Make EVP_Encrypt*/EVP_Decrypt* and EVP_Cipher* provider aware

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)
This commit is contained in:
Matt Caswell 2019-04-03 15:38:07 +01:00
parent 1393722af3
commit df05f2ce6d
15 changed files with 559 additions and 33 deletions

View File

@ -785,6 +785,8 @@ EVP_F_EVP_CIPHER_ASN1_TO_PARAM:204:EVP_CIPHER_asn1_to_param
EVP_F_EVP_CIPHER_CTX_COPY:163:EVP_CIPHER_CTX_copy
EVP_F_EVP_CIPHER_CTX_CTRL:124:EVP_CIPHER_CTX_ctrl
EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH:122:EVP_CIPHER_CTX_set_key_length
EVP_F_EVP_CIPHER_CTX_SET_PADDING:237:EVP_CIPHER_CTX_set_padding
EVP_F_EVP_CIPHER_FROM_DISPATCH:238:evp_cipher_from_dispatch
EVP_F_EVP_CIPHER_PARAM_TO_ASN1:205:EVP_CIPHER_param_to_asn1
EVP_F_EVP_DECRYPTFINAL_EX:101:EVP_DecryptFinal_ex
EVP_F_EVP_DECRYPTUPDATE:166:EVP_DecryptUpdate
@ -2381,6 +2383,7 @@ EVP_R_INVALID_FIPS_MODE:168:invalid fips mode
EVP_R_INVALID_KEY:163:invalid key
EVP_R_INVALID_KEY_LENGTH:130:invalid key length
EVP_R_INVALID_OPERATION:148:invalid operation
EVP_R_INVALID_PROVIDER_FUNCTIONS:193:invalid provider functions
EVP_R_INVALID_SALT_LENGTH:186:invalid salt length
EVP_R_KEYGEN_FAILURE:120:keygen failure
EVP_R_KEY_SETUP_FAILED:180:key setup failed

View File

@ -11,6 +11,7 @@
#include <openssl/evp.h>
#include "internal/evp_int.h"
#include "internal/provider.h"
#include "evp_locl.h"
EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)
@ -21,6 +22,12 @@ EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)
cipher->nid = cipher_type;
cipher->block_size = block_size;
cipher->key_len = key_len;
cipher->lock = CRYPTO_THREAD_lock_new();
if (cipher->lock == NULL) {
OPENSSL_free(cipher);
return NULL;
}
cipher->refcnt = 1;
}
return cipher;
}
@ -30,14 +37,35 @@ EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher)
EVP_CIPHER *to = EVP_CIPHER_meth_new(cipher->nid, cipher->block_size,
cipher->key_len);
if (to != NULL)
if (to != NULL) {
CRYPTO_RWLOCK *lock = to->lock;
memcpy(to, cipher, sizeof(*to));
to->lock = lock;
}
return to;
}
void EVP_CIPHER_meth_free(EVP_CIPHER *cipher)
{
OPENSSL_free(cipher);
if (cipher != NULL) {
int i;
CRYPTO_DOWN_REF(&cipher->refcnt, &i, cipher->lock);
if (i > 0)
return;
ossl_provider_free(cipher->prov);
CRYPTO_THREAD_lock_free(cipher->lock);
OPENSSL_free(cipher);
}
}
int EVP_CIPHER_upref(EVP_CIPHER *cipher)
{
int ref = 0;
CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock);
return 1;
}
int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len)

View File

@ -517,7 +517,7 @@ static void *evp_md_from_dispatch(int mdtype, const OSSL_DISPATCH *fns,
md->dinit = OSSL_get_OP_digest_init(fns);
fncnt++;
break;
case OSSL_FUNC_DIGEST_UPDDATE:
case OSSL_FUNC_DIGEST_UPDATE:
if (md->dupdate != NULL)
break;
md->dupdate = OSSL_get_OP_digest_update(fns);

