[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Fri Dec 8 10:46:29 UTC 2017
The branch master has been updated
via f1138840cbdcdacbb737d7802eb774f6cbc5762b (commit)
via 7e8a5e30902b3e3f10aeaae8dcde283eb7224abc (commit)
via a3d7fd2837ab7341e58862df95af8532f23d4d51 (commit)
via 49ea0f09833fb526a12f9402fa2fcf0f4b735d5e (commit)
from cbe2964821bb063f61ed2544cfce196ec1c0d62b (commit)
- Log -----------------------------------------------------------------
commit f1138840cbdcdacbb737d7802eb774f6cbc5762b
Author: JitendraLulla <lullajd at yahoo.com>
Date: Wed Nov 15 16:14:36 2017 +0530
putting the missing static
Reviewed-by: Paul Dale <paul.dale at oracle.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4717)
commit 7e8a5e30902b3e3f10aeaae8dcde283eb7224abc
Author: JitendraLulla <lullajd at yahoo.com>
Date: Wed Nov 15 06:43:48 2017 +0530
make get_cipher_handle static
Reviewed-by: Paul Dale <paul.dale at oracle.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4717)
commit a3d7fd2837ab7341e58862df95af8532f23d4d51
Author: JitendraLulla <lullajd at yahoo.com>
Date: Wed Nov 15 06:03:07 2017 +0530
fix --strict-warnings
Reviewed-by: Paul Dale <paul.dale at oracle.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4717)
commit 49ea0f09833fb526a12f9402fa2fcf0f4b735d5e
Author: JitendraLulla <lullajd at yahoo.com>
Date: Sat Nov 11 12:01:58 2017 +0530
extending afalg with aes-cbc-192/256, afalgtest.c also updated accordingly. comments from matt, Stephen considered
fix indentation, remove printf from afalgtest.c
Reviewed-by: Paul Dale <paul.dale at oracle.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4717)
-----------------------------------------------------------------------
Summary of changes:
engines/e_afalg.c | 104 ++++++++++++++++++++++++++++++++++++------------------
engines/e_afalg.h | 15 ++++++++
test/afalgtest.c | 51 ++++++++++++++++++++------
3 files changed, 125 insertions(+), 45 deletions(-)
diff --git a/engines/e_afalg.c b/engines/e_afalg.c
index 982a53d..49b0173 100644
--- a/engines/e_afalg.c
+++ b/engines/e_afalg.c
@@ -18,6 +18,7 @@
#include <openssl/engine.h>
#include <openssl/async.h>
#include <openssl/err.h>
+#include "internal/nelem.h"
#include <sys/socket.h>
#include <linux/version.h>
@@ -78,7 +79,8 @@ static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype,
static int afalg_destroy(ENGINE *e);
static int afalg_init(ENGINE *e);
static int afalg_finish(ENGINE *e);
-const EVP_CIPHER *afalg_aes_128_cbc(void);
+const EVP_CIPHER *afalg_aes_cbc(int nid);
+static cbc_handles *get_cipher_handle(int nid);
static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid);
static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -93,10 +95,14 @@ static const char *engine_afalg_id = "afalg";
static const char *engine_afalg_name = "AFALG engine support";
static int afalg_cipher_nids[] = {
- NID_aes_128_cbc
+ NID_aes_128_cbc,
+ NID_aes_192_cbc,
+ NID_aes_256_cbc,
};
-static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
+static cbc_handles cbc_handle[] = {{AES_KEY_SIZE_128, NULL},
+ {AES_KEY_SIZE_192, NULL},
+ {AES_KEY_SIZE_256, NULL}};
static ossl_inline int io_setup(unsigned n, aio_context_t *ctx)
{
@@ -350,7 +356,6 @@ static ossl_inline int afalg_set_key(afalg_ctx *actx, const unsigned char *key,
AFALGerr(AFALG_F_AFALG_SET_KEY, AFALG_R_SOCKET_SET_KEY_FAILED);
return 0;
}
-
return 1;
}
@@ -515,6 +520,8 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
ciphertype = EVP_CIPHER_CTX_nid(ctx);
switch (ciphertype) {
case NID_aes_128_cbc:
+ case NID_aes_192_cbc:
+ case NID_aes_256_cbc:
strncpy(ciphername, "cbc(aes)", ALG_MAX_SALG_NAME);
