Mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-01-18 17:11:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Cleanup block cipher macros in include/crypto/evp.h

Browse Source 
Remove some unneeded deadcode and fix the formatting

Also fix all users of those macros to avoid compilation warnings

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29446)
This commit is contained in:
Matt Caswell
2025-12-18 14:08:29 +00:00
parent d4c1efccab
commit 32eaa748a3
13 changed files with 129 additions and 2329 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.clang-format
View File

@@ -1132,8 +1132,14 @@ TypeNames:
# OpenSSL uses macros extensively. Tell clang-format about them.
TypenameMacros: ['LHASH_OF', 'STACK_OF']
StatementMacros:
- "BLOCK_CIPHER_aead"
- "BLOCK_CIPHER_generic"
- "BLOCK_CIPHER_custom"
- "BLOCK_CIPHER_def_cbc"
- "BLOCK_CIPHER_def_cfb"
- "BLOCK_CIPHER_def_ofb"
- "BLOCK_CIPHER_def_ecb"
- "BLOCK_CIPHER_defs"
- "BLOCK_CIPHER_generic_pack"
- "DECLARE_AES_EVP"
- "DECLARE_ASN1_ALLOC_FUNCTIONS"

734
crypto/evp/e_aria.c
View File

@@ -20,134 +20,23 @@
#include "crypto/modes.h"
#include "evp_local.h"
/* ARIA subkey Structure */
typedef struct {
ARIA_KEY ks;
} EVP_ARIA_KEY;
/* ARIA GCM context */
typedef struct {
union {
OSSL_UNION_ALIGN;
ARIA_KEY ks;
} ks; /* ARIA subkey to use */
int key_set; /* Set if key initialised */
int iv_set; /* Set if an iv is set */
GCM128_CONTEXT gcm;
unsigned char *iv; /* Temporary IV store */
int ivlen; /* IV length */
int taglen;
int iv_gen; /* It is OK to generate IVs */
int tls_aad_len; /* TLS AAD length */
} EVP_ARIA_GCM_CTX;
/* ARIA CCM context */
typedef struct {
union {
OSSL_UNION_ALIGN;
ARIA_KEY ks;
} ks; /* ARIA key schedule to use */
int key_set; /* Set if key initialised */
int iv_set; /* Set if an iv is set */
int tag_set; /* Set if tag is valid */
int len_set; /* Set if message length set */
int L, M; /* L and M parameters from RFC3610 */
int tls_aad_len; /* TLS AAD length */
CCM128_CONTEXT ccm;
ccm128_f str;
} EVP_ARIA_CCM_CTX;
/* The subkey for ARIA is generated. */
static int aria_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
int ret;
int mode = EVP_CIPHER_CTX_get_mode(ctx);
if (enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE))
ret = ossl_aria_set_encrypt_key(key,
EVP_CIPHER_CTX_get_key_length(ctx) * 8,
EVP_CIPHER_CTX_get_cipher_data(ctx));
else
ret = ossl_aria_set_decrypt_key(key,
EVP_CIPHER_CTX_get_key_length(ctx) * 8,
EVP_CIPHER_CTX_get_cipher_data(ctx));
if (ret < 0) {
ERR_raise(ERR_LIB_EVP, EVP_R_ARIA_KEY_SETUP_FAILED);
return 0;
}
return 1;
}
static void aria_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const ARIA_KEY *key,
unsigned char *ivec, const int enc)
{
if (enc)
CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
(block128_f)ossl_aria_encrypt);
else
CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
(block128_f)ossl_aria_encrypt);
}
static void aria_cfb128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const ARIA_KEY *key,
unsigned char *ivec, int *num, const int enc)
{
CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
(block128_f)ossl_aria_encrypt);
}
static void aria_cfb1_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const ARIA_KEY *key,
unsigned char *ivec, int *num, const int enc)
{
CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
(block128_f)ossl_aria_encrypt);
}
static void aria_cfb8_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const ARIA_KEY *key,
unsigned char *ivec, int *num, const int enc)
{
CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
(block128_f)ossl_aria_encrypt);
}
static void aria_ecb_encrypt(const unsigned char *in, unsigned char *out,
const ARIA_KEY *key, const int enc)
{
ossl_aria_encrypt(in, out, key);
}
static void aria_ofb128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const ARIA_KEY *key,
unsigned char *ivec, int *num)
{
CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
(block128_f)ossl_aria_encrypt);
}
IMPLEMENT_BLOCK_CIPHER(aria_128, ks, aria, EVP_ARIA_KEY,
NID_aria_128, 16, 16, 16, 128,
0, aria_init_key, NULL,
EVP_CIPHER_set_asn1_iv,
EVP_CIPHER_get_asn1_iv,
0, NULL, NULL,
NULL,
NULL,
NULL)
IMPLEMENT_BLOCK_CIPHER(aria_192, ks, aria, EVP_ARIA_KEY,
NID_aria_192, 16, 24, 16, 128,
0, aria_init_key, NULL,
EVP_CIPHER_set_asn1_iv,
EVP_CIPHER_get_asn1_iv,
0, NULL, NULL,
NULL,
NULL,
NULL)
IMPLEMENT_BLOCK_CIPHER(aria_256, ks, aria, EVP_ARIA_KEY,
NID_aria_256, 16, 32, 16, 128,
0, aria_init_key, NULL,
EVP_CIPHER_set_asn1_iv,
EVP_CIPHER_get_asn1_iv,
0, NULL, NULL,
NULL,
NULL,
NULL)
#define IMPLEMENT_ARIA_CFBR(ksize, cbits) \
@@ -164,10 +53,10 @@ IMPLEMENT_ARIA_CFBR(256, 8)
nid##_##keylen##_##nmode, blocksize, keylen / 8, ivlen, \
flags | EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
aria_init_key, \
aria_##mode##_cipher, \
NULL, \
sizeof(EVP_ARIA_KEY), \
NULL, \
NULL, \
0, \
NULL, NULL, NULL, NULL \
}; \
const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \
@@ -175,584 +64,9 @@ IMPLEMENT_ARIA_CFBR(256, 8)
return &aria_##keylen##_##mode; \
}
static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
int n = EVP_CIPHER_CTX_get_num(ctx);
unsigned int num;
EVP_ARIA_KEY *dat = EVP_C_DATA(EVP_ARIA_KEY, ctx);
if (n < 0)
return 0;
num = (unsigned int)n;
CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv,
EVP_CIPHER_CTX_buf_noconst(ctx), &num,
(block128_f)ossl_aria_encrypt);
EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
BLOCK_CIPHER_generic(NID_aria, 128, 1, 16, ctr, ctr, CTR, 0)
BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0)
BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0)
/* Authenticated cipher modes (GCM/CCM) */
/* increment counter (64-bit int) by 1 */
static void ctr64_inc(unsigned char *counter)
{
int n = 8;
unsigned char c;
do {
--n;
c = counter[n];
++c;
counter[n] = c;
if (c)
return;
} while (n);
}
static int aria_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
int ret;
EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX, ctx);
if (!iv && !key)
return 1;
if (key) {
ret = ossl_aria_set_encrypt_key(key,
EVP_CIPHER_CTX_get_key_length(ctx) * 8,
&gctx->ks.ks);
CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
(block128_f)ossl_aria_encrypt);
if (ret < 0) {
ERR_raise(ERR_LIB_EVP, EVP_R_ARIA_KEY_SETUP_FAILED);
return 0;
}
/*
* If we have an iv can set it directly, otherwise use saved IV.
*/
if (iv == NULL && gctx->iv_set)
iv = gctx->iv;
if (iv) {
CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
gctx->iv_set = 1;
}
gctx->key_set = 1;
} else {
/* If key set use IV, otherwise copy */
if (gctx->key_set)
CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
else
memcpy(gctx->iv, iv, gctx->ivlen);
gctx->iv_set = 1;
gctx->iv_gen = 0;
}
return 1;
}
static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX, c);
switch (type) {
case EVP_CTRL_INIT:
gctx->key_set = 0;
gctx->iv_set = 0;
gctx->ivlen = EVP_CIPHER_get_iv_length(c->cipher);
gctx->iv = c->iv;
gctx->taglen = -1;
gctx->iv_gen = 0;
gctx->tls_aad_len = -1;
return 1;
case EVP_CTRL_GET_IVLEN:
*(int *)ptr = gctx->ivlen;
return 1;
case EVP_CTRL_AEAD_SET_IVLEN:
if (arg <= 0)
return 0;
/* Allocate memory for IV if needed */
if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
if (gctx->iv != c->iv)
OPENSSL_free(gctx->iv);
if ((gctx->iv = OPENSSL_malloc(arg)) == NULL)
return 0;
}
gctx->ivlen = arg;
return 1;
case EVP_CTRL_AEAD_SET_TAG:
if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_is_encrypting(c))
return 0;
memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
gctx->taglen = arg;
return 1;
case EVP_CTRL_AEAD_GET_TAG:
if (arg <= 0 || arg > 16 || !EVP_CIPHER_CTX_is_encrypting(c)
|| gctx->taglen < 0)
return 0;
memcpy(ptr, EVP_CIPHER_CTX_buf_noconst(c), arg);
return 1;
case EVP_CTRL_GCM_SET_IV_FIXED:
/* Special case: -1 length restores whole IV */
if (arg == -1) {
memcpy(gctx->iv, ptr, gctx->ivlen);
gctx->iv_gen = 1;
return 1;
}
/*
* Fixed field must be at least 4 bytes and invocation field at least
* 8.
*/
if ((arg < 4) || (gctx->ivlen - arg) < 8)
return 0;
if (arg)
memcpy(gctx->iv, ptr, arg);
if (EVP_CIPHER_CTX_is_encrypting(c)
&& RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
return 0;
gctx->iv_gen = 1;
return 1;
case EVP_CTRL_GCM_IV_GEN:
if (gctx->iv_gen == 0 || gctx->key_set == 0)
return 0;
CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
if (arg <= 0 || arg > gctx->ivlen)
arg = gctx->ivlen;
memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
/*
* Invocation field will be at least 8 bytes in size and so no need
* to check wrap around or increment more than last 8 bytes.
*/
ctr64_inc(gctx->iv + gctx->ivlen - 8);
gctx->iv_set = 1;
return 1;
case EVP_CTRL_GCM_SET_IV_INV:
if (gctx->iv_gen == 0 || gctx->key_set == 0
|| EVP_CIPHER_CTX_is_encrypting(c))
return 0;
memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
gctx->iv_set = 1;
return 1;
case EVP_CTRL_AEAD_TLS1_AAD:
/* Save the AAD for later use */
if (arg != EVP_AEAD_TLS1_AAD_LEN)
return 0;
memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
gctx->tls_aad_len = arg;
{
unsigned int len = EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
| EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
/* Correct length for explicit IV */
if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
return 0;
len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
/* If decrypting correct for tag too */
if (!EVP_CIPHER_CTX_is_encrypting(c)) {
if (len < EVP_GCM_TLS_TAG_LEN)
return 0;
len -= EVP_GCM_TLS_TAG_LEN;
}
EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
}
