{
if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) {
if (ivlen != AES_BLOCK_SIZE) {
- PROVerr(PROV_F_PROV_AES_KEY_GENERIC_INIT, ERR_R_INTERNAL_ERROR);
+ ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
return 0;
}
memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 1)) {
- /* PROVerr already called */
+ /* ERR_raise already called */
return 0;
}
if (key != NULL) {
if (keylen != ctx->keylen) {
- PROVerr(PROV_F_AES_EINIT, PROV_R_INVALID_KEY_LENGTH);
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
return 0;
}
return ctx->ciph->init(ctx, key, ctx->keylen);
PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 0)) {
- /* PROVerr already called */
+ /* ERR_raise already called */
return 0;
}
if (key != NULL) {
if (keylen != ctx->keylen) {
- PROVerr(PROV_F_AES_DINIT, PROV_R_INVALID_KEY_LENGTH);
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
return 0;
}
return ctx->ciph->init(ctx, key, ctx->keylen);
if (ctx->bufsz == AES_BLOCK_SIZE
&& (ctx->enc || inl > 0 || !ctx->pad)) {
if (outsize < AES_BLOCK_SIZE) {
- PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
return 0;
}
if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) {
- PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_CIPHER_OPERATION_FAILED);
+ ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
return 0;
}
ctx->bufsz = 0;
if (nextblocks > 0) {
if (!ctx->enc && ctx->pad && nextblocks == inl) {
if (!ossl_assert(inl >= AES_BLOCK_SIZE)) {
- PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
return 0;
}
nextblocks -= AES_BLOCK_SIZE;
}
outlint += nextblocks;
if (outsize < outlint) {
- PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
return 0;
}
if (!ctx->ciph->cipher(ctx, out, in, nextblocks)) {
- PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_CIPHER_OPERATION_FAILED);
+ ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
return 0;
}
in += nextblocks;
inl -= nextblocks;
}
if (!trailingdata(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in, &inl)) {
- /* PROVerr already called */
+ /* ERR_raise already called */
return 0;
}
*outl = 0;
return 1;
} else if (ctx->bufsz != AES_BLOCK_SIZE) {
- PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
+ ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
return 0;
}
if (outsize < AES_BLOCK_SIZE) {
- PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
return 0;
}
if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) {
- PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_CIPHER_OPERATION_FAILED);
+ ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
return 0;
}
ctx->bufsz = 0;
*outl = 0;
return 1;
}
- PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
+ ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
return 0;
}
if (!ctx->ciph->cipher(ctx, ctx->buf, ctx->buf, AES_BLOCK_SIZE)) {
- PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_CIPHER_OPERATION_FAILED);
+ ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
return 0;
}
if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE)) {
- /* PROVerr already called */
+ /* ERR_raise already called */
return 0;
}
if (outsize < ctx->bufsz) {
- PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
return 0;
}
memcpy(out, ctx->buf, ctx->bufsz);
PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
if (outsize < inl) {
- PROVerr(PROV_F_AES_STREAM_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
return 0;
}
if (!ctx->ciph->cipher(ctx, out, in, inl)) {
- PROVerr(PROV_F_AES_STREAM_UPDATE, PROV_R_CIPHER_OPERATION_FAILED);
+ ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
return 0;
}
PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
if (outsize < inl) {
- PROVerr(PROV_F_AES_CIPHER, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
return 0;
}
if (!ctx->ciph->cipher(ctx, out, in, inl)) {
- PROVerr(PROV_F_AES_CIPHER, PROV_R_CIPHER_OPERATION_FAILED);
+ ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
return 0;
}
return ctx;
}
-int aes_get_params(OSSL_PARAM params[], int md, unsigned long flags,
- int kbits, int blkbits, int ivbits)
-{
- OSSL_PARAM *p;
-
- p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE);
- if (p != NULL) {
- if (!OSSL_PARAM_set_int(p, md))
- return 0;
- }
- p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_FLAGS);
- if (p != NULL) {
- if (!OSSL_PARAM_set_ulong(p, flags))
- return 0;
- }
- p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
- if (p != NULL) {
- if (!OSSL_PARAM_set_int(p, kbits / 8))
- return 0;
- }
- p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE);
- if (p != NULL) {
- if (!OSSL_PARAM_set_int(p, blkbits / 8))
- return 0;
- }
- p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
- if (p != NULL) {
- if (!OSSL_PARAM_set_int(p, ivbits / 8))
- return 0;
- }
- return 1;
-}
-
-#define IMPLEMENT_cipher(lcmode, UCMODE, flags, kbits, blkbits, ivbits) \
- static OSSL_OP_cipher_get_params_fn aes_##kbits##_##lcmode##_get_params; \
- static int aes_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \
- { \
- return aes_get_params(params, EVP_CIPH_##UCMODE##_MODE, flags, kbits, \
- blkbits, ivbits); \
- } \
- static OSSL_OP_cipher_newctx_fn aes_##kbits##_##lcmode##_newctx; \
- static void *aes_##kbits##_##lcmode##_newctx(void *provctx) \
- { \
- return aes_new_ctx(provctx, EVP_CIPH_##UCMODE##_MODE, kbits, \
- PROV_AES_CIPHER_##lcmode(kbits / 8)); \
- }
-
-/* ECB */
-IMPLEMENT_cipher(ecb, ECB, 0, 256, 128, 0)
-IMPLEMENT_cipher(ecb, ECB, 0, 192, 128, 0)
-IMPLEMENT_cipher(ecb, ECB, 0, 128, 128, 0)
-
-/* CBC */
-IMPLEMENT_cipher(cbc, CBC, 0, 256, 128, 128)
-IMPLEMENT_cipher(cbc, CBC, 0, 192, 128, 128)
-IMPLEMENT_cipher(cbc, CBC, 0, 128, 128, 128)
-
-/* OFB */
-IMPLEMENT_cipher(ofb, OFB, 0, 256, 8, 128)
-IMPLEMENT_cipher(ofb, OFB, 0, 192, 8, 128)
-IMPLEMENT_cipher(ofb, OFB, 0, 128, 8, 128)
-
-/* CFB */
-IMPLEMENT_cipher(cfb, CFB, 0, 256, 8, 128)
-IMPLEMENT_cipher(cfb, CFB, 0, 192, 8, 128)
-IMPLEMENT_cipher(cfb, CFB, 0, 128, 8, 128)
-IMPLEMENT_cipher(cfb1, CFB, 0, 256, 8, 128)
-IMPLEMENT_cipher(cfb1, CFB, 0, 192, 8, 128)
-IMPLEMENT_cipher(cfb1, CFB, 0, 128, 8, 128)
-IMPLEMENT_cipher(cfb8, CFB, 0, 256, 8, 128)
-IMPLEMENT_cipher(cfb8, CFB, 0, 192, 8, 128)
-IMPLEMENT_cipher(cfb8, CFB, 0, 128, 8, 128)
-
-/* CTR */
-IMPLEMENT_cipher(ctr, CTR, 0, 256, 8, 128)
-IMPLEMENT_cipher(ctr, CTR, 0, 192, 8, 128)
-IMPLEMENT_cipher(ctr, CTR, 0, 128, 8, 128)
-
static void aes_freectx(void *vctx)
{
PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
PROV_AES_KEY *ret = OPENSSL_malloc(sizeof(*ret));
if (ret == NULL) {
- PROVerr(PROV_F_AES_DUPCTX, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
return NULL;
}
*ret = *in;
OSSL_PARAM *p;
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
- if (p != NULL) {
- if (!OSSL_PARAM_set_int(p, AES_BLOCK_SIZE))
- return 0;
+ if (p != NULL && !OSSL_PARAM_set_int(p, AES_BLOCK_SIZE)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
}
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING);
if (p != NULL && !OSSL_PARAM_set_int(p, ctx->pad)) {
- PROVerr(PROV_F_AES_GET_CTX_PARAMS, PROV_R_FAILED_TO_SET_PARAMETER);
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
if (p != NULL
&& !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, AES_BLOCK_SIZE)
