[openssl] master update
kaduk at mit.edu
kaduk at mit.edu
Tue Aug 11 14:27:02 UTC 2020
The branch master has been updated
via 520150151bc5993194ba34464220454d8135099d (commit)
via bdc0df8ab5f3096aafd54d170c85887366920c4b (commit)
via f43c947dd924cfb1f69c800648f80881bb542027 (commit)
via 2f5c405a1694220cca7be8cd96958c1c1245f0ed (commit)
via d91f902d73689c8a8c1bf684ff9d244197f8c7b3 (commit)
via acb30f4b593bbd1bdaa6495d0f641da7ef702b95 (commit)
via 1453d736b5bb8abaa18482652828096b44c4bf3a (commit)
via c4d21d2f71363e9f6d4a0e377789555e655d96f4 (commit)
via 36025d3b8716f6f8cadc983295398ccdd734a17b (commit)
via 2c533a71c63ef223615fe4f6a0a89ffaffbd739a (commit)
via ddce5c29f535ce5f61013563732f80647d2c6977 (commit)
via d3308027e9bda451e43b52c36064fd70337e02a8 (commit)
via 18a49e168f8b6917e2b013897392cf357bb15ded (commit)
via 9197c226ea0b1c231a4141dcac055daddcb11466 (commit)
via 37322687b0fb4c5c0bb637acd3e9785ffc71fa35 (commit)
via c76ffc78a513660b5f62bc32a64f44c62edede74 (commit)
via ef58f9af93cdd75b9798cdb177319995dc7a7d50 (commit)
via 440b852a0f79ac4a7e101606a7c32d212e06d203 (commit)
via 79f4417ed940793fe7d48d613c9b903d00630b69 (commit)
via 8489026850b38447d8e3e68c4d4260585b7e8e3a (commit)
from 31d2daecb384475da13c4bf7c76a2dde0077b2f2 (commit)
- Log -----------------------------------------------------------------
commit 520150151bc5993194ba34464220454d8135099d
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Tue Jul 21 16:23:19 2020 -0700
Expose S390x HW ciphers' IV state to provider layer
The S390x hardware-accelerated cipher implementations keep their IV
state in an internal structure tied to the underlying implementation.
However, the provider itself needs to be able to expose the IV state
to libcrypto when processing the "iv-state" parameter. In the absence
of a S390x hardware-specific get_ctx_params() implementation, be sure
to copy the IV state from the hw-specific structure back to the
generic PROV_CIPHER_CTX object after each cipher operation in order to
synchronize the internal and fetchable state.
[extended tests]
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
commit bdc0df8ab5f3096aafd54d170c85887366920c4b
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Thu Jul 9 14:29:33 2020 -0700
Avoid deprecated API in evp_test.c
Use EVP_CIPHER_CTX_get_iv_state() in cipher_test_enc() rather than
the deprecated EVP_CIPHER_CTX_iv().
[extended tests]
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
commit f43c947dd924cfb1f69c800648f80881bb542027
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Thu Jul 2 16:27:03 2020 -0700
Avoid deprecated function in evp_lib.c
Use EVP_CIPHER_CTX_get_iv() to implement EVP_CIPHER_set_asn1_iv(),
rather than the deprecated EVP_CIPHER_CTX_original_iv().
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
commit 2f5c405a1694220cca7be8cd96958c1c1245f0ed
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Thu Jul 2 14:12:33 2020 -0700
Use local IV storage in EVP BLOCK_* macros
Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
EVP_CIPHER_CTX_iv_noconst() in evp.h.
These macros are internal-only, used to implement legacy libcrypto
EVP ciphers, with no real provider involvement. Accordingly, just use the
EVP_CIPHER_CTX storage directly and don't try to reach into a provider-side
context.
This does necessitate including evp_local.h in several more files.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
commit d91f902d73689c8a8c1bf684ff9d244197f8c7b3
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Thu Jul 2 14:12:33 2020 -0700
Use local IV storage in e_rc2.c
Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
EVP_CIPHER_CTX_iv_noconst() in e_rc2.c.
For the legacy implementations, there's no need to use an
in-provider storage for the IV, when the crypto operations
themselves will be performed outside of the provider.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
commit acb30f4b593bbd1bdaa6495d0f641da7ef702b95
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Thu Jul 2 14:12:33 2020 -0700
Use local IV storage in e_xcbc_d.c
Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
EVP_CIPHER_CTX_iv_noconst() in e_xcbc_d.c.
For the legacy implementations, there's no need to use an
in-provider storage for the IV, when the crypto operations
themselves will be performed outside of the provider.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
commit 1453d736b5bb8abaa18482652828096b44c4bf3a
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Thu Jul 2 14:12:33 2020 -0700
Use local IV storage in e_sm4.c
Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
EVP_CIPHER_CTX_iv_noconst() in e_sm4.c.
For the legacy implementations, there's no need to use an
in-provider storage for the IV, when the crypto operations
themselves will be performed outside of the provider.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
commit c4d21d2f71363e9f6d4a0e377789555e655d96f4
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Thu Jul 2 14:12:33 2020 -0700
Use local IV storage in e_des3.c
Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
EVP_CIPHER_CTX_iv_noconst() in e_des3.c.
For the legacy implementations, there's no need to use an
in-provider storage for the IV, when the crypto operations
themselves will be performed outside of the provider.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
commit 36025d3b8716f6f8cadc983295398ccdd734a17b
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Thu Jul 2 14:12:33 2020 -0700
Use local IV storage in e_des.c
Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
EVP_CIPHER_CTX_iv_noconst() in e_des.c.
For the legacy implementations, there's no need to use an
in-provider storage for the IV, when the crypto operations
themselves will be performed outside of the provider.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
commit 2c533a71c63ef223615fe4f6a0a89ffaffbd739a
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Thu Jul 2 14:12:33 2020 -0700
Use local IV storage in e_camellia.c
Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
EVP_CIPHER_CTX_iv_noconst() in e_camellia.c.
For the legacy implementations, there's no need to use an
in-provider storage for the IV, when the crypto operations
themselves will be performed outside of the provider.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
commit ddce5c29f535ce5f61013563732f80647d2c6977
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Thu Jul 2 14:12:33 2020 -0700
Use local IV storage in e_aria.c
Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
EVP_CIPHER_CTX_iv_noconst() in e_aria.c.
For the legacy implementations, there's no need to use an
in-provider storage for the IV, when the crypto operations
themselves will be performed outside of the provider.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
commit d3308027e9bda451e43b52c36064fd70337e02a8
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Thu Jul 2 14:12:33 2020 -0700
Use local IV storage in e_aes_ebc_hmac_sha256.c
Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
EVP_CIPHER_CTX_iv_noconst() in e_aes_cbc_hmac_sha256.c.
For the legacy implementations, there's no need to use an
in-provider storage for the IV, when the crypto operations
themselves will be performed outside of the provider.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
commit 18a49e168f8b6917e2b013897392cf357bb15ded
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Thu Jul 2 14:12:33 2020 -0700
Use local IV storage in e_aes_ebc_hmac_sha1.c
Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
EVP_CIPHER_CTX_iv_noconst() in e_aes_cbc_hmac_sha1.c.
For the legacy implementations, there's no need to use an
in-provider storage for the IV, when the crypto operations
themselves will be performed outside of the provider.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
commit 9197c226ea0b1c231a4141dcac055daddcb11466
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Thu Jul 2 14:12:33 2020 -0700
Use local IV storage in e_aes.c
Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
EVP_CIPHER_CTX_iv_noconst() in e_aes.c.
For the legacy implementations, there's no need to use an
in-provider storage for the IV, when the crypto operations
themselves will be performed outside of the provider.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
commit 37322687b0fb4c5c0bb637acd3e9785ffc71fa35
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Thu Jul 2 13:03:58 2020 -0700
Retire EVP_CTRL_GET_IV
It is superseded by EVP_CIPHER_CTX_get_iv(), is only present on master,
and had only a couple of in-tree callers that are easy to convert.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
commit c76ffc78a513660b5f62bc32a64f44c62edede74
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Mon Jun 22 11:37:31 2020 -0700
Document EVP_CIPHER_CTX IV accessors
Including the ones that were added in commit
83b06347023a573433b6aa23c8042f89df869f9e with a note that they "may go
away" and are now deprecated.
Remove the missingcrypto.txt entries for the now-deprecated functions.
[extended tests]
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
commit ef58f9af93cdd75b9798cdb177319995dc7a7d50
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Fri Jun 19 22:31:41 2020 -0700
Make GCM providers more generous about fetching IVs
The current check for iv_gen and iv_gen_rand only lets you fetch
the IV for the case when it was set internally. It might also make
sense to fetch the IV if one was set at cipher-context creation time,
so switch to checking the iv_state, which should be enough to ensure
that there is valid data in the context to be copied out.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
commit 440b852a0f79ac4a7e101606a7c32d212e06d203
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Fri Jun 19 20:42:29 2020 -0700
Add tests for new EVP_CIPHER_CTX IV accessors
Test that EVP_CIPHER_CTX_get_iv() returns the same IV that was
given at initialization time, and that EVP_CIPHER_CTX_get_iv_state()
returns the expected value after performing an encryption operation
(which will differ from the previous value for CBC and OFB modes),
for various modes of AES.
