From f41fd10d90fb5202f4c05f8842b4a4f25afd51d0 Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Thu, 3 Jun 2021 19:09:38 +1000 Subject: Add a gettable for provider ciphers to return the EVP_CIPH_RAND_KEY flag Fixes #15531 DES and TDES set this flag which could possibly be used by applications. The gettable cipher param OSSL_CIPHER_PARAM_HAS_RAND_KEY has been added. Note that EVP_CIPHER_CTX_rand_key() uses this flag. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15606) --- providers/implementations/ciphers/cipher_des.c | 2 +- providers/implementations/ciphers/cipher_tdes.h | 2 +- providers/implementations/ciphers/cipher_tdes_wrap.c | 2 +- providers/implementations/ciphers/ciphercommon.c | 7 +++++++ 4 files changed, 10 insertions(+), 3 deletions(-) (limited to 'providers/implementations/ciphers') diff --git a/providers/implementations/ciphers/cipher_des.c b/providers/implementations/ciphers/cipher_des.c index d03d65b668..c6d13466f7 100644 --- a/providers/implementations/ciphers/cipher_des.c +++ b/providers/implementations/ciphers/cipher_des.c @@ -20,7 +20,7 @@ #include "prov/implementations.h" #include "prov/providercommon.h" -#define DES_FLAGS 0 +#define DES_FLAGS PROV_CIPHER_FLAG_RAND_KEY static OSSL_FUNC_cipher_freectx_fn des_freectx; static OSSL_FUNC_cipher_encrypt_init_fn des_einit; diff --git a/providers/implementations/ciphers/cipher_tdes.h b/providers/implementations/ciphers/cipher_tdes.h index d3d885bd18..93f9d1744d 100644 --- a/providers/implementations/ciphers/cipher_tdes.h +++ b/providers/implementations/ciphers/cipher_tdes.h @@ -13,7 +13,7 @@ #define DES_BLOCK_SIZE 8 #define TDES_IVLEN 8 -#define TDES_FLAGS 0 +#define TDES_FLAGS PROV_CIPHER_FLAG_RAND_KEY typedef struct prov_tdes_ctx_st { PROV_CIPHER_CTX base; /* Must be first */ diff --git a/providers/implementations/ciphers/cipher_tdes_wrap.c b/providers/implementations/ciphers/cipher_tdes_wrap.c index f6a859539e..1b4539a64c 100644 --- a/providers/implementations/ciphers/cipher_tdes_wrap.c +++ b/providers/implementations/ciphers/cipher_tdes_wrap.c @@ -22,7 +22,7 @@ #include "prov/implementations.h" #include "prov/providercommon.h" -#define TDES_WRAP_FLAGS PROV_CIPHER_FLAG_CUSTOM_IV +#define TDES_WRAP_FLAGS PROV_CIPHER_FLAG_CUSTOM_IV | PROV_CIPHER_FLAG_RAND_KEY static OSSL_FUNC_cipher_update_fn tdes_wrap_update; static OSSL_FUNC_cipher_cipher_fn tdes_wrap_cipher; diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c index b5a0d43b78..fa383165d8 100644 --- a/providers/implementations/ciphers/ciphercommon.c +++ b/providers/implementations/ciphers/ciphercommon.c @@ -30,6 +30,7 @@ static const OSSL_PARAM cipher_known_gettable_params[] = { OSSL_PARAM_int(OSSL_CIPHER_PARAM_CUSTOM_IV, NULL), OSSL_PARAM_int(OSSL_CIPHER_PARAM_CTS, NULL), OSSL_PARAM_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK, NULL), + OSSL_PARAM_int(OSSL_CIPHER_PARAM_HAS_RAND_KEY, NULL), OSSL_PARAM_END }; const OSSL_PARAM *ossl_cipher_generic_gettable_params(ossl_unused void *provctx) @@ -72,6 +73,12 @@ int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md, ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_HAS_RAND_KEY); + if (p != NULL + && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_RAND_KEY) != 0)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); if (p != NULL && !OSSL_PARAM_set_size_t(p, kbits / 8)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); -- cgit v1.2.3