From 8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 Mon Sep 17 00:00:00 2001
From: Legrandin <helderijs@gmail.com>
Date: Sun, 22 Dec 2013 22:24:46 +0100
Subject: Throw exception when IV is used with ECB or CTR

The IV parameter is currently ignored when initializing
a cipher in ECB or CTR mode.

For CTR mode, it is confusing: it takes some time to see
that a different parameter is needed (the counter).

For ECB mode, it is outright dangerous.

This patch forces an exception to be raised.
---
 src/block_template.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'src')

diff --git a/src/block_template.c b/src/block_template.c
index f940e0e..d555ceb 100644
--- a/src/block_template.c
+++ b/src/block_template.c
@@ -158,6 +158,17 @@ ALGnew(PyObject *self, PyObject *args, PyObject *kwdict)
 				"Key cannot be the null string");
 		return NULL;
 	}
+	if (IVlen != 0 && mode == MODE_ECB)
+	{
+		PyErr_Format(PyExc_ValueError, "ECB mode does not use IV");
+		return NULL;
+	}
+	if (IVlen != 0 && mode == MODE_CTR)
+	{
+		PyErr_Format(PyExc_ValueError,
+			"CTR mode needs counter parameter, not IV");
+		return NULL;
+	}
 	if (IVlen != BLOCK_SIZE && mode != MODE_ECB && mode != MODE_CTR)
 	{
 		PyErr_Format(PyExc_ValueError,
-- 
cgit v1.2.1