int evp_cipher_cache_constants(EVP_CIPHER *cipher)
{
- int ok;
+ int ok, aead = 0, custom_iv = 0, cts = 0, multiblock = 0;
size_t ivlen = 0;
size_t blksz = 0;
size_t keylen = 0;
unsigned int mode = 0;
- unsigned long flags = 0;
- OSSL_PARAM params[6];
+ OSSL_PARAM params[9];
params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, &blksz);
params[1] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &ivlen);
params[2] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &keylen);
params[3] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_MODE, &mode);
- params[4] = OSSL_PARAM_construct_ulong(OSSL_CIPHER_PARAM_FLAGS, &flags);
- params[5] = OSSL_PARAM_construct_end();
+ params[4] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_AEAD, &aead);
+ params[5] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_CUSTOM_IV,
+ &custom_iv);
+ params[6] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_CTS, &cts);
+ params[7] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK,
+ &multiblock);
+ params[8] = OSSL_PARAM_construct_end();
ok = evp_do_ciph_getparams(cipher, params);
if (ok) {
- /* Provided implementations may have a custom cipher_cipher */
- if (cipher->prov != NULL && cipher->ccipher != NULL)
- flags |= EVP_CIPH_FLAG_CUSTOM_CIPHER;
cipher->block_size = blksz;
cipher->iv_len = ivlen;
cipher->key_len = keylen;
- cipher->flags = flags | mode;
+ cipher->flags = mode;
+ if (aead)
+ cipher->flags |= EVP_CIPH_FLAG_AEAD_CIPHER;
+ if (custom_iv)
+ cipher->flags |= EVP_CIPH_CUSTOM_IV;
+ if (cts)
+ cipher->flags |= EVP_CIPH_FLAG_CTS;
+ if (multiblock)
+ cipher->flags |= EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK;
+ /* Provided implementations may have a custom cipher_cipher */
+ if (cipher->prov != NULL && cipher->ccipher != NULL)
+ cipher->flags |= EVP_CIPH_FLAG_CUSTOM_CIPHER;
}
return ok;
}
return md->prov;
}
-int EVP_MD_block_size(const EVP_MD *md)
-{
- return md->block_size;
-}
-
int EVP_MD_type(const EVP_MD *md)
{
return md->type;
return md->pkey_type;
}
+int EVP_MD_block_size(const EVP_MD *md)
+{
+ if (md == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_MESSAGE_DIGEST_IS_NULL);
+ return -1;
+ }
+ return md->block_size;
+}
+
int EVP_MD_size(const EVP_MD *md)
{
if (md == NULL) {
return md->flags;
}
+int evp_md_cache_constants(EVP_MD *md)
+{
+ int ok, xof = 0, algid_absent = 0;
+ size_t sz = 0, blksz = 0;
+ OSSL_PARAM params[5];
+
+ params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_BLOCK_SIZE, &blksz);
+ params[1] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &sz);
+ params[2] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_XOF, &xof);
+ params[3] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_ALGID_ABSENT,
+ &algid_absent);
+ params[4] = OSSL_PARAM_construct_end();
+ ok = evp_do_md_getparams(md, params);
+ if (ok) {
+ md->block_size = blksz;
+ md->md_size = sz;
+ if (xof)
+ md->flags |= EVP_MD_FLAG_XOF;
+ if (algid_absent)
+ md->flags |= EVP_MD_FLAG_DIGALGID_ABSENT;
+ }
+ return ok;
+}
+
EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)
{
EVP_MD *md = evp_md_new();
stream cipher), even though AES has a block size of 16.
The length of the "blocksize" parameter should not exceed that of a B<size_t>.
-=item "flags" (B<OSSL_CIPHER_PARAM_FLAGS>) <unsigned integer>
+=item "aead" (B<OSSL_CIPHER_PARAM_AEAD>) <integer>
-Gets any flags for the associated cipher algorithm.
-See L<EVP_CIPHER_meth_set_flags(3)> for a list of currently defined cipher
-flags.
-The length of the "flags" parameter should equal that of an
-B<unsigned long int>.
+Gets 1 if this is an AEAD cipher algorithm, otherwise it gets 0.
