Replace EVP_MAC_CTX_copy() by EVP_MAC_CTX_dup()

Reviewed-by: Tomas Mraz <[email protected]>
GH: openssl#7651

crypto/err/openssl.txt

@@ -809,7 +809,7 @@ EVP_F_EVP_KDF_CTX_NEW:240:EVP_KDF_CTX_new
 EVP_F_EVP_KDF_CTX_NEW_ID:226:EVP_KDF_CTX_new_id
 EVP_F_EVP_MAC_CTRL:209:EVP_MAC_ctrl
 EVP_F_EVP_MAC_CTRL_STR:210:EVP_MAC_ctrl_str
-EVP_F_EVP_MAC_CTX_COPY:211:EVP_MAC_CTX_copy
+EVP_F_EVP_MAC_CTX_DUP:211:EVP_MAC_CTX_dup
 EVP_F_EVP_MAC_CTX_NEW:213:EVP_MAC_CTX_new
 EVP_F_EVP_MAC_INIT:212:EVP_MAC_init
 EVP_F_EVP_MD_BLOCK_SIZE:232:EVP_MD_block_size
@@ -880,6 +880,7 @@ EVP_F_PKCS5_V2_PBE_KEYIVGEN:118:PKCS5_v2_PBE_keyivgen
 EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN:164:PKCS5_v2_PBKDF2_keyivgen
 EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen
 EVP_F_PKEY_KDF_CTRL:227:pkey_kdf_ctrl
+EVP_F_PKEY_MAC_COPY:241:pkey_mac_copy
 EVP_F_PKEY_MAC_INIT:214:pkey_mac_init
 EVP_F_PKEY_SET_TYPE:158:pkey_set_type
 EVP_F_POLY1305_CTRL:216:poly1305_ctrl

crypto/evp/evp_err.c

@@ -78,7 +78,7 @@ static const ERR_STRING_DATA EVP_str_functs[] = {
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_KDF_CTX_NEW_ID, 0), "EVP_KDF_CTX_new_id"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_CTRL, 0), "EVP_MAC_ctrl"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_CTRL_STR, 0), "EVP_MAC_ctrl_str"},
-    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_CTX_COPY, 0), "EVP_MAC_CTX_copy"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_CTX_DUP, 0), "EVP_MAC_CTX_dup"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_CTX_NEW, 0), "EVP_MAC_CTX_new"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_INIT, 0), "EVP_MAC_init"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_BLOCK_SIZE, 0), "EVP_MD_block_size"},
@@ -179,6 +179,7 @@ static const ERR_STRING_DATA EVP_str_functs[] = {
     {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, 0),
      "PKCS5_v2_scrypt_keyivgen"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_KDF_CTRL, 0), "pkey_kdf_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_MAC_COPY, 0), "pkey_mac_copy"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_MAC_INIT, 0), "pkey_mac_init"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_POLY1305_CTRL, 0), "poly1305_ctrl"},

crypto/evp/mac_lib.c

@@ -48,18 +48,28 @@ void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx)
     OPENSSL_free(ctx);
 }
 
-int EVP_MAC_CTX_copy(EVP_MAC_CTX *dst, const EVP_MAC_CTX *src)
+EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src)
 {
-    EVP_MAC_IMPL *macdata;
+    EVP_MAC_CTX *dst = EVP_MAC_CTX_new(src->meth);
 
-    if (src->data != NULL && !dst->meth->copy(dst->data, src->data))
-        return 0;
+    if (dst == NULL)
+        return NULL;
+
+    dst = OPENSSL_malloc(sizeof(*dst));
+    if (dst == NULL) {
+        EVPerr(EVP_F_EVP_MAC_CTX_DUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
 
-    macdata = dst->data;
     *dst = *src;
-    dst->data = macdata;
 
-    return 1;
+    dst->data = src->meth->dup(src->data);
+    if (dst->data == NULL) {
+        EVP_MAC_CTX_free(dst);
+        return NULL;
+    }
+
+    return dst;
 }
 
 const EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx)

crypto/evp/pkey_mac.c

@@ -10,6 +10,7 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include "internal/evp_int.h"
+#include "evp_locl.h"
 
 /* MAC PKEY context structure */
 
@@ -75,15 +76,25 @@ static int pkey_mac_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
 {
     MAC_PKEY_CTX *sctx, *dctx;
 
-    if (!pkey_mac_init(dst))
+    sctx = EVP_PKEY_CTX_get_data(src);
+    if (sctx->ctx->data == NULL)
         return 0;
 
-    sctx = EVP_PKEY_CTX_get_data(src);
-    dctx = EVP_PKEY_CTX_get_data(dst);
+    dctx = OPENSSL_zalloc(sizeof(*dctx));
+    if (dctx == NULL) {
+        EVPerr(EVP_F_PKEY_MAC_COPY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
 
