[openssl] master update

shane.lontis at oracle.com shane.lontis at oracle.com
Fri Sep 20 02:45:43 UTC 2019


The branch master has been updated
       via  2e9645c8b9a81e7617395553088560847ac1b8c8 (commit)
      from  fbad6e79fae1ed12c5d3b5611f490e75066adfad (commit)


- Log -----------------------------------------------------------------
commit 2e9645c8b9a81e7617395553088560847ac1b8c8
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Thu Sep 19 18:40:07 2019 +1000

    Move gcm decryption tag check higher up in the callstack
    
    Code was updated for s390 that accidently removed the check inside the final method.
    Moving the check up before the final method is called is a better way of handling this.
    The oneshot method also calls the final method but doesnt need to do this check.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/9945)

-----------------------------------------------------------------------

Summary of changes:
 providers/common/ciphers/cipher_gcm.c    | 4 +++-
 providers/common/ciphers/cipher_gcm_hw.c | 3 +--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/providers/common/ciphers/cipher_gcm.c b/providers/common/ciphers/cipher_gcm.c
index 9a61eabdfc..b5c79daee7 100644
--- a/providers/common/ciphers/cipher_gcm.c
+++ b/providers/common/ciphers/cipher_gcm.c
@@ -344,7 +344,9 @@ static int gcm_cipher_internal(PROV_GCM_CTX *ctx, unsigned char *out,
                 goto err;
         }
     } else {
-        /* Finished when in == NULL */
+        /* The tag must be set before actually decrypting data */
+        if (!ctx->enc && ctx->taglen == UNINITIALISED_SIZET)
+            goto err;
         if (!hw->cipherfinal(ctx, ctx->buf))
             goto err;
         ctx->iv_state = IV_STATE_FINISHED; /* Don't reuse the IV */
diff --git a/providers/common/ciphers/cipher_gcm_hw.c b/providers/common/ciphers/cipher_gcm_hw.c
index e2587f2e5e..8b2913c695 100644
--- a/providers/common/ciphers/cipher_gcm_hw.c
+++ b/providers/common/ciphers/cipher_gcm_hw.c
@@ -90,8 +90,7 @@ int gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag)
         CRYPTO_gcm128_tag(&ctx->gcm, tag, GCM_TAG_MAX_SIZE);
         ctx->taglen = GCM_TAG_MAX_SIZE;
     } else {
-        if (ctx->taglen == UNINITIALISED_SIZET
-            || CRYPTO_gcm128_finish(&ctx->gcm, tag, ctx->taglen) != 0)
+        if (CRYPTO_gcm128_finish(&ctx->gcm, tag, ctx->taglen) != 0)
             return 0;
     }
     return 1;


More information about the openssl-commits mailing list