diff options
| author | jsing <> | 2025-09-08 12:46:38 +0000 |
|---|---|---|
| committer | jsing <> | 2025-09-08 12:46:38 +0000 |
| commit | 27935bc83495bf29902f88b49a448b5fba6cb8ac (patch) | |
| tree | 52ce7a77bea87859671f865f9fdb9a70cb74bb4b /src | |
| parent | 731703a848224f9ac266b1a4d87d2d47caf9c57d (diff) | |
| download | openbsd-27935bc83495bf29902f88b49a448b5fba6cb8ac.tar.gz openbsd-27935bc83495bf29902f88b49a448b5fba6cb8ac.tar.bz2 openbsd-27935bc83495bf29902f88b49a448b5fba6cb8ac.zip | |
Validate AES_set_{encrypt,decrypt}_key() inputs at API boundary.
Every aes_set_{encrypt,decrypt}_key_internal() implementation is currently
required to check the inputs and return appropriate error codes. Pull the
input validation up to the API boundary, setting key->rounds at the same
time. Additionally, call aes_set_encrypt_key_internal() directly from
aes_set_decrypt_key_internal(), rather than going back through the public
API.
ok tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/aes/aes.c | 25 | ||||
| -rw-r--r-- | src/lib/libcrypto/aes/aes_core.c | 21 |
2 files changed, 28 insertions, 18 deletions
diff --git a/src/lib/libcrypto/aes/aes.c b/src/lib/libcrypto/aes/aes.c index 693badcd66..f9b2cfd9dd 100644 --- a/src/lib/libcrypto/aes/aes.c +++ b/src/lib/libcrypto/aes/aes.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: aes.c,v 1.14 2025/07/22 09:13:49 jsing Exp $ */ | 1 | /* $OpenBSD: aes.c,v 1.15 2025/09/08 12:46:38 jsing Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -72,9 +72,27 @@ void aes_encrypt_internal(const unsigned char *in, unsigned char *out, | |||
| 72 | void aes_decrypt_internal(const unsigned char *in, unsigned char *out, | 72 | void aes_decrypt_internal(const unsigned char *in, unsigned char *out, |
| 73 | const AES_KEY *key); | 73 | const AES_KEY *key); |
| 74 | 74 | ||
| 75 | static int | ||
| 76 | aes_rounds_for_key_length(int bits) | ||
| 77 | { | ||
| 78 | if (bits == 128) | ||
| 79 | return 10; | ||
| 80 | if (bits == 192) | ||
| 81 | return 12; | ||
| 82 | if (bits == 256) | ||
| 83 | return 14; | ||
| 84 | |||
| 85 | return 0; | ||
| 86 | } | ||
| 87 | |||
| 75 | int | 88 | int |
| 76 | AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) | 89 | AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) |
| 77 | { | 90 | { |
| 91 | if (userKey == NULL || key == NULL) | ||
| 92 | return -1; | ||
| 93 | if ((key->rounds = aes_rounds_for_key_length(bits)) <= 0) | ||
| 94 | return -2; | ||
| 95 | |||
| 78 | return aes_set_encrypt_key_internal(userKey, bits, key); | 96 | return aes_set_encrypt_key_internal(userKey, bits, key); |
| 79 | } | 97 | } |
| 80 | LCRYPTO_ALIAS(AES_set_encrypt_key); | 98 | LCRYPTO_ALIAS(AES_set_encrypt_key); |
| @@ -82,6 +100,11 @@ LCRYPTO_ALIAS(AES_set_encrypt_key); | |||
| 82 | int | 100 | int |
| 83 | AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) | 101 | AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) |
| 84 | { | 102 | { |
| 103 | if (userKey == NULL || key == NULL) | ||
| 104 | return -1; | ||
| 105 | if ((key->rounds = aes_rounds_for_key_length(bits)) <= 0) | ||
| 106 | return -2; | ||
| 107 | |||
| 85 | return aes_set_decrypt_key_internal(userKey, bits, key); | 108 | return aes_set_decrypt_key_internal(userKey, bits, key); |
| 86 | } | 109 | } |
| 87 | LCRYPTO_ALIAS(AES_set_decrypt_key); | 110 | LCRYPTO_ALIAS(AES_set_decrypt_key); |
diff --git a/src/lib/libcrypto/aes/aes_core.c b/src/lib/libcrypto/aes/aes_core.c index 8eccb998d3..2311547100 100644 --- a/src/lib/libcrypto/aes/aes_core.c +++ b/src/lib/libcrypto/aes/aes_core.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: aes_core.c,v 1.27 2025/04/21 12:23:09 jsing Exp $ */ | 1 | /* $OpenBSD: aes_core.c,v 1.28 2025/09/08 12:46:38 jsing Exp $ */ |
| 2 | /** | 2 | /** |
| 3 | * rijndael-alg-fst.c | 3 | * rijndael-alg-fst.c |
| 4 | * | 4 | * |
| @@ -645,20 +645,8 @@ aes_set_encrypt_key_internal(const unsigned char *userKey, const int bits, | |||
| 645 | int i = 0; | 645 | int i = 0; |
| 646 | uint32_t temp; | 646 | uint32_t temp; |
| 647 | 647 | ||
| 648 | if (!userKey || !key) | ||
| 649 | return -1; | ||
| 650 | if (bits != 128 && bits != 192 && bits != 256) | ||
| 651 | return -2; | ||
| 652 | |||
| 653 | rk = key->rd_key; | 648 | rk = key->rd_key; |
| 654 | 649 | ||
| 655 | if (bits == 128) | ||
| 656 | key->rounds = 10; | ||
| 657 | else if (bits == 192) | ||
| 658 | key->rounds = 12; | ||
| 659 | else | ||
| 660 | key->rounds = 14; | ||
| 661 | |||
| 662 | rk[0] = crypto_load_be32toh(&userKey[0 * 4]); | 650 | rk[0] = crypto_load_be32toh(&userKey[0 * 4]); |
| 663 | rk[1] = crypto_load_be32toh(&userKey[1 * 4]); | 651 | rk[1] = crypto_load_be32toh(&userKey[1 * 4]); |
| 664 | rk[2] = crypto_load_be32toh(&userKey[2 * 4]); | 652 | rk[2] = crypto_load_be32toh(&userKey[2 * 4]); |
| @@ -746,13 +734,12 @@ aes_set_decrypt_key_internal(const unsigned char *userKey, const int bits, | |||
| 746 | AES_KEY *key) | 734 | AES_KEY *key) |
| 747 | { | 735 | { |
| 748 | uint32_t *rk; | 736 | uint32_t *rk; |
| 749 | int i, j, status; | ||
| 750 | uint32_t temp; | 737 | uint32_t temp; |
| 738 | int i, j, ret; | ||
| 751 | 739 | ||
| 752 | /* first, start with an encryption schedule */ | 740 | /* first, start with an encryption schedule */ |
| 753 | status = AES_set_encrypt_key(userKey, bits, key); | 741 | if ((ret = aes_set_encrypt_key_internal(userKey, bits, key)) < 0) |
| 754 | if (status < 0) | 742 | return ret; |
| 755 | return status; | ||
| 756 | 743 | ||
| 757 | rk = key->rd_key; | 744 | rk = key->rd_key; |
| 758 | 745 | ||