Fix block ciphers allowing empty string as IV

Bug report: https://bugs.launchpad.net/pycrypto/+bug/997464
dlitz · 411f60f58cea79f7e93476ba0c069b80a2a4c1a0 · dlitz committed May 24, 2012 · May 24, 2012 · 411f60f
1 parent b382f9f
commit 411f60f58cea79f7e93476ba0c069b80a2a4c1a0
Unified Split

Showing with 27 additions and 2 deletions.

+26 −1 lib/Crypto/SelfTest/Cipher/common.py

+1 −1 src/block_template.c
diff --git a/lib/Crypto/SelfTest/Cipher/common.py b/lib/Crypto/SelfTest/Cipher/common.py
@@ -223,7 +223,7 @@ def runTest(self):
         """Regression test: m.new(key, m.MODE_CFB, segment_size=N) should require segment_size to be a multiple of 8 bits"""
         for i in range(1, 8):
             self.assertRaises(ValueError, self.module.new, a2b_hex(self.key), self.module.MODE_CFB, segment_size=i)
-        self.module.new(a2b_hex(self.key), self.module.MODE_CFB, segment_size=8) # should succeed
+        self.module.new(a2b_hex(self.key), self.module.MODE_CFB, "\0"*self.module.block_size, segment_size=8) # should succeed
 
 class RoundtripTest(unittest.TestCase):
     def __init__(self, module, params):
@@ -265,6 +265,30 @@ def runTest(self):
         self.assertRaises(ValueError, self.module.new, a2b_hex(self.key),
                 self.module.MODE_PGP)
 
+class IVLengthTest(unittest.TestCase):
+    def __init__(self, module, params):
+        unittest.TestCase.__init__(self)
+        self.module = module
+        self.key = b(params['key'])
+
+    def shortDescription(self):
+        return "Check that all modes except MODE_ECB and MODE_CTR require an IV of the proper length"
+
+    def runTest(self):
+        self.assertRaises(ValueError, self.module.new, a2b_hex(self.key),
+                self.module.MODE_CBC, "")
+        self.assertRaises(ValueError, self.module.new, a2b_hex(self.key),
+                self.module.MODE_CFB, "")
+        self.assertRaises(ValueError, self.module.new, a2b_hex(self.key),
+                self.module.MODE_OFB, "")
+        self.assertRaises(ValueError, self.module.new, a2b_hex(self.key),
+                self.module.MODE_OPENPGP, "")
+        self.module.new(a2b_hex(self.key), self.module.MODE_ECB, "")
+        self.module.new(a2b_hex(self.key), self.module.MODE_CTR, "", counter=self._dummy_counter)
+
+    def _dummy_counter(self):
+        return "\0" * self.module.block_size
+
 def make_block_tests(module, module_name, test_data):
     tests = []
     extra_tests_added = 0
@@ -311,6 +335,7 @@ def make_block_tests(module, module_name, test_data):
                 CFBSegmentSizeTest(module, params),
                 RoundtripTest(module, params),
                 PGPTest(module, params),
+                IVLengthTest(module, params),
             ]
             extra_tests_added = 1
 
diff --git a/src/block_template.c b/src/block_template.c
@@ -170,7 +170,7 @@ ALGnew(PyObject *self, PyObject *args, PyObject *kwdict)
 				"Key cannot be the null string");
 		return NULL;
 	}
-	if (IVlen != BLOCK_SIZE && IVlen != 0)
+	if (IVlen != BLOCK_SIZE && mode != MODE_ECB && mode != MODE_CTR)
 	{
 		PyErr_Format(PyExc_ValueError,
 			     "IV must be %i bytes long", BLOCK_SIZE);