diff options
| author | Richard Levitte <levitte@openssl.org> | 2019-09-25 08:56:14 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2019-10-01 22:51:00 +0200 |
| commit | c96399e296d9c280115d2ed9c129399c61b8edfc (patch) | |
| tree | ee16bbca01f961d999a8555bba334b36ab85fd9e /include | |
| parent | bbecf04e7861b6ab9ca1bd5ee5100bd49a347b4a (diff) | |
Adapt EVP_CIPHER_{param_to_asn1,asn1_to_param} for use with provider.
So far, these two funtions have depended on legacy EVP_CIPHER
implementations to be able to do their work. This change adapts them
to work with provided implementations as well, in one of two possible
ways:
1. If the implementation's set_asn1_parameters or get_asn1_parameters
function pointers are non-NULL, this is a legacy implementation,
and that function is called.
2. Otherwise, if the cipher doesn't have EVP_CIPH_FLAG_CUSTOM_ASN1
set, the default AlgorithmIdentifier parameter code in libcrypto
is executed.
3. Otherwise, if the cipher is a provided implementation, the ASN1
type structure is converted to a DER blob which is then passed to
the implementation as a parameter (param_to_asn1) or the DER blob
is retrieved from the implementation as a parameter and converted
locally to a ASN1_TYPE (asn1_to_param).
With this, the old flag EVP_CIPH_FLAG_DEFAULT_ASN1 has become
irrelevant and is simply ignored.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10008)
Diffstat (limited to 'include')
| -rw-r--r-- | include/openssl/core_names.h | 2 | ||||
| -rw-r--r-- | include/openssl/evp.h | 7 |
2 files changed, 7 insertions, 2 deletions
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 6656a7fb43..4659d1f08d 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -66,6 +66,8 @@ extern "C" { #define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN #define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen" /* size_t */ #define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey" /* octet_string */ +/* For passing the AlgorithmIdentifier parameter in DER form */ +#define OSSL_CIPHER_PARAM_ALG_ID "alg_id_param" /* octet_string */ /* digest parameters */ #define OSSL_DIGEST_PARAM_XOFLEN "xoflen" /* size_t */ diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 407162f3f0..fd9855d380 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -275,8 +275,9 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, # define EVP_CIPH_CUSTOM_COPY 0x400 /* Don't use standard iv length function */ # define EVP_CIPH_CUSTOM_IV_LENGTH 0x800 -/* Allow use default ASN1 get/set iv */ -# define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 +/* Legacy and no longer relevant: Allow use default ASN1 get/set iv */ +# define EVP_CIPH_FLAG_DEFAULT_ASN1 0 +/* Free: 0x1000 */ /* Buffer length in bits not bytes: CFB1 mode only */ # define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 /* Note if suitable for use in FIPS mode */ @@ -291,6 +292,8 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, # define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 /* Cipher can handle pipeline operations */ # define EVP_CIPH_FLAG_PIPELINE 0X800000 +/* For provider implementations that handle ASN1 get/set param themselves */ +# define EVP_CIPH_FLAG_CUSTOM_ASN1 0x1000000 /* * Cipher context flag to indicate we can handle wrap mode: if allowed in |