Ensure any allocated MAC is freed in the provider code

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)

providers/implementations/ciphers/cipher_aes.c

@@ -26,6 +26,7 @@ static void aes_freectx(void *vctx)
 {
     PROV_AES_CTX *ctx = (PROV_AES_CTX *)vctx;
 
+    cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
     OPENSSL_clear_free(ctx,  sizeof(*ctx));
 }
 

providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c

@@ -283,8 +283,10 @@ static void aes_cbc_hmac_sha1_freectx(void *vctx)
 {
     PROV_AES_HMAC_SHA1_CTX *ctx = (PROV_AES_HMAC_SHA1_CTX *)vctx;
 
-    if (ctx != NULL)
+    if (ctx != NULL) {
+        cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
         OPENSSL_clear_free(ctx, sizeof(*ctx));
+    }
 }
 
 static void *aes_cbc_hmac_sha256_newctx(void *provctx, size_t kbits,
@@ -304,8 +306,10 @@ static void aes_cbc_hmac_sha256_freectx(void *vctx)
 {
     PROV_AES_HMAC_SHA256_CTX *ctx = (PROV_AES_HMAC_SHA256_CTX *)vctx;
 
-    if (ctx != NULL)
+    if (ctx != NULL) {
+        cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
         OPENSSL_clear_free(ctx, sizeof(*ctx));
+    }
 }
 
 # define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags)              \

providers/implementations/ciphers/cipher_aes_ocb.c

@@ -305,6 +305,7 @@ static void aes_ocb_freectx(void *vctx)
 
     if (ctx != NULL) {
         aes_generic_ocb_cleanup(ctx);
+        cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
         OPENSSL_clear_free(ctx,  sizeof(*ctx));
     }
 }

providers/implementations/ciphers/cipher_aes_wrp.c

@@ -64,6 +64,7 @@ static void aes_wrap_freectx(void *vctx)
 {
     PROV_AES_WRAP_CTX *wctx = (PROV_AES_WRAP_CTX *)vctx;
 
+    cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
     OPENSSL_clear_free(wctx,  sizeof(*wctx));
 }
 

providers/implementations/ciphers/cipher_aes_xts.c

@@ -120,6 +120,7 @@ static void aes_xts_freectx(void *vctx)
 {
     PROV_AES_XTS_CTX *ctx = (PROV_AES_XTS_CTX *)vctx;
 
+    cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
     OPENSSL_clear_free(ctx,  sizeof(*ctx));
 }
 

providers/implementations/ciphers/cipher_aria.c

@@ -19,6 +19,7 @@ static void aria_freectx(void *vctx)
 {
     PROV_ARIA_CTX *ctx = (PROV_ARIA_CTX *)vctx;
 
+    cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
     OPENSSL_clear_free(ctx,  sizeof(*ctx));
 }
 

providers/implementations/ciphers/cipher_blowfish.c

@@ -27,6 +27,7 @@ static void blowfish_freectx(void *vctx)
 {
     PROV_BLOWFISH_CTX *ctx = (PROV_BLOWFISH_CTX *)vctx;
 
+    cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
     OPENSSL_clear_free(ctx,  sizeof(*ctx));
 }
 

providers/implementations/ciphers/cipher_camellia.c

@@ -25,6 +25,7 @@ static void camellia_freectx(void *vctx)
 {
     PROV_CAMELLIA_CTX *ctx = (PROV_CAMELLIA_CTX *)vctx;
 
+    cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
     OPENSSL_clear_free(ctx,  sizeof(*ctx));
 }
 

providers/implementations/ciphers/cipher_cast5.c

@@ -28,6 +28,7 @@ static void cast5_freectx(void *vctx)
 {
     PROV_CAST_CTX *ctx = (PROV_CAST_CTX *)vctx;
 
+    cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
     OPENSSL_clear_free(ctx,  sizeof(*ctx));
 }
 

providers/implementations/ciphers/cipher_chacha20.c

@@ -55,6 +55,7 @@ static void chacha20_freectx(void *vctx)
     PROV_CHACHA20_CTX *ctx = (PROV_CHACHA20_CTX *)vctx;
 
     if (ctx != NULL) {
+        cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
         OPENSSL_clear_free(ctx, sizeof(*ctx));
     }
 }

providers/implementations/ciphers/cipher_chacha20_poly1305.c

@@ -65,8 +65,10 @@ static void chacha20_poly1305_freectx(void *vctx)
 {
     PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)vctx;
 
-    if (ctx != NULL)
+    if (ctx != NULL) {
+        cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
         OPENSSL_clear_free(ctx, sizeof(*ctx));
+    }
 }
 
 static int chacha20_poly1305_get_params(OSSL_PARAM params[])

providers/implementations/ciphers/cipher_des.c

@@ -58,6 +58,7 @@ static void des_freectx(void *vctx)
 {
     PROV_DES_CTX *ctx = (PROV_DES_CTX *)vctx;
 
+    cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
     OPENSSL_clear_free(ctx,  sizeof(*ctx));
 }
 

providers/implementations/ciphers/cipher_idea.c

@@ -26,6 +26,7 @@ static void idea_freectx(void *vctx)
 {
     PROV_IDEA_CTX *ctx = (PROV_IDEA_CTX *)vctx;
 
