From: Dariusz Michaluk <d.michaluk@samsung.com>
Date: Wed, 17 Aug 2016 15:23:51 +0000 (+0200)
Subject: Fix: Check (un)wrapped key length.
X-Git-Tag: submit/tizen/20160901.024233~20
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=dd7b1c2ca38fef2199cc577fc210e124ce936a2b;p=platform%2Fcore%2Fsecurity%2Fyaca.git

Fix: Check (un)wrapped key length.

Change-Id: I6d664586637f94a0bd5f442f14b7a590a0580d8f
---

diff --git a/src/encrypt.c b/src/encrypt.c
index ebe43a4..4cedf96 100644
--- a/src/encrypt.c
+++ b/src/encrypt.c
@@ -938,13 +938,31 @@ int encrypt_update(yaca_context_h ctx,
 	if (!verify_state_change(c, target_state))
 		return YACA_ERROR_INVALID_PARAMETER;
 
-	if (mode == EVP_CIPH_WRAP_MODE && op_type == OP_ENCRYPT) {
-		if (type == NID_id_aes128_wrap || type == NID_id_aes192_wrap || type == NID_id_aes256_wrap) {
-			if (input_len % 8 != 0 || input_len < (YACA_KEY_LENGTH_UNSAFE_128BIT / 8))
-				return YACA_ERROR_INVALID_PARAMETER;
-		} else if (type == NID_id_smime_alg_CMS3DESwrap) {
-			if (input_len != (YACA_KEY_LENGTH_UNSAFE_128BIT / 8) && input_len != (YACA_KEY_LENGTH_192BIT / 8))
-				return YACA_ERROR_INVALID_PARAMETER;
+	if (mode == EVP_CIPH_WRAP_MODE) {
+		if (op_type == OP_ENCRYPT) {
+			if (type == NID_id_aes128_wrap || type == NID_id_aes192_wrap || type == NID_id_aes256_wrap) {
+				if (input_len % 8 != 0 || input_len < (YACA_KEY_LENGTH_UNSAFE_128BIT / 8))
+					return YACA_ERROR_INVALID_PARAMETER;
+			} else if (type == NID_id_smime_alg_CMS3DESwrap) {
+				if (input_len != (YACA_KEY_LENGTH_UNSAFE_128BIT / 8) &&
+				    input_len != (YACA_KEY_LENGTH_192BIT / 8))
+					return YACA_ERROR_INVALID_PARAMETER;
+			} else {
+				assert(false);
+				return YACA_ERROR_INTERNAL;
+			}
+		} else if (op_type == OP_DECRYPT) {
+			if (type == NID_id_aes128_wrap || type == NID_id_aes192_wrap || type == NID_id_aes256_wrap) {
+				if (input_len % 8 != 0 || input_len < (YACA_KEY_LENGTH_UNSAFE_128BIT / 8 + 8))
+					return YACA_ERROR_INVALID_PARAMETER;
+			} else if (type == NID_id_smime_alg_CMS3DESwrap) {
+				if (input_len != (YACA_KEY_LENGTH_UNSAFE_128BIT / 8 + 16) &&
+				    input_len != (YACA_KEY_LENGTH_192BIT / 8 + 16))
+					return YACA_ERROR_INVALID_PARAMETER;
+			} else {
+				assert(false);
+				return YACA_ERROR_INTERNAL;
+			}
 		} else {
 			assert(false);
 			return YACA_ERROR_INTERNAL;