View File

@ -15,25 +15,46 @@
#include <openssl/rand.h>
#include <openssl/rand_drbg.h>
#include <openssl/engine.h>
#include <openssl/params.h>
#include <openssl/core_names.h>
#include "internal/evp_int.h"
#include "internal/provider.h"
#include "evp_locl.h"
int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
{
if (c == NULL)
if (ctx == NULL)
return 1;
if (c->cipher != NULL) {
if (c->cipher->cleanup && !c->cipher->cleanup(c))
if (ctx->cipher == NULL || ctx->cipher->prov == NULL)
goto legacy;
if (ctx->provctx != NULL) {
if (ctx->cipher->freectx != NULL)
ctx->cipher->freectx(ctx->provctx);
ctx->provctx = NULL;
}
if (ctx->fetched_cipher != NULL)
EVP_CIPHER_meth_free(ctx->fetched_cipher);
memset(ctx, 0, sizeof(*ctx));
return 1;
/* TODO(3.0): Remove legacy code below */
legacy:
if (ctx->cipher != NULL) {
if (ctx->cipher->cleanup && !ctx->cipher->cleanup(ctx))
return 0;
/* Cleanse cipher context data */
if (c->cipher_data && c->cipher->ctx_size)
OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
if (ctx->cipher_data && ctx->cipher->ctx_size)
OPENSSL_cleanse(ctx->cipher_data, ctx->cipher->ctx_size);
}
OPENSSL_free(c->cipher_data);
OPENSSL_free(ctx->cipher_data);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(c->engine);
ENGINE_finish(ctx->engine);
#endif
memset(c, 0, sizeof(*c));
memset(ctx, 0, sizeof(*ctx));
return 1;
}
@ -60,13 +81,30 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
ENGINE *impl, const unsigned char *key,
const unsigned char *iv, int enc)
{
if (enc == -1)
EVP_CIPHER *provciph = NULL;
ENGINE *tmpimpl = NULL;
const EVP_CIPHER *tmpcipher;
/*
* enc == 1 means we are encrypting.
* enc == 0 means we are decrypting.
* enc == -1 means, use the previously initialised value for encrypt/decrypt
*/
if (enc == -1) {
enc = ctx->encrypt;
else {
} else {
if (enc)
enc = 1;
ctx->encrypt = enc;
}
if (cipher == NULL && ctx->cipher == NULL) {
EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
return 0;
}
/* TODO(3.0): Legacy work around code below. Remove this */
#ifndef OPENSSL_NO_ENGINE
/*
* Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
@ -77,11 +115,114 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
if (ctx->engine && ctx->cipher
&& (cipher == NULL || cipher->nid == ctx->cipher->nid))
goto skip_to_init;
if (cipher != NULL && impl == NULL) {
/* Ask if an ENGINE is reserved for this job */
tmpimpl = ENGINE_get_cipher_engine(cipher->nid);
}
#endif
if (cipher) {
/*
* If there are engines involved then we should use legacy handling for now.
*/
if (ctx->engine != NULL
|| impl != NULL
|| tmpimpl != NULL) {
if (ctx->cipher == ctx->fetched_cipher)
ctx->cipher = NULL;
EVP_CIPHER_meth_free(ctx->fetched_cipher);
ctx->fetched_cipher = NULL;
goto legacy;
}
tmpcipher = (cipher == NULL) ? ctx->cipher : cipher;
if (tmpcipher->prov == NULL) {
switch(tmpcipher->nid) {
default:
goto legacy;
}
}
/*
* Ensure a context left lying around from last time is cleared
* (legacy code)
*/
if (cipher != NULL && ctx->cipher != NULL) {
OPENSSL_clear_free(ctx->cipher_data, ctx->cipher->ctx_size);
ctx->cipher_data = NULL;
}
/* TODO(3.0): Start of non-legacy code below */
/* Ensure a context left lying around from last time is cleared */
if (cipher != NULL && ctx->cipher != NULL) {
unsigned long flags = ctx->flags;
EVP_CIPHER_CTX_reset(ctx);
/* Restore encrypt and flags */
ctx->encrypt = enc;
ctx->flags = flags;
}
if (cipher != NULL)
ctx->cipher = cipher;
else
cipher = ctx->cipher;
if (cipher->prov == NULL) {
provciph = EVP_CIPHER_fetch(NULL, OBJ_nid2sn(cipher->nid), "");
if (provciph == NULL) {
EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
return 0;
}
cipher = provciph;
EVP_CIPHER_meth_free(ctx->fetched_cipher);
ctx->fetched_cipher = provciph;
}
ctx->cipher = cipher;
if (ctx->provctx == NULL) {
ctx->provctx = ctx->cipher->newctx();
if (ctx->provctx == NULL) {
EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
return 0;
}
}
if ((ctx->flags & EVP_CIPH_NO_PADDING) != 0) {
/*
* Ensure a context left lying around from last time is cleared (the
* previous check attempted to avoid this if the same ENGINE and
* If this ctx was already set up for no padding then we need to tell
* the new cipher about it.
*/
if (!EVP_CIPHER_CTX_set_padding(ctx, 0))
return 0;
}
if (enc) {
if (ctx->cipher->einit == NULL) {
EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
return 0;
}
return ctx->cipher->einit(ctx->provctx, key, iv);
}
if (ctx->cipher->dinit == NULL) {
EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