break;
default:
@@ -637,29 +644,45 @@ static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx)
return 1;
}
-const EVP_CIPHER *afalg_aes_128_cbc(void)
+static cbc_handles *get_cipher_handle(int nid)
+{
+ switch (nid) {
+ case NID_aes_128_cbc:
+ return &cbc_handle[AES_CBC_128];
+ case NID_aes_192_cbc:
+ return &cbc_handle[AES_CBC_192];
+ case NID_aes_256_cbc:
+ return &cbc_handle[AES_CBC_256];
+ default:
+ return NULL;
+ }
+}
+
+const EVP_CIPHER *afalg_aes_cbc(int nid)
{
- if (_hidden_aes_128_cbc == NULL
- && ((_hidden_aes_128_cbc =
- EVP_CIPHER_meth_new(NID_aes_128_cbc,
- AES_BLOCK_SIZE,
- AES_KEY_SIZE_128)) == NULL
- || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc, AES_IV_LEN)
- || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
- EVP_CIPH_CBC_MODE |
- EVP_CIPH_FLAG_DEFAULT_ASN1)
- || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
- afalg_cipher_init)
- || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
- afalg_do_cipher)
- || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc,
- afalg_cipher_cleanup)
- || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
- sizeof(afalg_ctx)))) {
- EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
- _hidden_aes_128_cbc = NULL;
- }
- return _hidden_aes_128_cbc;
+ cbc_handles *cipher_handle = get_cipher_handle(nid);
+ if (cipher_handle->_hidden == NULL
+ && ((cipher_handle->_hidden =
+ EVP_CIPHER_meth_new(nid,
+ AES_BLOCK_SIZE,
+ cipher_handle->key_size)) == NULL
+ || !EVP_CIPHER_meth_set_iv_length(cipher_handle->_hidden,
+ AES_IV_LEN)
+ || !EVP_CIPHER_meth_set_flags(cipher_handle->_hidden,
+ EVP_CIPH_CBC_MODE |
+ EVP_CIPH_FLAG_DEFAULT_ASN1)
+ || !EVP_CIPHER_meth_set_init(cipher_handle->_hidden,
+ afalg_cipher_init)
+ || !EVP_CIPHER_meth_set_do_cipher(cipher_handle->_hidden,
+ afalg_do_cipher)
+ || !EVP_CIPHER_meth_set_cleanup(cipher_handle->_hidden,
+ afalg_cipher_cleanup)
+ || !EVP_CIPHER_meth_set_impl_ctx_size(cipher_handle->_hidden,
+ sizeof(afalg_ctx)))) {
+ EVP_CIPHER_meth_free(cipher_handle->_hidden);
+ cipher_handle->_hidden= NULL;
+ }
+ return cipher_handle->_hidden;
}
static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
@@ -674,19 +697,21 @@ static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
switch (nid) {
case NID_aes_128_cbc:
- *cipher = afalg_aes_128_cbc();
+ case NID_aes_192_cbc:
+ case NID_aes_256_cbc:
+ *cipher = afalg_aes_cbc(nid);
break;
default:
*cipher = NULL;
r = 0;
}
-
return r;
}
static int bind_afalg(ENGINE *e)
{
/* Ensure the afalg error handling is set up */
+ unsigned short i;
ERR_load_AFALG_strings();
if (!ENGINE_set_id(e, engine_afalg_id)
@@ -699,13 +724,15 @@ static int bind_afalg(ENGINE *e)
}
/*
- * Create _hidden_aes_128_cbc by calling afalg_aes_128_cbc
+ * Create _hidden_aes_xxx_cbc by calling afalg_aes_xxx_cbc
* now, as bind_aflag can only be called by one thread at a
* time.
*/
- if (afalg_aes_128_cbc() == NULL) {
- AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
- return 0;
+ for(i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) {
+ if (afalg_aes_cbc(afalg_cipher_nids[i]) == NULL) {
+ AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
+ return 0;
+ }
}
if (!ENGINE_set_ciphers(e, afalg_ciphers)) {
@@ -817,11 +844,20 @@ static int afalg_finish(ENGINE *e)
return 1;
}
+static int free_cbc(void)
+{
+ short unsigned int i;
+ for(i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) {
+ EVP_CIPHER_meth_free(cbc_handle[i]._hidden);
+ cbc_handle[i]._hidden = NULL;
+ }
+ return 1;
+}
+
static int afalg_destroy(ENGINE *e)
{
ERR_unload_AFALG_strings();
- EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
