In the dupctx fixups I missed a pointer that needed to be repointed to
the surrounding structures AES_KEY structure for the sm4/aes/aria
ccm/gcm variants. This caused a colliding use of the key and possible
use after free issues.
Fixes #22076
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23102)
(cherry picked from commit
0398bc20080de037a8433fe81cfdef3ba0ec9d4c)
static void *aes_gcm_dupctx(void *provctx)
{
PROV_AES_GCM_CTX *ctx = provctx;
+ PROV_AES_GCM_CTX *dctx = NULL;
if (ctx == NULL)
return NULL;
- return OPENSSL_memdup(ctx, sizeof(*ctx));
+
+ dctx = OPENSSL_memdup(ctx, sizeof(*ctx));
+ if (dctx != NULL && dctx->base.gcm.key != NULL)
+ dctx->base.gcm.key = &dctx->ks.ks;
+
+ return dctx;
}
static OSSL_FUNC_cipher_freectx_fn aes_gcm_freectx;
static void *aria_ccm_dupctx(void *provctx)
{
PROV_ARIA_CCM_CTX *ctx = provctx;
+ PROV_ARIA_CCM_CTX *dctx = NULL;
if (ctx == NULL)
return NULL;
- return OPENSSL_memdup(ctx, sizeof(*ctx));
+
+ dctx = OPENSSL_memdup(ctx, sizeof(*ctx));
+ if (dctx != NULL && dctx->base.ccm_ctx.key != NULL)
+ dctx->base.ccm_ctx.key = &dctx->ks.ks;
+
+ return dctx;
}
static void aria_ccm_freectx(void *vctx)
static void *aria_gcm_dupctx(void *provctx)
{
PROV_ARIA_GCM_CTX *ctx = provctx;
+ PROV_ARIA_GCM_CTX *dctx = NULL;
if (ctx == NULL)
return NULL;
- return OPENSSL_memdup(ctx, sizeof(*ctx));
+
+ dctx = OPENSSL_memdup(ctx, sizeof(*ctx));
+ if (dctx != NULL && dctx->base.gcm.key != NULL)
+ dctx->base.gcm.key = &dctx->ks.ks;
+
+ return dctx;
}
static OSSL_FUNC_cipher_freectx_fn aria_gcm_freectx;