diff options
author | Benjamin Kaduk <bkaduk@akamai.com> | 2020-07-02 14:12:33 -0700 |
---|---|---|
committer | Benjamin Kaduk <bkaduk@akamai.com> | 2020-08-11 07:07:58 -0700 |
commit | c4d21d2f71363e9f6d4a0e377789555e655d96f4 (patch) | |
tree | 598d9b7731d246f78270f8d291c4583d110cafbc /crypto | |
parent | 36025d3b8716f6f8cadc983295398ccdd734a17b (diff) | |
download | openssl-c4d21d2f71363e9f6d4a0e377789555e655d96f4.tar.gz |
Use local IV storage in e_des3.c
Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
EVP_CIPHER_CTX_iv_noconst() in e_des3.c.
For the legacy implementations, there's no need to use an
in-provider storage for the IV, when the crypto operations
themselves will be performed outside of the provider.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/evp/e_des3.c | 37 |
1 files changed, 16 insertions, 21 deletions
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 3f7802ef1f..be4030895a 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -87,7 +87,7 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, - (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + (DES_cblock *)ctx->iv, &num); EVP_CIPHER_CTX_set_num(ctx, num); inl -= EVP_MAXCHUNK; @@ -99,7 +99,7 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, DES_ede3_ofb64_encrypt(in, out, (long)inl, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, - (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + (DES_cblock *)ctx->iv, &num); EVP_CIPHER_CTX_set_num(ctx, num); } @@ -113,14 +113,14 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (dat->stream.cbc != NULL) { (*dat->stream.cbc) (in, out, inl, dat->ks.ks, - EVP_CIPHER_CTX_iv_noconst(ctx)); + ctx->iv); return 1; } while (inl >= EVP_MAXCHUNK) { DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &dat->ks1, &dat->ks2, &dat->ks3, - (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + (DES_cblock *)ctx->iv, EVP_CIPHER_CTX_encrypting(ctx)); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; @@ -129,7 +129,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (inl) DES_ede3_cbc_encrypt(in, out, (long)inl, &dat->ks1, &dat->ks2, &dat->ks3, - (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + (DES_cblock *)ctx->iv, EVP_CIPHER_CTX_encrypting(ctx)); return 1; } @@ -141,8 +141,7 @@ static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, int num = EVP_CIPHER_CTX_num(ctx); DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, - (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + &data(ctx)->ks3, (DES_cblock *)ctx->iv, &num, EVP_CIPHER_CTX_encrypting(ctx)); EVP_CIPHER_CTX_set_num(ctx, num); inl -= EVP_MAXCHUNK; @@ -153,8 +152,7 @@ static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, int num = EVP_CIPHER_CTX_num(ctx); DES_ede3_cfb64_encrypt(in, out, (long)inl, &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, - (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + &data(ctx)->ks3, (DES_cblock *)ctx->iv, &num, EVP_CIPHER_CTX_encrypting(ctx)); EVP_CIPHER_CTX_set_num(ctx, num); } @@ -177,8 +175,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; DES_ede3_cfb_encrypt(c, d, 1, 1, &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, - (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + &data(ctx)->ks3, (DES_cblock *)ctx->iv, EVP_CIPHER_CTX_encrypting(ctx)); out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) | ((d[0] & 0x80) >> (unsigned int)(n % 8)); @@ -193,8 +190,7 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, while (inl >= EVP_MAXCHUNK) { DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, - (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + &data(ctx)->ks3, (DES_cblock *)ctx->iv, EVP_CIPHER_CTX_encrypting(ctx)); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; @@ -203,8 +199,7 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (inl) DES_ede3_cfb_encrypt(in, out, 8, (long)inl, &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, - (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + &data(ctx)->ks3, (DES_cblock *)ctx->iv, EVP_CIPHER_CTX_encrypting(ctx)); return 1; } @@ -330,7 +325,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out, return -1; if (out == NULL) return inl - 16; - memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8); + memcpy(ctx->iv, wrap_iv, 8); /* Decrypt first block which will end up as icv */ des_ede_cbc_cipher(ctx, icv, in, 8); /* Decrypt central blocks */ @@ -348,7 +343,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out, /* Reverse order of everything */ BUF_reverse(icv, NULL, 8); BUF_reverse(out, NULL, inl - 16); - BUF_reverse(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 8); + BUF_reverse(ctx->iv, iv, 8); /* Decrypt again using new IV */ des_ede_cbc_cipher(ctx, out, out, inl - 16); des_ede_cbc_cipher(ctx, icv, icv, 8); @@ -360,7 +355,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out, OPENSSL_cleanse(icv, 8); OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); OPENSSL_cleanse(iv, 8); - OPENSSL_cleanse(EVP_CIPHER_CTX_iv_noconst(ctx), 8); + OPENSSL_cleanse(ctx->iv, 8); if (rv == -1) OPENSSL_cleanse(out, inl - 16); @@ -380,13 +375,13 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out, memcpy(out + inl + 8, sha1tmp, 8); OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); /* Generate random IV */ - if (RAND_bytes(EVP_CIPHER_CTX_iv_noconst(ctx), 8) <= 0) + if (RAND_bytes(ctx->iv, 8) <= 0) return -1; - memcpy(out, EVP_CIPHER_CTX_iv_noconst(ctx), 8); + memcpy(out, ctx->iv, 8); /* Encrypt everything after IV in place */ des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8); BUF_reverse(out, NULL, inl + 16); - memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8); + memcpy(ctx->iv, wrap_iv, 8); des_ede_cbc_cipher(ctx, out, out, inl + 16); return inl + 16; } |