diff options
| author | Matt Caswell <matt@openssl.org> | 2019-04-03 18:01:21 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2019-04-19 09:31:54 +0100 |
| commit | 718b133a5328108099ecac0bf40d8fd4886e7b64 (patch) | |
| tree | 65908003868f45bb384fb106b57e80c4f365ec64 | |
| parent | f4a129bb8dc26488e29b06e06e96a76c93f966be (diff) | |
Implement AES CBC ciphers in the default provider
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)
| -rw-r--r-- | crypto/err/openssl.txt | 1 | ||||
| -rw-r--r-- | crypto/evp/evp_enc.c | 55 | ||||
| -rw-r--r-- | crypto/evp/evp_err.c | 1 | ||||
| -rw-r--r-- | crypto/evp/evp_lib.c | 115 | ||||
| -rw-r--r-- | crypto/include/internal/evp_int.h | 6 | ||||
| -rw-r--r-- | include/openssl/core_names.h | 1 | ||||
| -rw-r--r-- | include/openssl/core_numbers.h | 26 | ||||
| -rw-r--r-- | include/openssl/evp.h | 2 | ||||
| -rw-r--r-- | include/openssl/evperr.h | 1 | ||||
| -rw-r--r-- | providers/common/ciphers/aes.c | 158 | ||||
| -rw-r--r-- | providers/common/include/internal/provider_algs.h | 3 | ||||
| -rw-r--r-- | providers/default/defltprov.c | 3 | ||||
| -rw-r--r-- | util/libcrypto.num | 1 |
13 files changed, 261 insertions, 112 deletions
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 6a904d8e65..d914c5b4cb 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -787,6 +787,7 @@ EVP_F_EVP_CIPHER_CTX_CTRL:124:EVP_CIPHER_CTX_ctrl EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH:122:EVP_CIPHER_CTX_set_key_length EVP_F_EVP_CIPHER_CTX_SET_PADDING:237:EVP_CIPHER_CTX_set_padding EVP_F_EVP_CIPHER_FROM_DISPATCH:238:evp_cipher_from_dispatch +EVP_F_EVP_CIPHER_MODE:239:EVP_CIPHER_mode EVP_F_EVP_CIPHER_PARAM_TO_ASN1:205:EVP_CIPHER_param_to_asn1 EVP_F_EVP_DECRYPTFINAL_EX:101:EVP_DecryptFinal_ex EVP_F_EVP_DECRYPTUPDATE:166:EVP_DecryptUpdate diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 6dbc7147e4..7b22e21ee6 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -142,6 +142,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, case NID_aes_256_ecb: case NID_aes_192_ecb: case NID_aes_128_ecb: + case NID_aes_256_cbc: + case NID_aes_192_cbc: + case NID_aes_128_cbc: break; default: goto legacy; @@ -204,6 +207,19 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, return 0; } + switch (EVP_CIPHER_mode(ctx->cipher)) { + case EVP_CIPH_CFB_MODE: + case EVP_CIPH_OFB_MODE: + case EVP_CIPH_CBC_MODE: + /* For these modes we remember the original IV for later use */ + if (!ossl_assert(EVP_CIPHER_CTX_iv_length(ctx) <= (int)sizeof(ctx->oiv))) { + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); + return 0; + } + if (iv != NULL) + memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); + } + if (enc) { if (ctx->cipher->einit == NULL) { EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); @@ -851,12 +867,12 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) params[0].data = &pad; - if (ctx->cipher->set_params == NULL) { + if (ctx->cipher->ctx_set_params == NULL) { EVPerr(EVP_F_EVP_CIPHER_CTX_SET_PADDING, EVP_R_CTRL_NOT_IMPLEMENTED); return 0; } - if (!ctx->cipher->set_params(ctx->provctx, params)) + if (!ctx->cipher->ctx_set_params(ctx->provctx, params)) return 0; } @@ -915,7 +931,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) *out = *in; out->provctx = NULL; - if (in->fetched_cipher != NULL || !EVP_CIPHER_upref(in->fetched_cipher)) { + if (in->fetched_cipher != NULL && !EVP_CIPHER_upref(in->fetched_cipher)) { out->fetched_cipher = NULL; return 0; } @@ -1002,6 +1018,11 @@ static void *evp_cipher_from_dispatch(int nid, const OSSL_DISPATCH *fns, cipher->cfinal = OSSL_get_OP_cipher_final(fns); fnciphcnt++; break; + case OSSL_FUNC_CIPHER_CIPHER: + if (cipher->ccipher != NULL) + break; + cipher->ccipher = OSSL_get_OP_cipher_cipher(fns); + break; case OSSL_FUNC_CIPHER_FREECTX: if (cipher->freectx != NULL) break; @@ -1018,25 +1039,41 @@ static