parameter B<OSSL_CIPHER_PARAM_RANDOM_KEY>. Only DES and 3DES set this to 1,
all other OpenSSL ciphers return 0.
+=item "decrypt-only" (B<OSSL_CIPHER_PARAM_DECRYPT_ONLY) <integer>
+
+Gets 1 if the cipher algorithm I<cipher> implementation supports only
+the decryption operation such as the 3DES ciphers in the fips provider.
+Otherwise gets 0 or the parameter might not be present at all.
+
=back
=head2 Gettable and Settable EVP_CIPHER_CTX parameters
static OSSL_FUNC_cipher_get_params_fn tdes_##type##_##lcmode##_get_params; \
static int tdes_##type##_##lcmode##_get_params(OSSL_PARAM params[]) \
{ \
- return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \
- flags, kbits, blkbits, ivbits); \
+ return ossl_tdes_get_params(params, EVP_CIPH_##UCMODE##_MODE, \
+ flags, kbits, blkbits, ivbits); \
} \
const OSSL_DISPATCH ossl_tdes_##type##_##lcmode##_functions[] = { \
{ OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))ossl_tdes_einit }, \
void *ossl_tdes_newctx(void *provctx, int mode, size_t kbits, size_t blkbits,
size_t ivbits, uint64_t flags, const PROV_CIPHER_HW *hw);
+int ossl_tdes_get_params(OSSL_PARAM params[], unsigned int md, uint64_t flags,
+ size_t kbits, size_t blkbits, size_t ivbits);
+
OSSL_FUNC_cipher_dupctx_fn ossl_tdes_dupctx;
OSSL_FUNC_cipher_freectx_fn ossl_tdes_freectx;
OSSL_FUNC_cipher_encrypt_init_fn ossl_tdes_einit;
return 0;
return ossl_cipher_generic_set_ctx_params(vctx, params);
}
+
+int ossl_tdes_get_params(OSSL_PARAM params[], unsigned int md, uint64_t flags,
+ size_t kbits, size_t blkbits, size_t ivbits)
+{
+#ifdef FIPS_MODULE
+ const int decrypt_only = 1;
+#else
+ const int decrypt_only = 0;
+#endif
+ OSSL_PARAM *p;
+
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_DECRYPT_ONLY);
+ if (p != NULL && !OSSL_PARAM_set_int(p, decrypt_only)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+
+ return ossl_cipher_generic_get_params(params, md, flags,
+ kbits, blkbits, ivbits);
+}
#include <openssl/ct.h>
#include <openssl/trace.h>
#include <openssl/core_names.h>
+#include <openssl/provider.h>
#include "internal/cryptlib.h"
#include "internal/nelem.h"
#include "internal/refcount.h"
*/
ERR_set_mark();
ciph = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(nid), properties);
+ if (ciph != NULL) {
+ OSSL_PARAM params[2];
+ int decrypt_only = 0;
+
+ params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_DECRYPT_ONLY,
+ &decrypt_only);
+ params[1] = OSSL_PARAM_construct_end();
+ if (EVP_CIPHER_get_params((EVP_CIPHER *)ciph, params)
+ && decrypt_only) {
+ /* If a cipher is decrypt-only, it is unusable */
+ EVP_CIPHER_free((EVP_CIPHER *)ciph);
+ ciph = NULL;
+ }
+ }
ERR_pop_to_mark();
return ciph;
}
'CIPHER_PARAM_RC2_KEYBITS' => "keybits", # size_t
'CIPHER_PARAM_SPEED' => "speed", # uint
'CIPHER_PARAM_CTS_MODE' => "cts_mode", # utf8_string
+ 'CIPHER_PARAM_DECRYPT_ONLY' => "decrypt-only", # int, 0 or 1
'CIPHER_PARAM_FIPS_ENCRYPT_CHECK' => "encrypt-check", # int
'CIPHER_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR',
# For passing the AlgorithmIdentifier parameter in DER form
projects / thirdparty / openssl.git / commitdiff