&& !OSSL_PARAM_set_octet_string(p, &ctx->iv, AES_BLOCK_SIZE)) {
- PROVerr(PROV_F_AES_GET_CTX_PARAMS,
- PROV_R_FAILED_TO_SET_PARAMETER);
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM);
if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->num)) {
- PROVerr(PROV_F_AES_GET_CTX_PARAMS,
- PROV_R_FAILED_TO_SET_PARAMETER);
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
if (p != NULL && !OSSL_PARAM_set_int(p, ctx->keylen)) {
- PROVerr(PROV_F_AES_GET_CTX_PARAMS,
- PROV_R_FAILED_TO_SET_PARAMETER);
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
int pad;
if (!OSSL_PARAM_get_int(p, &pad)) {
- PROVerr(PROV_F_AES_SET_CTX_PARAMS,
- PROV_R_FAILED_TO_GET_PARAMETER);
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
return 0;
}
ctx->pad = pad ? 1 : 0;
int num;
if (!OSSL_PARAM_get_int(p, &num)) {
- PROVerr(PROV_F_AES_SET_CTX_PARAMS,
- PROV_R_FAILED_TO_GET_PARAMETER);
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
return 0;
}
ctx->num = num;
int keylen;
if (!OSSL_PARAM_get_int(p, &keylen)) {
- PROVerr(PROV_F_AES_SET_CTX_PARAMS,
- PROV_R_FAILED_TO_GET_PARAMETER);
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
return 0;
}
ctx->keylen = keylen;
return 1;
}
-#define IMPLEMENT_block_funcs(mode, kbits) \
- const OSSL_DISPATCH aes##kbits##mode##_functions[] = { \
- { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##kbits##_##mode##_newctx }, \
- { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit }, \
- { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit }, \
- { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_block_update }, \
- { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_block_final }, \
- { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_cipher }, \
- { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx }, \
- { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx }, \
- { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_##kbits##_##mode##_get_params }, \
- { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, (void (*)(void))aes_get_ctx_params }, \
- { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, (void (*)(void))aes_set_ctx_params }, \
- { 0, NULL } \
- };
-
-#define IMPLEMENT_stream_funcs(mode, kbits) \
- const OSSL_DISPATCH aes##kbits##mode##_functions[] = { \
- { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##kbits##_##mode##_newctx }, \
- { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit }, \
- { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit }, \
- { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_stream_update }, \
- { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_stream_final }, \
- { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_cipher }, \
- { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx }, \
- { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx }, \
- { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_##kbits##_##mode##_get_params }, \
- { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, (void (*)(void))aes_get_ctx_params }, \
- { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, (void (*)(void))aes_set_ctx_params }, \
- { 0, NULL } \
- };
+#define IMPLEMENT_cipher(lcmode, UCMODE, flags, kbits, blkbits, ivbits) \
+ static OSSL_OP_cipher_get_params_fn aes_##kbits##_##lcmode##_get_params; \
+ static int aes_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \
+ { \
+ return cipher_default_get_params(params, EVP_CIPH_##UCMODE##_MODE, \
+ flags, kbits, blkbits, ivbits); \
+ } \
+ static OSSL_OP_cipher_newctx_fn aes_##kbits##_##lcmode##_newctx; \
