Skip to content

Commit

Permalink
Bug 1576307 - Fixup for fips tests, permit NULL iv as necessary. r=jcj
Browse files Browse the repository at this point in the history 
ECB mode should not require an IV.

Differential Revision: https://phabricator.services.mozilla.com/D47990

--HG--
extra : moz-landing-system : lando
  • Loading branch information
Kevin Jacobs committed Oct 3, 2019
1 parent c071a2a commit 9e53eb6
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 15 deletions.
15 changes: 2 additions & 13 deletions gtests/pk11_gtest/pk11_cbc_unittest.cc
View file
Expand Up @@ -283,7 +283,7 @@ TEST_F(Pkcs11CbcPadTest, FailEncryptShortParam) {
sizeof(encrypted), kInput, input_len);
EXPECT_EQ(SECSuccess, rv);

// CBC (and the below modes) should have a 16B IV
// CBC should have a 16B IV
param.len = AES_BLOCK_SIZE - 1;
rv = PK11_Encrypt(key.get(), CKM_AES_CBC, &param, encrypted, &encrypted_len,
sizeof(encrypted), kInput, input_len);
Expand All @@ -294,20 +294,9 @@ TEST_F(Pkcs11CbcPadTest, FailEncryptShortParam) {
sizeof(encrypted), kInput, input_len);
EXPECT_EQ(SECSuccess, rv);

// ECB
param.len = AES_BLOCK_SIZE - 1;
rv = PK11_Encrypt(key.get(), CKM_AES_CBC, &param, encrypted, &encrypted_len,
sizeof(encrypted), kInput, input_len);
EXPECT_EQ(SECFailure, rv);

param.len++;
rv = PK11_Encrypt(key.get(), CKM_AES_ECB, &param, encrypted, &encrypted_len,
sizeof(encrypted), kInput, input_len);
EXPECT_EQ(SECSuccess, rv);

// CTS
param.len = AES_BLOCK_SIZE - 1;
rv = PK11_Encrypt(key.get(), CKM_AES_CBC, &param, encrypted, &encrypted_len,
rv = PK11_Encrypt(key.get(), CKM_AES_CTS, &param, encrypted, &encrypted_len,
sizeof(encrypted), kInput, input_len);
EXPECT_EQ(SECFailure, rv);

Expand Down
3 changes: 1 addition & 2 deletions lib/softoken/pkcs11c.c
View file
Expand Up @@ -1136,10 +1136,9 @@ sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
case CKM_AES_CTS:
case CKM_AES_CTR:
case CKM_AES_GCM:
/* Note the catch-all only applies to the above cases */
if ((pMechanism->mechanism == CKM_AES_GCM && BAD_PARAM_CAST(pMechanism, sizeof(CK_GCM_PARAMS))) ||
(pMechanism->mechanism == CKM_AES_CTR && BAD_PARAM_CAST(pMechanism, sizeof(CK_AES_CTR_PARAMS))) ||
BAD_PARAM_CAST(pMechanism, AES_BLOCK_SIZE) /* Cast target is an IV */) {
((pMechanism->mechanism == CKM_AES_CBC || pMechanism->mechanism == CKM_AES_CTS) && BAD_PARAM_CAST(pMechanism, AES_BLOCK_SIZE))) {
crv = CKR_MECHANISM_PARAM_INVALID;
break;
}
Expand Down

0 comments on commit 9e53eb6

Please sign in to comment.