/* Extra padding: tag appended to record */
return EVP_GCM_TLS_TAG_LEN;
case EVP_CTRL_COPY: {
EVP_CIPHER_CTX *out = ptr;
EVP_ARIA_GCM_CTX *gctx_out = EVP_C_DATA(EVP_ARIA_GCM_CTX, out);
if (gctx->gcm.key) {
if (gctx->gcm.key != &gctx->ks)
return 0;
gctx_out->gcm.key = &gctx_out->ks;
}
if (gctx->iv == c->iv)
gctx_out->iv = out->iv;
else {
if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL)
return 0;
memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
}
return 1;
}
default:
return -1;
}
}
static int aria_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX, ctx);
int rv = -1;
/* Encrypt/decrypt must be performed in place */
if (out != in
|| len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
return -1;
/*
* Set IV from start of buffer or generate IV and write to start of
* buffer.
*/
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_is_encrypting(ctx) ? EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
EVP_GCM_TLS_EXPLICIT_IV_LEN, out)
<= 0)
goto err;
/* Use saved AAD */
if (CRYPTO_gcm128_aad(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx),
gctx->tls_aad_len))
goto err;
/* Fix buffer and length to point to payload */
in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
/* Encrypt payload */
if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
goto err;
out += len;
/* Finally write tag */
CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
rv = (int)(len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN);
} else {
/* Decrypt */
if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
goto err;
/* Retrieve tag */
CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx),
EVP_GCM_TLS_TAG_LEN);
/* If tag mismatch wipe buffer */
if (CRYPTO_memcmp(EVP_CIPHER_CTX_buf_noconst(ctx), in + len,
EVP_GCM_TLS_TAG_LEN)) {
OPENSSL_cleanse(out, len);
goto err;
}
rv = (int)len;
}
err:
gctx->iv_set = 0;
gctx->tls_aad_len = -1;
return rv;
}
static int aria_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX, ctx);
/* If not set up, return error */
if (!gctx->key_set)
return -1;
if (gctx->tls_aad_len >= 0)
return aria_gcm_tls_cipher(ctx, out, in, len);
if (!gctx->iv_set)
return -1;
if (in) {
if (out == NULL) {
if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
return -1;
} else if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
return -1;
} else {
if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
return -1;
}
return (int)len;
}
if (!EVP_CIPHER_CTX_is_encrypting(ctx)) {
if (gctx->taglen < 0)
return -1;
if (CRYPTO_gcm128_finish(&gctx->gcm,
EVP_CIPHER_CTX_buf_noconst(ctx),
gctx->taglen)
!= 0)
return -1;
gctx->iv_set = 0;
return 0;
}
CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), 16);
gctx->taglen = 16;
/* Don't reuse the IV */
gctx->iv_set = 0;
return 0;
}
static int aria_gcm_cleanup(EVP_CIPHER_CTX *ctx)
{
EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX, ctx);
if (gctx->iv != ctx->iv)
OPENSSL_free(gctx->iv);
return 1;
}
static int aria_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
int ret;
EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX, ctx);
if (!iv && !key)
return 1;
if (key) {
ret = ossl_aria_set_encrypt_key(key,
EVP_CIPHER_CTX_get_key_length(ctx) * 8,
&cctx->ks.ks);
CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
&cctx->ks, (block128_f)ossl_aria_encrypt);
if (ret < 0) {
ERR_raise(ERR_LIB_EVP, EVP_R_ARIA_KEY_SETUP_FAILED);
return 0;
}
cctx->str = NULL;
cctx->key_set = 1;
}
if (iv) {
memcpy(ctx->iv, iv, 15 - cctx->L);
cctx->iv_set = 1;
}
return 1;
}
static int aria_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX, c);
switch (type) {
case EVP_CTRL_INIT:
cctx->key_set = 0;
cctx->iv_set = 0;
cctx->L = 8;
cctx->M = 12;
cctx->tag_set = 0;
cctx->len_set = 0;
cctx->tls_aad_len = -1;
return 1;
case EVP_CTRL_GET_IVLEN:
*(int *)ptr = 15 - cctx->L;
return 1;
case EVP_CTRL_AEAD_TLS1_AAD:
/* Save the AAD for later use */
if (arg != EVP_AEAD_TLS1_AAD_LEN)
return 0;
memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
cctx->tls_aad_len = arg;
{
uint16_t len = EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
| EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
/* Correct length for explicit IV */
if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
return 0;
len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
/* If decrypting correct for tag too */
if (!EVP_CIPHER_CTX_is_encrypting(c)) {
if (len < cctx->M)
return 0;
len -= cctx->M;
}
EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
}
/* Extra padding: tag appended to record */
return cctx->M;
case EVP_CTRL_CCM_SET_IV_FIXED:
/* Sanity check length */
if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
return 0;
/* Just copy to first part of IV */
memcpy(c->iv, ptr, arg);
return 1;
case EVP_CTRL_AEAD_SET_IVLEN:
arg = 15 - arg;
/* fall through */
case EVP_CTRL_CCM_SET_L:
if (arg < 2 || arg > 8)
return 0;
cctx->L = arg;
return 1;
case EVP_CTRL_AEAD_SET_TAG:
if ((arg & 1) || arg < 4 || arg > 16)
return 0;
if (EVP_CIPHER_CTX_is_encrypting(c) && ptr)
return 0;
if (ptr) {
cctx->tag_set = 1;
memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
}
cctx->M = arg;
return 1;
case EVP_CTRL_AEAD_GET_TAG:
if (!EVP_CIPHER_CTX_is_encrypting(c) || !cctx->tag_set)
return 0;
if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
return 0;
cctx->tag_set = 0;
cctx->iv_set = 0;
cctx->len_set = 0;
return 1;
case EVP_CTRL_COPY: {
EVP_CIPHER_CTX *out = ptr;
EVP_ARIA_CCM_CTX *cctx_out = EVP_C_DATA(EVP_ARIA_CCM_CTX, out);
if (cctx->ccm.key) {
if (cctx->ccm.key != &cctx->ks)
return 0;
cctx_out->ccm.key = &cctx_out->ks;
}
return 1;
}
default:
return -1;
}
}
static int aria_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX, ctx);
CCM128_CONTEXT *ccm = &cctx->ccm;
/* Encrypt/decrypt must be performed in place */
if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M))
return -1;
/* If encrypting set explicit IV from sequence number (start of AAD) */
if (EVP_CIPHER_CTX_is_encrypting(ctx))
memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx),
EVP_CCM_TLS_EXPLICIT_IV_LEN);
/* Get rest of IV from explicit IV */
memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in,
EVP_CCM_TLS_EXPLICIT_IV_LEN);
/* Correct length value */
len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L,
len))
return -1;
/* Use saved AAD */
CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx),
cctx->tls_aad_len);
/* Fix buffer to point to payload */
in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str)
: CRYPTO_ccm128_encrypt(ccm, in, out, len))
return -1;
if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M))
return -1;
return (int)(len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M);
} else {
if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, cctx->str)
: !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
unsigned char tag[16];
if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
if (!CRYPTO_memcmp(tag, in + len, cctx->M))
return (int)len;
}
}
OPENSSL_cleanse(out, len);
return -1;
}
}
static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX, ctx);
CCM128_CONTEXT *ccm = &cctx->ccm;
/* If not set up, return error */
if (!cctx->key_set)
return -1;
if (cctx->tls_aad_len >= 0)
return aria_ccm_tls_cipher(ctx, out, in, len);
/* EVP_*Final() doesn't return any data */
if (in == NULL && out != NULL)
return 0;
if (!cctx->iv_set)
return -1;
if (!out) {
if (!in) {
if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
return -1;
cctx->len_set = 1;
return (int)len;
}
/* If have AAD need message length */
if (!cctx->len_set && len)
return -1;
CRYPTO_ccm128_aad(ccm, in, len);
return (int)len;
}
/* The tag must be set before actually decrypting data */
if (!EVP_CIPHER_CTX_is_encrypting(ctx) && !cctx->tag_set)
return -1;
/* If not set length yet do it */
if (!cctx->len_set) {
if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
return -1;
cctx->len_set = 1;
}
if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str)
: CRYPTO_ccm128_encrypt(ccm, in, out, len))
return -1;
cctx->tag_set = 1;
return (int)len;
} else {
int rv = -1;
if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
cctx->str)
: !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
unsigned char tag[16];
if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx),
cctx->M))
rv = (int)len;
}
}
if (rv == -1)
OPENSSL_cleanse(out, len);
cctx->iv_set = 0;
cctx->tag_set = 0;
cctx->len_set = 0;
return rv;
}
}
#define aria_ccm_cleanup NULL
BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0)
BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0)
#define ARIA_AUTH_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \
| EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
@@ -766,11 +80,11 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1, keylen / 8, 12, \
ARIA_AUTH_FLAGS | EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
aria_##mode##_init_key, \
aria_##mode##_cipher, \
aria_##mode##_cleanup, \
sizeof(EVP_ARIA_##MODE##_CTX), \
NULL, NULL, aria_##mode##_ctrl, NULL \
NULL, \
NULL, \
NULL, \
0, \
NULL, NULL, NULL, NULL \
}; \
const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \
{ \
@@ -778,11 +92,11 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
BLOCK_CIPHER_aead(128, gcm, GCM)
BLOCK_CIPHER_aead(192, gcm, GCM)
BLOCK_CIPHER_aead(256, gcm, GCM)
BLOCK_CIPHER_aead(192, gcm, GCM)
BLOCK_CIPHER_aead(256, gcm, GCM)
BLOCK_CIPHER_aead(128, ccm, CCM)
BLOCK_CIPHER_aead(192, ccm, CCM)
BLOCK_CIPHER_aead(256, ccm, CCM)
BLOCK_CIPHER_aead(128, ccm, CCM)
BLOCK_CIPHER_aead(192, ccm, CCM)
BLOCK_CIPHER_aead(256, ccm, CCM)
#endif

