summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/evp')
-rw-r--r--src/lib/libcrypto/evp/bio_b64.c2
-rw-r--r--src/lib/libcrypto/evp/bio_enc.c4
-rw-r--r--src/lib/libcrypto/evp/bio_md.c11
-rw-r--r--src/lib/libcrypto/evp/bio_ok.c60
-rw-r--r--src/lib/libcrypto/evp/c_all.c6
-rw-r--r--src/lib/libcrypto/evp/c_allc.c37
-rw-r--r--src/lib/libcrypto/evp/c_alld.c5
-rw-r--r--src/lib/libcrypto/evp/digest.c61
-rw-r--r--src/lib/libcrypto/evp/e_aes.c22
-rw-r--r--src/lib/libcrypto/evp/e_bf.c2
-rw-r--r--src/lib/libcrypto/evp/e_cast.c4
-rw-r--r--src/lib/libcrypto/evp/e_des.c36
-rw-r--r--src/lib/libcrypto/evp/e_des3.c61
-rw-r--r--src/lib/libcrypto/evp/e_idea.c4
-rw-r--r--src/lib/libcrypto/evp/e_null.c5
-rw-r--r--src/lib/libcrypto/evp/e_rc2.c12
-rw-r--r--src/lib/libcrypto/evp/e_rc4.c8
-rw-r--r--src/lib/libcrypto/evp/e_rc5.c5
-rw-r--r--src/lib/libcrypto/evp/e_xcbc_d.c5
-rw-r--r--src/lib/libcrypto/evp/encode.c10
-rw-r--r--src/lib/libcrypto/evp/evp.h257
-rw-r--r--src/lib/libcrypto/evp/evp_enc.c127
-rw-r--r--src/lib/libcrypto/evp/evp_err.c39
-rw-r--r--src/lib/libcrypto/evp/evp_key.c2
-rw-r--r--src/lib/libcrypto/evp/evp_lib.c125
-rw-r--r--src/lib/libcrypto/evp/evp_locl.h24
-rw-r--r--src/lib/libcrypto/evp/evp_pbe.c5
-rw-r--r--src/lib/libcrypto/evp/evp_pkey.c398
-rw-r--r--src/lib/libcrypto/evp/evp_test.c61
-rw-r--r--src/lib/libcrypto/evp/evptests.txt245
-rw-r--r--src/lib/libcrypto/evp/m_dss.c8
-rw-r--r--src/lib/libcrypto/evp/m_dss1.c18
-rw-r--r--src/lib/libcrypto/evp/m_md2.c10
-rw-r--r--src/lib/libcrypto/evp/m_md4.c10
-rw-r--r--src/lib/libcrypto/evp/m_md5.c10
-rw-r--r--src/lib/libcrypto/evp/m_mdc2.c8
-rw-r--r--src/lib/libcrypto/evp/m_null.c2
-rw-r--r--src/lib/libcrypto/evp/m_ripemd.c9
-rw-r--r--src/lib/libcrypto/evp/m_sha.c13
-rw-r--r--src/lib/libcrypto/evp/m_sha1.c46
-rw-r--r--src/lib/libcrypto/evp/names.c11
-rw-r--r--src/lib/libcrypto/evp/p5_crpt.c14
-rw-r--r--src/lib/libcrypto/evp/p5_crpt2.c21
-rw-r--r--src/lib/libcrypto/evp/p_dec.c2
-rw-r--r--src/lib/libcrypto/evp/p_enc.c2
-rw-r--r--src/lib/libcrypto/evp/p_lib.c177
-rw-r--r--src/lib/libcrypto/evp/p_open.c10
-rw-r--r--src/lib/libcrypto/evp/p_seal.c2
-rw-r--r--src/lib/libcrypto/evp/p_verify.c2
49 files changed, 1407 insertions, 611 deletions
diff --git a/src/lib/libcrypto/evp/bio_b64.c b/src/lib/libcrypto/evp/bio_b64.c
index 33349c2f98..fa5cbc7eb1 100644
--- a/src/lib/libcrypto/evp/bio_b64.c
+++ b/src/lib/libcrypto/evp/bio_b64.c
@@ -165,7 +165,7 @@ static int b64_read(BIO *b, char *out, int outl)
165 { 165 {
166 i=ctx->buf_len-ctx->buf_off; 166 i=ctx->buf_len-ctx->buf_off;
167 if (i > outl) i=outl; 167 if (i > outl) i=outl;
168 OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf); 168 OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf));
169 memcpy(out,&(ctx->buf[ctx->buf_off]),i); 169 memcpy(out,&(ctx->buf[ctx->buf_off]),i);
170 ret=i; 170 ret=i;
171 out+=i; 171 out+=i;
diff --git a/src/lib/libcrypto/evp/bio_enc.c b/src/lib/libcrypto/evp/bio_enc.c
index b8cda1a9f0..f6ac94c6e1 100644
--- a/src/lib/libcrypto/evp/bio_enc.c
+++ b/src/lib/libcrypto/evp/bio_enc.c
@@ -405,8 +405,8 @@ EVP_CIPHER_ctx *c;
405 } 405 }
406*/ 406*/
407 407
408void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, unsigned char *k, 408void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
409 unsigned char *i, int e) 409 const unsigned char *i, int e)
410 { 410 {
411 BIO_ENC_CTX *ctx; 411 BIO_ENC_CTX *ctx;
412 412
diff --git a/src/lib/libcrypto/evp/bio_md.c b/src/lib/libcrypto/evp/bio_md.c