+ static void *aes_##kbits##_##lcmode##_newctx(void *provctx) \
+ { \
+ return aes_new_ctx(provctx, EVP_CIPH_##UCMODE##_MODE, kbits, \
+ PROV_AES_CIPHER_##lcmode(kbits / 8)); \
+ }
+
+/* ECB */
+IMPLEMENT_cipher(ecb, ECB, 0, 256, 128, 0)
+IMPLEMENT_cipher(ecb, ECB, 0, 192, 128, 0)
+IMPLEMENT_cipher(ecb, ECB, 0, 128, 128, 0)
+
+/* CBC */
+IMPLEMENT_cipher(cbc, CBC, 0, 256, 128, 128)
+IMPLEMENT_cipher(cbc, CBC, 0, 192, 128, 128)
+IMPLEMENT_cipher(cbc, CBC, 0, 128, 128, 128)
+
+/* OFB */
+IMPLEMENT_cipher(ofb, OFB, 0, 256, 8, 128)
+IMPLEMENT_cipher(ofb, OFB, 0, 192, 8, 128)
+IMPLEMENT_cipher(ofb, OFB, 0, 128, 8, 128)
+
+/* CFB */
+IMPLEMENT_cipher(cfb, CFB, 0, 256, 8, 128)
+IMPLEMENT_cipher(cfb, CFB, 0, 192, 8, 128)
+IMPLEMENT_cipher(cfb, CFB, 0, 128, 8, 128)
+IMPLEMENT_cipher(cfb1, CFB, 0, 256, 8, 128)
+IMPLEMENT_cipher(cfb1, CFB, 0, 192, 8, 128)
+IMPLEMENT_cipher(cfb1, CFB, 0, 128, 8, 128)
+IMPLEMENT_cipher(cfb8, CFB, 0, 256, 8, 128)
+IMPLEMENT_cipher(cfb8, CFB, 0, 192, 8, 128)
+IMPLEMENT_cipher(cfb8, CFB, 0, 128, 8, 128)
+
+/* CTR */
+IMPLEMENT_cipher(ctr, CTR, 0, 256, 8, 128)
+IMPLEMENT_cipher(ctr, CTR, 0, 192, 8, 128)
+IMPLEMENT_cipher(ctr, CTR, 0, 128, 8, 128)
+
+
+#define IMPLEMENT_funcs(mode, kbits, type) \
+const OSSL_DISPATCH aes##kbits##mode##_functions[] = { \
+ { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##kbits##_##mode##_newctx },\
+ { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit }, \
+ { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit }, \
+ { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_##type##_update }, \
+ { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_##type##_final }, \
+ { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_cipher }, \
+ { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx }, \
+ { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx }, \
+ { OSSL_FUNC_CIPHER_GET_PARAMS, \
+ (void (*)(void))aes_##kbits##_##mode##_get_params }, \
+ { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
+ (void (*)(void))aes_get_ctx_params }, \
+ { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
+ (void (*)(void))aes_set_ctx_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
+ (void (*)(void))cipher_default_gettable_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
+ (void (*)(void))cipher_default_gettable_ctx_params }, \
+ { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
+ (void (*)(void))cipher_default_settable_ctx_params }, \
+ { 0, NULL } \
+};
/* ECB */
-IMPLEMENT_block_funcs(ecb, 256)
-IMPLEMENT_block_funcs(ecb, 192)
-IMPLEMENT_block_funcs(ecb, 128)
+IMPLEMENT_funcs(ecb, 256, block)
+IMPLEMENT_funcs(ecb, 192, block)
+IMPLEMENT_funcs(ecb, 128, block)
/* CBC */
-IMPLEMENT_block_funcs(cbc, 256)
-IMPLEMENT_block_funcs(cbc, 192)
-IMPLEMENT_block_funcs(cbc, 128)
+IMPLEMENT_funcs(cbc, 256, block)
+IMPLEMENT_funcs(cbc, 192, block)
+IMPLEMENT_funcs(cbc, 128, block)
/* OFB */
-IMPLEMENT_stream_funcs(ofb, 256)
-IMPLEMENT_stream_funcs(ofb, 192)
-IMPLEMENT_stream_funcs(ofb, 128)
+IMPLEMENT_funcs(ofb, 256, stream)
+IMPLEMENT_funcs(ofb, 192, stream)
+IMPLEMENT_funcs(ofb, 128, stream)
/* CFB */
-IMPLEMENT_stream_funcs(cfb, 256)
-IMPLEMENT_stream_funcs(cfb, 192)
-IMPLEMENT_stream_funcs(cfb, 128)
-IMPLEMENT_stream_funcs(cfb1, 256)
-IMPLEMENT_stream_funcs(cfb1, 192)
-IMPLEMENT_stream_funcs(cfb1, 128)
-IMPLEMENT_stream_funcs(cfb8, 256)
-IMPLEMENT_stream_funcs(cfb8, 192)
-IMPLEMENT_stream_funcs(cfb8, 128)
+IMPLEMENT_funcs(cfb, 256, stream)
+IMPLEMENT_funcs(cfb, 192, stream)
+IMPLEMENT_funcs(cfb, 128, stream)
+IMPLEMENT_funcs(cfb1, 256, stream)