31
crypto/evp/e_bf.c
View File

@@ -7,12 +7,6 @@
* https://www.openssl.org/source/license.html
*/
/*
* BF low level APIs are deprecated for public use, but still ok for internal
* use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#ifndef OPENSSL_NO_BF
@@ -22,28 +16,7 @@
#include <openssl/blowfish.h>
#include "evp_local.h"
static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
typedef struct {
BF_KEY ks;
} EVP_BF_KEY;
#define data(ctx) EVP_C_DATA(EVP_BF_KEY, ctx)
IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64,
EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
int len = EVP_CIPHER_CTX_get_key_length(ctx);
if (len < 0)
return 0;
BF_set_key(&data(ctx)->ks, len, key);
return 1;
}
EVP_CIPH_VARIABLE_LENGTH, NULL, NULL,
NULL, NULL, NULL)
#endif

312
crypto/evp/e_camellia.c
View File

@@ -7,12 +7,6 @@
* https://www.openssl.org/source/license.html
*/
/*
* Camellia low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/opensslconf.h>
#include <openssl/evp.h>
@@ -25,155 +19,15 @@
#include "crypto/cmll_platform.h"
#include "evp_local.h"
static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
/* Camellia subkey Structure */
typedef struct {
CAMELLIA_KEY ks;
block128_f block;
union {
cbc128_f cbc;
ctr128_f ctr;
} stream;
} EVP_CAMELLIA_KEY;
#define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4))
/* Attribute operation for Camellia */
#define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY, ctx)
#if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
/* ---------^^^ this is not a typo, just a way to detect that
* assembler support was in general requested... */
#include "crypto/sparc_arch.h"
static int cmll_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
int ret, mode, bits;
EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx);
mode = EVP_CIPHER_CTX_get_mode(ctx);
bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
cmll_t4_set_key(key, bits, &dat->ks);
if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
&& !enc) {
ret = 0;
dat->block = (block128_f)cmll_t4_decrypt;
switch (bits) {
case 128:
dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f)cmll128_t4_cbc_decrypt : NULL;
break;
case 192:
case 256:
dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f)cmll256_t4_cbc_decrypt : NULL;
break;
default:
ret = -1;
}
} else {
ret = 0;
dat->block = (block128_f)cmll_t4_encrypt;
switch (bits) {
case 128:
if (mode == EVP_CIPH_CBC_MODE)
dat->stream.cbc = (cbc128_f)cmll128_t4_cbc_encrypt;
else if (mode == EVP_CIPH_CTR_MODE)
dat->stream.ctr = (ctr128_f)cmll128_t4_ctr32_encrypt;
else
dat->stream.cbc = NULL;
break;
case 192:
case 256:
if (mode == EVP_CIPH_CBC_MODE)
dat->stream.cbc = (cbc128_f)cmll256_t4_cbc_encrypt;
else if (mode == EVP_CIPH_CTR_MODE)
dat->stream.ctr = (ctr128_f)cmll256_t4_ctr32_encrypt;
else
dat->stream.cbc = NULL;
break;
default:
ret = -1;
}
}
if (ret < 0) {
ERR_raise(ERR_LIB_EVP, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
return 0;
}
return 1;
}
#define cmll_t4_cbc_cipher camellia_cbc_cipher
static int cmll_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
#define cmll_t4_ecb_cipher camellia_ecb_cipher
static int cmll_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
#define cmll_t4_ofb_cipher camellia_ofb_cipher
static int cmll_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
#define cmll_t4_cfb_cipher camellia_cfb_cipher
static int cmll_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
#define cmll_t4_cfb8_cipher camellia_cfb8_cipher
static int cmll_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
#define cmll_t4_cfb1_cipher camellia_cfb1_cipher
static int cmll_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
#define cmll_t4_ctr_cipher camellia_ctr_cipher
static int cmll_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
#define BLOCK_CIPHER_generic(nid, keylen, blocksize, ivlen, nmode, mode, MODE, flags) \
static const EVP_CIPHER cmll_t4_##keylen##_##mode = { \
nid##_##keylen##_##nmode, blocksize, keylen / 8, ivlen, \
flags | EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
cmll_t4_init_key, \
cmll_t4_##mode##_cipher, \
NULL, \
sizeof(EVP_CAMELLIA_KEY), \
NULL, NULL, NULL, NULL \
}; \
static const EVP_CIPHER camellia_##keylen##_##mode = { \
nid##_##keylen##_##nmode, blocksize, \
keylen / 8, ivlen, \
flags | EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
camellia_init_key, \
camellia_##mode##_cipher, \
NULL, \
sizeof(EVP_CAMELLIA_KEY), \
NULL, NULL, NULL, NULL \
}; \
const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \
{ \
return SPARC_CMLL_CAPABLE ? &cmll_t4_##keylen##_##mode : &camellia_##keylen##_##mode; \
}
#else
#define BLOCK_CIPHER_generic(nid, keylen, blocksize, ivlen, nmode, mode, MODE, flags) \
static const EVP_CIPHER camellia_##keylen##_##mode = { \
nid##_##keylen##_##nmode, blocksize, keylen / 8, ivlen, \
flags | EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
camellia_init_key, \
camellia_##mode##_cipher, \
NULL, \
sizeof(EVP_CAMELLIA_KEY), \
NULL, \
NULL, \
0, \
NULL, NULL, NULL, NULL \
}; \
const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \
@@ -181,8 +35,6 @@ static int cmll_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
return &camellia_##keylen##_##mode; \
}
#endif
#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \
BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
@@ -192,160 +44,6 @@ static int cmll_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \
BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
/* The subkey for Camellia is generated. */
static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
int ret, mode;
EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx);
ret = Camellia_set_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
&dat->ks);
if (ret < 0) {
ERR_raise(ERR_LIB_EVP, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
return 0;
}
mode = EVP_CIPHER_CTX_get_mode(ctx);
if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
&& !enc) {
dat->block = (block128_f)Camellia_decrypt;
dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f)Camellia_cbc_encrypt : NULL;
} else {
dat->block = (block128_f)Camellia_encrypt;
dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f)Camellia_cbc_encrypt : NULL;
}
return 1;
}
static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx);
if (dat->stream.cbc)
(*dat->stream.cbc)(in, out, len, &dat->ks, ctx->iv,
EVP_CIPHER_CTX_is_encrypting(ctx));
else if (EVP_CIPHER_CTX_is_encrypting(ctx))
CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, dat->block);
else
CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, dat->block);
return 1;
}
static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
size_t bl = EVP_CIPHER_CTX_get_block_size(ctx);
size_t i;
EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx);
if (len < bl)
return 1;
for (i = 0, len -= bl; i <= len; i += bl)
(*dat->block)(in + i, out + i, &dat->ks);
return 1;
}
static int camellia_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx);
int num = EVP_CIPHER_CTX_get_num(ctx);
CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, ctx->iv, &num, dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
static int camellia_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx);
int num = EVP_CIPHER_CTX_get_num(ctx);
CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, ctx->iv, &num,
EVP_CIPHER_CTX_is_encrypting(ctx), dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
static int camellia_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx);
int num = EVP_CIPHER_CTX_get_num(ctx);
CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, ctx->iv, &num,
EVP_CIPHER_CTX_is_encrypting(ctx), dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx);
if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
int num = EVP_CIPHER_CTX_get_num(ctx);
CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, ctx->iv, &num,
EVP_CIPHER_CTX_is_encrypting(ctx),
dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
while (len >= MAXBITCHUNK) {
int num = EVP_CIPHER_CTX_get_num(ctx);
CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
ctx->iv, &num,
EVP_CIPHER_CTX_is_encrypting(ctx),
dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
len -= MAXBITCHUNK;
out += MAXBITCHUNK;
in += MAXBITCHUNK;
}
if (len) {
int num = EVP_CIPHER_CTX_get_num(ctx);
CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
ctx->iv, &num,
EVP_CIPHER_CTX_is_encrypting(ctx),
dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
}
return 1;
}
static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
int snum = EVP_CIPHER_CTX_get_num(ctx);
unsigned int num;
EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx);
if (snum < 0)
return 0;
num = snum;
if (dat->stream.ctr)
CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, ctx->iv,
EVP_CIPHER_CTX_buf_noconst(ctx),
&num,
dat->stream.ctr);
else
CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv,
EVP_CIPHER_CTX_buf_noconst(ctx), &num,
dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0)
BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)
BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)

