Commit 728f9449 authored by Shane Lontis's avatar Shane Lontis
Browse files

Change EVP_CIPHER_CTX_iv_length() to return current ivlen for some modes 



Note a flag needed to be added since some ssl tests fail if they output any error
(even if the error is ignored). Only ciphers that handle the GET_IV_LEN control set this flag.

Fixes #8330

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9499)
parent da4ea0cf

crypto/evp/e_aes.c

+23 −5
Original line number Diff line number Diff line
@@ -1608,7 +1608,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 


    switch (type) {

    case EVP_CTRL_INIT:

        ivlen = EVP_CIPHER_CTX_iv_length(c);

        ivlen = EVP_CIPHER_iv_length(c->cipher);

        iv = EVP_CIPHER_CTX_iv_noconst(c);

        gctx->key_set = 0;

        gctx->iv_set = 0;
@@ -1619,6 +1619,10 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 
        gctx->tls_aad_len = -1;

        return 1;



    case EVP_CTRL_GET_IVLEN:

        *(int *)ptr = gctx->ivlen;

        return 1;



    case EVP_CTRL_AEAD_SET_IVLEN:

        if (arg <= 0)

            return 0;
@@ -2329,6 +2333,10 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 
        cctx->aes.ccm.tls_aad_len = -1;

        return 1;



    case EVP_CTRL_GET_IVLEN:

        *(int *)ptr = 15 - cctx->aes.ccm.l;

        return 1;



    case EVP_CTRL_AEAD_TLS1_AAD:

        if (arg != EVP_AEAD_TLS1_AAD_LEN)

            return 0;
@@ -2847,13 +2855,17 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 
    case EVP_CTRL_INIT:

        gctx->key_set = 0;

        gctx->iv_set = 0;

        gctx->ivlen = c->cipher->iv_len;

        gctx->ivlen = EVP_CIPHER_iv_length(c->cipher);

        gctx->iv = c->iv;

        gctx->taglen = -1;

        gctx->iv_gen = 0;

        gctx->tls_aad_len = -1;

        return 1;



    case EVP_CTRL_GET_IVLEN:

        *(int *)ptr = gctx->ivlen;

        return 1;



    case EVP_CTRL_AEAD_SET_IVLEN:

        if (arg <= 0)

            return 0;
@@ -3303,7 +3315,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 
#define CUSTOM_FLAGS    (EVP_CIPH_FLAG_DEFAULT_ASN1 \

                | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \

                | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \

                | EVP_CIPH_CUSTOM_COPY)

                | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_CUSTOM_IV_LENGTH)



BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM,

                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
@@ -3505,7 +3517,9 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 
        cctx->len_set = 0;

        cctx->tls_aad_len = -1;

        return 1;



    case EVP_CTRL_GET_IVLEN:

        *(int *)ptr = 15 - cctx->L;

        return 1;

    case EVP_CTRL_AEAD_TLS1_AAD:

        /* Save the AAD for later use */

        if (arg != EVP_AEAD_TLS1_AAD_LEN)
@@ -3954,13 +3968,17 @@ static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 
    case EVP_CTRL_INIT:

        octx->key_set = 0;

        octx->iv_set = 0;

        octx->ivlen = EVP_CIPHER_CTX_iv_length(c);

        octx->ivlen = EVP_CIPHER_iv_length(c->cipher);

        octx->iv = EVP_CIPHER_CTX_iv_noconst(c);

        octx->taglen = 16;

        octx->data_buf_len = 0;

        octx->aad_buf_len = 0;

        return 1;



    case EVP_CTRL_GET_IVLEN:

        *(int *)ptr = octx->ivlen;

        return 1;



    case EVP_CTRL_AEAD_SET_IVLEN:

        /* IV len must be 1 to 15 */

        if (arg <= 0 || arg > 15)

crypto/evp/e_aria.c

+11 −2
Original line number Diff line number Diff line
@@ -252,7 +252,7 @@ static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 
    case EVP_CTRL_INIT:

        gctx->key_set = 0;

        gctx->iv_set = 0;

        gctx->ivlen = EVP_CIPHER_CTX_iv_length(c);

        gctx->ivlen = EVP_CIPHER_iv_length(c->cipher);

        gctx->iv = EVP_CIPHER_CTX_iv_noconst(c);

        gctx->taglen = -1;

        gctx->iv_gen = 0;
@@ -274,6 +274,10 @@ static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 
        gctx->ivlen = arg;

        return 1;



    case EVP_CTRL_GET_IVLEN:

        *(int *)ptr = gctx->ivlen;

        return 1;



    case EVP_CTRL_AEAD_SET_TAG:

        if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_encrypting(c))

            return 0;
@@ -573,6 +577,10 @@ static int aria_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 
        memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg);

        return 1;



    case EVP_CTRL_GET_IVLEN:

        *(int *)ptr = 15 - cctx->L;

        return 1;



    case EVP_CTRL_AEAD_SET_IVLEN:

        arg = 15 - arg;

        /* fall thru */
@@ -742,7 +750,8 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 
#define ARIA_AUTH_FLAGS  (EVP_CIPH_FLAG_DEFAULT_ASN1 \

                          | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \

                          | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \

                          | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_AEAD_CIPHER)

                          | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_AEAD_CIPHER \

                          | EVP_CIPH_CUSTOM_IV_LENGTH)



#define BLOCK_CIPHER_aead(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \

static const EVP_CIPHER aria_##keylen##_##mode = { \

crypto/evp/e_chacha20_poly1305.c

+6 −1
Original line number Diff line number Diff line
@@ -534,6 +534,10 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, 
        }

        return 1;



    case EVP_CTRL_GET_IVLEN:

        *(int *)ptr = actx->nonce_len;

        return 1;



    case EVP_CTRL_AEAD_SET_IVLEN:

        if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN)

            return 0;
@@ -613,7 +617,8 @@ static EVP_CIPHER chacha20_poly1305 = { 
    12,                 /* iv_len, 96-bit nonce in the context */

    EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CUSTOM_IV |

    EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT |

    EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER,

    EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER |

    EVP_CIPH_CUSTOM_IV_LENGTH,

    chacha20_poly1305_init_key,

    chacha20_poly1305_cipher,

    chacha20_poly1305_cleanup,

crypto/evp/evp_lib.c

+7 −0
Original line number Diff line number Diff line
@@ -242,6 +242,13 @@ int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) 


int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)

{

    int i, rv;



    if ((EVP_CIPHER_flags(ctx->cipher) & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) {

        rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN,

                                 0, &i);

        return (rv == 1) ? i : -1;

    }

    return ctx->cipher->iv_len;

}

include/openssl/evp.h

+4 −0
Original line number Diff line number Diff line
@@ -260,6 +260,8 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, 
# define         EVP_CIPH_RAND_KEY               0x200

/* cipher has its own additional copying logic */

# define         EVP_CIPH_CUSTOM_COPY            0x400

/* Don't use standard iv length function */

# define         EVP_CIPH_CUSTOM_IV_LENGTH       0x800

/* Allow use default ASN1 get/set iv */

# define         EVP_CIPH_FLAG_DEFAULT_ASN1      0x1000

/* Buffer length in bits not bytes: CFB1 mode only */
@@ -349,6 +351,8 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, 
/* Set the input buffer lengths to use for a pipelined operation */

# define         EVP_CTRL_SET_PIPELINE_INPUT_LENS        0x24



# define         EVP_CTRL_GET_IVLEN                      0x25



/* Padding modes */

#define EVP_PADDING_PKCS7       1

#define EVP_PADDING_ISO7816_4   2