+    cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
     OPENSSL_clear_free(ctx,  sizeof(*ctx));
 }
 

providers/implementations/ciphers/cipher_rc2.c

@@ -32,6 +32,7 @@ static void rc2_freectx(void *vctx)
 {
     PROV_RC2_CTX *ctx = (PROV_RC2_CTX *)vctx;
 
+    cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
     OPENSSL_clear_free(ctx,  sizeof(*ctx));
 }
 

providers/implementations/ciphers/cipher_rc4.c

@@ -28,6 +28,7 @@ static void rc4_freectx(void *vctx)
 {
     PROV_RC4_CTX *ctx = (PROV_RC4_CTX *)vctx;
 
+    cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
     OPENSSL_clear_free(ctx,  sizeof(*ctx));
 }
 

providers/implementations/ciphers/cipher_rc4_hmac_md5.c

@@ -62,6 +62,7 @@ static void rc4_hmac_md5_freectx(void *vctx)
 {
     PROV_RC4_HMAC_MD5_CTX *ctx = (PROV_RC4_HMAC_MD5_CTX *)vctx;
 
+    cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
     OPENSSL_clear_free(ctx,  sizeof(*ctx));
 }
 

providers/implementations/ciphers/cipher_rc5.c

@@ -28,6 +28,7 @@ static void rc5_freectx(void *vctx)
 {
     PROV_RC5_CTX *ctx = (PROV_RC5_CTX *)vctx;
 
+    cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
     OPENSSL_clear_free(ctx,  sizeof(*ctx));
 }
 

providers/implementations/ciphers/cipher_seed.c

@@ -25,6 +25,7 @@ static void seed_freectx(void *vctx)
 {
     PROV_SEED_CTX *ctx = (PROV_SEED_CTX *)vctx;
 
+    cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
     OPENSSL_clear_free(ctx,  sizeof(*ctx));
 }
 

providers/implementations/ciphers/cipher_sm4.c

@@ -19,6 +19,7 @@ static void sm4_freectx(void *vctx)
 {
     PROV_SM4_CTX *ctx = (PROV_SM4_CTX *)vctx;
 
+    cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
     OPENSSL_clear_free(ctx,  sizeof(*ctx));
 }
 

providers/implementations/ciphers/cipher_tdes_common.c

@@ -48,6 +48,7 @@ void tdes_freectx(void *vctx)
 {
     PROV_TDES_CTX *ctx = (PROV_TDES_CTX *)vctx;
 
+    cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
     OPENSSL_clear_free(ctx,  sizeof(*ctx));
 }
 

providers/implementations/ciphers/ciphercommon.c

@@ -133,6 +133,15 @@ const OSSL_PARAM *cipher_aead_settable_ctx_params(void)
     return cipher_aead_known_settable_ctx_params;
 }
 
+void cipher_generic_reset_ctx(PROV_CIPHER_CTX *ctx)
+{
+    if (ctx != NULL && ctx->alloced) {
+        OPENSSL_free(ctx->tlsmac);
+        ctx->alloced = 0;
+        ctx->tlsmac = NULL;
+    }
+}
+
 static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx,
                                         const unsigned char *key, size_t keylen,
                                         const unsigned char *iv, size_t ivlen,
@@ -203,8 +212,13 @@ int cipher_generic_block_update(void *vctx, unsigned char *out, size_t *outl,
             return 0;
         }
 
+        if (ctx->alloced) {
+            OPENSSL_free(ctx->tlsmac);
+            ctx->alloced = 0;
+            ctx->tlsmac = NULL;
+        }
+
         /* This only fails if padding is publicly invalid */
-        /* TODO(3.0): FIX ME FIX ME - Figure out aead */
         *outl = inl;
         if (!ctx->enc
                 && !tlsunpadblock(ctx->libctx, ctx->tlsversion, out, outl,

providers/implementations/include/prov/ciphercommon.h

@@ -87,6 +87,7 @@ struct prov_cipher_hw_st {
     void (*copyctx)(PROV_CIPHER_CTX *dst, const PROV_CIPHER_CTX *src);
 };
 
+void cipher_generic_reset_ctx(PROV_CIPHER_CTX *ctx);
 OSSL_FUNC_cipher_encrypt_init_fn cipher_generic_einit;
 OSSL_FUNC_cipher_decrypt_init_fn cipher_generic_dinit;
 OSSL_FUNC_cipher_update_fn cipher_generic_block_update;
@@ -103,6 +104,7 @@ OSSL_FUNC_cipher_set_ctx_params_fn cipher_var_keylen_set_ctx_params;
 OSSL_FUNC_cipher_settable_ctx_params_fn cipher_var_keylen_settable_ctx_params;
 OSSL_FUNC_cipher_gettable_ctx_params_fn cipher_aead_gettable_ctx_params;
 OSSL_FUNC_cipher_settable_ctx_params_fn cipher_aead_settable_ctx_params;
+
 int cipher_generic_get_params(OSSL_PARAM params[], unsigned int md,
                               unsigned long flags,
                               size_t kbits, size_t blkbits, size_t ivbits);