Use local IV storage in EVP BLOCK_* macros

Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
EVP_CIPHER_CTX_iv_noconst() in evp.h.

These macros are internal-only, used to implement legacy libcrypto
EVP ciphers, with no real provider involvement.  Accordingly, just use the
EVP_CIPHER_CTX storage directly and don't try to reach into a provider-side
context.

This does necessitate including evp_local.h in several more files.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)

diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c
index c9ca56dc7050cb8baf242779776af33e6bcb7665..9e240d1124e5d7dbdb3eac91e4a3b4d9168ffce6 100644 (file)
--- a/crypto/evp/e_bf.c
+++ b/crypto/evp/e_bf.c
@@ -20,6 +20,7 @@
 # include "crypto/evp.h"
 # include <openssl/objects.h>
 # include <openssl/blowfish.h>
+# include "evp_local.h"
 
 static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                        const unsigned char *iv, int enc);

diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c
index 9ee06d060b794fb65edce0b7c11cadf0ce588b9f..8325a5f8d2102e1be7885c55a1d6a5b6fdc3fd65 100644 (file)
--- a/crypto/evp/e_cast.c
+++ b/crypto/evp/e_cast.c
@@ -21,6 +21,7 @@
 # include <openssl/objects.h>
 # include "crypto/evp.h"
 # include <openssl/cast.h>
+# include "evp_local.h"
 
 static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                          const unsigned char *iv, int enc);

diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c
index 43665887da1d6ca0724ad1d79ba83a14bee27ba1..a4778a2c05d5648ec2a4ed9be2bd064e4f093939 100644 (file)
--- a/crypto/evp/e_idea.c
+++ b/crypto/evp/e_idea.c
@@ -22,6 +22,7 @@
 # include <openssl/objects.h>
 # include "crypto/evp.h"
 # include <openssl/idea.h>
+# include "evp_local.h"
 
 /* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */
 

diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c
index e8d71069350d28be2ff948bb57b5ff4c5b57dc77..a8fb18e72d2cd1ddc06b9c3e1cb16e7ea4665ffe 100644 (file)
--- a/crypto/evp/e_rc2.c
+++ b/crypto/evp/e_rc2.c
@@ -22,6 +22,7 @@
 # include <openssl/objects.h>
 # include "crypto/evp.h"
 # include <openssl/rc2.h>
+# include "evp_local.h"
 
 static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         const unsigned char *iv, int enc);

diff --git a/crypto/evp/e_seed.c b/crypto/evp/e_seed.c
index 3f223ce936ce4b85b2a0c8b2360cc6c9a115902f..98c7385f61da7a665e9bdb4a44a14f0feac7b7eb 100644 (file)
--- a/crypto/evp/e_seed.c
+++ b/crypto/evp/e_seed.c
@@ -20,6 +20,7 @@
 #include <assert.h>
 #include <openssl/seed.h>
 #include "crypto/evp.h"
+#include "evp_local.h"
 
 static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                          const unsigned char *iv, int enc);

diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 9ded000c102dc68f18ffd7ee9cf6c43d8dcba8fe..07f7ee15ea6d4c778b02fdeba8fe2f9a19f42129 100644 (file)
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -311,7 +311,7 @@ static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns
 {\
         while(inl>=EVP_MAXCHUNK) {\
             int num = EVP_CIPHER_CTX_num(ctx);\
-            cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \
+            cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \
             EVP_CIPHER_CTX_set_num(ctx, num);\
             inl-=EVP_MAXCHUNK;\
             in +=EVP_MAXCHUNK;\
@@ -319,7 +319,7 @@ static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns
         }\
         if (inl) {\
             int num = EVP_CIPHER_CTX_num(ctx);\
-            cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \
+            cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \
             EVP_CIPHER_CTX_set_num(ctx, num);\
         }\
         return 1;\
@@ -330,13 +330,13 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns
 {\
         while(inl>=EVP_MAXCHUNK) \
             {\
-            cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\
+            cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_encrypting(ctx));\
             inl-=EVP_MAXCHUNK;\
             in +=EVP_MAXCHUNK;\
             out+=EVP_MAXCHUNK;\
             }\
         if (inl)\
-            cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\
+            cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_encrypting(ctx));\
         return 1;\
 }
 
@@ -353,7 +353,7 @@ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             ((cbits == 1) \
                 && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \
                 ? chunk*8 : chunk), \
-            &EVP_C_DATA(kstruct, ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx),\
+            &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv,\
             &num, EVP_CIPHER_CTX_encrypting(ctx));\
         EVP_CIPHER_CTX_set_num(ctx, num);\
         inl -= chunk;\