Commit 2eb2b4f3 authored by Shane Lontis's avatar Shane Lontis Committed by Pauli
Browse files

Key zeroization fix for EVP_SealInit + added simple test 



Reviewed-by: default avatarNicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7105)
parent 544648a8

crypto/evp/p_seal.c

+13 −6
Original line number Diff line number Diff line
@@ -21,6 +21,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 
{

    unsigned char key[EVP_MAX_KEY_LENGTH];

    int i;

    int rv = 0;



    if (type) {

        EVP_CIPHER_CTX_reset(ctx);
@@ -31,21 +32,27 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 
        return 1;

    if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)

        return 0;



    if (EVP_CIPHER_CTX_iv_length(ctx)

            && RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)

        return 0;

        goto err;



    if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))

        return 0;

        goto err;



    for (i = 0; i < npubk; i++) {

        ekl[i] =

            EVP_PKEY_encrypt_old(ek[i], key, EVP_CIPHER_CTX_key_length(ctx),

                                 pubk[i]);

        if (ekl[i] <= 0)

            return -1;

        if (ekl[i] <= 0) {

            rv = -1;

            goto err;

        }

    }

    return npubk;

    rv = npubk;

err:

    OPENSSL_cleanse(key, sizeof(key));

    return rv;

}



int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)

test/evp_extra_test.c

+45 −0
Original line number Diff line number Diff line
@@ -356,6 +356,50 @@ end: 
    return ret;

}



static int test_EVP_Enveloped(void)

{

    int ret = 0;

    EVP_CIPHER_CTX *ctx = NULL;

    EVP_PKEY *keypair = NULL;

    unsigned char *kek = NULL;

    unsigned char iv[EVP_MAX_IV_LENGTH];

    static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };

    int len, kek_len, ciphertext_len, plaintext_len;

    unsigned char ciphertext[32], plaintext[16];

    const EVP_CIPHER *type = EVP_aes_256_cbc();



    if (!TEST_ptr(keypair = load_example_rsa_key())

            || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))

            || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())

            || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,

                                       &keypair, 1))

            || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,

                                         msg, sizeof(msg)))

            || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,

                                        &len)))

        goto err;



    ciphertext_len += len;



    if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))

            || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,

                                         ciphertext, ciphertext_len))

            || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))

        goto err;



    plaintext_len += len;

    if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))

        goto err;



    ret = 1;

err:

    OPENSSL_free(kek);

    EVP_PKEY_free(keypair);

    EVP_CIPHER_CTX_free(ctx);

    return ret;

}





static int test_EVP_DigestSignInit(void)

{

    int ret = 0;
@@ -781,6 +825,7 @@ int setup_tests(void) 
{

    ADD_TEST(test_EVP_DigestSignInit);

    ADD_TEST(test_EVP_DigestVerifyInit);

    ADD_TEST(test_EVP_Enveloped);

    ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));

#ifndef OPENSSL_NO_EC

    ADD_TEST(test_EVP_PKCS82PKEY);