GCM cipher in provider now fails if passed bad keylength

Fixes #9500 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9512)
author: Shane Lontis <shane.lontis@oracle.com> 2019-08-07 11:39:04 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2019-08-07 11:39:04 +1000
commit: e9c116ebcbaf6a0d089a2f8d615eee5be69ab66a (patch)
tree: 43645bddc891871b3b1c07206cf691a02bb9e81d /providers
parent: 88f19d86d9fb2d50b5a80b6cad0a6b38dfc2bf12 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/providers/common/ciphers/gcm.c b/providers/common/ciphers/gcm.c
index 235d81a932..e3b79f1a94 100644
--- a/providers/common/ciphers/gcm.c
+++ b/providers/common/ciphers/gcm.c
@@ -209,6 +209,25 @@ static int gcm_ctx_set_params(void *vctx, const OSSL_PARAM params[])
         }
     }
 
+    /*
+     * TODO(3.0) Temporary solution to address fuzz test crash, which will be
+     * reworked once the discussion in PR #9510 is resolved. i.e- We need a
+     * general solution for handling missing parameters inside set_params and
+     * get_params methods.
+     */
+    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
+    if (p != NULL) {
+        int keylen;
+
+        if (!OSSL_PARAM_get_int(p, &keylen)) {
+            PROVerr(0, PROV_R_FAILED_TO_GET_PARAMETER);
+            return 0;
+        }
+        /* The key length can not be modified for gcm mode */
+        if (keylen != (int)ctx->keylen)
+            return 0;
+    }
+
     return 1;
 }
author	Shane Lontis <shane.lontis@oracle.com>	2019-08-07 11:39:04 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2019-08-07 11:39:04 +1000
commit	e9c116ebcbaf6a0d089a2f8d615eee5be69ab66a (patch)
tree	43645bddc891871b3b1c07206cf691a02bb9e81d /providers
parent	88f19d86d9fb2d50b5a80b6cad0a6b38dfc2bf12 (diff)