From c6b44c8eaf68bf045805163a8825e5440632653e Mon Sep 17 00:00:00 2001
From: Vitaly Chikunov <vt@altlinux.org>
Date: Tue, 12 May 2020 12:26:01 +0300
Subject: [PATCH] gost_crypt: Add some sanity checking to GOST_init_cipher

- Stream cipher should have block_size 1, other should not.
- Stream cipher should not have padding.
- If IV is specified Custom IV flag should be set.
---
 gost_crypt.c | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/gost_crypt.c b/gost_crypt.c
index 8a2b960..8277fa2 100644
--- a/gost_crypt.c
+++ b/gost_crypt.c
@@ -86,10 +86,30 @@ EVP_CIPHER *GOST_init_cipher(GOST_cipher *c)
     if (c->cipher)
         return c->cipher;
 
+    /* Some sanity checking. */
+    int flags = c->flags | TPL_VAL(c, flags);
+    int block_size = TPL(c, block_size);
+    switch (flags & EVP_CIPH_MODE) {
+    case EVP_CIPH_CTR_MODE:
+    case EVP_CIPH_CFB_MODE:
+    case EVP_CIPH_OFB_MODE:
+        OPENSSL_assert(block_size == 1);
+        OPENSSL_assert(flags & EVP_CIPH_NO_PADDING);
+        break;
+    default:
+        OPENSSL_assert(block_size != 1);
+        OPENSSL_assert(!(flags & EVP_CIPH_NO_PADDING));
+    }
+
+    if (TPL(c, iv_len))
+        OPENSSL_assert(flags & EVP_CIPH_CUSTOM_IV);
+    else
+        OPENSSL_assert(!(flags & EVP_CIPH_CUSTOM_IV));
+
     EVP_CIPHER *cipher;
-    if (!(cipher = EVP_CIPHER_meth_new(c->nid, TPL(c, block_size), TPL(c, key_len)))
+    if (!(cipher = EVP_CIPHER_meth_new(c->nid, block_size, TPL(c, key_len)))
         || !EVP_CIPHER_meth_set_iv_length(cipher, TPL(c, iv_len))
-        || !EVP_CIPHER_meth_set_flags(cipher, c->flags | TPL_VAL(c, flags))
+        || !EVP_CIPHER_meth_set_flags(cipher, flags)
         || !EVP_CIPHER_meth_set_init(cipher, TPL(c, init))
         || !EVP_CIPHER_meth_set_do_cipher(cipher, TPL(c, do_cipher))
         || !EVP_CIPHER_meth_set_cleanup(cipher, TPL(c, cleanup))
-- 
2.39.2