From 081464fa142ce908d0606417e5f576263cb29584 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 28 Jul 2010 11:03:09 +0000 Subject: Make ctr mode behaviour consistent with other modes. --- crypto/evp/e_aes.c | 16 +++------------- crypto/evp/evp.h | 1 + crypto/evp/evp_enc.c | 5 ++++- 3 files changed, 8 insertions(+), 14 deletions(-) (limited to 'crypto') diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 3dc85762a2..a7fbba3689 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -122,7 +122,7 @@ static int aes_counter (EVP_CIPHER_CTX *ctx, unsigned char *out, static const EVP_CIPHER aes_128_ctr_cipher= { NID_aes_128_ctr,1,16,16, - EVP_CIPH_CUSTOM_IV, + EVP_CIPH_CTR_MODE, aes_init_key, aes_counter, NULL, @@ -139,7 +139,7 @@ const EVP_CIPHER *EVP_aes_128_ctr (void) static const EVP_CIPHER aes_192_ctr_cipher= { NID_aes_192_ctr,1,24,16, - EVP_CIPH_CUSTOM_IV, + EVP_CIPH_CTR_MODE, aes_init_key, aes_counter, NULL, @@ -156,7 +156,7 @@ const EVP_CIPHER *EVP_aes_192_ctr (void) static const EVP_CIPHER aes_256_ctr_cipher= { NID_aes_256_ctr,1,32,16, - EVP_CIPH_CUSTOM_IV, + EVP_CIPH_CTR_MODE, aes_init_key, aes_counter, NULL, @@ -188,16 +188,6 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 0; } - if (ctx->cipher->flags&EVP_CIPH_CUSTOM_IV) - { - if (iv!=NULL) - memcpy (ctx->iv,iv,ctx->cipher->iv_len); - else { - EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_IV_SETUP_FAILED); - return 0; - } - } - return 1; } diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 037f14be23..b5f847857f 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -326,6 +326,7 @@ struct evp_cipher_st #define EVP_CIPH_CBC_MODE 0x2 #define EVP_CIPH_CFB_MODE 0x3 #define EVP_CIPH_OFB_MODE 0x4 +#define EVP_CIPH_CTR_MODE 0x5 #define EVP_CIPH_MODE 0xF0007 /* Set if variable length cipher */ #define EVP_CIPH_VARIABLE_LENGTH 0x8 diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index bead6a2170..a35621a2ec 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -206,11 +206,14 @@ skip_to_init: ctx->num = 0; case EVP_CIPH_CBC_MODE: + case EVP_CIPH_CTR_MODE: OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= (int)sizeof(ctx->iv)); if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); - memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); + /* Don't reuse IV for CTR mode */ + if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CTR_MODE) + memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); break; default: -- cgit v1.2.3