+
+=item "custom-iv" (B<OSSL_CIPHER_PARAM_CUSTOM_IV>) <integer>
+
+Gets 1 if the cipher algorithm has a custom IV, otherwise it gets 0.
+Storing and initializing the IV is left entirely to the implementation, if a
+custom IV is used.
+
+=item "cts" (B<OSSL_CIPHER_PARAM_CTS>) <integer>
+
+Gets 1 if the cipher algorithm uses ciphertext stealing, otherwise it gets 0.
+This is currently used to indicate that the cipher is a one shot that only
+allows a single call to EVP_CipherUpdate().
+
+=item "tls-multi" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK>) <integer>
+
+Gets 1 if the cipher algorithm supports interleaving of crypto blocks, otherwise
+it gets 0. The interleaving is an optimization only applicable to certain
+TLS ciphers.
=item "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>) <unsigned integer>
=item "taglen" (B<OSSL_CIPHER_PARAM_AEAD_TAGLEN>) <unsigned integer>
Gets the tag length to be used for an AEAD cipher for the associated cipher ctx.
-It returns a default value if it has not been set.
+It gets a default value if it has not been set.
The length of the "taglen" parameter should not exceed that of a B<size_t>.
=item "tlsaad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD>) <octet string>
#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size" /* size_t */
#define OSSL_CIPHER_PARAM_MODE "mode" /* uint */
#define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" /* size_t */
-#define OSSL_CIPHER_PARAM_FLAGS "flags" /* ulong */
+#define OSSL_CIPHER_PARAM_AEAD "aead" /* int, 0 or 1 */
+#define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv" /* int, 0 or 1 */
+#define OSSL_CIPHER_PARAM_CTS "cts" /* int, 0 or 1 */
+#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi" /* int, 0 or 1 */
#define OSSL_CIPHER_PARAM_KEYLEN "keylen" /* size_t */
#define OSSL_CIPHER_PARAM_IVLEN "ivlen" /* size_t */
#define OSSL_CIPHER_PARAM_IV "iv" /* octet_string OR octet_ptr */
#define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
/* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN "xoflen" /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms" /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE "pad_type" /* uint */
-#define OSSL_DIGEST_PARAM_MICALG "micalg" /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize" /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE "size" /* size_t */
-#define OSSL_DIGEST_PARAM_FLAGS "flags" /* ulong */
+#define OSSL_DIGEST_PARAM_XOFLEN "xoflen" /* size_t */
+#define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms" /* octet string */
+#define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type" /* uint */
+#define OSSL_DIGEST_PARAM_MICALG "micalg" /* utf8 string */
+#define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize" /* size_t */
+#define OSSL_DIGEST_PARAM_SIZE "size" /* size_t */
+#define OSSL_DIGEST_PARAM_XOF "xof" /* int, 0 or 1 */
+#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent" /* int, 0 or 1 */
/* Known DIGEST names (not a complete list) */
#define OSSL_DIGEST_NAME_MD5 "MD5"
#else
# include "prov/providercommonerr.h"
-/* TODO(3.0) Figure out what flags are required */
-# define AES_CBC_HMAC_SHA_FLAGS (EVP_CIPH_CBC_MODE \
- | EVP_CIPH_FLAG_DEFAULT_ASN1 \
- | EVP_CIPH_FLAG_AEAD_CIPHER \
- | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)
