diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-12-17 16:39:57 +1000 |
|---|---|---|
| committer | Pauli <ppzgs1@gmail.com> | 2021-02-10 12:31:31 +1000 |
| commit | a054d15c22c501d33e1382bb09ba80bac08c2738 (patch) | |
| tree | f2d07cdf81f61c778816ef9ee4248d9777ee43b8 | |
| parent | 36978c19a9a5bfd514b1c6f9db66fda4b39ed2c3 (diff) | |
Replace provider cipher flags with separate param fields
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13830)
28 files changed, 191 insertions, 129 deletions
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 2febcfc2d5..3237683797 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -333,29 +333,41 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx) int evp_cipher_cache_constants(EVP_CIPHER *cipher) { - int ok; + int ok, aead = 0, custom_iv = 0, cts = 0, multiblock = 0; size_t ivlen = 0; size_t blksz = 0; size_t keylen = 0; unsigned int mode = 0; - unsigned long flags = 0; - OSSL_PARAM params[6]; + OSSL_PARAM params[9]; params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, &blksz); params[1] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &ivlen); params[2] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &keylen); params[3] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_MODE, &mode); - params[4] = OSSL_PARAM_construct_ulong(OSSL_CIPHER_PARAM_FLAGS, &flags); - params[5] = OSSL_PARAM_construct_end(); + params[4] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_AEAD, &aead); + params[5] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_CUSTOM_IV, + &custom_iv); + params[6] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_CTS, &cts); + params[7] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK, + &multiblock); + params[8] = OSSL_PARAM_construct_end(); ok = evp_do_ciph_getparams(cipher, params); if (ok) { - /* Provided implementations may have a custom cipher_cipher */ - if (cipher->prov != NULL && cipher->ccipher != NULL) - flags |= EVP_CIPH_FLAG_CUSTOM_CIPHER; cipher->block_size = blksz; cipher->iv_len = ivlen; cipher->key_len = keylen; - cipher->flags = flags | mode; + cipher->flags = mode; + if (aead) + cipher->flags |= EVP_CIPH_FLAG_AEAD_CIPHER; + if (custom_iv) + cipher->flags |= EVP_CIPH_CUSTOM_IV; + if (cts) + cipher->flags |= EVP_CIPH_FLAG_CTS; + if (multiblock) + cipher->flags |= EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK; + /* Provided implementations may have a custom cipher_cipher */ + if (cipher->prov != NULL && cipher->ccipher != NULL) + cipher->flags |= EVP_CIPH_FLAG_CUSTOM_CIPHER; } return ok; } @@ -686,11 +698,6 @@ const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md) return md->prov; } -int EVP_MD_block_size(const EVP_MD *md) -{ - return md->block_size; -} - int EVP_MD_type(const EVP_MD *md) { return md->type; @@ -701,6 +708,15 @@ int EVP_MD_pkey_type(const EVP_MD *md) return md->pkey_type; } +int EVP_MD_block_size(const EVP_MD *md) +{ + if (md == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_MESSAGE_DIGEST_IS_NULL); + return -1; + } + return md->block_size; +} + int EVP_MD_size(const EVP_MD *md) { if (md == NULL) { @@ -715,6 +731,30 @@ unsigned long EVP_MD_flags(const EVP_MD *md) return md->flags; } +int evp_md_cache_constants(EVP_MD *md) +{ + int ok, xof = 0, algid_absent = 0; + size_t sz = 0, blksz = 0; + OSSL_PARAM params[5]; + + params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_BLOCK_SIZE, &blksz); + params[1] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &sz); + params[2] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_XOF, &xof); + params[3] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_ALGID_ABSENT, + &algid_absent); + params[4] = OSSL_PARAM_construct_end(); + ok = evp_do_md_getparams(md, params); + if (ok) { + md->block_size = blksz; + md->md_size = sz; + if (xof) + md->flags |= EVP_MD_FLAG_XOF; + if (algid_absent) + md->flags |= EVP_MD_FLAG_DIGALGID_ABSENT; + } + return ok; +} + EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type) { EVP_MD *md = evp_md_new(); diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod index 3ab277ecf9..34a5ec0a7f 100644 --- a/doc/man7/provider-cipher.pod +++ b/doc/man7/provider-cipher.pod @@ -218,13 +218,27 @@ For example AES in CTR mode has a block size of 1 (because it operates like a stream cipher), even though AES has a block size of 16. The length of the "blocksize" parameter should not exceed that of a B<size_t>. -=item "flags" (B<OSSL_CIPHER_PARAM_FLAGS>) <unsigned integer> +=item "aead" (B<OSSL_CIPHER_PARAM_AEAD>) <integer> -Gets any flags for the associated cipher algorithm. -See L<EVP_CIPHER_meth_set_flags(3)> for a list of currently defined cipher -flags. -The length of the "flags" parameter should equal that of an -B<unsigned long int>. +Gets 1 if this is an AEAD cipher algorithm, otherwise it gets 0. + +=item "custom-iv" (B<OSSL_CIPHER_PARAM_CUSTOM_IV>) <integer> + +Gets 1 if the cipher algorithm has a custom IV, otherwise it gets 0. +Storing and initializing the IV is left entirely to the implementation, if a +custom IV is used. + +=item "cts" (B<OSSL_CIPHER_PARAM_CTS>) <integer> + +Gets 1 if the cipher algorithm uses ciphertext stealing, otherwise it gets 0. +This is currently used to indicate that the cipher is a one shot that only +allows a single call to EVP_CipherUpdate(). + +=item "tls-multi" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK>) <integer> + +Gets 1 if the cipher algorithm supports interleaving of crypto blocks, otherwise +it gets 0. The interleaving is an optimization only applicable to certain +TLS ciphers. =item "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>) <unsigned integer> @@ -263,7 +277,7 @@ See L<EVP_EncryptInit(3)/AEAD Interface>. =item "taglen" (B<OSSL_CIPHER_PARAM_AEAD_TAGLEN>) <unsigned integer> Gets the tag length to be used for an AEAD cipher for the associated cipher ctx. -It returns a default value if it has not been set. +It gets a default value if it has not been set. The length of the "taglen" parameter should not exceed that of a B<size_t>. =item "tlsaad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD>) <octet string> diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 4c4b0ab700..ff2d1a03f9 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -69,7 +69,10 @@ extern "C" { #define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size" /* size_t */ #define OSSL_CIPHER_PARAM_MODE "mode" /* uint */ #define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" /* size_t */ -#define OSSL_CIPHER_PARAM_FLAGS "flags" /* ulong */ +#define OSSL_CIPHER_PARAM_AEAD "aead" /* int, 0 or 1 */ +#define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv" /* int, 0 or 1 */ +#define OSSL_CIPHER_PARAM_CTS "cts" /* int, 0 or 1 */ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi" /* int, 0 or 1 */ #define OSSL_CIPHER_PARAM_KEYLEN "keylen" /* size_t */ #define OSSL_CIPHER_PARAM_IVLEN "ivlen" /* size_t */ #define OSSL_CIPHER_PARAM_IV "iv" /* octet_string OR octet_ptr */ @@ -115,13 +118,14 @@ extern "C" { #define OSSL_CIPHER_CTS_MODE_CS3 "CS3" /* digest parameters */ -#define