Return error for unsupported modes.

PR#3974 PR#3975 Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-01 15:38:11 +01:00 · 2015-08-01 15:38:11 +01:00 · 2acdef5e97
commit 2acdef5e97
parent 891eac4604
1 changed files with 30 additions and 5 deletions
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@ -68,11 +68,22 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
    if (c->cipher->set_asn1_parameters != NULL)
        ret = c->cipher->set_asn1_parameters(c, type);
    else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
-        if (EVP_CIPHER_CTX_mode(c) == EVP_CIPH_WRAP_MODE) {
+        switch (EVP_CIPHER_CTX_mode(c)) {
+        case EVP_CIPH_WRAP_MODE:
            ASN1_TYPE_set(type, V_ASN1_NULL, NULL);
            ret = 1;
-        } else
+            break;
+
+        case EVP_CIPH_GCM_MODE:
+        case EVP_CIPH_CCM_MODE:
+        case EVP_CIPH_XTS_MODE:
+        case EVP_CIPH_OCB_MODE:
+            ret = -1;
+            break;
+
+        default:
            ret = EVP_CIPHER_set_asn1_iv(c, type);
+        }
    } else
        ret = -1;
    return (ret);
@ -85,9 +96,23 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
    if (c->cipher->get_asn1_parameters != NULL)
        ret = c->cipher->get_asn1_parameters(c, type);
    else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
-        if (EVP_CIPHER_CTX_mode(c) == EVP_CIPH_WRAP_MODE)
-            return 1;
-        ret = EVP_CIPHER_get_asn1_iv(c, type);
+        switch (EVP_CIPHER_CTX_mode(c)) {
+
+        case EVP_CIPH_WRAP_MODE:
+            ret = 1;
+            break;
+
+        case EVP_CIPH_GCM_MODE:
+        case EVP_CIPH_CCM_MODE:
+        case EVP_CIPH_XTS_MODE:
+        case EVP_CIPH_OCB_MODE:
+            ret = -1;
+            break;
+
+        default:
+            ret = EVP_CIPHER_get_asn1_iv(c, type);
+            break;
+        }
    } else
        ret = -1;
    return (ret);