Add RC4 support to OpenBSD.
authorBen Laurie <ben@openssl.org>
Sat, 18 Aug 2001 16:04:36 +0000 (16:04 +0000)
committerBen Laurie <ben@openssl.org>
Sat, 18 Aug 2001 16:04:36 +0000 (16:04 +0000)
crypto/engine/hw_openbsd_dev_crypto.c
crypto/evp/evp.h
crypto/evp/evp_enc.c
crypto/evp/openbsd_hw.c

index 10a271c..b3e1d0e 100644 (file)
@@ -60,6 +60,7 @@
 static void load_ciphers(ENGINE *e)
     {
     ENGINE_add_cipher(e,EVP_dev_crypto_des_ede3_cbc());
+    ENGINE_add_cipher(e,EVP_dev_crypto_rc4());
     }
 
 ENGINE *ENGINE_openbsd_dev_crypto(void)
index 629782c..807b8e1 100644 (file)
@@ -558,6 +558,7 @@ const EVP_CIPHER *EVP_des_ede3_cbc(void);
 const EVP_CIPHER *EVP_desx_cbc(void);
 # ifdef OPENSSL_OPENBSD_DEV_CRYPTO
 const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void);
+const EVP_CIPHER *EVP_dev_crypto_rc4(void);
 # endif
 #endif
 #ifndef OPENSSL_NO_RC4
index e4f9bf0..83b7012 100644 (file)
@@ -222,6 +222,7 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        b=ctx->cipher->block_size;
        if (b == 1)
                {
+               EVP_CIPHER_CTX_cleanup(ctx);
                *outl=0;
                return 1;
                }
@@ -303,6 +304,7 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        b=ctx->cipher->block_size;
        if (ctx->flags & EVP_CIPH_NO_PADDING)
                {
+               EVP_CIPHER_CTX_cleanup(ctx);
                if(ctx->buf_len)
                        {
                        EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
@@ -315,12 +317,14 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
                {
                if (ctx->buf_len || !ctx->final_used)
                        {
+                       EVP_CIPHER_CTX_cleanup(ctx);
                        EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
                        return(0);
                        }
                n=ctx->final[b-1];
                if (n > b)
                        {
+                       EVP_CIPHER_CTX_cleanup(ctx);
                        EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
                        return(0);
                        }
@@ -328,6 +332,7 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
                        {
                        if (ctx->final[--b] != n)
                                {
+                               EVP_CIPHER_CTX_cleanup(ctx);
                                EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
                                return(0);
                                }
@@ -339,6 +344,7 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
                }
        else
                *outl=0;
+       EVP_CIPHER_CTX_cleanup(ctx);
        return(1);
        }
 
index 7de06ba..231ded8 100644 (file)
@@ -62,6 +62,7 @@
 
 /* longest key supported in hardware */
 #define MAX_HW_KEY     24
+#define MAX_HW_IV      8
 
 static int fd;
 static int dev_failed;
@@ -107,6 +108,7 @@ static int dev_crypto_init(EVP_CIPHER_CTX *ctx)
 
 static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
     {
+    printf("Cleanup %d\n",data(ctx)->ses);
     if(ioctl(fd,CIOCFSESSION,&data(ctx)->ses) == -1)
        err("CIOCFSESSION failed");
 
@@ -116,40 +118,34 @@ static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
     }
 
 /* FIXME: there should be some non-fatal way to report we fell back to s/w? */
-static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
-                                       const unsigned char *key,
-                                       const unsigned char *iv, int enc)
+static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx,int cipher,
+                              const unsigned char *key,int klen)
     {
     if(!dev_crypto_init(ctx))
-       {
-       /* fall back to using software... */
-       ctx->cipher=EVP_des_ede3_cbc();
-       return ctx->cipher->init(ctx,key,iv,enc);
-       }
-    memcpy(data(ctx)->key,key,24);
+       return 0;
+
+    assert(ctx->cipher->iv_len <= MAX_HW_IV);
+
+    memcpy(data(ctx)->key,key,klen);
     
