New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid undefined behavior of provided macs on EVP_MAC reinitialization #18100
Conversation
When the context is reinitialized, i.e. the same key should be used we must properly reinitialize the underlying implementation. However in POLY1305 case it does not make sense as this special MAC should not reuse keys. We fail with this provided implementation when reinitialization happens. Fixes openssl#17811
Aargh, we apparently depend on EVP_MAC_init() not failing even for the POLY1305 mac. |
Yeah, here: Lines 183 to 186 in 801c638
The key is passed as a param not via this call. I prefer the way you are heading but it means an API break :( |
I think it can be avoided - done in the fixup. |
CI is green |
This pull request is ready to merge |
Merged to master and 3.0 branches. Thank you for the reviews. |
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #18100)
When the context is reinitialized, i.e. the same key should be used we must properly reinitialize the underlying implementation. However in POLY1305 case it does not make sense as this special MAC should not reuse keys. We fail with this provided implementation when reinitialization happens. Fixes #17811 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #18100)
When the context is reinitialized, i.e. the same key should be used we must properly reinitialize the underlying implementation. However in POLY1305 case it does not make sense as this special MAC should not reuse keys. We fail with this provided implementation when reinitialization happens. Fixes #17811 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #18100) (cherry picked from commit c9ddc5a)
When the context is reinitialized, i.e. the same key should be used
we must properly reinitialize the underlying implementation.
However in POLY1305 case it does not make sense as this special MAC
should not reuse keys. We fail with this provided implementation
when reinitialization happens.
Fixes #17811
Checklist