From a054d15c22c501d33e1382bb09ba80bac08c2738 Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Thu, 17 Dec 2020 16:39:57 +1000 Subject: Replace provider cipher flags with separate param fields Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/13830) --- .../ciphers/cipher_aes_cbc_hmac_sha.c | 7 ++-- .../implementations/ciphers/cipher_aes_cts.inc | 8 +++-- providers/implementations/ciphers/cipher_aes_siv.c | 3 +- providers/implementations/ciphers/cipher_aes_siv.h | 1 - providers/implementations/ciphers/cipher_aes_wrp.c | 8 ++--- providers/implementations/ciphers/cipher_aes_xts.c | 11 +----- .../implementations/ciphers/cipher_blowfish.c | 2 +- providers/implementations/ciphers/cipher_cast5.c | 2 +- .../implementations/ciphers/cipher_chacha20.c | 3 +- .../ciphers/cipher_chacha20_poly1305.c | 10 ++---- providers/implementations/ciphers/cipher_des.c | 3 +- providers/implementations/ciphers/cipher_des.h | 3 +- providers/implementations/ciphers/cipher_rc2.c | 13 ++++---- providers/implementations/ciphers/cipher_rc4.c | 7 ++-- .../implementations/ciphers/cipher_rc4_hmac_md5.c | 13 ++++---- providers/implementations/ciphers/cipher_rc5.c | 10 +++--- providers/implementations/ciphers/cipher_tdes.c | 2 +- providers/implementations/ciphers/cipher_tdes.h | 4 +-- .../ciphers/cipher_tdes_default_hw.c | 2 +- .../implementations/ciphers/cipher_tdes_wrap.c | 4 +-- providers/implementations/ciphers/ciphercommon.c | 39 ++++++++++++++++++---- .../implementations/ciphers/ciphercommon_ccm.c | 5 ++- .../implementations/ciphers/ciphercommon_hw.c | 2 +- 23 files changed, 80 insertions(+), 82 deletions(-) (limited to 'providers/implementations/ciphers') diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c index 53bef600a5..03f216d22e 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c @@ -30,11 +30,8 @@ const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = { \ #else # include "prov/providercommonerr.h" -/* TODO(3.0) Figure out what flags are required */ -# define AES_CBC_HMAC_SHA_FLAGS (EVP_CIPH_CBC_MODE \ - | EVP_CIPH_FLAG_DEFAULT_ASN1 \ - | EVP_CIPH_FLAG_AEAD_CIPHER \ - | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) +# define AES_CBC_HMAC_SHA_FLAGS (PROV_CIPHER_FLAG_AEAD \ + | PROV_CIPHER_FLAG_TLS1_MULTIBLOCK) static OSSL_FUNC_cipher_freectx_fn aes_cbc_hmac_sha1_freectx; static OSSL_FUNC_cipher_freectx_fn aes_cbc_hmac_sha256_freectx; diff --git a/providers/implementations/ciphers/cipher_aes_cts.inc b/providers/implementations/ciphers/cipher_aes_cts.inc index 6eb85a083f..dae112febf 100644 --- a/providers/implementations/ciphers/cipher_aes_cts.inc +++ b/providers/implementations/ciphers/cipher_aes_cts.inc @@ -12,6 +12,8 @@ #include "cipher_aes_cts.h" #include "prov/providercommonerr.h" +#define AES_CTS_FLAGS PROV_CIPHER_FLAG_CTS + static OSSL_FUNC_cipher_get_ctx_params_fn aes_cbc_cts_get_ctx_params; static OSSL_FUNC_cipher_set_ctx_params_fn aes_cbc_cts_set_ctx_params; static OSSL_FUNC_cipher_gettable_ctx_params_fn aes_cbc_cts_gettable_ctx_params; @@ -101,8 +103,8 @@ const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_cts_functions[] = { \ }; /* ossl_aes256cbc_cts_functions */ -IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, EVP_CIPH_FLAG_CTS, 256, 128, 128, block) +IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 