summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp
diff options
context:
space:
mode:
authordjm <>2008-09-06 12:15:56 +0000
committerdjm <>2008-09-06 12:15:56 +0000
commit5a3c0a05c7f2c5d3c584b7c8d6aec836dd724c80 (patch)
treeaba68249883aa9d2361d92eef69a81d0c4961732 /src/lib/libcrypto/evp
parentf6198d4d0ab97685dc56be2d48715ed39fcc74b9 (diff)
downloadopenbsd-5a3c0a05c7f2c5d3c584b7c8d6aec836dd724c80.tar.gz
openbsd-5a3c0a05c7f2c5d3c584b7c8d6aec836dd724c80.tar.bz2
openbsd-5a3c0a05c7f2c5d3c584b7c8d6aec836dd724c80.zip
import of OpenSSL 0.9.8h
Diffstat (limited to 'src/lib/libcrypto/evp')
-rw-r--r--src/lib/libcrypto/evp/bio_b64.c2
-rw-r--r--src/lib/libcrypto/evp/bio_enc.c4
-rw-r--r--src/lib/libcrypto/evp/bio_md.c11
-rw-r--r--src/lib/libcrypto/evp/c_all.c6
-rw-r--r--src/lib/libcrypto/evp/digest.c61
-rw-r--r--src/lib/libcrypto/evp/e_aes.c22
-rw-r--r--src/lib/libcrypto/evp/e_bf.c2
-rw-r--r--src/lib/libcrypto/evp/e_camellia.c131
-rw-r--r--src/lib/libcrypto/evp/e_cast.c4
-rw-r--r--src/lib/libcrypto/evp/e_des.c36
-rw-r--r--src/lib/libcrypto/evp/e_des3.c61
-rw-r--r--src/lib/libcrypto/evp/e_idea.c4
-rw-r--r--src/lib/libcrypto/evp/e_null.c5
-rw-r--r--src/lib/libcrypto/evp/e_old.c17
-rw-r--r--src/lib/libcrypto/evp/e_rc2.c12
-rw-r--r--src/lib/libcrypto/evp/e_rc4.c8
-rw-r--r--src/lib/libcrypto/evp/e_xcbc_d.c5
-rw-r--r--src/lib/libcrypto/evp/encode.c10
-rw-r--r--src/lib/libcrypto/evp/evp.h319
-rw-r--r--src/lib/libcrypto/evp/evp_enc.c127
-rw-r--r--src/lib/libcrypto/evp/evp_err.c39
-rw-r--r--src/lib/libcrypto/evp/evp_key.c2
-rw-r--r--src/lib/libcrypto/evp/evp_lib.c125
-rw-r--r--src/lib/libcrypto/evp/evp_locl.h24
-rw-r--r--src/lib/libcrypto/evp/evp_pbe.c5
-rw-r--r--src/lib/libcrypto/evp/evp_pkey.c398
-rw-r--r--src/lib/libcrypto/evp/m_dss.c8
-rw-r--r--src/lib/libcrypto/evp/m_dss1.c18
-rw-r--r--src/lib/libcrypto/evp/m_ecdsa.c148
-rw-r--r--src/lib/libcrypto/evp/m_md4.c10
-rw-r--r--src/lib/libcrypto/evp/m_md5.c10
-rw-r--r--src/lib/libcrypto/evp/m_null.c2
-rw-r--r--src/lib/libcrypto/evp/m_ripemd.c9
-rw-r--r--src/lib/libcrypto/evp/m_sha1.c46
-rw-r--r--src/lib/libcrypto/evp/names.c11
-rw-r--r--src/lib/libcrypto/evp/p5_crpt.c14
-rw-r--r--src/lib/libcrypto/evp/p5_crpt2.c21
-rw-r--r--src/lib/libcrypto/evp/p_dec.c2
-rw-r--r--src/lib/libcrypto/evp/p_enc.c2
-rw-r--r--src/lib/libcrypto/evp/p_lib.c177
-rw-r--r--src/lib/libcrypto/evp/p_open.c10
-rw-r--r--src/lib/libcrypto/evp/p_seal.c2
-rw-r--r--src/lib/libcrypto/evp/p_verify.c2
43 files changed, 1428 insertions, 504 deletions
diff --git a/src/lib/libcrypto/evp/bio_b64.c b/src/lib/libcrypto/evp/bio_b64.c
index 33349c2f98..fa5cbc7eb1 100644
--- a/src/lib/libcrypto/evp/bio_b64.c
+++ b/src/lib/libcrypto/evp/bio_b64.c
@@ -165,7 +165,7 @@ static int b64_read(BIO *b, char *out, int outl)
165 { 165 {
166 i=ctx->buf_len-ctx->buf_off; 166 i=ctx->buf_len-ctx->buf_off;
167 if (i > outl) i=outl; 167 if (i > outl) i=outl;
168 OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf); 168 OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf));
169 memcpy(out,&(ctx->buf[ctx->buf_off]),i); 169 memcpy(out,&(ctx->buf[ctx->buf_off]),i);
170 ret=i; 170 ret=i;
171 out+=i; 171 out+=i;
diff --git a/src/lib/libcrypto/evp/bio_enc.c b/src/lib/libcrypto/evp/bio_enc.c
index b8cda1a9f0..f6ac94c6e1 100644
--- a/src/lib/libcrypto/evp/bio_enc.c
+++ b/src/lib/libcrypto/evp/bio_enc.c
@@ -405,8 +405,8 @@ EVP_CIPHER_ctx *c;
405 } 405 }
406*/ 406*/
407 407
408void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, unsigned char *k, 408void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
409 unsigned char *i, int e) 409 const unsigned char *i, int e)
410 { 410 {
411 BIO_ENC_CTX *ctx; 411 BIO_ENC_CTX *ctx;
412 412
diff --git a/src/lib/libcrypto/evp/bio_md.c b/src/lib/libcrypto/evp/bio_md.c
index f4aa41ac4b..d648ac6da6 100644
--- a/src/lib/libcrypto/evp/bio_md.c
+++ b/src/lib/libcrypto/evp/bio_md.c
@@ -153,7 +153,7 @@ static int md_write(BIO *b, const char *in, int inl)
153 { 153 {
154 if (ret > 0) 154 if (ret > 0)
155 { 155 {
156 EVP_DigestUpdate(ctx,(unsigned char *)in, 156 EVP_DigestUpdate(ctx,(const unsigned char *)in,
157 (unsigned int)ret); 157 (unsigned int)ret);
158 } 158 }
159 } 159 }
@@ -192,8 +192,13 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
192 ret=0; 192 ret=0;
193 break; 193 break;
194 case BIO_C_GET_MD_CTX: 194 case BIO_C_GET_MD_CTX:
195 pctx=ptr; 195 if (b->init)
196 *pctx=ctx; 196 {
197 pctx=ptr;
198 *pctx=ctx;
199 }
200 else
201 ret=0;
197 break; 202 break;
198 case BIO_C_SET_MD_CTX: 203 case BIO_C_SET_MD_CTX:
199 if (b->init) 204 if (b->init)
diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c
index fa60a73ead..a5da52e62d 100644
--- a/src/lib/libcrypto/evp/c_all.c
+++ b/src/lib/libcrypto/evp/c_all.c
@@ -74,6 +74,12 @@ void OpenSSL_add_all_algorithms(void)
74 74
75void OPENSSL_add_all_algorithms_noconf(void) 75void OPENSSL_add_all_algorithms_noconf(void)
76 { 76 {
77 /*
78 * For the moment OPENSSL_cpuid_setup does something
79 * only on IA-32, but we reserve the option for all
80 * platforms...
81 */
82 OPENSSL_cpuid_setup();
77 OpenSSL_add_all_ciphers(); 83 OpenSSL_add_all_ciphers();
78 OpenSSL_add_all_digests(); 84 OpenSSL_add_all_digests();
79#ifndef OPENSSL_NO_ENGINE 85#ifndef OPENSSL_NO_ENGINE
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index f21c63842c..762e6d3450 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -137,39 +137,6 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
137 return EVP_DigestInit_ex(ctx, type, NULL); 137 return EVP_DigestInit_ex(ctx, type, NULL);
138 } 138 }
139 139
140#ifdef OPENSSL_FIPS
141
142/* The purpose of these is to trap programs that attempt to use non FIPS
143 * algorithms in FIPS mode and ignore the errors.
144 */
145
146static int bad_init(EVP_MD_CTX *ctx)
147 { FIPS_ERROR_IGNORED("Digest init"); return 0;}
148
149static int bad_update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
150 { FIPS_ERROR_IGNORED("Digest update"); return 0;}
151
152static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
153 { FIPS_ERROR_IGNORED("Digest Final"); return 0;}
154
155static const EVP_MD bad_md =
156 {
157 0,
158 0,
159 0,
160 0,
161 bad_init,
162 bad_update,
163 bad_final,
164 NULL,
165 NULL,
166 NULL,
167 0,
168 {0,0,0,0},
169 };
170
171#endif
172
173int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) 140int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
174 { 141 {
175 EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); 142 EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
@@ -192,7 +159,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
192 { 159 {
193 if (!ENGINE_init(impl)) 160 if (!ENGINE_init(impl))
194 { 161 {
195 EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); 162 EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
196 return 0; 163 return 0;
197 } 164 }
198 } 165 }
@@ -206,7 +173,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
206 if(!d) 173 if(!d)
207 { 174 {
208 /* Same comment from evp_enc.c */ 175 /* Same comment from evp_enc.c */
209 EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); 176 EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
210 return 0; 177 return 0;
211 } 178 }
212 /* We'll use the ENGINE's private digest definition */ 179 /* We'll use the ENGINE's private digest definition */
@@ -222,24 +189,12 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
222 else 189 else
223 if(!ctx->digest) 190 if(!ctx->digest)
224 { 191 {
225 EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET); 192 EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET);
226 return 0; 193 return 0;
227 } 194 }
228#endif 195#endif
229 if (ctx->digest != type) 196 if (ctx->digest != type)
230 { 197 {
231#ifdef OPENSSL_FIPS
232 if (FIPS_mode())
233 {
234 if (!(type->flags & EVP_MD_FLAG_FIPS)
235 && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
236 {
237 EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS);
238 ctx->digest = &bad_md;
239 return 0;
240 }
241 }
242#endif
243 if (ctx->digest && ctx->digest->ctx_size) 198 if (ctx->digest && ctx->digest->ctx_size)
244 OPENSSL_free(ctx->md_data); 199 OPENSSL_free(ctx->md_data);
245 ctx->digest=type; 200 ctx->digest=type;
@@ -253,9 +208,9 @@ skip_to_init:
253 } 208 }
254 209
255int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, 210int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
256 unsigned int count) 211 size_t count)
257 { 212 {
258 return ctx->digest->update(ctx,data,(unsigned long)count); 213 return ctx->digest->update(ctx,data,count);
259 } 214 }
260 215
261/* The caller can assume that this removes any secret data from the context */ 216/* The caller can assume that this removes any secret data from the context */
@@ -296,14 +251,14 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
296 unsigned char *tmp_buf; 251 unsigned char *tmp_buf;
297 if ((in == NULL) || (in->digest == NULL)) 252 if ((in == NULL) || (in->digest == NULL))
298 { 253 {
299 EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); 254 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,EVP_R_INPUT_NOT_INITIALIZED);
300 return 0; 255 return 0;
301 } 256 }
302#ifndef OPENSSL_NO_ENGINE 257#ifndef OPENSSL_NO_ENGINE
303 /* Make sure it's safe to copy a digest context using an ENGINE */ 258 /* Make sure it's safe to copy a digest context using an ENGINE */
304 if (in->engine && !ENGINE_init(in->engine)) 259 if (in->engine && !ENGINE_init(in->engine))
305 { 260 {
306 EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB); 261 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB);
307 return 0; 262 return 0;
308 } 263 }
309#endif 264#endif
@@ -330,7 +285,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
330 return 1; 285 return 1;
331 } 286 }
332 287
333int EVP_Digest(void *data, unsigned int count, 288int EVP_Digest(const void *data, size_t count,
334 unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) 289 unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl)
335 { 290 {
336 EVP_MD_CTX ctx; 291 EVP_MD_CTX ctx;
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 7b67984fa1..bd6c0a3a62 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -48,10 +48,12 @@
48 * 48 *
49 */ 49 */
50 50
51#include <openssl/opensslconf.h>
51#ifndef OPENSSL_NO_AES 52#ifndef OPENSSL_NO_AES
52#include <openssl/evp.h> 53#include <openssl/evp.h>
53#include <openssl/err.h> 54#include <openssl/err.h>
54#include <string.h> 55#include <string.h>
56#include <assert.h>
55#include <openssl/aes.h> 57#include <openssl/aes.h>
56#include "evp_locl.h" 58#include "evp_locl.h"
57 59
@@ -67,32 +69,32 @@ typedef struct
67 69
68IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, 70IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
69 NID_aes_128, 16, 16, 16, 128, 71 NID_aes_128, 16, 16, 16, 128,
70 EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 72 0, aes_init_key, NULL,
71 EVP_CIPHER_set_asn1_iv, 73 EVP_CIPHER_set_asn1_iv,
72 EVP_CIPHER_get_asn1_iv, 74 EVP_CIPHER_get_asn1_iv,
73 NULL) 75 NULL)
74IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, 76IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
75 NID_aes_192, 16, 24, 16, 128, 77 NID_aes_192, 16, 24, 16, 128,
76 EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 78 0, aes_init_key, NULL,
77 EVP_CIPHER_set_asn1_iv, 79 EVP_CIPHER_set_asn1_iv,
78 EVP_CIPHER_get_asn1_iv, 80 EVP_CIPHER_get_asn1_iv,
79 NULL) 81 NULL)
80IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, 82IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
81 NID_aes_256, 16, 32, 16, 128, 83 NID_aes_256, 16, 32, 16, 128,
82 EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 84 0, aes_init_key, NULL,
83 EVP_CIPHER_set_asn1_iv, 85 EVP_CIPHER_set_asn1_iv,
84 EVP_CIPHER_get_asn1_iv, 86 EVP_CIPHER_get_asn1_iv,
85 NULL) 87 NULL)
86 88
87#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags) 89#define IMPLEMENT_AES_CFBR(ksize,cbits) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16)
88 90
89IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS) 91IMPLEMENT_AES_CFBR(128,1)
90IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS) 92IMPLEMENT_AES_CFBR(192,1)
91IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS) 93IMPLEMENT_AES_CFBR(256,1)
92 94
93IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS) 95IMPLEMENT_AES_CFBR(128,8)
94IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS) 96IMPLEMENT_AES_CFBR(192,8)
95IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS) 97IMPLEMENT_AES_CFBR(256,8)
96 98
97static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 99static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
98 const unsigned char *iv, int enc) 100 const unsigned char *iv, int enc)
diff --git a/src/lib/libcrypto/evp/e_bf.c b/src/lib/libcrypto/evp/e_bf.c
index e74337567b..cc224e5363 100644
--- a/src/lib/libcrypto/evp/e_bf.c
+++ b/src/lib/libcrypto/evp/e_bf.c
@@ -56,9 +56,9 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_BF
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61#ifndef OPENSSL_NO_BF
62#include <openssl/evp.h> 62#include <openssl/evp.h>
63#include "evp_locl.h" 63#include "evp_locl.h"
64#include <openssl/objects.h> 64#include <openssl/objects.h>
diff --git a/src/lib/libcrypto/evp/e_camellia.c b/src/lib/libcrypto/evp/e_camellia.c
new file mode 100644
index 0000000000..a7b40d1c60
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_camellia.c
@@ -0,0 +1,131 @@
1/* crypto/evp/e_camellia.c -*- mode:C; c-file-style: "eay" -*- */
2/* ====================================================================
3 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/opensslconf.h>
57#ifndef OPENSSL_NO_CAMELLIA
58#include <openssl/evp.h>
59#include <openssl/err.h>
60#include <string.h>
61#include <assert.h>
62#include <openssl/camellia.h>
63#include "evp_locl.h"
64
65static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
66 const unsigned char *iv, int enc);
67
68/* Camellia subkey Structure */
69typedef struct
70 {
71 CAMELLIA_KEY ks;
72 } EVP_CAMELLIA_KEY;
73
74/* Attribute operation for Camellia */
75#define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY,ctx)
76
77IMPLEMENT_BLOCK_CIPHER(camellia_128, ks, Camellia, EVP_CAMELLIA_KEY,
78 NID_camellia_128, 16, 16, 16, 128,
79 0, camellia_init_key, NULL,
80 EVP_CIPHER_set_asn1_iv,
81 EVP_CIPHER_get_asn1_iv,
82 NULL)
83IMPLEMENT_BLOCK_CIPHER(camellia_192, ks, Camellia, EVP_CAMELLIA_KEY,
84 NID_camellia_192, 16, 24, 16, 128,
85 0, camellia_init_key, NULL,
86 EVP_CIPHER_set_asn1_iv,
87 EVP_CIPHER_get_asn1_iv,
88 NULL)
89IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY,
90 NID_camellia_256, 16, 32, 16, 128,
91 0, camellia_init_key, NULL,
92 EVP_CIPHER_set_asn1_iv,
93 EVP_CIPHER_get_asn1_iv,
94 NULL)
95
96#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16)
97
98IMPLEMENT_CAMELLIA_CFBR(128,1)
99IMPLEMENT_CAMELLIA_CFBR(192,1)
100IMPLEMENT_CAMELLIA_CFBR(256,1)
101
102IMPLEMENT_CAMELLIA_CFBR(128,8)
103IMPLEMENT_CAMELLIA_CFBR(192,8)
104IMPLEMENT_CAMELLIA_CFBR(256,8)
105
106
107
108/* The subkey for Camellia is generated. */
109static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
110 const unsigned char *iv, int enc)
111 {
112 int ret;
113
114 ret=Camellia_set_key(key, ctx->key_len * 8, ctx->cipher_data);
115
116 if(ret < 0)
117 {
118 EVPerr(EVP_F_CAMELLIA_INIT_KEY,EVP_R_CAMELLIA_KEY_SETUP_FAILED);
119 return 0;
120 }
121
122 return 1;
123 }
124
125#else
126
127# ifdef PEDANTIC
128static void *dummy=&dummy;
129# endif
130
131#endif
diff --git a/src/lib/libcrypto/evp/e_cast.c b/src/lib/libcrypto/evp/e_cast.c
index 3400fef187..d77bcd9298 100644
--- a/src/lib/libcrypto/evp/e_cast.c
+++ b/src/lib/libcrypto/evp/e_cast.c
@@ -56,10 +56,10 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_CAST
60
61#include <stdio.h> 59#include <stdio.h>
62#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_CAST
63#include <openssl/evp.h> 63#include <openssl/evp.h>
64#include <openssl/objects.h> 64#include <openssl/objects.h>
65#include "evp_locl.h" 65#include "evp_locl.h"
diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c
index 46e2899825..856323648c 100644
--- a/src/lib/libcrypto/evp/e_des.c
+++ b/src/lib/libcrypto/evp/e_des.c
@@ -63,9 +63,11 @@
63#include <openssl/objects.h> 63#include <openssl/objects.h>
64#include "evp_locl.h" 64#include "evp_locl.h"
65#include <openssl/des.h> 65#include <openssl/des.h>
66#include <openssl/rand.h>
66 67
67static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 68static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
68 const unsigned char *iv, int enc); 69 const unsigned char *iv, int enc);
70static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
69 71
70/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */ 72/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */
71 73
@@ -127,28 +129,48 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
127 } 129 }
128 130
129BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, 131BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
130 EVP_CIPH_FLAG_FIPS, des_init_key, NULL, 132 EVP_CIPH_RAND_KEY, des_init_key, NULL,
131 EVP_CIPHER_set_asn1_iv, 133 EVP_CIPHER_set_asn1_iv,
132 EVP_CIPHER_get_asn1_iv, 134 EVP_CIPHER_get_asn1_iv,
133 NULL) 135 des_ctrl)
134 136
135BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, 137BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,
136 EVP_CIPH_FLAG_FIPS,des_init_key,NULL, 138 EVP_CIPH_RAND_KEY, des_init_key,NULL,
137 EVP_CIPHER_set_asn1_iv, 139 EVP_CIPHER_set_asn1_iv,
138 EVP_CIPHER_get_asn1_iv,NULL) 140 EVP_CIPHER_get_asn1_iv,des_ctrl)
139 141
140BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, 142BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,
141 EVP_CIPH_FLAG_FIPS,des_init_key,NULL, 143 EVP_CIPH_RAND_KEY,des_init_key,NULL,
142 EVP_CIPHER_set_asn1_iv, 144 EVP_CIPHER_set_asn1_iv,
143 EVP_CIPHER_get_asn1_iv,NULL) 145 EVP_CIPHER_get_asn1_iv,des_ctrl)
144 146
145static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 147static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
146 const unsigned char *iv, int enc) 148 const unsigned char *iv, int enc)
147 { 149 {
148 DES_cblock *deskey = (DES_cblock *)key; 150 DES_cblock *deskey = (DES_cblock *)key;
149 151#ifdef EVP_CHECK_DES_KEY
152 if(DES_set_key_checked(deskey,ctx->cipher_data) != 0)
153 return 0;
154#else
150 DES_set_key_unchecked(deskey,ctx->cipher_data); 155 DES_set_key_unchecked(deskey,ctx->cipher_data);
156#endif
151 return 1; 157 return 1;
152 } 158 }
153 159
160static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
161 {
162
163 switch(type)
164 {
165 case EVP_CTRL_RAND_KEY:
166 if (RAND_bytes(ptr, 8) <= 0)
167 return 0;
168 DES_set_odd_parity((DES_cblock *)ptr);
169 return 1;
170
171 default:
172 return -1;
173 }
174 }
175
154#endif 176#endif
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
index 677322bf02..ac148efab2 100644
--- a/src/lib/libcrypto/evp/e_des3.c
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -63,6 +63,7 @@
63#include <openssl/objects.h> 63#include <openssl/objects.h>
64#include "evp_locl.h" 64#include "evp_locl.h"
65#include <openssl/des.h> 65#include <openssl/des.h>
66#include <openssl/rand.h>
66 67
67static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 68static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
68 const unsigned char *iv,int enc); 69 const unsigned char *iv,int enc);
@@ -70,6 +71,8 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
70static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 71static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
71 const unsigned char *iv,int enc); 72 const unsigned char *iv,int enc);
72 73
74static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
75
73typedef struct 76typedef struct
74 { 77 {
75 DES_key_schedule ks1;/* key schedule */ 78 DES_key_schedule ks1;/* key schedule */
@@ -85,7 +88,8 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
85 const unsigned char *in, unsigned int inl) 88 const unsigned char *in, unsigned int inl)
86{ 89{
87 BLOCK_CIPHER_ecb_loop() 90 BLOCK_CIPHER_ecb_loop()
88 DES_ecb3_encrypt(in + i,out + i, 91 DES_ecb3_encrypt((const_DES_cblock *)(in + i),
92 (DES_cblock *)(out + i),
89 &data(ctx)->ks1, &data(ctx)->ks2, 93 &data(ctx)->ks1, &data(ctx)->ks2,
90 &data(ctx)->ks3, 94 &data(ctx)->ks3,
91 ctx->encrypt); 95 ctx->encrypt);
@@ -160,10 +164,10 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
160 } 164 }
161 165
162BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, 166BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
163 EVP_CIPH_FLAG_FIPS, des_ede_init_key, NULL, 167 EVP_CIPH_RAND_KEY, des_ede_init_key, NULL,
164 EVP_CIPHER_set_asn1_iv, 168 EVP_CIPHER_set_asn1_iv,
165 EVP_CIPHER_get_asn1_iv, 169 EVP_CIPHER_get_asn1_iv,
166 NULL) 170 des3_ctrl)
167 171
168#define des_ede3_cfb64_cipher des_ede_cfb64_cipher 172#define des_ede3_cfb64_cipher des_ede_cfb64_cipher
169#define des_ede3_ofb_cipher des_ede_ofb_cipher 173#define des_ede3_ofb_cipher des_ede_ofb_cipher
@@ -171,28 +175,35 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
171#define des_ede3_ecb_cipher des_ede_ecb_cipher 175#define des_ede3_ecb_cipher des_ede_ecb_cipher
172 176
173BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, 177BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
174 EVP_CIPH_FLAG_FIPS, des_ede3_init_key, NULL, 178 EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
175 EVP_CIPHER_set_asn1_iv, 179 EVP_CIPHER_set_asn1_iv,
176 EVP_CIPHER_get_asn1_iv, 180 EVP_CIPHER_get_asn1_iv,
177 NULL) 181 des3_ctrl)
178 182
179BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, 183BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
180 EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL, 184 EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
181 EVP_CIPHER_set_asn1_iv, 185 EVP_CIPHER_set_asn1_iv,
182 EVP_CIPHER_get_asn1_iv,NULL) 186 EVP_CIPHER_get_asn1_iv,
187 des3_ctrl)
183 188
184BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, 189BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
185 EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL, 190 EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
186 EVP_CIPHER_set_asn1_iv, 191 EVP_CIPHER_set_asn1_iv,
187 EVP_CIPHER_get_asn1_iv,NULL) 192 EVP_CIPHER_get_asn1_iv,
193 des3_ctrl)
188 194
189static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 195static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
190 const unsigned char *iv, int enc) 196 const unsigned char *iv, int enc)
191 { 197 {
192 DES_cblock *deskey = (DES_cblock *)key; 198 DES_cblock *deskey = (DES_cblock *)key;
193 199#ifdef EVP_CHECK_DES_KEY
200 if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)
201 !! DES_set_key_checked(&deskey[1],&data(ctx)->ks2))
202 return 0;
203#else
194 DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); 204 DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
195 DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); 205 DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
206#endif
196 memcpy(&data(ctx)->ks3,&data(ctx)->ks1, 207 memcpy(&data(ctx)->ks3,&data(ctx)->ks1,
197 sizeof(data(ctx)->ks1)); 208 sizeof(data(ctx)->ks1));
198 return 1; 209 return 1;
@@ -213,13 +224,41 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
213 } 224 }
214#endif /* KSSL_DEBUG */ 225#endif /* KSSL_DEBUG */
215 226
227#ifdef EVP_CHECK_DES_KEY
228 if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)
229 || DES_set_key_checked(&deskey[1],&data(ctx)->ks2)
230 || DES_set_key_checked(&deskey[2],&data(ctx)->ks3))
231 return 0;
232#else
216 DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); 233 DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
217 DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); 234 DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
218 DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3); 235 DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3);
219 236#endif
220 return 1; 237 return 1;
221 } 238 }
222 239
240static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
241 {
242
243 DES_cblock *deskey = ptr;
244
245 switch(type)
246 {
247 case EVP_CTRL_RAND_KEY:
248 if (RAND_bytes(ptr, c->key_len) <= 0)
249 return 0;
250 DES_set_odd_parity(deskey);
251 if (c->key_len >= 16)
252 DES_set_odd_parity(deskey + 1);
253 if (c->key_len >= 24)
254 DES_set_odd_parity(deskey + 2);
255 return 1;
256
257 default:
258 return -1;
259 }
260 }
261
223const EVP_CIPHER *EVP_des_ede(void) 262const EVP_CIPHER *EVP_des_ede(void)
224{ 263{
225 return &des_ede_ecb; 264 return &des_ede_ecb;
diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c
index b9efa75ae7..48c33a774a 100644
--- a/src/lib/libcrypto/evp/e_idea.c
+++ b/src/lib/libcrypto/evp/e_idea.c
@@ -56,10 +56,10 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_IDEA
60
61#include <stdio.h> 59#include <stdio.h>
62#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_IDEA
63#include <openssl/evp.h> 63#include <openssl/evp.h>
64#include <openssl/objects.h> 64#include <openssl/objects.h>
65#include "evp_locl.h" 65#include "evp_locl.h"
diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c
index a84b0f14b1..5205259f18 100644
--- a/src/lib/libcrypto/evp/e_null.c
+++ b/src/lib/libcrypto/evp/e_null.c
@@ -69,13 +69,14 @@ static const EVP_CIPHER n_cipher=
69 { 69 {
70 NID_undef, 70 NID_undef,
71 1,0,0, 71 1,0,0,
72 EVP_CIPH_FLAG_FIPS, 72 0,
73 null_init_key, 73 null_init_key,
74 null_cipher, 74 null_cipher,
75 NULL, 75 NULL,
76 0, 76 0,
77 NULL, 77 NULL,
78 NULL, 78 NULL,
79 NULL,
79 NULL 80 NULL
80 }; 81 };
81 82
@@ -95,7 +96,7 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
95 const unsigned char *in, unsigned int inl) 96 const unsigned char *in, unsigned int inl)
96 { 97 {
97 if (in != out) 98 if (in != out)
98 memcpy((char *)out,(char *)in,(int)inl); 99 memcpy((char *)out,(const char *)in,(size_t)inl);
99 return 1; 100 return 1;
100 } 101 }
101 102
diff --git a/src/lib/libcrypto/evp/e_old.c b/src/lib/libcrypto/evp/e_old.c
index 92dc498945..1642af4869 100644
--- a/src/lib/libcrypto/evp/e_old.c
+++ b/src/lib/libcrypto/evp/e_old.c
@@ -56,6 +56,10 @@
56 * 56 *
57 */ 57 */
58 58
59#ifdef OPENSSL_NO_DEPRECATED
60static void *dummy = &dummy;
61#else
62
59#include <openssl/evp.h> 63#include <openssl/evp.h>
60 64
61/* Define some deprecated functions, so older programs 65/* Define some deprecated functions, so older programs
@@ -66,43 +70,56 @@
66 70
67#ifndef OPENSSL_NO_BF 71#ifndef OPENSSL_NO_BF
68#undef EVP_bf_cfb 72#undef EVP_bf_cfb
73const EVP_CIPHER *EVP_bf_cfb(void);
69const EVP_CIPHER *EVP_bf_cfb(void) { return EVP_bf_cfb64(); } 74const EVP_CIPHER *EVP_bf_cfb(void) { return EVP_bf_cfb64(); }
70#endif 75#endif
71 76
72#ifndef OPENSSL_NO_DES 77#ifndef OPENSSL_NO_DES
73#undef EVP_des_cfb 78#undef EVP_des_cfb
79const EVP_CIPHER *EVP_des_cfb(void);
74const EVP_CIPHER *EVP_des_cfb(void) { return EVP_des_cfb64(); } 80const EVP_CIPHER *EVP_des_cfb(void) { return EVP_des_cfb64(); }
75#undef EVP_des_ede3_cfb 81#undef EVP_des_ede3_cfb
82const EVP_CIPHER *EVP_des_ede3_cfb(void);
76const EVP_CIPHER *EVP_des_ede3_cfb(void) { return EVP_des_ede3_cfb64(); } 83const EVP_CIPHER *EVP_des_ede3_cfb(void) { return EVP_des_ede3_cfb64(); }
77#undef EVP_des_ede_cfb 84#undef EVP_des_ede_cfb
85const EVP_CIPHER *EVP_des_ede_cfb(void);
78const EVP_CIPHER *EVP_des_ede_cfb(void) { return EVP_des_ede_cfb64(); } 86const EVP_CIPHER *EVP_des_ede_cfb(void) { return EVP_des_ede_cfb64(); }
79#endif 87#endif
80 88
81#ifndef OPENSSL_NO_IDEA 89#ifndef OPENSSL_NO_IDEA
82#undef EVP_idea_cfb 90#undef EVP_idea_cfb
91const EVP_CIPHER *EVP_idea_cfb(void);
83const EVP_CIPHER *EVP_idea_cfb(void) { return EVP_idea_cfb64(); } 92const EVP_CIPHER *EVP_idea_cfb(void) { return EVP_idea_cfb64(); }
84#endif 93#endif
85 94
86#ifndef OPENSSL_NO_RC2 95#ifndef OPENSSL_NO_RC2
87#undef EVP_rc2_cfb 96#undef EVP_rc2_cfb
97const EVP_CIPHER *EVP_rc2_cfb(void);
88const EVP_CIPHER *EVP_rc2_cfb(void) { return EVP_rc2_cfb64(); } 98const EVP_CIPHER *EVP_rc2_cfb(void) { return EVP_rc2_cfb64(); }
89#endif 99#endif
90 100
91#ifndef OPENSSL_NO_CAST 101#ifndef OPENSSL_NO_CAST
92#undef EVP_cast5_cfb 102#undef EVP_cast5_cfb
103const EVP_CIPHER *EVP_cast5_cfb(void);
93const EVP_CIPHER *EVP_cast5_cfb(void) { return EVP_cast5_cfb64(); } 104const EVP_CIPHER *EVP_cast5_cfb(void) { return EVP_cast5_cfb64(); }
94#endif 105#endif
95 106
96#ifndef OPENSSL_NO_RC5 107#ifndef OPENSSL_NO_RC5
97#undef EVP_rc5_32_12_16_cfb 108#undef EVP_rc5_32_12_16_cfb
109const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
98const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) { return EVP_rc5_32_12_16_cfb64(); } 110const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) { return EVP_rc5_32_12_16_cfb64(); }
99#endif 111#endif
100 112
101#ifndef OPENSSL_NO_AES 113#ifndef OPENSSL_NO_AES
102#undef EVP_aes_128_cfb 114#undef EVP_aes_128_cfb
115const EVP_CIPHER *EVP_aes_128_cfb(void);
103const EVP_CIPHER *EVP_aes_128_cfb(void) { return EVP_aes_128_cfb128(); } 116const EVP_CIPHER *EVP_aes_128_cfb(void) { return EVP_aes_128_cfb128(); }
104#undef EVP_aes_192_cfb 117#undef EVP_aes_192_cfb
118const EVP_CIPHER *EVP_aes_192_cfb(void);
105const EVP_CIPHER *EVP_aes_192_cfb(void) { return EVP_aes_192_cfb128(); } 119const EVP_CIPHER *EVP_aes_192_cfb(void) { return EVP_aes_192_cfb128(); }
106#undef EVP_aes_256_cfb 120#undef EVP_aes_256_cfb
121const EVP_CIPHER *EVP_aes_256_cfb(void);
107const EVP_CIPHER *EVP_aes_256_cfb(void) { return EVP_aes_256_cfb128(); } 122const EVP_CIPHER *EVP_aes_256_cfb(void) { return EVP_aes_256_cfb128(); }
108#endif 123#endif
124
125#endif
diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c
index d42cbfd17e..d37726ffae 100644
--- a/src/lib/libcrypto/evp/e_rc2.c
+++ b/src/lib/libcrypto/evp/e_rc2.c
@@ -56,10 +56,11 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_RC2
60
61#include <stdio.h> 59#include <stdio.h>
62#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_RC2
63
63#include <openssl/evp.h> 64#include <openssl/evp.h>
64#include <openssl/objects.h> 65#include <openssl/objects.h>
65#include "evp_locl.h" 66#include "evp_locl.h"
@@ -167,16 +168,17 @@ static int rc2_magic_to_meth(int i)
167static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) 168static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
168 { 169 {
169 long num=0; 170 long num=0;
170 int i=0,l; 171 int i=0;
171 int key_bits; 172 int key_bits;
173 unsigned int l;
172 unsigned char iv[EVP_MAX_IV_LENGTH]; 174 unsigned char iv[EVP_MAX_IV_LENGTH];
173 175
174 if (type != NULL) 176 if (type != NULL)
175 { 177 {
176 l=EVP_CIPHER_CTX_iv_length(c); 178 l=EVP_CIPHER_CTX_iv_length(c);
177 OPENSSL_assert(l <= sizeof iv); 179 OPENSSL_assert(l <= sizeof(iv));
178 i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l); 180 i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l);
179 if (i != l) 181 if (i != (int)l)
180 return(-1); 182 return(-1);
181 key_bits =rc2_magic_to_meth((int)num); 183 key_bits =rc2_magic_to_meth((int)num);
182 if (!key_bits) 184 if (!key_bits)
diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c
index 8aa70585b9..67af850bea 100644
--- a/src/lib/libcrypto/evp/e_rc4.c
+++ b/src/lib/libcrypto/evp/e_rc4.c
@@ -56,13 +56,13 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_RC4
60
61#include <stdio.h> 59#include <stdio.h>
62#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_RC4
63
63#include <openssl/evp.h> 64#include <openssl/evp.h>
64#include <openssl/objects.h> 65#include <openssl/objects.h>
65#include "evp_locl.h"
66#include <openssl/rc4.h> 66#include <openssl/rc4.h>
67 67
68/* FIXME: surely this is available elsewhere? */ 68/* FIXME: surely this is available elsewhere? */
@@ -90,6 +90,7 @@ static const EVP_CIPHER r4_cipher=
90 sizeof(EVP_RC4_KEY), 90 sizeof(EVP_RC4_KEY),
91 NULL, 91 NULL,
92 NULL, 92 NULL,
93 NULL,
93 NULL 94 NULL
94 }; 95 };
95 96
@@ -104,6 +105,7 @@ static const EVP_CIPHER r4_40_cipher=
104 sizeof(EVP_RC4_KEY), 105 sizeof(EVP_RC4_KEY),
105 NULL, 106 NULL,
106 NULL, 107 NULL,
108 NULL,
107 NULL 109 NULL
108 }; 110 };
109 111
diff --git a/src/lib/libcrypto/evp/e_xcbc_d.c b/src/lib/libcrypto/evp/e_xcbc_d.c
index a6f849e93d..8832da2433 100644
--- a/src/lib/libcrypto/evp/e_xcbc_d.c
+++ b/src/lib/libcrypto/evp/e_xcbc_d.c
@@ -56,9 +56,11 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_DES
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_DES
63
62#include <openssl/evp.h> 64#include <openssl/evp.h>
63#include <openssl/objects.h> 65#include <openssl/objects.h>
64#include <openssl/des.h> 66#include <openssl/des.h>
@@ -89,6 +91,7 @@ static const EVP_CIPHER d_xcbc_cipher=
89 sizeof(DESX_CBC_KEY), 91 sizeof(DESX_CBC_KEY),
90 EVP_CIPHER_set_asn1_iv, 92 EVP_CIPHER_set_asn1_iv,
91 EVP_CIPHER_get_asn1_iv, 93 EVP_CIPHER_get_asn1_iv,
94 NULL,
92 NULL 95 NULL
93 }; 96 };
94 97
diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c
index 33e540087d..5921f0d710 100644
--- a/src/lib/libcrypto/evp/encode.c
+++ b/src/lib/libcrypto/evp/encode.c
@@ -129,14 +129,14 @@ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
129 } 129 }
130 130
131void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, 131void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
132 unsigned char *in, int inl) 132 const unsigned char *in, int inl)
133 { 133 {
134 int i,j; 134 int i,j;
135 unsigned int total=0; 135 unsigned int total=0;
136 136
137 *outl=0; 137 *outl=0;
138 if (inl == 0) return; 138 if (inl == 0) return;
139 OPENSSL_assert(ctx->length <= sizeof ctx->enc_data); 139 OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
140 if ((ctx->num+inl) < ctx->length) 140 if ((ctx->num+inl) < ctx->length)
141 { 141 {
142 memcpy(&(ctx->enc_data[ctx->num]),in,inl); 142 memcpy(&(ctx->enc_data[ctx->num]),in,inl);
@@ -233,7 +233,7 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
233 * 1 for full line 233 * 1 for full line
234 */ 234 */
235int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, 235int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
236 unsigned char *in, int inl) 236 const unsigned char *in, int inl)
237 { 237 {
238 int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl; 238 int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl;
239 unsigned char *d; 239 unsigned char *d;
@@ -259,7 +259,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
259 /* only save the good data :-) */ 259 /* only save the good data :-) */
260 if (!B64_NOT_BASE64(v)) 260 if (!B64_NOT_BASE64(v))
