]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c11b83e)
Fix kbkdf bug if MAC is set to KMAC and then something else
authorPauli <ppzgs1@gmail.com>
Mon, 15 Jul 2024 03:26:50 +0000 (13:26 +1000)
committerPauli <ppzgs1@gmail.com>
Wed, 17 Jul 2024 04:16:08 +0000 (14:16 +1000)
A context that is set to KMAC sets the is_kmac flag and this cannot be reset.
So a user that does kbkdf using KMAC and then wants to use HMAC or CMAC will
experience a failure.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24883)

(cherry picked from commit f35fc4f184fa8a2088cd16648c4017fa321d6712)

providers/implementations/kdfs/kbkdf.c patch | blob | blame | history

diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c
index aa3df15bc74f1fcf36b3f8efa3a8015e296cdc44..b99541d5b6d3bf5165d14e30ee01653ce885409a 100644 (file)
--- a/providers/implementations/kdfs/kbkdf.c
+++ b/providers/implementations/kdfs/kbkdf.c
@@ -366,7 +366,8 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
     if (!ossl_prov_macctx_load_from_params(&ctx->ctx_init, params, NULL,
                                            NULL, NULL, libctx))
         return 0;
-    else if (ctx->ctx_init != NULL) {
+    if (ctx->ctx_init != NULL) {
+        ctx->is_kmac = 0;
         if (EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->ctx_init),
                          OSSL_MAC_NAME_KMAC128)
             || EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->ctx_init),
Mirror of https://github.com/openssl/openssl.git