- _hidden_aes_128_cbc = NULL;
+ free_cbc();
return 1;
}
diff --git a/engines/e_afalg.h b/engines/e_afalg.h
index 948d67e..2c03c44 100644
--- a/engines/e_afalg.h
+++ b/engines/e_afalg.h
@@ -41,6 +41,8 @@
# define AES_BLOCK_SIZE 16
# endif
# define AES_KEY_SIZE_128 16
+# define AES_KEY_SIZE_192 24
+# define AES_KEY_SIZE_256 32
# define AES_IV_LEN 16
# define MAX_INFLIGHTS 1
@@ -51,6 +53,19 @@ typedef enum {
MODE_ASYNC
} op_mode;
+enum {
+ AES_CBC_128 = 0,
+ AES_CBC_192,
+ AES_CBC_256
+};
+
+struct cbc_cipher_handles {
+ int key_size;
+ EVP_CIPHER *_hidden;
+};
+
+typedef struct cbc_cipher_handles cbc_handles;
+
struct afalg_aio_st {
int efd;
op_mode mode;
diff --git a/test/afalgtest.c b/test/afalgtest.c
index 18025ab..adb2977 100644
--- a/test/afalgtest.c
+++ b/test/afalgtest.c
@@ -17,7 +17,7 @@
#include "testutil.h"
/* Use a buffer size which is not aligned to block size */
-#define BUFFER_SIZE (8 * 1024) - 13
+#define BUFFER_SIZE 17
#ifndef OPENSSL_NO_ENGINE
static ENGINE *e;
@@ -41,24 +41,50 @@ static ENGINE *e;
#endif
#ifndef OPENSSL_NO_AFALGENG
-static int test_afalg_aes_128_cbc(void)
+static int test_afalg_aes_cbc(int keysize_idx)
{
EVP_CIPHER_CTX *ctx;
- const EVP_CIPHER *cipher = EVP_aes_128_cbc();
- unsigned char key[] = "\x5F\x4D\xCC\x3B\x5A\xA7\x65\xD6\
- \x1D\x83\x27\xDE\xB8\x82\xCF\x99";
- unsigned char iv[] = "\x2B\x95\x99\x0A\x91\x51\x37\x4A\
- \xBD\x8F\xF8\xC5\xA7\xA0\xFE\x08";
-
- unsigned char in[BUFFER_SIZE];
+ const EVP_CIPHER *cipher;
+ unsigned char key[] = "\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
+ "\x51\x2e\x03\xd5\x34\x12\x00\x06"
+ "\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
+ "\x51\x2e\x03\xd5\x34\x12\x00\x06";
+ unsigned char iv[] = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
+ "\xb4\x22\xda\x80\x2c\x9f\xac\x41";
+ /* input = "Single block msg\n" 17Bytes*/
+ unsigned char in[BUFFER_SIZE] = "\x53\x69\x6e\x67\x6c\x65\x20\x62"
+ "\x6c\x6f\x63\x6b\x20\x6d\x73\x67\x0a";
unsigned char ebuf[BUFFER_SIZE + 32];
unsigned char dbuf[BUFFER_SIZE + 32];
+ unsigned char encresult_128[] = "\xe3\x53\x77\x9c\x10\x79\xae\xb8"
+ "\x27\x08\x94\x2d\xbe\x77\x18\x1a\x2d";
+ unsigned char encresult_192[] = "\xf7\xe4\x26\xd1\xd5\x4f\x8f\x39"
+ "\xb1\x9e\xe0\xdf\x61\xb9\xc2\x55\xeb";
+ unsigned char encresult_256[] = "\xa0\x76\x85\xfd\xc1\x65\x71\x9d"
+ "\xc7\xe9\x13\x6e\xae\x55\x49\xb4\x13";
+ unsigned char *enc_result = NULL;
+
int encl, encf, decl, decf;
int ret = 0;
+ switch (keysize_idx) {
+ case 0:
+ cipher = EVP_aes_128_cbc();
+ enc_result = &encresult_128[0];
+ break;
+ case 1:
+ cipher = EVP_aes_192_cbc();
+ enc_result = &encresult_192[0];
+ break;
+ case 2:
+ cipher = EVP_aes_256_cbc();
+ enc_result = &encresult_256[0];
+ break;
+ default:
+ cipher = NULL;
+ }
if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
return 0;
- RAND_bytes(in, BUFFER_SIZE);
if (!TEST_true(EVP_CipherInit_ex(ctx, cipher, e, key, iv, 1))
|| !TEST_true(EVP_CipherUpdate(ctx, ebuf, &encl, in, BUFFER_SIZE))
@@ -66,6 +92,9 @@ static int test_afalg_aes_128_cbc(void)
goto end;
encl += encf;
+ if (!TEST_mem_eq(enc_result, BUFFER_SIZE, ebuf, BUFFER_SIZE))
+ goto end;
+
if (!TEST_true(EVP_CIPHER_CTX_reset(ctx))
|| !TEST_true(EVP_CipherInit_ex(ctx, cipher, e, key, iv, 0))
|| !TEST_true(EVP_CipherUpdate(ctx, dbuf, &decl, ebuf, encl))
@@ -104,7 +133,7 @@ int setup_tests(void)
TEST_info("Can't load AFALG engine");
} else {
# ifndef OPENSSL_NO_AFALGENG
- ADD_TEST(test_afalg_aes_128_cbc);
+ ADD_ALL_TESTS(test_afalg_aes_cbc, 3);
# endif
}
#endif
More information about the openssl-commits
mailing list