From 0d5096fbd6bd58bd68ca114c5e4f59fd2f9aa199 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Wed, 5 Feb 2014 14:05:08 +0100 Subject: evp/e_aes_cbc_hmac_sha*.c: additional CTRL to query buffer requirements. --- crypto/evp/e_aes_cbc_hmac_sha1.c | 15 ++++++++++++--- crypto/evp/e_aes_cbc_hmac_sha256.c | 15 ++++++++++++--- crypto/evp/evp.h | 1 + 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index 730842047f..b14d8371c8 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -775,6 +775,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void } } #if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK + case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE: + return (int)(5+16+((arg+20+16)&-16)); case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: { EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param = @@ -791,10 +793,17 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void if ((param->inp[9]<<8|param->inp[10]) < TLS1_1_VERSION) return -1; - if (inp_len<4096) return 0; /* too short */ + if (inp_len) + { + if (inp_len<4096) return 0; /* too short */ - if (inp_len>=8192 && OPENSSL_ia32cap_P[2]&(1<<5)) - n4x=2; /* AVX2 */ + if (inp_len>=8192 && OPENSSL_ia32cap_P[2]&(1<<5)) + n4x=2; /* AVX2 */ + } + else if ((n4x=param->interleave/4) && n4x<=2) + inp_len = param->len; + else + return -1; key->md = key->head; SHA1_Update(&key->md,param->inp,13); diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index 8470bb96b8..01823d201e 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -728,6 +728,8 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, vo } } #if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK + case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE: + return (int)(5+16+((arg+32+16)&-16)); case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: { EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param = @@ -744,10 +746,17 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, vo if ((param->inp[9]<<8|param->inp[10]) < TLS1_1_VERSION) return -1; - if (inp_len<4096) return 0; /* too short */ + if (inp_len) + { + if (inp_len<4096) return 0; /* too short */ - if (inp_len>=8192 && OPENSSL_ia32cap_P[2]&(1<<5)) - n4x=2; /* AVX2 */ + if (inp_len>=8192 && OPENSSL_ia32cap_P[2]&(1<<5)) + n4x=2; /* AVX2 */ + } + else if ((n4x=param->interleave/4) && n4x<=2) + inp_len = param->len; + else + return -1; key->md = key->head; SHA256_Update(&key->md,param->inp,13); diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index a5aa4c87fc..94d1dc863b 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -413,6 +413,7 @@ struct evp_cipher_st #define EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 0x19 #define EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 0x1a #define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b +#define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c typedef struct { unsigned char *out; -- cgit v1.2.3