diff options
| author | djm <> | 2008-09-06 12:17:54 +0000 |
|---|---|---|
| committer | djm <> | 2008-09-06 12:17:54 +0000 |
| commit | 38ce604e3cc97706b876b0525ddff0121115456d (patch) | |
| tree | 7ccc28afe1789ea3dbedf72365f955d5b8e105b5 /src/lib/libcrypto/evp/evp_enc.c | |
| parent | 12867252827c8efaa8ddd1fa3b3d6e321e2bcdef (diff) | |
| download | openbsd-38ce604e3cc97706b876b0525ddff0121115456d.tar.gz openbsd-38ce604e3cc97706b876b0525ddff0121115456d.tar.bz2 openbsd-38ce604e3cc97706b876b0525ddff0121115456d.zip | |
resolve conflicts
Diffstat (limited to 'src/lib/libcrypto/evp/evp_enc.c')
| -rw-r--r-- | src/lib/libcrypto/evp/evp_enc.c | 127 |
1 files changed, 49 insertions, 78 deletions
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index f549eeb437..a1904993bf 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c | |||
| @@ -60,12 +60,13 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/evp.h> | 61 | #include <openssl/evp.h> |
| 62 | #include <openssl/err.h> | 62 | #include <openssl/err.h> |
| 63 | #include <openssl/rand.h> | ||
| 63 | #ifndef OPENSSL_NO_ENGINE | 64 | #ifndef OPENSSL_NO_ENGINE |
| 64 | #include <openssl/engine.h> | 65 | #include <openssl/engine.h> |
| 65 | #endif | 66 | #endif |
| 66 | #include "evp_locl.h" | 67 | #include "evp_locl.h" |
| 67 | 68 | ||
| 68 | const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT; | 69 | const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; |
| 69 | 70 | ||
| 70 | void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) | 71 | void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) |
| 71 | { | 72 | { |
| @@ -73,6 +74,13 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) | |||
| 73 | /* ctx->cipher=NULL; */ | 74 | /* ctx->cipher=NULL; */ |
| 74 | } | 75 | } |
| 75 | 76 | ||
| 77 | EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) | ||
| 78 | { | ||
| 79 | EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx); | ||
| 80 | if (ctx) | ||
| 81 | EVP_CIPHER_CTX_init(ctx); | ||
| 82 | return ctx; | ||
| 83 | } | ||
| 76 | 84 | ||
| 77 | int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, | 85 | int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, |
| 78 | const unsigned char *key, const unsigned char *iv, int enc) | 86 | const unsigned char *key, const unsigned char *iv, int enc) |
| @@ -82,48 +90,6 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, | |||
| 82 | return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); | 90 | return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); |
| 83 | } | 91 | } |
| 84 | 92 | ||
| 85 | #ifdef OPENSSL_FIPS | ||
| 86 | |||
| 87 | /* The purpose of these is to trap programs that attempt to use non FIPS | ||
| 88 | * algorithms in FIPS mode and ignore the errors. | ||
| 89 | */ | ||
| 90 | |||
| 91 | int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, | ||
| 92 | const unsigned char *iv, int enc) | ||
| 93 | { FIPS_ERROR_IGNORED("Cipher init"); return 0;} | ||
| 94 | |||
| 95 | int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
| 96 | const unsigned char *in, unsigned int inl) | ||
| 97 | { FIPS_ERROR_IGNORED("Cipher update"); return 0;} | ||
| 98 | |||
| 99 | /* NB: no cleanup because it is allowed after failed init */ | ||
| 100 | |||
| 101 | int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) | ||
| 102 | { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;} | ||
| 103 | int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) | ||
| 104 | { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;} | ||
| 105 | int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) | ||
| 106 | { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;} | ||
| 107 | |||
| 108 | static const EVP_CIPHER bad_cipher = | ||
| 109 | { | ||
| 110 | 0, | ||
| 111 | 0, | ||
| 112 | 0, | ||
| 113 | 0, | ||
| 114 | 0, | ||
| 115 | bad_init, | ||
| 116 | bad_do_cipher, | ||
| 117 | NULL, | ||
| 118 | 0, | ||
| 119 | bad_set_asn1, | ||
| 120 | bad_get_asn1, | ||
| 121 | bad_ctrl, | ||
| 122 | NULL | ||
| 123 | }; | ||
| 124 | |||
| 125 | #endif | ||
| 126 | |||
| 127 | int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, | 93 | int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, |
| 128 | const unsigned char *key, const unsigned char *iv, int enc) | 94 | const unsigned char *key, const unsigned char *iv, int enc) |
| 129 | { | 95 | { |
| @@ -158,7 +124,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp | |||
| 158 | { | 124 | { |
| 159 | if (!ENGINE_init(impl)) | 125 | if (!ENGINE_init(impl)) |
| 160 | { | 126 | { |
