diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-05-02 05:51:35 +0200 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2020-05-05 01:38:08 +0200 |
commit | 95cf64404cabac96f32e72b5673e2702627e6b4c (patch) | |
tree | 7bcd8aaec10d7c195b520778895bd001279bc8a1 | |
parent | Allow OSSL_PARAM_get_octet_string() to pass a NULL buffer (diff) | |
download | openssl-95cf64404cabac96f32e72b5673e2702627e6b4c.tar.xz openssl-95cf64404cabac96f32e72b5673e2702627e6b4c.zip |
Fix incorrect default keysize for CAST ofb and cfb modes.
Fixes #11459
It was incorrectly using 8 bytes instead of 16 as the default.
This was verified by expanding the macros used in e_cast.c.
The issue occurs if EVP_CIPHER_CTX_set_key_length() is not called.
evp_test.c hides this issue as it always calls EVP_CIPHER_CTX_set_key_length() before
using EVP_CipherInit_ex(...., key, ..).
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11707)
-rw-r--r-- | providers/implementations/ciphers/cipher_cast5.c | 8 | ||||
-rw-r--r-- | providers/implementations/include/prov/implementations.h | 4 | ||||
-rw-r--r-- | providers/legacyprov.c | 4 |
3 files changed, 8 insertions, 8 deletions
diff --git a/providers/implementations/ciphers/cipher_cast5.c b/providers/implementations/ciphers/cipher_cast5.c index a9da32e761..566583d141 100644 --- a/providers/implementations/ciphers/cipher_cast5.c +++ b/providers/implementations/ciphers/cipher_cast5.c @@ -49,7 +49,7 @@ static void *cast5_dupctx(void *ctx) IMPLEMENT_var_keylen_cipher(cast5, CAST, ecb, ECB, CAST5_FLAGS, 128, 64, 0, block) /* cast5128cbc_functions */ IMPLEMENT_var_keylen_cipher(cast5, CAST, cbc, CBC, CAST5_FLAGS, 128, 64, 64, block) -/* cast564ofb64_functions */ -IMPLEMENT_var_keylen_cipher(cast5, CAST, ofb64, OFB, CAST5_FLAGS, 64, 8, 64, stream) -/* cast564cfb64_functions */ -IMPLEMENT_var_keylen_cipher(cast5, CAST, cfb64, CFB, CAST5_FLAGS, 64, 8, 64, stream) +/* cast5128ofb64_functions */ +IMPLEMENT_var_keylen_cipher(cast5, CAST, ofb64, OFB, CAST5_FLAGS, 128, 8, 64, stream) +/* cast5128cfb64_functions */ +IMPLEMENT_var_keylen_cipher(cast5, CAST, cfb64, CFB, CAST5_FLAGS, 128, 8, 64, stream) diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index 8d35fba49c..1f761e0ec4 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -148,8 +148,8 @@ extern const OSSL_DISPATCH idea128cfb64_functions[]; #ifndef OPENSSL_NO_CAST extern const OSSL_DISPATCH cast5128ecb_functions[]; extern const OSSL_DISPATCH cast5128cbc_functions[]; -extern const OSSL_DISPATCH cast564ofb64_functions[]; -extern const OSSL_DISPATCH cast564cfb64_functions[]; +extern const OSSL_DISPATCH cast5128ofb64_functions[]; +extern const OSSL_DISPATCH cast5128cfb64_functions[]; #endif /* OPENSSL_NO_CAST */ #ifndef OPENSSL_NO_SEED extern const OSSL_DISPATCH seed128ecb_functions[]; diff --git a/providers/legacyprov.c b/providers/legacyprov.c index c8ebc9c433..ca91093893 100644 --- a/providers/legacyprov.c +++ b/providers/legacyprov.c @@ -79,8 +79,8 @@ static const OSSL_ALGORITHM legacy_ciphers[] = { #ifndef OPENSSL_NO_CAST ALG("CAST5-ECB", cast5128ecb_functions), ALG("CAST5-CBC:CAST-CBC:CAST", cast5128cbc_functions), - ALG("CAST5-OFB", cast564ofb64_functions), - ALG("CAST5-CFB", cast564cfb64_functions), + ALG("CAST5-OFB", cast5128ofb64_functions), + ALG("CAST5-CFB", cast5128cfb64_functions), #endif /* OPENSSL_NO_CAST */ #ifndef OPENSSL_NO_BF ALG("BF-ECB", blowfish128ecb_functions), |