X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fevp%2Fevp_enc.c;h=efcb7e509a497639f39a323b577533a0dad57394;hp=96dc83b2a009a66d21139d12d83c7f7702f09d74;hb=f651c727f85813085355bb207cf913288108ed79;hpb=550f974a09942ace37cf3cf14021ea5e51e6dd11 diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 96dc83b2a0..efcb7e509a 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -17,9 +17,9 @@ #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" #include "internal/provider.h" -#include "evp_locl.h" +#include "evp_local.h" int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) { @@ -163,9 +163,20 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, case NID_aes_256_ctr: case NID_aes_192_ctr: case NID_aes_128_ctr: + case NID_aes_128_xts: + case NID_aes_256_xts: + case NID_aes_256_ocb: + case NID_aes_192_ocb: + case NID_aes_128_ocb: case NID_aes_256_gcm: case NID_aes_192_gcm: case NID_aes_128_gcm: + case NID_id_aes256_wrap: + case NID_id_aes256_wrap_pad: + case NID_id_aes192_wrap: + case NID_id_aes192_wrap_pad: + case NID_id_aes128_wrap: + case NID_id_aes128_wrap_pad: case NID_aria_256_gcm: case NID_aria_192_gcm: case NID_aria_128_gcm: @@ -228,7 +239,47 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, case NID_des_ede_ofb64: case NID_des_ede_cfb64: case NID_desx_cbc: + case NID_des_cbc: + case NID_des_ecb: + case NID_des_cfb1: + case NID_des_cfb8: + case NID_des_cfb64: + case NID_des_ofb64: case NID_id_smime_alg_CMS3DESwrap: + case NID_bf_cbc: + case NID_bf_ecb: + case NID_bf_cfb64: + case NID_bf_ofb64: + case NID_idea_cbc: + case NID_idea_ecb: + case NID_idea_cfb64: + case NID_idea_ofb64: + case NID_cast5_cbc: + case NID_cast5_ecb: + case NID_cast5_cfb64: + case NID_cast5_ofb64: + case NID_seed_cbc: + case NID_seed_ecb: + case NID_seed_cfb128: + case NID_seed_ofb128: + case NID_sm4_cbc: + case NID_sm4_ecb: + case NID_sm4_ctr: + case NID_sm4_cfb128: + case NID_sm4_ofb128: + case NID_rc4: + case NID_rc4_40: + case NID_rc5_cbc: + case NID_rc5_ecb: + case NID_rc5_cfb64: + case NID_rc5_ofb64: + case NID_rc2_cbc: + case NID_rc2_40_cbc: + case NID_rc2_64_cbc: + case NID_rc2_cfb64: + case NID_rc2_ofb64: + case NID_chacha20: + case NID_chacha20_poly1305: break; default: goto legacy; @@ -297,19 +348,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, return 0; } - switch (EVP_CIPHER_mode(ctx->cipher)) { - case EVP_CIPH_CFB_MODE: - case EVP_CIPH_OFB_MODE: - case EVP_CIPH_CBC_MODE: - /* For these modes we remember the original IV for later use */ - if (!ossl_assert(EVP_CIPHER_CTX_iv_length(ctx) <= (int)sizeof(ctx->oiv))) { - EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); - return 0; - } - if (iv != NULL) - memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); - } - if (enc) { if (ctx->cipher->einit == NULL) { EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); @@ -986,8 +1024,9 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) { int ok; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + size_t len = keylen; - params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &keylen); + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &len); ok = evp_do_ciph_ctx_setparams(c->cipher, c->provctx, params); if (ok != EVP_CTRL_RET_UNSUPPORTED) @@ -1010,13 +1049,14 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) { int ok; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + unsigned int pd = pad; if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING; else ctx->flags |= EVP_CIPH_NO_PADDING; - params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_PADDING, &pad); + params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_PADDING, &pd); ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params); return ok != 0; @@ -1026,7 +1066,8 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { int ret = EVP_CTRL_RET_UNSUPPORTED; int set_params = 1; - size_t sz; + size_t sz = arg; + unsigned int i; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; if (ctx == NULL || ctx->cipher == NULL) { @@ -1039,67 +1080,89 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) switch (type) { case EVP_CTRL_SET_KEY_LENGTH: - params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &arg); + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &sz); break; case EVP_CTRL_RAND_KEY: /* Used by DES */ set_params = 0; params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY, - ptr, (size_t)arg); + ptr, sz); break; + case EVP_CTRL_INIT: + /* + * TODO(3.0) EVP_CTRL_INIT is purely legacy, no provider counterpart + * As a matter of fact, this should be dead code, but some caller + * might still do a direct control call with this command, so... + * Legacy methods return 1 except for exceptional circumstances, so + * we do the same here to not be disruptive. + */ + return 1; case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */ - case EVP_CTRL_INIT: /* TODO(3.0) Purely legacy, no provider counterpart */ default: - return EVP_CTRL_RET_UNSUPPORTED; + goto end; case EVP_CTRL_GET_IV: set_params = 0; params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, - ptr, (size_t)arg); + ptr, sz); break; case EVP_CTRL_AEAD_SET_IVLEN: if (arg < 0) return 0; - sz = (size_t)arg; - params[0] = - OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, &sz); + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &sz); break; case EVP_CTRL_GCM_SET_IV_FIXED: params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, - ptr, (size_t)arg); + ptr, sz); break; - case EVP_CTRL_AEAD_SET_TAG: - params[0] = - OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, - ptr, (size_t)arg); + case EVP_CTRL_GET_RC5_ROUNDS: + set_params = 0; /* Fall thru */ + case EVP_CTRL_SET_RC5_ROUNDS: + if (arg < 0) + return 0; + i = (unsigned int)arg; + params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_ROUNDS, &i); break; case EVP_CTRL_AEAD_GET_TAG: - set_params = 0; + set_params = 0; /* Fall thru */ + case EVP_CTRL_AEAD_SET_TAG: params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, - ptr, (size_t)arg); + ptr, sz); + break; + case EVP_CTRL_AEAD_SET_MAC_KEY: + params[0] = + OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_MAC_KEY, + ptr, sz); break; case EVP_CTRL_AEAD_TLS1_AAD: /* This one does a set and a get - since it returns a padding size */ params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, - ptr, (size_t)arg); + ptr, sz); ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params); if (ret <= 0) - return ret; + goto end; params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, &sz); ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); if (ret <= 0) - return 0; + goto end; return sz; +#ifndef OPENSSL_NO_RC2 + case EVP_CTRL_GET_RC2_KEY_BITS: + set_params = 0; /* Fall thru */ + case EVP_CTRL_SET_RC2_KEY_BITS: + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_RC2_KEYBITS, &sz); + break; +#endif /* OPENSSL_NO_RC2 */ } if (set_params) ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params); else ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); - return ret; + goto end; /* TODO(3.0): Remove legacy code below */ legacy: @@ -1109,6 +1172,8 @@ legacy: } ret = ctx->cipher->ctrl(ctx, type, arg, ptr); + + end: if (ret == EVP_CTRL_RET_UNSUPPORTED) { EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); @@ -1145,14 +1210,14 @@ const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher) return NULL; } -const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(const EVP_CIPHER *cipher) +const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher) { if (cipher != NULL && cipher->settable_ctx_params != NULL) return cipher->settable_ctx_params(); return NULL; } -const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(const EVP_CIPHER *cipher) +const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher) { if (cipher != NULL && cipher->gettable_ctx_params != NULL) return cipher->gettable_ctx_params(); @@ -1259,7 +1324,32 @@ EVP_CIPHER *evp_cipher_new(void) return cipher; } -static void *evp_cipher_from_dispatch(const char *name, +/* + * FIPS module note: since internal fetches will be entirely + * provider based, we know that none of its code depends on legacy + * NIDs or any functionality that use them. + */ +#ifndef FIPS_MODE +/* TODO(3.x) get rid of the need for legacy NIDs */ +static void set_legacy_nid(const char *name, void *vlegacy_nid) +{ + int nid; + int *legacy_nid = vlegacy_nid; + + if (*legacy_nid == -1) /* We found a clash already */ + return; + if ((nid = OBJ_sn2nid(name)) == NID_undef + && (nid = OBJ_ln2nid(name)) == NID_undef) + return; + if (*legacy_nid != NID_undef && *legacy_nid != nid) { + *legacy_nid = -1; + return; + } + *legacy_nid = nid; +} +#endif + +static void *evp_cipher_from_dispatch(const int name_id, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, void *unused) @@ -1267,24 +1357,24 @@ static void *evp_cipher_from_dispatch(const char *name, EVP_CIPHER *cipher = NULL; int fnciphcnt = 0, fnctxcnt = 0; - if ((cipher = evp_cipher_new()) == NULL - || (cipher->name = OPENSSL_strdup(name)) == NULL) { - EVP_CIPHER_free(cipher); + if ((cipher = evp_cipher_new()) == NULL) { EVPerr(0, ERR_R_MALLOC_FAILURE); return NULL; } #ifndef FIPS_MODE - /* - * FIPS module note: since internal fetches will be entirely - * provider based, we know that none of its code depends on legacy - * NIDs or any functionality that use them. - * - * TODO(3.x) get rid of the need for legacy NIDs - */ - cipher->nid = OBJ_sn2nid(name); + /* TODO(3.x) get rid of the need for legacy NIDs */ + cipher->nid = NID_undef; + evp_names_do_all(prov, name_id, set_legacy_nid, &cipher->nid); + if (cipher->nid == -1) { + ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); + EVP_CIPHER_free(cipher); + return NULL; + } #endif + cipher->name_id = name_id; + for (; fns->function_id != 0; fns++) { switch (fns->function_id) { case OSSL_FUNC_CIPHER_NEWCTX: @@ -1427,14 +1517,13 @@ void EVP_CIPHER_free(EVP_CIPHER *cipher) if (i > 0) return; ossl_provider_free(cipher->prov); - OPENSSL_free(cipher->name); CRYPTO_THREAD_lock_free(cipher->lock); OPENSSL_free(cipher); } -void EVP_CIPHER_do_all_ex(OPENSSL_CTX *libctx, - void (*fn)(EVP_CIPHER *mac, void *arg), - void *arg) +void EVP_CIPHER_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_CIPHER *mac, void *arg), + void *arg) { evp_generic_do_all(libctx, OSSL_OP_CIPHER, (void (*)(void *, void *))fn, arg,