256, 128, 128, block) /* ossl_aes192cbc_cts_functions */ -IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, EVP_CIPH_FLAG_CTS, 192, 128, 128, block) +IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 192, 128, 128, block) /* ossl_aes128cbc_cts_functions */ -IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, EVP_CIPH_FLAG_CTS, 128, 128, 128, block) +IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 128, 128, 128, block) diff --git a/providers/implementations/ciphers/cipher_aes_siv.c b/providers/implementations/ciphers/cipher_aes_siv.c index 7a83506c24..469515bb8c 100644 --- a/providers/implementations/ciphers/cipher_aes_siv.c +++ b/providers/implementations/ciphers/cipher_aes_siv.c @@ -37,7 +37,6 @@ static void *aes_siv_newctx(void *provctx, size_t keybits, unsigned int mode, if (ctx != NULL) { ctx->taglen = SIV_LEN; ctx->mode = mode; - ctx->flags = flags; ctx->keylen = keybits / 8; ctx->hw = ossl_prov_cipher_hw_aes_siv(keybits); ctx->libctx = PROV_LIBCTX_OF(provctx); @@ -259,7 +258,7 @@ static OSSL_FUNC_cipher_settable_ctx_params_fn \ static int alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[]) \ { \ return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, 2*kbits, blkbits, ivbits); \ + flags, 2*kbits, blkbits, ivbits); \ } \ static void * alg##kbits##lc##_newctx(void *provctx) \ { \ diff --git a/providers/implementations/ciphers/cipher_aes_siv.h b/providers/implementations/ciphers/cipher_aes_siv.h index 6d2649f049..c0b2a903bc 100644 --- a/providers/implementations/ciphers/cipher_aes_siv.h +++ b/providers/implementations/ciphers/cipher_aes_siv.h @@ -24,7 +24,6 @@ typedef struct prov_cipher_hw_aes_siv_st { typedef struct prov_siv_ctx_st { unsigned int mode; /* The mode that we are using */ unsigned int enc : 1; /* Set to 1 if we are encrypting or 0 otherwise */ - uint64_t flags; size_t keylen; /* The input keylength (twice the alg key length) */ size_t taglen; /* the taglen is the same as the sivlen */ SIV128_CONTEXT siv; diff --git a/providers/implementations/ciphers/cipher_aes_wrp.c b/providers/implementations/ciphers/cipher_aes_wrp.c index ca57666e7a..dc625216ca 100644 --- a/providers/implementations/ciphers/cipher_aes_wrp.c +++ b/providers/implementations/ciphers/cipher_aes_wrp.c @@ -22,10 +22,8 @@ #define AES_WRAP_PAD_IVLEN 4 #define AES_WRAP_NOPAD_IVLEN 8 -/* TODO(3.0) Figure out what flags need to be passed */ -#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV \ - | EVP_CIPH_ALWAYS_CALL_INIT) -#define WRAP_FLAGS_INV (WRAP_FLAGS | EVP_CIPH_FLAG_INVERSE_CIPHER) +#define WRAP_FLAGS (PROV_CIPHER_FLAG_CUSTOM_IV) +#define WRAP_FLAGS_INV (WRAP_FLAGS | PROV_CIPHER_FLAG_INVERSE_CIPHER) typedef size_t (*aeswrap_fn)(void *key, const unsigned char *iv, unsigned char *out, const unsigned char *in, @@ -111,7 +109,7 @@ static int aes_wrap_init(void *vctx, const unsigned char *key, * to be the AES decryption function, then CIPH-1K will be the AES * encryption function. */ - if ((ctx->flags & EVP_CIPH_FLAG_INVERSE_CIPHER) == 0) + if (ctx->inverse_cipher == 0) use_forward_transform = ctx->enc; else use_forward_transform = !ctx->enc; diff --git a/providers/implementations/ciphers/cipher_aes_xts.c b/providers/implementations/ciphers/cipher_aes_xts.c index 7ccad56198..cf768d27d4 100644 --- a/providers/implementations/ciphers/cipher_aes_xts.c +++ b/providers/implementations/ciphers/cipher_aes_xts.c @@ -20,12 +20,7 @@ #include "prov/providercommon.h" #include "prov/providercommonerr.h" -/* TODO (3.0) Figure out what flags need to be set */ -#define AES_XTS_FLAGS (EVP_CIPH_CUSTOM_IV \ - | EVP_CIPH_ALWAYS_CALL_INIT \ - | EVP_CIPH_CTRL_INIT \ - | EVP_CIPH_CUSTOM_COPY) - +#define AES_XTS_FLAGS PROV_CIPHER_FLAG_CUSTOM_IV #define AES_XTS_IV_BITS 128 #define AES_XTS_BLOCK_BITS 8 @@ -233,10 +228,6 @@ static int aes_xts_set_ctx_params(void *vctx, const OSSL_PARAM params[]) PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; const OSSL_PARAM *p; - /* - * TODO(3.0) We need a general solution for handling missing parameters - * inside set_params and get_params methods. - */ p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); if (p != NULL) { size_t keylen; diff --git a/providers/implementations/ciphers/cipher_blowfish.c b/providers/implementations/ciphers/cipher_blowfish.c index 6320f560a0..cf303bb863 100644 --- a/providers/implementations/ciphers/cipher_blowfish.c +++ b/providers/implementations/ciphers/cipher_blowfish.c @@ -19,7 +19,7 @@ #include "prov/implementations.h" #include "prov/providercommon.h" -#define BF_FLAGS (EVP_CIPH_VARIABLE_LENGTH) +#define BF_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH static OSSL_FUNC_cipher_freectx_fn blowfish_freectx; static OSSL_FUNC_cipher_dupctx_fn blowfish_dupctx; diff --git a/providers/implementations/ciphers/cipher_cast5.c b/providers/implementations/ciphers/cipher_cast5.c index 7c686013d8..1d525343b4 100644 --- a/providers/implementations/ciphers/cipher_cast5.c +++ b/providers/implementations/ciphers/cipher_cast5.c @@ -20,7 +20,7 @@ #include "prov/providercommon.h" #include "prov/providercommonerr.h" -#define CAST5_FLAGS (EVP_CIPH_VARIABLE_LENGTH) +#define CAST5_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH static OSSL_FUNC_cipher_freectx_fn cast5_freectx; static OSSL_FUNC_cipher_dupctx_fn cast5_dupctx; diff --git a/providers/implementations/ciphers/cipher_chacha20.c b/providers/implementations/ciphers/cipher_chacha20.c index 8e0727ae47..b2fe1b1957 100644 --- a/providers/implementations/ciphers/cipher_chacha20.c +++ b/providers/implementations/ciphers/cipher_chacha20.c @@ -17,8 +17,7 @@ #define CHACHA20_KEYLEN (CHACHA_KEY_SIZE) #define CHACHA20_BLKLEN (1) #define CHACHA20_IVLEN (CHACHA_CTR_SIZE) -/* TODO(3.0) Figure out what flags are required */ -#define CHACHA20_FLAGS (EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT) +#define CHACHA20_FLAGS (PROV_CIPHER_FLAG_CUSTOM_IV) static OSSL_FUNC_cipher_newctx_fn chacha20_newctx; static OSSL_FUNC_cipher_freectx_fn chacha20_freectx; diff --git a/providers/implementations/ciphers/cipher_chacha20_poly1305.c b/providers/implementations/ciphers/cipher_chacha20_poly1305.c index 7a9cc5c20f..919d4fba94 100644 --- a/providers/implementations/ciphers/cipher_chacha20_poly1305.c +++ b/providers/implementations/ciphers/cipher_chacha20_poly1305.c @@ -19,14 +19,8 @@ #define CHACHA20_POLY1305_BLKLEN 1 #define CHACHA20_POLY1305_MAX_IVLEN 12 #define CHACHA20_POLY1305_MODE 0 -/* TODO(3.0) Figure out what flags are required */ -#define CHACHA20_POLY1305_FLAGS (EVP_CIPH_FLAG_AEAD_CIPHER \ - | EVP_CIPH_ALWAYS_CALL_INIT \ - | EVP_CIPH_CTRL_INIT \ - | EVP_CIPH_CUSTOM_COPY \ - | EVP_CIPH_FLAG_CUSTOM_CIPHER \ - | EVP_CIPH_CUSTOM_IV \ - | EVP_CIPH_CUSTOM_IV_LENGTH) +#define CHACHA20_POLY1305_FLAGS (PROV_CIPHER_FLAG_AEAD \ + | PROV_CIPHER_FLAG_CUSTOM_IV) static OSSL_FUNC_cipher_newctx_fn chacha20_poly1305_newctx; static OSSL_FUNC_cipher_freectx_fn chacha20_poly1305_freectx; diff --git a/providers/implementations/ciphers/cipher_des.c b/providers/implementations/ciphers/cipher_des.c index 345adfab60..ec186445c8 100644 --- a/providers/implementations/ciphers/cipher_des.c +++ b/providers/implementations/ciphers/cipher_des.c @@ -20,8 +20,7 @@ #include "prov/providercommon.h" #include "prov/providercommonerr.h" -/* TODO(3.0) Figure out what flags need to be here */ -#define DES_FLAGS (EVP_CIPH_RAND_KEY) +#define DES_FLAGS 0 static OSSL_FUNC_cipher_freectx_fn des_freectx; static OSSL_FUNC_cipher_encrypt_init_fn des_einit; diff --git a/providers/implementations/ciphers/cipher_des.h b/providers/implementations/ciphers/cipher_des.h index aedb38177e..78ca686bad 100644 --- a/providers/implementations/ciphers/cipher_des.h +++ b/providers/implementations/ciphers/cipher_des.h @@ -10,8 +10,7 @@ #include #include "crypto/des_platform.h" -/* TODO(3.0) Figure out what flags need to be here */ -#define TDES_FLAGS (EVP_CIPH_RAND_KEY) +#define TDES_FLAGS 0 typedef struct prov_des_ctx_st { PROV_CIPHER_CTX base; /* Must be first */ diff --git a/providers/implementations/ciphers/cipher_rc2.c b/providers/implementations/ciphers/cipher_rc2.c index b7c244f245..09d66b2cdd 100644 --- a/providers/implementations/ciphers/cipher_rc2.c +++ b/providers/implementations/ciphers/cipher_rc2.c @@ -23,6 +23,7 @@ #define RC2_40_MAGIC 0xa0 #define RC2_64_MAGIC 0x78 #define RC2_128_MAGIC 0x3a +#define RC2_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH static OSSL_FUNC_cipher_freectx_fn rc2_freectx; static OSSL_FUNC_cipher_dupctx_fn rc2_dupctx; @@ -242,15 +243,15 @@ const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_functions[] = { \ }; /* ossl_rc2128ecb_functions */ -IMPLEMENT_cipher(rc2, RC2, ecb, ECB, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 0, block) +IMPLEMENT_cipher(rc2, RC2, ecb, ECB, RC2_FLAGS, 128, 64, 0, block) /* ossl_rc2128cbc_functions */ -IMPLEMENT_cipher(rc2, RC2, cbc, CBC, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 64, block) +IMPLEMENT_cipher(rc2, RC2, cbc, CBC, RC2_FLAGS, 128, 64, 64, block) /* ossl_rc240cbc_functions */ -IMPLEMENT_cipher(rc2, RC2, cbc, CBC, EVP_CIPH_VARIABLE_LENGTH, 40, 64, 64, block) +IMPLEMENT_cipher(rc2, RC2, cbc, CBC, RC2_FLAGS, 40, 64, 64, block) /* ossl_rc264cbc_functions */ -IMPLEMENT_cipher(rc2, RC2, cbc, CBC, EVP_CIPH_VARIABLE_LENGTH, 64, 64, 64, block) +IMPLEMENT_cipher(rc2, RC2, cbc, CBC, RC2_FLAGS, 64, 64, 64, block) /* ossl_rc2128ofb128_functions */ -IMPLEMENT_cipher(rc2, RC2, ofb128, OFB, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 64, stream) +IMPLEMENT_cipher(rc2, RC2, ofb128, OFB, RC2_FLAGS, 128, 8, 64, stream) /* ossl_rc2128cfb128_functions */ -IMPLEMENT_cipher(rc2, RC2, cfb128, CFB, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 64, stream) +IMPLEMENT_cipher(rc2, RC2, cfb128, CFB, RC2_FLAGS, 128, 8, 64, stream) diff --git a/providers/implementations/ciphers/cipher_rc4.c b/providers/implementations/ciphers/cipher_rc4.c