+IMPLEMENT_funcs(cfb1, 192, stream)
+IMPLEMENT_funcs(cfb1, 128, stream)
+IMPLEMENT_funcs(cfb8, 256, stream)
+IMPLEMENT_funcs(cfb8, 192, stream)
+IMPLEMENT_funcs(cfb8, 128, stream)
/* CTR */
-IMPLEMENT_stream_funcs(ctr, 256)
-IMPLEMENT_stream_funcs(ctr, 192)
-IMPLEMENT_stream_funcs(ctr, 128)
+IMPLEMENT_funcs(ctr, 256, stream)
+IMPLEMENT_funcs(ctr, 192, stream)
+IMPLEMENT_funcs(ctr, 128, stream)
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/core_names.h>
+#include <openssl/params.h>
+#include "ciphers_locl.h"
+#include "internal/provider_algs.h"
+#include "internal/providercommonerr.h"
+
+/*-
+ * Default cipher functions for OSSL_PARAM gettables and settables
+ */
+static const OSSL_PARAM cipher_known_gettable_params[] = {
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_MODE, NULL),
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL),
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL),
+ OSSL_PARAM_END
+};
+const OSSL_PARAM *cipher_default_gettable_params(void)
+{
+ return cipher_known_gettable_params;
+}
+
+int cipher_default_get_params(OSSL_PARAM params[], int md, unsigned long flags,
+ int kbits, int blkbits, int ivbits)
+{
+ OSSL_PARAM *p;
+
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE);
+ if (p != NULL && !OSSL_PARAM_set_int(p, md)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_FLAGS);
+ if (p != NULL && !OSSL_PARAM_set_ulong(p, flags)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
+ if (p != NULL && !OSSL_PARAM_set_int(p, kbits / 8)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE);
+ if (p != NULL && !OSSL_PARAM_set_int(p, blkbits / 8)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
+ if (p != NULL && !OSSL_PARAM_set_int(p, ivbits / 8)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ return 1;
+}
+
+static const OSSL_PARAM cipher_known_gettable_ctx_params[] = {
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL),
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL),
+ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_NUM, NULL),
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
+ OSSL_PARAM_END
+};
+const OSSL_PARAM *cipher_default_gettable_ctx_params(void)
+{
+ return cipher_known_gettable_ctx_params;
+}
+
+static const OSSL_PARAM cipher_known_settable_ctx_params[] = {
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL),
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_NUM, NULL),
+ OSSL_PARAM_END
+};
+const OSSL_PARAM *cipher_default_settable_ctx_params(void)
+{
+ return cipher_known_settable_ctx_params;
+}
+
+/*-
+ * AEAD cipher functions for OSSL_PARAM gettables and settables
+ */
+static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = {
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL),
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
+ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
+ OSSL_PARAM_END
+};
+const OSSL_PARAM *cipher_aead_gettable_ctx_params(void)
+{
+ return cipher_aead_known_gettable_ctx_params;
+}
+
+static const OSSL_PARAM cipher_aead_known_settable_ctx_params[] = {
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL),
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, NULL, 0),
+ OSSL_PARAM_END
+};
+const OSSL_PARAM *cipher_aead_settable_ctx_params(void)
+{
+ return cipher_aead_known_settable_ctx_params;
+}
if (iv != NULL) {
if (ivlen < ctx->ivlen_min || ivlen > sizeof(ctx->iv)) {
- PROVerr(0, PROV_R_INVALID_IV_LENGTH);
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
return 0;
}
ctx->ivlen = ivlen;
if (key != NULL) {
if (keylen != ctx->keylen) {
- PROVerr(0, PROV_R_INVALID_KEY_LENGTH);
