X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fevp%2Fevp_enc.c;h=4687a2b8e48e20d2a8f2a25e520ec92ec80a7fa4;hp=29b707a026a4d833294acd97c3fba7a3432a10af;hb=068489a27f74c5f5a779aef4618e68e46db746d4;hpb=36e619d70f86f9dd52c57b6ac8a3bfea3c0a2745 diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 29b707a026..4687a2b8e4 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,9 +17,9 @@ #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" #include "internal/provider.h" -#include "evp_locl.h" +#include "evp_local.h" int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) { @@ -35,7 +35,7 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) ctx->provctx = NULL; } if (ctx->fetched_cipher != NULL) - EVP_CIPHER_meth_free(ctx->fetched_cipher); + EVP_CIPHER_free(ctx->fetched_cipher); memset(ctx, 0, sizeof(*ctx)); return 1; @@ -51,7 +51,7 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) OPENSSL_cleanse(ctx->cipher_data, ctx->cipher->ctx_size); } OPENSSL_free(ctx->cipher_data); -#ifndef OPENSSL_NO_ENGINE +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) ENGINE_finish(ctx->engine); #endif memset(ctx, 0, sizeof(*ctx)); @@ -81,8 +81,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc) { - EVP_CIPHER *provciph = NULL; +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) ENGINE *tmpimpl = NULL; +#endif const EVP_CIPHER *tmpcipher; /* @@ -105,7 +106,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, /* TODO(3.0): Legacy work around code below. Remove this */ -#ifndef OPENSSL_NO_ENGINE +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) /* * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so * this context may already have an ENGINE! Try to avoid releasing the @@ -126,11 +127,13 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, * If there are engines involved then we should use legacy handling for now. */ if (ctx->engine != NULL - || impl != NULL - || tmpimpl != NULL) { +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) + || tmpimpl != NULL +#endif + || impl != NULL) { if (ctx->cipher == ctx->fetched_cipher) ctx->cipher = NULL; - EVP_CIPHER_meth_free(ctx->fetched_cipher); + EVP_CIPHER_free(ctx->fetched_cipher); ctx->fetched_cipher = NULL; goto legacy; } @@ -139,6 +142,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, if (tmpcipher->prov == NULL) { switch(tmpcipher->nid) { + case NID_undef: case NID_aes_256_ecb: case NID_aes_192_ecb: case NID_aes_128_ecb: @@ -160,6 +164,131 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, case NID_aes_256_ctr: case NID_aes_192_ctr: case NID_aes_128_ctr: + case NID_aes_128_xts: + case NID_aes_256_xts: + case NID_aes_256_ocb: + case NID_aes_192_ocb: + case NID_aes_128_ocb: + case NID_aes_256_gcm: + case NID_aes_192_gcm: + case NID_aes_128_gcm: + case NID_aes_256_siv: + case NID_aes_192_siv: + case NID_aes_128_siv: + case NID_aes_256_cbc_hmac_sha256: + case NID_aes_128_cbc_hmac_sha256: + case NID_aes_256_cbc_hmac_sha1: + case NID_aes_128_cbc_hmac_sha1: + case NID_id_aes256_wrap: + case NID_id_aes256_wrap_pad: + case NID_id_aes192_wrap: + case NID_id_aes192_wrap_pad: + case NID_id_aes128_wrap: + case NID_id_aes128_wrap_pad: + case NID_aria_256_gcm: + case NID_aria_192_gcm: + case NID_aria_128_gcm: + case NID_aes_256_ccm: + case NID_aes_192_ccm: + case NID_aes_128_ccm: + case NID_aria_256_ccm: + case NID_aria_192_ccm: + case NID_aria_128_ccm: + case NID_aria_256_ecb: + case NID_aria_192_ecb: + case NID_aria_128_ecb: + case NID_aria_256_cbc: + case NID_aria_192_cbc: + case NID_aria_128_cbc: + case NID_aria_256_ofb128: + case NID_aria_192_ofb128: + case NID_aria_128_ofb128: + case NID_aria_256_cfb128: + case NID_aria_192_cfb128: + case NID_aria_128_cfb128: + case NID_aria_256_cfb1: + case NID_aria_192_cfb1: + case NID_aria_128_cfb1: + case NID_aria_256_cfb8: + case NID_aria_192_cfb8: + case NID_aria_128_cfb8: + case NID_aria_256_ctr: + case NID_aria_192_ctr: + case NID_aria_128_ctr: + case NID_camellia_256_ecb: + case NID_camellia_192_ecb: + case NID_camellia_128_ecb: + case NID_camellia_256_cbc: + case NID_camellia_192_cbc: + case NID_camellia_128_cbc: + case NID_camellia_256_ofb128: + case NID_camellia_192_ofb128: + case NID_camellia_128_ofb128: + case NID_camellia_256_cfb128: + case NID_camellia_192_cfb128: + case NID_camellia_128_cfb128: + case NID_camellia_256_cfb1: + case NID_camellia_192_cfb1: + case NID_camellia_128_cfb1: + case NID_camellia_256_cfb8: + case NID_camellia_192_cfb8: + case NID_camellia_128_cfb8: + case NID_camellia_256_ctr: + case NID_camellia_192_ctr: + case NID_camellia_128_ctr: + case NID_des_ede3_cbc: + case NID_des_ede3_ecb: + case NID_des_ede3_ofb64: + case NID_des_ede3_cfb64: + case NID_des_ede3_cfb8: + case NID_des_ede3_cfb1: + case NID_des_ede_cbc: + case NID_des_ede_ecb: + case NID_des_ede_ofb64: + case NID_des_ede_cfb64: + case NID_desx_cbc: + case NID_des_cbc: + case NID_des_ecb: + case NID_des_cfb1: + case NID_des_cfb8: + case NID_des_cfb64: + case NID_des_ofb64: + case NID_id_smime_alg_CMS3DESwrap: + case NID_bf_cbc: + case NID_bf_ecb: + case NID_bf_cfb64: + case NID_bf_ofb64: + case NID_idea_cbc: + case NID_idea_ecb: + case NID_idea_cfb64: + case NID_idea_ofb64: + case NID_cast5_cbc: + case NID_cast5_ecb: + case NID_cast5_cfb64: + case NID_cast5_ofb64: + case NID_seed_cbc: + case NID_seed_ecb: + case NID_seed_cfb128: + case NID_seed_ofb128: + case NID_sm4_cbc: + case NID_sm4_ecb: + case NID_sm4_ctr: + case NID_sm4_cfb128: + case NID_sm4_ofb128: + case NID_rc4: + case NID_rc4_40: + case NID_rc5_cbc: + case NID_rc5_ecb: + case NID_rc5_cfb64: + case NID_rc5_ofb64: + case NID_rc2_cbc: + case NID_rc2_40_cbc: + case NID_rc2_64_cbc: + case NID_rc2_cfb64: + case NID_rc2_ofb64: + case NID_chacha20: + case NID_chacha20_poly1305: + case NID_rc4_hmac_md5: break; default: goto legacy; @@ -188,20 +317,29 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ctx->flags = flags; } - if (cipher != NULL) - ctx->cipher = cipher; - else + if (cipher == NULL) cipher = ctx->cipher; if (cipher->prov == NULL) { - provciph = EVP_CIPHER_fetch(NULL, OBJ_nid2sn(cipher->nid), ""); +#ifdef FIPS_MODE + /* We only do explicit fetches inside the FIPS module */ + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); + return 0; +#else + EVP_CIPHER *provciph = + EVP_CIPHER_fetch(NULL, + cipher->nid == NID_undef ? "NULL" + : OBJ_nid2sn(cipher->nid), + ""); + if (provciph == NULL) { EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; } cipher = provciph; - EVP_CIPHER_meth_free(ctx->fetched_cipher); + EVP_CIPHER_free(ctx->fetched_cipher); ctx->fetched_cipher = provciph; +#endif } ctx->cipher = cipher; @@ -222,19 +360,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, return 0; } - switch (EVP_CIPHER_mode(ctx->cipher)) { - case EVP_CIPH_CFB_MODE: - case EVP_CIPH_OFB_MODE: - case EVP_CIPH_CBC_MODE: - /* For these modes we remember the original IV for later use */ - if (!ossl_assert(EVP_CIPHER_CTX_iv_length(ctx) <= (int)sizeof(ctx->oiv))) { - EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); - return 0; - } - if (iv != NULL) - memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); - } - if (enc) { if (ctx->cipher->einit == NULL) { EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); @@ -279,7 +404,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ctx->encrypt = enc; ctx->flags = flags; } -#ifndef OPENSSL_NO_ENGINE +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) if (impl != NULL) { if (!ENGINE_init(impl)) { EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); @@ -335,7 +460,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, } } } -#ifndef OPENSSL_NO_ENGINE +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) skip_to_init: #endif if (ctx->cipher == NULL) @@ -495,11 +620,6 