diff options
| author | miod <> | 2014-07-11 14:38:51 +0000 |
|---|---|---|
| committer | miod <> | 2014-07-11 14:38:51 +0000 |
| commit | ffd8e2b0a176e17f7cc153964317616117fe8413 (patch) | |
| tree | 594f065e9421002145a7ec848fc00dd69822c7fb /src/lib | |
| parent | cc76c9de185fadea35e16ca4d713b3f26f79d72f (diff) | |
| download | openbsd-ffd8e2b0a176e17f7cc153964317616117fe8413.tar.gz openbsd-ffd8e2b0a176e17f7cc153964317616117fe8413.tar.bz2 openbsd-ffd8e2b0a176e17f7cc153964317616117fe8413.zip | |
Fix copy for CCM, GCM and XTS.
Internal pointers in CCM, GCM and XTS contexts should either be
NULL or set to point to the appropriate key schedule. This needs
to be adjusted when copying contexts.
OpenSSL PR #3272 with further fixes, from OpenSSL trunk
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/evp/e_aes.c | 82 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/evp/e_aes.c | 82 |
2 files changed, 140 insertions, 24 deletions
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c index fb767d9619..3304e3417e 100644 --- a/src/lib/libcrypto/evp/e_aes.c +++ b/src/lib/libcrypto/evp/e_aes.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: e_aes.c,v 1.23 2014/07/10 22:45:57 jsing Exp $ */ | 1 | /* $OpenBSD: e_aes.c,v 1.24 2014/07/11 14:38:51 miod Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -785,6 +785,27 @@ aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) | |||
| 785 | /* Extra padding: tag appended to record */ | 785 | /* Extra padding: tag appended to record */ |
| 786 | return EVP_GCM_TLS_TAG_LEN; | 786 | return EVP_GCM_TLS_TAG_LEN; |
| 787 | 787 | ||
| 788 | case EVP_CTRL_COPY: | ||
| 789 | { | ||
| 790 | EVP_CIPHER_CTX *out = ptr; | ||
| 791 | EVP_AES_GCM_CTX *gctx_out = out->cipher_data; | ||
| 792 | |||
| 793 | if (gctx->gcm.key) { | ||
| 794 | if (gctx->gcm.key != &gctx->ks) | ||
| 795 | return 0; | ||
| 796 | gctx_out->gcm.key = &gctx_out->ks; | ||
| 797 | } | ||
| 798 | if (gctx->iv == c->iv) | ||
| 799 | gctx_out->iv = out->iv; | ||
| 800 | else { | ||
| 801 | gctx_out->iv = malloc(gctx->ivlen); | ||
| 802 | if (!gctx_out->iv) | ||
| 803 | return 0; | ||
| 804 | memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); | ||
| 805 | } | ||
| 806 | return 1; | ||
| 807 | } | ||
| 808 | |||
| 788 | default: | 809 | default: |
| 789 | return -1; | 810 | return -1; |
| 790 | 811 | ||
| @@ -992,9 +1013,10 @@ aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 992 | 1013 | ||
| 993 | } | 1014 | } |
| 994 | 1015 | ||
| 995 | #define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ | 1016 | #define CUSTOM_FLAGS \ |
| 996 | | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | 1017 | ( EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV | \ |
| 997 | | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT) | 1018 | EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | \ |
| 1019 | EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY ) | ||
| 998 | 1020 | ||
| 999 | BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, | 1021 | BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, |
| 1000 | EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) | 1022 | EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) |
| @@ -1008,13 +1030,35 @@ aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) | |||
| 1008 | { | 1030 | { |
| 1009 | EVP_AES_XTS_CTX *xctx = c->cipher_data; | 1031 | EVP_AES_XTS_CTX *xctx = c->cipher_data; |
| 1010 | 1032 | ||
| 1011 | if (type != EVP_CTRL_INIT) | 1033 | switch (type) { |
| 1012 | return -1; | 1034 | case EVP_CTRL_INIT: |
| 1035 | /* | ||
| 1036 | * key1 and key2 are used as an indicator both key and IV | ||
| 1037 | * are set | ||
| 1038 | */ | ||
| 1039 | xctx->xts.key1 = NULL; | ||
| 1040 | xctx->xts.key2 = NULL; | ||
| 1041 | return 1; | ||
| 1013 | 1042 | ||
| 1014 | /* key1 and key2 are used as an indicator both key and IV are set */ | 1043 | case EVP_CTRL_COPY: |