Do this both for the implicit fetch and explicit fetch paths,
at the cost of a slightly more complicated switch statement.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
commit 79f4417ed940793fe7d48d613c9b903d00630b69
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Fri Jun 19 18:43:58 2020 -0700
Deprecate and replace EVP_CIPHER_CTX_iv()/etc.
The EVP_CIPHER_CTX_iv() family of functions are incompatible with
the libcrypto/provider separation, since the implied API contract
(they are undocumented) involves a pointer into the active cipher
context structure. However, the active IV data in a provider-side
context need not even be in the same address space as libcrypto,
so a replacement API is needed.
The existing functions for accessing the (even the "original") IV had
remained undocumented for quite some time, presumably due to unease
about exposing the internals of the cipher state in such a manner.
Provide more maintainable new APIs for accessing the initial ("oiv") and
current-state ("iv") IV data, that copy the value into a caller-provided
array, eliminating the need to provide a pointer into the internal
cipher context, which accordingly no longer provides the ability to
write to the internal cipher state.
Unfortunately, in order to maintain API compatibility with OpenSSL
1.1.1, the old functionality is still available, but is marked as
deprecated for future removal. This would entail removing the "octet
pointer" parameter access, leaving only the "octet string" parameter
type.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
commit 8489026850b38447d8e3e68c4d4260585b7e8e3a
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Fri Jun 19 13:50:22 2020 -0700
Support cipher provider "iv state"
Some modes (e.g., CBC and OFB) update the effective IV with each
block-cipher invocation, making the "IV" stored in the (historically)
EVP_CIPHER_CTX or (current) PROV_CIPHER_CTX distinct from the initial
IV passed in at cipher initialization time. The latter is stored in
the "oiv" (original IV) field, and has historically been accessible
via the EVP_CIPHER_CTX_original_iv() API. The "effective IV" has
also historically been accessible, via both EVP_CIPHER_CTX_iv()
and EVP_CIPHER_CTX_iv_noconst(), the latter of which allows for
*write* access to the internal cipher state. This is particularly
problematic given that provider-internal cipher state need not, in
general, even be accessible from the same address space as libcrypto,
so these APIs are not sustainable in the long term. However, it still
remains necessary to provide access to the contents of the "IV state"
(e.g., when serializing cipher state for in-kernel TLS); a subsequent
reinitialization of a cipher context using the "IV state" as the
input IV will be able to resume processing of data in a compatible
manner.
This problem was introduced in commit
089cb623be76b88a1eea6fcd135101037661bbc3, which effectively caused
all IV queries to return the "original IV", removing access to the
current IV state of the cipher.
These functions for accessing the (even the "original") IV had remained
undocumented for quite some time, presumably due to unease about
exposing the internals of the cipher state in such a manner.
Note that this also as a side effect "fixes" some "bugs" where things
had been referring to the 'iv' field that should have been using the
'oiv' field. It also fixes the EVP_CTRL_GET_IV cipher control,
which was clearly intended to expose the non-original IV, for
use exporting the cipher state into the kernel for kTLS.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/e_aes.c | 114 +++++++++------------
crypto/evp/e_aes_cbc_hmac_sha1.c | 14 +--
crypto/evp/e_aes_cbc_hmac_sha256.c | 10 +-
crypto/evp/e_aria.c | 27 +++--
crypto/evp/e_bf.c | 1 +
crypto/evp/e_camellia.c | 35 +++----
crypto/evp/e_cast.c | 1 +
crypto/evp/e_des.c | 22 ++--
crypto/evp/e_des3.c | 37 +++----
crypto/evp/e_idea.c | 1 +
crypto/evp/e_rc2.c | 5 +-
crypto/evp/e_seed.c | 1 +
crypto/evp/e_sm4.c | 4 +-
crypto/evp/e_xcbc_d.c | 5 +-
crypto/evp/evp_enc.c | 5 -
crypto/evp/evp_lib.c | 29 +++++-
doc/man3/EVP_CIPHER_CTX_get_iv.pod | 66 ++++++++++++
doc/man7/provider-cipher.pod | 9 +-
include/crypto/evp.h | 10 +-
include/internal/ktls.h | 7 +-
include/openssl/core_names.h | 1 +
include/openssl/evp.h | 11 +-
.../ciphers/cipher_aes_cbc_hmac_sha.c | 7 ++
.../ciphers/cipher_aes_hw_s390x.inc | 3 +
providers/implementations/ciphers/cipher_aes_ocb.c | 13 +++
providers/implementations/ciphers/ciphercommon.c | 8 ++
.../implementations/ciphers/ciphercommon_ccm.c | 13 +++
.../implementations/ciphers/ciphercommon_gcm.c | 17 ++-
.../implementations/include/prov/ciphercommon.h | 3 +-
test/aesgcmtest.c | 2 +-
test/evp_extra_test.c | 113 ++++++++++++++++++++
test/evp_test.c | 16 +--
util/libcrypto.num | 8 +-
util/missingcrypto.txt | 3 -
34 files changed, 428 insertions(+), 193 deletions(-)
create mode 100644 doc/man3/EVP_CIPHER_CTX_get_iv.pod
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index c037090695..08abd5fb09 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -179,8 +179,7 @@ static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
aesni_cbc_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks,
- EVP_CIPHER_CTX_iv_noconst(ctx),
- EVP_CIPHER_CTX_encrypting(ctx));
+ ctx->iv, EVP_CIPHER_CTX_encrypting(ctx));
return 1;
}
@@ -300,7 +299,7 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
if (iv) {
xctx->xts.key2 = &xctx->ks2;
- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);
+ memcpy(ctx->iv, iv, 16);
}
return 1;
@@ -326,7 +325,7 @@ static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
cctx->key_set = 1;
}
if (iv) {
- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+ memcpy(ctx->iv, iv, 15 - cctx->L);
cctx->iv_set = 1;
}
return 1;
@@ -651,7 +650,7 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
if (iv) {
xctx->xts.key2 = &xctx->ks2;
- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);
+ memcpy(ctx->iv, iv, 16);
}
return 1;
@@ -676,7 +675,7 @@ static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
cctx->key_set = 1;
}
if (iv) {
- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+ memcpy(ctx->iv, iv, 15 - cctx->L);
cctx->iv_set = 1;
}
return 1;
@@ -986,7 +985,7 @@ static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *ivec, int enc)
{
S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
- const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+ const unsigned char *iv = ctx->oiv;
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
@@ -1041,7 +1040,7 @@ static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *ivec, int enc)
{
S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
- const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+ const unsigned char *iv = ctx->oiv;
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
@@ -1107,7 +1106,7 @@ static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *ivec, int enc)
{
S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
- const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+ const unsigned char *iv = ctx->oiv;
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
@@ -1333,17 +1332,16 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c);
S390X_AES_GCM_CTX *gctx_out;
EVP_CIPHER_CTX *out;
- unsigned char *buf, *iv;
+ unsigned char *buf;
int ivlen, enc, len;
switch (type) {
case EVP_CTRL_INIT:
ivlen = EVP_CIPHER_iv_length(c->cipher);
- iv = EVP_CIPHER_CTX_iv_noconst(c);
gctx->key_set = 0;
gctx->iv_set = 0;
gctx->ivlen = ivlen;
- gctx->iv = iv;
+ gctx->iv = c->iv;
gctx->taglen = -1;
gctx->iv_gen = 0;
gctx->tls_aad_len = -1;
@@ -1358,12 +1356,11 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
return 0;
if (arg != 12) {
- iv = EVP_CIPHER_CTX_iv_noconst(c);
len = S390X_gcm_ivpadlen(arg);
/* Allocate memory for iv if needed. */
if (gctx->ivlen == 12 || len > S390X_gcm_ivpadlen(gctx->ivlen)) {
- if (gctx->iv != iv)
+ if (gctx->iv != c->iv)
OPENSSL_free(gctx->iv);
if ((gctx->iv = OPENSSL_malloc(len)) == NULL) {
@@ -1479,10 +1476,9 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
case EVP_CTRL_COPY:
out = ptr;
gctx_out = EVP_C_DATA(S390X_AES_GCM_CTX, out);
- iv = EVP_CIPHER_CTX_iv_noconst(c);
- if (gctx->iv == iv) {
- gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out);
+ if (gctx->iv == c->iv) {
+ gctx_out->iv = out->iv;
} else {
len = S390X_gcm_ivpadlen(gctx->ivlen);
@@ -1657,13 +1653,11 @@ static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static int s390x_aes_gcm_cleanup(EVP_CIPHER_CTX *c)
{
S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c);
- const unsigned char *iv;
if (gctx == NULL)
return 0;
- iv = EVP_CIPHER_CTX_iv(c);
- if (iv != gctx->iv)
+ if (gctx->iv != c->iv)
OPENSSL_free(gctx->iv);
OPENSSL_cleanse(gctx, sizeof(*gctx));
@@ -1862,7 +1856,7 @@ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
- unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
+ unsigned char *ivec = ctx->iv;
unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
const int enc = EVP_CIPHER_CTX_encrypting(ctx);
@@ -1916,7 +1910,6 @@ static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *iv, int enc)
{
S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
- unsigned char *ivec;
int keylen;
if (iv == NULL && key == NULL)
@@ -1938,8 +1931,7 @@ static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,
}
if (iv != NULL) {
- ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
- memcpy(ivec, iv, 15 - cctx->aes.ccm.l);
+ memcpy(ctx->iv, iv, 15 - cctx->aes.ccm.l);
cctx->aes.ccm.iv_set = 1;
}
@@ -1959,7 +1951,7 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
const int enc = EVP_CIPHER_CTX_encrypting(ctx);
int rv;
- unsigned char *buf, *ivec;
+ unsigned char *buf;
if (!cctx->aes.ccm.key_set)
return -1;
@@ -1981,8 +1973,7 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (out == NULL) {
/* Update(): Pass message length. */
if (in == NULL) {
- ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
- s390x_aes_ccm_setiv(cctx, ivec, len);
+ s390x_aes_ccm_setiv(cctx, ctx->iv, len);
cctx->aes.ccm.len_set = 1;
return len;
@@ -2007,8 +1998,7 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
* In case message length was not previously set explicitly via
* Update(), set it now.