void *evp_cipher_from_dispatch(int nid, const OSSL_DISPATCH *fns, break; cipher->key_length = OSSL_get_OP_cipher_key_length(fns); break; + case OSSL_FUNC_CIPHER_IV_LENGTH: + if (cipher->iv_length != NULL) + break; + cipher->iv_length = OSSL_get_OP_cipher_iv_length(fns); + break; + case OSSL_FUNC_CIPHER_BLOCK_SIZE: + if (cipher->blocksize != NULL) + break; + cipher->blocksize = OSSL_get_OP_cipher_block_size(fns); + break; case OSSL_FUNC_CIPHER_GET_PARAMS: if (cipher->get_params != NULL) break; cipher->get_params = OSSL_get_OP_cipher_get_params(fns); break; - case OSSL_FUNC_CIPHER_SET_PARAMS: - if (cipher->set_params != NULL) + case OSSL_FUNC_CIPHER_CTX_GET_PARAMS: + if (cipher->ctx_get_params != NULL) + break; + cipher->ctx_get_params = OSSL_get_OP_cipher_ctx_get_params(fns); + break; + case OSSL_FUNC_CIPHER_CTX_SET_PARAMS: + if (cipher->ctx_set_params != NULL) break; - cipher->set_params = OSSL_get_OP_cipher_set_params(fns); + cipher->ctx_set_params = OSSL_get_OP_cipher_ctx_set_params(fns); break; } } - if ((fnciphcnt != 3 && fnciphcnt != 4) + if ((fnciphcnt != 0 && fnciphcnt != 3 && fnciphcnt != 4) + || (fnciphcnt == 0 && cipher->ccipher == NULL) || fnctxcnt != 2) { /* * In order to be a consistent set of functions we must have at least * a complete set of "encrypt" functions, or a complete set of "decrypt" - * functions. In both cases we need a complete set of context management - * functions + * functions, or a single "cipher" function. In all cases we need a + * complete set of context management functions */ EVP_CIPHER_meth_free(cipher); EVPerr(EVP_F_EVP_CIPHER_FROM_DISPATCH, EVP_R_INVALID_PROVIDER_FUNCTIONS); diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 9c79f8655e..3555c0e5f8 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -57,6 +57,7 @@ static const ERR_STRING_DATA EVP_str_functs[] = { "EVP_CIPHER_CTX_set_padding"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_FROM_DISPATCH, 0), "evp_cipher_from_dispatch"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_MODE, 0), "EVP_CIPHER_mode"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_PARAM_TO_ASN1, 0), "EVP_CIPHER_param_to_asn1"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, 0), diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index c99dd9e898..189c953266 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -11,6 +11,8 @@ #include "internal/cryptlib.h" #include <openssl/evp.h> #include <openssl/objects.h> +#include <openssl/params.h> +#include <openssl/core_names.h> #include "internal/evp_int.h" #include "internal/provider.h" #include "evp_locl.h" @@ -18,13 +20,28 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { int ret; + const EVP_CIPHER *cipher = c->cipher; - if (c->cipher->set_asn1_parameters != NULL) - ret = c->cipher->set_asn1_parameters(c, type); - else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { - switch (EVP_CIPHER_CTX_mode(c)) { + if (cipher->prov != NULL) { + /* + * The cipher has come from a provider and won't have the default flags. + * Find the implicit form so we can check the flags. + * TODO(3.0): This won't work for 3rd party ciphers we know nothing about + * We'll need to think of something else for those. + */ + cipher = EVP_get_cipherbynid(cipher->nid); + if (cipher == NULL) { + EVPerr(EVP_F_EVP_CIPHER_PARAM_TO_ASN1, ASN1_R_UNSUPPORTED_CIPHER); + return -1; + } + } + + if (cipher->set_asn1_parameters != NULL) + ret = cipher->set_asn1_parameters(c, type); + else if (cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { + switch (EVP_CIPHER_mode(cipher)) { case EVP_CIPH_WRAP_MODE: - if (EVP_CIPHER_CTX_nid(c) == NID_id_smime_alg_CMS3DESwrap) + if (EVP_CIPHER_nid(cipher) == NID_id_smime_alg_CMS3DESwrap) ASN1_TYPE_set(type, V_ASN1_NULL, NULL); ret = 1; break; @@ -53,11 +70,22 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { int ret; + const EVP_CIPHER *cipher = c->cipher; + + if (cipher->prov != NULL) { + /* + * The cipher has come from a provider and won't have the default flags. + * Find the implicit form so we can check the flags. + */ + cipher = EVP_get_cipherbynid(cipher->nid); + if (cipher == NULL) + return -1; + } - if (c->cipher->get_asn1_parameters != NULL) - ret = c->cipher->get_asn1_parameters(c, type); - else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { - switch (EVP_CIPHER_CTX_mode(c)) { + if (cipher->get_asn1_parameters != NULL) + ret = cipher->get_asn1_parameters(c, type); + else if (cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { + switch (EVP_CIPHER_mode(cipher)) { case EVP_CIPH_WRAP_MODE: ret = 1; @@ -85,19 +113,23 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) return ret; } -int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) +int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) { int i = 0; unsigned int l; if (type != NULL) { - l = EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(l <= sizeof(c->iv)); - i = ASN1_TYPE_get_octetstring(type, c->oiv, l); + unsigned char iv[EVP_MAX_IV_LENGTH]; + + l = EVP_CIPHER_CTX_iv_length(ctx); + if (!ossl_assert(l <= sizeof(iv))) + return -1; + i = ASN1_TYPE_get_octetstring(type, iv, l); if (i != (int)l) return -1; - else if (i > 0) - memcpy(c->iv, c->oiv, l); + + if (!EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1)) + return -1; } return i; } @@ -175,14 +207,20 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx) } } -int EVP_CIPHER_block_size(const EVP_CIPHER *e) +int EVP_CIPHER_block_size(const EVP_CIPHER *cipher) { - return e->block_size; + if (cipher->prov != NULL) { + if (cipher->blocksize != NULL) + return cipher->blocksize(); + /* We default to a block size of 1 */ + return 1; + } + return cipher->block_size; } int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) { - return ctx->cipher->block_size; + return EVP_CIPHER_block_size(ctx->cipher); } int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e) @@ -193,6 +231,12 @@ int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e) int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { + if (ctx->cipher->prov != NULL) { + if (ctx->cipher->ccipher != NULL) + return ctx->cipher->ccipher(ctx->provctx, out, in, (size_t)inl); + return 0; + } + return ctx->cipher->do_cipher(ctx, out, in, inl); } @@ -238,12 +282,18 @@ void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data) int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) { + if (cipher->prov != NULL) { + if (cipher->iv_length != NULL) + return (int)cipher->iv_length(); + return 0; + } + return cipher->iv_len; } int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) { - return ctx->cipher->iv_len; + return EVP_CIPHER_iv_length(ctx->cipher); } const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx) @@ -308,6 +358,33 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) return ctx->cipher->nid; } +int EVP_CIPHER_mode(const EVP_CIPHER *cipher) +{ + if (cipher->prov != NULL) { + int mode; + + /* Cipher comes from a provider - so ask the provider for the mode */ + OSSL_PARAM params[] = { + OSSL_PARAM_int(OSSL_CIPHER_PARAM_MODE, NULL), + OSSL_PARAM_END + }; + + params[0].data = &mode; + + if (cipher->get_params == NULL) { + EVPerr(EVP_F_EVP_CIPHER_MODE, EVP_R_CTRL_NOT_IMPLEMENTED); + return 0; + } + + if (!cipher->get_params(params)) + return 0; + + return mode; + } + return EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE; +} + + int EVP_MD_block_size(const EVP_MD *md) { if (md == NULL) { diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index e428a63d10..b3d9694618 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -249,11 +249,15 @@ struct evp_cipher_st { OSSL_OP_cipher_decrypt_init_fn *dinit; OSSL_OP_cipher_update_fn *cupdate; OSSL_OP_cipher_final_fn *cfinal; + OSSL_OP_cipher_cipher_fn *ccipher; OSSL_OP_cipher_freectx_fn *freectx; OSSL_OP_cipher_dupctx_fn *dupctx; OSSL_OP_cipher_key_length_fn *key_length; + OSSL_OP_cipher_iv_length_fn *iv_length; + OSSL_OP_cipher_block_size_fn *blocksize; OSSL_OP_cipher_get_params_fn *get_params; - OSSL_OP_cipher_get_params_fn *set_params; + OSSL_OP_cipher_ctx_get_params_fn *ctx_get_params; + OSSL_OP_cipher_ctx_set_params_fn *ctx_set_params; } /* EVP_CIPHER */ ; /* Macros to code block cipher wrappers */ diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 7a41778c2f..35a23d7421 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -38,6 +38,7 @@ extern "C" { /* Well known cipher parameters */ #define OSSL_CIPHER_PARAM_PADDING "padding" +#define OSSL_CIPHER_PARAM_MODE "mode" # ifdef __cplusplus } diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 7b17d2cbb8..8994374567 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -113,12 +113,15 @@ OSSL_CORE_MAKE_FUNC(size_t, OP_digest_block_size, (void)) # define OSSL_FUNC_CIPHER_DECRYPT_INIT 3 # define OSSL_FUNC_CIPHER_UPDATE 4 # define OSSL_FUNC_CIPHER_FINAL 5 -# define OSSL_FUNC_CIPHER_FREECTX 6 -# define OSSL_FUNC_CIPHER_DUPCTX 7 -# define OSSL_FUNC_CIPHER_KEY_LENGTH 8 -# define OSSL_FUNC_CIPHER_GET_PARAMS 9 -# define OSSL_FUNC_CIPHER_SET_PARAMS 10 - +# define OSSL_FUNC_CIPHER_CIPHER 6 +# define OSSL_FUNC_CIPHER_FREECTX 7 +# define OSSL_FUNC_CIPHER_DUPCTX 8 +# define OSSL_FUNC_CIPHER_KEY_LENGTH 9 +# define OSSL_FUNC_CIPHER_IV_LENGTH 10 +# define OSSL_FUNC_CIPHER_BLOCK_SIZE 11 +# define OSSL_FUNC_CIPHER_GET_PARAMS 12 +# define OSSL_FUNC_CIPHER_CTX_GET_PARAMS 13 +# define OSSL_FUNC_CIPHER_CTX_SET_PARAMS 14 OSSL_CORE_MAKE_FUNC(void *, OP_cipher_newctx, (void)) OSSL_CORE_MAKE_FUNC(int, OP_cipher_encrypt_init, (void *vctx, @@ -138,10 +141,13 @@ OSSL_CORE_MAKE_FUNC(int, OP_cipher_cipher, OSSL_CORE_MAKE_FUNC(void, OP_cipher_freectx, (void *vctx)) OSSL_CORE_MAKE_FUNC(void *, OP_cipher_dupctx, (void *vctx)) OSSL_CORE_MAKE_FUNC(size_t, OP_cipher_key_length, (void)) -OSSL_CORE_MAKE_FUNC(int, OP_cipher_get_params, (void *vctx, - const OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(int, OP_cipher_set_params, (void *vctx, - const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(size_t, OP_cipher_iv_length, (void)) +OSSL_CORE_MAKE_FUNC(size_t, OP_cipher_block_size, (void)) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_get_params, (const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_get_params, (void *vctx, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_set_params, (void *vctx, + const OSSL_PARAM params[])) # ifdef __cplusplus diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 0db9857304..6fc0f35114 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -474,7 +474,7 @@ int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher); int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); -# define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) +int EVP_CIPHER_mode(const EVP_CIPHER *cipher); EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, const char *properties); diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 417d6ae571..d88d4a8403 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -57,6 +57,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 # define EVP_F_EVP_CIPHER_CTX_SET_PADDING 237 # define EVP_F_EVP_CIPHER_FROM_DISPATCH 238 +# define EVP_F_EVP_CIPHER_MODE 239 # define EVP_F_EVP_CIPHER_PARAM_TO_ASN1 205 # define EVP_F_EVP_DECRYPTFINAL_EX 101 # define EVP_F_EVP_DECRYPTUPDATE 166 diff --git a/providers/common/ciphers/aes.c b/providers/common/ciphers/aes.c index 6a46e86910..3a278db6db 100644 --- a/providers/common/ciphers/aes.c +++ b/providers/common/ciphers/aes.c @@ -135,38 +135,52 @@ static int aes_final(void *vctx, unsigned char *out, size_t *outl) return 1; } -static void *aes_256_ecb_newctx(void) +static int aes_cipher(void *vctx, unsigned char *out, const unsigned char *in, + size_t inl) { - PROV_AES_KEY *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; + + if (!ctx->ciph->cipher(ctx, out, in, inl)) + return 0; - ctx->pad = 1; - ctx->keylen = 256 / 8; - ctx->ciph = PROV_AES_CIPHER_ecb(); - ctx->mode = EVP_CIPH_ECB_MODE; - return ctx; + return 1; } -static void *aes_192_ecb_newctx(void) -{ - PROV_AES_KEY *ctx = OPENSSL_zalloc(sizeof(*ctx)); +#define IMPLEMENT_new_params(lcmode, UCMODE) \ + static int aes_##lcmode##_get_params(const OSSL_PARAM params[]) \ + { \ + const OSSL_PARAM *p; \ + \ + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE); \ + if (p != NULL && !OSSL_PARAM_set_int(p, EVP_CIPH_##UCMODE##_MODE)) \ + return 0; \ + \ + return 1; \ + } - ctx->pad = 1; - ctx->keylen = 192 / 8; - ctx->ciph = PROV_AES_CIPHER_ecb(); - ctx->mode = EVP_CIPH_ECB_MODE; - return ctx; -} +#define IMPLEMENT_new_ctx(lcmode, UCMODE, len) \ + static void *aes_##len##_##lcmode##_newctx(void) \ + { \ + PROV_AES_KEY *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ + \ + ctx->pad = 1; \ + ctx->keylen = (len / 8); \ + ctx->ciph = PROV_AES_CIPHER_##lcmode(); \ + ctx->mode = EVP_CIPH_##UCMODE##_MODE; \ + return ctx; \ + } -static void *aes_128_ecb_newctx(void) -{ - PROV_AES_KEY *ctx = OPENSSL_zalloc(sizeof(*ctx)); +/* ECB */ +IMPLEMENT_new_params(ecb, ECB) +IMPLEMENT_new_ctx(ecb, ECB, 256) +IMPLEMENT_new_ctx(ecb, ECB, 192) +IMPLEMENT_new_ctx(ecb, ECB, 128) - ctx->pad = 1; - ctx->keylen = 128 / 8; - ctx->ciph = PROV_AES_CIPHER_ecb(); - ctx->mode = EVP_CIPH_ECB_MODE; - return ctx; -} +/* CBC */ +IMPLEMENT_new_params(cbc, CBC) +IMPLEMENT_new_ctx(cbc, CBC, 256) +IMPLEMENT_new_ctx(cbc, CBC, 192) +IMPLEMENT_new_ctx(cbc, CBC, 128) static void aes_freectx(void *vctx) { @@ -200,7 +214,22 @@ static size_t key_length_128(void) return 128 / 8; } -static int aes_get_params(void *vctx, const OSSL_PARAM params[]) +static size_t iv_length_16(void) +{ + return 16; +} + +static size_t iv_length_0(void) +{ + return 0; +} + +static size_t block_size_16(void) +{ + return 16; +} + +static int aes_ctx_get_params(void *vctx, const OSSL_PARAM params[]) { PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; const OSSL_PARAM *p; @@ -212,7 +241,7 @@ static int aes_get_params(void *vctx, const OSSL_PARAM params[]) return 1; } -static int aes_set_params(void *vctx, const OSSL_PARAM params[]) +static int aes_ctx_set_params(void *vctx, const OSSL_PARAM params[]) { PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; const OSSL_PARAM *p; @@ -228,48 +257,33 @@ static int aes_set_params(void *vctx, const OSSL_PARAM params[]) return 1; } -const OSSL_DISPATCH aes256ecb_functions[] = { - { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_256_ecb_newctx }, - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit }, - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit }, - { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_update }, - { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_final }, - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx }, - { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx }, - { OSSL_FUNC_CIPHER_KEY_LENGTH, (void (*)(void))key_length_256 }, - { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_get_params }, - { OSSL_FUNC_CIPHER_SET_PARAMS, (void (*)(void))aes_set_params }, - { 0, NULL } -}; - -const OSSL_DISPATCH aes192ecb_functions[] = { - { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_192_ecb_newctx }, - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit }, - { OSSL_FUNC_CIPHER_ENCRYPT_UPDATE, (void (*)(void))aes_update }, - { OSSL_FUNC_CIPHER_ENCRYPT_FINAL, (void (*)(void))aes_efinal }, - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit }, - { OSSL_FUNC_CIPHER_DECRYPT_UPDATE, (void (*)(void))aes_update }, - { OSSL_FUNC_CIPHER_DECRYPT_FINAL, (void (*)(void))aes_dfinal }, - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx }, - { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx }, - { OSSL_FUNC_CIPHER_KEY_LENGTH, (void (*)(void))key_length_192 }, - { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_get_params }, - { OSSL_FUNC_CIPHER_SET_PARAMS, (void (*)(void))aes_set_params }, - { 0, NULL } -}; - -const OSSL_DISPATCH aes128ecb_functions[] = { - { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_128_ecb_newctx }, - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit }, - { OSSL_FUNC_CIPHER_ENCRYPT_UPDATE, (void (*)(void))aes_update }, - { OSSL_FUNC_CIPHER_ENCRYPT_FINAL, (void (*)(void))aes_efinal }, - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit }, - { OSSL_FUNC_CIPHER_DECRYPT_UPDATE, (void (*)(void))aes_update }, - { OSSL_FUNC_CIPHER_DECRYPT_FINAL, (void (*)(void))aes_dfinal }, - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx }, - { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx }, - { OSSL_FUNC_CIPHER_KEY_LENGTH, (void (*)(void))key_length_128 }, - { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_get_params }, - { OSSL_FUNC_CIPHER_SET_PARAMS, (void (*)(void))aes_set_params }, - { 0, NULL } -}; +#define IMPLEMENT_funcs(mode, keylen, ivlen, blksz) \ + const OSSL_DISPATCH aes##keylen##mode##_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##keylen##_##mode##_newctx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_update }, \ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_cipher }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx }, \ + { OSSL_FUNC_CIPHER_KEY_LENGTH, (void (*)(void))key_length_##keylen }, \ + { OSSL_FUNC_CIPHER_IV_LENGTH, (void (*)(void))iv_length_##ivlen }, \ + { OSSL_FUNC_CIPHER_BLOCK_SIZE, (void (*)(void))block_size_##blksz }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_##mode##_get_params }, \ + { OSSL_FUNC_CIPHER_CTX_GET_PARAMS, (void (*)(void))aes_ctx_get_params }, \ + { OSSL_FUNC_CIPHER_CTX_SET_PARAMS, (void (*)(void))aes_ctx_set_params }, \ + { 0, NULL } \ + }; + +/* ECB */ + +IMPLEMENT_funcs(ecb, 256, 0, 16) +IMPLEMENT_funcs(ecb, 192, 0, 16) +IMPLEMENT_funcs(ecb, 128, 0, 16) + +/* CBC */ + +IMPLEMENT_funcs(cbc, 256, 16, 16) +IMPLEMENT_funcs(cbc, 192, 16, 16) +IMPLEMENT_funcs(cbc, 128, 16, 16) diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h index b03d4f43fc..bf5576e767 100644 --- a/providers/common/include/internal/provider_algs.h +++ b/providers/common/include/internal/provider_algs.h @@ -14,3 +14,6 @@ extern const OSSL_DISPATCH sha256_functions[]; extern const OSSL_DISPATCH aes256ecb_functions[]; extern const OSSL_DISPATCH aes192ecb_functions[]; extern const OSSL_DISPATCH aes128ecb_functions[]; +extern const OSSL_DISPATCH aes256cbc_functions[]; +extern const OSSL_DISPATCH aes192cbc_functions[]; +extern const OSSL_DISPATCH aes128cbc_functions[]; diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c index 1d98485253..298725aa97 100644 --- a/providers/default/defltprov.c +++ b/providers/default/defltprov.c @@ -59,6 +59,9 @@ static const OSSL_ALGORITHM deflt_ciphers[] = { { "AES-256-ECB", "default=yes", aes256ecb_functions }, { "AES-192-ECB", "default=yes", aes192ecb_functions }, { "AES-128-ECB", "default=yes", aes128ecb_functions }, + { "AES-256-CBC", "default=yes", aes256cbc_functions }, + { "AES-192-CBC", "default=yes", aes192cbc_functions }, + { "AES-128-CBC", "default=yes", aes128cbc_functions }, { NULL, NULL, NULL } }; diff --git a/util/libcrypto.num b/util/libcrypto.num index af5ad52475..b9be3490ec 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4798,3 +4798,4 @@ OSSL_PARAM_construct_end 4745 3_0_0 EXIST::FUNCTION: EC_GROUP_check_named_curve 4746 3_0_0 EXIST::FUNCTION:EC EVP_CIPHER_upref 4747 3_0_0 EXIST::FUNCTION: EVP_CIPHER_fetch 4748 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_mode 4749 3_0_0 EXIST::FUNCTION: |