| 1015 | xctx->xts.key1 = NULL; | 1044 | { |
| 1016 | xctx->xts.key2 = NULL; | 1045 | EVP_CIPHER_CTX *out = ptr; |
| 1017 | return 1; | 1046 | EVP_AES_XTS_CTX *xctx_out = out->cipher_data; |
| 1047 | |||
| 1048 | if (xctx->xts.key1) { | ||
| 1049 | if (xctx->xts.key1 != &xctx->ks1) | ||
| 1050 | return 0; | ||
| 1051 | xctx_out->xts.key1 = &xctx_out->ks1; | ||
| 1052 | } | ||
| 1053 | if (xctx->xts.key2) { | ||
| 1054 | if (xctx->xts.key2 != &xctx->ks2) | ||
| 1055 | return 0; | ||
| 1056 | xctx_out->xts.key2 = &xctx_out->ks2; | ||
| 1057 | } | ||
| 1058 | return 1; | ||
| 1059 | } | ||
| 1060 | } | ||
| 1061 | return -1; | ||
| 1018 | } | 1062 | } |
| 1019 | 1063 | ||
| 1020 | static int | 1064 | static int |
| @@ -1106,8 +1150,9 @@ aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 1106 | 1150 | ||
| 1107 | #define aes_xts_cleanup NULL | 1151 | #define aes_xts_cleanup NULL |
| 1108 | 1152 | ||
| 1109 | #define XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \ | 1153 | #define XTS_FLAGS \ |
| 1110 | | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT) | 1154 | ( EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV | \ |
| 1155 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY ) | ||
| 1111 | 1156 | ||
| 1112 | BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, EVP_CIPH_FLAG_FIPS|XTS_FLAGS) | 1157 | BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, EVP_CIPH_FLAG_FIPS|XTS_FLAGS) |
| 1113 | BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, EVP_CIPH_FLAG_FIPS|XTS_FLAGS) | 1158 | BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, EVP_CIPH_FLAG_FIPS|XTS_FLAGS) |
| @@ -1158,6 +1203,19 @@ aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) | |||
| 1158 | cctx->len_set = 0; | 1203 | cctx->len_set = 0; |
| 1159 | return 1; | 1204 | return 1; |
| 1160 | 1205 | ||
| 1206 | case EVP_CTRL_COPY: | ||
| 1207 | { | ||
| 1208 | EVP_CIPHER_CTX *out = ptr; | ||
| 1209 | EVP_AES_CCM_CTX *cctx_out = out->cipher_data; | ||
| 1210 | |||
| 1211 | if (cctx->ccm.key) { | ||
| 1212 | if (cctx->ccm.key != &cctx->ks) | ||
| 1213 | return 0; | ||
| 1214 | cctx_out->ccm.key = &cctx_out->ks; | ||
| 1215 | } | ||
| 1216 | return 1; | ||
| 1217 | } | ||
| 1218 | |||
| 1161 | default: | 1219 | default: |
| 1162 | return -1; | 1220 | return -1; |
| 1163 | } | 1221 | } |
diff --git a/src/lib/libssl/src/crypto/evp/e_aes.c b/src/lib/libssl/src/crypto/evp/e_aes.c index fb767d9619..3304e3417e 100644 --- a/src/lib/libssl/src/crypto/evp/e_aes.c +++ b/src/lib/libssl/src/crypto/evp/e_aes.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: e_aes.c,v 1.23 2014/07/10 22:45:57 jsing Exp $ */ | 1 | /* $OpenBSD: e_aes.c,v 1.24 2014/07/11 14:38:51 miod Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -785,6 +785,27 @@ aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) | |||
| 785 | /* Extra padding: tag appended to record */ | 785 | /* Extra padding: tag appended to record */ |
| 786 | return EVP_GCM_TLS_TAG_LEN; | 786 | return EVP_GCM_TLS_TAG_LEN; |
| 787 | 787 | ||
| 788 | case EVP_CTRL_COPY: | ||
| 789 | { | ||
| 790 | EVP_CIPHER_CTX *out = ptr; | ||
| 791 | EVP_AES_GCM_CTX *gctx_out = out->cipher_data; | ||
| 792 | |||
| 793 | if (gctx->gcm.key) { | ||
| 794 | if (gctx->gcm.key != &gctx->ks) | ||
| 795 | return 0; | ||
| 796 | gctx_out->gcm.key = &gctx_out->ks; | ||
| 797 | } | ||
| 798 | if (gctx->iv == c->iv) | ||
| 799 | gctx_out->iv = out->iv; | ||
| 800 | else { | ||
| 801 | gctx_out->iv = malloc(gctx->ivlen); | ||
| 802 | if (!gctx_out->iv) | ||
| 803 | return 0; | ||
| 804 | memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); | ||
| 805 | } | ||
| 806 | return 1; | ||
| 807 | } | ||
| 808 | |||
| 788 | default: | 809 | default: |
| 789 | return -1; | 810 | return -1; |
| 790 | 811 | ||