*/
- ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
- s390x_aes_ccm_setiv(cctx, ivec, len);
+ s390x_aes_ccm_setiv(cctx, ctx->iv, len);
cctx->aes.ccm.len_set = 1;
}
@@ -2047,7 +2037,7 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, c);
- unsigned char *buf, *iv;
+ unsigned char *buf;
int enc, len;
switch (type) {
@@ -2101,8 +2091,7 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
return 0;
/* Copy to first part of the iv. */
- iv = EVP_CIPHER_CTX_iv_noconst(c);
- memcpy(iv, ptr, arg);
+ memcpy(c->iv, ptr, arg);
return 1;
case EVP_CTRL_AEAD_SET_IVLEN:
@@ -2404,15 +2393,14 @@ static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
if (dat->stream.cbc)
- (*dat->stream.cbc) (in, out, len, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx),
+ (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv,
EVP_CIPHER_CTX_encrypting(ctx));
else if (EVP_CIPHER_CTX_encrypting(ctx))
- CRYPTO_cbc128_encrypt(in, out, len, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
+ CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv,
+ dat->block);
else
CRYPTO_cbc128_decrypt(in, out, len, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
+ ctx->iv, dat->block);
return 1;
}
@@ -2440,7 +2428,7 @@ static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
int num = EVP_CIPHER_CTX_num(ctx);
CRYPTO_ofb128_encrypt(in, out, len, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block);
+ ctx->iv, &num, dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
@@ -2452,7 +2440,7 @@ static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
int num = EVP_CIPHER_CTX_num(ctx);
CRYPTO_cfb128_encrypt(in, out, len, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+ ctx->iv, &num,
EVP_CIPHER_CTX_encrypting(ctx), dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
@@ -2465,7 +2453,7 @@ static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
int num = EVP_CIPHER_CTX_num(ctx);
CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+ ctx->iv, &num,
EVP_CIPHER_CTX_encrypting(ctx), dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
@@ -2479,7 +2467,7 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
int num = EVP_CIPHER_CTX_num(ctx);
CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+ ctx->iv, &num,
EVP_CIPHER_CTX_encrypting(ctx), dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
@@ -2488,7 +2476,7 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
while (len >= MAXBITCHUNK) {
int num = EVP_CIPHER_CTX_num(ctx);
CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+ ctx->iv, &num,
EVP_CIPHER_CTX_encrypting(ctx), dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
len -= MAXBITCHUNK;
@@ -2498,7 +2486,7 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (len) {
int num = EVP_CIPHER_CTX_num(ctx);
CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+ ctx->iv, &num,
EVP_CIPHER_CTX_encrypting(ctx), dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
}
@@ -2514,12 +2502,12 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (dat->stream.ctr)
CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx),
+ ctx->iv,
EVP_CIPHER_CTX_buf_noconst(ctx),
&num, dat->stream.ctr);
else
CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx),
+ ctx->iv,
EVP_CIPHER_CTX_buf_noconst(ctx), &num,
dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
@@ -2536,7 +2524,7 @@ static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
if (gctx == NULL)
return 0;
OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
- if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
+ if (gctx->iv != c->iv)
OPENSSL_free(gctx->iv);
return 1;
}
@@ -2588,14 +2576,6 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
memcpy(ptr, c->buf, arg);
return 1;
- case EVP_CTRL_GET_IV:
- if (gctx->iv_gen != 1 && gctx->iv_gen_rand != 1)
- return 0;
- if (gctx->ivlen != arg)
- return 0;
- memcpy(ptr, gctx->iv, arg);
- return 1;
-
case EVP_CTRL_GCM_SET_IV_FIXED:
/* Special case: -1 length restores whole IV */
if (arg == -1) {
@@ -3213,7 +3193,7 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
if (iv) {
xctx->xts.key2 = &xctx->ks2;
- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);
+ memcpy(ctx->iv, iv, 16);
}
return 1;
@@ -3245,9 +3225,8 @@ static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (xctx->stream)
(*xctx->stream) (in, out, len,
xctx->xts.key1, xctx->xts.key2,
- EVP_CIPHER_CTX_iv_noconst(ctx));
- else if (CRYPTO_xts128_encrypt(&xctx->xts, EVP_CIPHER_CTX_iv_noconst(ctx),
- in, out, len,
+ ctx->iv);
+ else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len,
EVP_CIPHER_CTX_encrypting(ctx)))
return 0;
return 1;
@@ -3311,7 +3290,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
return 0;
/* Just copy to first part of IV */
- memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg);
+ memcpy(c->iv, ptr, arg);
return 1;
case EVP_CTRL_AEAD_SET_IVLEN:
@@ -3402,7 +3381,7 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
cctx->key_set = 1;
} while (0);
if (iv) {
- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+ memcpy(ctx->iv, iv, 15 - cctx->L);
cctx->iv_set = 1;
}
return 1;
@@ -3421,11 +3400,11 @@ static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx),
EVP_CCM_TLS_EXPLICIT_IV_LEN);
/* Get rest of IV from explicit IV */
- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx) + EVP_CCM_TLS_FIXED_IV_LEN, in,
+ memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in,
EVP_CCM_TLS_EXPLICIT_IV_LEN);
/* Correct length value */
len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
- if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L,
+ if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L,
len))
return -1;
/* Use saved AAD */
@@ -3477,7 +3456,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (!out) {
if (!in) {
- if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+ if (CRYPTO_ccm128_setiv(ccm, ctx->iv,
15 - cctx->L, len))
return -1;
cctx->len_set = 1;
@@ -3496,8 +3475,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
/* If not set length yet do it */
if (!cctx->len_set) {
- if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
- 15 - cctx->L, len))
+ if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
return -1;
cctx->len_set = 1;
}
@@ -3564,8 +3542,8 @@ static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
wctx->iv = NULL;
}
if (iv) {
- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, EVP_CIPHER_CTX_iv_length(ctx));
- wctx->iv = EVP_CIPHER_CTX_iv_noconst(ctx);
+ memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+ wctx->iv = ctx->iv;
}
return 1;
}
@@ -3729,7 +3707,7 @@ static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
octx->key_set = 0;
octx->iv_set = 0;
octx->ivlen = EVP_CIPHER_iv_length(c->cipher);
- octx->iv = EVP_CIPHER_CTX_iv_noconst(c);
+ octx->iv = c->iv;
octx->taglen = 16;
octx->data_buf_len = 0;
octx->aad_buf_len = 0;
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index aa3b9d354e..f787d014d2 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -26,6 +26,7 @@
#include "crypto/modes.h"
#include "crypto/evp.h"
#include "internal/constant_time.h"
+#include "evp_local.h"
typedef struct {
AES_KEY ks;
@@ -438,8 +439,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
&& (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) {
SHA1_Update(&key->md, in + iv, sha_off);
- aesni_cbc_sha1_enc(in, out, blocks, &key->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx),
+ aesni_cbc_sha1_enc(in, out, blocks, &key->ks, ctx->iv,
&key->md, in + iv + sha_off);
blocks *= SHA_CBLOCK;
aes_off += blocks;
@@ -471,10 +471,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
out[plen] = l;
/* encrypt HMAC|padding at once */
aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,
- &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+ &key->ks, ctx->iv, 1);
} else {
aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off,
- &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+ &key->ks, ctx->iv, 1);
}
} else {
union {
@@ -504,7 +504,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
return 0;
/* omit explicit iv */
- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), in, AES_BLOCK_SIZE);
+ memcpy(ctx->iv, in, AES_BLOCK_SIZE);
in += AES_BLOCK_SIZE;
out += AES_BLOCK_SIZE;
@@ -525,7 +525,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
# endif
/* decrypt HMAC|padding at once */
aesni_cbc_encrypt(in, out, len, &key->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx), 0);
+ ctx->iv, 0);
/* figure out payload length */
pad = out[len - 1];
@@ -761,7 +761,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
# endif
/* decrypt HMAC|padding at once */
aesni_cbc_encrypt(in, out, len, &key->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx), 0);
+ ctx->iv, 0);
SHA1_Update(&key->md, out, len);
}