30
crypto/evp/e_cast.c
View File

@@ -7,12 +7,6 @@
* https://www.openssl.org/source/license.html
*/
/*
* CAST low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
@@ -23,29 +17,9 @@
#include <openssl/cast.h>
#include "evp_local.h"
static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
typedef struct {
CAST_KEY ks;
} EVP_CAST_KEY;
#define data(ctx) EVP_C_DATA(EVP_CAST_KEY, ctx)
IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY,
NID_cast5, 8, CAST_KEY_LENGTH, 8, 64,
EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
if (keylen <= 0)
return 0;
CAST_set_key(&data(ctx)->ks, keylen, key);
return 1;
}
EVP_CIPH_VARIABLE_LENGTH, NULL, NULL,
NULL, NULL, NULL)
#endif

230
crypto/evp/e_des.c
View File

@@ -6,13 +6,6 @@
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* DES low level APIs are deprecated for public use, but still ok for internal
* use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#ifndef OPENSSL_NO_DES
@@ -23,223 +16,16 @@
#include <openssl/rand.h>
#include "evp_local.h"
typedef struct {
union {
OSSL_UNION_ALIGN;
DES_key_schedule ks;
} ks;
union {
void (*cbc)(const void *, void *, size_t,
const DES_key_schedule *, unsigned char *);
} stream;
} EVP_DES_KEY;
#if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
/* ----------^^^ this is not a typo, just a way to detect that
* assembler support was in general requested... */
#include "crypto/sparc_arch.h"
#define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES)
void des_t4_key_expand(const void *key, DES_key_schedule *ks);
void des_t4_cbc_encrypt(const void *inp, void *out, size_t len,
const DES_key_schedule *ks, unsigned char iv[8]);
void des_t4_cbc_decrypt(const void *inp, void *out, size_t len,
const DES_key_schedule *ks, unsigned char iv[8]);
#endif
static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
/*
* Because of various casts and different names can't use
* IMPLEMENT_BLOCK_CIPHER
*/
static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
BLOCK_CIPHER_ecb_loop()
DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
EVP_CIPHER_CTX_get_cipher_data(ctx),
EVP_CIPHER_CTX_is_encrypting(ctx));
return 1;
}
static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
while (inl >= EVP_MAXCHUNK) {
int num = EVP_CIPHER_CTX_get_num(ctx);
DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
EVP_CIPHER_CTX_get_cipher_data(ctx),
(DES_cblock *)ctx->iv, &num);
EVP_CIPHER_CTX_set_num(ctx, num);
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
out += EVP_MAXCHUNK;
}
if (inl) {
int num = EVP_CIPHER_CTX_get_num(ctx);
DES_ofb64_encrypt(in, out, (long)inl,
EVP_CIPHER_CTX_get_cipher_data(ctx),
(DES_cblock *)ctx->iv, &num);
EVP_CIPHER_CTX_set_num(ctx, num);
}
return 1;
}
static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
EVP_DES_KEY *dat = (EVP_DES_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx);
if (dat->stream.cbc != NULL) {
(*dat->stream.cbc)(in, out, inl, &dat->ks.ks, ctx->iv);
return 1;
}
while (inl >= EVP_MAXCHUNK) {
DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK,
EVP_CIPHER_CTX_get_cipher_data(ctx),
(DES_cblock *)ctx->iv,
EVP_CIPHER_CTX_is_encrypting(ctx));
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
out += EVP_MAXCHUNK;
}
if (inl)
DES_ncbc_encrypt(in, out, (long)inl,
EVP_CIPHER_CTX_get_cipher_data(ctx),
(DES_cblock *)ctx->iv,
EVP_CIPHER_CTX_is_encrypting(ctx));
return 1;
}
static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
while (inl >= EVP_MAXCHUNK) {
int num = EVP_CIPHER_CTX_get_num(ctx);
DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
EVP_CIPHER_CTX_get_cipher_data(ctx),
(DES_cblock *)ctx->iv, &num,
EVP_CIPHER_CTX_is_encrypting(ctx));
EVP_CIPHER_CTX_set_num(ctx, num);
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
out += EVP_MAXCHUNK;
}
if (inl) {
int num = EVP_CIPHER_CTX_get_num(ctx);
DES_cfb64_encrypt(in, out, (long)inl,
EVP_CIPHER_CTX_get_cipher_data(ctx),
(DES_cblock *)ctx->iv, &num,
EVP_CIPHER_CTX_is_encrypting(ctx));
EVP_CIPHER_CTX_set_num(ctx, num);
}
return 1;
}
/*
* Although we have a CFB-r implementation for DES, it doesn't pack the right
* way, so wrap it here
*/
static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
size_t n, chunk = EVP_MAXCHUNK / 8;
unsigned char c[1];
unsigned char d[1] = { 0 }; /* Appease Coverity */
if (inl < chunk)
chunk = inl;
while (inl && inl >= chunk) {
for (n = 0; n < chunk * 8; ++n) {
c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
DES_cfb_encrypt(c, d, 1, 1, EVP_CIPHER_CTX_get_cipher_data(ctx),
(DES_cblock *)ctx->iv,
EVP_CIPHER_CTX_is_encrypting(ctx));
out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) | ((d[0] & 0x80) >> (unsigned int)(n % 8));
}
inl -= chunk;
in += chunk;
out += chunk;
if (inl < chunk)
chunk = inl;
}
return 1;
}
static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
while (inl >= EVP_MAXCHUNK) {
DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
EVP_CIPHER_CTX_get_cipher_data(ctx),
(DES_cblock *)ctx->iv,
EVP_CIPHER_CTX_is_encrypting(ctx));
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
out += EVP_MAXCHUNK;
}
if (inl)
DES_cfb_encrypt(in, out, 8, (long)inl,
EVP_CIPHER_CTX_get_cipher_data(ctx),
(DES_cblock *)ctx->iv,
EVP_CIPHER_CTX_is_encrypting(ctx));
return 1;
}
BLOCK_CIPHER_defs(des, EVP_DES_KEY, NID_des, 8, 8, 8, 64,
EVP_CIPH_RAND_KEY, des_init_key, NULL,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
EVP_CIPH_RAND_KEY, NULL, NULL,
NULL, NULL, NULL)
BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1,
EVP_CIPH_RAND_KEY, des_init_key, NULL,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1,
EVP_CIPH_RAND_KEY, NULL, NULL,
NULL, NULL, NULL)
BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8,
EVP_CIPH_RAND_KEY, des_init_key, NULL,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
DES_cblock *deskey = (DES_cblock *)key;
EVP_DES_KEY *dat = (EVP_DES_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx);
dat->stream.cbc = NULL;
#if defined(SPARC_DES_CAPABLE)
if (SPARC_DES_CAPABLE) {
int mode = EVP_CIPHER_CTX_get_mode(ctx);
if (mode == EVP_CIPH_CBC_MODE) {
des_t4_key_expand(key, &dat->ks.ks);
dat->stream.cbc = enc ? des_t4_cbc_encrypt : des_t4_cbc_decrypt;
return 1;
}
}
#endif
DES_set_key_unchecked(deskey, EVP_CIPHER_CTX_get_cipher_data(ctx));
return 1;
}
static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
switch (type) {
case EVP_CTRL_RAND_KEY:
if (RAND_priv_bytes(ptr, 8) <= 0)
return 0;
DES_set_odd_parity((DES_cblock *)ptr);
return 1;
default:
return -1;
}
}
BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8,
EVP_CIPH_RAND_KEY, NULL, NULL,
NULL, NULL, NULL)
#endif