261 { 261 {
262 OPENSSL_assert(n < sizeof ctx->enc_data); 262 OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
263 d[n++]=tmp; 263 d[n++]=tmp;
264 ln++; 264 ln++;
265 } 265 }
@@ -323,8 +323,8 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
323 if (n > 0) 323 if (n > 0)
324 { 324 {
325 v=EVP_DecodeBlock(out,d,n); 325 v=EVP_DecodeBlock(out,d,n);
326 if (v < 0) { rv=0; goto end; }
327 n=0; 326 n=0;
327 if (v < 0) { rv=0; goto end; }
328 ret+=(v-eof); 328 ret+=(v-eof);
329 } 329 }
330 else 330 else
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 56eec23fef..bdd3b7ecaa 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -74,56 +74,6 @@
74#ifndef OPENSSL_NO_BIO 74#ifndef OPENSSL_NO_BIO
75#include <openssl/bio.h> 75#include <openssl/bio.h>
76#endif 76#endif
77#ifndef OPENSSL_NO_MD2
78#include <openssl/md2.h>
79#endif
80#ifndef OPENSSL_NO_MD4
81#include <openssl/md4.h>
82#endif
83#ifndef OPENSSL_NO_MD5
84#include <openssl/md5.h>
85#endif
86#ifndef OPENSSL_NO_SHA
87#ifndef OPENSSL_FIPS
88#include <openssl/sha.h>
89#else
90#include <openssl/fips_sha.h>
91#endif
92#endif
93#ifndef OPENSSL_NO_RIPEMD
94#include <openssl/ripemd.h>
95#endif
96#ifndef OPENSSL_NO_DES
97#include <openssl/des.h>
98#endif
99#ifndef OPENSSL_NO_RC4
100#include <openssl/rc4.h>
101#endif
102#ifndef OPENSSL_NO_RC2
103#include <openssl/rc2.h>
104#endif
105#ifndef OPENSSL_NO_RC5
106#include <openssl/rc5.h>
107#endif
108#ifndef OPENSSL_NO_BF
109#include <openssl/blowfish.h>
110#endif
111#ifndef OPENSSL_NO_CAST
112#include <openssl/cast.h>
113#endif
114#ifndef OPENSSL_NO_IDEA
115#include <openssl/idea.h>
116#endif
117#ifndef OPENSSL_NO_MDC2
118#include <openssl/mdc2.h>
119#endif
120#ifndef OPENSSL_NO_AES
121#include <openssl/aes.h>
122#endif
123
124#ifdef OPENSSL_FIPS
125#include <openssl/fips.h>
126#endif
127 77
128/* 78/*
129#define EVP_RC2_KEY_SIZE 16 79#define EVP_RC2_KEY_SIZE 16
@@ -132,11 +82,7 @@
132#define EVP_CAST5_KEY_SIZE 16 82#define EVP_CAST5_KEY_SIZE 16
133#define EVP_RC5_32_12_16_KEY_SIZE 16 83#define EVP_RC5_32_12_16_KEY_SIZE 16
134*/ 84*/
135#ifdef OPENSSL_FIPS 85#define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */
136#define EVP_MAX_MD_SIZE 64 /* longest known SHA512 */
137#else
138#define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
139#endif
140#define EVP_MAX_KEY_LENGTH 32 86#define EVP_MAX_KEY_LENGTH 32
141#define EVP_MAX_IV_LENGTH 16 87#define EVP_MAX_IV_LENGTH 16
142#define EVP_MAX_BLOCK_LENGTH 32 88#define EVP_MAX_BLOCK_LENGTH 32
@@ -145,28 +91,18 @@
145/* Default PKCS#5 iteration count */ 91/* Default PKCS#5 iteration count */
146#define PKCS5_DEFAULT_ITER 2048 92#define PKCS5_DEFAULT_ITER 2048
147 93
148#ifndef OPENSSL_NO_RSA
149#include <openssl/rsa.h>
150#endif
151
152#ifndef OPENSSL_NO_DSA
153#include <openssl/dsa.h>
154#endif
155
156#ifndef OPENSSL_NO_DH
157#include <openssl/dh.h>
158#endif
159
160#include <openssl/objects.h> 94#include <openssl/objects.h>
161 95
162#define EVP_PK_RSA 0x0001 96#define EVP_PK_RSA 0x0001
163#define EVP_PK_DSA 0x0002 97#define EVP_PK_DSA 0x0002
164#define EVP_PK_DH 0x0004 98#define EVP_PK_DH 0x0004
99#define EVP_PK_EC 0x0008
165#define EVP_PKT_SIGN 0x0010 100#define EVP_PKT_SIGN 0x0010
166#define EVP_PKT_ENC 0x0020 101#define EVP_PKT_ENC 0x0020
167#define EVP_PKT_EXCH 0x0040 102#define EVP_PKT_EXCH 0x0040
168#define EVP_PKS_RSA 0x0100 103#define EVP_PKS_RSA 0x0100
169#define EVP_PKS_DSA 0x0200 104#define EVP_PKS_DSA 0x0200
105#define EVP_PKS_EC 0x0400
170#define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ 106#define EVP_PKT_EXP 0x1000 /* <= 512 bit key */
171 107
172#define EVP_PKEY_NONE NID_undef 108#define EVP_PKEY_NONE NID_undef
@@ -178,6 +114,7 @@
178#define EVP_PKEY_DSA3 NID_dsaWithSHA1 114#define EVP_PKEY_DSA3 NID_dsaWithSHA1
179#define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 115#define EVP_PKEY_DSA4 NID_dsaWithSHA1_2
180#define EVP_PKEY_DH NID_dhKeyAgreement 116#define EVP_PKEY_DH NID_dhKeyAgreement
117#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey
181 118
182#ifdef __cplusplus 119#ifdef __cplusplus
183extern "C" { 120extern "C" {
@@ -202,6 +139,9 @@ struct evp_pkey_st
202#ifndef OPENSSL_NO_DH 139#ifndef OPENSSL_NO_DH
203 struct dh_st *dh; /* DH */ 140 struct dh_st *dh; /* DH */
204#endif 141#endif
142#ifndef OPENSSL_NO_EC
143 struct ec_key_st *ec; /* ECC */
144#endif
205 } pkey; 145 } pkey;
206 int save_parameters; 146 int save_parameters;
207 STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ 147 STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
@@ -287,39 +227,58 @@ struct env_md_st
287 int md_size; 227 int md_size;
288 unsigned long flags; 228 unsigned long flags;
289 int (*init)(EVP_MD_CTX *ctx); 229 int (*init)(EVP_MD_CTX *ctx);
290 int (*update)(EVP_MD_CTX *ctx,const void *data,unsigned long count); 230 int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count);
291 int (*final)(EVP_MD_CTX *ctx,unsigned char *md); 231 int (*final)(EVP_MD_CTX *ctx,unsigned char *md);
292 int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from); 232 int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from);
293 int (*cleanup)(EVP_MD_CTX *ctx); 233 int (*cleanup)(EVP_MD_CTX *ctx);
294 234
295 /* FIXME: prototype these some day */ 235 /* FIXME: prototype these some day */
296 int (*sign)(); 236 int (*sign)(int type, const unsigned char *m, unsigned int m_length,
297 int (*verify)(); 237 unsigned char *sigret, unsigned int *siglen, void *key);
238 int (*verify)(int type, const unsigned char *m, unsigned int m_length,
239 const unsigned char *sigbuf, unsigned int siglen,
240 void *key);
298 int required_pkey_type[5]; /*EVP_PKEY_xxx */ 241 int required_pkey_type[5]; /*EVP_PKEY_xxx */
299 int block_size; 242 int block_size;
300 int ctx_size; /* how big does the ctx->md_data need to be */ 243 int ctx_size; /* how big does the ctx->md_data need to be */
301 } /* EVP_MD */; 244 } /* EVP_MD */;
302 245
246typedef int evp_sign_method(int type,const unsigned char *m,
247 unsigned int m_length,unsigned char *sigret,
248 unsigned int *siglen, void *key);
249typedef int evp_verify_method(int type,const unsigned char *m,
250 unsigned int m_length,const unsigned char *sigbuf,
251 unsigned int siglen, void *key);
252
303#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single 253#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single
304 * block */ 254 * block */
305#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */
306 255
307#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} 256#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0}
308 257
309#ifndef OPENSSL_NO_DSA 258#ifndef OPENSSL_NO_DSA
310#define EVP_PKEY_DSA_method DSA_sign,DSA_verify, \ 259#define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \
260 (evp_verify_method *)DSA_verify, \
311 {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ 261 {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \
312 EVP_PKEY_DSA4,0} 262 EVP_PKEY_DSA4,0}
313#else 263#else
314#define EVP_PKEY_DSA_method EVP_PKEY_NULL_method 264#define EVP_PKEY_DSA_method EVP_PKEY_NULL_method
315#endif 265#endif
316 266
267#ifndef OPENSSL_NO_ECDSA
268#define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \
269 (evp_verify_method *)ECDSA_verify, \
270 {EVP_PKEY_EC,0,0,0}
271#else
272#define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method
273#endif
274
317#ifndef OPENSSL_NO_RSA 275#ifndef OPENSSL_NO_RSA
318#define EVP_PKEY_RSA_method RSA_sign,RSA_verify, \ 276#define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \
277 (evp_verify_method *)RSA_verify, \
319 {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} 278 {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
320#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ 279#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \
321 RSA_sign_ASN1_OCTET_STRING, \ 280 (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \
322 RSA_verify_ASN1_OCTET_STRING, \ 281 (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \
323 {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} 282 {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
324#else 283#else
325#define EVP_PKEY_RSA_method EVP_PKEY_NULL_method 284#define EVP_PKEY_RSA_method EVP_PKEY_NULL_method
@@ -345,9 +304,6 @@ struct env_md_ctx_st
345#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data 304#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data
346 * in EVP_MD_CTX_cleanup */ 305 * in EVP_MD_CTX_cleanup */
347 306
348#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest
349 * in FIPS mode */
350
351struct evp_cipher_st 307struct evp_cipher_st
352 { 308 {
353 int nid; 309 int nid;
@@ -389,10 +345,8 @@ struct evp_cipher_st
389#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 345#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80
390/* Don't use standard block padding */ 346/* Don't use standard block padding */
391#define EVP_CIPH_NO_PADDING 0x100 347#define EVP_CIPH_NO_PADDING 0x100
392/* Note if suitable for use in FIPS mode */ 348/* cipher handles random key generation */
393#define EVP_CIPH_FLAG_FIPS 0x400 349#define EVP_CIPH_RAND_KEY 0x200
394/* Allow non FIPS cipher in FIPS mode */
395#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800
396 350
397/* ctrl() values */ 351/* ctrl() values */
398 352
@@ -402,6 +356,7 @@ struct evp_cipher_st
402#define EVP_CTRL_SET_RC2_KEY_BITS 0x3 356#define EVP_CTRL_SET_RC2_KEY_BITS 0x3
403#define EVP_CTRL_GET_RC5_ROUNDS 0x4 357#define EVP_CTRL_GET_RC5_ROUNDS 0x4
404#define EVP_CTRL_SET_RC5_ROUNDS 0x5 358#define EVP_CTRL_SET_RC5_ROUNDS 0x5
359#define EVP_CTRL_RAND_KEY 0x6
405 360
406typedef struct evp_cipher_info_st 361typedef struct evp_cipher_info_st
407 { 362 {
@@ -463,45 +418,47 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
463 (char *)(dh)) 418 (char *)(dh))
464#endif 419#endif
465 420
421#ifndef OPENSSL_NO_EC
422#define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\
423 (char *)(eckey))
424#endif
425
466/* Add some extra combinations */ 426/* Add some extra combinations */
467#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) 427#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
468#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) 428#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
469#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) 429#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
470#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) 430#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
471 431
472#define EVP_MD_type(e) ((e)->type) 432int EVP_MD_type(const EVP_MD *md);
473#define EVP_MD_nid(e) EVP_MD_type(e) 433#define EVP_MD_nid(e) EVP_MD_type(e)
474#define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) 434#define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e))
475#define EVP_MD_pkey_type(e) ((e)->pkey_type) 435int EVP_MD_pkey_type(const EVP_MD *md);
476#define EVP_MD_size(e) ((e)->md_size) 436int EVP_MD_size(const EVP_MD *md);
477#define EVP_MD_block_size(e) ((e)->block_size) 437int EVP_MD_block_size(const EVP_MD *md);
478 438
479#define EVP_MD_CTX_md(e) ((e)->digest) 439const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
480#define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest) 440#define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e))
481#define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) 441#define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e))
482#define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) 442#define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e))
483 443
484#define EVP_CIPHER_nid(e) ((e)->nid) 444int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
485#define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) 445#define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
486#define EVP_CIPHER_block_size(e) ((e)->block_size) 446int EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
487#define EVP_CIPHER_key_length(e) ((e)->key_len) 447int EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
488#define EVP_CIPHER_iv_length(e) ((e)->iv_len) 448int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
489#define EVP_CIPHER_flags(e) ((e)->flags) 449unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher);
490#define EVP_CIPHER_mode(e) (((e)->flags) & EVP_CIPH_MODE) 450#define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE)
491 451
492#define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) 452const EVP_CIPHER * EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
493#define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) 453int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
494#define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) 454int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
495#define EVP_CIPHER_CTX_key_length(e) ((e)->key_len) 455int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
496#define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) 456int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
497#define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) 457void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
498#define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) 458void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
499#define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) 459#define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
500#define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) 460unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
501#define EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) 461#define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)
502#define EVP_CIPHER_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
503#define EVP_CIPHER_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
504#define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE)
505 462
506#define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) 463#define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80)
507#define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) 464#define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80)
@@ -526,7 +483,10 @@ void BIO_set_md(BIO *,const EVP_MD *md);
526#define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) 483#define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
527#define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) 484#define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)
528 485
529#define EVP_Cipher(c,o,i,l) (c)->cipher->do_cipher((c),(o),(i),(l)) 486int EVP_Cipher(EVP_CIPHER_CTX *c,
487 unsigned char *out,
488 const unsigned char *in,
489 unsigned int inl);
530 490
531#define EVP_add_cipher_alias(n,alias) \ 491#define EVP_add_cipher_alias(n,alias) \
532 OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) 492 OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n))
@@ -542,14 +502,14 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
542EVP_MD_CTX *EVP_MD_CTX_create(void); 502EVP_MD_CTX *EVP_MD_CTX_create(void);
543void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); 503void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
544int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); 504int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);
545#define EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) 505void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
546#define EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) 506void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
547#define EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) 507int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags);
548int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); 508int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
549int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, 509int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
550 unsigned int cnt); 510 size_t cnt);
551int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); 511int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
552int EVP_Digest(void *data, unsigned int count, 512int EVP_Digest(const void *data, size_t count,
553 unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); 513 unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl);
554 514
555int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); 515int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);
@@ -557,7 +517,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
557int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); 517int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
558 518
559int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); 519int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
560void EVP_set_pw_prompt(char *prompt); 520void EVP_set_pw_prompt(const char *prompt);
561char * EVP_get_pw_prompt(void); 521char * EVP_get_pw_prompt(void);
562 522
563int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, 523int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
@@ -596,43 +556,48 @@ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
596int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, 556int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