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index 72508c9851..6227002395 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -26,6 +26,7 @@
#include "crypto/modes.h"
#include "internal/constant_time.h"
#include "crypto/evp.h"
+#include "evp_local.h"
typedef struct {
AES_KEY ks;
@@ -468,8 +469,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
SHA256_Update(&key->md, in + iv, sha_off);
(void)aesni_cbc_sha256_enc(in, out, blocks, &key->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx),
- &key->md, in + iv + sha_off);
+ ctx->iv, &key->md, in + iv + sha_off);
blocks *= SHA256_CBLOCK;
aes_off += blocks;
sha_off += blocks;
@@ -500,10 +500,10 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
out[plen] = l;
/* encrypt HMAC|padding at once */
aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,
- &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+ &key->ks, ctx->iv, 1);
} else {
aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off,
- &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+ &key->ks, ctx->iv, 1);
}
} else {
union {
@@ -516,7 +516,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
/* decrypt HMAC|padding at once */
aesni_cbc_encrypt(in, out, len, &key->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx), 0);
+ ctx->iv, 0);
if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
size_t inp_len, mask, j, i;
diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c
index ba654f6b94..438693265d 100644
--- a/crypto/evp/e_aria.c
+++ b/crypto/evp/e_aria.c
@@ -173,8 +173,7 @@ static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
unsigned int num = EVP_CIPHER_CTX_num(ctx);
EVP_ARIA_KEY *dat = EVP_C_DATA(EVP_ARIA_KEY,ctx);
- CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx),
+ CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv,
EVP_CIPHER_CTX_buf_noconst(ctx), &num,
(block128_f) aria_encrypt);
EVP_CIPHER_CTX_set_num(ctx, num);
@@ -252,7 +251,7 @@ static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
gctx->key_set = 0;
gctx->iv_set = 0;
gctx->ivlen = EVP_CIPHER_iv_length(c->cipher);
- gctx->iv = EVP_CIPHER_CTX_iv_noconst(c);
+ gctx->iv = c->iv;
gctx->taglen = -1;
gctx->iv_gen = 0;
gctx->tls_aad_len = -1;
@@ -267,7 +266,7 @@ static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
return 0;
/* Allocate memory for IV if needed */
if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
- if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
+ if (gctx->iv != c->iv)
OPENSSL_free(gctx->iv);
if ((gctx->iv = OPENSSL_malloc(arg)) == NULL) {
EVPerr(EVP_F_ARIA_GCM_CTRL, ERR_R_MALLOC_FAILURE);
@@ -371,8 +370,8 @@ static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
return 0;
gctx_out->gcm.key = &gctx_out->ks;
}
- if (gctx->iv == EVP_CIPHER_CTX_iv_noconst(c))
- gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out);
+ if (gctx->iv == c->iv)
+ gctx_out->iv = out->iv;
else {
if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) {
EVPerr(EVP_F_ARIA_GCM_CTRL, ERR_R_MALLOC_FAILURE);
@@ -493,7 +492,7 @@ static int aria_gcm_cleanup(EVP_CIPHER_CTX *ctx)
{
EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX, ctx);
- if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(ctx))
+ if (gctx->iv != ctx->iv)
OPENSSL_free(gctx->iv);
return 1;
@@ -521,7 +520,7 @@ static int aria_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
cctx->key_set = 1;
}
if (iv) {
- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+ memcpy(ctx->iv, iv, 15 - cctx->L);
cctx->iv_set = 1;
}
return 1;
@@ -577,7 +576,7 @@ static int aria_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
return 0;
/* Just copy to first part of IV */
- memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg);
+ memcpy(c->iv, ptr, arg);
return 1;
case EVP_CTRL_AEAD_SET_IVLEN:
@@ -641,11 +640,11 @@ static int aria_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx),
EVP_CCM_TLS_EXPLICIT_IV_LEN);
/* Get rest of IV from explicit IV */
- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx) + EVP_CCM_TLS_FIXED_IV_LEN, in,
+ memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in,
EVP_CCM_TLS_EXPLICIT_IV_LEN);
/* Correct length value */
len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
- if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L,
+ if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L,
len))
return -1;
/* Use saved AAD */
@@ -696,8 +695,7 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (!out) {
if (!in) {
- if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
- 15 - cctx->L, len))
+ if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
return -1;
cctx->len_set = 1;
return len;
@@ -715,8 +713,7 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
/* If not set length yet do it */
if (!cctx->len_set) {
- if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
- 15 - cctx->L, len))
+ if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
return -1;
cctx->len_set = 1;
}
diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c
index c9ca56dc70..9e240d1124 100644
--- a/crypto/evp/e_bf.c
+++ b/crypto/evp/e_bf.c
@@ -20,6 +20,7 @@
# include "crypto/evp.h"
# include <openssl/objects.h>
# include <openssl/blowfish.h>
+# include "evp_local.h"
static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c
index e9a29930fc..79ac163e3a 100644
--- a/crypto/evp/e_camellia.c
+++ b/crypto/evp/e_camellia.c
@@ -23,6 +23,7 @@
#include "crypto/evp.h"
#include "crypto/modes.h"
#include "crypto/cmll_platform.h"
+#include "evp_local.h"
static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
@@ -219,15 +220,12 @@ static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
if (dat->stream.cbc)
- (*dat->stream.cbc) (in, out, len, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx),
+ (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv,
EVP_CIPHER_CTX_encrypting(ctx));
else if (EVP_CIPHER_CTX_encrypting(ctx))
- CRYPTO_cbc128_encrypt(in, out, len, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
+ CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, dat->block);
else
- CRYPTO_cbc128_decrypt(in, out, len, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
+ CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, dat->block);
return 1;
}
@@ -254,8 +252,7 @@ static int camellia_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
int num = EVP_CIPHER_CTX_num(ctx);
- CRYPTO_ofb128_encrypt(in, out, len, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block);
+ CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, ctx->iv, &num, dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
@@ -266,8 +263,8 @@ static int camellia_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
int num = EVP_CIPHER_CTX_num(ctx);
- CRYPTO_cfb128_encrypt(in, out, len, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+ CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, ctx->iv, &num,
+ EVP_CIPHER_CTX_encrypting(ctx), dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
@@ -278,8 +275,8 @@ static int camellia_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
int num = EVP_CIPHER_CTX_num(ctx);
- CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+ CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, ctx->iv, &num,
+ EVP_CIPHER_CTX_encrypting(ctx), dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
@@ -291,8 +288,8 @@ static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
int num = EVP_CIPHER_CTX_num(ctx);
- CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+ CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, ctx->iv, &num,
+ EVP_CIPHER_CTX_encrypting(ctx), dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
@@ -300,7 +297,7 @@ static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
while (len >= MAXBITCHUNK) {
int num = EVP_CIPHER_CTX_num(ctx);
CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+ ctx->iv, &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
len -= MAXBITCHUNK;
out += MAXBITCHUNK;
@@ -309,7 +306,7 @@ static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (len) {
int num = EVP_CIPHER_CTX_num(ctx);
CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+ ctx->iv, &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
}
@@ -323,13 +320,11 @@ static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
if (dat->stream.ctr)
- CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx),
+ CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, ctx->iv,
EVP_CIPHER_CTX_buf_noconst(ctx), &num,
dat->stream.ctr);
else
- CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx),
+ CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv,
EVP_CIPHER_CTX_buf_noconst(ctx), &num,
dat->block);
EVP_CIPHER_CTX_set_num(ctx, num);
diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c
index 9ee06d060b..8325a5f8d2 100644
--- a/crypto/evp/e_cast.c
+++ b/crypto/evp/e_cast.c
@@ -21,6 +21,7 @@
