Skip to content

Move basic AES ciphers into the default provider#8700

Closed
mattcaswell wants to merge 18 commits intoopenssl:masterfrom
mattcaswell:provider-cipher
Closed

Move basic AES ciphers into the default provider#8700
mattcaswell wants to merge 18 commits intoopenssl:masterfrom
mattcaswell:provider-cipher

Conversation

@mattcaswell
Copy link
Member

@mattcaswell mattcaswell commented Apr 8, 2019

This moves basic AES ciphers: ECB, CBC, OFB, CFB, CFB1, CFB8 and CTR, of all key sizes into the default provider.

Marked as WIP because there's a bunch of sparc and s390 specific code which still requires some attention. Also it depends on a bug fix commit from #8541.

@mattcaswell mattcaswell added the branch: master Applies to master branch label Apr 8, 2019
richsalz
richsalz reviewed Apr 8, 2019
View reviewed changes
levitte
levitte reviewed Apr 8, 2019
View reviewed changes
Copy link
Member

@levitte levitte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

First quick read

levitte
levitte reviewed Apr 9, 2019
View reviewed changes
levitte
levitte reviewed Apr 9, 2019
View reviewed changes
@mattcaswell
Copy link
Member Author

mattcaswell commented Apr 10, 2019

Rebased and updated commits pushed. All comments above are either fixed or responded to.

@mattcaswell mattcaswell mentioned this pull request Apr 11, 2019
Closed
@mattcaswell
Copy link
Member Author

mattcaswell commented Apr 12, 2019

I've rebased this to address merge conflicts with master and have also made a couple of tweaks to address travis failures.

@mattcaswell
Copy link
Member Author

mattcaswell commented Apr 12, 2019

Hmmm, travis doesn't like this code:

int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
{
    if (pad)
        ctx->flags &= ~EVP_CIPH_NO_PADDING;
    else
        ctx->flags |= EVP_CIPH_NO_PADDING;

    if (ctx->cipher != NULL && ctx->cipher->prov != NULL) {
        const OSSL_PARAM params[] = {
            OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, &pad),
            OSSL_PARAM_END
        };

Complains with:

crypto/evp/evp_enc.c: In function 'EVP_CIPHER_CTX_set_padding':
crypto/evp/evp_enc.c:904:35: error: initializer element is not computable at load time [-Werror=pedantic]
             OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, &pad),
                                   ^

Isn't that how I'm supposed to use OSSL_PARAM_int? If we can't do that then the usefulness of those macros is significantly reduced.

@mattcaswell
Copy link
Member Author

mattcaswell commented Apr 12, 2019

Work arounds/fixes for a couple more travis issues pushed.

@paulidale
Copy link
Contributor

paulidale commented Apr 13, 2019

Unless the params array is static as are all the variables referenced, at least one of the CI compilers will complain. Try this instead:

OSSL_PARAM params[2];

params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_PADDING, &pad, NULL);
params[1] = OSSL_PARAM_construct_end();

Unfortunately, the static const OSSL_PARAM array construction is likely to be lightly used because it isn’t thread safe.

levitte
levitte reviewed Apr 14, 2019
View reviewed changes
levitte
levitte reviewed Apr 14, 2019
View reviewed changes
levitte
levitte reviewed Apr 14, 2019
View reviewed changes
levitte
levitte requested changes Apr 15, 2019
View reviewed changes
@mattcaswell
Copy link
Member Author

mattcaswell commented Apr 19, 2019

Pushed. Thanks!

levitte pushed a commit that referenced this pull request Apr 19, 2019
@mattcaswell
Make EVP_Encrypt*/EVP_Decrypt* and EVP_Cipher* provider aware
df05f2c 
Reviewed-by: Paul Dale <[email protected]>
(Merged from #8700)
levitte pushed a commit that referenced this pull request Apr 19, 2019
@mattcaswell
Implement support for AES-256-ECB in the default provider
aab26e6 
We also lay the ground work for various of other the basic AES ciphers.

Reviewed-by: Paul Dale <[email protected]>
(Merged from #8700)
levitte pushed a commit that referenced this pull request Apr 19, 2019
@mattcaswell
Add the provider_algs.h internal header file
861b8f8 
Reviewed-by: Paul Dale <[email protected]>
(Merged from #8700)
levitte pushed a commit that referenced this pull request Apr 19, 2019
@mattcaswell
Add support in the default provider for 192/128 bit AES ECB
f4a129b 
Reviewed-by: Paul Dale <[email protected]>
(Merged from #8700)
levitte pushed a commit that referenced this pull request Apr 19, 2019
@mattcaswell
Implement AES CBC ciphers in the default provider
718b133 
Reviewed-by: Paul Dale <[email protected]>
(Merged from #8700)
levitte pushed a commit that referenced this pull request Apr 19, 2019
@mattcaswell
Implement AES OFB ciphers in the default provider
ed98df5 
Reviewed-by: Paul Dale <[email protected]>
(Merged from #8700)
levitte pushed a commit that referenced this pull request Apr 19, 2019
@mattcaswell
Implement AES CFB ciphers in the default provider
75dd6d6 
Reviewed-by: Paul Dale <[email protected]>
(Merged from #8700)
levitte pushed a commit that referenced this pull request Apr 19, 2019
@mattcaswell
Implement AES CTR ciphers in the default provider
819a7ae 
Reviewed-by: Paul Dale <[email protected]>
(Merged from #8700)
levitte pushed a commit that referenced this pull request Apr 19, 2019
@mattcaswell
Add iv length and key length params to the cipher init calls
344cfa3 
Reviewed-by: Paul Dale <[email protected]>
(Merged from #8700)
levitte pushed a commit that referenced this pull request Apr 19, 2019
@mattcaswell
Add a maximum output length to update and final calls
3b94944 
Reviewed-by: Paul Dale <[email protected]>
(Merged from #8700)
levitte pushed a commit that referenced this pull request Apr 19, 2019
@mattcaswell
Make implementation of blocksize, iv_length and key_length mandatory
dcd446f 
Reviewed-by: Paul Dale <[email protected]>
(Merged from #8700)
levitte pushed a commit that referenced this pull request Apr 19, 2019
@mattcaswell
Add forward declarations of the AES dispatch table functions
3a7b15e 
Reviewed-by: Paul Dale <[email protected]>
(Merged from #8700)
levitte pushed a commit that referenced this pull request Apr 19, 2019
@mattcaswell
Fix the S390X support for the basic AES ciphers
64adf9a 
Reviewed-by: Paul Dale <[email protected]>
(Merged from #8700)
levitte pushed a commit that referenced this pull request Apr 19, 2019
@mattcaswell
Create provider errors and use them
6caf7f3 
Reviewed-by: Paul Dale <[email protected]>
(Merged from #8700)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@levitte levitte levitte requested changes

@paulidale paulidale paulidale approved these changes

+1 more reviewer

@richsalz richsalz richsalz left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

branch: master Applies to master branch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mattcaswell @paulidale @levitte @richsalz