From: Benjamin Kaduk <bkaduk@akamai.com>
Date: Thu, 2 Jul 2020 21:12:33 +0000 (-0700)
Subject: Use local IV storage in e_des.c
X-Git-Tag: openssl-3.0.0-alpha7~590
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=36025d3b8716f6f8cadc983295398ccdd734a17b;p=thirdparty%2Fopenssl.git

Use local IV storage in e_des.c

Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
EVP_CIPHER_CTX_iv_noconst() in e_des.c.

For the legacy implementations, there's no need to use an
in-provider storage for the IV, when the crypto operations
themselves will be performed outside of the provider.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
---

diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c
index 9d8af99d92e..d3b2206bb7a 100644
--- a/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
@@ -21,6 +21,7 @@
 # include "crypto/evp.h"
 # include <openssl/des.h>
 # include <openssl/rand.h>
+# include "evp_local.h"
 
 typedef struct {
     union {
@@ -75,7 +76,7 @@ static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         int num = EVP_CIPHER_CTX_num(ctx);
         DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
                           EVP_CIPHER_CTX_get_cipher_data(ctx),
-                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num);
+                          (DES_cblock *)ctx->iv, &num);
         EVP_CIPHER_CTX_set_num(ctx, num);
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
@@ -85,7 +86,7 @@ static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         int num = EVP_CIPHER_CTX_num(ctx);
         DES_ofb64_encrypt(in, out, (long)inl,
                           EVP_CIPHER_CTX_get_cipher_data(ctx),
-                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num);
+                          (DES_cblock *)ctx->iv, &num);
         EVP_CIPHER_CTX_set_num(ctx, num);
     }
     return 1;
@@ -97,14 +98,13 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx);
 
     if (dat->stream.cbc != NULL) {
-        (*dat->stream.cbc) (in, out, inl, &dat->ks.ks,
-                            EVP_CIPHER_CTX_iv_noconst(ctx));
+        (*dat->stream.cbc) (in, out, inl, &dat->ks.ks, ctx->iv);
         return 1;
     }
     while (inl >= EVP_MAXCHUNK) {
         DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK,
                          EVP_CIPHER_CTX_get_cipher_data(ctx),
-                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         (DES_cblock *)ctx->iv,
                          EVP_CIPHER_CTX_encrypting(ctx));
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
@@ -113,7 +113,7 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     if (inl)
         DES_ncbc_encrypt(in, out, (long)inl,
                          EVP_CIPHER_CTX_get_cipher_data(ctx),
-                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         (DES_cblock *)ctx->iv,
                          EVP_CIPHER_CTX_encrypting(ctx));
     return 1;
 }
@@ -125,7 +125,7 @@ static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         int num = EVP_CIPHER_CTX_num(ctx);
         DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
                           EVP_CIPHER_CTX_get_cipher_data(ctx),
-                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                          (DES_cblock *)ctx->iv, &num,
                           EVP_CIPHER_CTX_encrypting(ctx));
         EVP_CIPHER_CTX_set_num(ctx, num);
         inl -= EVP_MAXCHUNK;
@@ -136,7 +136,7 @@ static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         int num = EVP_CIPHER_CTX_num(ctx);
         DES_cfb64_encrypt(in, out, (long)inl,
                           EVP_CIPHER_CTX_get_cipher_data(ctx),
-                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                          (DES_cblock *)ctx->iv, &num,
                           EVP_CIPHER_CTX_encrypting(ctx));
         EVP_CIPHER_CTX_set_num(ctx, num);
     }
@@ -160,7 +160,7 @@ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         for (n = 0; n < chunk * 8; ++n) {
             c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
             DES_cfb_encrypt(c, d, 1, 1, EVP_CIPHER_CTX_get_cipher_data(ctx),
-                            (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                            (DES_cblock *)ctx->iv,
                             EVP_CIPHER_CTX_encrypting(ctx));
             out[n / 8] =
                 (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) |
@@ -182,7 +182,7 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     while (inl >= EVP_MAXCHUNK) {
         DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
                         EVP_CIPHER_CTX_get_cipher_data(ctx),
-                        (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                        (DES_cblock *)ctx->iv,
                         EVP_CIPHER_CTX_encrypting(ctx));
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
@@ -191,7 +191,7 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     if (inl)
         DES_cfb_encrypt(in, out, 8, (long)inl,
                         EVP_CIPHER_CTX_get_cipher_data(ctx),
-                        (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                        (DES_cblock *)ctx->iv,
                         EVP_CIPHER_CTX_encrypting(ctx));
     return 1;
 }