597 EVP_PKEY *pkey); 557 EVP_PKEY *pkey);
598 558
599int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, 559int EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf,
600 unsigned int siglen,EVP_PKEY *pkey); 560 unsigned int siglen,EVP_PKEY *pkey);
601 561
602int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *ek, 562int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
603 int ekl,unsigned char *iv,EVP_PKEY *priv); 563 const unsigned char *ek, int ekl, const unsigned char *iv,
564 EVP_PKEY *priv);
604int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); 565int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
605 566
606int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, 567int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
607 int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); 568 unsigned char **ek, int *ekl, unsigned char *iv,
569 EVP_PKEY **pubk, int npubk);
608int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); 570int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
609 571
610void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); 572void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
611void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out, 573void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
612 int *outl,unsigned char *in,int inl); 574 const unsigned char *in,int inl);
613void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); 575void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl);
614int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); 576int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
615 577
616void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); 578void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
617int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, 579int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
618 unsigned char *in, int inl); 580 const unsigned char *in, int inl);
619int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned 581int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
620 char *out, int *outl); 582 char *out, int *outl);
621int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); 583int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
622 584
623void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); 585void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
624int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); 586int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
587EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
588void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a);
625int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); 589int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
626int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); 590int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
627int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); 591int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
592int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
628 593
629#ifndef OPENSSL_NO_BIO 594#ifndef OPENSSL_NO_BIO
630BIO_METHOD *BIO_f_md(void); 595BIO_METHOD *BIO_f_md(void);
631BIO_METHOD *BIO_f_base64(void); 596BIO_METHOD *BIO_f_base64(void);
632BIO_METHOD *BIO_f_cipher(void); 597BIO_METHOD *BIO_f_cipher(void);
633BIO_METHOD *BIO_f_reliable(void); 598BIO_METHOD *BIO_f_reliable(void);
634void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k, 599void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,const unsigned char *k,
635 unsigned char *i, int enc); 600 const unsigned char *i, int enc);
636#endif 601#endif
637 602
638const EVP_MD *EVP_md_null(void); 603const EVP_MD *EVP_md_null(void);
@@ -650,7 +615,8 @@ const EVP_MD *EVP_sha(void);
650const EVP_MD *EVP_sha1(void); 615const EVP_MD *EVP_sha1(void);
651const EVP_MD *EVP_dss(void); 616const EVP_MD *EVP_dss(void);
652const EVP_MD *EVP_dss1(void); 617const EVP_MD *EVP_dss1(void);
653#ifdef OPENSSL_FIPS 618const EVP_MD *EVP_ecdsa(void);
619#endif
654#ifndef OPENSSL_NO_SHA256 620#ifndef OPENSSL_NO_SHA256
655const EVP_MD *EVP_sha224(void); 621const EVP_MD *EVP_sha224(void);
656const EVP_MD *EVP_sha256(void); 622const EVP_MD *EVP_sha256(void);
@@ -659,8 +625,6 @@ const EVP_MD *EVP_sha256(void);
659const EVP_MD *EVP_sha384(void); 625const EVP_MD *EVP_sha384(void);
660const EVP_MD *EVP_sha512(void); 626const EVP_MD *EVP_sha512(void);
661#endif 627#endif
662#endif
663#endif
664#ifndef OPENSSL_NO_MDC2 628#ifndef OPENSSL_NO_MDC2
665const EVP_MD *EVP_mdc2(void); 629const EVP_MD *EVP_mdc2(void);
666#endif 630#endif
@@ -778,6 +742,37 @@ const EVP_CIPHER *EVP_aes_256_ofb(void);
778const EVP_CIPHER *EVP_aes_256_ctr(void); 742const EVP_CIPHER *EVP_aes_256_ctr(void);
779#endif 743#endif
780#endif 744#endif
745#ifndef OPENSSL_NO_CAMELLIA
746const EVP_CIPHER *EVP_camellia_128_ecb(void);
747const EVP_CIPHER *EVP_camellia_128_cbc(void);
748const EVP_CIPHER *EVP_camellia_128_cfb1(void);
749const EVP_CIPHER *EVP_camellia_128_cfb8(void);
750const EVP_CIPHER *EVP_camellia_128_cfb128(void);
751# define EVP_camellia_128_cfb EVP_camellia_128_cfb128
752const EVP_CIPHER *EVP_camellia_128_ofb(void);
753const EVP_CIPHER *EVP_camellia_192_ecb(void);
754const EVP_CIPHER *EVP_camellia_192_cbc(void);
755const EVP_CIPHER *EVP_camellia_192_cfb1(void);
756const EVP_CIPHER *EVP_camellia_192_cfb8(void);
757const EVP_CIPHER *EVP_camellia_192_cfb128(void);
758# define EVP_camellia_192_cfb EVP_camellia_192_cfb128
759const EVP_CIPHER *EVP_camellia_192_ofb(void);
760const EVP_CIPHER *EVP_camellia_256_ecb(void);
761const EVP_CIPHER *EVP_camellia_256_cbc(void);
762const EVP_CIPHER *EVP_camellia_256_cfb1(void);
763const EVP_CIPHER *EVP_camellia_256_cfb8(void);
764const EVP_CIPHER *EVP_camellia_256_cfb128(void);
765# define EVP_camellia_256_cfb EVP_camellia_256_cfb128
766const EVP_CIPHER *EVP_camellia_256_ofb(void);
767#endif
768
769#ifndef OPENSSL_NO_SEED
770const EVP_CIPHER *EVP_seed_ecb(void);
771const EVP_CIPHER *EVP_seed_cbc(void);
772const EVP_CIPHER *EVP_seed_cfb128(void);
773# define EVP_seed_cfb EVP_seed_cfb128
774const EVP_CIPHER *EVP_seed_ofb(void);
775#endif
781 776
782void OPENSSL_add_all_algorithms_noconf(void); 777void OPENSSL_add_all_algorithms_noconf(void);
783void OPENSSL_add_all_algorithms_conf(void); 778void OPENSSL_add_all_algorithms_conf(void);
@@ -803,10 +798,12 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
803const EVP_MD *EVP_get_digestbyname(const char *name); 798const EVP_MD *EVP_get_digestbyname(const char *name);
804void EVP_cleanup(void); 799void EVP_cleanup(void);
805 800
806int EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key, 801int EVP_PKEY_decrypt(unsigned char *dec_key,
807 int enc_key_len,EVP_PKEY *private_key); 802 const unsigned char *enc_key,int enc_key_len,
803 EVP_PKEY *private_key);
808int EVP_PKEY_encrypt(unsigned char *enc_key, 804int EVP_PKEY_encrypt(unsigned char *enc_key,
809 unsigned char *key,int key_len,EVP_PKEY *pub_key); 805 const unsigned char *key,int key_len,
806 EVP_PKEY *pub_key);
810int EVP_PKEY_type(int type); 807int EVP_PKEY_type(int type);
811int EVP_PKEY_bits(EVP_PKEY *pkey); 808int EVP_PKEY_bits(EVP_PKEY *pkey);
812int EVP_PKEY_size(EVP_PKEY *pkey); 809int EVP_PKEY_size(EVP_PKEY *pkey);
@@ -827,24 +824,31 @@ struct dh_st;
827int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key); 824int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key);
828struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); 825struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
829#endif 826#endif
830 827#ifndef OPENSSL_NO_EC
828struct ec_key_st;
829int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,struct ec_key_st *key);
830struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
831#endif
831 832
832EVP_PKEY * EVP_PKEY_new(void); 833EVP_PKEY * EVP_PKEY_new(void);
833void EVP_PKEY_free(EVP_PKEY *pkey); 834void EVP_PKEY_free(EVP_PKEY *pkey);
834EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp, 835
836EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp,
835 long length); 837 long length);
836int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); 838int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
837 839
838EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp, 840EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, const unsigned char **pp,
839 long length); 841 long length);
840EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp, 842EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
841 long length); 843 long length);
842int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); 844int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
843 845
844int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from); 846int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
845int EVP_PKEY_missing_parameters(EVP_PKEY *pkey); 847int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
846int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); 848int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode);
847int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b); 849int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
850
851int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
848 852
849int EVP_CIPHER_type(const EVP_CIPHER *ctx); 853int EVP_CIPHER_type(const EVP_CIPHER *ctx);
850 854
@@ -861,7 +865,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
861 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, 865 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
862 int en_de); 866 int en_de);
863int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, 867int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
864 unsigned char *salt, int saltlen, int iter, 868 const unsigned char *salt, int saltlen, int iter,
865 int keylen, unsigned char *out); 869 int keylen, unsigned char *out);
866int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 870int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
867 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, 871 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
@@ -884,30 +888,32 @@ void ERR_load_EVP_strings(void);
884/* Error codes for the EVP functions. */ 888/* Error codes for the EVP functions. */
885 889
886/* Function codes. */ 890/* Function codes. */
887#define EVP_F_AES_INIT_KEY 129 891#define EVP_F_AES_INIT_KEY 133
892#define EVP_F_CAMELLIA_INIT_KEY 159
888#define EVP_F_D2I_PKEY 100 893#define EVP_F_D2I_PKEY 100
889#define EVP_F_EVP_ADD_CIPHER 130 894#define EVP_F_DSAPKEY2PKCS8 134
890#define EVP_F_EVP_ADD_DIGEST 131 895#define EVP_F_DSA_PKEY2PKCS8 135
891#define EVP_F_EVP_CIPHERINIT 123 896#define EVP_F_ECDSA_PKEY2PKCS8 129
897#define EVP_F_ECKEY_PKEY2PKCS8 132
898#define EVP_F_EVP_CIPHERINIT_EX 123
892#define EVP_F_EVP_CIPHER_CTX_CTRL 124 899#define EVP_F_EVP_CIPHER_CTX_CTRL 124
893#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 900#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
894#define EVP_F_EVP_DECRYPTFINAL 101 901#define EVP_F_EVP_DECRYPTFINAL_EX 101
895#define EVP_F_EVP_DIGESTINIT 128 902#define EVP_F_EVP_DIGESTINIT_EX 128
896#define EVP_F_EVP_ENCRYPTFINAL 127 903#define EVP_F_EVP_ENCRYPTFINAL_EX 127
897#define EVP_F_EVP_GET_CIPHERBYNAME 132 904#define EVP_F_EVP_MD_CTX_COPY_EX 110
898#define EVP_F_EVP_GET_DIGESTBYNAME 133
899#define EVP_F_EVP_MD_CTX_COPY 110
900#define EVP_F_EVP_OPENINIT 102 905#define EVP_F_EVP_OPENINIT 102
901#define EVP_F_EVP_PBE_ALG_ADD 115 906#define EVP_F_EVP_PBE_ALG_ADD 115
902#define EVP_F_EVP_PBE_CIPHERINIT 116 907#define EVP_F_EVP_PBE_CIPHERINIT 116
903#define EVP_F_EVP_PKCS82PKEY 111 908#define EVP_F_EVP_PKCS82PKEY 111
904#define EVP_F_EVP_PKCS8_SET_BROKEN 112 909#define EVP_F_EVP_PKEY2PKCS8_BROKEN 113
905#define EVP_F_EVP_PKEY2PKCS8 113
906#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 910#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103
907#define EVP_F_EVP_PKEY_DECRYPT 104 911#define EVP_F_EVP_PKEY_DECRYPT 104
908#define EVP_F_EVP_PKEY_ENCRYPT 105 912#define EVP_F_EVP_PKEY_ENCRYPT 105
909#define EVP_F_EVP_PKEY_GET1_DH 119 913#define EVP_F_EVP_PKEY_GET1_DH 119
910#define EVP_F_EVP_PKEY_GET1_DSA 120 914#define EVP_F_EVP_PKEY_GET1_DSA 120
915#define EVP_F_EVP_PKEY_GET1_ECDSA 130
916#define EVP_F_EVP_PKEY_GET1_EC_KEY 131
911#define EVP_F_EVP_PKEY_GET1_RSA 121 917#define EVP_F_EVP_PKEY_GET1_RSA 121
912#define EVP_F_EVP_PKEY_NEW 106 918#define EVP_F_EVP_PKEY_NEW 106
913#define EVP_F_EVP_RIJNDAEL 126 919#define EVP_F_EVP_RIJNDAEL 126
@@ -915,28 +921,32 @@ void ERR_load_EVP_strings(void);
915#define EVP_F_EVP_VERIFYFINAL 108 921#define EVP_F_EVP_VERIFYFINAL 108
916#define EVP_F_PKCS5_PBE_KEYIVGEN 117 922#define EVP_F_PKCS5_PBE_KEYIVGEN 117
917#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 923#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118
924#define EVP_F_PKCS8_SET_BROKEN 112
918#define EVP_F_RC2_MAGIC_TO_METH 109 925#define EVP_F_RC2_MAGIC_TO_METH 109
919#define EVP_F_RC5_CTRL 125 926#define EVP_F_RC5_CTRL 125
920 927
921/* Reason codes. */ 928/* Reason codes. */
922#define EVP_R_AES_KEY_SETUP_FAILED 140 929#define EVP_R_AES_KEY_SETUP_FAILED 143
930#define EVP_R_ASN1_LIB 140
923#define EVP_R_BAD_BLOCK_LENGTH 136 931#define EVP_R_BAD_BLOCK_LENGTH 136
924#define EVP_R_BAD_DECRYPT 100 932#define EVP_R_BAD_DECRYPT 100
925#define EVP_R_BAD_KEY_LENGTH 137 933#define EVP_R_BAD_KEY_LENGTH 137
926#define EVP_R_BN_DECODE_ERROR 112 934#define EVP_R_BN_DECODE_ERROR 112
927#define EVP_R_BN_PUBKEY_ERROR 113 935#define EVP_R_BN_PUBKEY_ERROR 113
936#define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157
928#define EVP_R_CIPHER_PARAMETER_ERROR 122 937#define EVP_R_CIPHER_PARAMETER_ERROR 122
929#define EVP_R_CTRL_NOT_IMPLEMENTED 132 938#define EVP_R_CTRL_NOT_IMPLEMENTED 132
930#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 939#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133
931#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 940#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
932#define EVP_R_DECODE_ERROR 114 941#define EVP_R_DECODE_ERROR 114
933#define EVP_R_DIFFERENT_KEY_TYPES 101 942#define EVP_R_DIFFERENT_KEY_TYPES 101
934#define EVP_R_DISABLED_FOR_FIPS 141
935#define EVP_R_ENCODE_ERROR 115 943#define EVP_R_ENCODE_ERROR 115
936#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 944#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
937#define EVP_R_EXPECTING_AN_RSA_KEY 127 945#define EVP_R_EXPECTING_AN_RSA_KEY 127
938#define EVP_R_EXPECTING_A_DH_KEY 128 946#define EVP_R_EXPECTING_A_DH_KEY 128
939#define EVP_R_EXPECTING_A_DSA_KEY 129 947#define EVP_R_EXPECTING_A_DSA_KEY 129
948#define EVP_R_EXPECTING_A_ECDSA_KEY 141
949#define EVP_R_EXPECTING_A_EC_KEY 142
940#define EVP_R_INITIALIZATION_ERROR 134 950#define EVP_R_INITIALIZATION_ERROR 134
941#define EVP_R_INPUT_NOT_INITIALIZED 111 951#define EVP_R_INPUT_NOT_INITIALIZED 111
942#define EVP_R_INVALID_KEY_LENGTH 130 952#define EVP_R_INVALID_KEY_LENGTH 130
@@ -961,6 +971,7 @@ void ERR_load_EVP_strings(void);
961#define EVP_R_UNSUPPORTED_SALT_TYPE 126 971#define EVP_R_UNSUPPORTED_SALT_TYPE 126
962#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 972#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
963#define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 973#define EVP_R_WRONG_PUBLIC_KEY_TYPE 110
974#define EVP_R_SEED_KEY_SETUP_FAILED 162
964 975
965#ifdef __cplusplus 976#ifdef __cplusplus
966} 977}
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index f549eeb437..a1904993bf 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -60,12 +60,13 @@
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/evp.h> 61#include <openssl/evp.h>
62#include <openssl/err.h> 62#include <openssl/err.h>
63#include <openssl/rand.h>
63#ifndef OPENSSL_NO_ENGINE 64#ifndef OPENSSL_NO_ENGINE
64#include <openssl/engine.h> 65#include <openssl/engine.h>
65#endif 66#endif
66#include "evp_locl.h" 67#include "evp_locl.h"
67 68
68const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT; 69const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
69 70
70void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) 71void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
71 { 72 {
@@ -73,6 +74,13 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
73 /* ctx->cipher=NULL; */ 74 /* ctx->cipher=NULL; */
74 } 75 }
75 76
77EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
78 {
79 EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
80 if (ctx)
81 EVP_CIPHER_CTX_init(ctx);
82 return ctx;
83 }
76 84
77int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 85int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
78 const unsigned char *key, const unsigned char *iv, int enc) 86 const unsigned char *key, const unsigned char *iv, int enc)
@@ -82,48 +90,6 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
82 return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); 90 return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
83 } 91 }
84 92
85#ifdef OPENSSL_FIPS
86
87/* The purpose of these is to trap programs that attempt to use non FIPS
88 * algorithms in FIPS mode and ignore the errors.