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, bl = ctx->cipher->block_size; - if (inl <= 0) { - *outl = 0; - return inl == 0; - } - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { /* If block size > 1 then the cipher will have to do this check */ if (bl == 1 && is_partially_overlapping(out, in, cmpl)) { @@ -515,6 +635,10 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, return 1; } + if (inl <= 0) { + *outl = 0; + return inl == 0; + } if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) { EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); return 0; @@ -577,7 +701,12 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return 0; } - if (ctx->cipher == NULL || ctx->cipher->prov == NULL) + if (ctx->cipher == NULL) { + EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_NO_CIPHER_SET); + return 0; + } + + if (ctx->cipher->prov == NULL) goto legacy; blocksize = EVP_CIPHER_CTX_block_size(ctx); @@ -742,11 +871,6 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) cmpl = (cmpl + 7) / 8; - if (inl <= 0) { - *outl = 0; - return inl == 0; - } - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { if (b == 1 && is_partially_overlapping(out, in, cmpl)) { EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); @@ -762,6 +886,11 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return 1; } + if (inl <= 0) { + *outl = 0; + return inl == 0; + } + if (ctx->flags & EVP_CIPH_NO_PADDING) return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl); @@ -821,7 +950,12 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) return 0; } - if (ctx->cipher == NULL || ctx->cipher->prov == NULL) + if (ctx->cipher == NULL) { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_NO_CIPHER_SET); + return 0; + } + + if (ctx->cipher->prov == NULL) goto legacy; blocksize = EVP_CIPHER_CTX_block_size(ctx); @@ -848,11 +982,6 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) legacy: *outl = 0; - if (ctx->cipher == NULL) { - EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_NO_CIPHER_SET); - return 0; - } - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { i = ctx->cipher->do_cipher(ctx, out, NULL, 0); if (i < 0) @@ -905,6 +1034,31 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) { + if (c->cipher->prov != NULL) { + int ok; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + size_t len = keylen; + + if (EVP_CIPHER_CTX_key_length(c) == keylen) + return 1; + + /* Check the cipher actually understands this parameter */ + if (OSSL_PARAM_locate_const(EVP_CIPHER_settable_ctx_params(c->cipher), + OSSL_CIPHER_PARAM_KEYLEN) == NULL) + return 0; + + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &len); + ok = evp_do_ciph_ctx_setparams(c->cipher, c->provctx, params); + + return ok > 0 ? 1 : 0; + } + + /* TODO(3.0) legacy code follows */ + + /* + * Note there have never been any built-in ciphers that define this flag + * since it was first introduced. + */ if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL); if (EVP_CIPHER_CTX_key_length(c) == keylen) @@ -919,47 +1073,219 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) { + int ok; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + unsigned int pd = pad; + if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING; else ctx->flags |= EVP_CIPH_NO_PADDING; - if (ctx->cipher != NULL && ctx->cipher->prov != NULL) { - OSSL_PARAM params[] = { - OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL), - OSSL_PARAM_END - }; + params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_PADDING, &pd); + ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params); - params[0].data = &pad; - - if (ctx->cipher->ctx_set_params == NULL) { - EVPerr(EVP_F_EVP_CIPHER_CTX_SET_PADDING, EVP_R_CTRL_NOT_IMPLEMENTED); - return 0; - } - - if (!ctx->cipher->ctx_set_params(ctx->provctx, params)) - return 0; - } - - return 1; + return ok != 