return 0;
}
return ctx->cipher->dinit(ctx->provctx, key, iv);
/* TODO(3.0): Remove legacy code below */
legacy:
if (cipher != NULL) {
/*
* Ensure a context left lying around from last time is cleared (we
* previously attempted to avoid this if the same ENGINE and
* EVP_CIPHER could be used).
*/
if (ctx->cipher) {
@ -92,18 +233,19 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
ctx->flags = flags;
}
#ifndef OPENSSL_NO_ENGINE
if (impl) {
if (impl != NULL) {
if (!ENGINE_init(impl)) {
EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
return 0;
}
} else
/* Ask if an ENGINE is reserved for this job */
impl = ENGINE_get_cipher_engine(cipher->nid);
if (impl) {
} else {
impl = tmpimpl;
}
if (impl != NULL) {
/* There's an ENGINE for this job ... (apparently) */
const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
if (!c) {
if (c == NULL) {
/*
* One positive side-effect of US's export control history,
* is that we should at least be able to avoid using US
@ -119,8 +261,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
* from an ENGINE and we need to release it when done.
*/
ctx->engine = impl;
} else
} else {
ctx->engine = NULL;
}
#endif
ctx->cipher = cipher;
@ -144,9 +287,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
return 0;
}
}
} else if (!ctx->cipher) {
EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
return 0;
}
#ifndef OPENSSL_NO_ENGINE
skip_to_init:
@ -377,12 +517,34 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
int ret;
size_t soutl;
/* Prevent accidental use of decryption context when encrypting */
if (!ctx->encrypt) {
EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_INVALID_OPERATION);
return 0;
}
if (ctx->cipher == NULL || ctx->cipher->prov == NULL)
goto legacy;
if (ctx->cipher->cupdate == NULL) {
EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_UPDATE_ERROR);
return 0;
}
ret = ctx->cipher->cupdate(ctx->provctx, out, &soutl, in, (size_t)inl);
if (soutl > INT_MAX) {
EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_UPDATE_ERROR);
return 0;
}
*outl = soutl;
return ret;
/* TODO(3.0): Remove legacy code below */
legacy:
return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
}
@ -397,6 +559,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
int n, ret;
unsigned int i, b, bl;
size_t soutl;
/* Prevent accidental use of decryption context when encrypting */
if (!ctx->encrypt) {
@ -404,6 +567,27 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
return 0;
}
if (ctx->cipher == NULL || ctx->cipher->prov == NULL)
goto legacy;
if (ctx->cipher->cfinal == NULL) {
EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_FINAL_ERROR);
return 0;
}
ret = ctx->cipher->cfinal(ctx->provctx, out, &soutl);
if (soutl > INT_MAX) {
EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_FINAL_ERROR);
return 0;
}
*outl = soutl;
return ret;
/* TODO(3.0): Remove legacy code below */
legacy:
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
if (ret < 0)
@ -444,8 +628,9 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
int fix_len, cmpl = inl;
int fix_len, cmpl = inl, ret;
unsigned int b;
size_t soutl;
/* Prevent accidental use of encryption context when decrypting */
if (ctx->encrypt) {
@ -453,6 +638,28 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
return 0;
}
if (ctx->cipher == NULL || ctx->cipher->prov == NULL)
goto legacy;
if (ctx->cipher->cupdate == NULL) {
EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_UPDATE_ERROR);
return 0;
}
ret = ctx->cipher->cupdate(ctx->provctx, out, &soutl, in, (size_t)inl);
if (ret) {
if (soutl > INT_MAX) {
EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_UPDATE_ERROR);
return 0;
}
*outl = soutl;
}
return ret;
/* TODO(3.0): Remove legacy code below */
legacy:
b = ctx->cipher->block_size;
if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
@ -527,6 +734,8 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
int i, n;
unsigned int b;
size_t soutl;
int ret;
/* Prevent accidental use of encryption context when decrypting */
if (ctx->encrypt) {
@ -534,6 +743,29 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
return 0;
}
if (ctx->cipher == NULL || ctx->cipher->prov == NULL)
goto legacy;
if (ctx->cipher->cfinal == NULL) {
EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_FINAL_ERROR);
return 0;
}
ret = ctx->cipher->cfinal(ctx->provctx, out, &soutl);
if (ret) {
if (soutl > INT_MAX) {
EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_FINAL_ERROR);
return 0;
}
