Fix s390x AES OFB/CFB cipher implementation on updating IV (1.1.1)#16292
Closed
ifranzki wants to merge 2 commits intoopenssl:OpenSSL_1_1_1-stablefrom
Closed
Fix s390x AES OFB/CFB cipher implementation on updating IV (1.1.1)#16292ifranzki wants to merge 2 commits intoopenssl:OpenSSL_1_1_1-stablefrom
ifranzki wants to merge 2 commits intoopenssl:OpenSSL_1_1_1-stablefrom
Conversation
Copy the current IV from the cipher context into the kmo/kmf param before the operation, and copy the modified IV back to the context afterwards. Without this, an application that obtains the running IV from the context would still get the original IV, but not the updated one. Signed-off-by: Ingo Franzki <[email protected]>
ifranzki
changed the title
Contributor
Author
|
Please add @p-steuer @juergenchrist as reviewer. |
1 task
Contributor
|
Isn't this fixed with PR #14900? |
Contributor
Author
t8m
added
approval: review pending
t8m
previously approved these changes
Aug 11, 2021
Contributor
Author
|
The tests I added shows What does that mean? Isn't a return code of 1 expected when the test succeeds? |
Member
|
Try running Also try |
Member
|
Oh...sorry. the "-context" variant is only relevant to master. This PR is targeting 1.1.1 |
Contributor
|
"0" is exit-success status. That wstat has 256 (0x80 in hex) means that the test program crashed. |
Ensure that an EVP_CipherUpdate operation updates the context's IV for AES CBC, CFB, OFB, and CTR. An application can get the updated IV via EVP_CIPHER_CTX_iv(). The s390x implementation of the CFB and OFB ciphers did not update the IV in the context, but only within its s390x specific context data. Signed-off-by: Ingo Franzki <[email protected]>
ifranzki
force-pushed
the
aes-ofb-cfb-s390x-fix-1.1.1
branch
from
f4953c6 to
0383863
Compare
Contributor
Author
|
it does not crash on my system (i.e. with make test).... Made a small modification to the test, lets see if this makes a difference. |
t8m
approved these changes
Aug 13, 2021
p-steuer
approved these changes
Aug 13, 2021
p-steuer
added
approval: done
openssl-machine
removed
the
approval: done
Collaborator
|
This pull request is ready to merge |
openssl-machine
added
the
approval: ready to merge
openssl-machine
pushed a commit
that referenced
this pull request
Aug 16, 2021
Copy the current IV from the cipher context into the kmo/kmf param before the operation, and copy the modified IV back to the context afterwards. Without this, an application that obtains the running IV from the context would still get the original IV, but not the updated one. Signed-off-by: Ingo Franzki <[email protected]> Reviewed-by: Patrick Steuer <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #16292)
openssl-machine
pushed a commit
that referenced
this pull request
Aug 16, 2021
Ensure that an EVP_CipherUpdate operation updates the context's IV for AES CBC, CFB, OFB, and CTR. An application can get the updated IV via EVP_CIPHER_CTX_iv(). The s390x implementation of the CFB and OFB ciphers did not update the IV in the context, but only within its s390x specific context data. Signed-off-by: Ingo Franzki <[email protected]> Reviewed-by: Patrick Steuer <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #16292)
Member
|
Merged to 1.1.1 branch. Thank you for your contribution. |
This is a backport of the the same fix as in #16291
The s390x specific implementation in crypto/evp/e_aes.c does not update the cipher context's IV field during an operation for AES OFB and CFB.
An application that uses EVP_CIPHER_CTX_iv() to get the updated IV would thus always get the original IV value on s390x. Other platforms are not affected as far as I can tell.
I have added a testcase in test/evp_extra_test.c to reproduce this error.