89 */
90
91int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
92 const unsigned char *iv, int enc)
93 { FIPS_ERROR_IGNORED("Cipher init"); return 0;}
94
95int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
96 const unsigned char *in, unsigned int inl)
97 { FIPS_ERROR_IGNORED("Cipher update"); return 0;}
98
99/* NB: no cleanup because it is allowed after failed init */
100
101int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
102 { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
103int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
104 { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
105int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
106 { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
107
108static const EVP_CIPHER bad_cipher =
109 {
110 0,
111 0,
112 0,
113 0,
114 0,
115 bad_init,
116 bad_do_cipher,
117 NULL,
118 0,
119 bad_set_asn1,
120 bad_get_asn1,
121 bad_ctrl,
122 NULL
123 };
124
125#endif
126
127int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, 93int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
128 const unsigned char *key, const unsigned char *iv, int enc) 94 const unsigned char *key, const unsigned char *iv, int enc)
129 { 95 {
@@ -158,7 +124,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
158 { 124 {
159 if (!ENGINE_init(impl)) 125 if (!ENGINE_init(impl))
160 { 126 {
161 EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); 127 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
162 return 0; 128 return 0;
163 } 129 }
164 } 130 }
@@ -175,7 +141,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
175 * control history, is that we should at least 141 * control history, is that we should at least
176 * be able to avoid using US mispellings of 142 * be able to avoid using US mispellings of
177 * "initialisation"? */ 143 * "initialisation"? */
178 EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); 144 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
179 return 0; 145 return 0;
180 } 146 }
181 /* We'll use the ENGINE's private cipher definition */ 147 /* We'll use the ENGINE's private cipher definition */
@@ -188,13 +154,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
188 else 154 else
189 ctx->engine = NULL; 155 ctx->engine = NULL;
190#endif 156#endif
157
191 ctx->cipher=cipher; 158 ctx->cipher=cipher;
192 if (ctx->cipher->ctx_size) 159 if (ctx->cipher->ctx_size)
193 { 160 {
194 ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); 161 ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
195 if (!ctx->cipher_data) 162 if (!ctx->cipher_data)
196 { 163 {
197 EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE); 164 EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
198 return 0; 165 return 0;
199 } 166 }
200 } 167 }
@@ -208,14 +175,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
208 { 175 {
209 if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) 176 if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
210 { 177 {
211 EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); 178 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
212 return 0; 179 return 0;
213 } 180 }
214 } 181 }
215 } 182 }
216 else if(!ctx->cipher) 183 else if(!ctx->cipher)
217 { 184 {
218 EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET); 185 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
219 return 0; 186 return 0;
220 } 187 }
221#ifndef OPENSSL_NO_ENGINE 188#ifndef OPENSSL_NO_ENGINE
@@ -240,7 +207,8 @@ skip_to_init:
240 207
241 case EVP_CIPH_CBC_MODE: 208 case EVP_CIPH_CBC_MODE:
242 209
243 OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv); 210 OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
211 (int)sizeof(ctx->iv));
244 if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); 212 if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
245 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); 213 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
246 break; 214 break;
@@ -251,24 +219,6 @@ skip_to_init:
251 } 219 }
252 } 220 }
253 221
254#ifdef OPENSSL_FIPS
255 /* After 'key' is set no further parameters changes are permissible.
256 * So only check for non FIPS enabling at this point.
257 */
258 if (key && FIPS_mode())
259 {
260 if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
261 & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
262 {
263 EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS);
264 ERR_add_error_data(2, "cipher=",
265 EVP_CIPHER_name(ctx->cipher));
266 ctx->cipher = &bad_cipher;
267 return 0;
268 }
269 }
270#endif
271
272 if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { 222 if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
273 if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; 223 if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
274 } 224 }
@@ -345,7 +295,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
345 } 295 }
346 i=ctx->buf_len; 296 i=ctx->buf_len;
347 bl=ctx->cipher->block_size; 297 bl=ctx->cipher->block_size;
348 OPENSSL_assert(bl <= sizeof ctx->buf); 298 OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
349 if (i != 0) 299 if (i != 0)
350 { 300 {
351 if (i+inl < bl) 301 if (i+inl < bl)
@@ -391,7 +341,8 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
391 341
392int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 342int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
393 { 343 {
394 int i,n,b,bl,ret; 344 int n,ret;
345 unsigned int i, b, bl;
395 346
396 b=ctx->cipher->block_size; 347 b=ctx->cipher->block_size;
397 OPENSSL_assert(b <= sizeof ctx->buf); 348 OPENSSL_assert(b <= sizeof ctx->buf);
@@ -405,7 +356,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
405 { 356 {
406 if(bl) 357 if(bl)
407 { 358 {
408 EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); 359 EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
409 return 0; 360 return 0;
410 } 361 }
411 *outl = 0; 362 *outl = 0;
@@ -427,7 +378,8 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
427int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, 378int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
428 const unsigned char *in, int inl) 379 const unsigned char *in, int inl)
429 { 380 {
430 int b, fix_len; 381 int fix_len;
382 unsigned int b;
431 383
432 if (inl == 0) 384 if (inl == 0)
433 { 385 {
@@ -480,8 +432,8 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
480 432
481int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 433int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
482 { 434 {
483 int i,b; 435 int i,n;
484 int n; 436 unsigned int b;
485 437
486 *outl=0; 438 *outl=0;
487 b=ctx->cipher->block_size; 439 b=ctx->cipher->block_size;
@@ -489,7 +441,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
489 { 441 {
490 if(ctx->buf_len) 442 if(ctx->buf_len)
491 { 443 {
492 EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); 444 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
493 return 0; 445 return 0;
494 } 446 }
495 *outl = 0; 447 *outl = 0;
@@ -499,21 +451,21 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
499 { 451 {
500 if (ctx->buf_len || !ctx->final_used) 452 if (ctx->buf_len || !ctx->final_used)
501 { 453 {
502 EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH); 454 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
503 return(0); 455 return(0);
504 } 456 }
505 OPENSSL_assert(b <= sizeof ctx->final); 457 OPENSSL_assert(b <= sizeof ctx->final);
506 n=ctx->final[b-1]; 458 n=ctx->final[b-1];
507 if (n > b) 459 if (n == 0 || n > (int)b)
508 { 460 {
509 EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); 461 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
510 return(0); 462 return(0);
511 } 463 }
512 for (i=0; i<n; i++) 464 for (i=0; i<n; i++)
513 { 465 {
514 if (ctx->final[--b] != n) 466 if (ctx->final[--b] != n)
515 { 467 {
516 EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); 468 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
517 return(0); 469 return(0);
518 } 470 }
519 } 471 }
@@ -527,6 +479,15 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
527 return(1); 479 return(1);
528 } 480 }
529 481
482void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
483 {
484 if (ctx)
485 {
486 EVP_CIPHER_CTX_cleanup(ctx);
487 OPENSSL_free(ctx);
488 }
489 }
490
530int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) 491int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
531 { 492 {
532 if (c->cipher != NULL) 493 if (c->cipher != NULL)
@@ -590,3 +551,13 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
590 } 551 }
591 return ret; 552 return ret;
592} 553}
554
555int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
556 {
557 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
558 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
559 if (RAND_bytes(key, ctx->key_len) <= 0)
560 return 0;
561 return 1;
562 }
563
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c
index 77eee070d3..e8c9e8de9c 100644
--- a/src/lib/libcrypto/evp/evp_err.c
+++ b/src/lib/libcrypto/evp/evp_err.c
@@ -71,29 +71,31 @@
71static ERR_STRING_DATA EVP_str_functs[]= 71static ERR_STRING_DATA EVP_str_functs[]=
72 { 72 {
73{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, 73{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
74{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"},
74{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, 75{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
75{ERR_FUNC(EVP_F_EVP_ADD_CIPHER), "EVP_add_cipher"}, 76{ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"},
76{ERR_FUNC(EVP_F_EVP_ADD_DIGEST), "EVP_add_digest"}, 77{ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"},
77{ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"}, 78{ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"},
79{ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"},
80{ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"},
78{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, 81{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
79{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"}, 82{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"},
80{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL), "EVP_DecryptFinal"}, 83{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
81{ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"}, 84{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
82{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL), "EVP_EncryptFinal"}, 85{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
83{ERR_FUNC(EVP_F_EVP_GET_CIPHERBYNAME), "EVP_get_cipherbyname"}, 86{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
84{ERR_FUNC(EVP_F_EVP_GET_DIGESTBYNAME), "EVP_get_digestbyname"},
85{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY), "EVP_MD_CTX_copy"},
86{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, 87{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
87{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, 88{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
88{ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, 89{ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"},
89{ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, 90{ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"},
90{ERR_FUNC(EVP_F_EVP_PKCS8_SET_BROKEN), "EVP_PKCS8_SET_BROKEN"}, 91{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"},
91{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8), "EVP_PKEY2PKCS8"},
92{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, 92{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"},
93{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"}, 93{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"},
94{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, 94{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"},
95{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"}, 95{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"},
96{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"}, 96{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"},
97{ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"},
98{ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"},
97{ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"}, 99{ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"},
98{ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, 100{ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"},
99{ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, 101{ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"},
@@ -101,6 +103,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
101{ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, 103{ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"},
102{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, 104{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"},
103{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, 105{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
106{ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"},
104{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, 107{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"},
105{ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, 108{ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"},
106{0,NULL} 109{0,NULL}
@@ -109,23 +112,26 @@ static ERR_STRING_DATA EVP_str_functs[]=
109static ERR_STRING_DATA EVP_str_reasons[]= 112static ERR_STRING_DATA EVP_str_reasons[]=
110 { 113 {
111{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"}, 114{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"},
115{ERR_REASON(EVP_R_ASN1_LIB) ,"asn1 lib"},
112{ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"}, 116{ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"},
113{ERR_REASON(EVP_R_BAD_DECRYPT) ,"bad decrypt"}, 117{ERR_REASON(EVP_R_BAD_DECRYPT) ,"bad decrypt"},
114{ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"}, 118{ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"},
115{ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"}, 119{ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"},
116{ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"}, 120{ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"},
121{ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),"camellia key setup failed"},
117{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"}, 122{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"},
118{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"}, 123{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"},
119{ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"}, 124{ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"},
120{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"}, 125{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"},
121{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, 126{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"},
122{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, 127{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"},
123{ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"},
124{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, 128{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"},
125{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, 129{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
126{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, 130{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"},
127{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"}, 131{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"},
128{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"}, 132{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"},
133{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"},
134{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) ,"expecting a ec key"},
129{ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"}, 135{ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"},
130{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"}, 136{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
131{ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"}, 137{ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"},
@@ -157,15 +163,12 @@ static ERR_STRING_DATA EVP_str_reasons[]=
157 163
158void ERR_load_EVP_strings(void) 164void ERR_load_EVP_strings(void)
159 { 165 {
160 static int init=1; 166#ifndef OPENSSL_NO_ERR
161 167
162 if (init) 168 if (ERR_func_error_string(EVP_str_functs[0].error) == NULL)
163 { 169 {
164 init=0;
165#ifndef OPENSSL_NO_ERR
166 ERR_load_strings(0,EVP_str_functs); 170 ERR_load_strings(0,EVP_str_functs);
167 ERR_load_strings(0,EVP_str_reasons); 171 ERR_load_strings(0,EVP_str_reasons);
168#endif
169
170 } 172 }
173#endif
171 } 174 }
diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c
index f8650d5df6..361ea69ab6 100644
--- a/src/lib/libcrypto/evp/evp_key.c
+++ b/src/lib/libcrypto/evp/evp_key.c
@@ -66,7 +66,7 @@
66/* should be init to zeros. */ 66/* should be init to zeros. */
67static char prompt_string[80]; 67static char prompt_string[80];
68 68
69void EVP_set_pw_prompt(char *prompt) 69void EVP_set_pw_prompt(const char *prompt)
70 { 70 {
71 if (prompt == NULL) 71 if (prompt == NULL)
72 prompt_string[0]='\0'; 72 prompt_string[0]='\0';
diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c
index a63ba19317..edb28ef38e 100644
--- a/src/lib/libcrypto/evp/evp_lib.c
+++ b/src/lib/libcrypto/evp/evp_lib.c
@@ -68,7 +68,7 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
68 if (c->cipher->set_asn1_parameters != NULL) 68 if (c->cipher->set_asn1_parameters != NULL)
69 ret=c->cipher->set_asn1_parameters(c,type); 69 ret=c->cipher->set_asn1_parameters(c,type);
70 else 70 else
71 return -1; 71 ret=-1;
72 return(ret); 72 return(ret);
73 } 73 }
74 74
@@ -79,20 +79,21 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
79 if (c->cipher->get_asn1_parameters != NULL) 79 if (c->cipher->get_asn1_parameters != NULL)
80 ret=c->cipher->get_asn1_parameters(c,type); 80 ret=c->cipher->get_asn1_parameters(c,type);
81 else 81 else
82 return -1; 82 ret=-1;
83 return(ret); 83 return(ret);
84 } 84 }
85 85
86int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) 86int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
87 { 87 {
88 int i=0,l; 88 int i=0;
89 unsigned int l;
89 90
90 if (type != NULL) 91 if (type != NULL)
91 { 92 {
92 l=EVP_CIPHER_CTX_iv_length(c); 93 l=EVP_CIPHER_CTX_iv_length(c);
93 OPENSSL_assert(l <= sizeof c->iv); 94 OPENSSL_assert(l <= sizeof(c->iv));
94 i=ASN1_TYPE_get_octetstring(type,c->oiv,l); 95 i=ASN1_TYPE_get_octetstring(type,c->oiv,l);
95 if (i != l) 96 if (i != (int)l)
96 return(-1); 97 return(-1);
97 else if (i > 0) 98 else if (i > 0)
98 memcpy(c->iv,c->oiv,l); 99 memcpy(c->iv,c->oiv,l);
@@ -102,12 +103,13 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
102 103
103int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) 104int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
104 { 105 {
105 int i=0,j; 106 int i=0;
107 unsigned int j;
106 108
107 if (type != NULL) 109 if (type != NULL)
108 { 110 {
109 j=EVP_CIPHER_CTX_iv_length(c); 111 j=EVP_CIPHER_CTX_iv_length(c);
110 OPENSSL_assert(j <= sizeof c->iv); 112 OPENSSL_assert(j <= sizeof(c->iv));
111 i=ASN1_TYPE_set_octetstring(type,c->oiv,j); 113 i=ASN1_TYPE_set_octetstring(type,c->oiv,j);
112 } 114 }
113 return(i); 115 return(i);
@@ -166,3 +168,112 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
166 } 168 }
167} 169}
168 170
171int EVP_CIPHER_block_size(const EVP_CIPHER *e)
172 {
173 return e->block_size;
174 }
175
176int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
177 {
178 return ctx->cipher->block_size;
179 }
180
181int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
182 {
183 return ctx->cipher->do_cipher(ctx,out,in,inl);
184 }
185
186const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
187 {
188 return ctx->cipher;
189 }
190
191unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
192 {
193 return cipher->flags;
194 }
195
196unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
197 {
198 return ctx->cipher->flags;
199 }
200
201void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
202 {
203 return ctx->app_data;
204 }
205
206void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
207 {
208 ctx->app_data = data;
209 }
210
211int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
212 {
213 return cipher->iv_len;
214 }
215
216int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
217 {
218 return ctx->cipher->iv_len;
219 }
220
221int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
222 {
223 return cipher->key_len;
224 }
225
226int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
227 {
228 return ctx->key_len;
229 }
230
231int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
232 {
233 return cipher->nid;
234 }
235
236int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
237 {
238 return ctx->cipher->nid;
239 }
240
241int EVP_MD_block_size(const EVP_MD *md)
242 {
243 return md->block_size;
244 }
245
246int EVP_MD_type(const EVP_MD *md)
247 {
248 return md->type;
249 }
250
251int EVP_MD_pkey_type(const EVP_MD *md)
252 {
253 return md->pkey_type;
254 }
255
256int EVP_MD_size(const EVP_MD *md)
257 {
258 return md->md_size;
259 }
260
261const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
262 {
263 return ctx->digest;
264 }
265
266void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags)
267 {
268 ctx->flags |= flags;
269 }
270
271void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags)
272 {
273 ctx->flags &= ~flags;
274 }
275
276int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags)
277 {
278 return (ctx->flags & flags);
279 }
diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h
index f8c5343620..073b0adcff 100644
--- a/src/lib/libcrypto/evp/evp_locl.h
+++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -65,7 +65,7 @@
65 bl = ctx->cipher->block_size;\ 65 bl = ctx->cipher->block_size;\
66 if(inl < bl) return 1;\ 66 if(inl < bl) return 1;\
67 inl -= bl; \ 67 inl -= bl; \
68 for(i=0; i <= inl; i+=bl) \ 68 for(i=0; i <= inl; i+=bl)
69 69
70#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ 70#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
71static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ 71static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
@@ -92,7 +92,7 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns
92#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ 92#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
93static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ 93static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
94{\ 94{\
95 cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ 95 cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
96 return 1;\ 96 return 1;\
97} 97}
98 98
@@ -226,27 +226,11 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
226 226
227#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) 227#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data)
228 228
229#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,flags) \ 229#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \
230 BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ 230 BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
231 BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ 231 BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
232 NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ 232 NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
233 flags, cipher##_init_key, NULL, \ 233 0, cipher##_init_key, NULL, \
234 EVP_CIPHER_set_asn1_iv, \ 234 EVP_CIPHER_set_asn1_iv, \
235 EVP_CIPHER_get_asn1_iv, \ 235 EVP_CIPHER_get_asn1_iv, \
236 NULL) 236 NULL)
237
238#ifdef OPENSSL_FIPS
239#define RC2_set_key private_RC2_set_key
240#define RC4_set_key private_RC4_set_key
241#define CAST_set_key private_CAST_set_key
242#define RC5_32_set_key private_RC5_32_set_key
243#define BF_set_key private_BF_set_key
244#define idea_set_encrypt_key private_idea_set_encrypt_key
245
246#define MD5_Init private_MD5_Init
247#define MD4_Init private_MD4_Init
248#define MD2_Init private_MD2_Init
249#define MDC2_Init private_MDC2_Init
250#define SHA_Init private_SHA_Init
251
252#endif
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
index 91e545a141..c26d2de0f3 100644
--- a/src/lib/libcrypto/evp/evp_pbe.c
+++ b/src/lib/libcrypto/evp/evp_pbe.c
@@ -74,7 +74,7 @@ const EVP_MD *md;
74EVP_PBE_KEYGEN *keygen; 74EVP_PBE_KEYGEN *keygen;
75} EVP_PBE_CTL; 75} EVP_PBE_CTL;
76 76
77int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, 77int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
78 ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) 78 ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
79{ 79{
80 80
@@ -106,7 +106,8 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
106 106
107static int pbe_cmp(const char * const *a, const char * const *b) 107static int pbe_cmp(const char * const *a, const char * const *b)
108{ 108{
109 EVP_PBE_CTL **pbe1 = (EVP_PBE_CTL **) a, **pbe2 = (EVP_PBE_CTL **)b; 109 const EVP_PBE_CTL * const *pbe1 = (const EVP_PBE_CTL * const *) a,