# include <openssl/objects.h>
# include "crypto/evp.h"
# include <openssl/cast.h>
+# include "evp_local.h"
static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c
index 9d8af99d92..d3b2206bb7 100644
--- a/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
@@ -21,6 +21,7 @@
# include "crypto/evp.h"
# include <openssl/des.h>
# include <openssl/rand.h>
+# include "evp_local.h"
typedef struct {
union {
@@ -75,7 +76,7 @@ static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
int num = EVP_CIPHER_CTX_num(ctx);
DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
EVP_CIPHER_CTX_get_cipher_data(ctx),
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num);
+ (DES_cblock *)ctx->iv, &num);
EVP_CIPHER_CTX_set_num(ctx, num);
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
@@ -85,7 +86,7 @@ static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
int num = EVP_CIPHER_CTX_num(ctx);
DES_ofb64_encrypt(in, out, (long)inl,
EVP_CIPHER_CTX_get_cipher_data(ctx),
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num);
+ (DES_cblock *)ctx->iv, &num);
EVP_CIPHER_CTX_set_num(ctx, num);
}
return 1;
@@ -97,14 +98,13 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx);
if (dat->stream.cbc != NULL) {
- (*dat->stream.cbc) (in, out, inl, &dat->ks.ks,
- EVP_CIPHER_CTX_iv_noconst(ctx));
+ (*dat->stream.cbc) (in, out, inl, &dat->ks.ks, ctx->iv);
return 1;
}
while (inl >= EVP_MAXCHUNK) {
DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK,
EVP_CIPHER_CTX_get_cipher_data(ctx),
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ (DES_cblock *)ctx->iv,
EVP_CIPHER_CTX_encrypting(ctx));
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
@@ -113,7 +113,7 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (inl)
DES_ncbc_encrypt(in, out, (long)inl,
EVP_CIPHER_CTX_get_cipher_data(ctx),
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ (DES_cblock *)ctx->iv,
EVP_CIPHER_CTX_encrypting(ctx));
return 1;
}
@@ -125,7 +125,7 @@ static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
int num = EVP_CIPHER_CTX_num(ctx);
DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
EVP_CIPHER_CTX_get_cipher_data(ctx),
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+ (DES_cblock *)ctx->iv, &num,
EVP_CIPHER_CTX_encrypting(ctx));
EVP_CIPHER_CTX_set_num(ctx, num);
inl -= EVP_MAXCHUNK;
@@ -136,7 +136,7 @@ static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
int num = EVP_CIPHER_CTX_num(ctx);
DES_cfb64_encrypt(in, out, (long)inl,
EVP_CIPHER_CTX_get_cipher_data(ctx),
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+ (DES_cblock *)ctx->iv, &num,
EVP_CIPHER_CTX_encrypting(ctx));
EVP_CIPHER_CTX_set_num(ctx, num);
}
@@ -160,7 +160,7 @@ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
for (n = 0; n < chunk * 8; ++n) {
c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
DES_cfb_encrypt(c, d, 1, 1, EVP_CIPHER_CTX_get_cipher_data(ctx),
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ (DES_cblock *)ctx->iv,
EVP_CIPHER_CTX_encrypting(ctx));
out[n / 8] =
(out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) |
@@ -182,7 +182,7 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
while (inl >= EVP_MAXCHUNK) {
DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
EVP_CIPHER_CTX_get_cipher_data(ctx),
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ (DES_cblock *)ctx->iv,
EVP_CIPHER_CTX_encrypting(ctx));
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
@@ -191,7 +191,7 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (inl)
DES_cfb_encrypt(in, out, 8, (long)inl,
EVP_CIPHER_CTX_get_cipher_data(ctx),
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ (DES_cblock *)ctx->iv,
EVP_CIPHER_CTX_encrypting(ctx));
return 1;
}
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index 3f7802ef1f..be4030895a 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -87,7 +87,7 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
&data(ctx)->ks1, &data(ctx)->ks2,
&data(ctx)->ks3,
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ (DES_cblock *)ctx->iv,
&num);
EVP_CIPHER_CTX_set_num(ctx, num);
inl -= EVP_MAXCHUNK;
@@ -99,7 +99,7 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
DES_ede3_ofb64_encrypt(in, out, (long)inl,
&data(ctx)->ks1, &data(ctx)->ks2,
&data(ctx)->ks3,
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ (DES_cblock *)ctx->iv,
&num);
EVP_CIPHER_CTX_set_num(ctx, num);
}
@@ -113,14 +113,14 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (dat->stream.cbc != NULL) {
(*dat->stream.cbc) (in, out, inl, dat->ks.ks,
- EVP_CIPHER_CTX_iv_noconst(ctx));
+ ctx->iv);
return 1;
}
while (inl >= EVP_MAXCHUNK) {
DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
&dat->ks1, &dat->ks2, &dat->ks3,
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ (DES_cblock *)ctx->iv,
EVP_CIPHER_CTX_encrypting(ctx));
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
@@ -129,7 +129,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (inl)
DES_ede3_cbc_encrypt(in, out, (long)inl,
&dat->ks1, &dat->ks2, &dat->ks3,
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ (DES_cblock *)ctx->iv,
EVP_CIPHER_CTX_encrypting(ctx));
return 1;
}
@@ -141,8 +141,7 @@ static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
int num = EVP_CIPHER_CTX_num(ctx);
DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
&data(ctx)->ks1, &data(ctx)->ks2,
- &data(ctx)->ks3,
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ &data(ctx)->ks3, (DES_cblock *)ctx->iv,
&num, EVP_CIPHER_CTX_encrypting(ctx));
EVP_CIPHER_CTX_set_num(ctx, num);
inl -= EVP_MAXCHUNK;
@@ -153,8 +152,7 @@ static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
int num = EVP_CIPHER_CTX_num(ctx);
DES_ede3_cfb64_encrypt(in, out, (long)inl,
&data(ctx)->ks1, &data(ctx)->ks2,
- &data(ctx)->ks3,
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ &data(ctx)->ks3, (DES_cblock *)ctx->iv,
&num, EVP_CIPHER_CTX_encrypting(ctx));
EVP_CIPHER_CTX_set_num(ctx, num);
}
@@ -177,8 +175,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
DES_ede3_cfb_encrypt(c, d, 1, 1,
&data(ctx)->ks1, &data(ctx)->ks2,
- &data(ctx)->ks3,
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ &data(ctx)->ks3, (DES_cblock *)ctx->iv,
EVP_CIPHER_CTX_encrypting(ctx));
out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8)))
| ((d[0] & 0x80) >> (unsigned int)(n % 8));
@@ -193,8 +190,7 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
while (inl >= EVP_MAXCHUNK) {
DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
&data(ctx)->ks1, &data(ctx)->ks2,
- &data(ctx)->ks3,
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ &data(ctx)->ks3, (DES_cblock *)ctx->iv,
EVP_CIPHER_CTX_encrypting(ctx));
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
@@ -203,8 +199,7 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (inl)
DES_ede3_cfb_encrypt(in, out, 8, (long)inl,
&data(ctx)->ks1, &data(ctx)->ks2,
- &data(ctx)->ks3,
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ &data(ctx)->ks3, (DES_cblock *)ctx->iv,
EVP_CIPHER_CTX_encrypting(ctx));
return 1;
}
@@ -330,7 +325,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
return -1;
if (out == NULL)
return inl - 16;
- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8);
+ memcpy(ctx->iv, wrap_iv, 8);
/* Decrypt first block which will end up as icv */
des_ede_cbc_cipher(ctx, icv, in, 8);
/* Decrypt central blocks */
@@ -348,7 +343,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
/* Reverse order of everything */
BUF_reverse(icv, NULL, 8);
BUF_reverse(out, NULL, inl - 16);
- BUF_reverse(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 8);
+ BUF_reverse(ctx->iv, iv, 8);
/* Decrypt again using new IV */
des_ede_cbc_cipher(ctx, out, out, inl - 16);
des_ede_cbc_cipher(ctx, icv, icv, 8);
@@ -360,7 +355,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
OPENSSL_cleanse(icv, 8);
OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
OPENSSL_cleanse(iv, 8);
- OPENSSL_cleanse(EVP_CIPHER_CTX_iv_noconst(ctx), 8);
+ OPENSSL_cleanse(ctx->iv, 8);
if (rv == -1)
OPENSSL_cleanse(out, inl - 16);
@@ -380,13 +375,13 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
memcpy(out + inl + 8, sha1tmp, 8);
OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
/* Generate random IV */
- if (RAND_bytes(EVP_CIPHER_CTX_iv_noconst(ctx), 8) <= 0)
+ if (RAND_bytes(ctx->iv, 8) <= 0)
return -1;
- memcpy(out, EVP_CIPHER_CTX_iv_noconst(ctx), 8);
+ memcpy(out, ctx->iv, 8);
/* Encrypt everything after IV in place */
des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8);
BUF_reverse(out, NULL, inl + 16);
- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8);
+ memcpy(ctx->iv, wrap_iv, 8);
des_ede_cbc_cipher(ctx, out, out, inl + 16);
return inl + 16;
}
diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c
index 43665887da..a4778a2c05 100644
--- a/crypto/evp/e_idea.c
+++ b/crypto/evp/e_idea.c
@@ -22,6 +22,7 @@
