[openssl] master update

tomas at openssl.org tomas at openssl.org
Wed Jul 14 10:02:39 UTC 2021 

The branch master has been updated
       via  e77be2e20175f5ae3f96952f5b9fce557bc00fb1 (commit)
       via  c55c7d0292947bb906847ff03132c7eeb967936f (commit)
      from  2f0a53816b2956f585903a52ab6ab681cf6f9ae1 (commit)


- Log -----------------------------------------------------------------
commit e77be2e20175f5ae3f96952f5b9fce557bc00fb1
Author: Pauli <pauli at openssl.org>
Date:   Tue Jul 13 18:55:36 2021 +1000

    test: add single byte IV AES GCM tests
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16064)

commit c55c7d0292947bb906847ff03132c7eeb967936f
Author: Pauli <pauli at openssl.org>
Date:   Tue Jul 13 18:40:01 2021 +1000

    Remove lower limit on GCM mode ciphers
    
    Fixes #16057
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16064)

-----------------------------------------------------------------------

Summary of changes:
 providers/implementations/ciphers/cipher_aes_gcm.c |   5 +-
 .../implementations/ciphers/cipher_aria_gcm.c      |   4 +-
 .../implementations/ciphers/ciphercommon_gcm.c     |   5 +-
 .../include/prov/ciphercommon_gcm.h                |   3 +-
 .../30-test_evp_data/evpciph_aes_common.txt        | 103 +++++++++++++++++++++
 5 files changed, 108 insertions(+), 12 deletions(-)

diff --git a/providers/implementations/ciphers/cipher_aes_gcm.c b/providers/implementations/ciphers/cipher_aes_gcm.c
index a9f574ab23..0081ca6cd7 100644
--- a/providers/implementations/ciphers/cipher_aes_gcm.c
+++ b/providers/implementations/ciphers/cipher_aes_gcm.c
@@ -20,9 +20,6 @@
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
 
-#define AES_GCM_IV_MIN_SIZE     (64 / 8) /* size in bytes */
-/* Note: GCM_IV_MAX_SIZE is listed in ciphercommon_gcm.h */
-
 static void *aes_gcm_newctx(void *provctx, size_t keybits)
 {
     PROV_AES_GCM_CTX *ctx;
@@ -33,7 +30,7 @@ static void *aes_gcm_newctx(void *provctx, size_t keybits)
     ctx = OPENSSL_zalloc(sizeof(*ctx));
     if (ctx != NULL)
         ossl_gcm_initctx(provctx, &ctx->base, keybits,
-                         ossl_prov_aes_hw_gcm(keybits), AES_GCM_IV_MIN_SIZE);
+                         ossl_prov_aes_hw_gcm(keybits));
     return ctx;
 }
 
diff --git a/providers/implementations/ciphers/cipher_aria_gcm.c b/providers/implementations/ciphers/cipher_aria_gcm.c
index c2fe7ec185..b412bd3202 100644
--- a/providers/implementations/ciphers/cipher_aria_gcm.c
+++ b/providers/implementations/ciphers/cipher_aria_gcm.c
@@ -13,8 +13,6 @@
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
 
-#define ARIA_GCM_IV_MIN_SIZE     (32 / 8) /* size in bytes */
-
 static void *aria_gcm_newctx(void *provctx, size_t keybits)
 {
     PROV_ARIA_GCM_CTX *ctx;
@@ -25,7 +23,7 @@ static void *aria_gcm_newctx(void *provctx, size_t keybits)
     ctx = OPENSSL_zalloc(sizeof(*ctx));
     if (ctx != NULL)
         ossl_gcm_initctx(provctx, &ctx->base, keybits,
-                         ossl_prov_aria_hw_gcm(keybits), ARIA_GCM_IV_MIN_SIZE);
+                         ossl_prov_aria_hw_gcm(keybits));
     return ctx;
 }
 
diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c
index 97a1af3191..c4301f6b82 100644
--- a/providers/implementations/ciphers/ciphercommon_gcm.c
+++ b/providers/implementations/ciphers/ciphercommon_gcm.c
@@ -26,13 +26,12 @@ static int gcm_cipher_internal(PROV_GCM_CTX *ctx, unsigned char *out,
                                size_t len);
 