*outl = soutl;
}
return ret;
/* TODO(3.0): Remove legacy code below */
legacy:
*outl = 0;
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
@ -590,7 +822,7 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
{
if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
if (c->key_len == keylen)
if (EVP_CIPHER_CTX_key_length(c) == keylen)
return 1;
if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
c->key_len = keylen;
@ -606,6 +838,24 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
ctx->flags &= ~EVP_CIPH_NO_PADDING;
else
ctx->flags |= EVP_CIPH_NO_PADDING;
if (ctx->cipher != NULL && ctx->cipher->prov != NULL) {
OSSL_PARAM params[] = {
OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL),
OSSL_PARAM_END
};
params[0].data = &pad;
if (ctx->cipher->set_params == NULL) {
EVPerr(EVP_F_EVP_CIPHER_CTX_SET_PADDING, EVP_R_CTRL_NOT_IMPLEMENTED);
return 0;
}
if (!ctx->cipher->set_params(ctx->provctx, params))
return 0;
}
return 1;
}
@ -647,6 +897,36 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INPUT_NOT_INITIALIZED);
return 0;
}
if (in->cipher->prov == NULL)
goto legacy;
if (in->cipher->dupctx == NULL) {
EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_NOT_ABLE_TO_COPY_CTX);
return 0;
}
EVP_CIPHER_CTX_reset(out);
*out = *in;
out->provctx = NULL;
if (in->fetched_cipher != NULL || !EVP_CIPHER_upref(in->fetched_cipher)) {
out->fetched_cipher = NULL;
return 0;
}
out->provctx = in->cipher->dupctx(in->provctx);
if (out->provctx == NULL) {
EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_NOT_ABLE_TO_COPY_CTX);
return 0;
}
return 1;
/* TODO(3.0): Remove legacy code below */
legacy:
#ifndef OPENSSL_NO_ENGINE
/* Make sure it's safe to copy a cipher context using an ENGINE */
if (in->engine && !ENGINE_init(in->engine)) {
@ -676,3 +956,116 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
}
return 1;
}
static void *evp_cipher_from_dispatch(int nid, const OSSL_DISPATCH *fns,
OSSL_PROVIDER *prov)
{
EVP_CIPHER *cipher = NULL;
int fnciphcnt = 0, fnctxcnt = 0;
if ((cipher = EVP_CIPHER_meth_new(nid, 0, 0)) == NULL)
return NULL;
for (; fns->function_id != 0; fns++) {
switch (fns->function_id) {
case OSSL_FUNC_CIPHER_NEWCTX:
if (cipher->newctx != NULL)
break;
cipher->newctx = OSSL_get_OP_cipher_newctx(fns);
fnctxcnt++;
break;
case OSSL_FUNC_CIPHER_ENCRYPT_INIT:
if (cipher->einit != NULL)
break;
cipher->einit = OSSL_get_OP_cipher_encrypt_init(fns);
fnciphcnt++;
break;
case OSSL_FUNC_CIPHER_DECRYPT_INIT:
if (cipher->dinit != NULL)
break;
cipher->dinit = OSSL_get_OP_cipher_decrypt_init(fns);
fnciphcnt++;
break;
case OSSL_FUNC_CIPHER_UPDATE:
if (cipher->cupdate != NULL)
break;
cipher->cupdate = OSSL_get_OP_cipher_update(fns);
fnciphcnt++;
break;
case OSSL_FUNC_CIPHER_FINAL:
if (cipher->cfinal != NULL)
break;
cipher->cfinal = OSSL_get_OP_cipher_final(fns);
fnciphcnt++;
break;
case OSSL_FUNC_CIPHER_FREECTX:
if (cipher->freectx != NULL)
break;
cipher->freectx = OSSL_get_OP_cipher_freectx(fns);
fnctxcnt++;
break;
case OSSL_FUNC_CIPHER_DUPCTX:
if (cipher->dupctx != NULL)
break;
cipher->dupctx = OSSL_get_OP_cipher_dupctx(fns);
break;
case OSSL_FUNC_CIPHER_KEY_LENGTH:
if (cipher->key_length != NULL)
break;
cipher->key_length = OSSL_get_OP_cipher_key_length(fns);
break;
case OSSL_FUNC_CIPHER_GET_PARAMS:
if (cipher->get_params != NULL)
break;
cipher->get_params = OSSL_get_OP_cipher_get_params(fns);
break;
case OSSL_FUNC_CIPHER_SET_PARAMS:
if (cipher->set_params != NULL)
break;
cipher->set_params = OSSL_get_OP_cipher_set_params(fns);
break;
}
}
if ((fnciphcnt != 3 && fnciphcnt != 4)
|| fnctxcnt != 2) {
/*
* In order to be a consistent set of functions we must have at least
* a complete set of "encrypt" functions, or a complete set of "decrypt"
* functions. In both cases we need a complete set of context management
* functions
*/
EVP_CIPHER_meth_free(cipher);
EVPerr(EVP_F_EVP_CIPHER_FROM_DISPATCH, EVP_R_INVALID_PROVIDER_FUNCTIONS);
return NULL;
}
cipher->prov = prov;
if (prov != NULL)
ossl_provider_upref(prov);
return cipher;
}
static int evp_cipher_upref(void *cipher)
{
return EVP_CIPHER_upref(cipher);
}
static void evp_cipher_free(void *cipher)
{
EVP_CIPHER_meth_free(cipher);
}
static int evp_cipher_nid(void *vcipher)
{
EVP_CIPHER *cipher = vcipher;
return cipher->nid;
}
EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm,
const char *properties)
{
return evp_generic_fetch(ctx, OSSL_OP_CIPHER, algorithm, properties,
evp_cipher_from_dispatch, evp_cipher_upref,
evp_cipher_free, evp_cipher_nid);
}