# include <openssl/objects.h>
# include "crypto/evp.h"
# include <openssl/idea.h>
+# include "evp_local.h"
/* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */
diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c
index 88d8e524cc..a8fb18e72d 100644
--- a/crypto/evp/e_rc2.c
+++ b/crypto/evp/e_rc2.c
@@ -22,6 +22,7 @@
# include <openssl/objects.h>
# include "crypto/evp.h"
# include <openssl/rc2.h>
+# include "evp_local.h"
static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
@@ -159,9 +160,7 @@ static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
if (type != NULL) {
num = rc2_meth_to_magic(c);
j = EVP_CIPHER_CTX_iv_length(c);
- i = ASN1_TYPE_set_int_octetstring(type, num,
- (unsigned char *)EVP_CIPHER_CTX_original_iv(c),
- j);
+ i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j);
}
return i;
}
diff --git a/crypto/evp/e_seed.c b/crypto/evp/e_seed.c
index 3f223ce936..98c7385f61 100644
--- a/crypto/evp/e_seed.c
+++ b/crypto/evp/e_seed.c
@@ -20,6 +20,7 @@
#include <assert.h>
#include <openssl/seed.h>
#include "crypto/evp.h"
+#include "evp_local.h"
static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c
index 4653c10a14..96c50cf13f 100644
--- a/crypto/evp/e_sm4.c
+++ b/crypto/evp/e_sm4.c
@@ -15,6 +15,7 @@
# include <openssl/modes.h>
# include "crypto/sm4.h"
# include "crypto/evp.h"
+# include "evp_local.h"
typedef struct {
SM4_KEY ks;
@@ -74,8 +75,7 @@ static int sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
unsigned int num = EVP_CIPHER_CTX_num(ctx);
EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx);
- CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
- EVP_CIPHER_CTX_iv_noconst(ctx),
+ CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv,
EVP_CIPHER_CTX_buf_noconst(ctx), &num,
(block128_f)SM4_encrypt);
EVP_CIPHER_CTX_set_num(ctx, num);
diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c
index f2b540e7cf..20756211b0 100644
--- a/crypto/evp/e_xcbc_d.c
+++ b/crypto/evp/e_xcbc_d.c
@@ -22,6 +22,7 @@
# include <openssl/objects.h>
# include "crypto/evp.h"
# include <openssl/des.h>
+# include "evp_local.h"
static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
@@ -72,7 +73,7 @@ static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
{
while (inl >= EVP_MAXCHUNK) {
DES_xcbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks,
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ (DES_cblock *)ctx->iv,
&data(ctx)->inw, &data(ctx)->outw,
EVP_CIPHER_CTX_encrypting(ctx));
inl -= EVP_MAXCHUNK;
@@ -81,7 +82,7 @@ static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
if (inl)
DES_xcbc_encrypt(in, out, (long)inl, &data(ctx)->ks,
- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ (DES_cblock *)ctx->iv,
&data(ctx)->inw, &data(ctx)->outw,
EVP_CIPHER_CTX_encrypting(ctx));
return 1;
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 74d4afdac4..71b5386232 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -971,11 +971,6 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */
default:
goto end;
- case EVP_CTRL_GET_IV:
- set_params = 0;
- params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV,
- ptr, sz);
- break;
case EVP_CTRL_AEAD_SET_IVLEN:
if (arg < 0)
return 0;
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 9f2165dc59..c4d41518ef 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -203,10 +203,9 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
{
int i = 0;
unsigned int j;
- unsigned char *oiv = NULL;
+ unsigned char oiv[EVP_MAX_IV_LENGTH];
- if (type != NULL) {
- oiv = (unsigned char *)EVP_CIPHER_CTX_original_iv(c);
+ if (type != NULL && EVP_CIPHER_CTX_get_iv(c, oiv, sizeof(oiv))) {
j = EVP_CIPHER_CTX_iv_length(c);
OPENSSL_assert(j <= sizeof(c->iv));
i = ASN1_TYPE_set_octetstring(type, oiv, j);
@@ -436,6 +435,7 @@ int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx)
return ret == 1 ? (int)v : 0;
}
+#ifndef OPENSSL_NO_DEPRECATED_3_0
const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx)
{
int ok;
@@ -460,7 +460,7 @@ const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx)
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
params[0] =
- OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV, (void **)&v,
+ OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV_STATE, (void **)&v,
sizeof(ctx->iv));
ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
@@ -474,12 +474,31 @@ unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
params[0] =
- OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV, (void **)&v,
+ OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV_STATE, (void **)&v,
sizeof(ctx->iv));
ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
return ok != 0 ? v : NULL;
}
+#endif /* OPENSSL_NO_DEPRECATED_3_0_0 */
+
+int EVP_CIPHER_CTX_get_iv_state(EVP_CIPHER_CTX *ctx, void *buf, size_t len)
+{
+ OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+ params[0] =
+ OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV_STATE, buf, len);
+ return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+}
+
+int EVP_CIPHER_CTX_get_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len)
+{
+ OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+ params[0] =
+ OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, buf, len);
+ return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+}
unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx)
{
diff --git a/doc/man3/EVP_CIPHER_CTX_get_iv.pod b/doc/man3/EVP_CIPHER_CTX_get_iv.pod
new file mode 100644
index 0000000000..e099d96dec
--- /dev/null
+++ b/doc/man3/EVP_CIPHER_CTX_get_iv.pod
@@ -0,0 +1,66 @@
+=pod
+
+=head1 NAME
+
+EVP_CIPHER_CTX_get_iv, EVP_CIPHER_CTX_get_iv_state, EVP_CIPHER_CTX_iv, EVP_CIPHER_CTX_original_iv, EVP_CIPHER_CTX_iv_noconst - Routines to inspect EVP_CIPHER_CTX IV data
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_CIPHER_CTX_get_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len);
+ int EVP_CIPHER_CTX_get_iv_state(EVP_CIPHER_CTX *ctx, void *buf, size_t len);
+ const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
+ const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx);
+ unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx);
+
+=head1 DESCRIPTION
+
+EVP_CIPHER_CTX_get_iv() and EVP_CIPHER_CTX_get_iv_state() copy initialization
+vector (IV) information from the B<EVP_CIPHER_CTX> into the caller-supplied
+buffer. L<EVP_CIPHER_CTX_iv_length(3)> can be used to determine an
+appropriate buffer size, and if the supplied buffer is too small, an error
+will be returned (and no data copied). EVP_CIPHER_CTX_get_iv() accesses the
+("original") IV that was supplied when the B<EVP_CIPHER_CTX> was created, and
+EVP_CIPHER_CTX_get_iv_state() accesses the current "IV state" of the cipher,
+which is updated during cipher operation for certain cipher modes (e.g., CBC
+and OFB).
+
+The functions EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
+EVP_CIPHER_CTX_iv_noconst() are deprecated functions that provide similar (at
+a conceptual level) functionality. EVP_CIPHER_CTX_iv() returns a pointer to
+the beginning of the "IV state" as maintained internally in the
+B<EVP_CIPHER_CTX>; EVP_CIPHER_CTX_original_iv() returns a pointer to the
+beginning of the ("original") IV, as maintained by the B<EVP_CIPHER_CTX>, that
+was provided when the B<EVP_CIPHER_CTX> was initialized; and
+EVP_CIPHER_CTX_get_iv_noconst() is the same as EVP_CIPHER_CTX_iv() but has a
+different return type for the pointer.
+
+=head1 RETURN VALUES
+
+EVP_CIPHER_CTX_get_iv() and EVP_CIPHER_CTX_get_iv_state() return 1 on success
+and 0 on failure.
+
+The functions EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
+EVP_CIPHER_CTX_iv_noconst() return a pointer to an IV as an array of bytes on
+success, and NULL on failure.
+
+=head1 HISTORY
+
+EVP_CIPHER_CTX_get_iv() and EVP_CIPHER_CTX_get_iv_state() were added in
+OpenSSL 3.0.0.
+
+EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
+EVP_CIPHER_CTX_iv_noconst() were added in OpenSSL 1.1.0, and were deprecated
+in OpenSSL 3.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod
index ee159ff7eb..d6d544c0ba 100644
--- a/doc/man7/provider-cipher.pod
+++ b/doc/man7/provider-cipher.pod
@@ -240,7 +240,14 @@ The length of the "ivlen" parameter should not exceed that of a B<size_t>.
=item "iv" (B<OSSL_CIPHER_PARAM_IV>) <octet string OR octet ptr>
-Gets the IV for the associated cipher ctx.
+Gets the IV used to initialize the associated cipher ctx.
+
+=item "iv-state" (B<OSSL_CIPHER_PARAM_IV_STATE>) <octet string OR octet ptr>
+
+Gets the current pseudo-IV state for the associated cipher ctx, e.g.,
+the previous ciphertext block for CBC mode or the iteratively encrypted IV
+value for OFB mode. Note that octet pointer access is deprecated and is
+provided only for backwards compatibility with historical libcrypto APIs.