 void ossl_gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits,
-                      const PROV_GCM_HW *hw, size_t ivlen_min)
+                      const PROV_GCM_HW *hw)
 {
     ctx->pad = 1;
     ctx->mode = EVP_CIPH_GCM_MODE;
     ctx->taglen = UNINITIALISED_SIZET;
     ctx->tls_aad_len = UNINITIALISED_SIZET;
-    ctx->ivlen_min = ivlen_min;
     ctx->ivlen = (EVP_GCM_TLS_FIXED_IV_LEN + EVP_GCM_TLS_EXPLICIT_IV_LEN);
     ctx->keylen = keybits / 8;
     ctx->hw = hw;
@@ -51,7 +50,7 @@ static int gcm_init(void *vctx, const unsigned char *key, size_t keylen,
     ctx->enc = enc;
 
     if (iv != NULL) {
-        if (ivlen < ctx->ivlen_min || ivlen > sizeof(ctx->iv)) {
+        if (ivlen == 0 || ivlen > sizeof(ctx->iv)) {
             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
             return 0;
         }
diff --git a/providers/implementations/include/prov/ciphercommon_gcm.h b/providers/implementations/include/prov/ciphercommon_gcm.h
index 3e01cc7e7b..7c4a548f9d 100644
--- a/providers/implementations/include/prov/ciphercommon_gcm.h
+++ b/providers/implementations/include/prov/ciphercommon_gcm.h
@@ -48,7 +48,6 @@ typedef struct prov_gcm_ctx_st {
     unsigned int mode;          /* The mode that we are using */
     size_t keylen;
     size_t ivlen;
-    size_t ivlen_min;
     size_t taglen;
     size_t tls_aad_pad_sz;
     size_t tls_aad_len;         /* TLS AAD length */
@@ -110,7 +109,7 @@ OSSL_FUNC_cipher_cipher_fn ossl_gcm_cipher;
 OSSL_FUNC_cipher_update_fn ossl_gcm_stream_update;
 OSSL_FUNC_cipher_final_fn ossl_gcm_stream_final;
 void ossl_gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits,
-                      const PROV_GCM_HW *hw, size_t ivlen_min);
+                      const PROV_GCM_HW *hw);
 
 int ossl_gcm_setiv(PROV_GCM_CTX *ctx, const unsigned char *iv, size_t ivlen);
 int ossl_gcm_aad_update(PROV_GCM_CTX *ctx, const unsigned char *aad,
diff --git a/test/recipes/30-test_evp_data/evpciph_aes_common.txt b/test/recipes/30-test_evp_data/evpciph_aes_common.txt
index c0ed605646..b42329007c 100644
--- a/test/recipes/30-test_evp_data/evpciph_aes_common.txt
+++ b/test/recipes/30-test_evp_data/evpciph_aes_common.txt
@@ -893,6 +893,109 @@ Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f2021
 Ciphertext = 6268c6fa2a80b2d137467f092f657ac04d89be2beaa623d61b5a868c8f03ff95d3dcee23ad2f1ab3a6c80eaf4b140eb05de3457f0fbc111a6b43d0763aa422a3013cf1dc37fe417d1fbfc449b75d4cc5
 NextIV = dbcca32ebf9b804617c3aa9e
 