383
crypto/evp/e_des3.c
View File

@@ -7,295 +7,30 @@
* https://www.openssl.org/source/license.html
*/
/*
* DES low level APIs are deprecated for public use, but still ok for internal
* use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#ifndef OPENSSL_NO_DES
#include <openssl/objects.h>
#include "crypto/evp.h"
#include "crypto/sha.h"
#include <openssl/des.h>
#include <openssl/rand.h>
#include "evp_local.h"
typedef struct {
union {
OSSL_UNION_ALIGN;
DES_key_schedule ks[3];
} ks;
union {
void (*cbc)(const void *, void *, size_t,
const DES_key_schedule *, unsigned char *);
} stream;
} DES_EDE_KEY;
#define ks1 ks.ks[0]
#define ks2 ks.ks[1]
#define ks3 ks.ks[2]
#if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
/* ---------^^^ this is not a typo, just a way to detect that
* assembler support was in general requested... */
#include "crypto/sparc_arch.h"
#define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES)
void des_t4_key_expand(const void *key, DES_key_schedule *ks);
void des_t4_ede3_cbc_encrypt(const void *inp, void *out, size_t len,
const DES_key_schedule ks[3], unsigned char iv[8]);
void des_t4_ede3_cbc_decrypt(const void *inp, void *out, size_t len,
const DES_key_schedule ks[3], unsigned char iv[8]);
#endif
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
#define data(ctx) EVP_C_DATA(DES_EDE_KEY, ctx)
/*
* Because of various casts and different args can't use
* IMPLEMENT_BLOCK_CIPHER
*/
static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
BLOCK_CIPHER_ecb_loop()
DES_ecb3_encrypt((const_DES_cblock *)(in + i),
(DES_cblock *)(out + i),
&data(ctx)->ks1, &data(ctx)->ks2,
&data(ctx)->ks3, EVP_CIPHER_CTX_is_encrypting(ctx));
return 1;
}
static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
while (inl >= EVP_MAXCHUNK) {
int num = EVP_CIPHER_CTX_get_num(ctx);
DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
&data(ctx)->ks1, &data(ctx)->ks2,
&data(ctx)->ks3,
(DES_cblock *)ctx->iv,
&num);
EVP_CIPHER_CTX_set_num(ctx, num);
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
out += EVP_MAXCHUNK;
}
if (inl) {
int num = EVP_CIPHER_CTX_get_num(ctx);
DES_ede3_ofb64_encrypt(in, out, (long)inl,
&data(ctx)->ks1, &data(ctx)->ks2,
&data(ctx)->ks3,
(DES_cblock *)ctx->iv,
&num);
EVP_CIPHER_CTX_set_num(ctx, num);
}
return 1;
}
static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
DES_EDE_KEY *dat = data(ctx);
if (dat->stream.cbc != NULL) {
(*dat->stream.cbc)(in, out, inl, dat->ks.ks,
ctx->iv);
return 1;
}
while (inl >= EVP_MAXCHUNK) {
DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
&dat->ks1, &dat->ks2, &dat->ks3,
(DES_cblock *)ctx->iv,
EVP_CIPHER_CTX_is_encrypting(ctx));
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
out += EVP_MAXCHUNK;
}
if (inl)
DES_ede3_cbc_encrypt(in, out, (long)inl,
&dat->ks1, &dat->ks2, &dat->ks3,
(DES_cblock *)ctx->iv,
EVP_CIPHER_CTX_is_encrypting(ctx));
return 1;
}
static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
while (inl >= EVP_MAXCHUNK) {
int num = EVP_CIPHER_CTX_get_num(ctx);
DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
&data(ctx)->ks1, &data(ctx)->ks2,
&data(ctx)->ks3, (DES_cblock *)ctx->iv,
&num, EVP_CIPHER_CTX_is_encrypting(ctx));
EVP_CIPHER_CTX_set_num(ctx, num);
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
out += EVP_MAXCHUNK;
}
if (inl) {
int num = EVP_CIPHER_CTX_get_num(ctx);
DES_ede3_cfb64_encrypt(in, out, (long)inl,
&data(ctx)->ks1, &data(ctx)->ks2,
&data(ctx)->ks3, (DES_cblock *)ctx->iv,
&num, EVP_CIPHER_CTX_is_encrypting(ctx));
EVP_CIPHER_CTX_set_num(ctx, num);
}
return 1;
}
/*
* Although we have a CFB-r implementation for 3-DES, it doesn't pack the
* right way, so wrap it here
*/
static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
size_t n;
unsigned char c[1];
unsigned char d[1] = { 0 }; /* Appease Coverity */
if (!EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
inl *= 8;
for (n = 0; n < inl; ++n) {
c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
DES_ede3_cfb_encrypt(c, d, 1, 1,
&data(ctx)->ks1, &data(ctx)->ks2,
&data(ctx)->ks3, (DES_cblock *)ctx->iv,
EVP_CIPHER_CTX_is_encrypting(ctx));
out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8)))
| ((d[0] & 0x80) >> (unsigned int)(n % 8));
}
return 1;
}
static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
while (inl >= EVP_MAXCHUNK) {
DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
&data(ctx)->ks1, &data(ctx)->ks2,
&data(ctx)->ks3, (DES_cblock *)ctx->iv,
EVP_CIPHER_CTX_is_encrypting(ctx));
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
out += EVP_MAXCHUNK;
}
if (inl)
DES_ede3_cfb_encrypt(in, out, 8, (long)inl,
&data(ctx)->ks1, &data(ctx)->ks2,
&data(ctx)->ks3, (DES_cblock *)ctx->iv,
EVP_CIPHER_CTX_is_encrypting(ctx));
return 1;
}
BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
des_ede_init_key, NULL, NULL, NULL, des3_ctrl)
#define des_ede3_cfb64_cipher des_ede_cfb64_cipher
#define des_ede3_ofb_cipher des_ede_ofb_cipher
#define des_ede3_cbc_cipher des_ede_cbc_cipher
#define des_ede3_ecb_cipher des_ede_ecb_cipher
BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
NULL, NULL, NULL, NULL, NULL)
BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
NULL, NULL, NULL, NULL, NULL)
BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
NULL, NULL, NULL, NULL, des3_NULLctrl)
BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
DES_cblock *deskey = (DES_cblock *)key;
DES_EDE_KEY *dat = data(ctx);
dat->stream.cbc = NULL;
#if defined(SPARC_DES_CAPABLE)
if (SPARC_DES_CAPABLE) {
int mode = EVP_CIPHER_CTX_get_mode(ctx);
if (mode == EVP_CIPH_CBC_MODE) {
des_t4_key_expand(&deskey[0], &dat->ks1);
des_t4_key_expand(&deskey[1], &dat->ks2);
memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1));
dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt : des_t4_ede3_cbc_decrypt;
return 1;
}
}
#endif
DES_set_key_unchecked(&deskey[0], &dat->ks1);
DES_set_key_unchecked(&deskey[1], &dat->ks2);
memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1));
return 1;
}
static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
DES_cblock *deskey = (DES_cblock *)key;
DES_EDE_KEY *dat = data(ctx);
dat->stream.cbc = NULL;
#if defined(SPARC_DES_CAPABLE)
if (SPARC_DES_CAPABLE) {
int mode = EVP_CIPHER_CTX_get_mode(ctx);
if (mode == EVP_CIPH_CBC_MODE) {
des_t4_key_expand(&deskey[0], &dat->ks1);
des_t4_key_expand(&deskey[1], &dat->ks2);
des_t4_key_expand(&deskey[2], &dat->ks3);
dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt : des_t4_ede3_cbc_decrypt;
return 1;
}
}
#endif
DES_set_key_unchecked(&deskey[0], &dat->ks1);
DES_set_key_unchecked(&deskey[1], &dat->ks2);
DES_set_key_unchecked(&deskey[2], &dat->ks3);
return 1;
}
static int des3_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
{
DES_cblock *deskey = ptr;
int kl;
switch (type) {
case EVP_CTRL_RAND_KEY:
kl = EVP_CIPHER_CTX_get_key_length(ctx);
if (kl < 0 || RAND_priv_bytes(ptr, kl) <= 0)
return 0;
DES_set_odd_parity(deskey);
if (kl >= 16)
DES_set_odd_parity(deskey + 1);
if (kl >= 24)
DES_set_odd_parity(deskey + 2);
return 1;
default:
return -1;
}
}
NULL, NULL, NULL, NULL, NULL)
const EVP_CIPHER *EVP_des_ede(void)
{
@@ -307,113 +42,15 @@ const EVP_CIPHER *EVP_des_ede3(void)
return &des_ede3_ecb;
}
#include <openssl/sha.h>
static const unsigned char wrap_iv[8] = {
0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
};
static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
unsigned char icv[8], iv[8], sha1tmp[SHA_DIGEST_LENGTH];
int rv = -1;
if (inl < 24)
return -1;
if (out == NULL)
return (int)(inl - 16);
memcpy(ctx->iv, wrap_iv, 8);
/* Decrypt first block which will end up as icv */
des_ede_cbc_cipher(ctx, icv, in, 8);
/* Decrypt central blocks */
/*
* If decrypting in place move whole output along a block so the next
* des_ede_cbc_cipher is in place.
*/
if (out == in) {
memmove(out, out + 8, inl - 8);
in -= 8;
}
des_ede_cbc_cipher(ctx, out, in + 8, inl - 16);
/* Decrypt final block which will be IV */
des_ede_cbc_cipher(ctx, iv, in + inl - 8, 8);
/* Reverse order of everything */
BUF_reverse(icv, NULL, 8);
BUF_reverse(out, NULL, inl - 16);
BUF_reverse(ctx->iv, iv, 8);
/* Decrypt again using new IV */
des_ede_cbc_cipher(ctx, out, out, inl - 16);
des_ede_cbc_cipher(ctx, icv, icv, 8);
if (ossl_sha1(out, inl - 16, sha1tmp) /* Work out hash of first portion */
&& CRYPTO_memcmp(sha1tmp, icv, 8) == 0)
rv = (int)(inl - 16);
OPENSSL_cleanse(icv, 8);
OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
OPENSSL_cleanse(iv, 8);
OPENSSL_cleanse(ctx->iv, 8);
if (rv == -1)
OPENSSL_cleanse(out, inl - 16);
return rv;
}
static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
unsigned char sha1tmp[SHA_DIGEST_LENGTH];
if (out == NULL)
return (int)(inl + 16);
/* Copy input to output buffer + 8 so we have space for IV */
memmove(out + 8, in, inl);
/* Work out ICV */
if (!ossl_sha1(in, inl, sha1tmp))
return -1;
memcpy(out + inl + 8, sha1tmp, 8);
OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
/* Generate random IV */
if (RAND_bytes(ctx->iv, 8) <= 0)
return -1;
memcpy(out, ctx->iv, 8);
/* Encrypt everything after IV in place */
des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8);
BUF_reverse(out, NULL, inl + 16);
memcpy(ctx->iv, wrap_iv, 8);
des_ede_cbc_cipher(ctx, out, out, inl + 16);
return (int)(inl + 16);
}
static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
/*
* Sanity check input length: we typically only wrap keys so EVP_MAXCHUNK
* is more than will ever be needed. Also input length must be a multiple
* of 8 bits.
*/
if (inl >= EVP_MAXCHUNK || inl % 8)
return -1;
if (ossl_is_partially_overlapping(out, in, (int)inl)) {
ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
return 0;
}
if (EVP_CIPHER_CTX_is_encrypting(ctx))
return des_ede3_wrap(ctx, out, in, inl);
else
return des_ede3_unwrap(ctx, out, in, inl);
}
static const EVP_CIPHER des3_wrap = {
NID_id_smime_alg_CMS3DESwrap,
8, 24, 0,
EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
| EVP_CIPH_FLAG_DEFAULT_ASN1,
EVP_ORIG_GLOBAL,
des_ede3_init_key, des_ede3_wrap_cipher,
NULL, NULL,
NULL,
sizeof(DES_EDE_KEY),
0,
NULL, NULL, NULL, NULL
};