View File

@ -53,6 +53,10 @@ static const ERR_STRING_DATA EVP_str_functs[] = {
"EVP_CIPHER_CTX_ctrl"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, 0),
"EVP_CIPHER_CTX_set_key_length"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_SET_PADDING, 0),
"EVP_CIPHER_CTX_set_padding"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_FROM_DISPATCH, 0),
"evp_cipher_from_dispatch"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_PARAM_TO_ASN1, 0),
"EVP_CIPHER_param_to_asn1"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, 0),
@ -246,6 +250,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_OPERATION), "invalid operation"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_PROVIDER_FUNCTIONS),
"invalid provider functions"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_SALT_LENGTH),
"invalid salt length"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_KEYGEN_FAILURE), "keygen failure"},

View File

@ -278,11 +278,23 @@ void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num)
int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
{
if (cipher->prov != NULL) {
if (cipher->key_length != NULL)
return (int)cipher->key_length();
return -1;
}
return cipher->key_len;
}
int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
{
/*
* TODO(3.0): This may need to change if/when we introduce variable length
* key ciphers into the providers.
*/
if (ctx->cipher != NULL && ctx->cipher->prov != NULL)
return EVP_CIPHER_key_length(ctx->cipher);
return ctx->key_len;
}
@ -353,12 +365,16 @@ EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)
}
return md;
}
EVP_MD *EVP_MD_meth_dup(const EVP_MD *md)
{
EVP_MD *to = EVP_MD_meth_new(md->type, md->pkey_type);
if (to != NULL)
if (to != NULL) {
CRYPTO_RWLOCK *lock = to->lock;
memcpy(to, md, sizeof(*to));
to->lock = lock;
}
return to;
}

View File

@ -44,6 +44,10 @@ struct evp_cipher_ctx_st {
int final_used;
int block_mask;
unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
/* Provider ctx */
void *provctx;
EVP_CIPHER *fetched_cipher;
} /* EVP_CIPHER_CTX */ ;
struct evp_mac_ctx_st {

