From b896d9436d69c67f9d10ffcc8aed15db42c08766 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 27 May 2020 11:37:39 +0100 Subject: [PATCH] Ensure we never use a partially initialised CMAC_CTX If the CMAC_CTX is partially initialised then we make a note of this so that future operations will fail if the initialisation has not been completed. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11972) --- crypto/cmac/cmac.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index 7f55c46533..ffe284797a 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -125,12 +125,18 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, return 1; } /* Initialise context */ - if (cipher && !EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL)) - return 0; + if (cipher != NULL) { + /* Ensure we can't use this ctx until we also have a key */ + ctx->nlast_block = -1; + if (!EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL)) + return 0; + } /* Non-NULL key means initialisation complete */ - if (key) { + if (key != NULL) { int bl; + /* If anything fails then ensure we can't use this ctx */ + ctx->nlast_block = -1; if (!EVP_CIPHER_CTX_cipher(ctx->cctx)) return 0; if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen)) -- 2.25.1