60
crypto/evp/e_idea.c
View File

@@ -7,13 +7,6 @@
* https://www.openssl.org/source/license.html
*/
/*
* IDEA low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
@@ -24,55 +17,8 @@
#include <openssl/idea.h>
#include "evp_local.h"
/* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */
typedef struct {
IDEA_KEY_SCHEDULE ks;
} EVP_IDEA_KEY;
static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
/*
* NB IDEA_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a
* special case
*/
static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
BLOCK_CIPHER_ecb_loop()
IDEA_ecb_encrypt(in + i, out + i, &EVP_C_DATA(EVP_IDEA_KEY, ctx)->ks);
return 1;
}
BLOCK_CIPHER_func_cbc(idea, IDEA, EVP_IDEA_KEY, ks)
BLOCK_CIPHER_func_ofb(idea, IDEA, 64, EVP_IDEA_KEY, ks)
BLOCK_CIPHER_func_cfb(idea, IDEA, 64, EVP_IDEA_KEY, ks)
BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
0, idea_init_key, NULL,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
if (!enc) {
if (EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_OFB_MODE)
enc = 1;
else if (EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_CFB_MODE)
enc = 1;
}
if (enc)
IDEA_set_encrypt_key(key, &EVP_C_DATA(EVP_IDEA_KEY, ctx)->ks);
else {
IDEA_KEY_SCHEDULE tmp;
IDEA_set_encrypt_key(key, &tmp);
IDEA_set_decrypt_key(&tmp, &EVP_C_DATA(EVP_IDEA_KEY, ctx)->ks);
OPENSSL_cleanse((unsigned char *)&tmp, sizeof(IDEA_KEY_SCHEDULE));
}
return 1;
}
BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
0, NULL, NULL,
NULL, NULL, NULL)
#endif