=item "num" (B<OSSL_CIPHER_PARAM_NUM>) <unsigned integer>
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 9ded000c10..07f7ee15ea 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -311,7 +311,7 @@ static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns
{\
while(inl>=EVP_MAXCHUNK) {\
int num = EVP_CIPHER_CTX_num(ctx);\
- cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \
+ cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \
EVP_CIPHER_CTX_set_num(ctx, num);\
inl-=EVP_MAXCHUNK;\
in +=EVP_MAXCHUNK;\
@@ -319,7 +319,7 @@ static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns
}\
if (inl) {\
int num = EVP_CIPHER_CTX_num(ctx);\
- cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \
+ cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \
EVP_CIPHER_CTX_set_num(ctx, num);\
}\
return 1;\
@@ -330,13 +330,13 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns
{\
while(inl>=EVP_MAXCHUNK) \
{\
- cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\
+ cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_encrypting(ctx));\
inl-=EVP_MAXCHUNK;\
in +=EVP_MAXCHUNK;\
out+=EVP_MAXCHUNK;\
}\
if (inl)\
- cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\
+ cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_encrypting(ctx));\
return 1;\
}
@@ -353,7 +353,7 @@ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
((cbits == 1) \
&& !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \
? chunk*8 : chunk), \
- &EVP_C_DATA(kstruct, ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx),\
+ &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv,\
&num, EVP_CIPHER_CTX_encrypting(ctx));\
EVP_CIPHER_CTX_set_num(ctx, num);\
inl -= chunk;\
diff --git a/include/internal/ktls.h b/include/internal/ktls.h
index 9212bb4343..535e563479 100644
--- a/include/internal/ktls.h
+++ b/include/internal/ktls.h
@@ -346,9 +346,10 @@ static ossl_inline int ktls_configure_crypto(const EVP_CIPHER *c, int tls_versio
if (tls_version == TLS1_2_VERSION &&
EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) {
- EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GET_IV,
- EVP_GCM_TLS_FIXED_IV_LEN + EVP_GCM_TLS_EXPLICIT_IV_LEN,
- geniv);
+ if (!EVP_CIPHER_CTX_get_iv_state(dd, geniv,
+ EVP_GCM_TLS_FIXED_IV_LEN
+ + EVP_GCM_TLS_EXPLICIT_IV_LEN))
+ return 0;
iiv = geniv;
}
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index b511571fb3..53e68e778b 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -53,6 +53,7 @@ extern "C" {
#define OSSL_CIPHER_PARAM_KEYLEN "keylen" /* size_t */
#define OSSL_CIPHER_PARAM_IVLEN "ivlen" /* size_t */
#define OSSL_CIPHER_PARAM_IV "iv" /* octet_string OR octet_ptr */
+#define OSSL_CIPHER_PARAM_IV_STATE "iv-state" /* octet_string OR octet_ptr */
#define OSSL_CIPHER_PARAM_NUM "num" /* uint */
#define OSSL_CIPHER_PARAM_ROUNDS "rounds" /* uint */
#define OSSL_CIPHER_PARAM_AEAD_TAG "tag" /* octet_string */
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 6ff1e5602e..76e5565f36 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -386,8 +386,7 @@ DEPRECATEDIN_3_0(int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))
# define EVP_CTRL_SET_PIPELINE_INPUT_LENS 0x24
/* Get the IV length used by the cipher */
# define EVP_CTRL_GET_IVLEN 0x25
-/* Get the IV used by the cipher */
-# define EVP_CTRL_GET_IV 0x26
+/* 0x26 is unused */
/* Tell the cipher it's doing a speed test (SIV disallows multiple ops) */
# define EVP_CTRL_SET_SPEED 0x27
/* Get the unprotectedAttrs from cipher ctx */
@@ -545,9 +544,11 @@ int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx);
-const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
-const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx);
-unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx);
+DEPRECATEDIN_3_0(const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx))
+DEPRECATEDIN_3_0(const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx))
+DEPRECATEDIN_3_0(unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx))
+int EVP_CIPHER_CTX_get_iv_state(EVP_CIPHER_CTX *ctx, void *buf, size_t len);
+int EVP_CIPHER_CTX_get_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len);
unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num);
diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
index 6cf6a1b111..8f731228d9 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
@@ -234,6 +234,12 @@ static int aes_get_ctx_params(void *vctx, OSSL_PARAM params[])
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV_STATE);
+ if (p != NULL
+ && !OSSL_PARAM_set_octet_string(p, ctx->base.iv, ctx->base.ivlen)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
return 1;
}
@@ -248,6 +254,7 @@ static const OSSL_PARAM cipher_aes_known_gettable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV_STATE, NULL, 0),
OSSL_PARAM_END
};
const OSSL_PARAM *aes_gettable_ctx_params(void *provctx)
diff --git a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
index 56e2dc9e38..523e869c79 100644
--- a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
+++ b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
@@ -99,6 +99,7 @@ static int s390x_aes_ofb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out,
}
}
+ memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen);
adat->plat.s390x.res = n;
return 1;
}
@@ -161,6 +162,7 @@ static int s390x_aes_cfb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out,
}
}
+ memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen);
adat->plat.s390x.res = n;
return 1;
}
@@ -187,6 +189,7 @@ static int s390x_aes_cfb8_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out,
s390x_kmf(in, len, out, adat->plat.s390x.fc,
&adat->plat.s390x.param.kmo_kmf);
+ memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen);
return 1;
}
diff --git a/providers/implementations/ciphers/cipher_aes_ocb.c b/providers/implementations/ciphers/cipher_aes_ocb.c
index 162945f922..7be5c7f5e8 100644
--- a/providers/implementations/ciphers/cipher_aes_ocb.c
+++ b/providers/implementations/ciphers/cipher_aes_ocb.c
@@ -416,6 +416,18 @@ static int aes_ocb_get_ctx_params(void *vctx, OSSL_PARAM params[])
return 0;
}
}
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV_STATE);
+ if (p != NULL) {
+ if (ctx->base.ivlen > p->data_size) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
+ return 0;
+ }
+ if (!OSSL_PARAM_set_octet_string(p, ctx->base.iv, ctx->base.ivlen)
+ && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.iv, ctx->base.ivlen)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ }
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG);
if (p != NULL) {
if (p->data_type != OSSL_PARAM_OCTET_STRING) {
@@ -436,6 +448,7 @@ static const OSSL_PARAM cipher_ocb_known_gettable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV_STATE, NULL, 0),
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
OSSL_PARAM_END
};
diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c
index dd25f00db4..a5de18ab3b 100644
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
@@ -112,6 +112,7 @@ static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV_STATE, NULL, 0),
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, NULL, 0),
@@ -478,6 +479,13 @@ int cipher_generic_get_ctx_params(void *vctx, OSSL_PARAM params[])
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV_STATE);
+ if (p != NULL
+ && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)
+ && !OSSL_PARAM_set_octet_string(p, &ctx->iv, ctx->ivlen)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM);
if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->num)) {
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
diff --git a/providers/implementations/ciphers/ciphercommon_ccm.c b/providers/implementations/ciphers/ciphercommon_ccm.c
index 2b9a0687e3..bdbfa74d40 100644
--- a/providers/implementations/ciphers/ciphercommon_ccm.c
+++ b/providers/implementations/ciphers/ciphercommon_ccm.c
@@ -171,6 +171,19 @@ int ccm_get_ctx_params(void *vctx, OSSL_PARAM params[])
}
}
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV_STATE);
+ if (p != NULL) {
+ if (ccm_get_ivlen(ctx) > p->data_size) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN);
+ return 0;
+ }
+ if (!OSSL_PARAM_set_octet_string(p, ctx->iv, p->data_size)
+ && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, p->data_size)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ }
+
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) {
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c
index 080fcc9bc2..06649b3dc3 100644
--- a/providers/implementations/ciphers/ciphercommon_gcm.c
+++ b/providers/implementations/ciphers/ciphercommon_gcm.c
@@ -154,7 +154,22 @@ int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
if (p != NULL) {
- if (ctx->iv_gen != 1 && ctx->iv_gen_rand != 1)
+ if (ctx->iv_state == IV_STATE_UNINITIALISED)
+ return 0;
+ if (ctx->ivlen > p->data_size) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
+ return 0;
+ }
+ if (!OSSL_PARAM_set_octet_string(p, ctx->iv, ctx->ivlen)
+ && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ }
+
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV_STATE);
+ if (p != NULL) {
+ if (ctx->iv_state == IV_STATE_UNINITIALISED)
return 0;
if (ctx->ivlen > p->data_size) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
diff --git a/providers/implementations/include/prov/ciphercommon.h b/providers/implementations/include/prov/ciphercommon.h
index 43cec3cc2b..90f6d39d39 100644
--- a/providers/implementations/include/prov/ciphercommon.h
+++ b/providers/implementations/include/prov/ciphercommon.h
@@ -314,7 +314,8 @@ static const OSSL_PARAM name##_known_gettable_ctx_params[] = { \
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), \
OSSL_PARAM_uint(OSSL_CIPHER_PARAM_PADDING, NULL), \
OSSL_PARAM_uint(OSSL_CIPHER_PARAM_NUM, NULL), \
- OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0), \
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV_STATE, NULL, 0),
#define CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(name) \
OSSL_PARAM_END \
diff --git a/test/aesgcmtest.c b/test/aesgcmtest.c
index bacbb8f114..a68ec74d3a 100644
--- a/test/aesgcmtest.c
+++ b/test/aesgcmtest.c
@@ -58,7 +58,7 @@ static int do_encrypt(unsigned char *iv_gen, unsigned char *ct, int *ct_len,
&& TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16,
tag) > 0)
&& TEST_true(iv_gen == NULL
- || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_IV, 12, iv_gen) > 0);
+ || EVP_CIPHER_CTX_get_iv(ctx, iv_gen, 12));
EVP_CIPHER_CTX_free(ctx);
return ret;
}
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index de615c80ab..4da65a2400 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -1813,6 +1813,118 @@ static int test_rand_agglomeration(void)
return res;
}
+/*
+ * Test that we correctly return the original or "running" IV after
+ * an encryption operation.
