Files
wolfssl/wolfcrypt
Tobias Frauenschläger 5cf136d15a F-6426 - Reject Camellia cipher ops when no key is set
The Camellia encrypt and decrypt operations used the key schedule
without checking that a key had ever been configured. A zeroed or
otherwise unkeyed context has a keySz that does not match 128, 192,
or 256, so the underlying block transform hit the default no-op case
and CBC emitted an easily reversible XOR chain while still returning
success. A caller who forgot wc_CamelliaSetKey received a success
code with effectively unencrypted output.

Add a key-state check that accepts only valid Camellia key sizes and
have wc_CamelliaEncryptDirect, wc_CamelliaDecryptDirect,
wc_CamelliaCbcEncrypt, and wc_CamelliaCbcDecrypt return MISSING_KEY
when no key has been set. Mirrors the existing 3DES keySet guard.

Add a regression test covering the unkeyed and garbage key-size paths.
2026-07-02 11:36:01 +02:00
..