wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Adapt diverse EVP_CIPHER functions to use get_params and set_params interfaces

Browse source 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9328)
This commit is contained in:
Richard Levitte 2019-07-09 07:32:16 +02:00
parent 80942379c9
commit 13273237a6
6 changed files with 216 additions and 92 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
crypto/evp/build.info
View file

@ -1,5 +1,5 @@
LIBS=../../libcrypto LIBS=../../libcrypto
$COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c cmeth_lib.c $COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c cmeth_lib.c evp_utils.c
SOURCE[../../libcrypto]=$COMMON\ SOURCE[../../libcrypto]=$COMMON\
encode.c evp_key.c evp_cnf.c \ encode.c evp_key.c evp_cnf.c \
e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\ e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\

77
crypto/evp/evp_enc.c
View file

@ -920,6 +920,14 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
{ {
int ok = evp_do_param(c->cipher, &keylen, sizeof(keylen),
OSSL_CIPHER_PARAM_KEYLEN, OSSL_PARAM_INTEGER,
evp_do_ciph_ctx_setparams, c->provctx);
if (ok != -2)
return ok;
/* TODO(3.0) legacy code follows */
if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL); return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
if (EVP_CIPHER_CTX_key_length(c) == keylen) if (EVP_CIPHER_CTX_key_length(c) == keylen)
@ -934,40 +942,51 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
{ {
int ok;
if (pad) if (pad)
ctx->flags &= ~EVP_CIPH_NO_PADDING; ctx->flags &= ~EVP_CIPH_NO_PADDING;
else else
ctx->flags |= EVP_CIPH_NO_PADDING; ctx->flags |= EVP_CIPH_NO_PADDING;
if (ctx->cipher != NULL && ctx->cipher->prov != NULL) { ok = evp_do_param(ctx->cipher, &pad, sizeof(pad),
OSSL_PARAM params[] = { OSSL_CIPHER_PARAM_PADDING, OSSL_PARAM_INTEGER,
OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL), evp_do_ciph_ctx_setparams, ctx->provctx);
OSSL_PARAM_END return ok != 0;
};
params[0].data = &pad;
if (ctx->cipher->ctx_set_params == NULL) {
EVPerr(EVP_F_EVP_CIPHER_CTX_SET_PADDING, EVP_R_CTRL_NOT_IMPLEMENTED);
return 0;
}
if (!ctx->cipher->ctx_set_params(ctx->provctx, params))
return 0;
}
return 1;
} }
int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
{ {
int ret; int ret = -2; /* Unsupported */
if (!ctx->cipher) { if (!ctx->cipher) {
EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
return 0; return 0;
} }
if (ctx->cipher->prov == NULL)
goto legacy;
switch (type) {
case EVP_CTRL_SET_KEY_LENGTH:
ret = evp_do_param(ctx->cipher, &arg, sizeof(arg),
OSSL_CIPHER_PARAM_KEYLEN, OSSL_PARAM_INTEGER,
evp_do_ciph_ctx_setparams, ctx->provctx);
break;
case EVP_CTRL_GET_IV:
ret = evp_do_param(ctx->cipher, ptr, arg,
OSSL_CIPHER_PARAM_IV, OSSL_PARAM_OCTET_STRING,
evp_do_ciph_ctx_getparams, ctx->provctx);
break;
case EVP_CTRL_RAND_KEY: /* Used by DES */
case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */
case EVP_CTRL_INIT: /* TODO(3.0) Purely legacy, no provider counterpart */
ret = -2; /* Unsupported */
break;
}
return ret;
legacy:
if (!ctx->cipher->ctrl) { if (!ctx->cipher->ctrl) {
EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
return 0; return 0;
@ -1123,21 +1142,6 @@ static void *evp_cipher_from_dispatch(const OSSL_DISPATCH *fns,
break; break;
cipher->dupctx = OSSL_get_OP_cipher_dupctx(fns); cipher->dupctx = OSSL_get_OP_cipher_dupctx(fns);
break; break;
case OSSL_FUNC_CIPHER_KEY_LENGTH:
if (cipher->key_length != NULL)
break;
cipher->key_length = OSSL_get_OP_cipher_key_length(fns);
break;
case OSSL_FUNC_CIPHER_IV_LENGTH:
if (cipher->iv_length != NULL)
break;
cipher->iv_length = OSSL_get_OP_cipher_iv_length(fns);
break;
case OSSL_FUNC_CIPHER_BLOCK_SIZE:
if (cipher->blocksize != NULL)
break;
cipher->blocksize = OSSL_get_OP_cipher_block_size(fns);
break;
case OSSL_FUNC_CIPHER_GET_PARAMS: case OSSL_FUNC_CIPHER_GET_PARAMS:
if (cipher->get_params != NULL) if (cipher->get_params != NULL)
break; break;
@ -1157,10 +1161,7 @@ static void *evp_cipher_from_dispatch(const OSSL_DISPATCH *fns,
} }
if ((fnciphcnt != 0 && fnciphcnt != 3 && fnciphcnt != 4) if ((fnciphcnt != 0 && fnciphcnt != 3 && fnciphcnt != 4)
|| (fnciphcnt == 0 && cipher->ccipher == NULL) || (fnciphcnt == 0 && cipher->ccipher == NULL)
|| fnctxcnt != 2 || fnctxcnt != 2) {
|| cipher->blocksize == NULL
|| cipher->iv_length == NULL
|| cipher->key_length == NULL) {
/* /*
* In order to be a consistent set of functions we must have at least * In order to be a consistent set of functions we must have at least
* a complete set of "encrypt" functions, or a complete set of "decrypt" * a complete set of "encrypt" functions, or a complete set of "decrypt"