-    if (!EVP_MAC_CTX_copy(dctx->ctx, sctx->ctx))
+    EVP_PKEY_CTX_set_data(dst, dctx);
+    dst->keygen_info_count = 0;
+
+    dctx->ctx = EVP_MAC_CTX_dup(sctx->ctx);
+    if (dctx->ctx == NULL)
         goto err;
 
+    dctx->type = sctx->type;
+
     switch (dctx->type) {
     case MAC_TYPE_RAW:
         dctx->raw_data.md = sctx->raw_data.md;
@@ -100,7 +111,7 @@ static int pkey_mac_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
     }
     return 1;
  err:
-    pkey_mac_cleanup (dst);
+    pkey_mac_cleanup(dst);
     return 0;
 }
 
@@ -141,14 +152,10 @@ static int pkey_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
         break;
     case MAC_TYPE_MAC:
         {
-            EVP_MAC_CTX *cmkey = EVP_MAC_CTX_new_id(nid);
+            EVP_MAC_CTX *cmkey = EVP_MAC_CTX_dup(hctx->ctx);
 
             if (cmkey == NULL)
                 return 0;
-            if (!EVP_MAC_CTX_copy(cmkey, hctx->ctx)) {
-                EVP_MAC_CTX_free(cmkey);
-                return 0;
-            }
             EVP_PKEY_assign(pkey, nid, cmkey);
         }
         break;
@@ -249,13 +256,18 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         case MAC_TYPE_RAW:
             hctx->raw_data.md = p2;
             break;
-        case MAC_TYPE_MAC:
-            if (ctx->pkey != NULL
-                && !EVP_MAC_CTX_copy(hctx->ctx,
-                                     (EVP_MAC_CTX *)ctx->pkey->pkey.ptr))
-                return 0;
-            if (!EVP_MAC_init(hctx->ctx))
-                return 0;
+        case MAC_TYPE_MAC: {
+                EVP_MAC_CTX *new_mac_ctx;
+
+                if (ctx->pkey == NULL)
+                    return 0;
+                new_mac_ctx = EVP_MAC_CTX_dup((EVP_MAC_CTX *)ctx->pkey
+                                              ->pkey.ptr);
+                if (new_mac_ctx == NULL)
+                    return 0;
+                EVP_MAC_CTX_free(hctx->ctx);
+                hctx->ctx = new_mac_ctx;
+            }
             break;
         default:
             /* This should be dead code */

crypto/kdf/sskdf.c

@@ -202,9 +202,8 @@ static int SSKDF_mac_kdm(const EVP_MAC *kdf_mac, const EVP_MD *hmac_md,
             || derived_key_len == 0)
         return 0;
 
-    ctx = EVP_MAC_CTX_new(kdf_mac);
     ctx_init = EVP_MAC_CTX_new(kdf_mac);
-    if (ctx == NULL || ctx_init == NULL)
+    if (ctx_init == NULL)
         goto end;
     if (hmac_md != NULL &&
             EVP_MAC_ctrl(ctx_init, EVP_MAC_CTRL_SET_MD, hmac_md) <= 0)
@@ -233,7 +232,8 @@ static int SSKDF_mac_kdm(const EVP_MAC *kdf_mac, const EVP_MD *hmac_md,
         c[2] = (unsigned char)((counter >> 8) & 0xff);
         c[3] = (unsigned char)(counter & 0xff);
 
-        if (!(EVP_MAC_CTX_copy(ctx, ctx_init)
+        ctx = EVP_MAC_CTX_dup(ctx_init);
+        if (!(ctx != NULL
                 && EVP_MAC_update(ctx, c, sizeof(c))
                 && EVP_MAC_update(ctx, z, z_len)
                 && EVP_MAC_update(ctx, info, info_len)))
@@ -251,6 +251,8 @@ static int SSKDF_mac_kdm(const EVP_MAC *kdf_mac, const EVP_MD *hmac_md,
             memcpy(out, mac, len);
             break;
         }
+        EVP_MAC_CTX_free(ctx);
+        ctx = NULL;
     }
     ret = 1;
 end:

crypto/kdf/tls1_prf.c

@@ -237,10 +237,8 @@ static int tls1_prf_P_hash(const EVP_MD *md,
     size_t Ai_len;
     int ret = 0;
 
