From: Matt Caswell <matt@openssl.org>
Date: Wed, 27 May 2020 10:37:39 +0000 (+0100)
Subject: Ensure we never use a partially initialised CMAC_CTX
X-Git-Tag: openssl-3.0.0-alpha4~139
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=b896d9436d69c67f9d10ffcc8aed15db42c08766;p=oweals%2Fopenssl.git

Ensure we never use a partially initialised CMAC_CTX

If the CMAC_CTX is partially initialised then we make a note of this so
that future operations will fail if the initialisation has not been
completed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11972)
---

diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c
index 7f55c46533..ffe284797a 100644
--- a/crypto/cmac/cmac.c
+++ b/crypto/cmac/cmac.c
@@ -125,12 +125,18 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
         return 1;
     }
     /* Initialise context */
-    if (cipher && !EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL))
-        return 0;
+    if (cipher != NULL) {
+        /* Ensure we can't use this ctx until we also have a key */
+        ctx->nlast_block = -1;
+        if (!EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL))
+            return 0;
+    }
     /* Non-NULL key means initialisation complete */
-    if (key) {
+    if (key != NULL) {
         int bl;
 
+        /* If anything fails then ensure we can't use this ctx */
+        ctx->nlast_block = -1;
         if (!EVP_CIPHER_CTX_cipher(ctx->cctx))
             return 0;
         if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen))