diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2019-08-07 11:39:04 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2019-08-07 11:39:04 +1000 |
commit | e9c116ebcbaf6a0d089a2f8d615eee5be69ab66a (patch) | |
tree | 43645bddc891871b3b1c07206cf691a02bb9e81d /providers | |
parent | 88f19d86d9fb2d50b5a80b6cad0a6b38dfc2bf12 (diff) |
GCM cipher in provider now fails if passed bad keylength
Fixes #9500
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9512)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/common/ciphers/gcm.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/providers/common/ciphers/gcm.c b/providers/common/ciphers/gcm.c index 235d81a932..e3b79f1a94 100644 --- a/providers/common/ciphers/gcm.c +++ b/providers/common/ciphers/gcm.c @@ -209,6 +209,25 @@ static int gcm_ctx_set_params(void *vctx, const OSSL_PARAM params[]) } } + /* + * TODO(3.0) Temporary solution to address fuzz test crash, which will be + * reworked once the discussion in PR #9510 is resolved. i.e- We need a + * general solution for handling missing parameters inside set_params and + * get_params methods. + */ + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); + if (p != NULL) { + int keylen; + + if (!OSSL_PARAM_get_int(p, &keylen)) { + PROVerr(0, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + /* The key length can not be modified for gcm mode */ + if (keylen != (int)ctx->keylen) + return 0; + } + return 1; } |