Move cipher ctx 'original iv' parameter into the provider

Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10026)
author: Shane Lontis <shane.lontis@oracle.com> 2019-10-08 09:19:10 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2019-10-08 09:19:10 +1000
commit: 089cb623be76b88a1eea6fcd135101037661bbc3 (patch)
tree: c44618bc24f5def6e4d35342103855702f030134 /providers
parent: 9a6abb95be42b88c7c5ebc8c97f14afdc5919aa1 (diff)
16 files changed, 40 insertions, 55 deletions
diff --git a/providers/common/ciphers/cipher_aes_ccm.c b/providers/common/ciphers/cipher_aes_ccm.c
index c8015898dd..cffca06c80 100644
--- a/providers/common/ciphers/cipher_aes_ccm.c
+++ b/providers/common/ciphers/cipher_aes_ccm.c
@@ -27,7 +27,6 @@ static void aes_ccm_freectx(void *vctx)
 {
     PROV_AES_CCM_CTX *ctx = (PROV_AES_CCM_CTX *)vctx;
 
-    ccm_finalctx((PROV_CCM_CTX *)ctx);
     OPENSSL_clear_free(ctx,  sizeof(*ctx));
 }
 
diff --git a/providers/common/ciphers/cipher_aes_gcm.c b/providers/common/ciphers/cipher_aes_gcm.c
index ba03bed590..ef015bff21 100644
--- a/providers/common/ciphers/cipher_aes_gcm.c
+++ b/providers/common/ciphers/cipher_aes_gcm.c
@@ -27,7 +27,6 @@ static void aes_gcm_freectx(void *vctx)
 {
     PROV_AES_GCM_CTX *ctx = (PROV_AES_GCM_CTX *)vctx;
 
-    gcm_deinitctx((PROV_GCM_CTX *)ctx);
     OPENSSL_clear_free(ctx,  sizeof(*ctx));
 }
 
diff --git a/providers/common/ciphers/cipher_aes_wrp.c b/providers/common/ciphers/cipher_aes_wrp.c
index 70f387f515..1bf4c1793a 100644
--- a/providers/common/ciphers/cipher_aes_wrp.c
+++ b/providers/common/ciphers/cipher_aes_wrp.c
@@ -36,7 +36,6 @@ typedef struct prov_aes_wrap_ctx_st {
         OSSL_UNION_ALIGN;
         AES_KEY ks;
     } ks;
-    unsigned int iv_set : 1;
     aeswrap_fn wrapfn;
 
 } PROV_AES_WRAP_CTX;
@@ -59,9 +58,7 @@ static void *aes_wrap_newctx(size_t kbits, size_t blkbits,
 static void aes_wrap_freectx(void *vctx)
 {
     PROV_AES_WRAP_CTX *wctx = (PROV_AES_WRAP_CTX *)vctx;
-    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
 
-    OPENSSL_cleanse(ctx->iv, sizeof(ctx->iv));
     OPENSSL_clear_free(wctx,  sizeof(*wctx));
 }
 
@@ -80,9 +77,8 @@ static int aes_wrap_init(void *vctx, const unsigned char *key,
         wctx->wrapfn = enc ? CRYPTO_128_wrap : CRYPTO_128_unwrap;
 
     if (iv != NULL) {
-        ctx->ivlen = ivlen;
-        memcpy(ctx->iv, iv, ivlen);
-        wctx->iv_set = 1;
+        if (!cipher_generic_initiv(ctx, iv, ivlen))
+            return 0;
     }
     if (key != NULL) {
         if (keylen != ctx->keylen) {
@@ -150,7 +146,7 @@ static int aes_wrap_cipher_internal(void *vctx, unsigned char *out,
         }
     }
 
-    rv = wctx->wrapfn(&wctx->ks.ks, wctx->iv_set ? ctx->iv : NULL, out, in,
+    rv = wctx->wrapfn(&wctx->ks.ks, ctx->iv_set ? ctx->iv : NULL, out, in,
                       inlen, ctx->block);
     return rv ? (int)rv : -1;
 }
diff --git a/providers/common/ciphers/cipher_aes_xts.c b/providers/common/ciphers/cipher_aes_xts.c
index f114793ba8..fdda733d24 100644
--- a/providers/common/ciphers/cipher_aes_xts.c
+++ b/providers/common/ciphers/cipher_aes_xts.c
@@ -76,12 +76,8 @@ static int aes_xts_init(void *vctx, const unsigned char *key, size_t keylen,
     ctx->enc = enc;
 
     if (iv != NULL) {
-        if (ivlen != ctx->ivlen) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
+        if (!cipher_generic_initiv(vctx, iv, ivlen))
             return 0;
-        }
-        memcpy(ctx->iv, iv, ivlen);
-        xctx->iv_set = 1;
     }
     if (key != NULL) {
         if (keylen != ctx->keylen) {
@@ -155,7 +151,7 @@ static int aes_xts_cipher(void *vctx, unsigned char *out, size_t *outl,
 
