mirror of
https://github.com/openssl/openssl.git
synced 2024-12-09 05:51:54 +08:00
f75abcc0f0
Fixes #10438 issue found by clusterfuzz/ossfuzz The dest was getting a copy of the src structure which contained a pointer that should point to an offset inside itself - because of the copy it was pointing to the original structure. The setup for a ctx is mainly done by the initkey method in the PROV_CIPHER_HW structure. Because of this it makes sense that the structure should also contain a copyctx method that is use to resolve any pointers that need to be setup. A dup_ctx has been added to the cipher_enc tests in evp_test. It does a dup after setup and then frees the original ctx. This detects any floating pointers in the duplicated context that were pointing back to the freed ctx. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10443)
168 lines
6.3 KiB
C
168 lines
6.3 KiB
C
/*
|
|
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include "cipher_aes_xts.h"
|
|
|
|
#define XTS_SET_KEY_FN(fn_set_enc_key, fn_set_dec_key, \
|
|
fn_block_enc, fn_block_dec, \
|
|
fn_stream_enc, fn_stream_dec) { \
|
|
size_t bytes = keylen / 2; \
|
|
size_t bits = bytes * 8; \
|
|
\
|
|
if (ctx->enc) { \
|
|
fn_set_enc_key(key, bits, &xctx->ks1.ks); \
|
|
xctx->xts.block1 = (block128_f)fn_block_enc; \
|
|
} else { \
|
|
fn_set_dec_key(key, bits, &xctx->ks1.ks); \
|
|
xctx->xts.block1 = (block128_f)fn_block_dec; \
|
|
} \
|
|
fn_set_enc_key(key + bytes, bits, &xctx->ks2.ks); \
|
|
xctx->xts.block2 = (block128_f)fn_block_enc; \
|
|
xctx->xts.key1 = &xctx->ks1; \
|
|
xctx->xts.key2 = &xctx->ks2; \
|
|
xctx->stream = ctx->enc ? fn_stream_enc : fn_stream_dec; \
|
|
}
|
|
|
|
static int cipher_hw_aes_xts_generic_initkey(PROV_CIPHER_CTX *ctx,
|
|
const unsigned char *key,
|
|
size_t keylen)
|
|
{
|
|
PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
|
|
OSSL_xts_stream_fn stream_enc = NULL;
|
|
OSSL_xts_stream_fn stream_dec = NULL;
|
|
|
|
#ifdef AES_XTS_ASM
|
|
stream_enc = AES_xts_encrypt;
|
|
stream_dec = AES_xts_decrypt;
|
|
#endif /* AES_XTS_ASM */
|
|
|
|
#ifdef HWAES_CAPABLE
|
|
if (HWAES_CAPABLE) {
|
|
# ifdef HWAES_xts_encrypt
|
|
stream_enc = HWAES_xts_encrypt;
|
|
# endif /* HWAES_xts_encrypt */
|
|
# ifdef HWAES_xts_decrypt
|
|
stream_dec = HWAES_xts_decrypt;
|
|
# endif /* HWAES_xts_decrypt */
|
|
XTS_SET_KEY_FN(HWAES_set_encrypt_key, HWAES_set_decrypt_key,
|
|
HWAES_encrypt, HWAES_decrypt,
|
|
stream_enc, stream_dec);
|
|
} else
|
|
#endif /* HWAES_CAPABLE */
|
|
|
|
#ifdef BSAES_CAPABLE
|
|
if (BSAES_CAPABLE) {
|
|
stream_enc = bsaes_xts_encrypt;
|
|
stream_dec = bsaes_xts_decrypt;
|
|
}
|
|
#endif /* BSAES_CAPABLE */
|
|
|
|
#ifdef VPAES_CAPABLE
|
|
if (VPAES_CAPABLE) {
|
|
XTS_SET_KEY_FN(vpaes_set_encrypt_key, vpaes_set_decrypt_key,
