diff options
author | Jung-uk Kim <jkim@FreeBSD.org> | 2019-02-26 18:06:51 +0000 |
---|---|---|
committer | Jung-uk Kim <jkim@FreeBSD.org> | 2019-02-26 18:06:51 +0000 |
commit | 851f7386fd78b9787f4f6669ad271886a2a003f1 (patch) | |
tree | 952920d27fdcd105b7f77b6e5fef3fedae8f74ea /engines | |
parent | 8c3f9abd70b3f447a4795c1b00b386b044fb322d (diff) | |
download | src-851f7386fd78b9787f4f6669ad271886a2a003f1.tar.gz src-851f7386fd78b9787f4f6669ad271886a2a003f1.zip |
Import OpenSSL 1.1.1b.vendor/openssl/1.1.1b
Notes
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=344595
svn path=/vendor-crypto/openssl/1.1.1b/; revision=344596; tag=vendor/openssl/1.1.1b
Diffstat (limited to 'engines')
-rw-r--r-- | engines/e_dasync.c | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/engines/e_dasync.c b/engines/e_dasync.c index b005f421a660..5cdacb66a043 100644 --- a/engines/e_dasync.c +++ b/engines/e_dasync.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -138,7 +138,6 @@ struct dasync_pipeline_ctx { unsigned char **inbufs; unsigned char **outbufs; size_t *lens; - int enc; unsigned char tlsaad[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN]; unsigned int aadctr; }; @@ -156,6 +155,14 @@ static const EVP_CIPHER *dasync_aes_128_cbc(void) /* * Holds the EVP_CIPHER object for aes_128_cbc_hmac_sha1 in this engine. Set up * once only during engine bind and can then be reused many times. + * + * This 'stitched' cipher depends on the EVP_aes_128_cbc_hmac_sha1() cipher, + * which is implemented only if the AES-NI instruction set extension is available + * (see OPENSSL_IA32CAP(3)). If that's not the case, then this cipher will not + * be available either. + * + * Note: Since it is a legacy mac-then-encrypt cipher, modern TLS peers (which + * negotiate the encrypt-then-mac extension) won't negotiate it anyway. */ static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL; static const EVP_CIPHER *dasync_aes_128_cbc_hmac_sha1(void) @@ -603,7 +610,7 @@ static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg, len = p[arg - 2] << 8 | p[arg - 1]; - if (pipe_ctx->enc) { + if (EVP_CIPHER_CTX_encrypting(ctx)) { if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { if (len < AES_BLOCK_SIZE) return 0; @@ -752,6 +759,10 @@ static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *iv, int enc) { + /* + * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL, + * see comment before the definition of dasync_aes_128_cbc_hmac_sha1(). + */ return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_128_cbc_hmac_sha1()); } @@ -766,5 +777,9 @@ static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx) { + /* + * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL, + * see comment before the definition of dasync_aes_128_cbc_hmac_sha1(). + */ return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc_hmac_sha1()); } |