[openssl] master update

Thu, 19 Sep 2019 19:46:32 -0700 

The branch master has been updated
       via  2e9645c8b9a81e7617395553088560847ac1b8c8 (commit)
      from  fbad6e79fae1ed12c5d3b5611f490e75066adfad (commit)


- Log -----------------------------------------------------------------
commit 2e9645c8b9a81e7617395553088560847ac1b8c8
Author: Shane Lontis <shane.lon...@oracle.com>
Date:   Thu Sep 19 18:40:07 2019 +1000

    Move gcm decryption tag check higher up in the callstack
    
    Code was updated for s390 that accidently removed the check inside the 
final method.
    Moving the check up before the final method is called is a better way of 
handling this.
    The oneshot method also calls the final method but doesnt need to do this 
check.
    
    Reviewed-by: Richard Levitte <levi...@openssl.org>
    Reviewed-by: Matt Caswell <m...@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/9945)

-----------------------------------------------------------------------

Summary of changes:
 providers/common/ciphers/cipher_gcm.c    | 4 +++-
 providers/common/ciphers/cipher_gcm_hw.c | 3 +--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/providers/common/ciphers/cipher_gcm.c 
b/providers/common/ciphers/cipher_gcm.c
index 9a61eabdfc..b5c79daee7 100644
--- a/providers/common/ciphers/cipher_gcm.c
+++ b/providers/common/ciphers/cipher_gcm.c
@@ -344,7 +344,9 @@ static int gcm_cipher_internal(PROV_GCM_CTX *ctx, unsigned 
char *out,
                 goto err;
         }
     } else {
-        /* Finished when in == NULL */
+        /* The tag must be set before actually decrypting data */
+        if (!ctx->enc && ctx->taglen == UNINITIALISED_SIZET)
+            goto err;
         if (!hw->cipherfinal(ctx, ctx->buf))
             goto err;
         ctx->iv_state = IV_STATE_FINISHED; /* Don't reuse the IV */
diff --git a/providers/common/ciphers/cipher_gcm_hw.c 
b/providers/common/ciphers/cipher_gcm_hw.c
index e2587f2e5e..8b2913c695 100644
--- a/providers/common/ciphers/cipher_gcm_hw.c
+++ b/providers/common/ciphers/cipher_gcm_hw.c
@@ -90,8 +90,7 @@ int gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag)
         CRYPTO_gcm128_tag(&ctx->gcm, tag, GCM_TAG_MAX_SIZE);
         ctx->taglen = GCM_TAG_MAX_SIZE;
     } else {
-        if (ctx->taglen == UNINITIALISED_SIZET
-            || CRYPTO_gcm128_finish(&ctx->gcm, tag, ctx->taglen) != 0)
+        if (CRYPTO_gcm128_finish(&ctx->gcm, tag, ctx->taglen) != 0)
             return 0;
     }
     return 1;

Reply via email to