112
crypto/evp/evp_lib.c
View file

@ -217,13 +217,12 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
int EVP_CIPHER_block_size(const EVP_CIPHER *cipher) int EVP_CIPHER_block_size(const EVP_CIPHER *cipher)
{ {
if (cipher->prov != NULL) { int v = cipher->block_size;
if (cipher->blocksize != NULL) int ok = evp_do_param(cipher, &v, sizeof(v),
return cipher->blocksize(); OSSL_CIPHER_PARAM_BLOCK_SIZE, OSSL_PARAM_INTEGER,
/* We default to a block size of 1 */ evp_do_ciph_getparams, NULL);
return 1;
} return ok != 0 ? v : -1;
return cipher->block_size;
} }
int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
@ -266,7 +265,12 @@ int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
{ {
return cipher->flags; unsigned long v = cipher->flags;
int ok = evp_do_param(cipher, &v, sizeof(v),
OSSL_CIPHER_PARAM_FLAGS, OSSL_PARAM_UNSIGNED_INTEGER,
evp_do_ciph_getparams, NULL);
return ok != 0 ? v : 0;
} }
void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
@ -296,13 +300,12 @@ void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data)
int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
{ {
if (cipher->prov != NULL) { int v = cipher->iv_len;
if (cipher->iv_length != NULL) int ok = evp_do_param(cipher, &v, sizeof(v),
return (int)cipher->iv_length(); OSSL_CIPHER_PARAM_IVLEN, OSSL_PARAM_UNSIGNED_INTEGER,
return 0; evp_do_ciph_getparams, NULL);
}
return cipher->iv_len; return ok != 0 ? v: -1;
} }
int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
@ -315,14 +318,27 @@ const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx)
return ctx->oiv; return ctx->oiv;
} }
/*
* OSSL_PARAM_OCTET_PTR gets us the pointer to the running IV in the provider
*/
const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx) const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx)
{ {
return ctx->iv; const unsigned char *v = ctx->iv;
int ok = evp_do_param(ctx->cipher, &v, sizeof(ctx->iv),
OSSL_CIPHER_PARAM_IV, OSSL_PARAM_OCTET_PTR,
evp_do_ciph_ctx_getparams, ctx->provctx);
return ok != 0 ? v: NULL;
} }
unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx) unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
{ {
return ctx->iv; unsigned char *v = ctx->iv;
int ok = evp_do_param(ctx->cipher, &v, sizeof(ctx->iv),
OSSL_CIPHER_PARAM_IV, OSSL_PARAM_OCTET_PTR,
evp_do_ciph_ctx_getparams, ctx->provctx);
return ok != 0 ? v: NULL;
} }
unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx) unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx)
@ -332,34 +348,42 @@ unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx)
int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx) int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx)
{ {
return ctx->num; int v = ctx->num;
int ok = evp_do_param(ctx->cipher, &v, sizeof(v),
OSSL_CIPHER_PARAM_NUM, OSSL_PARAM_INTEGER,
evp_do_ciph_ctx_getparams, ctx->provctx);
return ok != 0 ? v: -1;
} }
void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num) int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num)
{ {
int ok = evp_do_param(ctx->cipher, &num, sizeof(num),
OSSL_CIPHER_PARAM_NUM, OSSL_PARAM_INTEGER,
evp_do_ciph_ctx_setparams, ctx->provctx);
ctx->num = num; ctx->num = num;
return ok != 0;
} }
int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
{ {
if (cipher->prov != NULL) { int v = cipher->key_len;
if (cipher->key_length != NULL) int ok = evp_do_param(cipher, &v, sizeof(v),
return (int)cipher->key_length(); OSSL_CIPHER_PARAM_KEYLEN, OSSL_PARAM_INTEGER,
return -1; evp_do_ciph_getparams, NULL);
}
return cipher->key_len; return ok != 0 ? v: -1;
} }
int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
{ {
/* int v = ctx->key_len;
* TODO(3.0): This may need to change if/when we introduce variable length int ok = evp_do_param(ctx->cipher, &v, sizeof(v),
* key ciphers into the providers. OSSL_CIPHER_PARAM_KEYLEN, OSSL_PARAM_INTEGER,
*/ evp_do_ciph_ctx_getparams, ctx->provctx);
if (ctx->cipher != NULL && ctx->cipher->prov != NULL)
return EVP_CIPHER_key_length(ctx->cipher); return ok != 0 ? v: -1;
return ctx->key_len;
} }
int EVP_CIPHER_nid(const EVP_CIPHER *cipher) int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
@ -374,28 +398,12 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
int EVP_CIPHER_mode(const EVP_CIPHER *cipher) int EVP_CIPHER_mode(const EVP_CIPHER *cipher)
{ {
if (cipher->prov != NULL) { int v = EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE;
int mode; int ok = evp_do_param(cipher, &v, sizeof(v),
OSSL_CIPHER_PARAM_MODE, OSSL_PARAM_INTEGER,
evp_do_ciph_getparams, NULL);
/* Cipher comes from a provider - so ask the provider for the mode */ return ok != 0 ? v: 0;
OSSL_PARAM params[] = {
OSSL_PARAM_int(OSSL_CIPHER_PARAM_MODE, NULL),
OSSL_PARAM_END
};
params[0].data = &mode;
if (cipher->get_params == NULL) {
EVPerr(EVP_F_EVP_CIPHER_MODE, EVP_R_CTRL_NOT_IMPLEMENTED);
return 0;
}
if (!cipher->get_params(params))
return 0;
return mode;
}
return EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE;
} }

