From 320d96a32c16de1adbf11f76819fe738f24665b1 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Mon, 1 Jun 2020 14:33:54 -0700 Subject: [PATCH] Set cipher IV as octet string and pointer from providers OSSL_CIPHER_PARAM_IV can be accessed both as an octet string and as an octet pointer (for routines like EVP_CIPHER_CTX_iv() that are in a nebulous undocumented-and-might-go-away-eventually state), the latter for when there is need to modify the actual value in the provider. Make sure that we consistently try to set it as both the string and pointer forms (not just octet string) and only fail if neither version succeeds. The generic cipher get_ctx_params routine was already doing so, but the AES-variant-, GCM-, and CCM-specific ones were not. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12039) --- providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c | 3 ++- providers/implementations/ciphers/cipher_aes_ocb.c | 3 ++- providers/implementations/ciphers/ciphercommon_ccm.c | 3 ++- providers/implementations/ciphers/ciphercommon_gcm.c | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c index 34bd3c151f..ece4341a3f 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c @@ -229,7 +229,8 @@ static int aes_get_ctx_params(void *vctx, OSSL_PARAM params[]) } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); if (p != NULL - && !OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen)) { + && !OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen) + && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.oiv, ctx->base.ivlen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } diff --git a/providers/implementations/ciphers/cipher_aes_ocb.c b/providers/implementations/ciphers/cipher_aes_ocb.c index 859f3524a4..681eb9ee70 100644 --- a/providers/implementations/ciphers/cipher_aes_ocb.c +++ b/providers/implementations/ciphers/cipher_aes_ocb.c @@ -405,7 +405,8 @@ static int aes_ocb_get_ctx_params(void *vctx, OSSL_PARAM params[]) ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); return 0; } - if (!OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen)) { + if (!OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen) + && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.oiv, ctx->base.ivlen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } diff --git a/providers/implementations/ciphers/ciphercommon_ccm.c b/providers/implementations/ciphers/ciphercommon_ccm.c index 80c2230d96..3825a0741c 100644 --- a/providers/implementations/ciphers/ciphercommon_ccm.c +++ b/providers/implementations/ciphers/ciphercommon_ccm.c @@ -164,7 +164,8 @@ int ccm_get_ctx_params(void *vctx, OSSL_PARAM params[]) ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN); return 0; } - if (!OSSL_PARAM_set_octet_string(p, ctx->iv, p->data_size)) { + if (!OSSL_PARAM_set_octet_string(p, ctx->iv, p->data_size) + && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, p->data_size)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c index c6d53de41e..06fbbd07aa 100644 --- a/providers/implementations/ciphers/ciphercommon_gcm.c +++ b/providers/implementations/ciphers/ciphercommon_gcm.c @@ -160,7 +160,8 @@ int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); return 0; } - if (!OSSL_PARAM_set_octet_string(p, ctx->iv, ctx->ivlen)) { + if (!OSSL_PARAM_set_octet_string(p, ctx->iv, ctx->ivlen) + && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } -- 2.25.1