index 91644fca59..18233bbac1 100644 --- a/providers/implementations/ciphers/cipher_rc4.c +++ b/providers/implementations/ciphers/cipher_rc4.c @@ -19,8 +19,7 @@ #include "prov/implementations.h" #include "prov/providercommon.h" -/* TODO (3.0) Figure out what flags are required */ -#define RC4_FLAGS EVP_CIPH_FLAG_DEFAULT_ASN1 +#define RC4_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH static OSSL_FUNC_cipher_freectx_fn rc4_freectx; static OSSL_FUNC_cipher_dupctx_fn rc4_dupctx; @@ -97,6 +96,6 @@ const OSSL_DISPATCH ossl_##alg##kbits##_functions[] = { \ }; /* ossl_rc440_functions */ -IMPLEMENT_cipher(rc4, RC4, EVP_CIPH_VARIABLE_LENGTH, 40, 8, 0, stream) +IMPLEMENT_cipher(rc4, RC4, RC4_FLAGS, 40, 8, 0, stream) /* ossl_rc4128_functions */ -IMPLEMENT_cipher(rc4, RC4, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 0, stream) +IMPLEMENT_cipher(rc4, RC4, RC4_FLAGS, 128, 8, 0, stream) diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c index 9dc9615c04..b757197110 100644 --- a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c +++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c @@ -20,9 +20,8 @@ #include "prov/providercommon.h" #include "prov/providercommonerr.h" -/* TODO(3.0) Figure out what flags are required */ -#define RC4_HMAC_MD5_FLAGS (EVP_CIPH_STREAM_CIPHER | EVP_CIPH_VARIABLE_LENGTH \ - | EVP_CIPH_FLAG_AEAD_CIPHER) +#define RC4_HMAC_MD5_FLAGS (PROV_CIPHER_FLAG_VARIABLE_LENGTH \ + | PROV_CIPHER_FLAG_AEAD) #define RC4_HMAC_MD5_KEY_BITS (16 * 8) #define RC4_HMAC_MD5_BLOCK_BITS (1 * 8) @@ -183,10 +182,10 @@ static int rc4_hmac_md5_set_ctx_params(void *vctx, const OSSL_PARAM params[]) static int rc4_hmac_md5_get_params(OSSL_PARAM params[]) { return ossl_cipher_generic_get_params(params, RC4_HMAC_MD5_MODE, - RC4_HMAC_MD5_FLAGS, - RC4_HMAC_MD5_KEY_BITS, - RC4_HMAC_MD5_BLOCK_BITS, - RC4_HMAC_MD5_IV_BITS); + RC4_HMAC_MD5_FLAGS, + RC4_HMAC_MD5_KEY_BITS, + RC4_HMAC_MD5_BLOCK_BITS, + RC4_HMAC_MD5_IV_BITS); } const OSSL_DISPATCH ossl_rc4_hmac_ossl_md5_functions[] = { diff --git a/providers/implementations/ciphers/cipher_rc5.c b/providers/implementations/ciphers/cipher_rc5.c index 80de5f4bdd..ec408ed885 100644 --- a/providers/implementations/ciphers/cipher_rc5.c +++ b/providers/implementations/ciphers/cipher_rc5.c @@ -20,6 +20,8 @@ #include "prov/providercommon.h" #include "prov/providercommonerr.h" +#define RC5_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH + static OSSL_FUNC_cipher_freectx_fn rc5_freectx; static OSSL_FUNC_cipher_dupctx_fn rc5_dupctx; OSSL_FUNC_cipher_gettable_ctx_params_fn rc5_gettable_ctx_params; @@ -153,10 +155,10 @@ const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_functions[] = { \ }; /* ossl_rc5128ecb_functions */ -IMPLEMENT_cipher(rc5, RC5, ecb, ECB, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 0, block) +IMPLEMENT_cipher(rc5, RC5, ecb, ECB, RC5_FLAGS, 128, 64, 0, block) /* ossl_rc5128cbc_functions */ -IMPLEMENT_cipher(rc5, RC5, cbc, CBC, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 64, block) +IMPLEMENT_cipher(rc5, RC5, cbc, CBC, RC5_FLAGS, 128, 64, 64, block) /* ossl_rc5128ofb64_functions */ -IMPLEMENT_cipher(rc5, RC5, ofb64, OFB, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 64, stream) +IMPLEMENT_cipher(rc5, RC5, ofb64, OFB, RC5_FLAGS, 