View File

@ -210,10 +210,14 @@ struct evp_md_st {
struct evp_cipher_st {
int nid;
int block_size;
/* Default value for variable length ciphers */
int key_len;
int iv_len;
/* Legacy structure members */
/* TODO(3.0): Remove these */
/* Various flags */
unsigned long flags;
/* init key */
@ -234,6 +238,22 @@ struct evp_cipher_st {
int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr);
/* Application data */
void *app_data;
/* New structure members */
/* TODO(3.0): Remove above comment when legacy has gone */
OSSL_PROVIDER *prov;
CRYPTO_REF_COUNT refcnt;
CRYPTO_RWLOCK *lock;
OSSL_OP_cipher_newctx_fn *newctx;
OSSL_OP_cipher_encrypt_init_fn *einit;
OSSL_OP_cipher_decrypt_init_fn *dinit;
OSSL_OP_cipher_update_fn *cupdate;
OSSL_OP_cipher_final_fn *cfinal;
OSSL_OP_cipher_freectx_fn *freectx;
OSSL_OP_cipher_dupctx_fn *dupctx;
OSSL_OP_cipher_key_length_fn *key_length;
OSSL_OP_cipher_get_params_fn *get_params;
OSSL_OP_cipher_get_params_fn *set_params;
} /* EVP_CIPHER */ ;
/* Macros to code block cipher wrappers */

View File

@ -34,6 +34,11 @@ extern "C" {
*/
#define OSSL_PROV_PARAM_BUILDINFO "buildinfo"
/* Well known cipher parameters */
#define OSSL_CIPHER_PARAM_PADDING "padding"
# ifdef __cplusplus
}
# endif

View File

@ -78,7 +78,7 @@ OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation,
# define OSSL_FUNC_DIGEST_NEWCTX 1
# define OSSL_FUNC_DIGEST_INIT 2
# define OSSL_FUNC_DIGEST_UPDDATE 3
# define OSSL_FUNC_DIGEST_UPDATE 3
# define OSSL_FUNC_DIGEST_FINAL 4
# define OSSL_FUNC_DIGEST_DIGEST 5
# define OSSL_FUNC_DIGEST_FREECTX 6
@ -86,6 +86,7 @@ OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation,
# define OSSL_FUNC_DIGEST_SIZE 8
# define OSSL_FUNC_DIGEST_BLOCK_SIZE 9
OSSL_CORE_MAKE_FUNC(void *, OP_digest_newctx, (void))
OSSL_CORE_MAKE_FUNC(int, OP_digest_init, (void *vctx))
OSSL_CORE_MAKE_FUNC(int, OP_digest_update,
@ -95,12 +96,54 @@ OSSL_CORE_MAKE_FUNC(int, OP_digest_final,
OSSL_CORE_MAKE_FUNC(int, OP_digest_digest,
(const unsigned char *in, size_t inl, unsigned char *out,
size_t *out_l, size_t outsz))
OSSL_CORE_MAKE_FUNC(void, OP_digest_cleanctx, (void *vctx))
OSSL_CORE_MAKE_FUNC(void, OP_digest_freectx, (void *vctx))
OSSL_CORE_MAKE_FUNC(void *, OP_digest_dupctx, (void *vctx))
OSSL_CORE_MAKE_FUNC(size_t, OP_digest_size, (void))
OSSL_CORE_MAKE_FUNC(size_t, OP_digest_block_size, (void))
/* Symmetric Ciphers */
# define OSSL_OP_CIPHER 2
# define OSSL_FUNC_CIPHER_NEWCTX 1
# define OSSL_FUNC_CIPHER_ENCRYPT_INIT 2
# define OSSL_FUNC_CIPHER_DECRYPT_INIT 3
# define OSSL_FUNC_CIPHER_UPDATE 4
# define OSSL_FUNC_CIPHER_FINAL 5
# define OSSL_FUNC_CIPHER_FREECTX 6
# define OSSL_FUNC_CIPHER_DUPCTX 7
# define OSSL_FUNC_CIPHER_KEY_LENGTH 8
# define OSSL_FUNC_CIPHER_GET_PARAMS 9
# define OSSL_FUNC_CIPHER_SET_PARAMS 10
OSSL_CORE_MAKE_FUNC(void *, OP_cipher_newctx, (void))
OSSL_CORE_MAKE_FUNC(int, OP_cipher_encrypt_init, (void *vctx,
const unsigned char *key,
const unsigned char *iv))
OSSL_CORE_MAKE_FUNC(int, OP_cipher_decrypt_init, (void *vctx,
const unsigned char *key,
const unsigned char *iv))
OSSL_CORE_MAKE_FUNC(int, OP_cipher_update,
(void *, unsigned char *out, size_t *outl,
const unsigned char *in, size_t inl))
OSSL_CORE_MAKE_FUNC(int, OP_cipher_final,
(void *, unsigned char *out, size_t *outl))
OSSL_CORE_MAKE_FUNC(int, OP_cipher_cipher,
(void *, unsigned char *out, const unsigned char *in,
size_t inl))
OSSL_CORE_MAKE_FUNC(void, OP_cipher_freectx, (void *vctx))
OSSL_CORE_MAKE_FUNC(void *, OP_cipher_dupctx, (void *vctx))
OSSL_CORE_MAKE_FUNC(size_t, OP_cipher_key_length, (void))
OSSL_CORE_MAKE_FUNC(int, OP_cipher_get_params, (void *vctx,
const OSSL_PARAM params[]))
OSSL_CORE_MAKE_FUNC(int, OP_cipher_set_params, (void *vctx,
const OSSL_PARAM params[]))
# ifdef __cplusplus
}
# endif

