Fix copy for CCM, GCM and XTS.

Internal pointers in CCM, GCM and XTS contexts should either be
NULL or set to point to the appropriate key schedule. This needs
to be adjusted when copying contexts.

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 6baa87e856d8521120905c9af91e662b0f33c68d..504c75f8d12c518d55113a14b2acfe81718efa05 100644 (file)
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -1302,6 +1302,12 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
                {
                        EVP_CIPHER_CTX *out = ptr;
                        EVP_AES_GCM_CTX *gctx_out = out->cipher_data;
+                       if (gctx->gcm.key)
+                               {
+                               if (gctx->gcm.key != &gctx->ks)
+                                       return 0;
+                               gctx_out->gcm.key = &gctx_out->ks;
+                               }
                        if (gctx->iv == c->iv)
                                gctx_out->iv = out->iv;
                        else
@@ -1716,7 +1722,25 @@ BLOCK_CIPHER_custom(NID_aes,256,1,12,gcm,GCM,
 static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
        {
        EVP_AES_XTS_CTX *xctx = c->cipher_data;
-       if (type != EVP_CTRL_INIT)
+       if (type == EVP_CTRL_COPY)
+               {
+               EVP_CIPHER_CTX *out = ptr;
+               EVP_AES_XTS_CTX *xctx_out = out->cipher_data;
+               if (xctx->xts.key1)
+                       {
+                       if (xctx->xts.key1 != &xctx->ks1)
+                               return 0;
+                       xctx_out->xts.key1 = &xctx_out->ks1;
+                       }
+               if (xctx->xts.key2)
+                       {
+                       if (xctx->xts.key2 != &xctx->ks2)
+                               return 0;
+                       xctx_out->xts.key2 = &xctx_out->ks2;
+                       }
+               return 1;
+               }
+       else if (type != EVP_CTRL_INIT)
                return -1;
        /* key1 and key2 are used as an indicator both key and IV are set */
        xctx->xts.key1 = NULL;
@@ -1848,7 +1872,8 @@ static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 #define aes_xts_cleanup NULL
 
 #define XTS_FLAGS      (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \
-                        | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT)
+                        | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
+                        | EVP_CIPH_CUSTOM_COPY)
 
 BLOCK_CIPHER_custom(NID_aes,128,1,16,xts,XTS,EVP_CIPH_FLAG_FIPS|XTS_FLAGS)
 BLOCK_CIPHER_custom(NID_aes,256,1,16,xts,XTS,EVP_CIPH_FLAG_FIPS|XTS_FLAGS)
@@ -1898,6 +1923,19 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
                cctx->len_set = 0;
                return 1;
 
+       case EVP_CTRL_COPY:
+               {
+                       EVP_CIPHER_CTX *out = ptr;
+                       EVP_AES_CCM_CTX *cctx_out = out->cipher_data;
+                       if (cctx->ccm.key)
+                               {
+                               if (cctx->ccm.key != &cctx->ks)
+                                       return 0;
+                               cctx_out->ccm.key = &cctx_out->ks;
+                               }
+                       return 1;
+               }
+
        default:
                return -1;