The branch master has been updated via 776cb8358ebaea254d0537cf57cbafe65ac6f5cf (commit) via 6ef81d388d78ad417f6fc5d02ef61b54995c5335 (commit) via c96399e296d9c280115d2ed9c129399c61b8edfc (commit) from bbecf04e7861b6ab9ca1bd5ee5100bd49a347b4a (commit)
- Log ----------------------------------------------------------------- commit 776cb8358ebaea254d0537cf57cbafe65ac6f5cf Author: Richard Levitte <levi...@openssl.org> Date: Wed Sep 25 09:15:42 2019 +0200 Make EVP_CIPHER_is_a() work with legacy cipher implementations too Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10008) commit 6ef81d388d78ad417f6fc5d02ef61b54995c5335 Author: Richard Levitte <levi...@openssl.org> Date: Wed Sep 25 09:07:20 2019 +0200 Remove EVP_CIPH_FLAG_DEFAULT_ASN1 from all provided implementations Since that flag has lost its relevance, don't use it any more. Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10008) commit c96399e296d9c280115d2ed9c129399c61b8edfc Author: Richard Levitte <levi...@openssl.org> Date: Wed Sep 25 08:56:14 2019 +0200 Adapt EVP_CIPHER_{param_to_asn1,asn1_to_param} for use with provider. So far, these two funtions have depended on legacy EVP_CIPHER implementations to be able to do their work. This change adapts them to work with provided implementations as well, in one of two possible ways: 1. If the implementation's set_asn1_parameters or get_asn1_parameters function pointers are non-NULL, this is a legacy implementation, and that function is called. 2. Otherwise, if the cipher doesn't have EVP_CIPH_FLAG_CUSTOM_ASN1 set, the default AlgorithmIdentifier parameter code in libcrypto is executed. 3. Otherwise, if the cipher is a provided implementation, the ASN1 type structure is converted to a DER blob which is then passed to the implementation as a parameter (param_to_asn1) or the DER blob is retrieved from the implementation as a parameter and converted locally to a ASN1_TYPE (asn1_to_param). With this, the old flag EVP_CIPH_FLAG_DEFAULT_ASN1 has become irrelevant and is simply ignored. Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10008) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_lib.c | 135 +++++++++++++++------ doc/man7/provider-cipher.pod | 7 ++ include/openssl/core_names.h | 2 + include/openssl/evp.h | 7 +- providers/common/ciphers/cipher_aes_wrp.c | 2 +- providers/common/ciphers/cipher_aes_xts.c | 5 +- .../common/include/internal/ciphers/cipher_aead.h | 10 +- .../common/include/internal/ciphers/cipher_tdes.h | 2 +- providers/default/ciphers/cipher_blowfish.c | 10 +- providers/default/ciphers/cipher_cast5.c | 10 +- providers/default/ciphers/cipher_seed.c | 11 +- providers/default/ciphers/cipher_sm4.c | 13 +- providers/default/ciphers/cipher_tdes_wrap.c | 6 +- 13 files changed, 147 insertions(+), 73 deletions(-) diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 6a3ad8553b..3abea33d19 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -21,29 +21,31 @@ #if !defined(FIPS_MODE) int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { - int ret; + int ret = -1; /* Assume the worst */ const EVP_CIPHER *cipher = c->cipher; - if (cipher->prov != NULL) { - /* - * The cipher has come from a provider and won't have the default flags. - * Find the implicit form so we can check