110 * const *pbe2 = (const EVP_PBE_CTL * const *)b;
110 return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); 111 return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid);
111} 112}
112 113
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
index 47a69932a5..0147f3e02a 100644
--- a/src/lib/libcrypto/evp/evp_pkey.c
+++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -3,7 +3,7 @@
3 * project 1999. 3 * project 1999.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -61,14 +61,24 @@
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63#include <openssl/rand.h> 63#include <openssl/rand.h>
64#ifndef OPENSSL_NO_RSA
65#include <openssl/rsa.h>
66#endif
67#ifndef OPENSSL_NO_DSA
68#include <openssl/dsa.h>
69#endif
70#include <openssl/bn.h>
64 71
65#ifndef OPENSSL_NO_DSA 72#ifndef OPENSSL_NO_DSA
66static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); 73static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
67#endif 74#endif
75#ifndef OPENSSL_NO_EC
76static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
77#endif
68 78
69/* Extract a private key from a PKCS8 structure */ 79/* Extract a private key from a PKCS8 structure */
70 80
71EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) 81EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
72{ 82{
73 EVP_PKEY *pkey = NULL; 83 EVP_PKEY *pkey = NULL;
74#ifndef OPENSSL_NO_RSA 84#ifndef OPENSSL_NO_RSA
@@ -76,16 +86,24 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
76#endif 86#endif
77#ifndef OPENSSL_NO_DSA 87#ifndef OPENSSL_NO_DSA
78 DSA *dsa = NULL; 88 DSA *dsa = NULL;
89 ASN1_TYPE *t1, *t2;
79 ASN1_INTEGER *privkey; 90 ASN1_INTEGER *privkey;
80 ASN1_TYPE *t1, *t2, *param = NULL;
81 STACK_OF(ASN1_TYPE) *ndsa = NULL; 91 STACK_OF(ASN1_TYPE) *ndsa = NULL;
92#endif
93#ifndef OPENSSL_NO_EC
94 EC_KEY *eckey = NULL;
95 const unsigned char *p_tmp;
96#endif
97#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
98 ASN1_TYPE *param = NULL;
82 BN_CTX *ctx = NULL; 99 BN_CTX *ctx = NULL;
83 int plen; 100 int plen;
84#endif 101#endif
85 X509_ALGOR *a; 102 X509_ALGOR *a;
86 unsigned char *p; 103 const unsigned char *p;
87 const unsigned char *cp; 104 const unsigned char *cp;
88 int pkeylen; 105 int pkeylen;
106 int nid;
89 char obj_tmp[80]; 107 char obj_tmp[80];
90 108
91 if(p8->pkey->type == V_ASN1_OCTET_STRING) { 109 if(p8->pkey->type == V_ASN1_OCTET_STRING) {
@@ -102,7 +120,8 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
102 return NULL; 120 return NULL;
103 } 121 }
104 a = p8->pkeyalg; 122 a = p8->pkeyalg;
105 switch (OBJ_obj2nid(a->algorithm)) 123 nid = OBJ_obj2nid(a->algorithm);
124 switch(nid)
106 { 125 {
107#ifndef OPENSSL_NO_RSA 126#ifndef OPENSSL_NO_RSA
108 case NID_rsaEncryption: 127 case NID_rsaEncryption:
@@ -208,6 +227,112 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
208 return NULL; 227 return NULL;
209 break; 228 break;
210#endif 229#endif
230#ifndef OPENSSL_NO_EC
231 case NID_X9_62_id_ecPublicKey:
232 p_tmp = p;
233 /* extract the ec parameters */
234 param = p8->pkeyalg->parameter;
235
236 if (!param || ((param->type != V_ASN1_SEQUENCE) &&
237 (param->type != V_ASN1_OBJECT)))
238 {
239 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
240 goto ecerr;
241 }
242
243 if (param->type == V_ASN1_SEQUENCE)
244 {
245 cp = p = param->value.sequence->data;
246 plen = param->value.sequence->length;
247
248 if (!(eckey = d2i_ECParameters(NULL, &cp, plen)))
249 {
250 EVPerr(EVP_F_EVP_PKCS82PKEY,
251 EVP_R_DECODE_ERROR);
252 goto ecerr;
253 }
254 }
255 else
256 {
257 EC_GROUP *group;
258 cp = p = param->value.object->data;
259 plen = param->value.object->length;
260
261 /* type == V_ASN1_OBJECT => the parameters are given
262 * by an asn1 OID
263 */
264 if ((eckey = EC_KEY_new()) == NULL)
265 {
266 EVPerr(EVP_F_EVP_PKCS82PKEY,
267 ERR_R_MALLOC_FAILURE);
268 goto ecerr;
269 }
270 group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
271 if (group == NULL)
272 goto ecerr;
273 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
274 if (EC_KEY_set_group(eckey, group) == 0)
275 goto ecerr;
276 EC_GROUP_free(group);
277 }
278
279 /* We have parameters now set private key */
280 if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen))
281 {
282 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
283 goto ecerr;
284 }
285
286 /* calculate public key (if necessary) */
287 if (EC_KEY_get0_public_key(eckey) == NULL)
288 {
289 const BIGNUM *priv_key;
290 const EC_GROUP *group;
291 EC_POINT *pub_key;
292 /* the public key was not included in the SEC1 private
293 * key => calculate the public key */
294 group = EC_KEY_get0_group(eckey);
295 pub_key = EC_POINT_new(group);
296 if (pub_key == NULL)
297 {
298 EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
299 goto ecerr;
300 }
301 if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))
302 {
303 EC_POINT_free(pub_key);
304 EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
305 goto ecerr;
306 }
307 priv_key = EC_KEY_get0_private_key(eckey);
308 if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
309 {
310 EC_POINT_free(pub_key);
311 EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
312 goto ecerr;
313 }
314 if (EC_KEY_set_public_key(eckey, pub_key) == 0)
315 {
316 EC_POINT_free(pub_key);
317 EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
318 goto ecerr;
319 }
320 EC_POINT_free(pub_key);
321 }
322
323 EVP_PKEY_assign_EC_KEY(pkey, eckey);
324 if (ctx)
325 BN_CTX_free(ctx);
326 break;
327ecerr:
328 if (ctx)
329 BN_CTX_free(ctx);
330 if (eckey)
331 EC_KEY_free(eckey);
332 if (pkey)
333 EVP_PKEY_free(pkey);
334 return NULL;
335#endif
211 default: 336 default:
212 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); 337 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
213 if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); 338 if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
@@ -231,17 +356,17 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
231 PKCS8_PRIV_KEY_INFO *p8; 356 PKCS8_PRIV_KEY_INFO *p8;
232 357
233 if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { 358 if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {
234 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 359 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
235 return NULL; 360 return NULL;
236 } 361 }
237 p8->broken = broken; 362 p8->broken = broken;
238 if (!ASN1_INTEGER_set(p8->version, 0)) { 363 if (!ASN1_INTEGER_set(p8->version, 0)) {
239 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 364 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
240 PKCS8_PRIV_KEY_INFO_free (p8); 365 PKCS8_PRIV_KEY_INFO_free (p8);
241 return NULL; 366 return NULL;
242 } 367 }
243 if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { 368 if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
244 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 369 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
245 PKCS8_PRIV_KEY_INFO_free (p8); 370 PKCS8_PRIV_KEY_INFO_free (p8);
246 return NULL; 371 return NULL;
247 } 372 }
@@ -254,9 +379,9 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
254 379
255 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); 380 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
256 p8->pkeyalg->parameter->type = V_ASN1_NULL; 381 p8->pkeyalg->parameter->type = V_ASN1_NULL;
257 if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey, 382 if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey,
258 &p8->pkey->value.octet_string)) { 383 &p8->pkey->value.octet_string)) {
259 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 384 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
260 PKCS8_PRIV_KEY_INFO_free (p8); 385 PKCS8_PRIV_KEY_INFO_free (p8);
261 return NULL; 386 return NULL;
262 } 387 }
@@ -271,13 +396,22 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
271 396
272 break; 397 break;
273#endif 398#endif
399#ifndef OPENSSL_NO_EC
400 case EVP_PKEY_EC:
401 if (!eckey_pkey2pkcs8(p8, pkey))
402 {
403 PKCS8_PRIV_KEY_INFO_free(p8);
404 return(NULL);
405 }
406 break;
407#endif
274 default: 408 default:
275 EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); 409 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
276 PKCS8_PRIV_KEY_INFO_free (p8); 410 PKCS8_PRIV_KEY_INFO_free (p8);
277 return NULL; 411 return NULL;
278 } 412 }
279 RAND_add(p8->pkey->value.octet_string->data, 413 RAND_add(p8->pkey->value.octet_string->data,
280 p8->pkey->value.octet_string->length, 0); 414 p8->pkey->value.octet_string->length, 0.0);
281 return p8; 415 return p8;
282} 416}
283 417
@@ -297,10 +431,8 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
297 break; 431 break;
298 432
299 default: 433 default:
300 EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); 434 EVPerr(EVP_F_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
301 return NULL; 435 return NULL;
302 break;
303
304 } 436 }
305} 437}
306 438
@@ -317,24 +449,24 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
317 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); 449 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
318 len = i2d_DSAparams (pkey->pkey.dsa, NULL); 450 len = i2d_DSAparams (pkey->pkey.dsa, NULL);
319 if (!(p = OPENSSL_malloc(len))) { 451 if (!(p = OPENSSL_malloc(len))) {
320 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 452 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
321 goto err; 453 goto err;
322 } 454 }
323 q = p; 455 q = p;
324 i2d_DSAparams (pkey->pkey.dsa, &q); 456 i2d_DSAparams (pkey->pkey.dsa, &q);
325 if (!(params = ASN1_STRING_new())) { 457 if (!(params = ASN1_STRING_new())) {
326 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 458 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
327 goto err; 459 goto err;
328 } 460 }
329 if (!ASN1_STRING_set(params, p, len)) { 461 if (!ASN1_STRING_set(params, p, len)) {
330 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 462 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
331 goto err; 463 goto err;
332 } 464 }
333 OPENSSL_free(p); 465 OPENSSL_free(p);
334 p = NULL; 466 p = NULL;
335 /* Get private key into integer */ 467 /* Get private key into integer */
336 if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { 468 if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
337 EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); 469 EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
338 goto err; 470 goto err;
339 } 471 }
340 472
@@ -343,9 +475,9 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
343 case PKCS8_OK: 475 case PKCS8_OK:
344 case PKCS8_NO_OCTET: 476 case PKCS8_NO_OCTET:
345 477
346 if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER, 478 if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER,
347 &p8->pkey->value.octet_string)) { 479 &p8->pkey->value.octet_string)) {
348 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 480 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
349 goto err; 481 goto err;
350 } 482 }
351 483
@@ -363,39 +495,39 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
363 params = NULL; 495 params = NULL;
364 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; 496 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
365 if (!(ndsa = sk_ASN1_TYPE_new_null())) { 497 if (!(ndsa = sk_ASN1_TYPE_new_null())) {
366 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 498 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
367 goto err; 499 goto err;
368 } 500 }
369 if (!(ttmp = ASN1_TYPE_new())) { 501 if (!(ttmp = ASN1_TYPE_new())) {
370 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 502 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
371 goto err; 503 goto err;
372 } 504 }
373 if (!(ttmp->value.integer = 505 if (!(ttmp->value.integer =
374 BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) { 506 BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
375 EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); 507 EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
376 goto err; 508 goto err;
377 } 509 }
378 ttmp->type = V_ASN1_INTEGER; 510 ttmp->type = V_ASN1_INTEGER;
379 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { 511 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
380 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 512 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
381 goto err; 513 goto err;
382 } 514 }
383 515
384 if (!(ttmp = ASN1_TYPE_new())) { 516 if (!(ttmp = ASN1_TYPE_new())) {
385 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 517 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
386 goto err; 518 goto err;
387 } 519 }
388 ttmp->value.integer = prkey; 520 ttmp->value.integer = prkey;
389 prkey = NULL; 521 prkey = NULL;
390 ttmp->type = V_ASN1_INTEGER; 522 ttmp->type = V_ASN1_INTEGER;
391 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { 523 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
392 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 524 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
393 goto err; 525 goto err;
394 } 526 }
395 ttmp = NULL; 527 ttmp = NULL;
396 528
397 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { 529 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
398 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 530 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
399 goto err; 531 goto err;
400 } 532 }
401 533
@@ -403,7 +535,7 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
403 &p8->pkey->value.octet_string->data, 535 &p8->pkey->value.octet_string->data,
404 &p8->pkey->value.octet_string->length)) { 536 &p8->pkey->value.octet_string->length)) {
405 537
406 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 538 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
407 goto err; 539 goto err;
408 } 540 }
409 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 541 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
@@ -413,36 +545,36 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
413 545
414 p8->pkeyalg->parameter->type = V_ASN1_NULL; 546 p8->pkeyalg->parameter->type = V_ASN1_NULL;
415 if (!(ndsa = sk_ASN1_TYPE_new_null())) { 547 if (!(ndsa = sk_ASN1_TYPE_new_null())) {
416 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 548 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
417 goto err; 549 goto err;
418 } 550 }
419 if (!(ttmp = ASN1_TYPE_new())) { 551 if (!(ttmp = ASN1_TYPE_new())) {
420 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 552 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
421 goto err; 553 goto err;
422 } 554 }
423 ttmp->value.sequence = params; 555 ttmp->value.sequence = params;
424 params = NULL; 556 params = NULL;
425 ttmp->type = V_ASN1_SEQUENCE; 557 ttmp->type = V_ASN1_SEQUENCE;
426 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { 558 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
427 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 559 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
428 goto err; 560 goto err;
429 } 561 }
430 562
431 if (!(ttmp = ASN1_TYPE_new())) { 563 if (!(ttmp = ASN1_TYPE_new())) {
432 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 564 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
433 goto err; 565 goto err;
434 } 566 }
435 ttmp->value.integer = prkey; 567 ttmp->value.integer = prkey;
436 prkey = NULL; 568 prkey = NULL;
437 ttmp->type = V_ASN1_INTEGER; 569 ttmp->type = V_ASN1_INTEGER;
438 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { 570 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
439 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 571 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
440 goto err; 572 goto err;
441 } 573 }
442 ttmp = NULL; 574 ttmp = NULL;
443 575
444 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { 576 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
445 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 577 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
446 goto err; 578 goto err;
447 } 579 }
448 580
@@ -450,7 +582,7 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
450 &p8->pkey->value.octet_string->data, 582 &p8->pkey->value.octet_string->data,
451 &p8->pkey->value.octet_string->length)) { 583 &p8->pkey->value.octet_string->length)) {
452 584
453 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 585 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
454 goto err; 586 goto err;
455 } 587 }
456 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 588 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
@@ -466,3 +598,197 @@ err:
466 return 0; 598 return 0;
467} 599}
468#endif 600#endif
601
602#ifndef OPENSSL_NO_EC
603static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
604{
605 EC_KEY *ec_key;
606 const EC_GROUP *group;
607 unsigned char *p, *pp;
608 int nid, i, ret = 0;
609 unsigned int tmp_flags, old_flags;
610
611 ec_key = pkey->pkey.ec;
612 if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL)
613 {
614 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);
615 return 0;
616 }
617
618 /* set the ec parameters OID */
619 if (p8->pkeyalg->algorithm)
620 ASN1_OBJECT_free(p8->pkeyalg->algorithm);
621
622 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);
623
624 /* set the ec parameters */
625
626 if (p8->pkeyalg->parameter)
627 {
628 ASN1_TYPE_free(p8->pkeyalg->parameter);
629 p8->pkeyalg->parameter = NULL;
630 }
631
632 if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL)
633 {
634 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
635 return 0;
636 }
637
638 if (EC_GROUP_get_asn1_flag(group)
639 && (nid = EC_GROUP_get_curve_name(group)))
640 {
641 /* we have a 'named curve' => just set the OID */
642 p8->pkeyalg->parameter->type = V_ASN1_OBJECT;
643 p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);
644 }
645 else /* explicit parameters */
646 {
647 if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
648 {
649 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
650 return 0;
651 }
652 if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
653 {
654 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
655 return 0;
656 }
657 pp = p;
658 if (!i2d_ECParameters(ec_key, &pp))
659 {
660 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
661 OPENSSL_free(p);
662 return 0;
663 }
664 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
665 if ((p8->pkeyalg->parameter->value.sequence
666 = ASN1_STRING_new()) == NULL)
667 {
668 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB);
669 OPENSSL_free(p);
670 return 0;
671 }
672 ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);
673 OPENSSL_free(p);
674 }
675
676 /* set the private key */
677
678 /* do not include the parameters in the SEC1 private key
679 * see PKCS#11 12.11 */
680 old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);
681 tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
682 EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);
683 i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);
684 if (!i)
685 {
686 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
687 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
688 return 0;
689 }
690 p = (unsigned char *) OPENSSL_malloc(i);
691 if (!p)
692 {
693 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
694 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
695 return 0;
696 }
697 pp = p;
698 if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp))
699 {
700 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
701 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
702 OPENSSL_free(p);
703 return 0;
704 }
705 /* restore old encoding flags */
706 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
707
708 switch(p8->broken) {
709
710 case PKCS8_OK:
711 p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
712 if (!p8->pkey->value.octet_string ||
713 !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string,
714 (const void *)p, i))
715
716 {
717 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
718 }
719 else
720 ret = 1;
721 break;
722 case PKCS8_NO_OCTET: /* RSA specific */
723 case PKCS8_NS_DB: /* DSA specific */
724 case PKCS8_EMBEDDED_PARAM: /* DSA specific */
725 default:
726 EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
727 }
728 OPENSSL_cleanse(p, (size_t)i);
729 OPENSSL_free(p);
730 return ret;
731}
732#endif
733
734/* EVP_PKEY attribute functions */
735
736int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
737{
738 return X509at_get_attr_count(key->attributes);
739}
740
741int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,
742 int lastpos)
743{
744 return X509at_get_attr_by_NID(key->attributes, nid, lastpos);
745}
746
747int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
748 int lastpos)
749{
750 return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos);
751}
752
753X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc)
754{
755 return X509at_get_attr(key->attributes, loc);
756}
757
758X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc)
759{
760 return X509at_delete_attr(key->attributes, loc);
761}
762
763int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr)
764{
765 if(X509at_add1_attr(&key->attributes, attr)) return 1;
766 return 0;
767}
768
769int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
770 const ASN1_OBJECT *obj, int type,
771 const unsigned char *bytes, int len)
772{
773 if(X509at_add1_attr_by_OBJ(&key->attributes, obj,
774 type, bytes, len)) return 1;
775 return 0;
776}
777
778int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
779 int nid, int type,
780 const unsigned char *bytes, int len)
781{
782 if(X509at_add1_attr_by_NID(&key->attributes, nid,
783 type, bytes, len)) return 1;
784 return 0;
785}
786
787int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
788 const char *attrname, int type,
789 const unsigned char *bytes, int len)
790{
791 if(X509at_add1_attr_by_txt(&key->attributes, attrname,
792 type, bytes, len)) return 1;
793 return 0;
794}
diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c
index d393eb3400..a948c77fa4 100644
--- a/src/lib/libcrypto/evp/m_dss.c
+++ b/src/lib/libcrypto/evp/m_dss.c
@@ -61,12 +61,16 @@
61#include <openssl/evp.h> 61#include <openssl/evp.h>
62#include <openssl/objects.h> 62#include <openssl/objects.h>
63#include <openssl/x509.h> 63#include <openssl/x509.h>
64#ifndef OPENSSL_NO_DSA
65#include <openssl/dsa.h>
66#endif
64 67
65#ifndef OPENSSL_NO_SHA 68#ifndef OPENSSL_NO_SHA
69
66static int init(EVP_MD_CTX *ctx) 70static int init(EVP_MD_CTX *ctx)
67 { return SHA1_Init(ctx->md_data); } 71 { return SHA1_Init(ctx->md_data); }
68 72
69static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) 73static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
70 { return SHA1_Update(ctx->md_data,data,count); } 74 { return SHA1_Update(ctx->md_data,data,count); }
71 75
72static int final(EVP_MD_CTX *ctx,unsigned char *md) 76static int final(EVP_MD_CTX *ctx,unsigned char *md)
@@ -77,7 +81,7 @@ static const EVP_MD dsa_md=
77 NID_dsaWithSHA, 81 NID_dsaWithSHA,
78 NID_dsaWithSHA, 82 NID_dsaWithSHA,
79 SHA_DIGEST_LENGTH, 83 SHA_DIGEST_LENGTH,
80 EVP_MD_FLAG_FIPS, 84 0,
81 init, 85 init,
82 update, 86 update,
83 final, 87 final,
diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c
index 23b90d0538..c12e13972b 100644
--- a/src/lib/libcrypto/evp/m_dss1.c
+++ b/src/lib/libcrypto/evp/m_dss1.c
@@ -56,25 +56,23 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_SHA
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_SHA
63
62#include <openssl/evp.h> 64#include <openssl/evp.h>
63#include <openssl/objects.h> 65#include <openssl/objects.h>
64#include <openssl/x509.h> 66#include <openssl/x509.h>
67#ifndef OPENSSL_NO_DSA
68#include <openssl/dsa.h>
69#endif
65 70
66static int init(EVP_MD_CTX *ctx) 71static int init(EVP_MD_CTX *ctx)
67 { return SHA1_Init(ctx->md_data); } 72 { return SHA1_Init(ctx->md_data); }
68 73
69static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) 74static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
70#ifndef OPENSSL_FIPS
71 { return SHA1_Update(ctx->md_data,data,count); } 75 { return SHA1_Update(ctx->md_data,data,count); }
72#else
73 {
74 OPENSSL_assert(sizeof(count)<=sizeof(size_t));
75 return SHA1_Update(ctx->md_data,data,count);
76 }
77#endif
78 76
79static int final(EVP_MD_CTX *ctx,unsigned char *md) 77static int final(EVP_MD_CTX *ctx,unsigned char *md)
80 { return SHA1_Final(md,ctx->md_data); } 78 { return SHA1_Final(md,ctx->md_data); }
@@ -84,7 +82,7 @@ static const EVP_MD dss1_md=
84 NID_dsa, 82 NID_dsa,
85 NID_dsaWithSHA1, 83 NID_dsaWithSHA1,
86 SHA_DIGEST_LENGTH, 84 SHA_DIGEST_LENGTH,
87 EVP_MD_FLAG_FIPS, 85 0,
88 init, 86 init,
89 update, 87 update,
90 final, 88 final,
diff --git a/src/lib/libcrypto/evp/m_ecdsa.c b/src/lib/libcrypto/evp/m_ecdsa.c
new file mode 100644
index 0000000000..fad270faca
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_ecdsa.c
@@ -0,0 +1,148 @@
1/* crypto/evp/m_ecdsa.c */
2/* ====================================================================
3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
56 * All rights reserved.
