From 979586fb64ff6e9c0dcda8a6fe6fa134fe7e4494 Mon Sep 17 00:00:00 2001 From: tb Date: Fri, 24 Dec 2021 12:02:15 +0000 Subject: [PATCH] Prepare to provide EVP_CIPHER_CTX_buf_noconst() This is just a dumb 'return ctx->buf' whose name was chosen to be consistent with EVP_CIPHER_CTX_iv{,_noconst}() though there is no EVP_CIPHER_CTX_buf() ok jsing The backstory is this: This wonderful API will be needed by MariaDB once EVP is opaque. To be able to use its own handrolled AES CTR variant, it needs to reach inside the cipher ctx's buffer and mess with it: uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx); /* Not much we can do, block ciphers cannot encrypt data that aren't a multiple of the block length. At least not without padding. Let's do something CTR-like for the last partial block. NOTE this assumes that there are only buf_len bytes in the buf. If OpenSSL will change that, we'll need to change the implementation of this class too. */ Being the dumb return ctx->buf that it is, the EVP_CIPHER_CTX_buf_noconst() API obviously doesn't provide a means of doing any length checks. If it is any consolation, it was committed with the vague hope of being a temporary measure as OpenSSL commit 83b06347 suggests: Note that the accessors / writers for iv, buf and num may go away, as those rather belong in the implementation's own structure (cipher_data) when the implementation would affect them [...] As is true for many temporary kludges and dumb accessors, these are here to stay a with us for a while. While I'm at it, MariaDB has other phantastic things it did to ease its pain with the OpenSSL 1.1 API transition. To avoid one of two allocations (we're talking about ~50 and ~170 bytes) per EVP_{MD,CIPHER}_CTX instantiation, it defines EVP_{MD,CIPHER}_CTX_SIZE and uses arrays of these sizes that it aligns, casts and passes as ctx to the EVP API. Of course, they need to safeguard themselves against the inevitable buffer overruns that this might cause since the type is opaque and could (and actually did) change its size between two OpenSSL releases. There is a runtime check in mysys_ssl/openssl.c that uses CRYPTO_set_mem_functions() to replace malloc() with "coc_malloc()" to determine the sizes that OpenSSL would allocate internally when doing EVP_{MD,CIPHER}_CTX_new() and match them to MariaDB's ideas of the ctx sizes. Go look, I'm not making this stuff up. --- lib/libcrypto/evp/evp.h | 5 ++++- lib/libcrypto/evp/evp_lib.c | 8 +++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/libcrypto/evp/evp.h b/lib/libcrypto/evp/evp.h index 89ebac415da..2e6053c9bc8 100644 --- a/lib/libcrypto/evp/evp.h +++ b/lib/libcrypto/evp/evp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp.h,v 1.88 2021/12/12 21:35:46 tb Exp $ */ +/* $OpenBSD: evp.h,v 1.89 2021/12/24 12:02:15 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -522,6 +522,9 @@ int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); +#if defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_CRYPTO_INTERNAL) +unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx); +#endif #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); #define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) diff --git a/lib/libcrypto/evp/evp_lib.c b/lib/libcrypto/evp/evp_lib.c index f2ff7bdec5b..d74a53997e7 100644 --- a/lib/libcrypto/evp/evp_lib.c +++ b/lib/libcrypto/evp/evp_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_lib.c,v 1.19 2021/12/12 21:30:13 tb Exp $ */ +/* $OpenBSD: evp_lib.c,v 1.20 2021/12/24 12:02:15 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -251,6 +251,12 @@ EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) return ctx->cipher->iv_len; } +unsigned char * +EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx) +{ + return ctx->buf; +} + int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) { -- 2.20.1