cipher: disallow setting AAD for non-AEAD ciphers

rhenium · rhenium · commit bb10767b0570 · 2017-10-18T23:24:37.000+09:00
EVP_CipherUpdate() must not be call with the output parameter set to NULL when the cipher does not support AEAD. Check the flag of EVP_CIPHER, and raise an exception as necessary. Reference: http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/83337 Reference: https://bugs.ruby-lang.org/issues/14024
diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c
@@ -580,6 +580,8 @@ ossl_cipher_set_auth_data(VALUE self, VALUE data)
     in_len = RSTRING_LEN(data);
 
     GetCipher(self, ctx);
+    if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
+	ossl_raise(eCipherError, "AEAD not supported by this cipher");
 
     if (!ossl_cipher_update_long(ctx, NULL, &out_len, in, in_len))
         ossl_raise(eCipherError, "couldn't set additional authenticated data");
diff --git a/test/test_cipher.rb b/test/test_cipher.rb
@@ -297,6 +297,13 @@ def test_aes_gcm_key_iv_order_issue
     assert_equal tag1, tag2
   end if has_cipher?("aes-128-gcm")
 
+  def test_non_aead_cipher_set_auth_data
+    assert_raise(OpenSSL::Cipher::CipherError) {
+      cipher = OpenSSL::Cipher.new("aes-128-cfb").encrypt
+      cipher.auth_data = "123"
+    }
+  end
+
   private
 
   def new_encryptor(algo, **kwargs)