57 *
58 * This package is an SSL implementation written
59 * by Eric Young (eay@cryptsoft.com).
60 * The implementation was written so as to conform with Netscapes SSL.
61 *
62 * This library is free for commercial and non-commercial use as long as
63 * the following conditions are aheared to. The following conditions
64 * apply to all code found in this distribution, be it the RC4, RSA,
65 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
66 * included with this distribution is covered by the same copyright terms
67 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
68 *
69 * Copyright remains Eric Young's, and as such any Copyright notices in
70 * the code are not to be removed.
71 * If this package is used in a product, Eric Young should be given attribution
72 * as the author of the parts of the library used.
73 * This can be in the form of a textual message at program startup or
74 * in documentation (online or textual) provided with the package.
75 *
76 * Redistribution and use in source and binary forms, with or without
77 * modification, are permitted provided that the following conditions
78 * are met:
79 * 1. Redistributions of source code must retain the copyright
80 * notice, this list of conditions and the following disclaimer.
81 * 2. Redistributions in binary form must reproduce the above copyright
82 * notice, this list of conditions and the following disclaimer in the
83 * documentation and/or other materials provided with the distribution.
84 * 3. All advertising materials mentioning features or use of this software
85 * must display the following acknowledgement:
86 * "This product includes cryptographic software written by
87 * Eric Young (eay@cryptsoft.com)"
88 * The word 'cryptographic' can be left out if the rouines from the library
89 * being used are not cryptographic related :-).
90 * 4. If you include any Windows specific code (or a derivative thereof) from
91 * the apps directory (application code) you must include an acknowledgement:
92 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
93 *
94 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
95 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
97 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
98 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
99 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
100 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
101 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
102 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
103 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
104 * SUCH DAMAGE.
105 *
106 * The licence and distribution terms for any publically available version or
107 * derivative of this code cannot be changed. i.e. this code cannot simply be
108 * copied and put under another distribution licence
109 * [including the GNU Public Licence.]
110 */
111
112#include <stdio.h>
113#include "cryptlib.h"
114#include <openssl/evp.h>
115#include <openssl/objects.h>
116#include <openssl/x509.h>
117
118#ifndef OPENSSL_NO_SHA
119static int init(EVP_MD_CTX *ctx)
120 { return SHA1_Init(ctx->md_data); }
121
122static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
123 { return SHA1_Update(ctx->md_data,data,count); }
124
125static int final(EVP_MD_CTX *ctx,unsigned char *md)
126 { return SHA1_Final(md,ctx->md_data); }
127
128static const EVP_MD ecdsa_md=
129 {
130 NID_ecdsa_with_SHA1,
131 NID_ecdsa_with_SHA1,
132 SHA_DIGEST_LENGTH,
133 0,
134 init,
135 update,
136 final,
137 NULL,
138 NULL,
139 EVP_PKEY_ECDSA_method,
140 SHA_CBLOCK,
141 sizeof(EVP_MD *)+sizeof(SHA_CTX),
142 };
143
144const EVP_MD *EVP_ecdsa(void)
145 {
146 return(&ecdsa_md);
147 }
148#endif
diff --git a/src/lib/libcrypto/evp/m_md4.c b/src/lib/libcrypto/evp/m_md4.c
index 0605e4b707..1e0b7c5b42 100644
--- a/src/lib/libcrypto/evp/m_md4.c
+++ b/src/lib/libcrypto/evp/m_md4.c
@@ -56,19 +56,23 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_MD4
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_MD4
63
62#include <openssl/evp.h> 64#include <openssl/evp.h>
63#include "evp_locl.h"
64#include <openssl/objects.h> 65#include <openssl/objects.h>
65#include <openssl/x509.h> 66#include <openssl/x509.h>
66#include <openssl/md4.h> 67#include <openssl/md4.h>
68#ifndef OPENSSL_NO_RSA
69#include <openssl/rsa.h>
70#endif
67 71
68static int init(EVP_MD_CTX *ctx) 72static int init(EVP_MD_CTX *ctx)
69 { return MD4_Init(ctx->md_data); } 73 { return MD4_Init(ctx->md_data); }
70 74
71static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) 75static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
72 { return MD4_Update(ctx->md_data,data,count); } 76 { return MD4_Update(ctx->md_data,data,count); }
73 77
74static int final(EVP_MD_CTX *ctx,unsigned char *md) 78static int final(EVP_MD_CTX *ctx,unsigned char *md)
diff --git a/src/lib/libcrypto/evp/m_md5.c b/src/lib/libcrypto/evp/m_md5.c
index 752615d473..63c142119e 100644
--- a/src/lib/libcrypto/evp/m_md5.c
+++ b/src/lib/libcrypto/evp/m_md5.c
@@ -56,19 +56,23 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_MD5
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_MD5
63
62#include <openssl/evp.h> 64#include <openssl/evp.h>
63#include "evp_locl.h"
64#include <openssl/objects.h> 65#include <openssl/objects.h>
65#include <openssl/x509.h> 66#include <openssl/x509.h>
66#include <openssl/md5.h> 67#include <openssl/md5.h>
68#ifndef OPENSSL_NO_RSA
69#include <openssl/rsa.h>
70#endif
67 71
68static int init(EVP_MD_CTX *ctx) 72static int init(EVP_MD_CTX *ctx)
69 { return MD5_Init(ctx->md_data); } 73 { return MD5_Init(ctx->md_data); }
70 74
71static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) 75static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
72 { return MD5_Update(ctx->md_data,data,count); } 76 { return MD5_Update(ctx->md_data,data,count); }
73 77
74static int final(EVP_MD_CTX *ctx,unsigned char *md) 78static int final(EVP_MD_CTX *ctx,unsigned char *md)
diff --git a/src/lib/libcrypto/evp/m_null.c b/src/lib/libcrypto/evp/m_null.c
index f6f0a1d2c0..cb0721699d 100644
--- a/src/lib/libcrypto/evp/m_null.c
+++ b/src/lib/libcrypto/evp/m_null.c
@@ -65,7 +65,7 @@
65static int init(EVP_MD_CTX *ctx) 65static int init(EVP_MD_CTX *ctx)
66 { return 1; } 66 { return 1; }
67 67
68static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) 68static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
69 { return 1; } 69 { return 1; }
70 70
71static int final(EVP_MD_CTX *ctx,unsigned char *md) 71static int final(EVP_MD_CTX *ctx,unsigned char *md)
diff --git a/src/lib/libcrypto/evp/m_ripemd.c b/src/lib/libcrypto/evp/m_ripemd.c
index 64725528dc..a1d60ee78d 100644
--- a/src/lib/libcrypto/evp/m_ripemd.c
+++ b/src/lib/libcrypto/evp/m_ripemd.c
@@ -56,18 +56,23 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_RIPEMD
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_RIPEMD
63
62#include <openssl/ripemd.h> 64#include <openssl/ripemd.h>
63#include <openssl/evp.h> 65#include <openssl/evp.h>
64#include <openssl/objects.h> 66#include <openssl/objects.h>
65#include <openssl/x509.h> 67#include <openssl/x509.h>
68#ifndef OPENSSL_NO_RSA
69#include <openssl/rsa.h>
70#endif
66 71
67static int init(EVP_MD_CTX *ctx) 72static int init(EVP_MD_CTX *ctx)
68 { return RIPEMD160_Init(ctx->md_data); } 73 { return RIPEMD160_Init(ctx->md_data); }
69 74
70static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) 75static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
71 { return RIPEMD160_Update(ctx->md_data,data,count); } 76 { return RIPEMD160_Update(ctx->md_data,data,count); }
72 77
73static int final(EVP_MD_CTX *ctx,unsigned char *md) 78static int final(EVP_MD_CTX *ctx,unsigned char *md)
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c
index 60da93873c..4679b1c463 100644
--- a/src/lib/libcrypto/evp/m_sha1.c
+++ b/src/lib/libcrypto/evp/m_sha1.c
@@ -56,25 +56,23 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_SHA
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_SHA
63
62#include <openssl/evp.h> 64#include <openssl/evp.h>
63#include <openssl/objects.h> 65#include <openssl/objects.h>
64#include <openssl/x509.h> 66#include <openssl/x509.h>
67#ifndef OPENSSL_NO_RSA
68#include <openssl/rsa.h>
69#endif
65 70
66static int init(EVP_MD_CTX *ctx) 71static int init(EVP_MD_CTX *ctx)
67 { return SHA1_Init(ctx->md_data); } 72 { return SHA1_Init(ctx->md_data); }
68 73
69static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) 74static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
70#ifndef OPENSSL_FIPS
71 { return SHA1_Update(ctx->md_data,data,count); } 75 { return SHA1_Update(ctx->md_data,data,count); }
72#else
73 {
74 OPENSSL_assert(sizeof(count)<=sizeof(size_t));
75 return SHA1_Update(ctx->md_data,data,count);
76 }
77#endif
78 76
79static int final(EVP_MD_CTX *ctx,unsigned char *md) 77static int final(EVP_MD_CTX *ctx,unsigned char *md)
80 { return SHA1_Final(md,ctx->md_data); } 78 { return SHA1_Final(md,ctx->md_data); }
@@ -84,7 +82,7 @@ static const EVP_MD sha1_md=
84 NID_sha1, 82 NID_sha1,
85 NID_sha1WithRSAEncryption, 83 NID_sha1WithRSAEncryption,
86 SHA_DIGEST_LENGTH, 84 SHA_DIGEST_LENGTH,
87 EVP_MD_FLAG_FIPS, 85 0,
88 init, 86 init,
89 update, 87 update,
90 final, 88 final,
@@ -101,7 +99,6 @@ const EVP_MD *EVP_sha1(void)
101 } 99 }
102#endif 100#endif
103 101
104#ifdef OPENSSL_FIPS
105#ifndef OPENSSL_NO_SHA256 102#ifndef OPENSSL_NO_SHA256
106static int init224(EVP_MD_CTX *ctx) 103static int init224(EVP_MD_CTX *ctx)
107 { return SHA224_Init(ctx->md_data); } 104 { return SHA224_Init(ctx->md_data); }
@@ -112,11 +109,8 @@ static int init256(EVP_MD_CTX *ctx)
112 * SHA256 functions even in SHA224 context. This is what happens 109 * SHA256 functions even in SHA224 context. This is what happens
113 * there anyway, so we can spare few CPU cycles:-) 110 * there anyway, so we can spare few CPU cycles:-)
114 */ 111 */
115static int update256(EVP_MD_CTX *ctx,const void *data,unsigned long count) 112static int update256(EVP_MD_CTX *ctx,const void *data,size_t count)
116 { 113 { return SHA256_Update(ctx->md_data,data,count); }
117 OPENSSL_assert(sizeof(count)<=sizeof(size_t));
118 return SHA256_Update(ctx->md_data,data,count);
119 }
120static int final256(EVP_MD_CTX *ctx,unsigned char *md) 114static int final256(EVP_MD_CTX *ctx,unsigned char *md)
121 { return SHA256_Final(md,ctx->md_data); } 115 { return SHA256_Final(md,ctx->md_data); }
122 116
@@ -125,7 +119,7 @@ static const EVP_MD sha224_md=
125 NID_sha224, 119 NID_sha224,
126 NID_sha224WithRSAEncryption, 120 NID_sha224WithRSAEncryption,
127 SHA224_DIGEST_LENGTH, 121 SHA224_DIGEST_LENGTH,
128 EVP_MD_FLAG_FIPS, 122 0,
129 init224, 123 init224,
130 update256, 124 update256,
131 final256, 125 final256,
@@ -144,7 +138,7 @@ static const EVP_MD sha256_md=
144 NID_sha256, 138 NID_sha256,
145 NID_sha256WithRSAEncryption, 139 NID_sha256WithRSAEncryption,
146 SHA256_DIGEST_LENGTH, 140 SHA256_DIGEST_LENGTH,
147 EVP_MD_FLAG_FIPS, 141 0,
148 init256, 142 init256,
149 update256, 143 update256,
150 final256, 144 final256,
@@ -157,7 +151,7 @@ static const EVP_MD sha256_md=
157 151
158const EVP_MD *EVP_sha256(void) 152const EVP_MD *EVP_sha256(void)
159 { return(&sha256_md); } 153 { return(&sha256_md); }
160#endif /* ifndef OPENSSL_NO_SHA256 */ 154#endif /* ifndef OPENSSL_NO_SHA256 */
161 155
162#ifndef OPENSSL_NO_SHA512 156#ifndef OPENSSL_NO_SHA512
163static int init384(EVP_MD_CTX *ctx) 157static int init384(EVP_MD_CTX *ctx)
@@ -165,11 +159,8 @@ static int init384(EVP_MD_CTX *ctx)
165static int init512(EVP_MD_CTX *ctx) 159static int init512(EVP_MD_CTX *ctx)
166 { return SHA512_Init(ctx->md_data); } 160 { return SHA512_Init(ctx->md_data); }
167/* See comment in SHA224/256 section */ 161/* See comment in SHA224/256 section */
168static int update512(EVP_MD_CTX *ctx,const void *data,unsigned long count) 162static int update512(EVP_MD_CTX *ctx,const void *data,size_t count)
169 { 163 { return SHA512_Update(ctx->md_data,data,count); }
170 OPENSSL_assert(sizeof(count)<=sizeof(size_t));
171 return SHA512_Update(ctx->md_data,data,count);
172 }
173static int final512(EVP_MD_CTX *ctx,unsigned char *md) 164static int final512(EVP_MD_CTX *ctx,unsigned char *md)
174 { return SHA512_Final(md,ctx->md_data); } 165 { return SHA512_Final(md,ctx->md_data); }
175 166
@@ -178,7 +169,7 @@ static const EVP_MD sha384_md=
178 NID_sha384, 169 NID_sha384,
179 NID_sha384WithRSAEncryption, 170 NID_sha384WithRSAEncryption,
180 SHA384_DIGEST_LENGTH, 171 SHA384_DIGEST_LENGTH,
181 EVP_MD_FLAG_FIPS, 172 0,
182 init384, 173 init384,
183 update512, 174 update512,
184 final512, 175 final512,
@@ -197,7 +188,7 @@ static const EVP_MD sha512_md=
197 NID_sha512, 188 NID_sha512,
198 NID_sha512WithRSAEncryption, 189 NID_sha512WithRSAEncryption,
199 SHA512_DIGEST_LENGTH, 190 SHA512_DIGEST_LENGTH,
200 EVP_MD_FLAG_FIPS, 191 0,
201 init512, 192 init512,
202 update512, 193 update512,
203 final512, 194 final512,
@@ -210,5 +201,4 @@ static const EVP_MD sha512_md=
210 201
211const EVP_MD *EVP_sha512(void) 202const EVP_MD *EVP_sha512(void)
212 { return(&sha512_md); } 203 { return(&sha512_md); }
213#endif /* ifndef OPENSSL_NO_SHA512 */ 204#endif /* ifndef OPENSSL_NO_SHA512 */
214#endif /* ifdef OPENSSL_FIPS */
diff --git a/src/lib/libcrypto/evp/names.c b/src/lib/libcrypto/evp/names.c
index 7712453046..88c1e780dd 100644
--- a/src/lib/libcrypto/evp/names.c
+++ b/src/lib/libcrypto/evp/names.c
@@ -61,17 +61,14 @@
61#include <openssl/evp.h> 61#include <openssl/evp.h>
62#include <openssl/objects.h> 62#include <openssl/objects.h>
63#include <openssl/x509.h> 63#include <openssl/x509.h>
64#ifdef OPENSSL_FIPS
65#include <openssl/fips.h>
66#endif
67 64
68int EVP_add_cipher(const EVP_CIPHER *c) 65int EVP_add_cipher(const EVP_CIPHER *c)
69 { 66 {
70 int r; 67 int r;
71 68
72 r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c); 69 r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
73 if (r == 0) return(0); 70 if (r == 0) return(0);
74 r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c); 71 r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
75 return(r); 72 return(r);
76 } 73 }
77 74
@@ -81,9 +78,9 @@ int EVP_add_digest(const EVP_MD *md)
81 const char *name; 78 const char *name;
82 79
83 name=OBJ_nid2sn(md->type); 80 name=OBJ_nid2sn(md->type);
84 r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(char *)md); 81 r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);
85 if (r == 0) return(0); 82 if (r == 0) return(0);
86 r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(char *)md); 83 r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md);
87 if (r == 0) return(0); 84 if (r == 0) return(0);
88 85
89 if (md->type != md->pkey_type) 86 if (md->type != md->pkey_type)
diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c
index a1874e83b2..48d50014a0 100644
--- a/src/lib/libcrypto/evp/p5_crpt.c
+++ b/src/lib/libcrypto/evp/p5_crpt.c
@@ -110,12 +110,18 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
110 int i; 110 int i;
111 PBEPARAM *pbe; 111 PBEPARAM *pbe;
112 int saltlen, iter; 112 int saltlen, iter;
113 unsigned char *salt, *pbuf; 113 unsigned char *salt;
114 const unsigned char *pbuf;
114 115
115 /* Extract useful info from parameter */ 116 /* Extract useful info from parameter */
117 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
118 param->value.sequence == NULL) {
119 EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
120 return 0;
121 }
122
116 pbuf = param->value.sequence->data; 123 pbuf = param->value.sequence->data;
117 if (!param || (param->type != V_ASN1_SEQUENCE) || 124 if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
118 !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
119 EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); 125 EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
120 return 0; 126 return 0;
121 } 127 }
@@ -140,7 +146,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
140 EVP_DigestFinal_ex (&ctx, md_tmp, NULL); 146 EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
141 } 147 }
142 EVP_MD_CTX_cleanup(&ctx); 148 EVP_MD_CTX_cleanup(&ctx);
143 OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp); 149 OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));
144 memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); 150 memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
145 OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); 151 OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
146 memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), 152 memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
index 1d5fabc4b2..c969d5a206 100644
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -55,10 +55,10 @@
55 * Hudson (tjh@cryptsoft.com). 55 * Hudson (tjh@cryptsoft.com).
