, const void *key, size_t keyLen,
ret = WOLFSSL_FAILURE;
}
if (ret == WOLFSSL_SUCCESS) {
/* Check input keyLen matches input cipher. */
if ((int) keyLen != wolfSSL_EVP_Cipher_key_length(cipher)) {
ret = WOLFSSL_FAILURE;
}
}
if (ret == WOLFSSL_SUCCESS) {
ret = wc_InitCmac((Cmac*)ctx->internal, (const byte*)key,
(word32)keyLen, WC_CMAC_AES, NULL);

8
tests/api.c
View File

@ -39705,6 +39705,14 @@ static int test_wolfSSL_CMAC(void)
AssertIntEQ(outLen, AES_BLOCK_SIZE);
CMAC_CTX_free(cmacCtx);
/* give a key too small for the cipher, verify we get failure */
cmacCtx = NULL;
AssertNotNull(cmacCtx = CMAC_CTX_new());
AssertNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx));
AssertIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_192_cbc(),
NULL), SSL_FAILURE);
CMAC_CTX_free(cmacCtx);
res = TEST_RES_CHECK(1);
#endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */
return res;