diff options
author | Kevin Jacobs <kjacobs@mozilla.com> | 2019-10-03 00:23:47 +0000 |
---|---|---|
committer | Kevin Jacobs <kjacobs@mozilla.com> | 2019-10-03 00:23:47 +0000 |
commit | 6adcc806db2fe933634c02b9b428bae617d4b99f (patch) | |
tree | 6ec8372c36ba28dd8544289d2670a487ac26e84f | |
parent | 3246acfff91e20b7bc18184da77206812eb756c3 (diff) | |
download | nss-hg-6adcc806db2fe933634c02b9b428bae617d4b99f.tar.gz |
Bug 1576307 - Fixup for fips tests, permit NULL iv as necessary. r=jcj
ECB mode should not require an IV.
Differential Revision: https://phabricator.services.mozilla.com/D47990
-rw-r--r-- | gtests/pk11_gtest/pk11_cbc_unittest.cc | 15 | ||||
-rw-r--r-- | lib/softoken/pkcs11c.c | 3 |
2 files changed, 3 insertions, 15 deletions
diff --git a/gtests/pk11_gtest/pk11_cbc_unittest.cc b/gtests/pk11_gtest/pk11_cbc_unittest.cc index 7de51f828..87424a73e 100644 --- a/gtests/pk11_gtest/pk11_cbc_unittest.cc +++ b/gtests/pk11_gtest/pk11_cbc_unittest.cc @@ -283,7 +283,7 @@ TEST_F(Pkcs11CbcPadTest, FailEncryptShortParam) { sizeof(encrypted), kInput, input_len); EXPECT_EQ(SECSuccess, rv); - // CBC (and the below modes) should have a 16B IV + // CBC should have a 16B IV param.len = AES_BLOCK_SIZE - 1; rv = PK11_Encrypt(key.get(), CKM_AES_CBC, ¶m, encrypted, &encrypted_len, sizeof(encrypted), kInput, input_len); @@ -294,20 +294,9 @@ TEST_F(Pkcs11CbcPadTest, FailEncryptShortParam) { sizeof(encrypted), kInput, input_len); EXPECT_EQ(SECSuccess, rv); - // ECB - param.len = AES_BLOCK_SIZE - 1; - rv = PK11_Encrypt(key.get(), CKM_AES_CBC, ¶m, encrypted, &encrypted_len, - sizeof(encrypted), kInput, input_len); - EXPECT_EQ(SECFailure, rv); - - param.len++; - rv = PK11_Encrypt(key.get(), CKM_AES_ECB, ¶m, encrypted, &encrypted_len, - sizeof(encrypted), kInput, input_len); - EXPECT_EQ(SECSuccess, rv); - // CTS param.len = AES_BLOCK_SIZE - 1; - rv = PK11_Encrypt(key.get(), CKM_AES_CBC, ¶m, encrypted, &encrypted_len, + rv = PK11_Encrypt(key.get(), CKM_AES_CTS, ¶m, encrypted, &encrypted_len, sizeof(encrypted), kInput, input_len); EXPECT_EQ(SECFailure, rv); diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c index 2ad7ed92f..3686b7f2b 100644 --- a/lib/softoken/pkcs11c.c +++ b/lib/softoken/pkcs11c.c @@ -1136,10 +1136,9 @@ sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, case CKM_AES_CTS: case CKM_AES_CTR: case CKM_AES_GCM: - /* Note the catch-all only applies to the above cases */ if ((pMechanism->mechanism == CKM_AES_GCM && BAD_PARAM_CAST(pMechanism, sizeof(CK_GCM_PARAMS))) || (pMechanism->mechanism == CKM_AES_CTR && BAD_PARAM_CAST(pMechanism, sizeof(CK_AES_CTR_PARAMS))) || - BAD_PARAM_CAST(pMechanism, AES_BLOCK_SIZE) /* Cast target is an IV */) { + ((pMechanism->mechanism == CKM_AES_CBC || pMechanism->mechanism == CKM_AES_CTS) && BAD_PARAM_CAST(pMechanism, AES_BLOCK_SIZE))) { crv = CKR_MECHANISM_PARAM_INVALID; break; } |