| 161 | EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); | 127 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); |
| 162 | return 0; | 128 | return 0; |
| 163 | } | 129 | } |
| 164 | } | 130 | } |
| @@ -175,7 +141,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp | |||
| 175 | * control history, is that we should at least | 141 | * control history, is that we should at least |
| 176 | * be able to avoid using US mispellings of | 142 | * be able to avoid using US mispellings of |
| 177 | * "initialisation"? */ | 143 | * "initialisation"? */ |
| 178 | EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); | 144 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); |
| 179 | return 0; | 145 | return 0; |
| 180 | } | 146 | } |
| 181 | /* We'll use the ENGINE's private cipher definition */ | 147 | /* We'll use the ENGINE's private cipher definition */ |
| @@ -188,13 +154,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp | |||
| 188 | else | 154 | else |
| 189 | ctx->engine = NULL; | 155 | ctx->engine = NULL; |
| 190 | #endif | 156 | #endif |
| 157 | |||
| 191 | ctx->cipher=cipher; | 158 | ctx->cipher=cipher; |
| 192 | if (ctx->cipher->ctx_size) | 159 | if (ctx->cipher->ctx_size) |
| 193 | { | 160 | { |
| 194 | ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); | 161 | ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); |
| 195 | if (!ctx->cipher_data) | 162 | if (!ctx->cipher_data) |
| 196 | { | 163 | { |
| 197 | EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE); | 164 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); |
| 198 | return 0; | 165 | return 0; |
| 199 | } | 166 | } |
| 200 | } | 167 | } |
| @@ -208,14 +175,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp | |||
| 208 | { | 175 | { |
| 209 | if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) | 176 | if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) |
| 210 | { | 177 | { |
| 211 | EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); | 178 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); |
| 212 | return 0; | 179 | return 0; |
| 213 | } | 180 | } |
| 214 | } | 181 | } |
| 215 | } | 182 | } |
| 216 | else if(!ctx->cipher) | 183 | else if(!ctx->cipher) |
| 217 | { | 184 | { |
| 218 | EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET); | 185 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET); |
| 219 | return 0; | 186 | return 0; |
| 220 | } | 187 | } |
| 221 | #ifndef OPENSSL_NO_ENGINE | 188 | #ifndef OPENSSL_NO_ENGINE |
| @@ -240,7 +207,8 @@ skip_to_init: | |||
| 240 | 207 | ||
| 241 | case EVP_CIPH_CBC_MODE: | 208 | case EVP_CIPH_CBC_MODE: |
| 242 | 209 | ||
| 243 | OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv); | 210 | OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= |
| 211 | (int)sizeof(ctx->iv)); | ||
| 244 | if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); | 212 | if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); |
| 245 | memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); | 213 | memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); |
| 246 | break; | 214 | break; |
| @@ -251,24 +219,6 @@ skip_to_init: | |||
| 251 | } | 219 | } |
| 252 | } | 220 | } |
| 253 | 221 | ||
| 254 | #ifdef OPENSSL_FIPS | ||
| 255 | /* After 'key' is set no further parameters changes are permissible. | ||
| 256 | * So only check for non FIPS enabling at this point. | ||
| 257 | */ | ||
| 258 | if (key && FIPS_mode()) | ||
| 259 | { | ||
| 260 | if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS) | ||
| 261 | & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) | ||
| 262 | { | ||
| 263 | EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS); | ||
| 264 | ERR_add_error_data(2, "cipher=", | ||
| 265 | EVP_CIPHER_name(ctx->cipher)); | ||
| 266 | ctx->cipher = &bad_cipher; | ||
| 267 | return 0; | ||
| 268 | } | ||
| 269 | } | ||
| 270 | #endif | ||
| 271 | |||
| 272 | if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { | 222 | if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { |
| 273 | if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; | 223 | if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; |
| 274 | } | 224 | } |
| @@ -345,7 +295,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, | |||
| 345 | } | 295 | } |
| 346 | i=ctx->buf_len; | 296 | i=ctx->buf_len; |
| 347 | bl=ctx->cipher->block_size; | 297 | bl=ctx->cipher->block_size; |
| 348 | OPENSSL_assert(bl <= sizeof ctx->buf); | 298 | OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); |
| 349 | if (i != 0) | 299 | if (i != 0) |
| 350 | { | 300 | { |
| 351 | if (i+inl < bl) | 301 | if (i+inl < bl) |