163
crypto/evp/e_rc2.c
View File

@@ -6,13 +6,6 @@
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* RC2 low level APIs are deprecated for public use, but still ok for internal
* use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
@@ -24,43 +17,26 @@
#include <openssl/rc2.h>
#include "evp_local.h"
static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx);
static int rc2_magic_to_meth(int i);
static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
typedef struct {
int key_bits; /* effective key bits */
RC2_KEY ks; /* key schedule */
} EVP_RC2_KEY;
#define data(ctx) EVP_C_DATA(EVP_RC2_KEY, ctx)
IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2,
8,
RC2_KEY_LENGTH, 8, 64,
EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
rc2_init_key, NULL,
rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv,
rc2_ctrl)
#define RC2_40_MAGIC 0xa0
#define RC2_64_MAGIC 0x78
#define RC2_128_MAGIC 0x3a
NULL, NULL,
NULL, NULL,
NULL)
static const EVP_CIPHER r2_64_cbc_cipher = {
NID_rc2_64_cbc,
8, 8 /* 64 bit */, 8,
EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
EVP_ORIG_GLOBAL,
rc2_init_key,
rc2_cbc_cipher,
NULL,
sizeof(EVP_RC2_KEY),
rc2_set_asn1_type_and_iv,
rc2_get_asn1_type_and_iv,
rc2_ctrl,
NULL,
NULL,
0,
NULL,
NULL,
NULL,
NULL
};
@@ -69,13 +45,13 @@ static const EVP_CIPHER r2_40_cbc_cipher = {
8, 5 /* 40 bit */, 8,
EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
EVP_ORIG_GLOBAL,
rc2_init_key,
rc2_cbc_cipher,
NULL,
sizeof(EVP_RC2_KEY),
rc2_set_asn1_type_and_iv,
rc2_get_asn1_type_and_iv,
rc2_ctrl,
NULL,
NULL,
0,
NULL,
NULL,
NULL,
NULL
};
@@ -89,111 +65,4 @@ const EVP_CIPHER *EVP_rc2_40_cbc(void)
return &r2_40_cbc_cipher;
}
static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_get_key_length(ctx),
key, data(ctx)->key_bits);
return 1;
}
static int rc2_meth_to_magic(EVP_CIPHER_CTX *e)
{
int i;
if (EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i) <= 0)
return 0;
if (i == 128)
return RC2_128_MAGIC;
else if (i == 64)
return RC2_64_MAGIC;
else if (i == 40)
return RC2_40_MAGIC;
else
return 0;
}
static int rc2_magic_to_meth(int i)
{
if (i == RC2_128_MAGIC)
return 128;
else if (i == RC2_64_MAGIC)
return 64;
else if (i == RC2_40_MAGIC)
return 40;
else {
ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_SIZE);
return 0;
}
}
static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
{
long num = 0;
int i = 0;
int key_bits;
unsigned int l;
unsigned char iv[EVP_MAX_IV_LENGTH];
if (type != NULL) {
l = EVP_CIPHER_CTX_get_iv_length(c);
OPENSSL_assert(l <= sizeof(iv));
i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
if (i != (int)l)
return -1;
key_bits = rc2_magic_to_meth((int)num);
if (!key_bits)
return -1;
if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1))
return -1;
if (EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits,
NULL)
<= 0
|| EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0)
return -1;
}
return i;
}
static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
{
long num;
int i = 0, j;
if (type != NULL) {
num = rc2_meth_to_magic(c);
j = EVP_CIPHER_CTX_get_iv_length(c);
i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j);
}
return i;
}
static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
switch (type) {
case EVP_CTRL_INIT:
data(c)->key_bits = EVP_CIPHER_CTX_get_key_length(c) * 8;
return 1;
case EVP_CTRL_GET_RC2_KEY_BITS:
*(int *)ptr = data(c)->key_bits;
return 1;
case EVP_CTRL_SET_RC2_KEY_BITS:
if (arg > 0) {
data(c)->key_bits = arg;
return 1;
}
return 0;
#ifdef PBE_PRF_TEST
case EVP_CTRL_PBE_PRF_NID:
*(int *)ptr = NID_hmacWithMD5;
return 1;
#endif
default:
return -1;
}
}
#endif

22
crypto/evp/e_seed.c
View File

@@ -7,12 +7,6 @@
* https://www.openssl.org/source/license.html
*/
/*
* SEED low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/opensslconf.h>
#include <openssl/evp.h>
#include <openssl/err.h>
@@ -22,20 +16,6 @@
#include "crypto/evp.h"
#include "evp_local.h"
static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
typedef struct {
SEED_KEY_SCHEDULE ks;
} EVP_SEED_KEY;
IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed,
16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1,
seed_init_key, 0, 0, 0, 0)
static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
SEED_set_key(key, &EVP_C_DATA(EVP_SEED_KEY, ctx)->ks);
return 1;
}
NULL, 0, 0, 0, 0)

189
crypto/evp/e_sm4.c
View File

@@ -20,28 +20,15 @@
#include "crypto/sm4_platform.h"
#include "evp_local.h"
typedef struct {
union {
OSSL_UNION_ALIGN;
SM4_KEY ks;
} ks;
block128_f block;
union {
ecb128_f ecb;
cbc128_f cbc;
ctr128_f ctr;
} stream;
} EVP_SM4_KEY;
#define BLOCK_CIPHER_generic(nid, blocksize, ivlen, nmode, mode, MODE, flags) \
static const EVP_CIPHER sm4_##mode = { \
nid##_##nmode, blocksize, 128 / 8, ivlen, \
flags | EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
sm4_init_key, \
sm4_##mode##_cipher, \
NULL, \
sizeof(EVP_SM4_KEY), \
NULL, \
NULL, \
0, \
NULL, NULL, NULL, NULL \
}; \
const EVP_CIPHER *EVP_sm4_##mode(void) \
@@ -56,175 +43,5 @@ typedef struct {
BLOCK_CIPHER_generic(nid, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, 1, 16, ctr, ctr, CTR, flags)
static int sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
int mode;
EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx);
mode = EVP_CIPHER_CTX_get_mode(ctx);
if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
&& !enc) {
#ifdef HWSM4_CAPABLE
if (HWSM4_CAPABLE) {
HWSM4_set_decrypt_key(key, &dat->ks.ks);
dat->block = (block128_f)HWSM4_decrypt;
dat->stream.cbc = NULL;
#ifdef HWSM4_cbc_encrypt
if (mode == EVP_CIPH_CBC_MODE)
dat->stream.cbc = (cbc128_f)HWSM4_cbc_encrypt;
#endif
#ifdef HWSM4_ecb_encrypt
if (mode == EVP_CIPH_ECB_MODE)
dat->stream.ecb = (ecb128_f)HWSM4_ecb_encrypt;
#endif
} else
#endif
#ifdef VPSM4_CAPABLE
if (VPSM4_CAPABLE) {
vpsm4_set_decrypt_key(key, &dat->ks.ks);
dat->block = (block128_f)vpsm4_decrypt;
dat->stream.cbc = NULL;
if (mode == EVP_CIPH_CBC_MODE)
dat->stream.cbc = (cbc128_f)vpsm4_cbc_encrypt;
else if (mode == EVP_CIPH_ECB_MODE)
dat->stream.ecb = (ecb128_f)vpsm4_ecb_encrypt;
} else
#endif
{
dat->block = (block128_f)ossl_sm4_decrypt;
ossl_sm4_set_key(key, EVP_CIPHER_CTX_get_cipher_data(ctx));
}
} else
#ifdef HWSM4_CAPABLE
if (HWSM4_CAPABLE) {
HWSM4_set_encrypt_key(key, &dat->ks.ks);
dat->block = (block128_f)HWSM4_encrypt;
dat->stream.cbc = NULL;
#ifdef HWSM4_cbc_encrypt
if (mode == EVP_CIPH_CBC_MODE)
dat->stream.cbc = (cbc128_f)HWSM4_cbc_encrypt;
else
#endif
#ifdef HWSM4_ecb_encrypt
if (mode == EVP_CIPH_ECB_MODE)
dat->stream.ecb = (ecb128_f)HWSM4_ecb_encrypt;
else
#endif
#ifdef HWSM4_ctr32_encrypt_blocks
if (mode == EVP_CIPH_CTR_MODE)
dat->stream.ctr = (ctr128_f)HWSM4_ctr32_encrypt_blocks;
else
#endif
(void)0; /* terminate potentially open 'else' */
} else
#endif
#ifdef VPSM4_CAPABLE
if (VPSM4_CAPABLE) {
vpsm4_set_encrypt_key(key, &dat->ks.ks);
dat->block = (block128_f)vpsm4_encrypt;
dat->stream.cbc = NULL;
if (mode == EVP_CIPH_CBC_MODE)
dat->stream.cbc = (cbc128_f)vpsm4_cbc_encrypt;
else if (mode == EVP_CIPH_ECB_MODE)
dat->stream.ecb = (ecb128_f)vpsm4_ecb_encrypt;
else if (mode == EVP_CIPH_CTR_MODE)
dat->stream.ctr = (ctr128_f)vpsm4_ctr32_encrypt_blocks;
} else
#endif
{
dat->block = (block128_f)ossl_sm4_encrypt;
ossl_sm4_set_key(key, EVP_CIPHER_CTX_get_cipher_data(ctx));
}
return 1;
}
static int sm4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx);
if (dat->stream.cbc)
(*dat->stream.cbc)(in, out, len, &dat->ks.ks, ctx->iv,
EVP_CIPHER_CTX_is_encrypting(ctx));
else if (EVP_CIPHER_CTX_is_encrypting(ctx))
CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv,
dat->block);
else
CRYPTO_cbc128_decrypt(in, out, len, &dat->ks,
ctx->iv, dat->block);
return 1;
}
static int sm4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx);
int num = EVP_CIPHER_CTX_get_num(ctx);
CRYPTO_cfb128_encrypt(in, out, len, &dat->ks,
ctx->iv, &num,
EVP_CIPHER_CTX_is_encrypting(ctx), dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
static int sm4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
size_t bl = EVP_CIPHER_CTX_get_block_size(ctx);
size_t i;
EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx);
if (len < bl)
return 1;
if (dat->stream.ecb != NULL)
(*dat->stream.ecb)(in, out, len, &dat->ks.ks,
EVP_CIPHER_CTX_is_encrypting(ctx));
else
for (i = 0, len -= bl; i <= len; i += bl)
(*dat->block)(in + i, out + i, &dat->ks);
return 1;
}
static int sm4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx);
int num = EVP_CIPHER_CTX_get_num(ctx);
CRYPTO_ofb128_encrypt(in, out, len, &dat->ks,
ctx->iv, &num, dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
static int sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
int n = EVP_CIPHER_CTX_get_num(ctx);
unsigned int num;
EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx);
if (n < 0)
return 0;
num = (unsigned int)n;
if (dat->stream.ctr)
CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
ctx->iv,
EVP_CIPHER_CTX_buf_noconst(ctx),
&num, dat->stream.ctr);
else
CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
ctx->iv,
EVP_CIPHER_CTX_buf_noconst(ctx), &num,
dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
DEFINE_BLOCK_CIPHERS(NID_sm4, 0)
#endif