-    ctx = EVP_MAC_CTX_new_id(EVP_MAC_HMAC);
-    ctx_Ai = EVP_MAC_CTX_new_id(EVP_MAC_HMAC);
     ctx_init = EVP_MAC_CTX_new_id(EVP_MAC_HMAC);
-    if (ctx == NULL || ctx_Ai == NULL || ctx_init == NULL)
+    if (ctx_init == NULL)
         goto err;
     if (EVP_MAC_ctrl(ctx_init, EVP_MAC_CTRL_SET_FLAGS, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) != 1)
         goto err;
@@ -254,7 +252,8 @@ static int tls1_prf_P_hash(const EVP_MD *md,
     if (chunk == 0)
         goto err;
     /* A(0) = seed */
-    if (!EVP_MAC_CTX_copy(ctx_Ai, ctx_init))
+    ctx_Ai = EVP_MAC_CTX_dup(ctx_init);
+    if (ctx_Ai == NULL)
         goto err;
     if (seed != NULL && !EVP_MAC_update(ctx_Ai, seed, seed_len))
         goto err;
@@ -263,15 +262,21 @@ static int tls1_prf_P_hash(const EVP_MD *md,
         /* calc: A(i) = HMAC_<hash>(secret, A(i-1)) */
         if (!EVP_MAC_final(ctx_Ai, Ai, &Ai_len))
             goto err;
+        EVP_MAC_CTX_free(ctx_Ai);
+        ctx_Ai = NULL;
 
         /* calc next chunk: HMAC_<hash>(secret, A(i) + seed) */
-        if (!EVP_MAC_CTX_copy(ctx, ctx_init))
+        ctx = EVP_MAC_CTX_dup(ctx_init);
+        if (ctx == NULL)
             goto err;
         if (!EVP_MAC_update(ctx, Ai, Ai_len))
             goto err;
         /* save state for calculating next A(i) value */
-        if (olen > chunk && !EVP_MAC_CTX_copy(ctx_Ai, ctx))
-            goto err;
+        if (olen > chunk) {
+            ctx_Ai = EVP_MAC_CTX_dup(ctx);
+            if (ctx_Ai == NULL)
+                goto err;
+        }
         if (seed != NULL && !EVP_MAC_update(ctx, seed, seed_len))
             goto err;
         if (olen <= chunk) {
@@ -283,6 +288,8 @@ static int tls1_prf_P_hash(const EVP_MD *md,
         }
         if (!EVP_MAC_final(ctx, out, NULL))
             goto err;
+        EVP_MAC_CTX_free(ctx);
+        ctx = NULL;
         out += chunk;
         olen -= chunk;
     }

crypto/modes/modes_lcl.h

@@ -213,7 +213,6 @@ struct siv128_context {
     SIV_BLOCK tag;
     EVP_CIPHER_CTX *cipher_ctx;
     EVP_MAC_CTX *mac_ctx_init;
-    EVP_MAC_CTX *mac_ctx;
     int final_ret;
     int crypto_ok;
 };

crypto/modes/siv128.c

@@ -92,30 +92,38 @@ __owur static ossl_inline int siv128_do_s2v_p(SIV128_CONTEXT *ctx, SIV_BLOCK *ou
 {
     SIV_BLOCK t;
     size_t out_len = sizeof(out->byte);
+    EVP_MAC_CTX *mac_ctx;
+    int ret = 0;
 
-    if (!EVP_MAC_CTX_copy(ctx->mac_ctx, ctx->mac_ctx_init))
+    mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init);
+    if (mac_ctx == NULL)
         return 0;
 
     if (len >= SIV_LEN) {
-        if (!EVP_MAC_update(ctx->mac_ctx, in, len - SIV_LEN))
-            return 0;
+        if (!EVP_MAC_update(mac_ctx, in, len - SIV_LEN))
+            goto err;
         memcpy(&t, in + (len-SIV_LEN), SIV_LEN);
         siv128_xorblock(&t, &ctx->d);
-        if (!EVP_MAC_update(ctx->mac_ctx, t.byte, SIV_LEN))
-            return 0;
+        if (!EVP_MAC_update(mac_ctx, t.byte, SIV_LEN))
+            goto err;
     } else {
         memset(&t, 0, sizeof(t));
         memcpy(&t, in, len);
         t.byte[len] = 0x80;
         siv128_dbl(&ctx->d);
         siv128_xorblock(&t, &ctx->d);
-        if (!EVP_MAC_update(ctx->mac_ctx, t.byte, SIV_LEN))
-            return 0;
+        if (!EVP_MAC_update(mac_ctx, t.byte, SIV_LEN))
+            goto err;
     }
-    if (!EVP_MAC_final(ctx->mac_ctx, out->byte, &out_len)
+    if (!EVP_MAC_final(mac_ctx, out->byte, &out_len)
         || out_len != SIV_LEN)
-        return 0;
-    return 1;
+        goto err;
+
+    ret = 1;
+
+err:
+    EVP_MAC_CTX_free(mac_ctx);
+    return ret;
 }
 
