Add iv length and key length params to the cipher init calls

author Matt Caswell <matt@openssl.org>

Wed, 10 Apr 2019 12:23:58 +0000 (13:23 +0100)

committer Matt Caswell <matt@openssl.org>

Fri, 19 Apr 2019 08:31:54 +0000 (09:31 +0100)
author Matt Caswell <matt@openssl.org>
Wed, 10 Apr 2019 12:23:58 +0000 (13:23 +0100)
committer Matt Caswell <matt@openssl.org>
Fri, 19 Apr 2019 08:31:54 +0000 (09:31 +0100)
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c

index 31e590bd95f8203d8291c04a5d0f0921fe684962..6d4e033816a41c889d05b9e928f38392d9baf40b 100644 (file)
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -241,7 +241,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
              return 0;
          }
  
-        return ctx->cipher->einit(ctx->provctx, key, iv);
+        return ctx->cipher->einit(ctx->provctx,
+                                  key,
+                                  EVP_CIPHER_CTX_key_length(ctx),
+                                  iv,
+                                  EVP_CIPHER_CTX_iv_length(ctx));
      }
  
      if (ctx->cipher->dinit == NULL) {
@@ -249,7 +253,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
          return 0;
      }
  
-    return ctx->cipher->dinit(ctx->provctx, key, iv);
+    return ctx->cipher->dinit(ctx->provctx,
+                              key,
+                              EVP_CIPHER_CTX_key_length(ctx),
+                              iv,
+                              EVP_CIPHER_CTX_iv_length(ctx));
  
      /* TODO(3.0): Remove legacy code below */
   legacy:
diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h

index 8994374567277c792628385d1542b6f06b0b2991..e56909aa03e8ed4ab45e5aa4e15964d89ff3dd48 100644 (file)
--- a/include/openssl/core_numbers.h
+++ b/include/openssl/core_numbers.h
@@ -126,10 +126,14 @@ OSSL_CORE_MAKE_FUNC(size_t, OP_digest_block_size, (void))
  OSSL_CORE_MAKE_FUNC(void *, OP_cipher_newctx, (void))
  OSSL_CORE_MAKE_FUNC(int, OP_cipher_encrypt_init, (void *vctx,
                                                    const unsigned char *key,
-                                                  const unsigned char *iv))
+                                                  size_t keylen,
+                                                  const unsigned char *iv,
+                                                  size_t ivlen))
  OSSL_CORE_MAKE_FUNC(int, OP_cipher_decrypt_init, (void *vctx,
                                                    const unsigned char *key,
-                                                  const unsigned char *iv))
+                                                  size_t keylen,
+                                                  const unsigned char *iv,
+                                                  size_t ivlen))
  OSSL_CORE_MAKE_FUNC(int, OP_cipher_update,
                      (void *, unsigned char *out, size_t *outl,
                       const unsigned char *in, size_t inl))
diff --git a/providers/common/ciphers/aes.c b/providers/common/ciphers/aes.c

index 285fea6ea9c0925ccb53ba616e6a3f6b5b814c2d..21ecc2b14aa2d0666899797d1b92fd0b65e9255d 100644 (file)
--- a/providers/common/ciphers/aes.c
+++ b/providers/common/ciphers/aes.c
@@ -17,35 +17,49 @@
  #include "internal/provider_algs.h"
  #include "ciphers_locl.h"
  
-static void PROV_AES_KEY_generic_init(PROV_AES_KEY *ctx,
+static int PROV_AES_KEY_generic_init(PROV_AES_KEY *ctx,
                                        const unsigned char *iv,
+                                      size_t ivlen,
                                        int enc)
  {
-    if (iv != NULL)
+    if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) {
+        if (ivlen != AES_BLOCK_SIZE)
+            return 0;
          memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
+    }
      ctx->enc = enc;
+
+    return 1;
  }
  
-static int aes_einit(void *vctx, const unsigned char *key,
-                           const unsigned char *iv)
+static int aes_einit(void *vctx, const unsigned char *key, size_t keylen,
+                           const unsigned char *iv, size_t ivlen)
  {
      PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
  
-    PROV_AES_KEY_generic_init(ctx, iv, 1);
-    if (key != NULL)
+    if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 1))
+        return 0;
+    if (key != NULL) {
+        if (keylen != ctx->keylen)
+            return 0;
          return ctx->ciph->init(ctx, key, ctx->keylen);
+    }
  
      return 1;
  }
  
-static int aes_dinit(void *vctx, const unsigned char *key,
-                     const unsigned char *iv)
+static int aes_dinit(void *vctx, const unsigned char *key, size_t keylen,
+                     const unsigned char *iv, size_t ivlen)
  {
      PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
  
-    PROV_AES_KEY_generic_init(ctx, iv, 0);
-    if (key != NULL)
+    if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 0))
+        return 0;
+    if (key != NULL) {
+        if (keylen != ctx->keylen)
+            return 0;
          return ctx->ciph->init(ctx, key, ctx->keylen);
+    }
  
      return 1;
  }
author	Matt Caswell <matt@openssl.org>
	Wed, 10 Apr 2019 12:23:58 +0000 (13:23 +0100)
committer	Matt Caswell <matt@openssl.org>
	Fri, 19 Apr 2019 08:31:54 +0000 (09:31 +0100)
crypto/evp/evp_enc.c		patch \| blob \| blame \| history
include/openssl/core_numbers.h		patch \| blob \| blame \| history
providers/common/ciphers/aes.c		patch \| blob \| blame \| history