0; } int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { - int ret; - - if (!ctx->cipher) { + int ret = EVP_CTRL_RET_UNSUPPORTED; + int set_params = 1; + size_t sz = arg; + unsigned int i; + OSSL_PARAM params[4] = { + OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END + }; + + if (ctx == NULL || ctx->cipher == NULL) { EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); return 0; } - if (!ctx->cipher->ctrl) { + if (ctx->cipher->prov == NULL) + goto legacy; + + switch (type) { + case EVP_CTRL_SET_KEY_LENGTH: + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &sz); + break; + case EVP_CTRL_RAND_KEY: /* Used by DES */ + set_params = 0; + params[0] = + OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY, + ptr, sz); + break; + + case EVP_CTRL_INIT: + /* + * TODO(3.0) EVP_CTRL_INIT is purely legacy, no provider counterpart + * As a matter of fact, this should be dead code, but some caller + * might still do a direct control call with this command, so... + * Legacy methods return 1 except for exceptional circumstances, so + * we do the same here to not be disruptive. + */ + return 1; + case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */ + default: + goto end; + case EVP_CTRL_GET_IV: + set_params = 0; + params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, + ptr, sz); + break; + case EVP_CTRL_AEAD_SET_IVLEN: + if (arg < 0) + return 0; + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &sz); + break; + case EVP_CTRL_AEAD_SET_IV_FIXED: + params[0] = OSSL_PARAM_construct_octet_string( + OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, ptr, sz); + break; + case EVP_CTRL_GCM_IV_GEN: + set_params = 0; + if (arg < 0) + sz = 0; /* special case that uses the iv length */ + params[0] = OSSL_PARAM_construct_octet_string( + OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, ptr, sz); + break; + case EVP_CTRL_GCM_SET_IV_INV: + if (arg < 0) + return 0; + params[0] = OSSL_PARAM_construct_octet_string( + OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV, ptr, sz); + break; + case EVP_CTRL_GET_RC5_ROUNDS: + set_params = 0; /* Fall thru */ + case EVP_CTRL_SET_RC5_ROUNDS: + if (arg < 0) + return 0; + i = (unsigned int)arg; + params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_ROUNDS, &i); + break; + case EVP_CTRL_SET_SPEED: + if (arg < 0) + return 0; + i = (unsigned int)arg; + params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_SPEED, &i); + break; + case EVP_CTRL_AEAD_GET_TAG: + set_params = 0; /* Fall thru */ + case EVP_CTRL_AEAD_SET_TAG: + params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, + ptr, sz); + break; + case EVP_CTRL_AEAD_TLS1_AAD: + /* This one does a set and a get - since it returns a size */ + params[0] = + OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, + ptr, sz); + ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params); + if (ret <= 0) + goto end; + params[0] = + OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, &sz); + ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); + if (ret <= 0) + goto end; + return sz; +#ifndef OPENSSL_NO_RC2 + case EVP_CTRL_GET_RC2_KEY_BITS: + set_params = 0; /* Fall thru */ + case EVP_CTRL_SET_RC2_KEY_BITS: + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_RC2_KEYBITS, &sz); + break; +#endif /* OPENSSL_NO_RC2 */ +#if !defined(OPENSSL_NO_MULTIBLOCK) + case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE: + params[0] = OSSL_PARAM_construct_size_t( + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT, &sz); + ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params); + if (ret <= 0) + return 0; + + params[0] = OSSL_PARAM_construct_size_t( + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE, &sz); + params[1] = OSSL_PARAM_construct_end(); + ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); + if (ret <= 0) + return 0; + return sz; + case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: { + EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *p = + (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr; + + if (arg < (int)sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)) + return 0; + + params[0] = OSSL_PARAM_construct_octet_string( + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD, (void*)p->inp, p->len); + params[1] = OSSL_PARAM_construct_uint( + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave); + ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params); + if (ret <= 0) + return ret; + /* Retrieve the return values changed by the set */ + params[0] = OSSL_PARAM_construct_size_t( + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN, &sz); + params[1] = OSSL_PARAM_construct_uint( + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave); + params[2] = OSSL_PARAM_construct_end(); + ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); + if (ret <= 0) + return 0; + return sz; + } + case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT: { + EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *p = + (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr; + + params[0] = OSSL_PARAM_construct_octet_string( + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC, p->out, p->len); + + params[1] = OSSL_PARAM_construct_octet_string( + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN, (void*)p->inp, + p->len); + params[2] = OSSL_PARAM_construct_uint( + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave); + ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params); + if (ret <= 0) + return ret; + params[0] = OSSL_PARAM_construct_size_t( + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN, &sz); + params[1] = OSSL_PARAM_construct_end(); + ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); + if (ret <= 0) + return 0; + return sz; + } +#endif /* OPENSSL_NO_MULTIBLOCK */ + case EVP_CTRL_AEAD_SET_MAC_KEY: + if (arg < 0) + return -1; + params[0] = OSSL_PARAM_construct_octet_string( + OSSL_CIPHER_PARAM_AEAD_MAC_KEY, ptr, sz); + break; + } + + if (set_params) + ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params); + else + ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); + goto end; + +/* TODO(3.0): Remove legacy code below */ +legacy: + if (ctx->cipher->ctrl == NULL) { EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); return 0; } ret = ctx->cipher->ctrl(ctx, type, arg, ptr); - if (ret == -1) { + + end: + if (ret == EVP_CTRL_RET_UNSUPPORTED) { EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); return 0; @@ -967,15 +1293,65 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) return ret; } +int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]) +{ + if (cipher != NULL && cipher->get_params != NULL) + return cipher->get_params(params); + return 0; +} + +int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]) +{ + if (ctx->cipher != NULL && ctx->cipher->set_ctx_params != NULL) + return ctx->cipher->set_ctx_params(ctx->provctx, params); + return 0; +} + +int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]) +{ + if (ctx->cipher != NULL && ctx->cipher->get_ctx_params != NULL) + return ctx->cipher->get_ctx_params(ctx->provctx, params); + return 0; +} + +const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher) +{ + if (cipher != NULL && cipher->gettable_params != NULL) + return cipher->gettable_params(); + return NULL; +} + +const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher) +{ + if (cipher != NULL && cipher->settable_ctx_params != NULL) + return cipher->settable_ctx_params(); + return NULL; +} + +const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher) +{ + if (cipher != NULL && cipher->gettable_ctx_params != NULL) + return cipher->gettable_ctx_params(); + return NULL; +} + int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) { - int