 
@@ -156,27 +164,27 @@ int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen,
 {
     static const unsigned char zero[SIV_LEN] = { 0 };
     size_t out_len = SIV_LEN;
+    EVP_MAC_CTX *mac_ctx = NULL;
 
     memset(&ctx->d, 0, sizeof(ctx->d));
     ctx->cipher_ctx = NULL;
-    ctx->mac_ctx = NULL;
     ctx->mac_ctx_init = NULL;
 
     if (key == NULL || cbc == NULL || ctr == NULL
             || (ctx->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL
             || (ctx->mac_ctx_init = EVP_MAC_CTX_new_id(EVP_MAC_CMAC)) == NULL
-            || (ctx->mac_ctx = EVP_MAC_CTX_new_id(EVP_MAC_CMAC)) == NULL
             || EVP_MAC_ctrl(ctx->mac_ctx_init, EVP_MAC_CTRL_SET_CIPHER, cbc) <= 0
             || EVP_MAC_ctrl(ctx->mac_ctx_init, EVP_MAC_CTRL_SET_KEY, key, klen) <= 0
             || !EVP_EncryptInit_ex(ctx->cipher_ctx, ctr, NULL, key + klen, NULL)
-            || !EVP_MAC_CTX_copy(ctx->mac_ctx, ctx->mac_ctx_init)
-            || !EVP_MAC_update(ctx->mac_ctx, zero, sizeof(zero))
-            || !EVP_MAC_final(ctx->mac_ctx, ctx->d.byte, &out_len)) {
+            || (mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init)) == NULL
+            || !EVP_MAC_update(mac_ctx, zero, sizeof(zero))
+            || !EVP_MAC_final(mac_ctx, ctx->d.byte, &out_len)) {
         EVP_CIPHER_CTX_free(ctx->cipher_ctx);
         EVP_MAC_CTX_free(ctx->mac_ctx_init);
-        EVP_MAC_CTX_free(ctx->mac_ctx);
+        EVP_MAC_CTX_free(mac_ctx);
         return 0;
     }
+    EVP_MAC_CTX_free(mac_ctx);
 
     ctx->final_ret = -1;
     ctx->crypto_ok = 1;
@@ -192,9 +200,10 @@ int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src)
     memcpy(&dest->d, &src->d, sizeof(src->d));
     if (!EVP_CIPHER_CTX_copy(dest->cipher_ctx, src->cipher_ctx))
         return 0;
-    if (!EVP_MAC_CTX_copy(dest->mac_ctx_init, src->mac_ctx_init))
+    EVP_MAC_CTX_free(dest->mac_ctx_init);
+    dest->mac_ctx_init = EVP_MAC_CTX_dup(src->mac_ctx_init);
+    if (dest->mac_ctx_init == NULL)
         return 0;
-    /* no need to copy mac_ctx since it's temp storage */
     return 1;
 }
 
@@ -208,19 +217,23 @@ int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad,
 {
     SIV_BLOCK mac_out;
     size_t out_len = SIV_LEN;
+    EVP_MAC_CTX *mac_ctx;
 
     siv128_dbl(&ctx->d);
 
-    if (!EVP_MAC_CTX_copy(ctx->mac_ctx, ctx->mac_ctx_init)
-        || !EVP_MAC_update(ctx->mac_ctx, aad, len)
-        || !EVP_MAC_final(ctx->mac_ctx, mac_out.byte, &out_len)
-        || out_len != SIV_LEN)
+    mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init);
+    if (mac_ctx == NULL
+        || !EVP_MAC_update(mac_ctx, aad, len)
+        || !EVP_MAC_final(mac_ctx, mac_out.byte, &out_len)
+        || out_len != SIV_LEN) {
+        EVP_MAC_CTX_free(mac_ctx);
         return 0;
+    }
+    EVP_MAC_CTX_free(mac_ctx);
 
     siv128_xorblock(&ctx->d, &mac_out);
 
     return 1;
-
 }
 
 /*
@@ -330,8 +343,6 @@ int CRYPTO_siv128_cleanup(SIV128_CONTEXT *ctx)
         ctx->cipher_ctx = NULL;
         EVP_MAC_CTX_free(ctx->mac_ctx_init);
         ctx->mac_ctx_init = NULL;
-        EVP_MAC_CTX_free(ctx->mac_ctx);
-        ctx->mac_ctx = NULL;
         OPENSSL_cleanse(&ctx->d, sizeof(ctx->d));
         OPENSSL_cleanse(&ctx->tag, sizeof(ctx->tag));
         ctx->final_ret = -1;