the flags. - * TODO(3.0): This won't work for 3rd party ciphers we know nothing about - * We'll need to think of something else for those. - */ - cipher = EVP_get_cipherbynid(cipher->nid); - if (cipher == NULL) { - EVPerr(EVP_F_EVP_CIPHER_PARAM_TO_ASN1, ASN1_R_UNSUPPORTED_CIPHER); - return -1; - } - } - - if (cipher->set_asn1_parameters != NULL) + /* + * For legacy implementations, we detect custom AlgorithmIdentifier + * parameter handling by checking if the function pointer + * cipher->set_asn1_parameters is set. We know that this pointer + * is NULL for provided implementations. + * + * Otherwise, for any implementation, we check the flag + * EVP_CIPH_FLAG_CUSTOM_ASN1. If it isn't set, we apply + * default AI parameter extraction. + * + * Otherwise, for provided implementations, we convert |type| to + * a DER encoded blob and pass to the implementation in OSSL_PARAM + * form. + * + * If none of the above applies, this operation is unsupported. + */ + if (cipher->set_asn1_parameters != NULL) { ret = cipher->set_asn1_parameters(c, type); - else if (cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { + } else if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) { switch (EVP_CIPHER_mode(cipher)) { case EVP_CIPH_WRAP_MODE: - if (EVP_CIPHER_nid(cipher) == NID_id_smime_alg_CMS3DESwrap) + if (EVP_CIPHER_is_a(cipher, SN_id_smime_alg_CMS3DESwrap)) ASN1_TYPE_set(type, V_ASN1_NULL, NULL); ret = 1; break; @@ -58,8 +60,40 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) default: ret = EVP_CIPHER_set_asn1_iv(c, type); } - } else - ret = -1; + } else if (cipher->prov != NULL) { + OSSL_PARAM params[3], *p = params; + unsigned char *der = NULL, *derp; + + /* + * We make two passes, the first to get the appropriate buffer size, + * and the second to get the actual value. + */ + *p++ = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_ALG_ID, + NULL, 0); + *p = OSSL_PARAM_construct_end(); + + if (!EVP_CIPHER_CTX_get_params(c, params)) + goto err; + + /* ... but, we should get a return size too! */ + if (params[0].return_size != 0 + && (der = OPENSSL_malloc(params[0].return_size)) != NULL) { + params[0].data = der; + params[0].data_size = params[0].return_size; + params[0].return_size = 0; + derp = der; + if (EVP_CIPHER_CTX_get_params(c, params) + && d2i_ASN1_TYPE(&type, (const unsigned char **)&derp, + params[0].return_size) != NULL) { + ret = 1; + } + OPENSSL_free(der); + } + } else { + ret = -2; + } + + err: if (ret == -2) EVPerr(EVP_F_EVP_CIPHER_PARAM_TO_ASN1, ASN1_R_UNSUPPORTED_CIPHER); else if (ret <= 0) @@ -71,24 +105,29 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { - int ret; + int ret = -1; /* Assume the worst */ const EVP_CIPHER *cipher = c->cipher; - if (cipher->prov != NULL) { - /* - * The cipher has come from a provider and won't have the default flags. - * Find the implicit form so we can check the flags. - */ - cipher = EVP_get_cipherbynid(cipher->nid); - if (cipher == NULL) - return -1; - } - - if (cipher->get_asn1_parameters != NULL) + /* + * For legacy implementations, we detect custom AlgorithmIdentifier + * parameter handling by checking if there the function pointer + * cipher->get_asn1_parameters is set. We know that this pointer + * is NULL for provided