|
|
vpaes_encrypt, vpaes_decrypt, stream_enc, stream_dec);
|
|
} else
|
|
#endif /* VPAES_CAPABLE */
|
|
{
|
|
XTS_SET_KEY_FN(AES_set_encrypt_key, AES_set_decrypt_key,
|
|
AES_encrypt, AES_decrypt, stream_enc, stream_dec);
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
static void cipher_hw_aes_xts_copyctx(PROV_CIPHER_CTX *dst,
|
|
const PROV_CIPHER_CTX *src)
|
|
{
|
|
PROV_AES_XTS_CTX *sctx = (PROV_AES_XTS_CTX *)src;
|
|
PROV_AES_XTS_CTX *dctx = (PROV_AES_XTS_CTX *)dst;
|
|
|
|
*dctx = *sctx;
|
|
dctx->xts.key1 = &dctx->ks1.ks;
|
|
dctx->xts.key2 = &dctx->ks2.ks;
|
|
}
|
|
|
|
#if defined(AESNI_CAPABLE)
|
|
|
|
static int cipher_hw_aesni_xts_initkey(PROV_CIPHER_CTX *ctx,
|
|
const unsigned char *key, size_t keylen)
|
|
{
|
|
PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
|
|
|
|
XTS_SET_KEY_FN(aesni_set_encrypt_key, aesni_set_decrypt_key,
|
|
aesni_encrypt, aesni_decrypt,
|
|
aesni_xts_encrypt, aesni_xts_decrypt);
|
|
return 1;
|
|
}
|
|
|
|
# define PROV_CIPHER_HW_declare_xts() \
|
|
static const PROV_CIPHER_HW aesni_xts = { \
|
|
cipher_hw_aesni_xts_initkey, \
|
|
NULL, \
|
|
cipher_hw_aes_xts_copyctx \
|
|
};
|
|
# define PROV_CIPHER_HW_select_xts() \
|
|
if (AESNI_CAPABLE) \
|
|
return &aesni_xts;
|
|
|
|
# elif defined(SPARC_AES_CAPABLE)
|
|
|
|
static int cipher_hw_aes_xts_t4_initkey(PROV_CIPHER_CTX *ctx,
|
|
const unsigned char *key, size_t keylen)
|
|
{
|
|
PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
|
|
OSSL_xts_stream_fn stream_enc = NULL;
|
|
OSSL_xts_stream_fn stream_dec = NULL;
|
|
|
|
/* Note: keylen is the size of 2 keys */
|
|
switch (keylen) {
|
|
case 32:
|
|
stream_enc = aes128_t4_xts_encrypt;
|
|
stream_dec = aes128_t4_xts_decrypt;
|
|
break;
|
|
case 64:
|
|
stream_enc = aes256_t4_xts_encrypt;
|
|
stream_dec = aes256_t4_xts_decrypt;
|
|
break;
|
|
default:
|
|
return 0;
|
|
}
|
|
|
|
XTS_SET_KEY_FN(aes_t4_set_encrypt_key, aes_t4_set_decrypt_key,
|
|
aes_t4_encrypt, aes_t4_decrypt,
|
|
stream_enc, stream_dec);
|
|
return 1;
|
|
}
|
|
|
|
# define PROV_CIPHER_HW_declare_xts() \
|
|
static const PROV_CIPHER_HW aes_xts_t4 = { \
|
|
cipher_hw_aes_xts_t4_initkey, \
|
|
NULL, \
|
|
cipher_hw_aes_xts_copyctx \
|
|
};
|
|
# define PROV_CIPHER_HW_select_xts() \
|
|
if (SPARC_AES_CAPABLE) \
|
|
return &aes_xts_t4;
|
|
# else
|
|
/* The generic case */
|
|
# define PROV_CIPHER_HW_declare_xts()
|
|
# define PROV_CIPHER_HW_select_xts()
|
|
#endif
|
|
|
|
static const PROV_CIPHER_HW aes_generic_xts = {
|
|
cipher_hw_aes_xts_generic_initkey,
|
|
NULL,
|
|
cipher_hw_aes_xts_copyctx
|
|
};
|
|
PROV_CIPHER_HW_declare_xts()
|
|
const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_xts(size_t keybits)
|
|
{
|
|
PROV_CIPHER_HW_select_xts()
|
|
return &aes_generic_xts;
|
|
}
|