openssl/providers/implementations/ciphers/cipher_aes_ocb_hw.c
Shane Lontis 90409da6a5 Fix provider cipher reinit issue
Fixes #12405
Fixes #12377

Calling Init()/Update() and then Init()/Update() again gave a different result when using the same key and iv.
Cipher modes that were using ctx->num were not resetting this value, this includes OFB, CFB & CTR.
The fix is to reset this value during the ciphers einit() and dinit() methods.
Most ciphers go thru a generic method so one line fixes most cases.

Add test for calling EVP_EncryptInit()/EVP_EncryptUpdate() multiple times for all ciphers.
Ciphers should return the same value for both updates.
DES3-WRAP does not since it uses a random in the update.
CCM modes currently also fail on the second update (This also happens in 1_1_1).

Fix memory leak in AES_OCB cipher if EVP_EncryptInit is called multiple times.

Fix AES_SIV cipher dup_ctx and init.
Calling EVP_CIPHER_init multiple times resulted in a memory leak in the siv.
Fixing this leak also showed that the dup ctx was not working for siv mode.
Note: aes_siv_cleanup() can not be used by aes_siv_dupctx() as it clears data
that is required for the decrypt (e.g the tag).

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12413)
2020-07-22 10:40:55 +10:00

123 lines
4.6 KiB
C

/*
* Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* This file uses the low level AES functions (which are deprecated for
* non-internal use) in order to implement provider AES ciphers.
*/
#include "internal/deprecated.h"
#include "cipher_aes_ocb.h"
#define OCB_SET_KEY_FN(fn_set_enc_key, fn_set_dec_key, \
fn_block_enc, fn_block_dec, \
fn_stream_enc, fn_stream_dec) \
CRYPTO_ocb128_cleanup(&ctx->ocb); \
fn_set_enc_key(key, keylen * 8, &ctx->ksenc.ks); \
fn_set_dec_key(key, keylen * 8, &ctx->ksdec.ks); \
if (!CRYPTO_ocb128_init(&ctx->ocb, &ctx->ksenc.ks, &ctx->ksdec.ks, \
(block128_f)fn_block_enc, (block128_f)fn_block_dec, \
ctx->base.enc ? (ocb128_f)fn_stream_enc : \
(ocb128_f)fn_stream_dec)) \
return 0; \
ctx->key_set = 1
static int cipher_hw_aes_ocb_generic_initkey(PROV_CIPHER_CTX *vctx,
const unsigned char *key,
size_t keylen)
{
PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
/*
* We set both the encrypt and decrypt key here because decrypt
* needs both. (i.e- AAD uses encrypt).
*/
# ifdef HWAES_CAPABLE
if (HWAES_CAPABLE) {
OCB_SET_KEY_FN(HWAES_set_encrypt_key, HWAES_set_decrypt_key,
HWAES_encrypt, HWAES_decrypt,
HWAES_ocb_encrypt, HWAES_ocb_decrypt);
} else
# endif
# ifdef VPAES_CAPABLE
if (VPAES_CAPABLE) {
OCB_SET_KEY_FN(vpaes_set_encrypt_key, vpaes_set_decrypt_key,
vpaes_encrypt, vpaes_decrypt, NULL, NULL);
} else
# endif
{
OCB_SET_KEY_FN(AES_set_encrypt_key, AES_set_decrypt_key,
AES_encrypt, AES_decrypt, NULL, NULL);
}
return 1;
}
# if defined(AESNI_CAPABLE)
static int cipher_hw_aes_ocb_aesni_initkey(PROV_CIPHER_CTX *vctx,
const unsigned char *key,
size_t keylen)
{
PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
OCB_SET_KEY_FN(aesni_set_encrypt_key, aesni_set_decrypt_key,
aesni_encrypt, aesni_decrypt,
aesni_ocb_encrypt, aesni_ocb_decrypt);
return 1;
}
# define PROV_CIPHER_HW_declare() \
static const PROV_CIPHER_HW aesni_ocb = { \
cipher_hw_aes_ocb_aesni_initkey, \
NULL \
};
# define PROV_CIPHER_HW_select() \
if (AESNI_CAPABLE) \
return &aesni_ocb;
#elif defined(SPARC_AES_CAPABLE)
static int cipher_hw_aes_ocb_t4_initkey(PROV_CIPHER_CTX *vctx,
const unsigned char *key,
size_t keylen)
{
PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
OCB_SET_KEY_FN(aes_t4_set_encrypt_key, aes_t4_set_decrypt_key,
aes_t4_encrypt, aes_t4_decrypt, NULL, NULL);
return 1;
}
# define PROV_CIPHER_HW_declare() \
static const PROV_CIPHER_HW aes_t4_ocb = { \
cipher_hw_aes_ocb_t4_initkey, \
NULL \
};
# define PROV_CIPHER_HW_select() \
if (SPARC_AES_CAPABLE) \
return &aes_t4_ocb;
#else
# define PROV_CIPHER_HW_declare()
# define PROV_CIPHER_HW_select()
# endif
static const PROV_CIPHER_HW aes_generic_ocb = {
cipher_hw_aes_ocb_generic_initkey,
NULL
};
PROV_CIPHER_HW_declare()
const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_ocb(size_t keybits)
{
PROV_CIPHER_HW_select()
return &aes_generic_ocb;
}