提交 2eb2b4f3 编写于 作者: S Shane Lontis 提交者: Pauli

Key zeroization fix for EVP_SealInit + added simple test

Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7105)
上级 544648a8
......@@ -21,6 +21,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
{
unsigned char key[EVP_MAX_KEY_LENGTH];
int i;
int rv = 0;
if (type) {
EVP_CIPHER_CTX_reset(ctx);
......@@ -31,21 +32,27 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
return 1;
if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
return 0;
if (EVP_CIPHER_CTX_iv_length(ctx)
&& RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)
return 0;
&& RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)
goto err;
if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
return 0;
goto err;
for (i = 0; i < npubk; i++) {
ekl[i] =
EVP_PKEY_encrypt_old(ek[i], key, EVP_CIPHER_CTX_key_length(ctx),
pubk[i]);
if (ekl[i] <= 0)
return -1;
if (ekl[i] <= 0) {
rv = -1;
goto err;
}
}
return npubk;
rv = npubk;
err:
OPENSSL_cleanse(key, sizeof(key));
return rv;
}
int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
......
......@@ -356,6 +356,50 @@ end:
return ret;
}
static int test_EVP_Enveloped(void)
{
int ret = 0;
EVP_CIPHER_CTX *ctx = NULL;
EVP_PKEY *keypair = NULL;
unsigned char *kek = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
int len, kek_len, ciphertext_len, plaintext_len;
unsigned char ciphertext[32], plaintext[16];
const EVP_CIPHER *type = EVP_aes_256_cbc();
if (!TEST_ptr(keypair = load_example_rsa_key())
|| !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
|| !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
|| !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
&keypair, 1))
|| !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
msg, sizeof(msg)))
|| !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
&len)))
goto err;
ciphertext_len += len;
if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
|| !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
ciphertext, ciphertext_len))
|| !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
goto err;
plaintext_len += len;
if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
goto err;
ret = 1;
err:
OPENSSL_free(kek);
EVP_PKEY_free(keypair);
EVP_CIPHER_CTX_free(ctx);
return ret;
}
static int test_EVP_DigestSignInit(void)
{
int ret = 0;
......@@ -781,6 +825,7 @@ int setup_tests(void)
{
ADD_TEST(test_EVP_DigestSignInit);
ADD_TEST(test_EVP_DigestVerifyInit);
ADD_TEST(test_EVP_Enveloped);
ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
#ifndef OPENSSL_NO_EC
ADD_TEST(test_EVP_PKCS82PKEY);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册