mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
f75abcc0f0
Fixes #10438 issue found by clusterfuzz/ossfuzz The dest was getting a copy of the src structure which contained a pointer that should point to an offset inside itself - because of the copy it was pointing to the original structure. The setup for a ctx is mainly done by the initkey method in the PROV_CIPHER_HW structure. Because of this it makes sense that the structure should also contain a copyctx method that is use to resolve any pointers that need to be setup. A dup_ctx has been added to the cipher_enc tests in evp_test. It does a dup after setup and then frees the original ctx. This detects any floating pointers in the duplicated context that were pointing back to the freed ctx. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10443)
85 lines
2.9 KiB
C++
85 lines
2.9 KiB
C++
/*
|
|
* Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
/*-
|
|
* AES-NI support for AES modes ecb, cbc, ofb, cfb, ctr.
|
|
* This file is included by cipher_aes_hw.c
|
|
*/
|
|
|
|
#define cipher_hw_aesni_ofb128 cipher_hw_generic_ofb128
|
|
#define cipher_hw_aesni_cfb128 cipher_hw_generic_cfb128
|
|
#define cipher_hw_aesni_cfb8 cipher_hw_generic_cfb8
|
|
#define cipher_hw_aesni_cfb1 cipher_hw_generic_cfb1
|
|
#define cipher_hw_aesni_ctr cipher_hw_generic_ctr
|
|
|
|
static int cipher_hw_aesni_initkey(PROV_CIPHER_CTX *dat,
|
|
const unsigned char *key, size_t keylen)
|
|
{
|
|
int ret;
|
|
PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
|
|
AES_KEY *ks = &adat->ks.ks;
|
|
|
|
dat->ks = ks;
|
|
|
|
if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE)
|
|
&& !dat->enc) {
|
|
ret = aesni_set_decrypt_key(key, keylen * 8, ks);
|
|
dat->block = (block128_f) aesni_decrypt;
|
|
dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ?
|
|
(cbc128_f) aesni_cbc_encrypt : NULL;
|
|
} else {
|
|
ret = aesni_set_encrypt_key(key, keylen * 8, ks);
|
|
dat->block = (block128_f) aesni_encrypt;
|
|
if (dat->mode == EVP_CIPH_CBC_MODE)
|
|
dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt;
|
|
else if (dat->mode == EVP_CIPH_CTR_MODE)
|
|
dat->stream.ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
|
|
else
|
|
dat->stream.cbc = NULL;
|
|
}
|
|
|
|
if (ret < 0) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_AES_KEY_SETUP_FAILED);
|
|
return 0;
|
|
}
|
|
|
|
return 1;
|
|
}
|
|
|
|
static int cipher_hw_aesni_cbc(PROV_CIPHER_CTX *ctx, unsigned char *out,
|
|
const unsigned char *in, size_t len)
|
|
{
|
|
const AES_KEY *ks = ctx->ks;
|
|
|
|
aesni_cbc_encrypt(in, out, len, ks, ctx->iv, ctx->enc);
|
|
|
|
return 1;
|
|
}
|
|
|
|
static int cipher_hw_aesni_ecb(PROV_CIPHER_CTX *ctx, unsigned char *out,
|
|
const unsigned char *in, size_t len)
|
|
{
|
|
if (len < ctx->blocksize)
|
|
return 1;
|
|
|
|
aesni_ecb_encrypt(in, out, len, ctx->ks, ctx->enc);
|
|
|
|
return 1;
|
|
}
|
|
|
|
#define PROV_CIPHER_HW_declare(mode) \
|
|
static const PROV_CIPHER_HW aesni_##mode = { \
|
|
cipher_hw_aesni_initkey, \
|
|
cipher_hw_aesni_##mode, \
|
|
cipher_hw_aes_copyctx \
|
|
};
|
|
#define PROV_CIPHER_HW_select(mode) \
|
|
if (AESNI_CAPABLE) \
|
|
return &aesni_##mode;
|