From 2eb2b4f3a12d0b8807447913a3b16f21104c701b Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Thu, 6 Sep 2018 08:34:45 +1000 Subject: [PATCH] Key zeroization fix for EVP_SealInit + added simple test Reviewed-by: Nicola Tuveri Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7105) --- crypto/evp/p_seal.c | 19 ++++++++++++------ test/evp_extra_test.c | 45 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 6 deletions(-) diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c index 50ea60235a..0fc84f301a 100644 --- a/crypto/evp/p_seal.c +++ b/crypto/evp/p_seal.c @@ -21,6 +21,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, { unsigned char key[EVP_MAX_KEY_LENGTH]; int i; + int rv = 0; if (type) { EVP_CIPHER_CTX_reset(ctx); @@ -31,21 +32,27 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, return 1; if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) return 0; + if (EVP_CIPHER_CTX_iv_length(ctx) - && RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0) - return 0; + && RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0) + goto err; if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) - return 0; + goto err; for (i = 0; i < npubk; i++) { ekl[i] = EVP_PKEY_encrypt_old(ek[i], key, EVP_CIPHER_CTX_key_length(ctx), pubk[i]); - if (ekl[i] <= 0) - return -1; + if (ekl[i] <= 0) { + rv = -1; + goto err; + } } - return npubk; + rv = npubk; +err: + OPENSSL_cleanse(key, sizeof(key)); + return rv; } int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index b7b78f5dd2..33a957f791 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -356,6 +356,50 @@ end: return ret; } +static int test_EVP_Enveloped(void) +{ + int ret = 0; + EVP_CIPHER_CTX *ctx = NULL; + EVP_PKEY *keypair = NULL; + unsigned char *kek = NULL; + unsigned char iv[EVP_MAX_IV_LENGTH]; + static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 }; + int len, kek_len, ciphertext_len, plaintext_len; + unsigned char ciphertext[32], plaintext[16]; + const EVP_CIPHER *type = EVP_aes_256_cbc(); + + if (!TEST_ptr(keypair = load_example_rsa_key()) + || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair))) + || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv, + &keypair, 1)) + || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len, + msg, sizeof(msg))) + || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len, + &len))) + goto err; + + ciphertext_len += len; + + if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair)) + || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len, + ciphertext, ciphertext_len)) + || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len))) + goto err; + + plaintext_len += len; + if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len)) + goto err; + + ret = 1; +err: + OPENSSL_free(kek); + EVP_PKEY_free(keypair); + EVP_CIPHER_CTX_free(ctx); + return ret; +} + + static int test_EVP_DigestSignInit(void) { int ret = 0; @@ -781,6 +825,7 @@ int setup_tests(void) { ADD_TEST(test_EVP_DigestSignInit); ADD_TEST(test_EVP_DigestVerifyInit); + ADD_TEST(test_EVP_Enveloped); ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); #ifndef OPENSSL_NO_EC ADD_TEST(test_EVP_PKCS82PKEY); -- 2.25.1