Cache constants for fetched EVP_cipher

Reviewed-by: N Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: N Paul Dale <paul.dale@oracle.com> Reviewed-by: N Patrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/10461)

Cache constants for fetched EVP_cipher
Reviewed-by: N Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: N Paul Dale <paul.dale@oracle.com> Reviewed-by: N Patrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/10461)
3c957bcd · Shane Lontis · Patrick Steuer · a7bdd043 · 3c957bcd · 3c957bcd
隐藏空白更改
内联并排

Showing with 37 addition and 42 deletion

crypto/evp/evp_enc.c crypto/evp/evp_enc.c +4 -0

crypto/evp/evp_lib.c crypto/evp/evp_lib.c +32 -42

crypto/evp/evp_local.h crypto/evp/evp_local.h +1 -0

未找到文件。
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -1524,6 +1524,10 @@ EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm,
                          evp_cipher_from_dispatch, evp_cipher_up_ref,
                          evp_cipher_free);
+    if (cipher != NULL && !evp_cipher_cache_constants(cipher)) {
+        EVP_CIPHER_free(cipher);
+        cipher = NULL;
+    }
    return cipher;
 }

--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -272,16 +272,38 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
    }
 }
-int EVP_CIPHER_block_size(const EVP_CIPHER *cipher)
+int evp_cipher_cache_constants(EVP_CIPHER *cipher)
 {
    int ok;
-    size_t v = cipher->block_size;
+    size_t ivlen = 0;
-    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+    size_t blksz = 0;
+    size_t keylen = 0;
-    params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, &v);
+    unsigned int mode = 0;
+    unsigned long flags = 0;
+    OSSL_PARAM params[6];
+    params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, &blksz);
+    params[1] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &ivlen);
+    params[2] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &keylen);
+    params[3] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_MODE, &mode);
+    params[4] = OSSL_PARAM_construct_ulong(OSSL_CIPHER_PARAM_FLAGS, &flags);
+    params[5] = OSSL_PARAM_construct_end();
    ok = evp_do_ciph_getparams(cipher, params);
+    if (ok) {
+        /* Provided implementations may have a custom cipher_cipher */
+        if (cipher->prov != NULL && cipher->ccipher != NULL)
+            flags |= EVP_CIPH_FLAG_CUSTOM_CIPHER;
+        cipher->block_size = blksz;
+        cipher->iv_len = ivlen;
+        cipher->key_len = keylen;
+        cipher->flags = flags | mode;
+    }
+    return ok;
+}
-    return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
+int EVP_CIPHER_block_size(const EVP_CIPHER *cipher)
+{
+    return cipher->block_size;
 }
 int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
@@ -340,18 +362,7 @@ int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
 unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
 {
-    int ok;
+    return cipher->flags;
-    unsigned long v = cipher->flags;
-    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
-    params[0] = OSSL_PARAM_construct_ulong(OSSL_CIPHER_PARAM_FLAGS, &v);
-    ok = evp_do_ciph_getparams(cipher, params);
-    /* Provided implementations may have a custom cipher_cipher */
-    if (cipher->prov != NULL && cipher->ccipher != NULL)
-        v |= EVP_CIPH_FLAG_CUSTOM_CIPHER;
-    return ok != 0 ? v : 0;
 }
 void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
@@ -381,14 +392,7 @@ void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data)
 int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
 {
-    int ok;
+    return cipher->iv_len;
-    size_t v = cipher->iv_len;
-    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
-    params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &v);
-    ok = evp_do_ciph_getparams(cipher, params);
-    return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
 }
 int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
@@ -501,14 +505,7 @@ int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num)
 int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
 {
-    int ok;
+    return cipher->key_len;
-    size_t v = cipher->key_len;
-    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
-    params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &v);
-    ok = evp_do_ciph_getparams(cipher, params);
-    return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
 }
 int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
@@ -576,14 +573,7 @@ const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher)
 int EVP_CIPHER_mode(const EVP_CIPHER *cipher)
 {
-    int ok;
+    return EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE;
-    unsigned int v = EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE;
-    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
-    params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_MODE, &v);
-    ok = evp_do_ciph_getparams(cipher, params);
-    return ok != 0 ? (int)v : 0;
 }
 int EVP_MD_is_a(const EVP_MD *md, const char *name)

--- a/crypto/evp/evp_local.h
+++ b/crypto/evp/evp_local.h
@@ -273,3 +273,4 @@ int evp_is_a(OSSL_PROVIDER *prov, int number, const char *name);
 void evp_names_do_all(OSSL_PROVIDER *prov, int number,
                      void (*fn)(const char *name, void *data),
                      void *data);
+int evp_cipher_cache_constants(EVP_CIPHER *cipher);