From: Lukasz Pawelczyk Date: Tue, 28 Apr 2020 13:09:18 +0000 (+0200) Subject: Treat OPEN same way as DECRYPT in case of a CipherUpdate/Final error X-Git-Tag: submit/tizen/20200717.105954~22 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1490d0cb8b5ef6cc65b12e2ec82b63d61faa1cfb;p=platform%2Fcore%2Fsecurity%2Fyaca.git Treat OPEN same way as DECRYPT in case of a CipherUpdate/Final error Without this change Decrypt returned INVALID_PARAM, while Open returned INTERNAL in the same case (e.g. wrong key). Change-Id: I8aaf77b4a550303a68834dd0ace9fa5a52130868 --- diff --git a/src/encrypt.c b/src/encrypt.c index dfc2fcb..510e6f8 100644 --- a/src/encrypt.c +++ b/src/encrypt.c @@ -1064,7 +1064,7 @@ int encrypt_update(yaca_context_h ctx, ret = EVP_CipherUpdate(c->cipher_ctx, output, &loutput_len, input, input_len); if (ret != 1 || loutput_len < 0) { - if (mode == EVP_CIPH_CCM_MODE && op_type == OP_DECRYPT) { + if (mode == EVP_CIPH_CCM_MODE && (op_type == OP_DECRYPT || op_type == OP_OPEN)) { /* A non positive return value from EVP_CipherUpdate should be considered as * a failure to authenticate ciphertext and/or AAD. * It does not necessarily indicate a more serious error. @@ -1108,7 +1108,7 @@ int encrypt_finalize(yaca_context_h ctx, if (mode != EVP_CIPH_WRAP_MODE && mode != EVP_CIPH_CCM_MODE) { ret = EVP_CipherFinal(c->cipher_ctx, output, &loutput_len); if (ret != 1 || loutput_len < 0) { - if (mode == EVP_CIPH_GCM_MODE && op_type == OP_DECRYPT) + if (mode == EVP_CIPH_GCM_MODE && (op_type == OP_DECRYPT || op_type == OP_OPEN)) /* A non positive return value from EVP_CipherFinal should be considered as * a failure to authenticate ciphertext and/or AAD. * It does not necessarily indicate a more serious error.