diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-05-02 13:51:35 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-05-05 09:38:08 +1000 |
| commit | 95cf64404cabac96f32e72b5673e2702627e6b4c (patch) | |
| tree | 7bcd8aaec10d7c195b520778895bd001279bc8a1 | |
| parent | b756626a3732869875c50f150bddacfbcac5a7ab (diff) | |
Fix incorrect default keysize for CAST ofb and cfb modes.
Fixes #11459
It was incorrectly using 8 bytes instead of 16 as the default.
This was verified by expanding the macros used in e_cast.c.
The issue occurs if EVP_CIPHER_CTX_set_key_length() is not called.
evp_test.c hides this issue as it always calls EVP_CIPHER_CTX_set_key_length() before
using EVP_CipherInit_ex(...., key, ..).
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11707)
| -rw-r--r-- | providers/implementations/ciphers/cipher_cast5.c | 8 | ||||
| -rw-r--r-- | providers/implementations/include/prov/implementations.h | 4 | ||||
| -rw-r--r-- | providers/legacyprov.c | 4 |
3 files changed, 8 insertions, 8 deletions
diff --git a/providers/implementations/ciphers/cipher_cast5.c b/providers/implementations/ciphers/cipher_cast5.c index a9da32e761..566583d141 100644 --- a/providers/implementations/ciphers/cipher_cast5.c +++ b/providers/implementations/ciphers/cipher_cast5.c @@ -49,7 +49,7 @@ static void *cast5_dupctx(void *ctx) IMPLEMENT_var_keylen_cipher(cast5, CAST, ecb, ECB, CAST5_FLAGS, 128, 64, 0, block) /* cast5128cbc_functions */ IMPLEMENT_var_keylen_cipher(cast5, CAST, cbc, CBC, CAST5_FLAGS, 128, 64, 64, block) -/* cast564ofb64_functions */ -IMPLEMENT_var_keylen_cipher(cast5, CAST, ofb64, OFB, CAST5_FLAGS, 64, 8, 64, stream) -/* cast564cfb64_functions */ -IMPLEMENT_var_keylen_cipher(cast5, CAST, cfb64, CFB, CAST5_FLAGS, 64, 8, 64, stream) +/* cast5128ofb64_functions */ +IMPLEMENT_var_keylen_cipher(cast5, CAST, ofb64, OFB, CAST5_FLAGS, 128, 8, 64, stream) +/* cast5128cfb64_functions */ +IMPLEMENT_var_keylen_cipher(cast5, CAST, cfb64, CFB, CAST5_FLAGS, 128, 8, 64, stream) diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index 8d35fba49c..1f761e0ec4 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -148,8 +148,8 @@ extern const OSSL_DISPATCH idea128cfb64_functions[]; #ifndef OPENSSL_NO_CAST extern const OSSL_DISPATCH cast5128ecb_functions[]; extern const OSSL_DISPATCH cast5128cbc_functions[]; -extern const OSSL_DISPATCH cast564ofb64_functions[]; -extern const OSSL_DISPATCH cast564cfb64_functions[]; +extern const OSSL_DISPATCH cast5128ofb64_functions[]; +extern const OSSL_DISPATCH cast5128cfb64_functions[]; #endif /* OPENSSL_NO_CAST */ #ifndef OPENSSL_NO_SEED extern const OSSL_DISPATCH seed128ecb_functions[]; diff --git a/providers/legacyprov.c b/providers/legacyprov.c index c8ebc9c433..ca91093893 100644 --- a/providers/legacyprov.c +++ b/providers/legacyprov.c @@ -79,8 +79,8 @@ static const OSSL_ALGORITHM legacy_ciphers[] = { #ifndef OPENSSL_NO_CAST ALG("CAST5-ECB", cast5128ecb_functions), ALG("CAST5-CBC:CAST-CBC:CAST", cast5128cbc_functions), - ALG("CAST5-OFB", cast564ofb64_functions), - ALG("CAST5-CFB", cast564cfb64_functions), + ALG("CAST5-OFB", cast5128ofb64_functions), + ALG("CAST5-CFB", cast5128cfb64_functions), #endif /* OPENSSL_NO_CAST */ #ifndef OPENSSL_NO_BF ALG("BF-ECB", blowfish128ecb_functions), |