From 344cfa34e5b07f8b8b7f1e70f47f5d265c9c1185 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 10 Apr 2019 13:23:58 +0100 Subject: Add iv length and key length params to the cipher init calls Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8700) --- crypto/evp/evp_enc.c | 12 ++++++++++-- include/openssl/core_numbers.h | 8 ++++++-- providers/common/ciphers/aes.c | 34 ++++++++++++++++++++++++---------- 3 files changed, 40 insertions(+), 14 deletions(-) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 31e590bd95..6d4e033816 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -241,7 +241,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, return 0; } - return ctx->cipher->einit(ctx->provctx, key, iv); + return ctx->cipher->einit(ctx->provctx, + key, + EVP_CIPHER_CTX_key_length(ctx), + iv, + EVP_CIPHER_CTX_iv_length(ctx)); } if (ctx->cipher->dinit == NULL) { @@ -249,7 +253,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, return 0; } - return ctx->cipher->dinit(ctx->provctx, key, iv); + return ctx->cipher->dinit(ctx->provctx, + key, + EVP_CIPHER_CTX_key_length(ctx), + iv, + EVP_CIPHER_CTX_iv_length(ctx)); /* TODO(3.0): Remove legacy code below */ legacy: diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 8994374567..e56909aa03 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -126,10 +126,14 @@ OSSL_CORE_MAKE_FUNC(size_t, OP_digest_block_size, (void)) OSSL_CORE_MAKE_FUNC(void *, OP_cipher_newctx, (void)) OSSL_CORE_MAKE_FUNC(int, OP_cipher_encrypt_init, (void *vctx, const unsigned char *key, - const unsigned char *iv)) + size_t keylen, + const unsigned char *iv, + size_t ivlen)) OSSL_CORE_MAKE_FUNC(int, OP_cipher_decrypt_init, (void *vctx, const unsigned char *key, - const unsigned char *iv)) + size_t keylen, + const unsigned char *iv, + size_t ivlen)) OSSL_CORE_MAKE_FUNC(int, OP_cipher_update, (void *, unsigned char *out, size_t *outl, const unsigned char *in, size_t inl)) diff --git a/providers/common/ciphers/aes.c b/providers/common/ciphers/aes.c index 285fea6ea9..21ecc2b14a 100644 --- a/providers/common/ciphers/aes.c +++ b/providers/common/ciphers/aes.c @@ -17,35 +17,49 @@ #include "internal/provider_algs.h" #include "ciphers_locl.h" -static void PROV_AES_KEY_generic_init(PROV_AES_KEY *ctx, +static int PROV_AES_KEY_generic_init(PROV_AES_KEY *ctx, const unsigned char *iv, + size_t ivlen, int enc) { - if (iv != NULL) + if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) { + if (ivlen != AES_BLOCK_SIZE) + return 0; memcpy(ctx->iv, iv, AES_BLOCK_SIZE); + } ctx->enc = enc; + + return 1; } -static int aes_einit(void *vctx, const unsigned char *key, - const unsigned char *iv) +static int aes_einit(void *vctx, const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen) { PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - PROV_AES_KEY_generic_init(ctx, iv, 1); - if (key != NULL) + if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 1)) + return 0; + if (key != NULL) { + if (keylen != ctx->keylen) + return 0; return ctx->ciph->init(ctx, key, ctx->keylen); + } return 1; } -static int aes_dinit(void *vctx, const unsigned char *key, - const unsigned char *iv) +static int aes_dinit(void *vctx, const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen) { PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - PROV_AES_KEY_generic_init(ctx, iv, 0); - if (key != NULL) + if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 0)) + return 0; + if (key != NULL) { + if (keylen != ctx->keylen) + return 0; return ctx->ciph->init(ctx, key, ctx->keylen); + } return 1; } -- cgit v1.2.3