| @@ -391,7 +341,8 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
| 391 | 341 | ||
| 392 | int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | 342 | int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
| 393 | { | 343 | { |
| 394 | int i,n,b,bl,ret; | 344 | int n,ret; |
| 345 | unsigned int i, b, bl; | ||
| 395 | 346 | ||
| 396 | b=ctx->cipher->block_size; | 347 | b=ctx->cipher->block_size; |
| 397 | OPENSSL_assert(b <= sizeof ctx->buf); | 348 | OPENSSL_assert(b <= sizeof ctx->buf); |
| @@ -405,7 +356,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
| 405 | { | 356 | { |
| 406 | if(bl) | 357 | if(bl) |
| 407 | { | 358 | { |
| 408 | EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); | 359 | EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); |
| 409 | return 0; | 360 | return 0; |
| 410 | } | 361 | } |
| 411 | *outl = 0; | 362 | *outl = 0; |
| @@ -427,7 +378,8 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
| 427 | int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, | 378 | int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, |
| 428 | const unsigned char *in, int inl) | 379 | const unsigned char *in, int inl) |
| 429 | { | 380 | { |
| 430 | int b, fix_len; | 381 | int fix_len; |
| 382 | unsigned int b; | ||
| 431 | 383 | ||
| 432 | if (inl == 0) | 384 | if (inl == 0) |
| 433 | { | 385 | { |
| @@ -480,8 +432,8 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
| 480 | 432 | ||
| 481 | int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | 433 | int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
| 482 | { | 434 | { |
| 483 | int i,b; | 435 | int i,n; |
| 484 | int n; | 436 | unsigned int b; |
| 485 | 437 | ||
| 486 | *outl=0; | 438 | *outl=0; |
| 487 | b=ctx->cipher->block_size; | 439 | b=ctx->cipher->block_size; |
| @@ -489,7 +441,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
| 489 | { | 441 | { |
| 490 | if(ctx->buf_len) | 442 | if(ctx->buf_len) |
| 491 | { | 443 | { |
| 492 | EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); | 444 | EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); |
| 493 | return 0; | 445 | return 0; |
| 494 | } | 446 | } |
| 495 | *outl = 0; | 447 | *outl = 0; |
| @@ -499,21 +451,21 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
| 499 | { | 451 | { |
| 500 | if (ctx->buf_len || !ctx->final_used) | 452 | if (ctx->buf_len || !ctx->final_used) |
| 501 | { | 453 | { |
| 502 | EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH); | 454 | EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH); |
| 503 | return(0); | 455 | return(0); |
| 504 | } | 456 | } |
| 505 | OPENSSL_assert(b <= sizeof ctx->final); | 457 | OPENSSL_assert(b <= sizeof ctx->final); |
| 506 | n=ctx->final[b-1]; | 458 | n=ctx->final[b-1]; |
| 507 | if (n > b) | 459 | if (n == 0 || n > (int)b) |
| 508 | { | 460 | { |
| 509 | EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); | 461 | EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); |
| 510 | return(0); | 462 | return(0); |
| 511 | } | 463 | } |
| 512 | for (i=0; i<n; i++) | 464 | for (i=0; i<n; i++) |
| 513 | { | 465 | { |
| 514 | if (ctx->final[--b] != n) | 466 | if (ctx->final[--b] != n) |
| 515 | { | 467 | { |
| 516 | EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); | 468 | EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); |
| 517 | return(0); | 469 | return(0); |
| 518 | } | 470 | } |
| 519 | } | 471 | } |
| @@ -527,6 +479,15 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
| 527 | return(1); | 479 | return(1); |
| 528 | } | 480 | } |
| 529 | 481 | ||
| 482 | void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) | ||
| 483 | { | ||
| 484 | if (ctx) | ||
| 485 | { | ||
| 486 | EVP_CIPHER_CTX_cleanup(ctx); | ||
| 487 | OPENSSL_free(ctx); | ||
| 488 | } | ||
| 489 | } | ||
| 490 | |||
| 530 | int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) | 491 | int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) |
| 531 | { | 492 | { |
| 532 | if (c->cipher != NULL) | 493 | if (c->cipher != NULL) |
| @@ -590,3 +551,13 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) | |||
| 590 | } | 551 | } |
| 591 | return ret; | 552 | return ret; |
| 592 | } | 553 | } |
| 554 | |||
| 555 | int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) | ||
| 556 | { | ||
| 557 | if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) | ||
| 558 | return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); | ||
| 559 | if (RAND_bytes(key, ctx->key_len) <= 0) | ||
| 560 | return 0; | ||
| 561 | return 1; | ||
| 562 | } | ||
| 563 | |||