     if (ctx->xts.key1 == NULL
             || ctx->xts.key2 == NULL
-            || !ctx->iv_set
+            || !ctx->base.iv_set
             || out == NULL
             || in == NULL
             || inl < AES_BLOCK_SIZE)
diff --git a/providers/common/ciphers/cipher_aes_xts.h b/providers/common/ciphers/cipher_aes_xts.h
index daad274328..4f8a8f874f 100644
--- a/providers/common/ciphers/cipher_aes_xts.h
+++ b/providers/common/ciphers/cipher_aes_xts.h
@@ -23,7 +23,6 @@ typedef struct prov_aes_xts_ctx_st {
     } ks1, ks2;                /* AES key schedules to use */
     XTS128_CONTEXT xts;
     OSSL_xts_stream_fn stream;
-    unsigned int iv_set : 1;   /* Set if an iv is set */
 } PROV_AES_XTS_CTX;
 
 const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_xts(size_t keybits);
diff --git a/providers/common/ciphers/cipher_ccm.c b/providers/common/ciphers/cipher_ccm.c
index cc37b49c60..3fbaef9a46 100644
--- a/providers/common/ciphers/cipher_ccm.c
+++ b/providers/common/ciphers/cipher_ccm.c
@@ -213,7 +213,6 @@ static int ccm_init(void *vctx, const unsigned char *key, size_t keylen,
             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN);
             return 0;
         }
-
         memcpy(ctx->iv, iv, ivlen);
         ctx->iv_set = 1;
     }
@@ -420,7 +419,3 @@ void ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw)
     ctx->hw = hw;
 }
 
-void ccm_finalctx(PROV_CCM_CTX *ctx)
-{
-    OPENSSL_cleanse(ctx->iv, sizeof(ctx->iv));
-}
diff --git a/providers/common/ciphers/cipher_common.c b/providers/common/ciphers/cipher_common.c
index bc8776d874..2577d94d7a 100644
--- a/providers/common/ciphers/cipher_common.c
+++ b/providers/common/ciphers/cipher_common.c
@@ -109,11 +109,8 @@ static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx,
     ctx->enc = enc ? 1 : 0;
 
     if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) {
-        if (ivlen != ctx->ivlen) {
-            ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
+        if (!cipher_generic_initiv(ctx, iv, ivlen))
             return 0;
-        }
-        memcpy(ctx->iv, iv, ctx->ivlen);
     }
     if (key != NULL) {
         if ((ctx->flags & EVP_CIPH_VARIABLE_LENGTH) == 0) {
@@ -322,8 +319,8 @@ int cipher_generic_get_ctx_params(void *vctx, OSSL_PARAM params[])
     }
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
     if (p != NULL
-        && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)
-        && !OSSL_PARAM_set_octet_string(p, &ctx->iv, ctx->ivlen)) {
+        && !OSSL_PARAM_set_octet_ptr(p, &ctx->oiv, ctx->ivlen)
+        && !OSSL_PARAM_set_octet_string(p, &ctx->oiv, ctx->ivlen)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
@@ -337,7 +334,6 @@ int cipher_generic_get_ctx_params(void *vctx, OSSL_PARAM params[])
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
-
     return 1;
 }
 
@@ -379,6 +375,20 @@ int cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[])
     return 1;
 }
 
+int cipher_generic_initiv(PROV_CIPHER_CTX *ctx, const unsigned char *iv,
+                          size_t ivlen)
+{
+    if (ivlen != ctx->ivlen
+        || ivlen > sizeof(ctx->iv)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN);
+        return 0;
+    }
+    ctx->iv_set = 1;
+    memcpy(ctx->iv, iv, ivlen);
+    memcpy(ctx->oiv, iv, ivlen);
+    return 1;
+}
+
 void cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits,
                             size_t ivbits, unsigned int mode, uint64_t flags,
                             const PROV_CIPHER_HW *hw, void *provctx)
diff --git a/providers/common/ciphers/cipher_gcm.c b/providers/common/ciphers/cipher_gcm.c
index 137ad5029c..59368dc81e 100644
--- a/providers/common/ciphers/cipher_gcm.c
+++ b/providers/common/ciphers/cipher_gcm.c
@@ -38,11 +38,6 @@ void gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits,
     ctx->libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
 }
 
