diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-06-08 14:33:27 +1000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-07-15 23:11:50 +0200 |
| commit | 7cc355c2e4e081dca3c6c345a75a2ab16800c807 (patch) | |
| tree | af03550512bc59ca961934e9009c6c8fd4be5656 /include | |
| parent | c35b8535768e22cd3b7743f4887a72e53a621a5f (diff) | |
Add AES_CBC_CTS ciphers to providers
Added Algorithm names AES-128-CBC-CTS, AES-192-CBC-CTS and AES-256-CBC-CTS.
CS1, CS2 and CS3 variants are supported.
Only single shot updates are supported.
The cipher returns the mode EVP_CIPH_CBC_MODE (Internally it shares the aes_cbc cipher code). This
would allow existing code that uses AES_CBC to switch to the CTS variant without breaking code that
tests for this mode. Because it shares the aes_cbc code the cts128.c functions could not be used directly.
The cipher returns the flag EVP_CIPH_FLAG_CTS.
EVP_CIPH_FLAG_FIPS & EVP_CIPH_FLAG_NON_FIPS_ALLOW have been deprecated.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12094)
Diffstat (limited to 'include')
| -rw-r--r-- | include/openssl/core_names.h | 6 | ||||
| -rw-r--r-- | include/openssl/evp.h | 10 |
2 files changed, 12 insertions, 4 deletions
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 9ad81337c3..702ee6a6ed 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -66,6 +66,7 @@ extern "C" { #define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey" /* octet_string */ #define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits" /* size_t */ #define OSSL_CIPHER_PARAM_SPEED "speed" /* uint */ +#define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode" /* utf8_string */ /* For passing the AlgorithmIdentifier parameter in DER form */ #define OSSL_CIPHER_PARAM_ALG_ID "alg_id_param" /* octet_string */ @@ -86,6 +87,11 @@ extern "C" { #define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN \ "tls1multi_enclen" /* size_t */ +/* OSSL_CIPHER_PARAM_CTS_MODE Values */ +#define OSSL_CIPHER_CTS_MODE_CS1 "CS1" +#define OSSL_CIPHER_CTS_MODE_CS2 "CS2" +#define OSSL_CIPHER_CTS_MODE_CS3 "CS3" + /* digest parameters */ #define OSSL_DIGEST_PARAM_XOFLEN "xoflen" /* size_t */ #define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms" /* octet string */ diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 644a214a6e..85a939b5c3 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -287,13 +287,15 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, /* Free: 0x1000 */ /* Buffer length in bits not bytes: CFB1 mode only */ # define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 -/* Note if suitable for use in FIPS mode */ -# define EVP_CIPH_FLAG_FIPS 0x4000 -/* Allow non FIPS cipher in FIPS mode */ -# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000 +/* Deprecated FIPS flag: was 0x4000 */ +# define EVP_CIPH_FLAG_FIPS 0 +/* Deprecated FIPS flag: was 0x8000 */ +# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0 + /* * Cipher handles any and all padding logic as well as finalisation. */ +# define EVP_CIPH_FLAG_CTS 0x4000 # define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 # define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 # define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 |