Fix a key repointing in various ciphers

In the dupctx fixups I missed a pointer that needed to be repointed to
the surrounding structures AES_KEY structure for the sm4/aes/aria
ccm/gcm variants.  This caused a colliding use of the key and possible
use after free issues.

Fixes #22076

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23102)

(cherry picked from commit 0398bc20080de037a8433fe81cfdef3ba0ec9d4c)

diff --git a/providers/implementations/ciphers/cipher_aes_gcm.c b/providers/implementations/ciphers/cipher_aes_gcm.c
index 0a15693cc1a4cf6b109868243d61f9f7f335ee98..edc3cc262ef958133f4d50b0aa9ce6e5e0544c80 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_gcm.c
+++ b/providers/implementations/ciphers/cipher_aes_gcm.c
@@ -37,10 +37,16 @@ static void *aes_gcm_newctx(void *provctx, size_t keybits)
 static void *aes_gcm_dupctx(void *provctx)
 {
     PROV_AES_GCM_CTX *ctx = provctx;
+    PROV_AES_GCM_CTX *dctx = NULL;
 
     if (ctx == NULL)
         return NULL;
-    return OPENSSL_memdup(ctx, sizeof(*ctx));
+
+    dctx = OPENSSL_memdup(ctx, sizeof(*ctx));
+    if (dctx != NULL && dctx->base.gcm.key != NULL)
+        dctx->base.gcm.key = &dctx->ks.ks;
+
+    return dctx;
 }
 
 static OSSL_FUNC_cipher_freectx_fn aes_gcm_freectx;

diff --git a/providers/implementations/ciphers/cipher_aria_ccm.c b/providers/implementations/ciphers/cipher_aria_ccm.c
index 39a96a6f1404d6b7281befb7e2d04e1b6e309f07..5fae5934698a2d7a43ec43a156c8386623a0a94e 100644 (file)
--- a/providers/implementations/ciphers/cipher_aria_ccm.c
+++ b/providers/implementations/ciphers/cipher_aria_ccm.c
@@ -31,10 +31,16 @@ static void *aria_ccm_newctx(void *provctx, size_t keybits)
 static void *aria_ccm_dupctx(void *provctx)
 {
     PROV_ARIA_CCM_CTX *ctx = provctx;
+    PROV_ARIA_CCM_CTX *dctx = NULL;
 
     if (ctx == NULL)
         return NULL;
-    return OPENSSL_memdup(ctx, sizeof(*ctx));
+
+    dctx = OPENSSL_memdup(ctx, sizeof(*ctx));
+    if (dctx != NULL && dctx->base.ccm_ctx.key != NULL)
+        dctx->base.ccm_ctx.key = &dctx->ks.ks;
+
+    return dctx;
 }
 
 static void aria_ccm_freectx(void *vctx)

diff --git a/providers/implementations/ciphers/cipher_aria_gcm.c b/providers/implementations/ciphers/cipher_aria_gcm.c
index 6ffa0910fa21ddb799714ace09373af5db9dea45..f9eb64cc194f6f1b5a307adaca2d166bd4ce4ec2 100644 (file)
--- a/providers/implementations/ciphers/cipher_aria_gcm.c
+++ b/providers/implementations/ciphers/cipher_aria_gcm.c
@@ -30,10 +30,16 @@ static void *aria_gcm_newctx(void *provctx, size_t keybits)
 static void *aria_gcm_dupctx(void *provctx)
 {
     PROV_ARIA_GCM_CTX *ctx = provctx;
+    PROV_ARIA_GCM_CTX *dctx = NULL;
 
     if (ctx == NULL)
         return NULL;
-    return OPENSSL_memdup(ctx, sizeof(*ctx));
+
+    dctx =  OPENSSL_memdup(ctx, sizeof(*ctx));
+    if (dctx != NULL && dctx->base.gcm.key != NULL)
+        dctx->base.gcm.key = &dctx->ks.ks;
+
+    return dctx;
 }
 
 static OSSL_FUNC_cipher_freectx_fn aria_gcm_freectx;