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
return 0;
}
return ctx->hw->setkey(ctx, key, ctx->keylen);
}
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
if (p != NULL && !OSSL_PARAM_set_int(p, ctx->keylen)) {
- PROVerr(0, PROV_R_FAILED_TO_SET_PARAMETER);
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
if (ctx->iv_gen != 1 && ctx->iv_gen_rand != 1)
return 0;
if (ctx->ivlen != (int)p->data_size) {
- PROVerr(0, PROV_R_INVALID_IV_LENGTH);
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
return 0;
}
if (!OSSL_PARAM_set_octet_string(p, ctx->iv, ctx->ivlen)) {
- PROVerr(0, PROV_R_FAILED_TO_SET_PARAMETER);
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
}
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD);
if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad_sz)) {
- PROVerr(0, PROV_R_FAILED_TO_SET_PARAMETER);
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG);
if (p != NULL) {
sz = p->data_size;
if (sz == 0 || sz > EVP_GCM_TLS_TAG_LEN || !ctx->enc || ctx->taglen < 0) {
- PROVerr(0, PROV_R_INVALID_TAG);
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG);
return 0;
}
if (!OSSL_PARAM_set_octet_string(p, ctx->buf, sz)) {
- PROVerr(0, PROV_R_FAILED_TO_SET_PARAMETER);
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
}
if (p != NULL) {
vp = ctx->buf;
if (!OSSL_PARAM_get_octet_string(p, &vp, EVP_GCM_TLS_TAG_LEN, &sz)) {
- PROVerr(0, PROV_R_FAILED_TO_GET_PARAMETER);
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
return 0;
}
if (sz == 0 || ctx->enc) {
- PROVerr(0, PROV_R_INVALID_TAG);
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG);
return 0;
}
ctx->taglen = sz;
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN);
if (p != NULL) {
if (!OSSL_PARAM_get_size_t(p, &sz)) {
- PROVerr(0, PROV_R_FAILED_TO_GET_PARAMETER);
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
return 0;
}
if (sz == 0 || sz > sizeof(ctx->iv)) {
- PROVerr(0, PROV_R_INVALID_IV_LENGTH);
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
return 0;
}
ctx->ivlen = sz;
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD);
if (p != NULL) {
if (p->data_type != OSSL_PARAM_OCTET_STRING) {
- PROVerr(0, PROV_R_FAILED_TO_GET_PARAMETER);
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
return 0;
}
sz = gcm_tls_init(ctx, p->data, p->data_size);
if (sz == 0) {
- PROVerr(0, PROV_R_INVALID_AAD);
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_AAD);
return 0;
}
ctx->tls_aad_pad_sz = sz;
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED);
if (p != NULL) {
if (p->data_type != OSSL_PARAM_OCTET_STRING) {
- PROVerr(0, PROV_R_FAILED_TO_GET_PARAMETER);
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
return 0;
}
if (gcm_tls_iv_set_fixed(ctx, p->data, p->data_size) == 0) {
- PROVerr(0, PROV_R_FAILED_TO_GET_PARAMETER);
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
return 0;
}
}
int keylen;
if (!OSSL_PARAM_get_int(p, &keylen)) {
- PROVerr(0, PROV_R_FAILED_TO_GET_PARAMETER);
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
return 0;
}
/* The key length can not be modified for gcm mode */
PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx;
if (outsize < inl) {
- PROVerr(0, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
return -1;
}
if (gcm_cipher_internal(ctx, out, outl, in, inl) <= 0) {
- PROVerr(0, PROV_R_CIPHER_OPERATION_FAILED);
+ ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
return -1;
}
return 1;
PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx;
if (outsize < inl) {
- PROVerr(0, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
return -1;
}
* side only.