+# Single byte IV test cases from
+# https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/CAVP-TESTING-BLOCK-CIPHER-MODES#GCMVS
+
+Title = AES GCM single byte IV tests
+
+Cipher = aes-128-gcm
+Key = 1672c3537afa82004c6b8a46f6f0d026
+IV = 05
+Tag = 8e2ad721f9455f74d8b53d3141f27e8e
+Plaintext = 
+Ciphertext = 
+
+Cipher = aes-128-gcm
+Key = 6471e11b5a559f84d196160c64ced95a
+IV = 1a
+AAD = 147c70bd944ae51289717bdbdac86511fa3a43a2
+Tag = b7b80d314024261bafd7d218
+Plaintext = 
+Ciphertext = 
+
+Cipher = aes-128-gcm
+Key = f0d44d3c8c8ff4d2aab5c315e77a5cff
+IV = 3e
+Tag = fe0c50de4c5443e4c9380a7df0
+Plaintext = ecb7e9263c3080cb8861ffc5afdf3fe8
+Ciphertext = b5cfd9141ea43d5c16e28666c3840805
+
+Cipher = aes-128-gcm
+Key = c422ac0266dc9b5ddc391d9cdb72257e
+IV = c7
+Tag = 95c1e410d4ea59dda50d84162b49
+Plaintext = 6149277175c02a462dab219b80d15641a4c033dfa4c9a81de1765f0276008fa2
+AAD = aa56b160c5d51a4aa400e798c825aaa27d6693de
+Ciphertext = 39d9f9b2348214270f1ca18b521f7485c5390c8e993eb7ff79a5be99c7d523f1
+
+Cipher = aes-128-gcm
+Key = 72c5683d1e0173afcd92002c26ae3ea5
+IV = 4c
+Plaintext = f69623243c6bb924a5502dd270f730baf3fd4a0c10b889fb42a12b086d427786
+AAD = f6cecdc9118777b875ef256cf92a3dc0cf208149
+Ciphertext = 188e68729648fa9b4a202ed2313be860c593600ac8419c75c55859faa585bc0e
+Tag = bb4e889b58b9716f6556c676bd59
+
+Cipher = aes-192-gcm
+Key = d49dfb35287db0b4bce518412c4e84229a9bf8461e11e8a9
+IV = 0b
+Tag = b1ecd3e6f27346c47e7fff898a418a0f
+Plaintext = 
+Ciphertext = 
+
+Cipher = aes-192-gcm
+Key = 842c899c5d7c3598676081e9e25fdd030d3e4490a3268fd0
+IV = 9e
+AAD = ed1162a2d95e0c248ebf9197cb03ad2d
+Tag = c81a9ff65112b75911b22523926bf39f
+Plaintext = 
+Ciphertext = 
+
+Cipher = aes-192-gcm
+Key = d273319d24f356bf77cb6a56450bd0d464f476a18863840a
+IV = 13
+Tag = 729b5b765d008e982d9e5fae7c998e
+Plaintext = c07e127ceb93a3d8d166d1e3fa2565e4
+Ciphertext = 0c44c7b5fb1520bdb493bec38e7846e6
+
+Cipher = aes-192-gcm
+Key = 1120b14c39f4240e2cc63285d8b7d59d44c993fddc77d456
+IV = 66
+AAD = c25f9b36d06547a64442e534b1fe3bb120a55292060a3c8611b75313fb5475333eeedac642ee2eed1dd110643ce8aff8
+Tag = ebf90469dae01e4be5b0ce86
+Plaintext = 8eb78ac034ce4f182fb9ee68d71ed3f7
+Ciphertext = ec13d51a2c37ea48beb32f766e1e42a1
+
+Cipher = aes-256-gcm
+Key = a70f2f3c96b952b2d177fce5d5edac7c939259ebd3ff7354df3d86100f0be5ac
+IV = 69
+Tag = 2d484f834a313bf3f9a25f0a7604a869
+Plaintext = 
+Ciphertext = 
+
+Cipher = aes-256-gcm
+Key = c639f716597a86afd12319199e21a62b1fc0277a70e3ca120bd3ff745be88604
+IV = 29
+AAD = 20fda1db6911d160121dc3c48e5f19b2
+Tag = 221a3398f20d0d9fe913f33a6cd413d3
+Plaintext = 
+Ciphertext = 
+
+Cipher = aes-256-gcm
+Key = 9473c28f6e978eb15e1967b888282aa6b078d320034fe5f40f8bb68674f1ecda
+IV = 0a
+Tag = 03337df7e1e68d77706abef9edaf5e07
+Plaintext = 2d2e2798c10bcfcce742e92d3c390fef
+Ciphertext = c4e5ab2c6a4316e57c6c37d2c2acb42c
+
+Cipher = aes-256-gcm
+Key = bb4635d766dd0e4a7019d1724c736e1f2c016af9e29e7d3aa2c0de23e780af26
+IV = ab
+AAD = 0f85c7dbeb674b7a70c35125d3619350
+Tag = 6bd54e5184eb300934b392c32b7c1a6e
+Plaintext = d05ce878d94662d1520b184b4bef3c45
+Ciphertext = 51baa26a6a719c1600645ff3bfdfa53b
+
 Title = AES XTS test vectors from IEEE Std 1619-2007
 
 # Using the same key twice for encryption is always banned.

More information about the openssl-commits mailing list