implementations. + * + * Otherwise, for any implementation, we check the flag + * EVP_CIPH_FLAG_CUSTOM_ASN1. If it isn't set, we apply + * default AI parameter creation. + * + * Otherwise, for provided implementations, we get the AI parameter + * in DER encoded form from the implementation by requesting the + * appropriate OSSL_PARAM and converting the result to a ASN1_TYPE. + * + * If none of the above applies, this operation is unsupported. + */ + if (cipher->get_asn1_parameters != NULL) { ret = cipher->get_asn1_parameters(c, type); - else if (cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { + } else if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) { switch (EVP_CIPHER_mode(cipher)) { - case EVP_CIPH_WRAP_MODE: ret = 1; break; @@ -102,10 +141,25 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) default: ret = EVP_CIPHER_get_asn1_iv(c, type); - break; } - } else - ret = -1; + } else if (cipher->prov != NULL) { + OSSL_PARAM params[3], *p = params; + unsigned char *der = NULL; + int derl = -1; + + if ((derl = i2d_ASN1_TYPE(type, &der)) >= 0) { + *p++ = + OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_ALG_ID, + der, (size_t)derl); + *p = OSSL_PARAM_construct_end(); + if (EVP_CIPHER_CTX_set_params(c, params)) + ret = 1; + OPENSSL_free(der); + } + } else { + ret = -2; + } + if (ret == -2) EVPerr(EVP_F_EVP_CIPHER_ASN1_TO_PARAM, EVP_R_UNSUPPORTED_CIPHER); else if (ret <= 0) @@ -450,6 +504,13 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name) { +#ifndef FIPS_MODE + if (cipher->prov == NULL) { + int nid = EVP_CIPHER_nid(cipher); + + return nid == OBJ_sn2nid(name) || nid == OBJ_ln2nid(name); + } +#endif return evp_is_a(cipher->prov, cipher->name_id, name); } diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod index c8377d6835..d5766f47a5 100644 --- a/doc/man7/provider-cipher.pod +++ b/doc/man7/provider-cipher.pod @@ -321,6 +321,13 @@ Gets a implementation specific randomly generated key for the associated cipher ctx. This is currently only supported by 3DES (which sets the key to odd parity). +=item "alg_id_param" (B<OSSL_CIPHER_PARAM_ALG_ID>) (octet string) + +Used to pass the DER encoded AlgorithmIdentifier parameter to or from +the cipher implementation. Functions like L<EVP_CIPHER_param_to_asn1(3)> +and L<EVP_CIPHER_asn1_to_param(3)> use this parameter for any implementation +that has the flag B<EVP_CIPH_FLAG_CUSTOM_ASN1> set. + =back =head1 RETURN VALUES diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 6656a7fb43..4659d1f08d 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -66,6 +66,8 @@ extern "C" { #define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN #define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen" /* size_t */ #define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey" /* octet_string */ +/* For passing the AlgorithmIdentifier parameter in DER form */ +#define OSSL_CIPHER_PARAM_ALG_ID "alg_id_param" /* octet_string */ /* digest parameters */ #define OSSL_DIGEST_PARAM_XOFLEN "xoflen" /* size_t */ diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 407162f3f0..fd9855d380 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -275,8 +275,9 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, # define EVP_CIPH_CUSTOM_COPY 