mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #6084 from philljj/zd15607

Browse Source 
Check keyLen matches cipher in wolfSSL_CMAC_Init.
This commit is contained in:
Sean Parkinson 2023-02-14 12:51:20 +10:00 committed by GitHub
commit 2fe34facba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/ssl.c
View File

@ -28573,6 +28573,13 @@ int wolfSSL_CMAC_Init(WOLFSSL_CMAC_CTX* ctx, const void *key, size_t keyLen,
ret = WOLFSSL_FAILURE;
}
if (ret == WOLFSSL_SUCCESS) {
/* Check input keyLen matches input cipher. */
if ((int) keyLen != wolfSSL_EVP_Cipher_key_length(cipher)) {
ret = WOLFSSL_FAILURE;
}
}
if (ret == WOLFSSL_SUCCESS) {
ret = wc_InitCmac((Cmac*)ctx->internal, (const byte*)key,
(word32)keyLen, WC_CMAC_AES, NULL);

8
tests/api.c
View File

@ -39705,6 +39705,14 @@ static int test_wolfSSL_CMAC(void)
AssertIntEQ(outLen, AES_BLOCK_SIZE);
CMAC_CTX_free(cmacCtx);
/* give a key too small for the cipher, verify we get failure */
cmacCtx = NULL;
AssertNotNull(cmacCtx = CMAC_CTX_new());
AssertNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx));
AssertIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_192_cbc(),
NULL), SSL_FAILURE);
CMAC_CTX_free(cmacCtx);
res = TEST_RES_CHECK(1);
#endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */
return res;