*/
if (ctx->enc && ++ctx->tls_enc_records == 0) {
- PROVerr(0, EVP_R_TOO_MANY_RECORDS);
+ ERR_raise(ERR_LIB_PROV, EVP_R_TOO_MANY_RECORDS);
goto err;
}
static OSSL_OP_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \
static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \
{ \
- return aes_get_params(params, EVP_CIPH_##UCMODE##_MODE, flags, \
- kbits, blkbits, ivbits); \
+ return cipher_default_get_params(params, EVP_CIPH_##UCMODE##_MODE, \
+ flags, kbits, blkbits, ivbits); \
} \
static OSSL_OP_cipher_newctx_fn alg##kbits##gcm_newctx; \
static void *alg##kbits##gcm_newctx(void *provctx) \
(void (*)(void))gcm_get_ctx_params }, \
{ OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
(void (*)(void))gcm_set_ctx_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
+ (void (*)(void))cipher_default_gettable_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
+ (void (*)(void))cipher_aead_gettable_ctx_params }, \
+ { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
+ (void (*)(void))cipher_aead_settable_ctx_params }, \
{ 0, NULL } \
}
return ret;
}
+static int encrypt_decrypt(const EVP_CIPHER *cipher, const unsigned char *msg,
+ size_t len)
+{
+ int ret = 0, ctlen, ptlen;
+ EVP_CIPHER_CTX *ctx = NULL;
+ unsigned char key[128 / 8];
+ unsigned char ct[64], pt[64];
+
+ memset(key, 0, sizeof(key));
+ if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
+ || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, 1))
+ || !TEST_true(EVP_CipherUpdate(ctx, ct, &ctlen, msg, len))
+ || !TEST_true(EVP_CipherFinal_ex(ctx, ct, &ctlen))
+ || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, 0))
+ || !TEST_true(EVP_CipherUpdate(ctx, pt, &ptlen, ct, ctlen))
+ || !TEST_true(EVP_CipherFinal_ex(ctx, pt, &ptlen))
+ || !TEST_mem_eq(pt, ptlen, msg, len))
+ goto err;
+
+ ret = 1;
+ err:
+ EVP_CIPHER_CTX_free(ctx);
+ return ret;
+}
+
+static int get_num_params(const OSSL_PARAM *params)
+{
+ int i = 0;
+
+ if (params != NULL) {
+ while (params[i].key != NULL)
+ ++i;
+ ++i;
+ }
+ return i;
+}
+
+/*
+ * Test EVP_CIPHER_fetch()
+ *
+ * Test 0: Test with the default OPENSSL_CTX
+ * Test 1: Test with an explicit OPENSSL_CTX
+ * Test 2: Explicit OPENSSL_CTX with explicit load of default provider
+ * Test 3: Explicit OPENSSL_CTX with explicit load of default and fips provider
+ * Test 4: Explicit OPENSSL_CTX with explicit load of fips provider
+ */
+static int test_EVP_CIPHER_fetch(int tst)
+{
+ OPENSSL_CTX *ctx = NULL;
+ EVP_CIPHER *cipher = NULL;
+ OSSL_PROVIDER *defltprov = NULL, *fipsprov = NULL;
+ int ret = 0;
+ const unsigned char testmsg[] = "Hello world";
+ const OSSL_PARAM *params;
+
+ if (tst > 0) {
+ ctx = OPENSSL_CTX_new();
+ if (!TEST_ptr(ctx))
+ goto err;
+
+ if (tst == 2 || tst == 3) {
+ defltprov = OSSL_PROVIDER_load(ctx, "default");
+ if (!TEST_ptr(defltprov))
+ goto err;
+ }
+ if (tst == 3 || tst == 4) {
+ fipsprov = OSSL_PROVIDER_load(ctx, "fips");
+ if (!TEST_ptr(fipsprov))
+ goto err;
+ }
+ }
+
+ /* Implicit fetching of the cipher should produce the expected result */
+ if (!TEST_true(encrypt_decrypt(EVP_aes_128_cbc(), testmsg, sizeof(testmsg))))
+ goto err;
+
+ /*
+ * Test that without specifying any properties we can get a cipher from a
+ * provider.
