-
-
Notifications
You must be signed in to change notification settings - Fork 10.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rework EVP_CIPHER support, enhance existing functions #9328
Conversation
A lot of the different numbers associated with ciphers are really algorithm parameters. Key length, block size, IV length, that sort of thing.
The cipher context IV was a bit interesting. EVP_CIPHER_CTX_iv() returns a pointer to the live IV, while EVP_CIPHER_CTX_ctrl() with the type EVP_CTRL_GET_IV gets a copy of the live IV. To support both, we support getting it with both the OSSL_PARAM_OCTET_STRING and OSSL_PARAM_OCTET_PTR datatypes.
Ok, I've reworked the ugly macros with a function and a set of callbacks. Thanks for pushing me |
|
D'oh. You're entirely correct |
CIs are now happy |
Just finish tests - proposed correction resolves issue #8895. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
overall, nice job IMO.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks much better.
LGTM |
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #9328)
A lot of the different numbers associated with ciphers are really algorithm parameters. Key length, block size, IV length, that sort of thing. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #9328)
…nterfaces Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #9328)
The cipher context IV was a bit interesting. EVP_CIPHER_CTX_iv() returns a pointer to the live IV, while EVP_CIPHER_CTX_ctrl() with the type EVP_CTRL_GET_IV gets a copy of the live IV. To support both, we support getting it with both the OSSL_PARAM_OCTET_STRING and OSSL_PARAM_OCTET_PTR datatypes. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #9328)
This adds missing support for providers in diverse EVP_CIPHER and EVP_CIPHER_CTX functions. A few helper macros found in
crypto/evp/evp_locl.h
minimize the code duplication.One bit may be controversial: I've change the proliferation of small functions return small bits of information, such as key length, iv length, that sort of things, into parameters fetchable and settable with get_params and set_params type functions. My main reasoning is that it makes for a more consistent transfer of information data. Others may disagree and I'm open for other points of view.
The cipher context IV was a bit interesting. EVP_CIPHER_CTX_iv() returns a pointer to the live IV, while EVP_CIPHER_CTX_ctrl() with the type EVP_CTRL_GET_IV gets a copy of the live IV. To support both, we support getting it with both the OSSL_PARAM_OCTET_STRING and OSSL_PARAM_OCTET_PTR datatypes.
This is a first, and a bit unexpected... I hadn't foreseen this kind of use for OSSL_PARAM_OCTET_PTR, and this type of use may not always be very well supported, by providers who do not want to share their internals like this (I expect the FIPS provider to refuse this, since that constitutes an intermediate value that probably shouldn't get out).
NOTE: this PR includes the test change from #9324.
NOTE: this PR overlaps #9301 a bit. I left all the AEAD, GCM and CCM stuff alone 'cause I knew it was there already. But @slontis, we may have to discuss coding strategies, they differ a bit 😉