OSSL_DIGEST_PARAM_XOFLEN "xoflen" /* size_t */ -#define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms" /* octet string */ -#define OSSL_DIGEST_PARAM_PAD_TYPE "pad_type" /* uint */ -#define OSSL_DIGEST_PARAM_MICALG "micalg" /* utf8 string */ -#define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize" /* size_t */ -#define OSSL_DIGEST_PARAM_SIZE "size" /* size_t */ -#define OSSL_DIGEST_PARAM_FLAGS "flags" /* ulong */ +#define OSSL_DIGEST_PARAM_XOFLEN "xoflen" /* size_t */ +#define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms" /* octet string */ +#define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type" /* uint */ +#define OSSL_DIGEST_PARAM_MICALG "micalg" /* utf8 string */ +#define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize" /* size_t */ +#define OSSL_DIGEST_PARAM_SIZE "size" /* size_t */ +#define OSSL_DIGEST_PARAM_XOF "xof" /* int, 0 or 1 */ +#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent" /* int, 0 or 1 */ /* Known DIGEST names (not a complete list) */ #define OSSL_DIGEST_NAME_MD5 "MD5" diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c index 53bef600a5..03f216d22e 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c @@ -30,11 +30,8 @@ const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = { \ #else # include "prov/providercommonerr.h" -/* TODO(3.0) Figure out what flags are required */ -# define AES_CBC_HMAC_SHA_FLAGS (EVP_CIPH_CBC_MODE \ - | EVP_CIPH_FLAG_DEFAULT_ASN1 \ - | EVP_CIPH_FLAG_AEAD_CIPHER \ - | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) +# define AES_CBC_HMAC_SHA_FLAGS (PROV_CIPHER_FLAG_AEAD \ + | PROV_CIPHER_FLAG_TLS1_MULTIBLOCK) static OSSL_FUNC_cipher_freectx_fn aes_cbc_hmac_sha1_freectx; static OSSL_FUNC_cipher_freectx_fn aes_cbc_hmac_sha256_freectx; diff --git a/providers/implementations/ciphers/cipher_aes_cts.inc b/providers/implementations/ciphers/cipher_aes_cts.inc index 6eb85a083f..dae112febf 100644 --- a/providers/implementations/ciphers/cipher_aes_cts.inc +++ b/providers/implementations/ciphers/cipher_aes_cts.inc @@ -12,6 +12,8 @@ #include "cipher_aes_cts.h" #include "prov/providercommonerr.h" +#define AES_CTS_FLAGS PROV_CIPHER_FLAG_CTS + static OSSL_FUNC_cipher_get_ctx_params_fn aes_cbc_cts_get_ctx_params; static OSSL_FUNC_cipher_set_ctx_params_fn aes_cbc_cts_set_ctx_params; static OSSL_FUNC_cipher_gettable_ctx_params_fn aes_cbc_cts_gettable_ctx_params; @@ -101,8 +103,8 @@ const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_cts_functions[] = { \ }; /* ossl_aes256cbc_cts_functions */ -IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, EVP_CIPH_FLAG_CTS, 256, 128, 128, block) +IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 256, 128, 128, block) /* ossl_aes192cbc_cts_functions */ -IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, EVP_CIPH_FLAG_CTS, 192, 128, 128, block) +IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 192, 128, 128, block) /* ossl_aes128cbc_cts_functions */ -IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, EVP_CIPH_FLAG_CTS, 128, 128, 128, block) +IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 128, 128, 128, block) diff --git a/providers/implementations/ciphers/cipher_aes_siv.c b/providers/implementations/ciphers/cipher_aes_siv.c index 7a83506c24..469515bb8c 100644 --- a/providers/implementations/ciphers/cipher_aes_siv.c +++ b/providers/implementations/ciphers/cipher_aes_siv.c @@ -37,7 +37,6 @@ static void *aes_siv_newctx(void *provctx, size_t keybits, unsigned int mode, if (ctx != NULL) { ctx->taglen = SIV_LEN; ctx->mode = mode; - ctx->flags = flags; ctx->keylen = keybits / 8; ctx->hw = ossl_prov_cipher_hw_aes_siv(keybits); ctx->libctx = PROV_LIBCTX_OF(provctx); @@ -259,7 +258,7 @@ static OSSL_FUNC_cipher_settable_ctx_params_fn \ static int alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[]) \ { \ return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, 2*kbits, blkbits, ivbits); \ + flags, 2*kbits, blkbits, ivbits); \ } \ static void * alg##kbits##lc##_newctx(void *provctx) \ { \ diff --git a/providers/implementations/ciphers/cipher_aes_siv.h b/providers/implementations/ciphers/cipher_aes_siv.h index 6d2649f049..c0b2a903bc 100644 --- a/providers/implementations/ciphers/cipher_aes_siv.h +++ b/providers/implementations/ciphers/cipher_aes_siv.h @@ -24,7 +24,6 @@ typedef struct prov_cipher_hw_aes_siv_st { typedef struct prov_siv_ctx_st { unsigned int mode; /* The mode that we are using */ unsigned int enc : 1; /* Set to 1 if we are encrypting or 0 otherwise */ - uint64_t flags; size_t keylen; /* The input keylength (twice the alg key length) */ size_t taglen; /* the taglen is the same as the sivlen */ SIV128_CONTEXT siv; diff --git a/providers/implementations/ciphers/cipher_aes_wrp.c b/providers/implementations/ciphers/cipher_aes_wrp.c index ca57666e7a..dc625216ca 100644 --- a/providers/implementations/ciphers/cipher_aes_wrp.c +++ b/providers/implementations/ciphers/cipher_aes_wrp.c @@ -22,10 +22,8 @@ #define AES_WRAP_PAD_IVLEN 4 #define AES_WRAP_NOPAD_IVLEN 8 -/* TODO(3.0) Figure out what flags need to be passed */ -#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV \ - | EVP_CIPH_ALWAYS_CALL_INIT) -#define WRAP_FLAGS_INV (WRAP_FLAGS | EVP_CIPH_FLAG_INVERSE_CIPHER) +#define WRAP_FLAGS (PROV_CIPHER_FLAG_CUSTOM_IV) +#define WRAP_FLAGS_INV (WRAP_FLAGS | PROV_CIPHER_FLAG_INVERSE_CIPHER) typedef size_t (*aeswrap_fn)(void *key, const unsigned char *iv, unsigned char *out, const unsigned char *in, @@ -111,7 +109,7 @@ static int aes_wrap_init(void *vctx, const unsigned char *key, * to be the AES decryption function, then CIPH-1K will be the AES * encryption function. */ - if ((ctx->flags & EVP_CIPH_FLAG_INVERSE_CIPHER) == 0) + if (ctx->inverse_cipher == 0) use_forward_transform = ctx->enc; else use_forward_transform = !ctx->enc; diff --git a/providers/implementations/ciphers/cipher_aes_xts.c b/providers/implementations/ciphers/cipher_aes_xts.c index 7ccad56198..cf768d27d4 100644 --- a/providers/implementations/ciphers/cipher_aes_xts.c +++ b/providers/implementations/ciphers/cipher_aes_xts.c @@ -20,12 +20,7 @@ #include "prov/providercommon.h" #include "prov/providercommonerr.h" -/* TODO (3.0) Figure out what flags need to be set */ -#define AES_XTS_FLAGS (EVP_CIPH_CUSTOM_IV \ - | EVP_CIPH_ALWAYS_CALL_INIT \ - | EVP_CIPH_CTRL_INIT \ - | EVP_CIPH_CUSTOM_COPY) - +#define AES_XTS_FLAGS PROV_CIPHER_FLAG_CUSTOM_IV #define AES_XTS_IV_BITS 128 #define AES_XTS_BLOCK_BITS 8 @@ -233,10 +228,6 @@ static int aes_xts_set_ctx_params(void *vctx, const OSSL_PARAM params[]) PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; const OSSL_PARAM *p; - /* - * TODO(3.0) We need a general solution for handling missing parameters - * inside set_params and get_params methods. - */ p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); if (p != NULL) { size_t keylen; diff --git a/providers/implementations/ciphers/cipher_blowfish.c b/providers/implementations/ciphers/cipher_blowfish.c index 6320f560a0..cf303bb863 100644 --- a/providers/implementations/ciphers/cipher_blowfish.c +++ b/providers/implementations/ciphers/cipher_blowfish.c @@ -19,7 +19,7 @@ #include "prov/implementations.h" #include "prov/providercommon.h" -#define BF_FLAGS (EVP_CIPH_VARIABLE_LENGTH) +#define BF_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH static OSSL_FUNC_cipher_freectx_fn blowfish_freectx; static OSSL_FUNC_cipher_dupctx_fn blowfish_dupctx; diff --git a/providers/implementations/ciphers/cipher_cast5.c b/providers/implementations/ciphers/cipher_cast5.c index 7c686013d8..1d525343b4 100644 --- a/providers/implementations/ciphers/cipher_cast5.c +++ b/providers/implementations/ciphers/cipher_cast5.c @@ -20,7 +20,7 @@ #include "prov/providercommon.h" #include "prov/providercommonerr.h" -#define CAST5_FLAGS (EVP_CIPH_VARIABLE_LENGTH) +#define CAST5_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH static OSSL_FUNC_cipher_freectx_fn cast5_freectx; static OSSL_FUNC_cipher_dupctx_fn cast5_dupctx; diff --git a/providers/implementations/ciphers/cipher_chacha20.c b/providers/implementations/ciphers/cipher_chacha20.c index 8e0727ae47..b2fe1b1957 100644 --- a/providers/implementations/ciphers/cipher_chacha20.c +++ b/providers/implementations/ciphers/cipher_chacha20.c @@ -17,8 +17,7 @@ #define CHACHA20_KEYLEN (CHACHA_KEY_SIZE) #define CHACHA20_BLKLEN (1) #define CHACHA20_IVLEN (CHACHA_CTR_SIZE) -/* TODO(3.0) Figure out what flags are required */ -#define CHACHA20_FLAGS (EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT) +#define CHACHA20_FLAGS (PROV_CIPHER_FLAG_CUSTOM_IV) static OSSL_FUNC_cipher_newctx_fn chacha20_newctx; static OSSL_FUNC_cipher_freectx_fn chacha20_freectx; diff --git a/providers/implementations/ciphers/cipher_chacha20_poly1305.c b/providers/implementations/ciphers/cipher_chacha20_poly1305.c index 7a9cc5c20f..919d4fba94 100644 --- a/providers/implementations/ciphers/cipher_chacha20_poly1305.c +++ b/providers/implementations/ciphers/cipher_chacha20_poly1305.c @@ -19,14 +19,8 @@ #define CHACHA20_POLY1305_BLKLEN 1 #define CHACHA20_POLY1305_MAX_IVLEN 12 #define CHACHA20_POLY1305_MODE 0 -/* TODO(3.0) Figure out what flags are required */ -#define CHACHA20_POLY1305_FLAGS (EVP_CIPH_FLAG_AEAD_CIPHER \ - | EVP_CIPH_ALWAYS_CALL_INIT \ - | EVP_CIPH_CTRL_INIT \ - | EVP_CIPH_CUSTOM_COPY \ - | EVP_CIPH_FLAG_CUSTOM_CIPHER \ - | EVP_CIPH_CUSTOM_IV \ - | EVP_CIPH_CUSTOM_IV_LENGTH) +#define CHACHA20_POLY1305_FLAGS (PROV_CIPHER_FLAG_AEAD \ + | PROV_CIPHER_FLAG_CUSTOM_IV) static OSSL_FUNC_cipher_newctx_fn chacha20_poly1305_newctx; static OSSL_FUNC_cipher_freectx_fn chacha20_poly1305_freectx; diff --git a/providers/implementations/ciphers/cipher_des.c b/providers/implementations/ciphers/cipher_des.c index 345adfab60..ec186445c8 100644 --- a/providers/implementations/ciphers/cipher_des.c +++ b/providers/implementations/ciphers/cipher_des.c @@ -20,8 +20,7 @@ #include "prov/providercommon.h" #include "prov/providercommonerr.h" -/* TODO(3.0) Figure out what flags need to be here */ -#define DES_FLAGS (EVP_CIPH_RAND_KEY) +#define DES_FLAGS 0 static OSSL_FUNC_cipher_freectx_fn des_freectx; static OSSL_FUNC_cipher_encrypt_init_fn des_einit; diff --git a/providers/implementations/ciphers/cipher_des.h b/providers/implementations/ciphers/cipher_des.h index aedb38177e..78ca686bad 100644 --- a/providers/implementations/ciphers/cipher_des.h +++ b/providers/implementations/ciphers/cipher_des.h @@ -10,8 +10,7 @@ #include <openssl/des.h> #include "crypto/des_platform.h" -/* TODO(3.0) Figure out what flags need to be here */ -#define TDES_FLAGS (EVP_CIPH_RAND_KEY) +#define TDES_FLAGS 0 typedef struct