diff options
| author | tb <> | 2023-12-20 14:10:03 +0000 |
|---|---|---|
| committer | tb <> | 2023-12-20 14:10:03 +0000 |
| commit | 35c5bac9416b588e7e556a909c2254080d989acc (patch) | |
| tree | f66659f56f1a061d4d34fd4cad10f36d6c56940a /src | |
| parent | 240622084098dcd1091638abfa6c1f6ce67b21a0 (diff) | |
| download | openbsd-35c5bac9416b588e7e556a909c2254080d989acc.tar.gz openbsd-35c5bac9416b588e7e556a909c2254080d989acc.tar.bz2 openbsd-35c5bac9416b588e7e556a909c2254080d989acc.zip | |
Remove block_mask from EVP_CIPHER_CTX
The block mask is only used in EVP_{De,En}cryptUpdate(). There's no need to
hang it off the EVP_CIPHER_CTX since it is easy to compute and validate.
ok joshua jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/evp/evp_enc.c | 19 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/evp_local.h | 3 |
2 files changed, 15 insertions, 7 deletions
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index 0c18a8833b..3322e4a05d 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: evp_enc.c,v 1.68 2023/12/20 11:33:52 tb Exp $ */ | 1 | /* $OpenBSD: evp_enc.c,v 1.69 2023/12/20 14:10:03 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -122,7 +122,8 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, | |||
| 122 | EVPerror(EVP_R_NO_CIPHER_SET); | 122 | EVPerror(EVP_R_NO_CIPHER_SET); |
| 123 | return 0; | 123 | return 0; |
| 124 | } | 124 | } |
| 125 | /* we assume block size is a power of 2 in *cryptUpdate */ | 125 | |
| 126 | /* Block sizes must be a power of 2 due to the use of block_mask. */ | ||
| 126 | if (ctx->cipher->block_size != 1 && | 127 | if (ctx->cipher->block_size != 1 && |
| 127 | ctx->cipher->block_size != 8 && | 128 | ctx->cipher->block_size != 8 && |
| 128 | ctx->cipher->block_size != 16) { | 129 | ctx->cipher->block_size != 16) { |
| @@ -184,9 +185,10 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, | |||
| 184 | if (!ctx->cipher->init(ctx, key, iv, enc)) | 185 | if (!ctx->cipher->init(ctx, key, iv, enc)) |
| 185 | return 0; | 186 | return 0; |
| 186 | } | 187 | } |
| 188 | |||
| 187 | ctx->partial_len = 0; | 189 | ctx->partial_len = 0; |
| 188 | ctx->final_used = 0; | 190 | ctx->final_used = 0; |
| 189 | ctx->block_mask = ctx->cipher->block_size - 1; | 191 | |
| 190 | return 1; | 192 | return 1; |
| 191 | } | 193 | } |
| 192 | 194 | ||
| @@ -297,12 +299,15 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, | |||
| 297 | const unsigned char *in, int inl) | 299 | const unsigned char *in, int inl) |
| 298 | { | 300 | { |
| 299 | const int block_size = ctx->cipher->block_size; | 301 | const int block_size = ctx->cipher->block_size; |
| 300 | const int block_mask = ctx->block_mask; | 302 | const int block_mask = block_size - 1; |
| 301 | int partial_len = ctx->partial_len; | 303 | int partial_len = ctx->partial_len; |
| 302 | int len = 0, total_len = 0; | 304 | int len = 0, total_len = 0; |
| 303 | 305 | ||
| 304 | *outl = 0; | 306 | *outl = 0; |
| 305 | 307 | ||
| 308 | if ((block_size & block_mask) != 0) | ||
| 309 | return 0; | ||
| 310 | |||
| 306 | if (inl < 0) | 311 | if (inl < 0) |
| 307 | return 0; | 312 | return 0; |
| 308 | 313 | ||
| @@ -418,10 +423,14 @@ EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, | |||
| 418 | const unsigned char *in, int inl) | 423 | const unsigned char *in, int inl) |
| 419 | { | 424 | { |
| 420 | const int block_size = ctx->cipher->block_size; | 425 | const int block_size = ctx->cipher->block_size; |
| 426 | const int block_mask = block_size - 1; | ||
| 421 | int len = 0, total_len = 0; | 427 | int len = 0, total_len = 0; |
| 422 | 428 | ||
| 423 | *outl = 0; | 429 | *outl = 0; |
| 424 | 430 | ||
| 431 | if ((block_size & block_mask) != 0) | ||
| 432 | return 0; | ||
| 433 | |||
| 425 | if (inl < 0) | 434 | if (inl < 0) |
| 426 | return 0; | 435 | return 0; |
| 427 | 436 | ||
| @@ -445,7 +454,7 @@ EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, | |||
| 445 | * length output from EVP_EncryptUpdate() is inl & ~block_mask. | 454 | * length output from EVP_EncryptUpdate() is inl & ~block_mask. |
| 446 | * Ensure (inl & ~block_mask) + block_size doesn't overflow. | 455 | * Ensure (inl & ~block_mask) + block_size doesn't overflow. |
| 447 | */ | 456 | */ |
| 448 | if ((inl & ~ctx->block_mask) > INT_MAX - block_size) { | 457 | if ((inl & ~block_mask) > INT_MAX - block_size) { |
| 449 | EVPerror(EVP_R_TOO_LARGE); | 458 | EVPerror(EVP_R_TOO_LARGE); |
| 450 | return 0; | 459 | return 0; |
| 451 | } | 460 | } |
diff --git a/src/lib/libcrypto/evp/evp_local.h b/src/lib/libcrypto/evp/evp_local.h index 7bc266250c..36c373523f 100644 --- a/src/lib/libcrypto/evp/evp_local.h +++ b/src/lib/libcrypto/evp/evp_local.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: evp_local.h,v 1.7 2023/12/20 11:31:17 tb Exp $ */ | 1 | /* $OpenBSD: evp_local.h,v 1.8 2023/12/20 14:10:03 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -180,7 +180,6 @@ struct evp_cipher_ctx_st { | |||
| 180 | unsigned long flags; /* Various flags */ | 180 | unsigned long flags; /* Various flags */ |
| 181 | void *cipher_data; /* per EVP data */ | 181 | void *cipher_data; /* per EVP data */ |
| 182 | int final_used; | 182 | int final_used; |
| 183 | int block_mask; | ||
| 184 | unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */ | 183 | unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */ |
| 185 | } /* EVP_CIPHER_CTX */; | 184 | } /* EVP_CIPHER_CTX */; |
| 186 | 185 | ||