-    data(ctx)->cipher=CRYPTO_3DES_CBC;
+    data(ctx)->cipher=cipher;
     data(ctx)->mac=0;
-    data(ctx)->keylen=24;
+    data(ctx)->keylen=klen;
 
     if (ioctl(fd,CIOCGSESSION,data(ctx)) == -1)
        {
        err("CIOCGSESSION failed");
-       /* fall back to using software... */
-       dev_crypto_cleanup(ctx);
-       ctx->cipher=EVP_des_ede3_cbc();
-       return ctx->cipher->init(ctx,key,iv,enc);
+       return 0;
        }
+    printf("Init %d\n",data(ctx)->ses);
     return 1;
     }
 
-static int dev_crypto_des_ede3_cbc_cipher(EVP_CIPHER_CTX *ctx, 
-                                         unsigned char *out,
-                                         const unsigned char *in,
-                                         unsigned int inl)
+static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
+                            const unsigned char *in,unsigned int inl)
     {
     struct crypt_op cryp;
-    unsigned char lb[8];
+    unsigned char lb[MAX_HW_IV];
 
     assert(data(ctx));
     assert(!dev_failed);
@@ -158,18 +154,16 @@ static int dev_crypto_des_ede3_cbc_cipher(EVP_CIPHER_CTX *ctx,
     cryp.ses=data(ctx)->ses;
     cryp.op=ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
     cryp.flags=0;
-#if 0
-    cryp.len=((inl+7)/8)*8;
-#endif
     cryp.len=inl;
-    assert((inl&7) == 0);
+    assert((inl&ctx->cipher->block_size) == 0);
     cryp.src=(caddr_t)in;
     cryp.dst=(caddr_t)out;
     cryp.mac=0;
-    cryp.iv=(caddr_t)ctx->iv;
+    if(ctx->cipher->iv_len)
+       cryp.iv=(caddr_t)ctx->iv;
 
     if(!ctx->encrypt)
-       memcpy(lb,&in[cryp.len-8],8);
+       memcpy(lb,&in[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
 
     if (ioctl(fd, CIOCCRYPT, &cryp) == -1)
        {
@@ -179,19 +173,49 @@ static int dev_crypto_des_ede3_cbc_cipher(EVP_CIPHER_CTX *ctx,
        }
 
     if(ctx->encrypt)
-       memcpy(ctx->iv,&out[cryp.len-8],8);
+       memcpy(ctx->iv,&out[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
     else
-       memcpy(ctx->iv,lb,8);
+       memcpy(ctx->iv,lb,ctx->cipher->iv_len);
 
     return 1;
     }
 
+static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
+                                       const unsigned char *key,
+                                       const unsigned char *iv, int enc)
+    { return dev_crypto_init_key(ctx,CRYPTO_3DES_CBC,key,24); }
+
+#define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher
+
 BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8,
                     0, dev_crypto_des_ede3_init_key,
                     dev_crypto_cleanup, 
                     EVP_CIPHER_set_asn1_iv,
                     EVP_CIPHER_get_asn1_iv,
                     NULL)
+
+static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx,
+                                       const unsigned char *key,
+                                       const unsigned char *iv, int enc)
+    { return dev_crypto_init_key(ctx,CRYPTO_ARC4,key,16); }
+
+static const EVP_CIPHER r4_cipher=
+    {
+    NID_rc4,
+    1,16,0,    /* FIXME: key should be up to 256 bytes */
+    EVP_CIPH_VARIABLE_LENGTH,
+    dev_crypto_rc4_init_key,
+    dev_crypto_cipher,
+    dev_crypto_cleanup,
+    sizeof(session_op),
+    NULL,
+    NULL,
+    NULL
+    };
+
+const EVP_CIPHER *EVP_dev_crypto_rc4(void)
+    { return &r4_cipher; }
+
 #else
 static void *dummy=&dummy;
 #endif