prov_des_ctx_st { PROV_CIPHER_CTX base; /* Must be first */ diff --git a/providers/implementations/ciphers/cipher_rc2.c b/providers/implementations/ciphers/cipher_rc2.c index b7c244f245..09d66b2cdd 100644 --- a/providers/implementations/ciphers/cipher_rc2.c +++ b/providers/implementations/ciphers/cipher_rc2.c @@ -23,6 +23,7 @@ #define RC2_40_MAGIC 0xa0 #define RC2_64_MAGIC 0x78 #define RC2_128_MAGIC 0x3a +#define RC2_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH static OSSL_FUNC_cipher_freectx_fn rc2_freectx; static OSSL_FUNC_cipher_dupctx_fn rc2_dupctx; @@ -242,15 +243,15 @@ const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_functions[] = { \ }; /* ossl_rc2128ecb_functions */ -IMPLEMENT_cipher(rc2, RC2, ecb, ECB, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 0, block) +IMPLEMENT_cipher(rc2, RC2, ecb, ECB, RC2_FLAGS, 128, 64, 0, block) /* ossl_rc2128cbc_functions */ -IMPLEMENT_cipher(rc2, RC2, cbc, CBC, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 64, block) +IMPLEMENT_cipher(rc2, RC2, cbc, CBC, RC2_FLAGS, 128, 64, 64, block) /* ossl_rc240cbc_functions */ -IMPLEMENT_cipher(rc2, RC2, cbc, CBC, EVP_CIPH_VARIABLE_LENGTH, 40, 64, 64, block) +IMPLEMENT_cipher(rc2, RC2, cbc, CBC, RC2_FLAGS, 40, 64, 64, block) /* ossl_rc264cbc_functions */ -IMPLEMENT_cipher(rc2, RC2, cbc, CBC, EVP_CIPH_VARIABLE_LENGTH, 64, 64, 64, block) +IMPLEMENT_cipher(rc2, RC2, cbc, CBC, RC2_FLAGS, 64, 64, 64, block) /* ossl_rc2128ofb128_functions */ -IMPLEMENT_cipher(rc2, RC2, ofb128, OFB, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 64, stream) +IMPLEMENT_cipher(rc2, RC2, ofb128, OFB, RC2_FLAGS, 128, 8, 64, stream) /* ossl_rc2128cfb128_functions */ -IMPLEMENT_cipher(rc2, RC2, cfb128, CFB, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 64, stream) +IMPLEMENT_cipher(rc2, RC2, cfb128, CFB, RC2_FLAGS, 128, 8, 64, stream) diff --git a/providers/implementations/ciphers/cipher_rc4.c b/providers/implementations/ciphers/cipher_rc4.c index 91644fca59..18233bbac1 100644 --- a/providers/implementations/ciphers/cipher_rc4.c +++ b/providers/implementations/ciphers/cipher_rc4.c @@ -19,8 +19,7 @@ #include "prov/implementations.h" #include "prov/providercommon.h" -/* TODO (3.0) Figure out what flags are required */ -#define RC4_FLAGS EVP_CIPH_FLAG_DEFAULT_ASN1 +#define RC4_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH static OSSL_FUNC_cipher_freectx_fn rc4_freectx; static OSSL_FUNC_cipher_dupctx_fn rc4_dupctx; @@ -97,6 +96,6 @@ const OSSL_DISPATCH ossl_##alg##kbits##_functions[] = { \ }; /* ossl_rc440_functions */ -IMPLEMENT_cipher(rc4, RC4, EVP_CIPH_VARIABLE_LENGTH, 40, 8, 0, stream) +IMPLEMENT_cipher(rc4, RC4, RC4_FLAGS, 40, 8, 0, stream) /* ossl_rc4128_functions */ -IMPLEMENT_cipher(rc4, RC4, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 0, stream) +IMPLEMENT_cipher(rc4, RC4, RC4_FLAGS, 128, 8, 0, stream) diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c index 9dc9615c04..b757197110 100644 --- a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c +++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c @@ -20,9 +20,8 @@ #include "prov/providercommon.h" #include "prov/providercommonerr.h" -/* TODO(3.0) Figure out what flags are required */ -#define RC4_HMAC_MD5_FLAGS (EVP_CIPH_STREAM_CIPHER | EVP_CIPH_VARIABLE_LENGTH \ - | EVP_CIPH_FLAG_AEAD_CIPHER) +#define RC4_HMAC_MD5_FLAGS (PROV_CIPHER_FLAG_VARIABLE_LENGTH \ + | PROV_CIPHER_FLAG_AEAD) #define RC4_HMAC_MD5_KEY_BITS (16 * 8) #define RC4_HMAC_MD5_BLOCK_BITS (1 * 8) @@ -183,10 +182,10 @@ static int