diff options
| author | Richard Levitte <levitte@openssl.org> | 2015-12-13 22:06:14 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2016-01-12 13:52:22 +0100 |
| commit | 936166aff21dafed33aeb92bad0a5b46d730221d (patch) | |
| tree | d8d6943e520a08b35519ad9d5cd3168dfab14f14 /crypto | |
| parent | c0ca39bdd6048c77901f821ba0d2eeaa9341f7af (diff) | |
| download | openssl-936166aff21dafed33aeb92bad0a5b46d730221d.tar.gz | |
Adapt cipher implementations to opaque EVP_CIPHER_CTX
Note: there's a larger number of implementations in crypto/evp/ that
aren't affected because they include evp_locl.h. They will be handled
in a separate commit.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/engine/eng_openssl.c | 2 | ||||
| -rw-r--r-- | crypto/evp/e_aes_cbc_hmac_sha1.c | 36 | ||||
| -rw-r--r-- | crypto/evp/e_aes_cbc_hmac_sha256.c | 30 | ||||
| -rw-r--r-- | crypto/evp/e_rc2.c | 4 | ||||
| -rw-r--r-- | crypto/evp/e_rc4.c | 2 | ||||
| -rw-r--r-- | crypto/evp/e_rc4_hmac_md5.c | 6 |
6 files changed, 48 insertions, 32 deletions
diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index ba2656790f..63e0d78eae 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -249,7 +249,7 @@ typedef struct { unsigned char key[TEST_RC4_KEY_SIZE]; RC4_KEY ks; } TEST_RC4_KEY; -# define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data) +# define test(ctx) ((TEST_RC4_KEY *)EVP_CIPHER_CTX_cipher_data(ctx)) static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index 91eca15254..fe8b629524 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -115,7 +115,7 @@ void aesni256_cbc_sha1_dec(const void *inp, void *out, size_t blocks, const AES_KEY *key, unsigned char iv[16], SHA_CTX *ctx, const void *in0); -# define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data) +# define data(ctx) ((EVP_AES_HMAC_SHA1 *)EVP_CIPHER_CTX_cipher_data(ctx)) static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *inkey, @@ -125,9 +125,13 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, int ret; if (enc) - ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks); + ret = aesni_set_encrypt_key(inkey, + EVP_CIPHER_CTX_key_length(ctx) * 8, + &key->ks); else - ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks); + ret = aesni_set_decrypt_key(inkey, + EVP_CIPHER_CTX_key_length(ctx) * 8, + &key->ks); SHA1_Init(&key->head); /* handy when benchmarking */ key->tail = key->head; @@ -471,7 +475,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (len % AES_BLOCK_SIZE) return 0; - if (ctx->encrypt) { + if (EVP_CIPHER_CTX_encrypting(ctx)) { if (plen == NO_PAYLOAD_LENGTH) plen = len; else if (len != @@ -487,7 +491,8 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, SHA1_Update(&key->md, in + iv, sha_off); aesni_cbc_sha1_enc(in, out, blocks, &key->ks, - ctx->iv, &key->md, in + iv + sha_off); + EVP_CIPHER_CTX_iv_noconst(ctx), + &key->md, in + iv + sha_off); blocks *= SHA_CBLOCK; aes_off += blocks; sha_off += blocks; @@ -518,10 +523,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, out[plen] = l; /* encrypt HMAC|padding at once */ aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off, - &key->ks, ctx->iv, 1); + &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1); } else { aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off, - &key->ks, ctx->iv, 1); + &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1); } } else { union { @@ -551,7 +556,8 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 0; /* omit explicit iv */ - memcpy(ctx->iv, in, AES_BLOCK_SIZE); + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), in, AES_BLOCK_SIZE); + in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; len -= AES_BLOCK_SIZE; @@ -570,7 +576,8 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } else # endif /* decrypt HMAC|padding at once */ - aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0); + aesni_cbc_encrypt(in, out, len, &key->ks, + EVP_CIPHER_CTX_iv_noconst(ctx), 0); /* figure out payload length */ pad = out[len - 1]; @@ -798,7 +805,8 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } else # endif /* decrypt HMAC|padding at once */ - aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0); + aesni_cbc_encrypt(in, out, len, &key->ks, + EVP_CIPHER_CTX_iv_noconst(ctx), 0); SHA1_Update(&key->md, out, len); } @@ -852,7 +860,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, len = p[arg - 2] << 8 | p[arg - 1]; - if (ctx->encrypt) { + if (EVP_CIPHER_CTX_encrypting(ctx)) { key->payload_length = len; if ((key->aux.tls_ver = p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { @@ -888,7 +896,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, inp_len = param->inp[11] << 8 | param->inp[12]; - if (ctx->encrypt) { + if (EVP_CIPHER_CTX_encrypting(ctx)) { if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION) return -1; @@ -948,7 +956,7 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = { # else NID_undef, # endif - 16, 16, 16, + AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE, EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, aesni_cbc_hmac_sha1_init_key, @@ -967,7 +975,7 @@ static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = { # else NID_undef, # endif - 16, 32, 16, + AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE, EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, aesni_cbc_hmac_sha1_init_key, diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index 