openssl/providers/implementations
Benjamin Kaduk 8489026850 Support cipher provider "iv state"
Some modes (e.g., CBC and OFB) update the effective IV with each
block-cipher invocation, making the "IV" stored in the (historically)
EVP_CIPHER_CTX or (current) PROV_CIPHER_CTX distinct from the initial
IV passed in at cipher initialization time.  The latter is stored in
the "oiv" (original IV) field, and has historically been accessible
via the EVP_CIPHER_CTX_original_iv() API.  The "effective IV" has
also historically been accessible, via both EVP_CIPHER_CTX_iv()
and EVP_CIPHER_CTX_iv_noconst(), the latter of which allows for
*write* access to the internal cipher state.  This is particularly
problematic given that provider-internal cipher state need not, in
general, even be accessible from the same address space as libcrypto,
so these APIs are not sustainable in the long term.  However, it still
remains necessary to provide access to the contents of the "IV state"
(e.g., when serializing cipher state for in-kernel TLS); a subsequent
reinitialization of a cipher context using the "IV state" as the
input IV will be able to resume processing of data in a compatible
manner.

This problem was introduced in commit
089cb623be, which effectively caused
all IV queries to return the "original IV", removing access to the
current IV state of the cipher.

These functions for accessing the (even the "original") IV had remained
undocumented for quite some time, presumably due to unease about
exposing the internals of the cipher state in such a manner.

Note that this also as a side effect "fixes" some "bugs" where things
had been referring to the 'iv' field that should have been using the
'oiv' field.  It also fixes the EVP_CTRL_GET_IV cipher control,
which was clearly intended to expose the non-original IV, for
use exporting the cipher state into the kernel for kTLS.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
2020-08-11 07:07:37 -07:00
..
asymciphers gettables: provider changes to pass the provider context. 2020-08-07 08:02:14 +10:00
ciphers Support cipher provider "iv state" 2020-08-11 07:07:37 -07:00
digests gettables: provider changes to pass the provider context. 2020-08-07 08:02:14 +10:00
exchange Add dh_kdf support to provider 2020-08-11 20:39:19 +10:00
include/prov Support cipher provider "iv state" 2020-08-11 07:07:37 -07:00
kdfs Implement a EVP_PKEY KDF to KDF provider bridge 2020-08-10 14:51:57 +01:00
keymgmt Add DHX support to keymanager 2020-08-11 20:39:19 +10:00
macs mac: add some consistency to setting the XXX_final output length. 2020-08-07 08:07:07 +10:00
rands rand: fix typo in parameter name 2020-08-08 23:50:41 +02:00
serializers Add DHX serialization 2020-08-11 20:39:19 +10:00
signature RSA: Be less strict on PSS parameters when exporting to provider 2020-08-07 09:59:18 +10:00
build.info rand: set up EVP and DRBG infrastructure for RAND from providers. 2020-06-24 20:05:41 +10:00