rc4_hmac_md5_set_ctx_params(void *vctx, const OSSL_PARAM params[]) static int rc4_hmac_md5_get_params(OSSL_PARAM params[]) { return ossl_cipher_generic_get_params(params, RC4_HMAC_MD5_MODE, - RC4_HMAC_MD5_FLAGS, - RC4_HMAC_MD5_KEY_BITS, - RC4_HMAC_MD5_BLOCK_BITS, - RC4_HMAC_MD5_IV_BITS); + RC4_HMAC_MD5_FLAGS, + RC4_HMAC_MD5_KEY_BITS, + RC4_HMAC_MD5_BLOCK_BITS, + RC4_HMAC_MD5_IV_BITS); } const OSSL_DISPATCH ossl_rc4_hmac_ossl_md5_functions[] = { diff --git a/providers/implementations/ciphers/cipher_rc5.c b/providers/implementations/ciphers/cipher_rc5.c index 80de5f4bdd..ec408ed885 100644 --- a/providers/implementations/ciphers/cipher_rc5.c +++ b/providers/implementations/ciphers/cipher_rc5.c @@ -20,6 +20,8 @@ #include "prov/providercommon.h" #include "prov/providercommonerr.h" +#define RC5_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH + static OSSL_FUNC_cipher_freectx_fn rc5_freectx; static OSSL_FUNC_cipher_dupctx_fn rc5_dupctx; OSSL_FUNC_cipher_gettable_ctx_params_fn rc5_gettable_ctx_params; @@ -153,10 +155,10 @@ const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_functions[] = { \ }; /* ossl_rc5128ecb_functions */ -IMPLEMENT_cipher(rc5, RC5, ecb, ECB, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 0, block) +IMPLEMENT_cipher(rc5, RC5, ecb, ECB, RC5_FLAGS, 128, 64, 0, block) /* ossl_rc5128cbc_functions */ -IMPLEMENT_cipher(rc5, RC5, cbc, CBC, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 64, block) +IMPLEMENT_cipher(rc5, RC5, cbc, CBC, RC5_FLAGS, 128, 64, 64, block) /* ossl_rc5128ofb64_functions */ -IMPLEMENT_cipher(rc5, RC5, ofb64, OFB, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 64, stream) +IMPLEMENT_cipher(rc5, RC5, ofb64, OFB, RC5_FLAGS, 128, 8, 64, stream) /* ossl_rc5128cfb64_functions */ -IMPLEMENT_cipher(rc5, RC5, cfb64, CFB, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 64, stream) +IMPLEMENT_cipher(rc5, RC5, cfb64, CFB, RC5_FLAGS, 128, 8, 64, stream) diff --git a/providers/implementations/ciphers/cipher_tdes.c b/providers/implementations/ciphers/cipher_tdes.c index c9fb1ceda7..a2855af481 100644 --- a/providers/implementations/ciphers/cipher_tdes.c +++ b/providers/implementations/ciphers/cipher_tdes.c @@ -20,7 +20,7 @@ #include "prov/providercommonerr.h" /* - * TODO(3.0) - ECB mode does not use an IV - but existing test code is setting + * NOTE: ECB mode does not use an IV - but existing test code is setting * an IV. Fixing this could potentially make applications break. */ /* ossl_tdes_ede3_ecb_functions */ diff --git a/providers/implementations/ciphers/cipher_tdes.h b/providers/implementations/ciphers/cipher_tdes.h index 081a00fffa..9bef908cc3 100644 --- a/providers/implementations/ciphers/cipher_tdes.h +++ b/providers/implementations/ciphers/cipher_tdes.h @@ -13,9 +13,7 @@ #define DES_BLOCK_SIZE 8 #define TDES_IVLEN 8 - -/* TODO(3.0) Figure out what flags need to be here */ -#define TDES_FLAGS (EVP_CIPH_RAND_KEY) +#define TDES_FLAGS 0 typedef struct prov_tdes_ctx_st { PROV_CIPHER_CTX base; /* Must be first */ diff --git a/providers/implementations/ciphers/cipher_tdes_default_hw.c b/providers/implementations/ciphers/cipher_tdes_default_hw.c index b7c7ea11f7..77b08ebbe1 100644 --- a/providers/implementations/ciphers/cipher_tdes_default_hw.c +++ b/providers/implementations/ciphers/cipher_tdes_default_hw.c @@ -101,7 +101,7 @@ static int ossl_cipher_hw_tdes_cfb1(PROV_CIPHER_CTX *ctx, unsigned char *out, size_t n; unsigned char c[1], d[1]; - if ((ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) == 0) + if (ctx->use_bits == 0 |