63f6e48d43..c868928dc2 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -111,7 +111,7 @@ int aesni_cbc_sha256_enc(const void *inp, void *out, size_t blocks, const AES_KEY *key, unsigned char iv[16], SHA256_CTX *ctx, const void *in0); -# define data(ctx) ((EVP_AES_HMAC_SHA256 *)(ctx)->cipher_data) +# define data(ctx) ((EVP_AES_HMAC_SHA256 *)EVP_CIPHER_CTX_cipher_data(ctx)) static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *inkey, @@ -122,9 +122,13 @@ static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx, if (enc) memset(&key->ks, 0, sizeof(key->ks.rd_key)), - ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks); + ret = aesni_set_encrypt_key(inkey, + EVP_CIPHER_CTX_key_length(ctx) * 8, + &key->ks); else - ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks); + ret = aesni_set_decrypt_key(inkey, + EVP_CIPHER_CTX_key_length(ctx) * 8, + &key->ks); SHA256_Init(&key->head); /* handy when benchmarking */ key->tail = key->head; @@ -487,7 +491,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, if (len % AES_BLOCK_SIZE) return 0; - if (ctx->encrypt) { + if (EVP_CIPHER_CTX_encrypting(ctx)) { if (plen == NO_PAYLOAD_LENGTH) plen = len; else if (len != @@ -515,7 +519,8 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, SHA256_Update(&key->md, in + iv, sha_off); (void)aesni_cbc_sha256_enc(in, out, blocks, &key->ks, - ctx->iv, &key->md, in + iv + sha_off); + EVP_CIPHER_CTX_iv_noconst(ctx), + &key->md, in + iv + sha_off); blocks *= SHA256_CBLOCK; aes_off += blocks; sha_off += blocks; @@ -546,10 +551,10 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, out[plen] = l; /* encrypt HMAC|padding at once */ aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off, - &key->ks, ctx->iv, 1); + &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1); } else { aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off, - &key->ks, ctx->iv, 1); + &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1); } } else { union { @@ -561,7 +566,8 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, pmac = (void *)(((size_t)mac.c + 63) & ((size_t)0 - 64)); /* decrypt HMAC|padding at once */ - aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0); + aesni_cbc_encrypt(in, out, len, &key->ks, + EVP_CIPHER_CTX_iv_noconst(ctx), 0); if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ size_t inp_len, mask, j, i; @@ -831,7 +837,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, if (arg != EVP_AEAD_TLS1_AAD_LEN) return -1; - if (ctx->encrypt) { + if (EVP_CIPHER_CTX_encrypting(ctx)) { key->payload_length = len; if ((key->aux.tls_ver = p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { @@ -870,7 +876,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, inp_len = param->inp[11] << 8 | param->inp[12]; - if (ctx->encrypt) { + if (EVP_CIPHER_CTX_encrypting(ctx)) { if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION) return -1; @@ -930,7 +936,7 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = { # else NID_undef, # endif - 16, 16, 16, + AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE, EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, aesni_cbc_hmac_sha256_init_key, @@ -949,7 +955,7 @@ static EVP_CIPHER aesni_256_cbc_hmac_sha256_cipher = { # else NID_undef, # endif - 16, 32, 16, + AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE, EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, aesni_cbc_hmac_sha256_init_key, diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index 3e826fc7e0..1016ca8f38 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -199,7 +199,9 @@ static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { num = rc2_meth_to_magic(c); j = EVP_CIPHER_CTX_iv_length(c); - i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j); + i = ASN1_TYPE_set_int_octetstring(type, num, + (unsigned char *)EVP_CIPHER_CTX_original_iv(c), + j); } return (i); } diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c index ab84a66ca0..80d7791faf 100644 --- a/crypto/evp/e_rc4.c +++ b/crypto/evp/e_rc4.c @@ -72,7 +72,7 @@ typedef struct { RC4_KEY ks; /* working key */ } EVP_RC4_KEY; -# define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data) +# define data(ctx) ((EVP_RC4_KEY *)EVP_CIPHER_CTX_cipher_data(ctx)) static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c index e3fe91835c..351e88ca2a 100644 --- a/crypto/evp/e_rc4_hmac_md5.c +++ b/crypto/evp/e_rc4_hmac_md5.c @@ -80,7 +80,7 @@ typedef struct { void rc4_md5_enc(RC4_KEY *key, const void *in0, void *out, MD5_CTX *ctx, const void *inp, size_t blocks); -# define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data) +# define data(ctx) ((EVP_RC4_HMAC_MD5 *)EVP_CIPHER_CTX_cipher_data(ctx)) static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *inkey, @@ -127,7 +127,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH)) return 0; - if (ctx->encrypt) { + if (EVP_CIPHER_CTX_encrypting(ctx)) { if (plen == NO_PAYLOAD_LENGTH) plen = len; # if defined(STITCHED_CALL) @@ -265,7 +265,7 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, len = p[arg - 2] << 8 | p[arg - 1]; - if (!ctx->encrypt) { + if (!EVP_CIPHER_CTX_encrypting(ctx)) { len -= MD5_DIGEST_LENGTH; p[arg - 2] = len >> 8; p[arg - 1] = len; |