0x400 /* Don't use standard iv length function */ # define EVP_CIPH_CUSTOM_IV_LENGTH 0x800 -/* Allow use default ASN1 get/set iv */ -# define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 +/* Legacy and no longer relevant: Allow use default ASN1 get/set iv */ +# define EVP_CIPH_FLAG_DEFAULT_ASN1 0 +/* Free: 0x1000 */ /* Buffer length in bits not bytes: CFB1 mode only */ # define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 /* Note if suitable for use in FIPS mode */ @@ -291,6 +292,8 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, # define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 /* Cipher can handle pipeline operations */ # define EVP_CIPH_FLAG_PIPELINE 0X800000 +/* For provider implementations that handle ASN1 get/set param themselves */ +# define EVP_CIPH_FLAG_CUSTOM_ASN1 0x1000000 /* * Cipher context flag to indicate we can handle wrap mode: if allowed in diff --git a/providers/common/ciphers/cipher_aes_wrp.c b/providers/common/ciphers/cipher_aes_wrp.c index ae05aed540..70f387f515 100644 --- a/providers/common/ciphers/cipher_aes_wrp.c +++ b/providers/common/ciphers/cipher_aes_wrp.c @@ -18,7 +18,7 @@ /* TODO(3.0) Figure out what flags need to be passed */ #define WRAP_FLAGS (EVP_CIPH_WRAP_MODE \ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) + | EVP_CIPH_ALWAYS_CALL_INIT) typedef size_t (*aeswrap_fn)(void *key, const unsigned char *iv, unsigned char *out, const unsigned char *in, diff --git a/providers/common/ciphers/cipher_aes_xts.c b/providers/common/ciphers/cipher_aes_xts.c index 0d642368b3..f114793ba8 100644 --- a/providers/common/ciphers/cipher_aes_xts.c +++ b/providers/common/ciphers/cipher_aes_xts.c @@ -12,8 +12,9 @@ #include "internal/providercommonerr.h" /* TODO (3.0) Figure out what flags need to be set */ -#define AES_XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \ - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ +#define AES_XTS_FLAGS (EVP_CIPH_CUSTOM_IV \ + | EVP_CIPH_ALWAYS_CALL_INIT \ + | EVP_CIPH_CTRL_INIT \ | EVP_CIPH_CUSTOM_COPY) #define AES_XTS_IV_BITS 128 diff --git a/providers/common/include/internal/ciphers/cipher_aead.h b/providers/common/include/internal/ciphers/cipher_aead.h index 1ddba1c325..0b7d595b7d 100644 --- a/providers/common/include/internal/ciphers/cipher_aead.h +++ b/providers/common/include/internal/ciphers/cipher_aead.h @@ -10,10 +10,12 @@ #define UNINITIALISED_SIZET ((size_t)-1) /* TODO(3.0) Figure out what flags are really needed */ -#define AEAD_FLAGS (EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \ - | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ - | EVP_CIPH_CUSTOM_COPY) +#define AEAD_FLAGS (EVP_CIPH_FLAG_AEAD_CIPHER \ + | EVP_CIPH_CUSTOM_IV \ + | EVP_CIPH_FLAG_CUSTOM_CIPHER \ + | EVP_CIPH_ALWAYS_CALL_INIT \ + | EVP_CIPH_CTRL_INIT \ + | EVP_CIPH_CUSTOM_COPY) #define IMPLEMENT_aead_cipher(alg, lc, UCMODE, flags, kbits, blkbits, ivbits) \ static OSSL_OP_cipher_get_params_fn alg##_##kbits##_##lc##_get_params; \ diff --git a/providers/common/include/internal/ciphers/cipher_tdes.h b/providers/common/include/internal/ciphers/cipher_tdes.h index 120201d1ad..7bb879fb4f 100644 --- a/providers/common/include/internal/ciphers/cipher_tdes.h +++ b/providers/common/include/internal/ciphers/cipher_tdes.h @@ -14,7 +14,7 @@ #define TDES_IVLEN 8 /* TODO(3.0) Figure out what flags need to be here */ -#define TDES_FLAGS (EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1) +#define TDES_FLAGS (EVP_CIPH_RAND_KEY) typedef struct prov_tdes_ctx_st { PROV_CIPHER_CTX base; /* Must be first */ diff --git a/providers/default/ciphers/cipher_blowfish.c b/providers/default/ciphers/cipher_blowfish.c index 9e2920df96..4730f1fd40 100644 --- a/providers/default/ciphers/cipher_blowfish.c +++ b/providers/default/ciphers/cipher_blowfish.c @@ -12,6 +12,8 @@ #include "cipher_blowfish.h" #include "internal/provider_algs.h" +#define BF_FLAGS (EVP_CIPH_VARIABLE_LENGTH) + static OSSL_OP_cipher_freectx_fn blowfish_freectx; static OSSL_OP_cipher_dupctx_fn blowfish_dupctx; @@ -37,10 +39,10 @@ static void *blowfish_dupctx(void *ctx) } /* bf_ecb_functions */ -IMPLEMENT_generic_cipher(blowfish, BLOWFISH, ecb, ECB, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 0, block) +IMPLEMENT_generic_cipher(blowfish, BLOWFISH, ecb, ECB, BF_FLAGS, 128, 64, 0, block) /* bf_cbc_functions */ -IMPLEMENT_generic_cipher(blowfish, BLOWFISH, cbc, CBC, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 64, block) +IMPLEMENT_generic_cipher(blowfish, BLOWFISH, cbc, CBC, BF_FLAGS, 128, 64, 64, block) /* bf_ofb_functions */ -IMPLEMENT_generic_cipher(blowfish, BLOWFISH, ofb64, OFB, EVP_CIPH_VARIABLE_LENGTH, 64, 8, 64, stream) +IMPLEMENT_generic_cipher(blowfish, BLOWFISH, ofb64, OFB, BF_FLAGS, 64, 8, 64, stream) /* bf_cfb_functions */ -IMPLEMENT_generic_cipher(blowfish, BLOWFISH, cfb64, CFB, EVP_CIPH_VARIABLE_LENGTH, 64, 8, 64, stream) +IMPLEMENT_generic_cipher(blowfish, BLOWFISH, cfb64, CFB, BF_FLAGS, 64, 8, 64, stream) diff --git a/providers/default/ciphers/cipher_cast5.c b/providers/default/ciphers/cipher_cast5.c index 13d48ea091..eb79aad820 100644 --- a/providers/default/ciphers/cipher_cast5.c +++ b/providers/default/ciphers/cipher_cast5.c @@ -12,6 +12,8 @@ #include "cipher_cast.h" #include "internal/provider_algs.h" +#define CAST5_FLAGS (EVP_CIPH_VARIABLE_LENGTH) + static OSSL_OP_cipher_freectx_fn cast5_freectx; static OSSL_OP_cipher_dupctx_fn cast5_dupctx; @@ -37,10 +39,10 @@ static void *cast5_dupctx(void *ctx) } /* cast5128ecb_functions */ -IMPLEMENT_generic_cipher(cast5, CAST, ecb, ECB, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 0, block) +IMPLEMENT_generic_cipher(cast5, CAST, ecb, ECB, CAST5_FLAGS, 128, 64, 0, block) /* cast5128cbc_functions */ -IMPLEMENT_generic_cipher(cast5, CAST, cbc, CBC, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 64, block) +IMPLEMENT_generic_cipher(cast5, CAST, cbc, CBC, CAST5_FLAGS, 128, 64, 64, block) /* cast564ofb64_functions */ -IMPLEMENT_generic_cipher(cast5, CAST, ofb64, OFB, EVP_CIPH_VARIABLE_LENGTH, 64, 8, 64, stream) +IMPLEMENT_generic_cipher(cast5, CAST, ofb64, OFB, CAST5_FLAGS, 64, 8, 64, stream) /* cast564cfb64_functions */ -IMPLEMENT_generic_cipher(cast5, CAST, cfb64, CFB, EVP_CIPH_VARIABLE_LENGTH, 64, 8, 64, stream) +IMPLEMENT_generic_cipher(cast5, CAST, cfb64, CFB, CAST5_FLAGS, 64, 8, 64, stream) diff --git a/providers/default/ciphers/cipher_seed.c b/providers/default/ciphers/cipher_seed.c index 5dfa648c96..397671dd06 100644 --- a/providers/default/ciphers/cipher_seed.c +++ b/providers/default/ciphers/cipher_seed.c @@ -12,9 +12,6 @@ #include "cipher_seed.h" #include "internal/provider_algs.h" -/* TODO (3.0) Figure out what flags are required */ -#define SEED_FLAGS EVP_CIPH_FLAG_DEFAULT_ASN1 - static OSSL_OP_cipher_freectx_fn seed_freectx; static OSSL_OP_cipher_dupctx_fn seed_dupctx; @@ -40,10 +37,10 @@ static void *seed_dupctx(void *ctx) } /* seed128ecb_functions */ -IMPLEMENT_generic_cipher(seed, SEED, ecb, ECB, SEED_FLAGS, 128, 128, 0, block) +IMPLEMENT_generic_cipher(seed, SEED, ecb, ECB, 0, 128, 128, 0, block) /* seed128cbc_functions */ -IMPLEMENT_generic_cipher(seed, SEED, cbc, CBC, SEED_FLAGS, 128, 128, 128, block) +IMPLEMENT_generic_cipher(seed, SEED, cbc, CBC, 0, 128, 128, 128, block) /* seed128ofb128_functions */ -IMPLEMENT_generic_cipher(seed, SEED, ofb128, OFB, SEED_FLAGS, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(seed, SEED, ofb128, OFB, 0, 128, 8, 128, stream) /* seed128cfb128_functions */ -IMPLEMENT_generic_cipher(seed, SEED, cfb128, CFB, SEED_FLAGS, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(seed, SEED, cfb128, CFB, 0, 128, 8, 128, stream) diff --git a/providers/default/ciphers/cipher_sm4.c b/providers/default/ciphers/cipher_sm4.c index 8b7c3761ca..2c1e587863 100644 --- a/providers/default/ciphers/cipher_sm4.c +++ b/providers/default/ciphers/cipher_sm4.c @@ -12,9 +12,6 @@ #include "cipher_sm4.h" #include "internal/provider_algs.h" -/* TODO (3.0) Figure out what flags to pass */ -#define SM4_FLAGS EVP_CIPH_FLAG_DEFAULT_ASN1 - static OSSL_OP_cipher_freectx_fn sm4_freectx; static OSSL_OP_cipher_dupctx_fn sm4_dupctx; @@ -40,12 +37,12 @@ static void *sm4_dupctx(void *ctx) } /* sm4128ecb_functions */ -IMPLEMENT_generic_cipher(sm4, SM4, ecb, ECB, SM4_FLAGS, 128, 128, 0, block) +IMPLEMENT_generic_cipher(sm4, SM4, ecb, ECB, 0, 128, 128, 0, block) /* sm4128cbc_functions */ -IMPLEMENT_generic_cipher(sm4, SM4, cbc, CBC, SM4_FLAGS, 128, 128, 128, block) +IMPLEMENT_generic_cipher(sm4, SM4, cbc, CBC, 0, 128, 128, 128, block) /* sm4128ctr_functions */ -IMPLEMENT_generic_cipher(sm4, SM4, ctr, CTR, SM4_FLAGS, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(sm4, SM4, ctr, CTR, 0, 128, 8, 128, stream) /* sm4128ofb128_functions */ -IMPLEMENT_generic_cipher(sm4, SM4, ofb128, OFB, SM4_FLAGS, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(sm4, SM4, ofb128, OFB, 0, 128, 8, 128, stream) /* sm4128cfb128_functions */ -IMPLEMENT_generic_cipher(sm4, SM4, cfb128, CFB, SM4_FLAGS, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(sm4, SM4, cfb128, CFB, 0, 128, 8, 128, stream) diff --git a/providers/default/ciphers/cipher_tdes_wrap.c b/providers/default/ciphers/cipher_tdes_wrap.c index b48b3c9733..1ee0044489 100644 --- a/providers/default/ciphers/cipher_tdes_wrap.c +++ b/providers/default/ciphers/cipher_tdes_wrap.c @@ -15,9 +15,9 @@ #include "internal/providercommonerr.h" /* TODO (3.0) Figure out what flags are requred */ -#define TDES_WRAP_FLAGS (EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV \ - | EVP_CIPH_FLAG_CUSTOM_CIPHER \ - | EVP_CIPH_FLAG_DEFAULT_ASN1) +#define TDES_WRAP_FLAGS (EVP_CIPH_WRAP_MODE \ + | EVP_CIPH_CUSTOM_IV \ + | EVP_CIPH_FLAG_CUSTOM_CIPHER) static OSSL_OP_cipher_update_fn tdes_wrap_update;