Fix a key repointing in various ciphers

In the dupctx fixups I missed a pointer that needed to be repointed to the surrounding structures AES_KEY structure for the sm4/aes/aria ccm/gcm variants. This caused a colliding use of the key and possible use after free issues. Fixes #22076 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22102)
2023-09-12 17:09:06 -04:00 · 2023-09-12 17:09:06 -04:00 · 0ca5cf9891
parent bbb6d620f6
commit 0ca5cf9891
5 changed files with 35 additions and 5 deletions
--- a/providers/implementations/ciphers/cipher_aes_gcm.c
+++ b/providers/implementations/ciphers/cipher_aes_gcm.c
@ -37,10 +37,16 @@ static void *aes_gcm_newctx(void *provctx, size_t keybits)
 static void *aes_gcm_dupctx(void *provctx)
 {
    PROV_AES_GCM_CTX *ctx = provctx;
+    PROV_AES_GCM_CTX *dctx = NULL;

    if (ctx == NULL)
        return NULL;
-    return OPENSSL_memdup(ctx, sizeof(*ctx));
+
+    dctx = OPENSSL_memdup(ctx, sizeof(*ctx));
+    if (dctx != NULL && dctx->base.gcm.key != NULL)
+        dctx->base.gcm.key = &dctx->ks.ks;
+
+    return dctx;
 }

 static OSSL_FUNC_cipher_freectx_fn aes_gcm_freectx;
--- a/providers/implementations/ciphers/cipher_aria_ccm.c
+++ b/providers/implementations/ciphers/cipher_aria_ccm.c
@ -31,10 +31,16 @@ static void *aria_ccm_newctx(void *provctx, size_t keybits)
 static void *aria_ccm_dupctx(void *provctx)
 {
    PROV_ARIA_CCM_CTX *ctx = provctx;
+    PROV_ARIA_CCM_CTX *dctx = NULL;

    if (ctx == NULL)
        return NULL;
-    return OPENSSL_memdup(ctx, sizeof(*ctx));
+
+    dctx = OPENSSL_memdup(ctx, sizeof(*ctx));
+    if (dctx != NULL && dctx->base.ccm_ctx.key != NULL)
+        dctx->base.ccm_ctx.key = &dctx->ks.ks;
+
+    return dctx;
 }

 static void aria_ccm_freectx(void *vctx)
--- a/providers/implementations/ciphers/cipher_aria_gcm.c
+++ b/providers/implementations/ciphers/cipher_aria_gcm.c
@ -30,10 +30,16 @@ static void *aria_gcm_newctx(void *provctx, size_t keybits)
 static void *aria_gcm_dupctx(void *provctx)
 {
    PROV_ARIA_GCM_CTX *ctx = provctx;
+    PROV_ARIA_GCM_CTX *dctx = NULL;

    if (ctx == NULL)
        return NULL;
-    return OPENSSL_memdup(ctx, sizeof(*ctx));
+
+    dctx =  OPENSSL_memdup(ctx, sizeof(*ctx));
+    if (dctx != NULL && dctx->base.gcm.key != NULL)
+        dctx->base.gcm.key = &dctx->ks.ks;
+
+    return dctx;
 }

 static OSSL_FUNC_cipher_freectx_fn aria_gcm_freectx;
--- a/providers/implementations/ciphers/cipher_sm4_ccm.c
+++ b/providers/implementations/ciphers/cipher_sm4_ccm.c
@ -31,10 +31,16 @@ static void *sm4_ccm_newctx(void *provctx, size_t keybits)
 static void *sm4_ccm_dupctx(void *provctx)
 {
    PROV_SM4_CCM_CTX *ctx = provctx;
+    PROV_SM4_CCM_CTX *dctx = NULL;

    if (ctx == NULL)
        return NULL;
-    return OPENSSL_memdup(ctx, sizeof(*ctx));
+
+    dctx = OPENSSL_memdup(ctx, sizeof(*ctx));
+    if (dctx != NULL && dctx->base.ccm_ctx.key != NULL)
+        dctx->base.ccm_ctx.key = &dctx->ks.ks;
+
+    return dctx;
 }

 static void sm4_ccm_freectx(void *vctx)
--- a/providers/implementations/ciphers/cipher_sm4_gcm.c
+++ b/providers/implementations/ciphers/cipher_sm4_gcm.c
@ -32,10 +32,16 @@ static void *sm4_gcm_newctx(void *provctx, size_t keybits)
 static void *sm4_gcm_dupctx(void *provctx)
 {
    PROV_SM4_GCM_CTX *ctx = provctx;
+    PROV_SM4_GCM_CTX *dctx = NULL;

    if (ctx == NULL)
        return NULL;
-    return OPENSSL_memdup(ctx, sizeof(*ctx));
+
+    dctx = OPENSSL_memdup(ctx, sizeof(*ctx));
+    if (dctx != NULL && dctx->base.gcm.key != NULL)
+        dctx->base.gcm.key = &dctx->ks.ks;
+
+    return dctx;
 }

 static void sm4_gcm_freectx(void *vctx)