61
crypto/evp/e_xcbc_d.c
View File

@@ -7,12 +7,6 @@
* https://www.openssl.org/source/license.html
*/
/*
* DES low level APIs are deprecated for public use, but still ok for internal
* use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
@@ -24,30 +18,17 @@
#include <openssl/des.h>
#include "evp_local.h"
static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl);
typedef struct {
DES_key_schedule ks; /* key schedule */
DES_cblock inw;
DES_cblock outw;
} DESX_CBC_KEY;
#define data(ctx) EVP_C_DATA(DESX_CBC_KEY, ctx)
static const EVP_CIPHER d_xcbc_cipher = {
NID_desx_cbc,
8, 24, 8,
EVP_CIPH_CBC_MODE,
EVP_ORIG_GLOBAL,
desx_cbc_init_key,
desx_cbc_cipher,
NULL,
sizeof(DESX_CBC_KEY),
EVP_CIPHER_set_asn1_iv,
EVP_CIPHER_get_asn1_iv,
NULL,
NULL,
0,
NULL,
NULL,
NULL,
NULL
};
@@ -56,36 +37,4 @@ const EVP_CIPHER *EVP_desx_cbc(void)
{
return &d_xcbc_cipher;
}
static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
DES_cblock *deskey = (DES_cblock *)key;
DES_set_key_unchecked(deskey, &data(ctx)->ks);
memcpy(&data(ctx)->inw[0], &key[8], 8);
memcpy(&data(ctx)->outw[0], &key[16], 8);
return 1;
}
static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
while (inl >= EVP_MAXCHUNK) {
DES_xcbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks,
(DES_cblock *)ctx->iv,
&data(ctx)->inw, &data(ctx)->outw,
EVP_CIPHER_CTX_is_encrypting(ctx));
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
out += EVP_MAXCHUNK;
}
if (inl)
DES_xcbc_encrypt(in, out, (long)inl, &data(ctx)->ks,
(DES_cblock *)ctx->iv,
&data(ctx)->inw, &data(ctx)->outw,
EVP_CIPHER_CTX_is_encrypting(ctx));
return 1;
}
#endif

161
include/crypto/evp.h
View File

@@ -281,93 +281,8 @@ struct evp_cipher_st {
OSSL_FUNC_cipher_decrypt_skey_init_fn *dinit_skey;
} /* EVP_CIPHER */;
/* Macros to code block cipher wrappers */
/* Wrapper functions for each cipher mode */
#define EVP_C_DATA(kstruct, ctx) \
((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx))
#define BLOCK_CIPHER_ecb_loop() \
size_t i, bl; \
bl = EVP_CIPHER_CTX_get0_cipher(ctx)->block_size; \
if (inl < bl) \
return 1; \
inl -= bl; \
for (i = 0; i <= inl; i += bl)
#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
{ \
BLOCK_CIPHER_ecb_loop() \
cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct, ctx)->ksched, EVP_CIPHER_CTX_is_encrypting(ctx)); \
return 1; \
}
#define EVP_MAXCHUNK ((size_t)1 << 30)
#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
{ \
while (inl >= EVP_MAXCHUNK) { \
int num = EVP_CIPHER_CTX_get_num(ctx); \
cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv, &num); \
EVP_CIPHER_CTX_set_num(ctx, num); \
inl -= EVP_MAXCHUNK; \
in += EVP_MAXCHUNK; \
out += EVP_MAXCHUNK; \
} \
if (inl) { \
int num = EVP_CIPHER_CTX_get_num(ctx); \
cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv, &num); \
EVP_CIPHER_CTX_set_num(ctx, num); \
} \
return 1; \
}
#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
{ \
while (inl >= EVP_MAXCHUNK) { \
cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx)); \
inl -= EVP_MAXCHUNK; \
in += EVP_MAXCHUNK; \
out += EVP_MAXCHUNK; \
} \
if (inl) \
cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx)); \
return 1; \
}
#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
{ \
size_t chunk = EVP_MAXCHUNK; \
if (cbits == 1) \
chunk >>= 3; \
if (inl < chunk) \
chunk = inl; \
while (inl && inl >= chunk) { \
int num = EVP_CIPHER_CTX_get_num(ctx); \
cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits == 1) && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) ? chunk * 8 : chunk), \
&EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv, \
&num, EVP_CIPHER_CTX_is_encrypting(ctx)); \
EVP_CIPHER_CTX_set_num(ctx, num); \
inl -= chunk; \
in += chunk; \
out += chunk; \
if (inl < chunk) \
chunk = inl; \
} \
return 1; \
}
#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched)
#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \
key_len, iv_len, flags, init_key, cleanup, \
set_asn1, get_asn1, ctrl) \
@@ -375,12 +290,12 @@ struct evp_cipher_st {
nid##_##nmode, block_size, key_len, iv_len, \
flags | EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
init_key, \
cname##_##mode##_cipher, \
cleanup, \
sizeof(kstruct), \
set_asn1, get_asn1, \
ctrl, \
NULL, \
NULL, \
NULL, \
0, \
NULL, NULL, \
NULL, \
NULL \
}; \
const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
@@ -423,79 +338,15 @@ struct evp_cipher_st {
BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
init_key, cleanup, set_asn1, get_asn1, ctrl)
/*-
#define BLOCK_CIPHER_defs(cname, kstruct, \
nid, block_size, key_len, iv_len, flags,\
init_key, cleanup, set_asn1, get_asn1, ctrl)\
static const EVP_CIPHER cname##_cbc = {\
nid##_cbc, block_size, key_len, iv_len, \
flags | EVP_CIPH_CBC_MODE,\
EVP_ORIG_GLOBAL,\
init_key,\
cname##_cbc_cipher,\
cleanup,\
sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
set_asn1, get_asn1,\
ctrl, \
NULL \
};\
const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
static const EVP_CIPHER cname##_cfb = {\
nid##_cfb64, 1, key_len, iv_len, \
flags | EVP_CIPH_CFB_MODE,\
EVP_ORIG_GLOBAL,\
init_key,\
cname##_cfb_cipher,\
cleanup,\
sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
set_asn1, get_asn1,\
ctrl,\
NULL \
};\
const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
static const EVP_CIPHER cname##_ofb = {\
nid##_ofb64, 1, key_len, iv_len, \
flags | EVP_CIPH_OFB_MODE,\
EVP_ORIG_GLOBAL,\
init_key,\
cname##_ofb_cipher,\
cleanup,\
sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
set_asn1, get_asn1,\
ctrl,\
NULL \
};\
const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
static const EVP_CIPHER cname##_ecb = {\
nid##_ecb, block_size, key_len, iv_len, \
flags | EVP_CIPH_ECB_MODE,\
EVP_ORIG_GLOBAL,\
init_key,\
cname##_ecb_cipher,\
cleanup,\
sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
set_asn1, get_asn1,\
ctrl,\
NULL \
};\
const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
*/
#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \
block_size, key_len, iv_len, cbits, \
flags, init_key, \
cleanup, set_asn1, get_asn1, ctrl) \
BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \
cbits, flags, init_key, cleanup, set_asn1, \
get_asn1, ctrl)
#define IMPLEMENT_CFBR(cipher, cprefix, kstruct, ksched, keysize, cbits, iv_len, fl) \
BLOCK_CIPHER_func_cfb(cipher##_##keysize, cprefix, cbits, kstruct, ksched) \
BLOCK_CIPHER_def_cfb(cipher##_##keysize, kstruct, \
NID_##cipher##_##keysize, keysize / 8, iv_len, cbits, \
(fl) | EVP_CIPH_FLAG_DEFAULT_ASN1, \