[openssl/openssl] edb18a: make inability to dup/clone ciphers an error

Neil Horman noreply at github.com
Fri Jan 5 16:18:51 UTC 2024 

  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: edb18a74047a068c3c92a1a1c43ee3c22b1f4efd
      https://github.com/openssl/openssl/commit/edb18a74047a068c3c92a1a1c43ee3c22b1f4efd
  Author: Neil Horman <nhorman at openssl.org>
  Date:   2024-01-05 (Fri, 05 Jan 2024)

  Changed paths:
    M test/evp_test.c

  Log Message:
  -----------
  make inability to dup/clone ciphers an error

There should be no reason that a cipher can't be duplicated

Fixes #21887

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23102)

(cherry picked from commit 58a6aa0c9fe6abad996f45c6b452983035db7105)


  Commit: 766628d6af53b0519a54c922b32d4d79eb85ee2f
      https://github.com/openssl/openssl/commit/766628d6af53b0519a54c922b32d4d79eb85ee2f
  Author: Neil Horman <nhorman at openssl.org>
  Date:   2024-01-05 (Fri, 05 Jan 2024)

  Changed paths:
    M providers/implementations/ciphers/cipher_aes_ccm.c
    M providers/implementations/ciphers/cipher_aes_gcm.c
    M providers/implementations/ciphers/cipher_aria_ccm.c
    M providers/implementations/ciphers/cipher_aria_gcm.c
    M providers/implementations/include/prov/ciphercommon_aead.h

  Log Message:
  -----------
  Add dupctx support to aead ciphers

Add dupctx method support to to ciphers implemented with IMPLEMENT_aead_cipher
This includes:
aes-<kbits>-gcm
aria-<kbits>-ccm
aria-<kbits>-gcm

Fixes #21887

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23102)

(cherry picked from commit 879a853a1dc968fb010e5bf17d2e8888acc70742)


  Commit: 51036a43753f565443acdb81f2ed2857c029ee68
      https://github.com/openssl/openssl/commit/51036a43753f565443acdb81f2ed2857c029ee68
  Author: Neil Horman <nhorman at openssl.org>
  Date:   2024-01-05 (Fri, 05 Jan 2024)

  Changed paths:
    M providers/implementations/ciphers/cipher_aes_wrp.c

  Log Message:
  -----------
  implement dupctx for aes_WRAP methods

create a dupctx method for aes_WRAP implementations of all sizes

Fixes #21887

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23102)

(cherry picked from commit a5bea0a8d423c7e52052d903b99f75034e78cecf)


  Commit: 1aa0746d71468aaa0b999b3501bb0280a2f5d4f4
      https://github.com/openssl/openssl/commit/1aa0746d71468aaa0b999b3501bb0280a2f5d4f4
  Author: Neil Horman <nhorman at openssl.org>
  Date:   2024-01-05 (Fri, 05 Jan 2024)

  Changed paths:
    M providers/implementations/ciphers/cipher_chacha20_poly1305.c

  Log Message:
  -----------
  implement dupctx for chacha20_poly1305

Same as chacha20 in the last commit, just clone the ctx and its
underlying tlsmac array if its allocated

Fixes #21887

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23102)

(cherry picked from commit e7ef50c3e3b670a476aa0e864da5b5cc874b3528)


  Commit: 291796b3d0c2f215f9aa5ce3ad5d611068638cfb
      https://github.com/openssl/openssl/commit/291796b3d0c2f215f9aa5ce3ad5d611068638cfb
  Author: Neil Horman <nhorman at openssl.org>
  Date:   2024-01-05 (Fri, 05 Jan 2024)

  Changed paths:
    M providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
    M providers/implementations/ciphers/cipher_rc4_hmac_md5.c

  Log Message:
  -----------
  Add dupctx support to rc4_hmac_md5 algo

Pretty straightforward, just clone the requested context, no pointers to
fixup

Fixes #21887

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23102)

(cherry picked from commit f9163efe96e218adeae2a0dc6a4cbef568f395ee)


  Commit: 780b38cae957c52a524b6fd9d5558c31e0a2ea22
      https://github.com/openssl/openssl/commit/780b38cae957c52a524b6fd9d5558c31e0a2ea22
  Author: Neil Horman <nhorman at openssl.org>
  Date:   2024-01-05 (Fri, 05 Jan 2024)

  Changed paths:
    M providers/implementations/ciphers/cipher_aes_gcm.c
    M providers/implementations/ciphers/cipher_aria_ccm.c
    M providers/implementations/ciphers/cipher_aria_gcm.c

  Log Message:
  -----------
  Fix a key repointing in various ciphers

In the dupctx fixups I missed a pointer that needed to be repointed to
the surrounding structures AES_KEY structure for the sm4/aes/aria
ccm/gcm variants.  This caused a colliding use of the key and possible
use after free issues.

Fixes #22076

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23102)

(cherry picked from commit 0398bc20080de037a8433fe81cfdef3ba0ec9d4c)


Compare: https://github.com/openssl/openssl/compare/63256ca9edfc...780b38cae957

More information about the openssl-commits mailing list