diff options
4 files changed, 35 insertions, 1 deletions
diff --git a/providers/implementations/ciphers/cipher_des.c b/providers/implementations/ciphers/cipher_des.c index ca2a924a91..e2c890979e 100644 --- a/providers/implementations/ciphers/cipher_des.c +++ b/providers/implementations/ciphers/cipher_des.c @@ -96,6 +96,7 @@ static int des_init(void *vctx, const unsigned char *key, size_t keylen, } if (!ctx->hw->init(ctx, key, keylen)) return 0; + ctx->key_set = 1; } return ossl_cipher_generic_set_ctx_params(ctx, params); } diff --git a/providers/implementations/ciphers/cipher_tdes_common.c b/providers/implementations/ciphers/cipher_tdes_common.c index ceaa0f9821..c80d9f16b1 100644 --- a/providers/implementations/ciphers/cipher_tdes_common.c +++ b/providers/implementations/ciphers/cipher_tdes_common.c @@ -90,6 +90,7 @@ static int tdes_init(void *vctx, const unsigned char *key, size_t keylen, } if (!ctx->hw->init(ctx, key, ctx->keylen)) return 0; + ctx->key_set = 1; } return ossl_cipher_generic_set_ctx_params(ctx, params); } diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c index fa383165d8..7ad3eb0a1f 100644 --- a/providers/implementations/ciphers/ciphercommon.c +++ b/providers/implementations/ciphers/ciphercommon.c @@ -128,7 +128,10 @@ int ossl_cipher_var_keylen_set_ctx_params(void *vctx, const OSSL_PARAM params[]) ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return 0; } - ctx->keylen = keylen; + if (ctx->keylen != keylen) { + ctx->keylen = keylen; + ctx->key_set = 0; + } } return 1; } @@ -217,6 +220,7 @@ static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx, } if (!ctx->hw->init(ctx, key, ctx->keylen)) return 0; + ctx->key_set = 1; } return ossl_cipher_generic_set_ctx_params(ctx, params); } @@ -249,6 +253,11 @@ int ossl_cipher_generic_block_update(void *vctx, unsigned char *out, size_t blksz = ctx->blocksize; size_t nextblocks; + if (!ctx->key_set) { + ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); + return 0; + } + if (ctx->tlsversion > 0) { /* * Each update call corresponds to a TLS record and is individually @@ -390,6 +399,11 @@ int ossl_cipher_generic_block_final(void *vctx, unsigned char *out, if (!ossl_prov_is_running()) return 0; + if (!ctx->key_set) { + ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); + return 0; + } + if (ctx->tlsversion > 0) { /* We never finalize TLS, so this is an error */ ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); @@ -456,6 +470,11 @@ int ossl_cipher_generic_stream_update(void *vctx, unsigned char *out, { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + if (!ctx->key_set) { + ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); + return 0; + } + if (inl == 0) { *outl = 0; return 1; @@ -510,9 +529,16 @@ int ossl_cipher_generic_stream_update(void *vctx, unsigned char *out, int ossl_cipher_generic_stream_final(void *vctx, unsigned char *out, size_t *outl, size_t outsize) { + PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + if (!ossl_prov_is_running()) return 0; + if (!ctx->key_set) { + ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); + return 0; + } + *outl = 0; return 1; } @@ -526,6 +552,11 @@ int ossl_cipher_generic_cipher(void *vctx, unsigned char *out, size_t *outl, if (!ossl_prov_is_running()) return 0; + if (!ctx->key_set) { + ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); + return 0; + } + if (outsize < inl) { ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; diff --git a/providers/implementations/include/prov/ciphercommon.h b/providers/implementations/include/prov/ciphercommon.h index 2a7a059086..45002ad594 100644 --- a/providers/implementations/include/prov/ciphercommon.h +++ b/providers/implementations/include/prov/ciphercommon.h @@ -69,6 +69,7 @@ struct prov_cipher_ctx_st { unsigned int pad : 1; /* Whether padding should be used or not */ unsigned int enc : 1; /* Set to 1 for encrypt, or 0 otherwise */ unsigned int iv_set : 1; /* Set when the iv is copied to the iv/oiv buffers */ + unsigned int key_set : 1; /* Set when key is set on the context */ unsigned int updated : 1; /* Set to 1 during update for one shot ciphers */ unsigned int variable_keylength : 1; unsigned int inverse_cipher : 1; /* set to 1 to use inverse cipher */ |