[PATCH 4/4] Disallow encryption/decryption if key is not set
Jussi Kivilinna
jussi.kivilinna at iki.fi
Thu Jun 30 23:55:38 CEST 2016
* cipher/cipher.c (cipher_encrypt, cipher_decrypt): If mode is not
NONE, make sure that key is set.
* cipher/cipher-ccm.c (_gcry_cipher_ccm_set_nonce): Do not clear
'marks.key' when reseting state.
--
Reported-by: Andreas Metzler <ametzler at bebt.de>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
---
cipher/cipher-ccm.c | 3 +++
cipher/cipher.c | 12 ++++++++++++
2 files changed, 15 insertions(+)
diff --git a/cipher/cipher-ccm.c b/cipher/cipher-ccm.c
index 4d8f816..d7f14d8 100644
--- a/cipher/cipher-ccm.c
+++ b/cipher/cipher-ccm.c
@@ -110,6 +110,7 @@ gcry_err_code_t
_gcry_cipher_ccm_set_nonce (gcry_cipher_hd_t c, const unsigned char *nonce,
size_t noncelen)
{
+ unsigned int marks_key;
size_t L = 15 - noncelen;
size_t L_;
@@ -122,12 +123,14 @@ _gcry_cipher_ccm_set_nonce (gcry_cipher_hd_t c, const unsigned char *nonce,
return GPG_ERR_INV_LENGTH;
/* Reset state */
+ marks_key = c->marks.key;
memset (&c->u_mode, 0, sizeof(c->u_mode));
memset (&c->marks, 0, sizeof(c->marks));
memset (&c->u_iv, 0, sizeof(c->u_iv));
memset (&c->u_ctr, 0, sizeof(c->u_ctr));
memset (c->lastiv, 0, sizeof(c->lastiv));
c->unused = 0;
+ c->marks.key = marks_key;
/* Setup CTR */
c->u_ctr.ctr[0] = L_;
diff --git a/cipher/cipher.c b/cipher/cipher.c
index 2b7bf21..ff3340f 100644
--- a/cipher/cipher.c
+++ b/cipher/cipher.c
@@ -818,6 +818,12 @@ cipher_encrypt (gcry_cipher_hd_t c, byte *outbuf, size_t outbuflen,
{
gcry_err_code_t rc;
+ if (c->mode != GCRY_CIPHER_MODE_NONE && !c->marks.key)
+ {
+ log_error ("cipher_encrypt: key not set\n");
+ return GPG_ERR_MISSING_KEY;
+ }
+
switch (c->mode)
{
case GCRY_CIPHER_MODE_ECB:
@@ -935,6 +941,12 @@ cipher_decrypt (gcry_cipher_hd_t c, byte *outbuf, size_t outbuflen,
{
gcry_err_code_t rc;
+ if (c->mode != GCRY_CIPHER_MODE_NONE && !c->marks.key)
+ {
+ log_error ("cipher_decrypt: key not set\n");
+ return GPG_ERR_MISSING_KEY;
+ }
+
switch (c->mode)
{
case GCRY_CIPHER_MODE_ECB:
More information about the Gcrypt-devel
mailing list