+# define AES_CBC_HMAC_SHA_FLAGS (PROV_CIPHER_FLAG_AEAD \
+ | PROV_CIPHER_FLAG_TLS1_MULTIBLOCK)
static OSSL_FUNC_cipher_freectx_fn aes_cbc_hmac_sha1_freectx;
static OSSL_FUNC_cipher_freectx_fn aes_cbc_hmac_sha256_freectx;
#include "cipher_aes_cts.h"
#include "prov/providercommonerr.h"
+#define AES_CTS_FLAGS PROV_CIPHER_FLAG_CTS
+
static OSSL_FUNC_cipher_get_ctx_params_fn aes_cbc_cts_get_ctx_params;
static OSSL_FUNC_cipher_set_ctx_params_fn aes_cbc_cts_set_ctx_params;
static OSSL_FUNC_cipher_gettable_ctx_params_fn aes_cbc_cts_gettable_ctx_params;
};
/* ossl_aes256cbc_cts_functions */
-IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, EVP_CIPH_FLAG_CTS, 256, 128, 128, block)
+IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 256, 128, 128, block)
/* ossl_aes192cbc_cts_functions */
-IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, EVP_CIPH_FLAG_CTS, 192, 128, 128, block)
+IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 192, 128, 128, block)
/* ossl_aes128cbc_cts_functions */
-IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, EVP_CIPH_FLAG_CTS, 128, 128, 128, block)
+IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 128, 128, 128, block)
if (ctx != NULL) {
ctx->taglen = SIV_LEN;
ctx->mode = mode;
- ctx->flags = flags;
ctx->keylen = keybits / 8;
ctx->hw = ossl_prov_cipher_hw_aes_siv(keybits);
ctx->libctx = PROV_LIBCTX_OF(provctx);
static int alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[]) \
{ \
return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \
- flags, 2*kbits, blkbits, ivbits); \
+ flags, 2*kbits, blkbits, ivbits); \
} \
static void * alg##kbits##lc##_newctx(void *provctx) \
{ \
typedef struct prov_siv_ctx_st {
unsigned int mode; /* The mode that we are using */
unsigned int enc : 1; /* Set to 1 if we are encrypting or 0 otherwise */
- uint64_t flags;
size_t keylen; /* The input keylength (twice the alg key length) */
size_t taglen; /* the taglen is the same as the sivlen */
SIV128_CONTEXT siv;
#define AES_WRAP_PAD_IVLEN 4
#define AES_WRAP_NOPAD_IVLEN 8
-/* TODO(3.0) Figure out what flags need to be passed */
-#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV \
- | EVP_CIPH_ALWAYS_CALL_INIT)
-#define WRAP_FLAGS_INV (WRAP_FLAGS | EVP_CIPH_FLAG_INVERSE_CIPHER)
+#define WRAP_FLAGS (PROV_CIPHER_FLAG_CUSTOM_IV)
+#define WRAP_FLAGS_INV (WRAP_FLAGS | PROV_CIPHER_FLAG_INVERSE_CIPHER)
typedef size_t (*aeswrap_fn)(void *key, const unsigned char *iv,
unsigned char *out, const unsigned char *in,
* to be the AES decryption function, then CIPH-1K will be the AES
* encryption function.
*/
- if ((ctx->flags & EVP_CIPH_FLAG_INVERSE_CIPHER) == 0)
+ if (ctx->inverse_cipher == 0)
use_forward_transform = ctx->enc;
else
use_forward_transform = !ctx->enc;
#include "prov/providercommon.h"
#include "prov/providercommonerr.h"
-/* TODO (3.0) Figure out what flags need to be set */
-#define AES_XTS_FLAGS (EVP_CIPH_CUSTOM_IV \
- | EVP_CIPH_ALWAYS_CALL_INIT \
- | EVP_CIPH_CTRL_INIT \
- | EVP_CIPH_CUSTOM_COPY)
-
+#define AES_XTS_FLAGS PROV_CIPHER_FLAG_CUSTOM_IV
#define AES_XTS_IV_BITS 128
#define AES_XTS_BLOCK_BITS 8
PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
const OSSL_PARAM *p;
- /*
- * TODO(3.0) We need a general solution for handling missing parameters
- * inside set_params and get_params methods.