kl; if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); - kl = EVP_CIPHER_CTX_key_length(ctx); - if (kl <= 0 || RAND_priv_bytes(key, kl) <= 0) - return 0; - return 1; + +#ifdef FIPS_MODE + return 0; +#else + { + int kl; + + kl = EVP_CIPHER_CTX_key_length(ctx); + if (kl <= 0 || RAND_priv_bytes(key, kl) <= 0) + return 0; + return 1; + } +#endif /* FIPS_MODE */ } int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) @@ -998,7 +1374,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) *out = *in; out->provctx = NULL; - if (in->fetched_cipher != NULL && !EVP_CIPHER_upref(in->fetched_cipher)) { + if (in->fetched_cipher != NULL && !EVP_CIPHER_up_ref(in->fetched_cipher)) { out->fetched_cipher = NULL; return 0; } @@ -1014,7 +1390,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) /* TODO(3.0): Remove legacy code below */ legacy: -#ifndef OPENSSL_NO_ENGINE +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) /* Make sure it's safe to copy a cipher context using an ENGINE */ if (in->engine && !ENGINE_init(in->engine)) { EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB); @@ -1044,14 +1420,76 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) return 1; } -static void *evp_cipher_from_dispatch(int nid, const OSSL_DISPATCH *fns, +EVP_CIPHER *evp_cipher_new(void) +{ + EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER)); + + if (cipher != NULL) { + cipher->lock = CRYPTO_THREAD_lock_new(); + if (cipher->lock == NULL) { + OPENSSL_free(cipher); + return NULL; + } + cipher->refcnt = 1; + } + return cipher; +} + +/* + * FIPS module note: since internal fetches will be entirely + * provider based, we know that none of its code depends on legacy + * NIDs or any functionality that use them. + */ +#ifndef FIPS_MODE +/* TODO(3.x) get rid of the need for legacy NIDs */ +static void set_legacy_nid(const char *name, void *vlegacy_nid) +{ + int nid; + int *legacy_nid = vlegacy_nid; + /* + * We use lowest level function to get the associated method, because + * higher level functions such as EVP_get_cipherbyname() have changed + * to look at providers too. + */ + const void *legacy_method = OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH); + + if (*legacy_nid == -1) /* We found a clash already */ + return; + if (legacy_method == NULL) + return; + nid = EVP_CIPHER_nid(legacy_method); + if (*legacy_nid != NID_undef && *legacy_nid != nid) { + *legacy_nid = -1; + return; + } + *legacy_nid = nid; +} +#endif + +static void *evp_cipher_from_dispatch(const int name_id, + const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov) { EVP_CIPHER *cipher = NULL; int fnciphcnt = 0, fnctxcnt = 0; - if ((cipher = EVP_CIPHER_meth_new(nid, 0, 0)) == NULL) + if ((cipher = evp_cipher_new()) == NULL) { + EVPerr(0, ERR_R_MALLOC_FAILURE); return NULL; + } + +#ifndef FIPS_MODE + /* TODO(3.x) get rid of the need for legacy NIDs */ + cipher->nid = NID_undef; + evp_names_do_all(prov, name_id, set_legacy_nid, &cipher->nid); + if (cipher->nid == -1) { + ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); + EVP_CIPHER_free(cipher); + return NULL; + } +#endif + + cipher->name_id = name_id; for (; fns->function_id != 0; fns++) { switch (fns->function_id) { @@ -1101,83 +1539,113 @@ static void *evp_cipher_from_dispatch(int nid, const OSSL_DISPATCH *fns, break; cipher->dupctx = OSSL_get_OP_cipher_dupctx(fns); break; - case OSSL_FUNC_CIPHER_KEY_LENGTH: - if (cipher->key_length != NULL) + case OSSL_FUNC_CIPHER_GET_PARAMS: + if (cipher->get_params != NULL) break; - cipher->key_length = OSSL_get_OP_cipher_key_length(fns); + cipher->get_params = OSSL_get_OP_cipher_get_params(fns); break; - case OSSL_FUNC_CIPHER_IV_LENGTH: - if (cipher->iv_length != NULL) + case OSSL_FUNC_CIPHER_GET_CTX_PARAMS: + if (cipher->get_ctx_params != NULL) break; - cipher->iv_length = OSSL_get_OP_cipher_iv_length(fns); + cipher->get_ctx_params = OSSL_get_OP_cipher_get_ctx_params(fns); break; - case OSSL_FUNC_CIPHER_BLOCK_SIZE: - if (cipher->blocksize != NULL) + case OSSL_FUNC_CIPHER_SET_CTX_PARAMS: + if (cipher->set_ctx_params != NULL) break; - cipher->blocksize = OSSL_get_OP_cipher_block_size(fns); + cipher->set_ctx_params = OSSL_get_OP_cipher_set_ctx_params(fns); break; - case OSSL_FUNC_CIPHER_GET_PARAMS: - if (cipher->get_params != NULL) + case OSSL_FUNC_CIPHER_GETTABLE_PARAMS: + if (cipher->gettable_params != NULL) break; - cipher->get_params = OSSL_get_OP_cipher_get_params(fns); + cipher->gettable_params = OSSL_get_OP_cipher_gettable_params(fns); break; - case OSSL_FUNC_CIPHER_CTX_GET_PARAMS: - if (cipher->ctx_get_params != NULL) + case OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS: + if (cipher->gettable_ctx_params != NULL) break; - cipher->ctx_get_params = OSSL_get_OP_cipher_ctx_get_params(fns); + cipher->gettable_ctx_params = + OSSL_get_OP_cipher_gettable_ctx_params(fns); break; - case OSSL_FUNC_CIPHER_CTX_SET_PARAMS: - if (cipher->ctx_set_params != NULL) + case OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS: + if (cipher->settable_ctx_params != NULL) break; - cipher->ctx_set_params = OSSL_get_OP_cipher_ctx_set_params(fns); + cipher->settable_ctx_params = + OSSL_get_OP_cipher_settable_ctx_params(fns); break; } } if ((fnciphcnt != 0 && fnciphcnt != 3 && fnciphcnt != 4) || (fnciphcnt == 0 && cipher->ccipher == NULL) - || fnctxcnt != 2 - || cipher->blocksize == NULL - || cipher->iv_length == NULL - || cipher->key_length == NULL) { + || fnctxcnt != 2) { /* * In order to be a consistent set of functions we must have at least * a complete set of "encrypt" functions, or a complete set of "decrypt" - * functions, or a single "cipher" function. In all cases we need a - * complete set of context management functions, as well as the - * blocksize, iv_length and key_length functions. + * functions, or a single "cipher" function. In all cases we need both + * the "newctx" and "freectx" functions. */ - EVP_CIPHER_meth_free(cipher); + EVP_CIPHER_free(cipher); EVPerr(EVP_F_EVP_CIPHER_FROM_DISPATCH, EVP_R_INVALID_PROVIDER_FUNCTIONS); return NULL; } cipher->prov = prov; if (prov != NULL) - ossl_provider_upref(prov); + ossl_provider_up_ref(prov); return cipher; } -static int evp_cipher_upref(void *cipher) +static int evp_cipher_up_ref(void *cipher) { - return EVP_CIPHER_upref(cipher); + return EVP_CIPHER_up_ref(cipher); } static void evp_cipher_free(void *cipher) { - EVP_CIPHER_meth_free(cipher); + EVP_CIPHER_free(cipher); } -static int evp_cipher_nid(void *vcipher) +EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties) { - EVP_CIPHER *cipher = vcipher; + EVP_CIPHER *cipher = + evp_generic_fetch(ctx, OSSL_OP_CIPHER, algorithm, properties, + evp_cipher_from_dispatch, evp_cipher_up_ref, + evp_cipher_free); + + if (cipher != NULL && !evp_cipher_cache_constants(cipher)) { + EVP_CIPHER_free(cipher); + cipher = NULL; + } + return cipher; +} - return cipher->nid; +int EVP_CIPHER_up_ref(EVP_CIPHER *cipher) +{ + int ref = 0; + + CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock); + return 1; } -EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, - const char *properties) +void EVP_CIPHER_free(EVP_CIPHER *cipher) +{ + int i; + + if (cipher == NULL) + return; + + CRYPTO_DOWN_REF(&cipher->refcnt, &i, cipher->lock); + if (i > 0) + return; + ossl_provider_free(cipher->prov); + CRYPTO_THREAD_lock_free(cipher->lock); + OPENSSL_free(cipher); +} + +void EVP_CIPHER_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_CIPHER *mac, void *arg), + void *arg) { - return evp_generic_fetch(ctx, OSSL_OP_CIPHER, algorithm, properties, - evp_cipher_from_dispatch, evp_cipher_upref, - evp_cipher_free, evp_cipher_nid); + evp_generic_do_all(libctx, OSSL_OP_CIPHER, + (void (*)(void *, void *))fn, arg, + evp_cipher_from_dispatch, evp_cipher_free); }