[openssl/openssl] 58a6aa: make inability to dup/clone ciphers an error

Neil Horman noreply at github.com
Fri Jan 5 11:46:49 UTC 2024


  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: 58a6aa0c9fe6abad996f45c6b452983035db7105
      https://github.com/openssl/openssl/commit/58a6aa0c9fe6abad996f45c6b452983035db7105
  Author: Neil Horman <nhorman at openssl.org>
  Date:   2024-01-05 (Fri, 05 Jan 2024)

  Changed paths:
    M test/evp_test.c

  Log Message:
  -----------
  make inability to dup/clone ciphers an error

There should be no reason that a cipher can't be duplicated

Fixes #21887

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23102)


  Commit: 879a853a1dc968fb010e5bf17d2e8888acc70742
      https://github.com/openssl/openssl/commit/879a853a1dc968fb010e5bf17d2e8888acc70742
  Author: Neil Horman <nhorman at openssl.org>
  Date:   2024-01-05 (Fri, 05 Jan 2024)

  Changed paths:
    M providers/implementations/ciphers/cipher_aes_ccm.c
    M providers/implementations/ciphers/cipher_aes_gcm.c
    M providers/implementations/ciphers/cipher_aria_ccm.c
    M providers/implementations/ciphers/cipher_aria_gcm.c
    M providers/implementations/include/prov/ciphercommon_aead.h

  Log Message:
  -----------
  Add dupctx support to aead ciphers

Add dupctx method support to to ciphers implemented with IMPLEMENT_aead_cipher
This includes:
aes-<kbits>-gcm
aria-<kbits>-ccm
aria-<kbits>-gcm

Fixes #21887

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23102)


  Commit: a5bea0a8d423c7e52052d903b99f75034e78cecf
      https://github.com/openssl/openssl/commit/a5bea0a8d423c7e52052d903b99f75034e78cecf
  Author: Neil Horman <nhorman at openssl.org>
  Date:   2024-01-05 (Fri, 05 Jan 2024)

  Changed paths:
    M providers/implementations/ciphers/cipher_aes_wrp.c

  Log Message:
  -----------
  implement dupctx for aes_WRAP methods

create a dupctx method for aes_WRAP implementations of all sizes

Fixes #21887

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23102)


  Commit: e7ef50c3e3b670a476aa0e864da5b5cc874b3528
      https://github.com/openssl/openssl/commit/e7ef50c3e3b670a476aa0e864da5b5cc874b3528
  Author: Neil Horman <nhorman at openssl.org>
  Date:   2024-01-05 (Fri, 05 Jan 2024)

  Changed paths:
    M providers/implementations/ciphers/cipher_chacha20_poly1305.c

  Log Message:
  -----------
  implement dupctx for chacha20_poly1305

Same as chacha20 in the last commit, just clone the ctx and its
underlying tlsmac array if its allocated

Fixes #21887

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23102)


  Commit: f9163efe96e218adeae2a0dc6a4cbef568f395ee
      https://github.com/openssl/openssl/commit/f9163efe96e218adeae2a0dc6a4cbef568f395ee
  Author: Neil Horman <nhorman at openssl.org>
  Date:   2024-01-05 (Fri, 05 Jan 2024)

  Changed paths:
    M providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
    M providers/implementations/ciphers/cipher_rc4_hmac_md5.c

  Log Message:
  -----------
  Add dupctx support to rc4_hmac_md5 algo

Pretty straightforward, just clone the requested context, no pointers to
fixup

Fixes #21887

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23102)


  Commit: 0398bc20080de037a8433fe81cfdef3ba0ec9d4c
      https://github.com/openssl/openssl/commit/0398bc20080de037a8433fe81cfdef3ba0ec9d4c
  Author: Neil Horman <nhorman at openssl.org>
  Date:   2024-01-05 (Fri, 05 Jan 2024)

  Changed paths:
    M providers/implementations/ciphers/cipher_aes_gcm.c
    M providers/implementations/ciphers/cipher_aria_ccm.c
    M providers/implementations/ciphers/cipher_aria_gcm.c

  Log Message:
  -----------
  Fix a key repointing in various ciphers

In the dupctx fixups I missed a pointer that needed to be repointed to
the surrounding structures AES_KEY structure for the sm4/aes/aria
ccm/gcm variants.  This caused a colliding use of the key and possible
use after free issues.

Fixes #22076

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23102)


Compare: https://github.com/openssl/openssl/compare/854d883039b5...0398bc20080d


More information about the openssl-commits mailing list