37
crypto/evp/evp_locl.h
View file

@ -95,3 +95,40 @@ void *evp_generic_fetch(OPENSSL_CTX *ctx, int operation_id,
OSSL_PROVIDER *prov), OSSL_PROVIDER *prov),
int (*up_ref_method)(void *), int (*up_ref_method)(void *),
void (*free_method)(void *)); void (*free_method)(void *));
/* Helper functions to avoid duplicating code */
/*
* The callbacks implement different ways to pass a params array to the
* provider. They will return one of these values:
*
* -2 if the method doesn't come from a provider
* (evp_do_param will return this to the called)
* -1 if the provider doesn't offer the desired function
* (evp_do_param will raise an error and return 0)
* or the return value from the desired function
* (evp_do_param will return it to the caller)
*/
int evp_do_ciph_getparams(const void *vciph, void *ignored,
OSSL_PARAM params[]);
int evp_do_ciph_ctx_getparams(const void *vciph, void *provctx,
OSSL_PARAM params[]);
int evp_do_ciph_ctx_setparams(const void *vciph, void *provctx,
OSSL_PARAM params[]);
/*-
* prepares a singular parameter, then calls the callback to execute.
*
* |method| points to the method used by the callback.
* EVP_CIPHER, EVP_MD, ...
* |ptr| points at the data to transfer.
* |sz| is the size of the data to transfer.
* |key| is the name of the parameter to pass.
* |datatype| is the data type of the parameter to pass.
* |cb| is the callback that actually performs the parameter passing
* |cb_ctx| is the cipher context
*/
int evp_do_param(const void *method, void *ptr, size_t sz, const char *key,
int datatype,
int (*cb)(const void *method, void *ctx, OSSL_PARAM params[]),
void *cb_ctx);

78
crypto/evp/evp_utils.c Normal file
View file

@ -0,0 +1,78 @@
/*
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* Internal EVP utility functions */
#include <openssl/core.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/asn1.h> /* evp_locl.h needs it */
#include <openssl/safestack.h> /* evp_locl.h needs it */
#include "internal/evp_int.h" /* evp_locl.h needs it */
#include "evp_locl.h"
int evp_do_ciph_getparams(const void *vciph, void *ignored,
OSSL_PARAM params[])
{
const EVP_CIPHER *ciph = vciph;
if (ciph->prov == NULL)
return -2;
if (ciph->get_params == NULL)
return -1;
return ciph->get_params(params);
}
int evp_do_ciph_ctx_getparams(const void *vciph, void *provctx,
OSSL_PARAM params[])
{
const EVP_CIPHER *ciph = vciph;
if (ciph->prov == NULL)
return -2;
if (ciph->ctx_get_params == NULL)
return -1;
return ciph->ctx_get_params(provctx, params);
}
int evp_do_ciph_ctx_setparams(const void *vciph, void *provctx,
OSSL_PARAM params[])
{
const EVP_CIPHER *ciph = vciph;
if (ciph->prov == NULL)
return -2;
if (ciph->ctx_set_params == NULL)
return -1;
return ciph->ctx_set_params(provctx, params);
}
int evp_do_param(const void *method, void *ptr, size_t sz, const char *key,
int datatype,
int (*cb)(const void *method, void *ctx, OSSL_PARAM params[]),
void *cb_ctx)
{
OSSL_PARAM params[2] = {
OSSL_PARAM_END,
OSSL_PARAM_END
};
int ret;
params[0].key = key;
params[0].data_type = datatype;
params[0].data = ptr;
params[0].data_size = sz;
ret = cb(method, cb_ctx, params);
if (ret == -1) {
EVPerr(0, EVP_R_CTRL_NOT_IMPLEMENTED);
ret = 0;
}
return ret;
}

2
include/openssl/evp.h
View file

@ -490,7 +490,7 @@ const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx);
unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx); unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx);
unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx); unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx);
void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num);
int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);