Commit 936166af authored by Richard Levitte's avatar Richard Levitte
Browse files

Adapt cipher implementations to opaque EVP_CIPHER_CTX 



Note: there's a larger number of implementations in crypto/evp/ that
aren't affected because they include evp_locl.h.  They will be handled
in a separate commit.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent c0ca39bd

crypto/engine/eng_openssl.c

+1 −1
Original line number Diff line number Diff line
@@ -249,7 +249,7 @@ typedef struct { 
    unsigned char key[TEST_RC4_KEY_SIZE];

    RC4_KEY ks;

} TEST_RC4_KEY;

# define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data)

# define test(ctx) ((TEST_RC4_KEY *)EVP_CIPHER_CTX_cipher_data(ctx))

static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

                             const unsigned char *iv, int enc)

{

crypto/evp/e_aes_cbc_hmac_sha1.c

+22 −14
Original line number Diff line number Diff line
@@ -115,7 +115,7 @@ void aesni256_cbc_sha1_dec(const void *inp, void *out, size_t blocks, 
                           const AES_KEY *key, unsigned char iv[16],

                           SHA_CTX *ctx, const void *in0);



#  define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data)

#  define data(ctx) ((EVP_AES_HMAC_SHA1 *)EVP_CIPHER_CTX_cipher_data(ctx))



static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,

                                        const unsigned char *inkey,
@@ -125,9 +125,13 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, 
    int ret;



    if (enc)

        ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks);

        ret = aesni_set_encrypt_key(inkey,

                                    EVP_CIPHER_CTX_key_length(ctx) * 8,

                                    &key->ks);

    else

        ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks);

        ret = aesni_set_decrypt_key(inkey,

                                    EVP_CIPHER_CTX_key_length(ctx) * 8,

                                    &key->ks);



    SHA1_Init(&key->head);      /* handy when benchmarking */

    key->tail = key->head;
@@ -471,7 +475,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 
    if (len % AES_BLOCK_SIZE)

        return 0;



    if (ctx->encrypt) {

    if (EVP_CIPHER_CTX_encrypting(ctx)) {

        if (plen == NO_PAYLOAD_LENGTH)

            plen = len;

        else if (len !=
@@ -487,7 +491,8 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 
            SHA1_Update(&key->md, in + iv, sha_off);



            aesni_cbc_sha1_enc(in, out, blocks, &key->ks,

                               ctx->iv, &key->md, in + iv + sha_off);

                               EVP_CIPHER_CTX_iv_noconst(ctx),

                               &key->md, in + iv + sha_off);

            blocks *= SHA_CBLOCK;

            aes_off += blocks;

            sha_off += blocks;
@@ -518,10 +523,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 
                out[plen] = l;

            /* encrypt HMAC|padding at once */

            aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,

                              &key->ks, ctx->iv, 1);

                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);

        } else {

            aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off,

                              &key->ks, ctx->iv, 1);

                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);

        }

    } else {

        union {
@@ -551,7 +556,8 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 
                    return 0;



                /* omit explicit iv */

                memcpy(ctx->iv, in, AES_BLOCK_SIZE);

                memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), in, AES_BLOCK_SIZE);



                in += AES_BLOCK_SIZE;

                out += AES_BLOCK_SIZE;

                len -= AES_BLOCK_SIZE;
@@ -570,7 +576,8 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 
            } else

#  endif

                /* decrypt HMAC|padding at once */

                aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0);

                aesni_cbc_encrypt(in, out, len, &key->ks,

                                  EVP_CIPHER_CTX_iv_noconst(ctx), 0);



            /* figure out payload length */

            pad = out[len - 1];
@@ -798,7 +805,8 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 
            } else

#  endif

                /* decrypt HMAC|padding at once */

                aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0);

                aesni_cbc_encrypt(in, out, len, &key->ks,

                                  EVP_CIPHER_CTX_iv_noconst(ctx), 0);



            SHA1_Update(&key->md, out, len);

        }
@@ -852,7 +860,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, 
 

            len = p[arg - 2] << 8 | p[arg - 1];



            if (ctx->encrypt) {

            if (EVP_CIPHER_CTX_encrypting(ctx)) {

                key->payload_length = len;

                if ((key->aux.tls_ver =

                     p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
@@ -888,7 +896,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, 


            inp_len = param->inp[11] << 8 | param->inp[12];



            if (ctx->encrypt) {

            if (EVP_CIPHER_CTX_encrypting(ctx)) {

                if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION)

                    return -1;
@@ -948,7 +956,7 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = { 
#  else

    NID_undef,

#  endif

    16, 16, 16,

    AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE,

    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |

        EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,

    aesni_cbc_hmac_sha1_init_key,
@@ -967,7 +975,7 @@ static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = { 
#  else

    NID_undef,

#  endif

    16, 32, 16,

    AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE,

    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |

        EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,

    aesni_cbc_hmac_sha1_init_key,

crypto/evp/e_aes_cbc_hmac_sha256.c

+18 −12
Original line number Diff line number Diff line
@@ -111,7 +111,7 @@ int aesni_cbc_sha256_enc(const void *inp, void *out, size_t blocks, 
                         const AES_KEY *key, unsigned char iv[16],

                         SHA256_CTX *ctx, const void *in0);



#  define data(ctx) ((EVP_AES_HMAC_SHA256 *)(ctx)->cipher_data)

#  define data(ctx) ((EVP_AES_HMAC_SHA256 *)EVP_CIPHER_CTX_cipher_data(ctx))



static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx,

                                          const unsigned char *inkey,
@@ -122,9 +122,13 @@ static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx, 


    if (enc)

        memset(&key->ks, 0, sizeof(key->ks.rd_key)),

            ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks);

            ret = aesni_set_encrypt_key(inkey,

                                        EVP_CIPHER_CTX_key_length(ctx) * 8,

                                        &key->ks);

    else

        ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks);

        ret = aesni_set_decrypt_key(inkey,

                                    EVP_CIPHER_CTX_key_length(ctx) * 8,

                                    &key->ks);



    SHA256_Init(&key->head);    /* handy when benchmarking */

    key->tail = key->head;
@@ -487,7 +491,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, 
    if (len % AES_BLOCK_SIZE)

        return 0;



    if (ctx->encrypt) {

    if (EVP_CIPHER_CTX_encrypting(ctx)) {

        if (plen == NO_PAYLOAD_LENGTH)

            plen = len;

        else if (len !=
@@ -515,7 +519,8 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, 
            SHA256_Update(&key->md, in + iv, sha_off);



            (void)aesni_cbc_sha256_enc(in, out, blocks, &key->ks,

                                       ctx->iv, &key->md, in + iv + sha_off);

                                       EVP_CIPHER_CTX_iv_noconst(ctx),

                                       &key->md, in + iv + sha_off);

            blocks *= SHA256_CBLOCK;

            aes_off += blocks;

            sha_off += blocks;
@@ -546,10 +551,10 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, 
                out[plen] = l;

            /* encrypt HMAC|padding at once */

            aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,

                              &key->ks, ctx->iv, 1);

                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);

        } else {

            aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off,

                              &key->ks, ctx->iv, 1);

                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);

        }

    } else {

        union {
@@ -561,7 +566,8 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, 
        pmac = (void *)(((size_t)mac.c + 63) & ((size_t)0 - 64));



        /* decrypt HMAC|padding at once */

        aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0);

        aesni_cbc_encrypt(in, out, len, &key->ks,

                          EVP_CIPHER_CTX_iv_noconst(ctx), 0);



        if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */

            size_t inp_len, mask, j, i;
@@ -831,7 +837,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, 
            if (arg != EVP_AEAD_TLS1_AAD_LEN)

                return -1;



            if (ctx->encrypt) {

            if (EVP_CIPHER_CTX_encrypting(ctx)) {

                key->payload_length = len;

                if ((key->aux.tls_ver =

                     p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
@@ -870,7 +876,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, 


            inp_len = param->inp[11] << 8 | param->inp[12];



            if (ctx->encrypt) {

            if (EVP_CIPHER_CTX_encrypting(ctx)) {

                if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION)

                    return -1;
@@ -930,7 +936,7 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = { 
#  else

    NID_undef,

#  endif

    16, 16, 16,

    AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE,

    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |

        EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,

    aesni_cbc_hmac_sha256_init_key,
@@ -949,7 +955,7 @@ static EVP_CIPHER aesni_256_cbc_hmac_sha256_cipher = { 
#  else

    NID_undef,

#  endif

    16, 32, 16,

    AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE,

    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |

        EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,

    aesni_cbc_hmac_sha256_init_key,

crypto/evp/e_rc2.c

+3 −1
Original line number Diff line number Diff line
@@ -199,7 +199,9 @@ static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) 
    if (type != NULL) {

        num = rc2_meth_to_magic(c);

        j = EVP_CIPHER_CTX_iv_length(c);

        i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j);

        i = ASN1_TYPE_set_int_octetstring(type, num,

                                          (unsigned char *)EVP_CIPHER_CTX_original_iv(c),

                                          j);

    }

    return (i);

}

crypto/evp/e_rc4.c

+1 −1
Original line number Diff line number Diff line
@@ -72,7 +72,7 @@ typedef struct { 
    RC4_KEY ks;                 /* working key */

} EVP_RC4_KEY;



# define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data)

# define data(ctx) ((EVP_RC4_KEY *)EVP_CIPHER_CTX_cipher_data(ctx))



static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

                        const unsigned char *iv, int enc);