- */
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
if (p != NULL) {
size_t keylen;
#include "prov/implementations.h"
#include "prov/providercommon.h"
-#define BF_FLAGS (EVP_CIPH_VARIABLE_LENGTH)
+#define BF_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH
static OSSL_FUNC_cipher_freectx_fn blowfish_freectx;
static OSSL_FUNC_cipher_dupctx_fn blowfish_dupctx;
#include "prov/providercommon.h"
#include "prov/providercommonerr.h"
-#define CAST5_FLAGS (EVP_CIPH_VARIABLE_LENGTH)
+#define CAST5_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH
static OSSL_FUNC_cipher_freectx_fn cast5_freectx;
static OSSL_FUNC_cipher_dupctx_fn cast5_dupctx;
#define CHACHA20_KEYLEN (CHACHA_KEY_SIZE)
#define CHACHA20_BLKLEN (1)
#define CHACHA20_IVLEN (CHACHA_CTR_SIZE)
-/* TODO(3.0) Figure out what flags are required */
-#define CHACHA20_FLAGS (EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT)
+#define CHACHA20_FLAGS (PROV_CIPHER_FLAG_CUSTOM_IV)
static OSSL_FUNC_cipher_newctx_fn chacha20_newctx;
static OSSL_FUNC_cipher_freectx_fn chacha20_freectx;
#define CHACHA20_POLY1305_BLKLEN 1
#define CHACHA20_POLY1305_MAX_IVLEN 12
#define CHACHA20_POLY1305_MODE 0
-/* TODO(3.0) Figure out what flags are required */
-#define CHACHA20_POLY1305_FLAGS (EVP_CIPH_FLAG_AEAD_CIPHER \
- | EVP_CIPH_ALWAYS_CALL_INIT \
- | EVP_CIPH_CTRL_INIT \
- | EVP_CIPH_CUSTOM_COPY \
- | EVP_CIPH_FLAG_CUSTOM_CIPHER \
- | EVP_CIPH_CUSTOM_IV \
- | EVP_CIPH_CUSTOM_IV_LENGTH)
+#define CHACHA20_POLY1305_FLAGS (PROV_CIPHER_FLAG_AEAD \
+ | PROV_CIPHER_FLAG_CUSTOM_IV)
static OSSL_FUNC_cipher_newctx_fn chacha20_poly1305_newctx;
static OSSL_FUNC_cipher_freectx_fn chacha20_poly1305_freectx;
#include "prov/providercommon.h"
#include "prov/providercommonerr.h"
-/* TODO(3.0) Figure out what flags need to be here */
-#define DES_FLAGS (EVP_CIPH_RAND_KEY)
+#define DES_FLAGS 0
static OSSL_FUNC_cipher_freectx_fn des_freectx;
static OSSL_FUNC_cipher_encrypt_init_fn des_einit;
#include <openssl/des.h>
#include "crypto/des_platform.h"
-/* TODO(3.0) Figure out what flags need to be here */
-#define TDES_FLAGS (EVP_CIPH_RAND_KEY)
+#define TDES_FLAGS 0
typedef struct prov_des_ctx_st {
PROV_CIPHER_CTX base; /* Must be first */
#define RC2_40_MAGIC 0xa0
#define RC2_64_MAGIC 0x78
#define RC2_128_MAGIC 0x3a
+#define RC2_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH
static OSSL_FUNC_cipher_freectx_fn rc2_freectx;
static OSSL_FUNC_cipher_dupctx_fn rc2_dupctx;
};
/* ossl_rc2128ecb_functions */
-IMPLEMENT_cipher(rc2, RC2, ecb, ECB, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 0, block)
+IMPLEMENT_cipher(rc2, RC2, ecb, ECB, RC2_FLAGS, 128, 64, 0, block)
/* ossl_rc2128cbc_functions */
-IMPLEMENT_cipher(rc2, RC2, cbc, CBC, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 64, block)
+IMPLEMENT_cipher(rc2, RC2, cbc, CBC, RC2_FLAGS, 128, 64, 64, block)
/* ossl_rc240cbc_functions */
-IMPLEMENT_cipher(rc2, RC2, cbc, CBC, EVP_CIPH_VARIABLE_LENGTH, 40, 64, 64, block)
+IMPLEMENT_cipher(rc2, RC2, cbc, CBC, RC2_FLAGS, 40, 64, 64, block)
/* ossl_rc264cbc_functions */
-IMPLEMENT_cipher(rc2, RC2, cbc, CBC, EVP_CIPH_VARIABLE_LENGTH, 64, 64, 64, block)
+IMPLEMENT_cipher(rc2, RC2, cbc, CBC, RC2_FLAGS, 64, 64, 64, block)
/* ossl_rc2128ofb128_functions */