-void gcm_deinitctx(PROV_GCM_CTX *ctx)
-{
-    OPENSSL_cleanse(ctx->iv, sizeof(ctx->iv));
-}
-
 static int gcm_init(void *vctx, const unsigned char *key, size_t keylen,
                     const unsigned char *iv, size_t ivlen, int enc)
 {
@@ -56,7 +51,7 @@ static int gcm_init(void *vctx, const unsigned char *key, size_t keylen,
             return 0;
         }
         ctx->ivlen = ivlen;
-        memcpy(ctx->iv, iv, ctx->ivlen);
+        memcpy(ctx->iv, iv, ivlen);
         ctx->iv_state = IV_STATE_BUFFERED;
     }
 
diff --git a/providers/common/ciphers/cipher_tdes.c b/providers/common/ciphers/cipher_tdes.c
index 004ebc7269..e5fa16358c 100644
--- a/providers/common/ciphers/cipher_tdes.c
+++ b/providers/common/ciphers/cipher_tdes.c
@@ -26,7 +26,7 @@ void *tdes_newctx(void *provctx, int mode, size_t kbits, size_t blkbits,
 
 void tdes_freectx(void *vctx)
 {
-    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
+    PROV_TDES_CTX *ctx = (PROV_TDES_CTX *)vctx;
 
     OPENSSL_clear_free(ctx,  sizeof(*ctx));
 }
@@ -39,11 +39,8 @@ static int tdes_init(void *vctx, const unsigned char *key, size_t keylen,
     ctx->enc = enc;
 
     if (iv != NULL) {
-        if (ivlen != TDES_IVLEN) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN);
+        if (!cipher_generic_initiv(ctx, iv, ivlen))
             return 0;
-        }
-        memcpy(ctx->iv, iv, TDES_IVLEN);
     }
 
     if (key != NULL) {
diff --git a/providers/common/include/internal/ciphers/cipher_ccm.h b/providers/common/include/internal/ciphers/cipher_ccm.h
index 757c22eb53..2214b5fc64 100644
--- a/providers/common/include/internal/ciphers/cipher_ccm.h
+++ b/providers/common/include/internal/ciphers/cipher_ccm.h
@@ -121,7 +121,6 @@ OSSL_OP_cipher_update_fn ccm_stream_update;
 OSSL_OP_cipher_final_fn ccm_stream_final;
 OSSL_OP_cipher_cipher_fn ccm_cipher;
 void ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw);
-void ccm_finalctx(PROV_CCM_CTX *ctx);
 
 int ccm_generic_setiv(PROV_CCM_CTX *ctx, const unsigned char *nonce,
                       size_t nlen, size_t mlen);
diff --git a/providers/common/include/internal/ciphers/cipher_gcm.h b/providers/common/include/internal/ciphers/cipher_gcm.h
index f4e2894fe2..711b40cdd4 100644
--- a/providers/common/include/internal/ciphers/cipher_gcm.h
+++ b/providers/common/include/internal/ciphers/cipher_gcm.h
@@ -139,7 +139,6 @@ OSSL_OP_cipher_set_ctx_params_fn gcm_set_ctx_params;
 OSSL_OP_cipher_cipher_fn gcm_cipher;
 OSSL_OP_cipher_update_fn gcm_stream_update;
 OSSL_OP_cipher_final_fn gcm_stream_final;
-void gcm_deinitctx(PROV_GCM_CTX *ctx);
 void gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits,
                  const PROV_GCM_HW *hw, size_t ivlen_min);
 
diff --git a/providers/common/include/internal/ciphers/ciphercommon.h b/providers/common/include/internal/ciphers/ciphercommon.h
index e30af4dfbf..21511a163c 100644
--- a/providers/common/include/internal/ciphers/ciphercommon.h
+++ b/providers/common/include/internal/ciphers/ciphercommon.h
@@ -40,12 +40,13 @@ struct prov_cipher_ctx_st {
     } stream;
 
     unsigned int mode;
-    size_t keylen;        /* key size (in bytes) */
+    size_t keylen;           /* key size (in bytes) */
     size_t ivlen;
     size_t blocksize;
-    size_t bufsz;         /* Number of bytes in buf */
-    unsigned int pad : 1; /* Whether padding should be used or not */
-    unsigned int enc : 1; /* Set to 1 for encrypt, or 0 otherwise */
+    size_t bufsz;            /* Number of bytes in buf */
+    unsigned int pad : 1;    /* Whether padding should be used or not */
+    unsigned int enc : 1;    /* Set to 1 for encrypt, or 0 otherwise */
+    unsigned int iv_set : 1; /* Set when the iv is copied to the iv/oiv buffers */
 
     /*
      * num contains the number of bytes of |iv| which are valid for modes that
@@ -54,6 +55,8 @@ struct prov_cipher_ctx_st {
     unsigned int num;
     uint64_t flags;
 
+    /* The original value of the iv */
+    unsigned char oiv[GENERIC_BLOCK_SIZE];
     /* Buffer of partial blocks processed via update calls */
     unsigned char buf[GENERIC_BLOCK_SIZE];
     unsigned char iv[GENERIC_BLOCK_SIZE];
@@ -254,6 +257,9 @@ const OSSL_PARAM * name##_settable_ctx_params(void)                            \
     return name##_known_settable_ctx_params;                                   \
 }
 