View File

@ -190,6 +190,7 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher);
void EVP_CIPHER_meth_free(EVP_CIPHER *cipher);
int EVP_CIPHER_upref(EVP_CIPHER *cipher);
int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len);
int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags);
@ -474,6 +475,8 @@ int EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher);
# define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE)
EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm,
const char *properties);
const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx);

View File

@ -55,6 +55,8 @@ int ERR_load_EVP_strings(void);
# define EVP_F_EVP_CIPHER_CTX_COPY 163
# define EVP_F_EVP_CIPHER_CTX_CTRL 124
# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
# define EVP_F_EVP_CIPHER_CTX_SET_PADDING 237
# define EVP_F_EVP_CIPHER_FROM_DISPATCH 238
# define EVP_F_EVP_CIPHER_PARAM_TO_ASN1 205
# define EVP_F_EVP_DECRYPTFINAL_EX 101
# define EVP_F_EVP_DECRYPTUPDATE 166
@ -190,6 +192,7 @@ int ERR_load_EVP_strings(void);
# define EVP_R_INVALID_KEY 163
# define EVP_R_INVALID_KEY_LENGTH 130
# define EVP_R_INVALID_OPERATION 148
# define EVP_R_INVALID_PROVIDER_FUNCTIONS 193
# define EVP_R_INVALID_SALT_LENGTH 186
# define EVP_R_KEYGEN_FAILURE 120
# define EVP_R_KEY_SETUP_FAILED 180

View File

@ -77,7 +77,7 @@ extern const OSSL_DISPATCH sha256_functions[];
const OSSL_DISPATCH sha256_functions[] = {
{ OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))sha256_newctx },
{ OSSL_FUNC_DIGEST_INIT, (void (*)(void))SHA256_Init },
{ OSSL_FUNC_DIGEST_UPDDATE, (void (*)(void))SHA256_Update },
{ OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))SHA256_Update },
{ OSSL_FUNC_DIGEST_FINAL, (void (*)(void))sha256_final },
{ OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))sha256_freectx },
{ OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))sha256_dupctx },

View File

@ -54,7 +54,7 @@ extern const OSSL_DISPATCH md2_functions[];
const OSSL_DISPATCH md2_functions[] = {
{ OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))md2_newctx },
{ OSSL_FUNC_DIGEST_INIT, (void (*)(void))MD2_Init },
{ OSSL_FUNC_DIGEST_UPDDATE, (void (*)(void))MD2_Update },
{ OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))MD2_Update },
{ OSSL_FUNC_DIGEST_FINAL, (void (*)(void))md2_final },
{ OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))md2_freectx },
{ OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))md2_dupctx },

View File

@ -4796,3 +4796,5 @@ EVP_MD_fetch 4743 3_0_0 EXIST::FUNCTION:
EVP_set_default_properties 4744 3_0_0 EXIST::FUNCTION:
OSSL_PARAM_construct_end 4745 3_0_0 EXIST::FUNCTION:
EC_GROUP_check_named_curve 4746 3_0_0 EXIST::FUNCTION:EC
EVP_CIPHER_upref 4747 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_fetch 4748 3_0_0 EXIST::FUNCTION: