Use local IV storage in e_aes_ebc_hmac_sha256.c

Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and EVP_CIPHER_CTX_iv_noconst() in e_aes_cbc_hmac_sha256.c. For the legacy implementations, there's no need to use an in-provider storage for the IV, when the crypto operations themselves will be performed outside of the provider. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12233)
author: Benjamin Kaduk <bkaduk@akamai.com> 2020-07-02 14:12:33 -0700
committer: Benjamin Kaduk <bkaduk@akamai.com> 2020-08-11 07:07:57 -0700
commit: d3308027e9bda451e43b52c36064fd70337e02a8 (patch)
tree: eee5377667b0bbd590db22f820610cd5c02ade22
parent: 18a49e168f8b6917e2b013897392cf357bb15ded (diff)
download: openssl-d3308027e9bda451e43b52c36064fd70337e02a8.tar.gz
1 files changed, 5 insertions, 5 deletions
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index 72508c9851..6227002395 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -26,6 +26,7 @@
 #include "crypto/modes.h"
 #include "internal/constant_time.h"
 #include "crypto/evp.h"
+#include "evp_local.h"
 
 typedef struct {
     AES_KEY ks;
@@ -468,8 +469,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
             SHA256_Update(&key->md, in + iv, sha_off);
 
             (void)aesni_cbc_sha256_enc(in, out, blocks, &key->ks,
-                                       EVP_CIPHER_CTX_iv_noconst(ctx),
-                                       &key->md, in + iv + sha_off);
+                                       ctx->iv, &key->md, in + iv + sha_off);
             blocks *= SHA256_CBLOCK;
             aes_off += blocks;
             sha_off += blocks;
@@ -500,10 +500,10 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
                 out[plen] = l;
             /* encrypt HMAC|padding at once */
             aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,
-                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+                              &key->ks, ctx->iv, 1);
         } else {
             aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off,
-                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+                              &key->ks, ctx->iv, 1);
         }
     } else {
         union {
@@ -516,7 +516,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
 
         /* decrypt HMAC|padding at once */
         aesni_cbc_encrypt(in, out, len, &key->ks,
-                          EVP_CIPHER_CTX_iv_noconst(ctx), 0);
+                          ctx->iv, 0);
 
         if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
             size_t inp_len, mask, j, i;
author	Benjamin Kaduk <bkaduk@akamai.com>	2020-07-02 14:12:33 -0700
committer	Benjamin Kaduk <bkaduk@akamai.com>	2020-08-11 07:07:57 -0700
commit	d3308027e9bda451e43b52c36064fd70337e02a8 (patch)
tree	eee5377667b0bbd590db22f820610cd5c02ade22
parent	18a49e168f8b6917e2b013897392cf357bb15ded (diff)
download	openssl-d3308027e9bda451e43b52c36064fd70337e02a8.tar.gz