mirror of
https://github.com/openssl/openssl.git
synced 2024-12-21 06:09:35 +08:00
90409da6a5
Fixes #12405 Fixes #12377 Calling Init()/Update() and then Init()/Update() again gave a different result when using the same key and iv. Cipher modes that were using ctx->num were not resetting this value, this includes OFB, CFB & CTR. The fix is to reset this value during the ciphers einit() and dinit() methods. Most ciphers go thru a generic method so one line fixes most cases. Add test for calling EVP_EncryptInit()/EVP_EncryptUpdate() multiple times for all ciphers. Ciphers should return the same value for both updates. DES3-WRAP does not since it uses a random in the update. CCM modes currently also fail on the second update (This also happens in 1_1_1). Fix memory leak in AES_OCB cipher if EVP_EncryptInit is called multiple times. Fix AES_SIV cipher dup_ctx and init. Calling EVP_CIPHER_init multiple times resulted in a memory leak in the siv. Fixing this leak also showed that the dup ctx was not working for siv mode. Note: aes_siv_cleanup() can not be used by aes_siv_dupctx() as it clears data that is required for the decrypt (e.g the tag). Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12413)
137 lines
3.7 KiB
C
137 lines
3.7 KiB
C
/*
|
|
* Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
/*
|
|
* This file uses the low level AES functions (which are deprecated for
|
|
* non-internal use) in order to implement provider AES ciphers.
|
|
*/
|
|
#include "internal/deprecated.h"
|
|
|
|
#include "cipher_aes_siv.h"
|
|
|
|
static void aes_siv_cleanup(void *vctx);
|
|
|
|
static int aes_siv_initkey(void *vctx, const unsigned char *key, size_t keylen)
|
|
{
|
|
PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx;
|
|
SIV128_CONTEXT *sctx = &ctx->siv;
|
|
size_t klen = keylen / 2;
|
|
OPENSSL_CTX *libctx = ctx->libctx;
|
|
const char *propq = NULL;
|
|
|
|
EVP_CIPHER_free(ctx->cbc);
|
|
EVP_CIPHER_free(ctx->ctr);
|
|
ctx->cbc = NULL;
|
|
ctx->ctr = NULL;
|
|
|
|
switch (klen) {
|
|
case 16:
|
|
ctx->cbc = EVP_CIPHER_fetch(libctx, "AES-128-CBC", propq);
|
|
ctx->ctr = EVP_CIPHER_fetch(libctx, "AES-128-CTR", propq);
|
|
break;
|
|
case 24:
|
|
ctx->cbc = EVP_CIPHER_fetch(libctx, "AES-192-CBC", propq);
|
|
ctx->ctr = EVP_CIPHER_fetch(libctx, "AES-192-CTR", propq);
|
|
break;
|
|
case 32:
|
|
ctx->cbc = EVP_CIPHER_fetch(libctx, "AES-256-CBC", propq);
|
|
ctx->ctr = EVP_CIPHER_fetch(libctx, "AES-256-CTR", propq);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
if (ctx->cbc == NULL || ctx->ctr == NULL)
|
|
return 0;
|
|
/*
|
|
* klen is the length of the underlying cipher, not the input key,
|
|
* which should be twice as long
|
|
*/
|
|
return CRYPTO_siv128_init(sctx, key, klen, ctx->cbc, ctx->ctr, libctx,
|
|
propq);
|
|
}
|
|
|
|
static int aes_siv_dupctx(void *in_vctx, void *out_vctx)
|
|
{
|
|
PROV_AES_SIV_CTX *in = (PROV_AES_SIV_CTX *)in_vctx;
|
|
PROV_AES_SIV_CTX *out = (PROV_AES_SIV_CTX *)out_vctx;
|
|
|
|
*out = *in;
|
|
out->siv.cipher_ctx = NULL;
|
|
out->siv.mac_ctx_init = NULL;
|
|
out->siv.mac = NULL;
|
|
if (!CRYPTO_siv128_copy_ctx(&out->siv, &in->siv))
|
|
return 0;
|
|
if (out->cbc != NULL)
|
|
EVP_CIPHER_up_ref(out->cbc);
|
|
if (out->ctr != NULL)
|
|
EVP_CIPHER_up_ref(out->ctr);
|
|
return 1;
|
|
}
|
|
|
|
static int aes_siv_settag(void *vctx, const unsigned char *tag, size_t tagl)
|
|
{
|
|
PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx;
|
|
SIV128_CONTEXT *sctx = &ctx->siv;
|
|
|
|
return CRYPTO_siv128_set_tag(sctx, tag, tagl);
|
|
}
|
|
|
|
static void aes_siv_setspeed(void *vctx, int speed)
|
|
{
|
|
PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx;
|
|
SIV128_CONTEXT *sctx = &ctx->siv;
|
|
|
|
CRYPTO_siv128_speed(sctx, (int)speed);
|
|
}
|
|
|
|
static void aes_siv_cleanup(void *vctx)
|
|
{
|
|
PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx;
|
|
SIV128_CONTEXT *sctx = &ctx->siv;
|
|
|
|
CRYPTO_siv128_cleanup(sctx);
|
|
EVP_CIPHER_free(ctx->cbc);
|
|
EVP_CIPHER_free(ctx->ctr);
|
|
}
|
|
|
|
static int aes_siv_cipher(void *vctx, unsigned char *out,
|
|
const unsigned char *in, size_t len)
|
|
{
|
|
PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx;
|
|
SIV128_CONTEXT *sctx = &ctx->siv;
|
|
|
|
/* EncryptFinal or DecryptFinal */
|
|
if (in == NULL)
|
|
return CRYPTO_siv128_finish(sctx) == 0;
|
|
|
|
/* Deal with associated data */
|
|
if (out == NULL)
|
|
return (CRYPTO_siv128_aad(sctx, in, len) == 1);
|
|
|
|
if (ctx->enc)
|
|
return CRYPTO_siv128_encrypt(sctx, in, out, len) > 0;
|
|
|
|
return CRYPTO_siv128_decrypt(sctx, in, out, len) > 0;
|
|
}
|
|
|
|
static const PROV_CIPHER_HW_AES_SIV aes_siv_hw =
|
|
{
|
|
aes_siv_initkey,
|
|
aes_siv_cipher,
|
|
aes_siv_setspeed,
|
|
aes_siv_settag,
|
|
aes_siv_cleanup,
|
|
aes_siv_dupctx,
|
|
};
|
|
|
|
const PROV_CIPHER_HW_AES_SIV *PROV_CIPHER_HW_aes_siv(size_t keybits)
|
|
{
|
|
return &aes_siv_hw;
|
|
}
|