From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 1 Nov 2023 15:54:58 +0000 (+0100)
Subject: update/final: Return error if key is not set
X-Git-Tag: openssl-3.3.0-alpha1~673
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3a95d1e41abf2e8eb0f6f07003bac844950bfaae;p=thirdparty%2Fopenssl.git

update/final: Return error if key is not set

Also make sure the key is not set if the key
length is changed on the context after the key was
set previously.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22590)
---

diff --git a/providers/implementations/ciphers/cipher_des.c b/providers/implementations/ciphers/cipher_des.c
index ca2a924a917..e2c890979ea 100644
--- a/providers/implementations/ciphers/cipher_des.c
+++ b/providers/implementations/ciphers/cipher_des.c
@@ -96,6 +96,7 @@ static int des_init(void *vctx, const unsigned char *key, size_t keylen,
         }
         if (!ctx->hw->init(ctx, key, keylen))
             return 0;
+        ctx->key_set = 1;
     }
     return ossl_cipher_generic_set_ctx_params(ctx, params);
 }
diff --git a/providers/implementations/ciphers/cipher_tdes_common.c b/providers/implementations/ciphers/cipher_tdes_common.c
index ceaa0f9821a..c80d9f16b1e 100644
--- a/providers/implementations/ciphers/cipher_tdes_common.c
+++ b/providers/implementations/ciphers/cipher_tdes_common.c
@@ -90,6 +90,7 @@ static int tdes_init(void *vctx, const unsigned char *key, size_t keylen,
         }
         if (!ctx->hw->init(ctx, key, ctx->keylen))
             return 0;
+        ctx->key_set = 1;
     }
     return ossl_cipher_generic_set_ctx_params(ctx, params);
 }
diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c
index fa383165d83..7ad3eb0a1f5 100644
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
@@ -128,7 +128,10 @@ int ossl_cipher_var_keylen_set_ctx_params(void *vctx, const OSSL_PARAM params[])
             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
             return 0;
         }
-        ctx->keylen = keylen;
+        if (ctx->keylen != keylen) {
+            ctx->keylen = keylen;
+            ctx->key_set = 0;
+        }
     }
     return 1;
 }
@@ -217,6 +220,7 @@ static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx,
         }
         if (!ctx->hw->init(ctx, key, ctx->keylen))
             return 0;
+        ctx->key_set = 1;
     }
     return ossl_cipher_generic_set_ctx_params(ctx, params);
 }
@@ -249,6 +253,11 @@ int ossl_cipher_generic_block_update(void *vctx, unsigned char *out,
     size_t blksz = ctx->blocksize;
     size_t nextblocks;
 
+    if (!ctx->key_set) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
+        return 0;
+    }
+
     if (ctx->tlsversion > 0) {
         /*
          * Each update call corresponds to a TLS record and is individually
@@ -390,6 +399,11 @@ int ossl_cipher_generic_block_final(void *vctx, unsigned char *out,
     if (!ossl_prov_is_running())
         return 0;
 
+    if (!ctx->key_set) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
+        return 0;
+    }
+
     if (ctx->tlsversion > 0) {
         /* We never finalize TLS, so this is an error */
         ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
@@ -456,6 +470,11 @@ int ossl_cipher_generic_stream_update(void *vctx, unsigned char *out,
 {
     PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
 
+    if (!ctx->key_set) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
+        return 0;
+    }
+
     if (inl == 0) {
         *outl = 0;
         return 1;
@@ -510,9 +529,16 @@ int ossl_cipher_generic_stream_update(void *vctx, unsigned char *out,
 int ossl_cipher_generic_stream_final(void *vctx, unsigned char *out,
                                      size_t *outl, size_t outsize)
 {
+    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
+
     if (!ossl_prov_is_running())
         return 0;
 
+    if (!ctx->key_set) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
+        return 0;
+    }
+
     *outl = 0;
     return 1;
 }
@@ -526,6 +552,11 @@ int ossl_cipher_generic_cipher(void *vctx, unsigned char *out, size_t *outl,
     if (!ossl_prov_is_running())
         return 0;
 
+    if (!ctx->key_set) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
+        return 0;
+    }
+
     if (outsize < inl) {
         ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
         return 0;
diff --git a/providers/implementations/include/prov/ciphercommon.h b/providers/implementations/include/prov/ciphercommon.h
index 2a7a059086f..45002ad594a 100644
--- a/providers/implementations/include/prov/ciphercommon.h
+++ b/providers/implementations/include/prov/ciphercommon.h
@@ -69,6 +69,7 @@ struct prov_cipher_ctx_st {
     unsigned int pad : 1;    /* Whether padding should be used or not */
     unsigned int enc : 1;    /* Set to 1 for encrypt, or 0 otherwise */
     unsigned int iv_set : 1; /* Set when the iv is copied to the iv/oiv buffers */
+    unsigned int key_set : 1; /* Set when key is set on the context */
     unsigned int updated : 1; /* Set to 1 during update for one shot ciphers */
     unsigned int variable_keylength : 1;
     unsigned int inverse_cipher : 1; /* set to 1 to use inverse cipher */