56 * 56 *
57 */ 57 */
58#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
59#include <stdio.h> 58#include <stdio.h>
60#include <stdlib.h> 59#include <stdlib.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63#include <openssl/evp.h> 63#include <openssl/evp.h>
64#include <openssl/hmac.h> 64#include <openssl/hmac.h>
@@ -77,7 +77,7 @@
77 */ 77 */
78 78
79int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, 79int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
80 unsigned char *salt, int saltlen, int iter, 80 const unsigned char *salt, int saltlen, int iter,
81 int keylen, unsigned char *out) 81 int keylen, unsigned char *out)
82{ 82{
83 unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; 83 unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4];
@@ -148,16 +148,23 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
148 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, 148 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md,
149 int en_de) 149 int en_de)
150{ 150{
151 unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH]; 151 unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
152 int saltlen, keylen, iter, plen; 152 const unsigned char *pbuf;
153 int saltlen, iter, plen;
154 unsigned int keylen;
153 PBE2PARAM *pbe2 = NULL; 155 PBE2PARAM *pbe2 = NULL;
154 const EVP_CIPHER *cipher; 156 const EVP_CIPHER *cipher;
155 PBKDF2PARAM *kdf = NULL; 157 PBKDF2PARAM *kdf = NULL;
156 158
159 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
160 param->value.sequence == NULL) {
161 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
162 return 0;
163 }
164
157 pbuf = param->value.sequence->data; 165 pbuf = param->value.sequence->data;
158 plen = param->value.sequence->length; 166 plen = param->value.sequence->length;
159 if(!param || (param->type != V_ASN1_SEQUENCE) || 167 if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
160 !(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
161 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); 168 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
162 return 0; 169 return 0;
163 } 170 }
@@ -213,7 +220,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
213 220
214 /* Now check the parameters of the kdf */ 221 /* Now check the parameters of the kdf */
215 222
216 if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != keylen)){ 223 if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){
217 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, 224 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
218 EVP_R_UNSUPPORTED_KEYLENGTH); 225 EVP_R_UNSUPPORTED_KEYLENGTH);
219 goto err; 226 goto err;
diff --git a/src/lib/libcrypto/evp/p_dec.c b/src/lib/libcrypto/evp/p_dec.c
index 8af620400e..f64901f653 100644
--- a/src/lib/libcrypto/evp/p_dec.c
+++ b/src/lib/libcrypto/evp/p_dec.c
@@ -66,7 +66,7 @@
66#include <openssl/objects.h> 66#include <openssl/objects.h>
67#include <openssl/x509.h> 67#include <openssl/x509.h>
68 68
69int EVP_PKEY_decrypt(unsigned char *key, unsigned char *ek, int ekl, 69int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl,
70 EVP_PKEY *priv) 70 EVP_PKEY *priv)
71 { 71 {
72 int ret= -1; 72 int ret= -1;
diff --git a/src/lib/libcrypto/evp/p_enc.c b/src/lib/libcrypto/evp/p_enc.c
index 656883b996..c2dfdc52ad 100644
--- a/src/lib/libcrypto/evp/p_enc.c
+++ b/src/lib/libcrypto/evp/p_enc.c
@@ -66,7 +66,7 @@
66#include <openssl/objects.h> 66#include <openssl/objects.h>
67#include <openssl/x509.h> 67#include <openssl/x509.h>
68 68
69int EVP_PKEY_encrypt(unsigned char *ek, unsigned char *key, int key_len, 69int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len,
70 EVP_PKEY *pubk) 70 EVP_PKEY *pubk)
71 { 71 {
72 int ret=0; 72 int ret=0;
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c
index 215b94292a..22155ecf62 100644
--- a/src/lib/libcrypto/evp/p_lib.c
+++ b/src/lib/libcrypto/evp/p_lib.c
@@ -58,24 +58,60 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/err.h>
61#include <openssl/objects.h> 63#include <openssl/objects.h>
62#include <openssl/evp.h> 64#include <openssl/evp.h>
63#include <openssl/asn1_mac.h> 65#include <openssl/asn1_mac.h>
64#include <openssl/x509.h> 66#include <openssl/x509.h>
67#ifndef OPENSSL_NO_RSA
68#include <openssl/rsa.h>
69#endif
70#ifndef OPENSSL_NO_DSA
71#include <openssl/dsa.h>
72#endif
73#ifndef OPENSSL_NO_DH
74#include <openssl/dh.h>
75#endif
65 76
66static void EVP_PKEY_free_it(EVP_PKEY *x); 77static void EVP_PKEY_free_it(EVP_PKEY *x);
67 78
68int EVP_PKEY_bits(EVP_PKEY *pkey) 79int EVP_PKEY_bits(EVP_PKEY *pkey)
69 { 80 {
81 if (0)
82 return 0;
70#ifndef OPENSSL_NO_RSA 83#ifndef OPENSSL_NO_RSA
71 if (pkey->type == EVP_PKEY_RSA) 84 else if (pkey->type == EVP_PKEY_RSA)
72 return(BN_num_bits(pkey->pkey.rsa->n)); 85 return(BN_num_bits(pkey->pkey.rsa->n));
73 else
74#endif 86#endif
75#ifndef OPENSSL_NO_DSA 87#ifndef OPENSSL_NO_DSA
76 if (pkey->type == EVP_PKEY_DSA) 88 else if (pkey->type == EVP_PKEY_DSA)
77 return(BN_num_bits(pkey->pkey.dsa->p)); 89 return(BN_num_bits(pkey->pkey.dsa->p));
78#endif 90#endif
91#ifndef OPENSSL_NO_EC
92 else if (pkey->type == EVP_PKEY_EC)
93 {
94 BIGNUM *order = BN_new();
95 const EC_GROUP *group;
96 int ret;
97
98 if (!order)
99 {
100 ERR_clear_error();
101 return 0;
102 }
103 group = EC_KEY_get0_group(pkey->pkey.ec);
104 if (!EC_GROUP_get_order(group, order, NULL))
105 {
106 ERR_clear_error();
107 return 0;
108 }
109
110 ret = BN_num_bits(order);
111 BN_free(order);
112 return ret;
113 }
114#endif
79 return(0); 115 return(0);
80 } 116 }
81 117
@@ -92,6 +128,11 @@ int EVP_PKEY_size(EVP_PKEY *pkey)
92 if (pkey->type == EVP_PKEY_DSA) 128 if (pkey->type == EVP_PKEY_DSA)
93 return(DSA_size(pkey->pkey.dsa)); 129 return(DSA_size(pkey->pkey.dsa));
94#endif 130#endif
131#ifndef OPENSSL_NO_ECDSA
132 if (pkey->type == EVP_PKEY_EC)
133 return(ECDSA_size(pkey->pkey.ec));
134#endif
135
95 return(0); 136 return(0);
96 } 137 }
97 138
@@ -107,10 +148,20 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
107 return(ret); 148 return(ret);
108 } 149 }
109#endif 150#endif
151#ifndef OPENSSL_NO_EC
152 if (pkey->type == EVP_PKEY_EC)
153 {
154 int ret = pkey->save_parameters;
155
156 if (mode >= 0)
157 pkey->save_parameters = mode;
158 return(ret);
159 }
160#endif
110 return(0); 161 return(0);
111 } 162 }
112 163
113int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from) 164int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
114 { 165 {
115 if (to->type != from->type) 166 if (to->type != from->type)
116 { 167 {
@@ -141,12 +192,23 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from)
141 to->pkey.dsa->g=a; 192 to->pkey.dsa->g=a;
142 } 193 }
143#endif 194#endif
195#ifndef OPENSSL_NO_EC
196 if (to->type == EVP_PKEY_EC)
197 {
198 EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
199 if (group == NULL)
200 goto err;
201 if (EC_KEY_set_group(to->pkey.ec, group) == 0)
202 goto err;
203 EC_GROUP_free(group);
204 }
205#endif
144 return(1); 206 return(1);
145err: 207err:
146 return(0); 208 return(0);
147 } 209 }
148 210
149int EVP_PKEY_missing_parameters(EVP_PKEY *pkey) 211int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
150 { 212 {
151#ifndef OPENSSL_NO_DSA 213#ifndef OPENSSL_NO_DSA
152 if (pkey->type == EVP_PKEY_DSA) 214 if (pkey->type == EVP_PKEY_DSA)
@@ -158,10 +220,18 @@ int EVP_PKEY_missing_parameters(EVP_PKEY *pkey)
158 return(1); 220 return(1);
159 } 221 }
160#endif 222#endif
223#ifndef OPENSSL_NO_EC
224 if (pkey->type == EVP_PKEY_EC)
225 {
226 if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
227 return(1);
228 }
229#endif
230
161 return(0); 231 return(0);
162 } 232 }
163 233
164int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b) 234int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
165 { 235 {
166#ifndef OPENSSL_NO_DSA 236#ifndef OPENSSL_NO_DSA
167 if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) 237 if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA))
@@ -174,9 +244,72 @@ int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b)
174 return(1); 244 return(1);
175 } 245 }
176#endif 246#endif
247#ifndef OPENSSL_NO_EC
248 if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC)
249 {
250 const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
251 *group_b = EC_KEY_get0_group(b->pkey.ec);
252 if (EC_GROUP_cmp(group_a, group_b, NULL))
253 return 0;
254 else
255 return 1;
256 }
257#endif
177 return(-1); 258 return(-1);
178 } 259 }
179 260
261int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
262 {
263 if (a->type != b->type)
264 return -1;
265
266 if (EVP_PKEY_cmp_parameters(a, b) == 0)
267 return 0;
268
269 switch (a->type)
270 {
271#ifndef OPENSSL_NO_RSA
272 case EVP_PKEY_RSA:
273 if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0
274 || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0)
275 return 0;
276 break;
277#endif
278#ifndef OPENSSL_NO_DSA
279 case EVP_PKEY_DSA:
280 if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0)
281 return 0;
282 break;
283#endif
284#ifndef OPENSSL_NO_EC
285 case EVP_PKEY_EC:
286 {
287 int r;
288 const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
289 const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
290 *pb = EC_KEY_get0_public_key(b->pkey.ec);
291 r = EC_POINT_cmp(group, pa, pb, NULL);
292 if (r != 0)
293 {
294 if (r == 1)
295 return 0;
296 else
297 return -2;
298 }
299 }
300 break;
301#endif
302#ifndef OPENSSL_NO_DH
303 case EVP_PKEY_DH:
304 return -2;
305#endif
306 default:
307 return -2;
308 }
309
310 return 1;
311 }
312
180EVP_PKEY *EVP_PKEY_new(void) 313EVP_PKEY *EVP_PKEY_new(void)
181 { 314 {
182 EVP_PKEY *ret; 315 EVP_PKEY *ret;
@@ -246,6 +379,29 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
246} 379}
247#endif 380#endif
248 381
382#ifndef OPENSSL_NO_EC
383
384int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
385{
386 int ret = EVP_PKEY_assign_EC_KEY(pkey,key);
387 if (ret)
388 EC_KEY_up_ref(key);
389 return ret;
390}
391
392EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
393{
394 if (pkey->type != EVP_PKEY_EC)
395 {
396 EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
397 return NULL;
398 }
399 EC_KEY_up_ref(pkey->pkey.ec);
400 return pkey->pkey.ec;
401}
402#endif
403
404
249#ifndef OPENSSL_NO_DH 405#ifndef OPENSSL_NO_DH
250 406
251int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) 407int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
@@ -282,6 +438,8 @@ int EVP_PKEY_type(int type)
282 return(EVP_PKEY_DSA); 438 return(EVP_PKEY_DSA);
283 case EVP_PKEY_DH: 439 case EVP_PKEY_DH:
284 return(EVP_PKEY_DH); 440 return(EVP_PKEY_DH);
441 case EVP_PKEY_EC:
442 return(EVP_PKEY_EC);
285 default: 443 default:
286 return(NID_undef); 444 return(NID_undef);
287 } 445 }
@@ -306,6 +464,8 @@ void EVP_PKEY_free(EVP_PKEY *x)
306 } 464 }
307#endif 465#endif
308 EVP_PKEY_free_it(x); 466 EVP_PKEY_free_it(x);
467 if (x->attributes)
468 sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
309 OPENSSL_free(x); 469 OPENSSL_free(x);
310 } 470 }
311 471
@@ -327,6 +487,11 @@ static void EVP_PKEY_free_it(EVP_PKEY *x)
327 DSA_free(x->pkey.dsa); 487 DSA_free(x->pkey.dsa);
328 break; 488 break;
329#endif 489#endif
490#ifndef OPENSSL_NO_EC
491 case EVP_PKEY_EC:
492 EC_KEY_free(x->pkey.ec);
493 break;
494#endif
330#ifndef OPENSSL_NO_DH 495#ifndef OPENSSL_NO_DH
331 case EVP_PKEY_DH: 496 case EVP_PKEY_DH:
332 DH_free(x->pkey.dh); 497 DH_free(x->pkey.dh);
diff --git a/src/lib/libcrypto/evp/p_open.c b/src/lib/libcrypto/evp/p_open.c
index 5a933d1cda..9935206d0f 100644
--- a/src/lib/libcrypto/evp/p_open.c
+++ b/src/lib/libcrypto/evp/p_open.c
@@ -56,15 +56,19 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_RSA
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_RSA
63
62#include <openssl/evp.h> 64#include <openssl/evp.h>
63#include <openssl/objects.h> 65#include <openssl/objects.h>
64#include <openssl/x509.h> 66#include <openssl/x509.h>
67#include <openssl/rsa.h>
65 68
66int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek, 69int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
67 int ekl, unsigned char *iv, EVP_PKEY *priv) 70 const unsigned char *ek, int ekl, const unsigned char *iv,
71 EVP_PKEY *priv)
68 { 72 {
69 unsigned char *key=NULL; 73 unsigned char *key=NULL;
70 int i,size=0,ret=0; 74 int i,size=0,ret=0;
diff --git a/src/lib/libcrypto/evp/p_seal.c b/src/lib/libcrypto/evp/p_seal.c
index 37e547fe72..8cc8fcb0bd 100644
--- a/src/lib/libcrypto/evp/p_seal.c
+++ b/src/lib/libcrypto/evp/p_seal.c
@@ -78,7 +78,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek
78 } 78 }
79 if ((npubk <= 0) || !pubk) 79 if ((npubk <= 0) || !pubk)
80 return 1; 80 return 1;
81 if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0) 81 if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
82 return 0; 82 return 0;
83 if (EVP_CIPHER_CTX_iv_length(ctx)) 83 if (EVP_CIPHER_CTX_iv_length(ctx))
84 RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx)); 84 RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx));
diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c
index d854d743a5..21a40a375e 100644
--- a/src/lib/libcrypto/evp/p_verify.c
+++ b/src/lib/libcrypto/evp/p_verify.c
@@ -62,7 +62,7 @@
62#include <openssl/objects.h> 62#include <openssl/objects.h>
63#include <openssl/x509.h> 63#include <openssl/x509.h>
64 64
65int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, 65int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
66 unsigned int siglen, EVP_PKEY *pkey) 66 unsigned int siglen, EVP_PKEY *pkey)
67 { 67 {
68 unsigned char m[EVP_MAX_MD_SIZE]; 68 unsigned char m[EVP_MAX_MD_SIZE];
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 19:38:42 +0000