From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Mon, 22 May 2017 12:23:14 +0000 (+0200)
Subject: crypto-api: refuse to run gnutls_cipher_init() in full AEAD modes
X-Git-Tag: gnutls_3_6_0~560
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c2d0881f72cc483e1fc072406a2c8e5df2f17109;p=thirdparty%2Fgnutls.git

crypto-api: refuse to run gnutls_cipher_init() in full AEAD modes

That is, there are AEAD modes like CCM that can only be used through
the AEAD API. Always refuse calls to gnutls_cipher_init() in these
modes.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---

diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c
index ea0cf51bbf..6143467bcd 100644
--- a/lib/algorithms/ciphers.c
+++ b/lib/algorithms/ciphers.c
@@ -84,6 +84,7 @@ static const cipher_entry_st algorithms[] = {
 	  .implicit_iv = 4,
 	  .explicit_iv = 8,
 	  .cipher_iv = 12,
+	  .only_aead = 1,
 	  .tagsize = 16},
 	{ .name = "AES-256-CCM",
 	  .id = GNUTLS_CIPHER_AES_256_CCM,
@@ -93,6 +94,7 @@ static const cipher_entry_st algorithms[] = {
 	  .implicit_iv = 4,
 	  .explicit_iv = 8,
 	  .cipher_iv = 12,
+	  .only_aead = 1,
 	  .tagsize = 16},
 	{ .name = "AES-128-CCM-8",
 	  .id = GNUTLS_CIPHER_AES_128_CCM_8,
@@ -102,6 +104,7 @@ static const cipher_entry_st algorithms[] = {
 	  .implicit_iv = 4,
 	  .explicit_iv = 8,
 	  .cipher_iv = 12,
+	  .only_aead = 1,
 	  .tagsize = 8},
 	{ .name = "AES-256-CCM-8",
 	  .id = GNUTLS_CIPHER_AES_256_CCM_8,
@@ -111,6 +114,7 @@ static const cipher_entry_st algorithms[] = {
 	  .implicit_iv = 4,
 	  .explicit_iv = 8,
 	  .cipher_iv = 12,
+	  .only_aead = 1,
 	  .tagsize = 8},
 	{ .name = "ARCFOUR-128",
 	  .id = GNUTLS_CIPHER_ARCFOUR_128,
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index 6b3b065f08..1a0b13b90c 100644
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -62,7 +62,7 @@ gnutls_cipher_init(gnutls_cipher_hd_t * handle,
 	const cipher_entry_st* e;
 
 	e = cipher_to_entry(cipher);
-	if (e == NULL)
+	if (e == NULL || e->only_aead)
 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
 	*handle = gnutls_calloc(1, sizeof(api_cipher_hd_st));
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 0aff2d28d5..5d013c83c2 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -445,7 +445,8 @@ typedef struct cipher_entry_st {
 	uint16_t explicit_iv;	/* the size of explicit IV - the IV stored in record */
 	uint16_t cipher_iv;	/* the size of IV needed by the cipher */
 	uint16_t tagsize;
-	bool	xor_nonce;	/* In this TLS AEAD cipher xor the implicit_iv with the nonce */
+	bool xor_nonce;	/* In this TLS AEAD cipher xor the implicit_iv with the nonce */
+	bool only_aead; /* When set, this cipher is only available through the new AEAD API */
 } cipher_entry_st;
 
 typedef struct gnutls_cipher_suite_entry_st {