diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2021-06-03 19:09:38 +1000 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2021-06-08 15:16:06 +1000 |
| commit | f41fd10d90fb5202f4c05f8842b4a4f25afd51d0 (patch) | |
| tree | 09106bd79af443731ff67bee224ec5609d632c7a /providers/implementations/ciphers | |
| parent | 5135a9bd9280301a24640a6bf5125c144e28cfdd (diff) | |
Add a gettable for provider ciphers to return the EVP_CIPH_RAND_KEY flag
Fixes #15531
DES and TDES set this flag which could possibly be used by applications.
The gettable cipher param OSSL_CIPHER_PARAM_HAS_RAND_KEY has been added.
Note that EVP_CIPHER_CTX_rand_key() uses this flag.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15606)
Diffstat (limited to 'providers/implementations/ciphers')
4 files changed, 10 insertions, 3 deletions
diff --git a/providers/implementations/ciphers/cipher_des.c b/providers/implementations/ciphers/cipher_des.c index d03d65b668..c6d13466f7 100644 --- a/providers/implementations/ciphers/cipher_des.c +++ b/providers/implementations/ciphers/cipher_des.c @@ -20,7 +20,7 @@ #include "prov/implementations.h" #include "prov/providercommon.h" -#define DES_FLAGS 0 +#define DES_FLAGS PROV_CIPHER_FLAG_RAND_KEY static OSSL_FUNC_cipher_freectx_fn des_freectx; static OSSL_FUNC_cipher_encrypt_init_fn des_einit; diff --git a/providers/implementations/ciphers/cipher_tdes.h b/providers/implementations/ciphers/cipher_tdes.h index d3d885bd18..93f9d1744d 100644 --- a/providers/implementations/ciphers/cipher_tdes.h +++ b/providers/implementations/ciphers/cipher_tdes.h @@ -13,7 +13,7 @@ #define DES_BLOCK_SIZE 8 #define TDES_IVLEN 8 -#define TDES_FLAGS 0 +#define TDES_FLAGS PROV_CIPHER_FLAG_RAND_KEY typedef struct prov_tdes_ctx_st { PROV_CIPHER_CTX base; /* Must be first */ diff --git a/providers/implementations/ciphers/cipher_tdes_wrap.c b/providers/implementations/ciphers/cipher_tdes_wrap.c index f6a859539e..1b4539a64c 100644 --- a/providers/implementations/ciphers/cipher_tdes_wrap.c +++ b/providers/implementations/ciphers/cipher_tdes_wrap.c @@ -22,7 +22,7 @@ #include "prov/implementations.h" #include "prov/providercommon.h" -#define TDES_WRAP_FLAGS PROV_CIPHER_FLAG_CUSTOM_IV +#define TDES_WRAP_FLAGS PROV_CIPHER_FLAG_CUSTOM_IV | PROV_CIPHER_FLAG_RAND_KEY static OSSL_FUNC_cipher_update_fn tdes_wrap_update; static OSSL_FUNC_cipher_cipher_fn tdes_wrap_cipher; diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c index b5a0d43b78..fa383165d8 100644 --- a/providers/implementations/ciphers/ciphercommon.c +++ b/providers/implementations/ciphers/ciphercommon.c @@ -30,6 +30,7 @@ static const OSSL_PARAM cipher_known_gettable_params[] = { OSSL_PARAM_int(OSSL_CIPHER_PARAM_CUSTOM_IV, NULL), OSSL_PARAM_int(OSSL_CIPHER_PARAM_CTS, NULL), OSSL_PARAM_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK, NULL), + OSSL_PARAM_int(OSSL_CIPHER_PARAM_HAS_RAND_KEY, NULL), OSSL_PARAM_END }; const OSSL_PARAM *ossl_cipher_generic_gettable_params(ossl_unused void *provctx) @@ -72,6 +73,12 @@ int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md, ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_HAS_RAND_KEY); + if (p != NULL + && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_RAND_KEY) != 0)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); if (p != NULL && !OSSL_PARAM_set_size_t(p, kbits / 8)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); |