From 0ca5cf989101cae6ffeaef3518e99839fbccb9ba Mon Sep 17 00:00:00 2001 From: Neil Horman Date: Tue, 12 Sep 2023 17:09:06 -0400 Subject: Fix a key repointing in various ciphers In the dupctx fixups I missed a pointer that needed to be repointed to the surrounding structures AES_KEY structure for the sm4/aes/aria ccm/gcm variants. This caused a colliding use of the key and possible use after free issues. Fixes #22076 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/22102) --- providers/implementations/ciphers/cipher_aes_gcm.c | 8 +++++++- providers/implementations/ciphers/cipher_aria_ccm.c | 8 +++++++- providers/implementations/ciphers/cipher_aria_gcm.c | 8 +++++++- providers/implementations/ciphers/cipher_sm4_ccm.c | 8 +++++++- providers/implementations/ciphers/cipher_sm4_gcm.c | 8 +++++++- 5 files changed, 35 insertions(+), 5 deletions(-) (limited to 'providers') diff --git a/providers/implementations/ciphers/cipher_aes_gcm.c b/providers/implementations/ciphers/cipher_aes_gcm.c index 0a15693cc1..edc3cc262e 100644 --- a/providers/implementations/ciphers/cipher_aes_gcm.c +++ b/providers/implementations/ciphers/cipher_aes_gcm.c @@ -37,10 +37,16 @@ static void *aes_gcm_newctx(void *provctx, size_t keybits) static void *aes_gcm_dupctx(void *provctx) { PROV_AES_GCM_CTX *ctx = provctx; + PROV_AES_GCM_CTX *dctx = NULL; if (ctx == NULL) return NULL; - return OPENSSL_memdup(ctx, sizeof(*ctx)); + + dctx = OPENSSL_memdup(ctx, sizeof(*ctx)); + if (dctx != NULL && dctx->base.gcm.key != NULL) + dctx->base.gcm.key = &dctx->ks.ks; + + return dctx; } static OSSL_FUNC_cipher_freectx_fn aes_gcm_freectx; diff --git a/providers/implementations/ciphers/cipher_aria_ccm.c b/providers/implementations/ciphers/cipher_aria_ccm.c index 39a96a6f14..5fae593469 100644 --- a/providers/implementations/ciphers/cipher_aria_ccm.c +++ b/providers/implementations/ciphers/cipher_aria_ccm.c @@ -31,10 +31,16 @@ static void *aria_ccm_newctx(void *provctx, size_t keybits) static void *aria_ccm_dupctx(void *provctx) { PROV_ARIA_CCM_CTX *ctx = provctx; + PROV_ARIA_CCM_CTX *dctx = NULL; if (ctx == NULL) return NULL; - return OPENSSL_memdup(ctx, sizeof(*ctx)); + + dctx = OPENSSL_memdup(ctx, sizeof(*ctx)); + if (dctx != NULL && dctx->base.ccm_ctx.key != NULL) + dctx->base.ccm_ctx.key = &dctx->ks.ks; + + return dctx; } static void aria_ccm_freectx(void *vctx) diff --git a/providers/implementations/ciphers/cipher_aria_gcm.c b/providers/implementations/ciphers/cipher_aria_gcm.c index 6ffa0910fa..f9eb64cc19 100644 --- a/providers/implementations/ciphers/cipher_aria_gcm.c +++ b/providers/implementations/ciphers/cipher_aria_gcm.c @@ -30,10 +30,16 @@ static void *aria_gcm_newctx(void *provctx, size_t keybits) static void *aria_gcm_dupctx(void *provctx) { PROV_ARIA_GCM_CTX *ctx = provctx; + PROV_ARIA_GCM_CTX *dctx = NULL; if (ctx == NULL) return NULL; - return OPENSSL_memdup(ctx, sizeof(*ctx)); + + dctx = OPENSSL_memdup(ctx, sizeof(*ctx)); + if (dctx != NULL && dctx->base.gcm.key != NULL) + dctx->base.gcm.key = &dctx->ks.ks; + + return dctx; } static OSSL_FUNC_cipher_freectx_fn aria_gcm_freectx; diff --git a/providers/implementations/ciphers/cipher_sm4_ccm.c b/providers/implementations/ciphers/cipher_sm4_ccm.c index 5fd7d1a114..47fc6e103c 100644 --- a/providers/implementations/ciphers/cipher_sm4_ccm.c +++ b/providers/implementations/ciphers/cipher_sm4_ccm.c @@ -31,10 +31,16 @@ static void *sm4_ccm_newctx(void *provctx, size_t keybits) static void *sm4_ccm_dupctx(void *provctx) { PROV_SM4_CCM_CTX *ctx = provctx; + PROV_SM4_CCM_CTX *dctx = NULL; if (ctx == NULL) return NULL; - return OPENSSL_memdup(ctx, sizeof(*ctx)); + + dctx = OPENSSL_memdup(ctx, sizeof(*ctx)); + if (dctx != NULL && dctx->base.ccm_ctx.key != NULL) + dctx->base.ccm_ctx.key = &dctx->ks.ks; + + return dctx; } static void sm4_ccm_freectx(void *vctx) diff --git a/providers/implementations/ciphers/cipher_sm4_gcm.c b/providers/implementations/ciphers/cipher_sm4_gcm.c index 79e1b556d4..e8fcf5787e 100644 --- a/providers/implementations/ciphers/cipher_sm4_gcm.c +++ b/providers/implementations/ciphers/cipher_sm4_gcm.c @@ -32,10 +32,16 @@ static void *sm4_gcm_newctx(void *provctx, size_t keybits) static void *sm4_gcm_dupctx(void *provctx) { PROV_SM4_GCM_CTX *ctx = provctx; + PROV_SM4_GCM_CTX *dctx = NULL; if (ctx == NULL) return NULL; - return OPENSSL_memdup(ctx, sizeof(*ctx)); + + dctx = OPENSSL_memdup(ctx, sizeof(*ctx)); + if (dctx != NULL && dctx->base.gcm.key != NULL) + dctx->base.gcm.key = &dctx->ks.ks; + + return dctx; } static void sm4_gcm_freectx(void *vctx) -- cgit v1.2.3-70-g09d2