Return error for unsupported modes.

PR#3974
PR#3975

Reviewed-by: Matt Caswell <matt@openssl.org>

1 files changed, 30 insertions, 5 deletions

diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 1fdde9ae4d..5ee3dcb700 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -68,11 +68,22 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
     if (c->cipher->set_asn1_parameters != NULL)
         ret = c->cipher->set_asn1_parameters(c, type);
     else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
-        if (EVP_CIPHER_CTX_mode(c) == EVP_CIPH_WRAP_MODE) {
+        switch (EVP_CIPHER_CTX_mode(c)) {
+        case EVP_CIPH_WRAP_MODE:
             ASN1_TYPE_set(type, V_ASN1_NULL, NULL);
             ret = 1;
-        } else
+            break;
+
+        case EVP_CIPH_GCM_MODE:
+        case EVP_CIPH_CCM_MODE:
+        case EVP_CIPH_XTS_MODE:
+        case EVP_CIPH_OCB_MODE:
+            ret = -1;
+            break;
+
+        default:
             ret = EVP_CIPHER_set_asn1_iv(c, type);
+        }
     } else
         ret = -1;
     return (ret);
@@ -85,9 +96,23 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
     if (c->cipher->get_asn1_parameters != NULL)
         ret = c->cipher->get_asn1_parameters(c, type);
     else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
-        if (EVP_CIPHER_CTX_mode(c) == EVP_CIPH_WRAP_MODE)
-            return 1;
-        ret = EVP_CIPHER_get_asn1_iv(c, type);
+        switch (EVP_CIPHER_CTX_mode(c)) {
+
+        case EVP_CIPH_WRAP_MODE:
+            ret = 1;
+            break;
+
+        case EVP_CIPH_GCM_MODE:
+        case EVP_CIPH_CCM_MODE:
+        case EVP_CIPH_XTS_MODE:
+        case EVP_CIPH_OCB_MODE:
+            ret = -1;
+            break;
+
+        default:
+            ret = EVP_CIPHER_get_asn1_iv(c, type);
+            break;
+        }
     } else
         ret = -1;
     return (ret);