+ */
+ if (!TEST_ptr(cipher = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL))
+ || !TEST_true(encrypt_decrypt(cipher, testmsg, sizeof(testmsg))))
+ goto err;
+
+ /* Also test EVP_CIPHER_up_ref() while we're doing this */
+ if (!TEST_true(EVP_CIPHER_up_ref(cipher)))
+ goto err;
+ /* Ref count should now be 2. Release both */
+ EVP_CIPHER_meth_free(cipher);
+ EVP_CIPHER_meth_free(cipher);
+ cipher = NULL;
+
+ /*
+ * In tests 0 - 2 we've only loaded the default provider so explicitly
+ * asking for a non-default implementation should fail. In tests 3 and 4 we
+ * have the FIPS provider loaded so we should succeed in that case.
+ */
+ cipher = EVP_CIPHER_fetch(ctx, "AES-128-CBC", "default=no");
+ if (tst == 3 || tst == 4) {
+ if (!TEST_ptr(cipher)
+ || !TEST_true(encrypt_decrypt(cipher, testmsg, sizeof(testmsg))))
+ goto err;
+ } else {
+ if (!TEST_ptr_null(cipher))
+ goto err;
+ }
+
+ EVP_CIPHER_meth_free(cipher);
+ cipher = NULL;
+
+ /*
+ * Explicitly asking for the default implementation should succeed except
+ * in test 4 where the default provider is not loaded.
+ */
+ cipher = EVP_CIPHER_fetch(ctx, "AES-128-CBC", "default=yes");
+ if (tst != 4) {
+ if (!TEST_ptr(cipher)
+ || !TEST_int_eq(EVP_CIPHER_nid(cipher), NID_aes_128_cbc)
+ || !TEST_true(encrypt_decrypt(cipher, testmsg, sizeof(testmsg)))
+ || !TEST_int_eq(EVP_CIPHER_block_size(cipher), 128/8))
+ goto err;
+ } else {
+ if (!TEST_ptr_null(cipher))
+ goto err;
+ }
+
+ EVP_CIPHER_meth_free(cipher);
+ cipher = NULL;
+
+ /*
+ * Explicitly asking for a fips implementation should succeed if we have
+ * the FIPS provider loaded and fail otherwise
+ */
+ cipher = EVP_CIPHER_fetch(ctx, "AES-128-CBC", "fips=yes");
+ if (tst == 3 || tst == 4) {
+ if (!TEST_ptr(cipher)
+ || !TEST_true(encrypt_decrypt(cipher, testmsg, sizeof(testmsg)))
+ || !TEST_ptr(params = cipher->gettable_params())
+ || !TEST_int_gt(get_num_params(params), 1)
+ || !TEST_ptr(params = cipher->gettable_ctx_params())
+ || !TEST_int_gt(get_num_params(params), 1)
+ || !TEST_ptr(params = cipher->settable_ctx_params())
+ || !TEST_int_gt(get_num_params(params), 1))
+ goto err;
+ } else {
+ if (!TEST_ptr_null(cipher))
+ goto err;
+ }
+
+ ret = 1;
+
+ err:
+ EVP_CIPHER_meth_free(cipher);
+ OSSL_PROVIDER_unload(defltprov);
+ OSSL_PROVIDER_unload(fipsprov);
+ /* Not normally needed, but we would like to test that
+ * OPENSSL_thread_stop_ex() behaves as expected.
+ */
+ if (ctx != NULL)
+ OPENSSL_thread_stop_ex(ctx);
+ OPENSSL_CTX_free(ctx);
+ return ret;
+}
+
int setup_tests(void)
{
ADD_TEST(test_EVP_DigestSignInit);
#endif
#ifdef NO_FIPS_MODULE
ADD_ALL_TESTS(test_EVP_MD_fetch, 3);
+ ADD_ALL_TESTS(test_EVP_CIPHER_fetch, 3);
#else
ADD_ALL_TESTS(test_EVP_MD_fetch, 5);
+ ADD_ALL_TESTS(test_EVP_CIPHER_fetch, 5);
#endif
return 1;
}