| @@ -992,9 +1013,10 @@ aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 992 | 1013 | ||
| 993 | } | 1014 | } |
| 994 | 1015 | ||
| 995 | #define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ | 1016 | #define CUSTOM_FLAGS \ |
| 996 | | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | 1017 | ( EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV | \ |
| 997 | | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT) | 1018 | EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | \ |
| 1019 | EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY ) | ||
| 998 | 1020 | ||
| 999 | BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, | 1021 | BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, |
| 1000 | EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) | 1022 | EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) |
| @@ -1008,13 +1030,35 @@ aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) | |||
| 1008 | { | 1030 | { |
| 1009 | EVP_AES_XTS_CTX *xctx = c->cipher_data; | 1031 | EVP_AES_XTS_CTX *xctx = c->cipher_data; |
| 1010 | 1032 | ||
| 1011 | if (type != EVP_CTRL_INIT) | 1033 | switch (type) { |
| 1012 | return -1; | 1034 | case EVP_CTRL_INIT: |
| 1035 | /* | ||
| 1036 | * key1 and key2 are used as an indicator both key and IV | ||
| 1037 | * are set | ||
| 1038 | */ | ||
| 1039 | xctx->xts.key1 = NULL; | ||
| 1040 | xctx->xts.key2 = NULL; | ||
| 1041 | return 1; | ||
| 1013 | 1042 | ||
| 1014 | /* key1 and key2 are used as an indicator both key and IV are set */ | 1043 | case EVP_CTRL_COPY: |
| 1015 | xctx->xts.key1 = NULL; | 1044 | { |
| 1016 | xctx->xts.key2 = NULL; | 1045 | EVP_CIPHER_CTX *out = ptr; |
| 1017 | return 1; | 1046 | EVP_AES_XTS_CTX *xctx_out = out->cipher_data; |
| 1047 | |||
| 1048 | if (xctx->xts.key1) { | ||
| 1049 | if (xctx->xts.key1 != &xctx->ks1) | ||
| 1050 | return 0; | ||
| 1051 | xctx_out->xts.key1 = &xctx_out->ks1; | ||
| 1052 | } | ||
| 1053 | if (xctx->xts.key2) { | ||
| 1054 | if (xctx->xts.key2 != &xctx->ks2) | ||
| 1055 | return 0; | ||
| 1056 | xctx_out->xts.key2 = &xctx_out->ks2; | ||
| 1057 | } | ||
| 1058 | return 1; | ||
| 1059 | } | ||
| 1060 | } | ||
| 1061 | return -1; | ||
| 1018 | } | 1062 | } |
| 1019 | 1063 | ||
| 1020 | static int | 1064 | static int |
| @@ -1106,8 +1150,9 @@ aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 1106 | 1150 | ||
| 1107 | #define aes_xts_cleanup NULL | 1151 | #define aes_xts_cleanup NULL |
| 1108 | 1152 | ||
| 1109 | #define XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \ | 1153 | #define XTS_FLAGS \ |
| 1110 | | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT) | 1154 | ( EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV | \ |
| 1155 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY ) | ||
| 1111 | 1156 | ||
| 1112 | BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, EVP_CIPH_FLAG_FIPS|XTS_FLAGS) | 1157 | BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, EVP_CIPH_FLAG_FIPS|XTS_FLAGS) |
| 1113 | BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, EVP_CIPH_FLAG_FIPS|XTS_FLAGS) | 1158 | BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, EVP_CIPH_FLAG_FIPS|XTS_FLAGS) |
| @@ -1158,6 +1203,19 @@ aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) | |||
| 1158 | cctx->len_set = 0; | 1203 | cctx->len_set = 0; |
| 1159 | return 1; | 1204 | return 1; |
| 1160 | 1205 | ||
| 1206 | case EVP_CTRL_COPY: | ||
| 1207 | { | ||
| 1208 | EVP_CIPHER_CTX *out = ptr; | ||
| 1209 | EVP_AES_CCM_CTX *cctx_out = out->cipher_data; | ||
| 1210 | |||
| 1211 | if (cctx->ccm.key) { | ||
| 1212 | if (cctx->ccm.key != &cctx->ks) | ||
| 1213 | return 0; | ||
| 1214 | cctx_out->ccm.key = &cctx_out->ks; | ||
| 1215 | } | ||
| 1216 | return 1; | ||
| 1217 | } | ||
| 1218 | |||
| 1161 | default: | 1219 | default: |
| 1162 | return -1; | 1220 | return -1; |
| 1163 | } | 1221 | } |