128, 8, 64, stream) /* ossl_rc5128cfb64_functions */ -IMPLEMENT_cipher(rc5, RC5, cfb64, CFB, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 64, stream) +IMPLEMENT_cipher(rc5, RC5, cfb64, CFB, RC5_FLAGS, 128, 8, 64, stream) diff --git a/providers/implementations/ciphers/cipher_tdes.c b/providers/implementations/ciphers/cipher_tdes.c index c9fb1ceda7..a2855af481 100644 --- a/providers/implementations/ciphers/cipher_tdes.c +++ b/providers/implementations/ciphers/cipher_tdes.c @@ -20,7 +20,7 @@ #include "prov/providercommonerr.h" /* - * TODO(3.0) - ECB mode does not use an IV - but existing test code is setting + * NOTE: ECB mode does not use an IV - but existing test code is setting * an IV. Fixing this could potentially make applications break. */ /* ossl_tdes_ede3_ecb_functions */ diff --git a/providers/implementations/ciphers/cipher_tdes.h b/providers/implementations/ciphers/cipher_tdes.h index 081a00fffa..9bef908cc3 100644 --- a/providers/implementations/ciphers/cipher_tdes.h +++ b/providers/implementations/ciphers/cipher_tdes.h @@ -13,9 +13,7 @@ #define DES_BLOCK_SIZE 8 #define TDES_IVLEN 8 - -/* TODO(3.0) Figure out what flags need to be here */ -#define TDES_FLAGS (EVP_CIPH_RAND_KEY) +#define TDES_FLAGS 0 typedef struct prov_tdes_ctx_st { PROV_CIPHER_CTX base; /* Must be first */ diff --git a/providers/implementations/ciphers/cipher_tdes_default_hw.c b/providers/implementations/ciphers/cipher_tdes_default_hw.c index b7c7ea11f7..77b08ebbe1 100644 --- a/providers/implementations/ciphers/cipher_tdes_default_hw.c +++ b/providers/implementations/ciphers/cipher_tdes_default_hw.c @@ -101,7 +101,7 @@ static int ossl_cipher_hw_tdes_cfb1(PROV_CIPHER_CTX *ctx, unsigned char *out, size_t n; unsigned char c[1], d[1]; - if ((ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) == 0) + if (ctx->use_bits == 0) inl *= 8; for (n = 0; n < inl; ++n) { c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; diff --git a/providers/implementations/ciphers/cipher_tdes_wrap.c b/providers/implementations/ciphers/cipher_tdes_wrap.c index acb8c97e33..b78a77c254 100644 --- a/providers/implementations/ciphers/cipher_tdes_wrap.c +++ b/providers/implementations/ciphers/cipher_tdes_wrap.c @@ -21,9 +21,7 @@ #include "prov/providercommon.h" #include "prov/providercommonerr.h" -/* TODO (3.0) Figure out what flags are required */ -#define TDES_WRAP_FLAGS (EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV) - +#define TDES_WRAP_FLAGS PROV_CIPHER_FLAG_CUSTOM_IV static OSSL_FUNC_cipher_update_fn tdes_wrap_update; static OSSL_FUNC_cipher_cipher_fn tdes_wrap_cipher; diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c index d1e8c461b5..fa73edb473 100644 --- a/providers/implementations/ciphers/ciphercommon.c +++ b/providers/implementations/ciphers/ciphercommon.c @@ -26,7 +26,10 @@ static const OSSL_PARAM cipher_known_gettable_params[] = { OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL), - OSSL_PARAM_ulong(OSSL_CIPHER_PARAM_FLAGS, NULL), + OSSL_PARAM_int(OSSL_CIPHER_PARAM_AEAD, NULL), + OSSL_PARAM_int(OSSL_CIPHER_PARAM_CUSTOM_IV, NULL), + OSSL_PARAM_int(OSSL_CIPHER_PARAM_CTS, NULL), + OSSL_PARAM_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK, NULL), { OSSL_CIPHER_PARAM_TLS_MAC, OSSL_PARAM_OCTET_PTR, NULL, 0, OSSL_PARAM_UNMODIFIED }, OSSL_PARAM_END }; @@ -36,7 +39,7 @@ const OSSL_PARAM *ossl_cipher_generic_gettable_params(void *provctx) } int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md, - unsigned long flags, + uint64_t flags, size_t kbits, size_t blkbits, size_t ivbits) { OSSL_PARAM *p; @@ -46,8 +49,27 @@ int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md, ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_FLAGS); - if (p != NULL && !OSSL_PARAM_set_ulong(p, flags)) { + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD); + if (p != NULL + && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_AEAD) != 0)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CUSTOM_IV); + if (p != NULL + && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_CUSTOM_IV) != 0)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CTS); + if (p != NULL + && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_CTS) != 0)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK); + if (p != NULL + && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_TLS1_MULTIBLOCK) != 0)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } @@ -80,7 +102,6 @@ CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(ossl_cipher_generic) /* * Variable key length cipher functions for OSSL_PARAM settables */ - int ossl_cipher_var_keylen_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; @@ -168,7 +189,7 @@ static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx, return 0; } if (key != NULL) { - if ((ctx->flags & EVP_CIPH_VARIABLE_LENGTH) == 0) { + if (ctx->variable_keylength == 0) { if (keylen != ctx->keylen) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN); return 0; @@ -608,7 +629,11 @@ void ossl_cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits, { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; - ctx->flags = flags; + if ((flags & PROV_CIPHER_FLAG_INVERSE_CIPHER) != 0) + ctx->inverse_cipher = 1; + if ((flags & PROV_CIPHER_FLAG_VARIABLE_LENGTH) != 0) + ctx->variable_keylength = 1; + ctx->pad = 1; ctx->keylen = ((kbits) / 8); ctx->ivlen = ((ivbits) / 8); diff --git a/providers/implementations/ciphers/ciphercommon_ccm.c b/providers/implementations/ciphers/ciphercommon_ccm.c index cb529f5f31..0009e9876c 100644 --- a/providers/implementations/ciphers/ciphercommon_ccm.c +++ b/providers/implementations/ciphers/ciphercommon_ccm.c @@ -291,9 +291,8 @@ int ccm_stream_final(void *vctx, unsigned char *out, size_t *outl, return 1; } -int ccm_cipher(void *vctx, - unsigned char *out, size_t *outl, size_t outsize, - const unsigned char *in, size_t inl) +int ccm_cipher(void *vctx, unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl) { PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx; diff --git a/providers/implementations/ciphers/ciphercommon_hw.c b/providers/implementations/ciphers/ciphercommon_hw.c index 7063593011..8673e7b744 100644 --- a/providers/implementations/ciphers/ciphercommon_hw.c +++ b/providers/implementations/ciphers/ciphercommon_hw.c @@ -85,7 +85,7 @@ int ossl_cipher_hw_generic_cfb1(PROV_CIPHER_CTX *dat, unsigned char *out, { int num = dat->num; - if ((dat->flags & EVP_CIPH_FLAG_LENGTH_BITS) != 0) { + if (dat->use_bits) { CRYPTO_cfb128_1_encrypt(in, out, len, dat->ks, dat->iv, &num, dat->enc, dat->block); dat->num = num; -- cgit v1.2.3