Check keyLen matches cipher in wolfSSL_CMAC_Init.

Fixes ZD15607.
2026-01-30 19:32:16 +01:00 · 2023-02-12 18:26:40 -06:00
parent 55a7e24cfe
commit 909aa86d2d
2 changed files with 15 additions and 0 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -28567,6 +28567,13 @@ int wolfSSL_CMAC_Init(WOLFSSL_CMAC_CTX* ctx, const void *key, size_t keyLen,
        ret = WOLFSSL_FAILURE;
    }

+    if (ret == WOLFSSL_SUCCESS) {
+        /* Check input keyLen matches input cipher. */
+        if ((int) keyLen != wolfSSL_EVP_Cipher_key_length(cipher)) {
+            ret = WOLFSSL_FAILURE;
+        }
+    }
+
    if (ret == WOLFSSL_SUCCESS) {
        ret = wc_InitCmac((Cmac*)ctx->internal, (const byte*)key,
                          (word32)keyLen, WC_CMAC_AES, NULL);