diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2019-07-31 21:55:16 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2019-07-31 21:55:16 +1000 |
commit | a672a02a6443a29aa368c0d8abeebc809c1a9f28 (patch) | |
tree | 4148c9b4b3b8442961818740660607db38efc126 /crypto | |
parent | f5b7f99e690b1875e6d047acc435f0029642bfeb (diff) |
Add gcm ciphers (aes and aria) to providers.
The code has been modularized so that it can be shared by algorithms.
A fixed size IV is now used instead of being allocated.
The IV is not set into the low level struct now until the update (it uses an
iv_state for this purpose).
Hardware specific methods have been added to a PROV_GCM_HW object.
The S390 code has been changed to just contain methods that can be accessed in
a modular way. There are equivalent generic methods also for the other
platforms.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/9231)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/err/openssl.txt | 3 | ||||
-rw-r--r-- | crypto/evp/evp_enc.c | 8 | ||||
-rw-r--r-- | crypto/evp/evp_lib.c | 8 | ||||
-rw-r--r-- | crypto/modes/build.info | 4 |
4 files changed, 19 insertions, 4 deletions
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 6b52193895..caa47324bf 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2694,7 +2694,10 @@ PROV_R_BAD_DECRYPT:100:bad decrypt PROV_R_CIPHER_OPERATION_FAILED:102:cipher operation failed PROV_R_FAILED_TO_GET_PARAMETER:103:failed to get parameter PROV_R_FAILED_TO_SET_PARAMETER:104:failed to set parameter +PROV_R_INVALID_AAD:108:invalid aad +PROV_R_INVALID_IVLEN:109:invalid ivlen PROV_R_INVALID_KEYLEN:105:invalid keylen +PROV_R_INVALID_TAG:110:invalid tag PROV_R_OUTPUT_BUFFER_TOO_SMALL:106:output buffer too small PROV_R_WRONG_FINAL_BLOCK_LENGTH:107:wrong final block length RAND_R_ADDITIONAL_INPUT_TOO_LONG:102:additional input too long diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 8f5175b525..87c7bb0995 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -163,6 +163,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, case NID_aes_256_ctr: case NID_aes_192_ctr: case NID_aes_128_ctr: + case NID_aes_256_gcm: + case NID_aes_192_gcm: + case NID_aes_128_gcm: + case NID_aria_256_gcm: + case NID_aria_192_gcm: + case NID_aria_128_gcm: break; default: goto legacy; diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index e6daf684be..d112eaf65a 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -315,7 +315,13 @@ int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) { - return EVP_CIPHER_iv_length(ctx->cipher); + int ok, v = EVP_CIPHER_iv_length(ctx->cipher); + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_IVLEN, &v); + ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); + + return ok != 0 ? v : -1; } const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx) diff --git a/crypto/modes/build.info b/crypto/modes/build.info index 81525a9916..a93586690c 100644 --- a/crypto/modes/build.info +++ b/crypto/modes/build.info @@ -48,9 +48,9 @@ IF[{- !$disabled{asm} -}] ENDIF ENDIF -$COMMON=cbc128.c ctr128.c cfb128.c ofb128.c $MODESASM +$COMMON=cbc128.c ctr128.c cfb128.c ofb128.c gcm128.c $MODESASM SOURCE[../../libcrypto]=$COMMON \ - cts128.c gcm128.c ccm128.c xts128.c wrap128.c ocb128.c siv128.c + cts128.c ccm128.c xts128.c wrap128.c ocb128.c siv128.c DEFINE[../../libcrypto]=$MODESDEF SOURCE[../../providers/fips]=$COMMON DEFINE[../../providers/fips]=$MODESDEF |