+int cipher_generic_initiv(PROV_CIPHER_CTX *ctx, const unsigned char *iv,
+                          size_t ivlen);
+
 size_t fillblock(unsigned char *buf, size_t *buflen, size_t blocksize,
                  const unsigned char **in, size_t *inlen);
 int trailingdata(unsigned char *buf, size_t *buflen, size_t blocksize,
diff --git a/providers/default/ciphers/cipher_aes_ocb.c b/providers/default/ciphers/cipher_aes_ocb.c
index 93df4a5dbc..95c0658fee 100644
--- a/providers/default/ciphers/cipher_aes_ocb.c
+++ b/providers/default/ciphers/cipher_aes_ocb.c
@@ -107,7 +107,8 @@ static int aes_ocb_init(void *vctx, const unsigned char *key, size_t keylen,
            }
            ctx->base.ivlen = ivlen;
        }
-       memcpy(ctx->base.iv, iv, ivlen);
+       if (!cipher_generic_initiv(&ctx->base, iv, ivlen))
+           return 0;
        ctx->iv_state = IV_STATE_BUFFERED;
    }
    if (key != NULL) {
@@ -287,7 +288,6 @@ static void aes_ocb_freectx(void *vctx)
 
     if (ctx != NULL) {
         aes_generic_ocb_cleanup(ctx);
-        OPENSSL_cleanse(ctx->base.iv, sizeof(ctx->base.iv));
         OPENSSL_clear_free(ctx,  sizeof(*ctx));
     }
 }
@@ -388,7 +388,7 @@ static int aes_ocb_get_ctx_params(void *vctx, OSSL_PARAM params[])
             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
             return 0;
         }
-        if (!OSSL_PARAM_set_octet_string(p, ctx->base.iv, ctx->base.ivlen)) {
+        if (!OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen)) {
             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
             return 0;
         }
diff --git a/providers/default/ciphers/cipher_aria_ccm.c b/providers/default/ciphers/cipher_aria_ccm.c
index 53b3defa9d..97e8137db8 100644
--- a/providers/default/ciphers/cipher_aria_ccm.c
+++ b/providers/default/ciphers/cipher_aria_ccm.c
@@ -27,7 +27,6 @@ static void aria_ccm_freectx(void *vctx)
 {
     PROV_ARIA_CCM_CTX *ctx = (PROV_ARIA_CCM_CTX *)vctx;
 
-    ccm_finalctx((PROV_CCM_CTX *)ctx);
     OPENSSL_clear_free(ctx,  sizeof(*ctx));
 }
 
diff --git a/providers/default/ciphers/cipher_aria_gcm.c b/providers/default/ciphers/cipher_aria_gcm.c
index 213fc147c8..7c9fa3d211 100644
--- a/providers/default/ciphers/cipher_aria_gcm.c
+++ b/providers/default/ciphers/cipher_aria_gcm.c
@@ -26,7 +26,6 @@ static void aria_gcm_freectx(void *vctx)
 {
     PROV_ARIA_GCM_CTX *ctx = (PROV_ARIA_GCM_CTX *)vctx;
 
-    gcm_deinitctx((PROV_GCM_CTX *)ctx);
     OPENSSL_clear_free(ctx,  sizeof(*ctx));
 }
 
diff --git a/providers/default/ciphers/cipher_des.c b/providers/default/ciphers/cipher_des.c
index c4eb10be15..4530114187 100644
--- a/providers/default/ciphers/cipher_des.c
+++ b/providers/default/ciphers/cipher_des.c
@@ -36,7 +36,7 @@ static void *des_newctx(void *provctx, size_t kbits, size_t blkbits,
 
 static void des_freectx(void *vctx)
 {
-    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
+    PROV_DES_CTX *ctx = (PROV_DES_CTX *)vctx;
 
     OPENSSL_clear_free(ctx,  sizeof(*ctx));
 }
@@ -49,11 +49,8 @@ static int des_init(void *vctx, const unsigned char *key, size_t keylen,
     ctx->enc = enc;
 
     if (iv != NULL) {
-        if (ivlen != ctx->ivlen) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN);
+        if (!cipher_generic_initiv(ctx, iv, ivlen))
             return 0;
-        }
-        memcpy(ctx->iv, iv, ivlen);
     }
 
     if (key != NULL) {
author	Shane Lontis <shane.lontis@oracle.com>	2019-10-08 09:19:10 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2019-10-08 09:19:10 +1000
commit	089cb623be76b88a1eea6fcd135101037661bbc3 (patch)
tree	c44618bc24f5def6e4d35342103855702f030134 /providers
parent	9a6abb95be42b88c7c5ebc8c97f14afdc5919aa1 (diff)