+ * Run multiple times for some different relevant algorithms/modes.
+ */
+static int test_evp_iv(int idx)
+{
+ int ret = 0;
+ EVP_CIPHER_CTX *ctx = NULL;
+ unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
+ 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
+ unsigned char init_iv[EVP_MAX_IV_LENGTH] =
+ {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
+ 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
+ static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
+ 9, 10, 11, 12, 13, 14, 15, 16 };
+ unsigned char ciphertext[32], oiv[16], iv[16];
+ unsigned char *ref_iv;
+ unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
+ 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
+
+ unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
+ 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
+ unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
+ 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
+ unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
+#ifndef OPENSSL_NO_OCB
+ unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
+ 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
+#endif
+ int len = sizeof(ciphertext);
+ size_t ivlen, ref_len;
+ const EVP_CIPHER *type = NULL;
+
+ switch(idx) {
+ case 0:
+ type = EVP_aes_128_cbc();
+ /* FALLTHROUGH */
+ case 5:
+ type = (type != NULL) ? type :
+ EVP_CIPHER_fetch(testctx, "aes-128-cbc", NULL);
+ ref_iv = cbc_state;
+ ref_len = sizeof(cbc_state);
+ break;
+ case 1:
+ type = EVP_aes_128_ofb();
+ /* FALLTHROUGH */
+ case 6:
+ type = (type != NULL) ? type :
+ EVP_CIPHER_fetch(testctx, "aes-128-ofb", NULL);
+ ref_iv = ofb_state;
+ ref_len = sizeof(ofb_state);
+ break;
+ case 2:
+ type = EVP_aes_128_gcm();
+ /* FALLTHROUGH */
+ case 7:
+ type = (type != NULL) ? type :
+ EVP_CIPHER_fetch(testctx, "aes-128-gcm", NULL);
+ ref_iv = gcm_state;
+ ref_len = sizeof(gcm_state);
+ break;
+ case 3:
+ type = EVP_aes_128_ccm();
+ /* FALLTHROUGH */
+ case 8:
+ type = (type != NULL) ? type :
+ EVP_CIPHER_fetch(testctx, "aes-128-ccm", NULL);
+ ref_iv = ccm_state;
+ ref_len = sizeof(ccm_state);
+ break;
+#ifdef OPENSSL_NO_OCB
+ case 4:
+ case 9:
+ return 1;
+#else
+ case 4:
+ type = EVP_aes_128_ocb();
+ /* FALLTHROUGH */
+ case 9:
+ type = (type != NULL) ? type :
+ EVP_CIPHER_fetch(testctx, "aes-128-ocb", NULL);
+ ref_iv = ocb_state;
+ ref_len = sizeof(ocb_state);
+ break;
+#endif
+ default:
+ return 0;
+ }
+
+ if (!TEST_ptr(type)
+ || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
+ || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
+ || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
+ (int)sizeof(msg)))
+ || !TEST_true(EVP_CIPHER_CTX_get_iv(ctx, oiv, sizeof(oiv)))
+ || !TEST_true(EVP_CIPHER_CTX_get_iv_state(ctx, iv, sizeof(iv)))
+ || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
+ goto err;
+ ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+ if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
+ || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
+ goto err;
+
+ ret = 1;
+err:
+ EVP_CIPHER_CTX_free(ctx);
+ if (idx >= 5)
+ EVP_CIPHER_free((EVP_CIPHER *)type);
+ return ret;
+}
+
int setup_tests(void)
{
testctx = OPENSSL_CTX_new();
@@ -1869,6 +1981,7 @@ int setup_tests(void)
ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
ADD_TEST(test_rand_agglomeration);
+ ADD_ALL_TESTS(test_evp_iv, 10);
return 1;
}
diff --git a/test/evp_test.c b/test/evp_test.c
index f384a8d863..b980abc944 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -760,12 +760,16 @@ static int cipher_test_enc(EVP_TEST *t, int enc,
}
/* Check that we get the same IV back */
- if (expected->iv != NULL
- && (EVP_CIPHER_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
- && !TEST_mem_eq(expected->iv, expected->iv_len,
- EVP_CIPHER_CTX_iv(ctx_base), expected->iv_len)) {
- t->err = "INVALID_IV";
- goto err;
+ if (expected->iv != NULL) {
+ /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
+ unsigned char iv[128];
+ if (!TEST_true(EVP_CIPHER_CTX_get_iv_state(ctx_base, iv, sizeof(iv)))
+ || ((EVP_CIPHER_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
+ && !TEST_mem_eq(expected->iv, expected->iv_len, iv,
+ expected->iv_len))) {
+ t->err = "INVALID_IV";
+ goto err;
+ }
}
/* Test that the cipher dup functions correctly if it is supported */
diff --git a/util/libcrypto.num b/util/libcrypto.num
index f441232582..d5f7d9826c 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -2004,7 +2004,7 @@ PEM_read_bio_RSA_PUBKEY 2050 3_0_0 EXIST::FUNCTION:RSA
OCSP_SINGLERESP_new 2051 3_0_0 EXIST::FUNCTION:OCSP
ASN1_SCTX_free 2052 3_0_0 EXIST::FUNCTION:
i2d_ECPrivateKey_fp 2053 3_0_0 EXIST::FUNCTION:EC,STDIO
-EVP_CIPHER_CTX_original_iv 2054 3_0_0 EXIST::FUNCTION:
+EVP_CIPHER_CTX_original_iv 2054 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
PKCS7_SIGNED_free 2055 3_0_0 EXIST::FUNCTION:
X509_TRUST_get0_name 2056 3_0_0 EXIST::FUNCTION:
ENGINE_get_load_pubkey_function 2057 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
@@ -2046,7 +2046,7 @@ CMS_SignerInfo_cert_cmp 2092 3_0_0 EXIST::FUNCTION:CMS
PEM_read 2093 3_0_0 EXIST::FUNCTION:STDIO
X509_STORE_set_depth 2094 3_0_0 EXIST::FUNCTION:
EC_KEY_METHOD_get_sign 2095 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
-EVP_CIPHER_CTX_iv 2096 3_0_0 EXIST::FUNCTION:
+EVP_CIPHER_CTX_iv 2096 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
i2d_ESS_SIGNING_CERT 2097 3_0_0 EXIST::FUNCTION:
TS_RESP_set_tst_info 2098 3_0_0 EXIST::FUNCTION:TS
EVP_PKEY_CTX_set_data 2099 3_0_0 EXIST::FUNCTION:
@@ -2840,7 +2840,7 @@ EVP_PKEY_encrypt_init 2901 3_0_0 EXIST::FUNCTION:
i2d_RSAPrivateKey_fp 2902 3_0_0 EXIST::FUNCTION:RSA,STDIO
X509_REQ_print 2903 3_0_0 EXIST::FUNCTION:
RSA_size 2904 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
-EVP_CIPHER_CTX_iv_noconst 2905 3_0_0 EXIST::FUNCTION:
+EVP_CIPHER_CTX_iv_noconst 2905 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
DH_set_default_method 2906 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
X509_ALGOR_new 2907 3_0_0 EXIST::FUNCTION:
EVP_aes_192_ofb 2908 3_0_0 EXIST::FUNCTION:
@@ -5250,3 +5250,5 @@ EVP_PKEY_CTX_set_dh_kdf_outlen ? 3_0_0 EXIST::FUNCTION:DH
EVP_PKEY_CTX_get_dh_kdf_outlen ? 3_0_0 EXIST::FUNCTION:DH
EVP_PKEY_CTX_set0_dh_kdf_ukm ? 3_0_0 EXIST::FUNCTION:DH
EVP_PKEY_CTX_get0_dh_kdf_ukm ? 3_0_0 EXIST::FUNCTION:DH
+EVP_CIPHER_CTX_get_iv_state ? 3_0_0 EXIST::FUNCTION:
+EVP_CIPHER_CTX_get_iv ? 3_0_0 EXIST::FUNCTION:
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
index 3e8c62c610..3aa3b5065b 100644
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -650,10 +650,7 @@ EVP_CIPHER_CTX_buf_noconst(3)
EVP_CIPHER_CTX_clear_flags(3)
EVP_CIPHER_CTX_copy(3)
EVP_CIPHER_CTX_encrypting(3)
-EVP_CIPHER_CTX_iv(3)
-EVP_CIPHER_CTX_iv_noconst(3)
EVP_CIPHER_CTX_num(3)
-EVP_CIPHER_CTX_original_iv(3)
EVP_CIPHER_CTX_rand_key(3)
EVP_CIPHER_CTX_set_flags(3)
EVP_CIPHER_CTX_set_num(3)
More information about the openssl-commits
mailing list