diff options
author | Benjamin Kaduk <bkaduk@akamai.com> | 2020-07-02 14:12:33 -0700 |
---|---|---|
committer | Benjamin Kaduk <bkaduk@akamai.com> | 2020-08-11 07:07:58 -0700 |
commit | 2f5c405a1694220cca7be8cd96958c1c1245f0ed (patch) | |
tree | 746b575781af4a6881efbec03ff149ec817d983e | |
parent | d91f902d73689c8a8c1bf684ff9d244197f8c7b3 (diff) |
Use local IV storage in EVP BLOCK_* macros
Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
EVP_CIPHER_CTX_iv_noconst() in evp.h.
These macros are internal-only, used to implement legacy libcrypto
EVP ciphers, with no real provider involvement. Accordingly, just use the
EVP_CIPHER_CTX storage directly and don't try to reach into a provider-side
context.
This does necessitate including evp_local.h in several more files.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
-rw-r--r-- | crypto/evp/e_bf.c | 1 | ||||
-rw-r--r-- | crypto/evp/e_cast.c | 1 | ||||
-rw-r--r-- | crypto/evp/e_idea.c | 1 | ||||
-rw-r--r-- | crypto/evp/e_rc2.c | 1 | ||||
-rw-r--r-- | crypto/evp/e_seed.c | 1 | ||||
-rw-r--r-- | include/crypto/evp.h | 10 |
6 files changed, 10 insertions, 5 deletions
diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c index c9ca56dc70..9e240d1124 100644 --- a/crypto/evp/e_bf.c +++ b/crypto/evp/e_bf.c @@ -20,6 +20,7 @@ # include "crypto/evp.h" # include <openssl/objects.h> # include <openssl/blowfish.h> +# include "evp_local.h" static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c index 9ee06d060b..8325a5f8d2 100644 --- a/crypto/evp/e_cast.c +++ b/crypto/evp/e_cast.c @@ -21,6 +21,7 @@ # include <openssl/objects.h> # include "crypto/evp.h" # include <openssl/cast.h> +# include "evp_local.h" static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c index 43665887da..a4778a2c05 100644 --- a/crypto/evp/e_idea.c +++ b/crypto/evp/e_idea.c @@ -22,6 +22,7 @@ # include <openssl/objects.h> # include "crypto/evp.h" # include <openssl/idea.h> +# include "evp_local.h" /* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */ diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index e8d7106935..a8fb18e72d 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -22,6 +22,7 @@ # include <openssl/objects.h> # include "crypto/evp.h" # include <openssl/rc2.h> +# include "evp_local.h" static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); diff --git a/crypto/evp/e_seed.c b/crypto/evp/e_seed.c index 3f223ce936..98c7385f61 100644 --- a/crypto/evp/e_seed.c +++ b/crypto/evp/e_seed.c @@ -20,6 +20,7 @@ #include <assert.h> #include <openssl/seed.h> #include "crypto/evp.h" +#include "evp_local.h" static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 9ded000c10..07f7ee15ea 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -311,7 +311,7 @@ static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns {\ while(inl>=EVP_MAXCHUNK) {\ int num = EVP_CIPHER_CTX_num(ctx);\ - cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \ + cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \ EVP_CIPHER_CTX_set_num(ctx, num);\ inl-=EVP_MAXCHUNK;\ in +=EVP_MAXCHUNK;\ @@ -319,7 +319,7 @@ static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns }\ if (inl) {\ int num = EVP_CIPHER_CTX_num(ctx);\ - cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \ + cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \ EVP_CIPHER_CTX_set_num(ctx, num);\ }\ return 1;\ @@ -330,13 +330,13 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns {\ while(inl>=EVP_MAXCHUNK) \ {\ - cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\ + cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_encrypting(ctx));\ inl-=EVP_MAXCHUNK;\ in +=EVP_MAXCHUNK;\ out+=EVP_MAXCHUNK;\ }\ if (inl)\ - cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\ + cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_encrypting(ctx));\ return 1;\ } @@ -353,7 +353,7 @@ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ((cbits == 1) \ && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \ ? chunk*8 : chunk), \ - &EVP_C_DATA(kstruct, ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx),\ + &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv,\ &num, EVP_CIPHER_CTX_encrypting(ctx));\ EVP_CIPHER_CTX_set_num(ctx, num);\ inl -= chunk;\ |