-IMPLEMENT_cipher(rc2, RC2, ofb128, OFB, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 64, stream)
+IMPLEMENT_cipher(rc2, RC2, ofb128, OFB, RC2_FLAGS, 128, 8, 64, stream)
/* ossl_rc2128cfb128_functions */
-IMPLEMENT_cipher(rc2, RC2, cfb128, CFB, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 64, stream)
+IMPLEMENT_cipher(rc2, RC2, cfb128, CFB, RC2_FLAGS, 128, 8, 64, stream)
#include "prov/implementations.h"
#include "prov/providercommon.h"
-/* TODO (3.0) Figure out what flags are required */
-#define RC4_FLAGS EVP_CIPH_FLAG_DEFAULT_ASN1
+#define RC4_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH
static OSSL_FUNC_cipher_freectx_fn rc4_freectx;
static OSSL_FUNC_cipher_dupctx_fn rc4_dupctx;
};
/* ossl_rc440_functions */
-IMPLEMENT_cipher(rc4, RC4, EVP_CIPH_VARIABLE_LENGTH, 40, 8, 0, stream)
+IMPLEMENT_cipher(rc4, RC4, RC4_FLAGS, 40, 8, 0, stream)
/* ossl_rc4128_functions */
-IMPLEMENT_cipher(rc4, RC4, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 0, stream)
+IMPLEMENT_cipher(rc4, RC4, RC4_FLAGS, 128, 8, 0, stream)
#include "prov/providercommon.h"
#include "prov/providercommonerr.h"
-/* TODO(3.0) Figure out what flags are required */
-#define RC4_HMAC_MD5_FLAGS (EVP_CIPH_STREAM_CIPHER | EVP_CIPH_VARIABLE_LENGTH \
- | EVP_CIPH_FLAG_AEAD_CIPHER)
+#define RC4_HMAC_MD5_FLAGS (PROV_CIPHER_FLAG_VARIABLE_LENGTH \
+ | PROV_CIPHER_FLAG_AEAD)
#define RC4_HMAC_MD5_KEY_BITS (16 * 8)
#define RC4_HMAC_MD5_BLOCK_BITS (1 * 8)
static int rc4_hmac_md5_get_params(OSSL_PARAM params[])
{
return ossl_cipher_generic_get_params(params, RC4_HMAC_MD5_MODE,
- RC4_HMAC_MD5_FLAGS,
- RC4_HMAC_MD5_KEY_BITS,
- RC4_HMAC_MD5_BLOCK_BITS,
- RC4_HMAC_MD5_IV_BITS);
+ RC4_HMAC_MD5_FLAGS,
+ RC4_HMAC_MD5_KEY_BITS,
+ RC4_HMAC_MD5_BLOCK_BITS,
+ RC4_HMAC_MD5_IV_BITS);
}
const OSSL_DISPATCH ossl_rc4_hmac_ossl_md5_functions[] = {
#include "prov/providercommon.h"
#include "prov/providercommonerr.h"
+#define RC5_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH
+
static OSSL_FUNC_cipher_freectx_fn rc5_freectx;
static OSSL_FUNC_cipher_dupctx_fn rc5_dupctx;
OSSL_FUNC_cipher_gettable_ctx_params_fn rc5_gettable_ctx_params;
};
/* ossl_rc5128ecb_functions */
-IMPLEMENT_cipher(rc5, RC5, ecb, ECB, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 0, block)
+IMPLEMENT_cipher(rc5, RC5, ecb, ECB, RC5_FLAGS, 128, 64, 0, block)
/* ossl_rc5128cbc_functions */
-IMPLEMENT_cipher(rc5, RC5, cbc, CBC, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 64, block)
+IMPLEMENT_cipher(rc5, RC5, cbc, CBC, RC5_FLAGS, 128, 64, 64, block)
/* ossl_rc5128ofb64_functions */
-IMPLEMENT_cipher(rc5, RC5, ofb64, OFB, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 64, stream)
+IMPLEMENT_cipher(rc5, RC5, ofb64, OFB, RC5_FLAGS, 128, 8, 64, stream)
/* ossl_rc5128cfb64_functions */
-IMPLEMENT_cipher(rc5, RC5, cfb64, CFB, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 64, stream)
+IMPLEMENT_cipher(rc5, RC5, cfb64, CFB, RC5_FLAGS, 128, 8, 64, stream)
#include "prov/providercommonerr.h"
/*
- * TODO(3.0) - ECB mode does not use an IV - but existing test code is setting
+ * NOTE: ECB mode does not use an IV - but existing test code is setting
* an IV. Fixing this could potentially make applications break.
*/
/* ossl_tdes_ede3_ecb_functions */
#define DES_BLOCK_SIZE 8
#define TDES_IVLEN 8
-
-/* TODO(3.0) Figure out what flags need to be here */
-#define TDES_FLAGS (EVP_CIPH_RAND_KEY)
+#define TDES_FLAGS 0
typedef struct prov_tdes_ctx_st {
PROV_CIPHER_CTX base; /* Must be first */
size_t n;
unsigned char c[1], d[1];
- if ((ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) == 0)
+ if (ctx->use_bits == 0)
inl *= 8;
for (n = 0; n < inl; ++n) {
c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
#include "prov/providercommon.h"
#include "prov/providercommonerr.h"
-/* TODO (3.0) Figure out what flags are required */
-#define TDES_WRAP_FLAGS (EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV)
-
+#define TDES_WRAP_FLAGS PROV_CIPHER_FLAG_CUSTOM_IV
static OSSL_FUNC_cipher_update_fn tdes_wrap_update;
static OSSL_FUNC_cipher_cipher_fn tdes_wrap_cipher;
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL),
- OSSL_PARAM_ulong(OSSL_CIPHER_PARAM_FLAGS, NULL),
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_AEAD, NULL),
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_CUSTOM_IV, NULL),
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_CTS, NULL),
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK, NULL),
{ OSSL_CIPHER_PARAM_TLS_MAC, OSSL_PARAM_OCTET_PTR, NULL, 0, OSSL_PARAM_UNMODIFIED },
OSSL_PARAM_END
};
}
int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md,
- unsigned long flags,
+ uint64_t flags,
size_t kbits, size_t blkbits, size_t ivbits)
{
OSSL_PARAM *p;
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
- p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_FLAGS);
- if (p != NULL && !OSSL_PARAM_set_ulong(p, flags)) {
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD);
+ if (p != NULL
+ && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_AEAD) != 0)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CUSTOM_IV);
+ if (p != NULL
+ && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_CUSTOM_IV) != 0)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CTS);
+ if (p != NULL
+ && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_CTS) != 0)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK);
+ if (p != NULL
+ && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_TLS1_MULTIBLOCK) != 0)) {
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
/*
* Variable key length cipher functions for OSSL_PARAM settables
*/
-
int ossl_cipher_var_keylen_set_ctx_params(void *vctx, const OSSL_PARAM params[])
{
PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
return 0;
}
if (key != NULL) {
- if ((ctx->flags & EVP_CIPH_VARIABLE_LENGTH) == 0) {
+ if (ctx->variable_keylength == 0) {
if (keylen != ctx->keylen) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN);
return 0;
{
PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
- ctx->flags = flags;
+ if ((flags & PROV_CIPHER_FLAG_INVERSE_CIPHER) != 0)
+ ctx->inverse_cipher = 1;
+ if ((flags & PROV_CIPHER_FLAG_VARIABLE_LENGTH) != 0)
+ ctx->variable_keylength = 1;
+
ctx->pad = 1;
ctx->keylen = ((kbits) / 8);
ctx->ivlen = ((ivbits) / 8);
return 1;
}
-int ccm_cipher(void *vctx,
- unsigned char *out, size_t *outl, size_t outsize,
- const unsigned char *in, size_t inl)
+int ccm_cipher(void *vctx, unsigned char *out, size_t *outl, size_t outsize,
+ const unsigned char *in, size_t inl)
{
PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
{
int num = dat->num;
- if ((dat->flags & EVP_CIPH_FLAG_LENGTH_BITS) != 0) {
+ if (dat->use_bits) {
CRYPTO_cfb128_1_encrypt(in, out, len, dat->ks, dat->iv, &num,
dat->enc, dat->block);
dat->num = num;
/* TODO(3.0): VERIFY ME */
#define MAX_TLS_MAC_SIZE 48
+/* Internal flags that can be queried */
+#define PROV_CIPHER_FLAG_AEAD 0x0001
+#define PROV_CIPHER_FLAG_CUSTOM_IV 0x0002
+#define PROV_CIPHER_FLAG_CTS 0x0004
+#define PROV_CIPHER_FLAG_TLS1_MULTIBLOCK 0x0008
+/* Internal flags that are only used within the provider */
+#define PROV_CIPHER_FLAG_VARIABLE_LENGTH 0x0010
+#define PROV_CIPHER_FLAG_INVERSE_CIPHER 0x0020
+
struct prov_cipher_ctx_st {
block128_f block;
union {
unsigned int enc : 1; /* Set to 1 for encrypt, or 0 otherwise */
unsigned int iv_set : 1; /* Set when the iv is copied to the iv/oiv buffers */
unsigned int updated : 1; /* Set to 1 during update for one shot ciphers */
-
+ unsigned int variable_keylength : 1;
+ unsigned int inverse_cipher : 1; /* set to 1 to use inverse cipher */
+ unsigned int use_bits : 1; /* Set to 0 for cfb1 to use bits instead of bytes */
unsigned int tlsversion; /* If TLS padding is in use the TLS version number */
unsigned char *tlsmac; /* tls MAC extracted from the last record */
* manage partial blocks themselves.
*/
unsigned int num;
- uint64_t flags;
/* The original value of the iv */
unsigned char oiv[GENERIC_BLOCK_SIZE];
OSSL_FUNC_cipher_settable_ctx_params_fn ossl_cipher_aead_settable_ctx_params;
int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md,
- unsigned long flags,
- size_t kbits, size_t blkbits, size_t ivbits);
+ uint64_t flags,
+ size_t kbits, size_t blkbits, size_t ivbits);
void ossl_cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits,
- size_t ivbits, unsigned int mode, uint64_t flags,
- const PROV_CIPHER_HW *hw, void *provctx);
+ size_t ivbits, unsigned int mode,
+ uint64_t flags,
+ const PROV_CIPHER_HW *hw, void *provctx);
#define IMPLEMENT_generic_cipher_func(alg, UCALG, lcmode, UCMODE, flags, kbits,\
blkbits, ivbits, typ) \
#define UNINITIALISED_SIZET ((size_t)-1)
-/* TODO(3.0) Figure out what flags are really needed */
-#define AEAD_FLAGS (EVP_CIPH_FLAG_AEAD_CIPHER \
- | EVP_CIPH_CUSTOM_IV \
- | EVP_CIPH_ALWAYS_CALL_INIT \
- | EVP_CIPH_CTRL_INIT \
- | EVP_CIPH_CUSTOM_COPY)
+#define AEAD_FLAGS (PROV_CIPHER_FLAG_AEAD | PROV_CIPHER_FLAG_CUSTOM_IV)
#define IMPLEMENT_aead_cipher(alg, lc, UCMODE, flags, kbits, blkbits, ivbits) \
-static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lc##_get_params; \
+static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lc##_get_params; \
static int alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[]) \
{ \
- return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \
+ return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \
flags, kbits, blkbits, ivbits); \
} \
-static OSSL_FUNC_cipher_newctx_fn alg##kbits##lc##_newctx; \
+static OSSL_FUNC_cipher_newctx_fn alg##kbits##lc##_newctx; \
static void * alg##kbits##lc##_newctx(void *provctx) \
{ \
return alg##_##lc##_newctx(provctx, kbits); \
{ OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
(void (*)(void)) lc##_set_ctx_params }, \
{ OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
- (void (*)(void))ossl_cipher_generic_gettable_params }, \
+ (void (*)(void))ossl_cipher_generic_gettable_params }, \
{ OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
- (void (*)(void))ossl_cipher_aead_gettable_ctx_params }, \
+ (void (*)(void))ossl_cipher_aead_gettable_ctx_params }, \
{ OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
- (void (*)(void))ossl_cipher_aead_settable_ctx_params }, \
+ (void (*)(void))ossl_cipher_aead_settable_ctx_params }, \
{ 0, NULL } \
}