index f4aa41ac4b..d648ac6da6 100644
--- a/src/lib/libcrypto/evp/bio_md.c
+++ b/src/lib/libcrypto/evp/bio_md.c
@@ -153,7 +153,7 @@ static int md_write(BIO *b, const char *in, int inl)
153 { 153 {
154 if (ret > 0) 154 if (ret > 0)
155 { 155 {
156 EVP_DigestUpdate(ctx,(unsigned char *)in, 156 EVP_DigestUpdate(ctx,(const unsigned char *)in,
157 (unsigned int)ret); 157 (unsigned int)ret);
158 } 158 }
159 } 159 }
@@ -192,8 +192,13 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
192 ret=0; 192 ret=0;
193 break; 193 break;
194 case BIO_C_GET_MD_CTX: 194 case BIO_C_GET_MD_CTX:
195 pctx=ptr; 195 if (b->init)
196 *pctx=ctx; 196 {
197 pctx=ptr;
198 *pctx=ctx;
199 }
200 else
201 ret=0;
197 break; 202 break;
198 case BIO_C_SET_MD_CTX: 203 case BIO_C_SET_MD_CTX:
199 if (b->init) 204 if (b->init)
diff --git a/src/lib/libcrypto/evp/bio_ok.c b/src/lib/libcrypto/evp/bio_ok.c
index 4e3f10141b..98bc1ab409 100644
--- a/src/lib/libcrypto/evp/bio_ok.c
+++ b/src/lib/libcrypto/evp/bio_ok.c
@@ -119,6 +119,7 @@
119 119
120#include <stdio.h> 120#include <stdio.h>
121#include <errno.h> 121#include <errno.h>
122#include <assert.h>
122#include "cryptlib.h" 123#include "cryptlib.h"
123#include <openssl/buffer.h> 124#include <openssl/buffer.h>
124#include <openssl/bio.h> 125#include <openssl/bio.h>
@@ -141,22 +142,12 @@ static void block_in(BIO* b);
141#define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE) 142#define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)
142#define WELLKNOWN "The quick brown fox jumped over the lazy dog's back." 143#define WELLKNOWN "The quick brown fox jumped over the lazy dog's back."
143 144
144#ifndef L_ENDIAN
145#define swapem(x) \
146 ((unsigned long int)((((unsigned long int)(x) & 0x000000ffU) << 24) | \
147 (((unsigned long int)(x) & 0x0000ff00U) << 8) | \
148 (((unsigned long int)(x) & 0x00ff0000U) >> 8) | \
149 (((unsigned long int)(x) & 0xff000000U) >> 24)))
150#else
151#define swapem(x) (x)
152#endif
153
154typedef struct ok_struct 145typedef struct ok_struct
155 { 146 {
156 int buf_len; 147 size_t buf_len;
157 int buf_off; 148 size_t buf_off;
158 int buf_len_save; 149 size_t buf_len_save;
159 int buf_off_save; 150 size_t buf_off_save;
160 int cont; /* <= 0 when finished */ 151 int cont; /* <= 0 when finished */
161 int finished; 152 int finished;
162 EVP_MD_CTX md; 153 EVP_MD_CTX md;
@@ -295,6 +286,8 @@ static int ok_write(BIO *b, const char *in, int inl)
295 int ret=0,n,i; 286 int ret=0,n,i;
296 BIO_OK_CTX *ctx; 287 BIO_OK_CTX *ctx;
297 288
289 if (inl <= 0) return inl;
290
298 ctx=(BIO_OK_CTX *)b->ptr; 291 ctx=(BIO_OK_CTX *)b->ptr;
299 ret=inl; 292 ret=inl;
300 293
@@ -330,7 +323,7 @@ static int ok_write(BIO *b, const char *in, int inl)
330 if ((in == NULL) || (inl <= 0)) return(0); 323 if ((in == NULL) || (inl <= 0)) return(0);
331 324
332 n= (inl+ ctx->buf_len > OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) ? 325 n= (inl+ ctx->buf_len > OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) ?
333 OK_BLOCK_SIZE+ OK_BLOCK_BLOCK- ctx->buf_len : inl; 326 (int)(OK_BLOCK_SIZE+OK_BLOCK_BLOCK-ctx->buf_len) : inl;
334 327
335 memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),(unsigned char *)in,n); 328 memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),(unsigned char *)in,n);
336 ctx->buf_len+= n; 329 ctx->buf_len+= n;
@@ -448,16 +441,18 @@ static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
448 return(ret); 441 return(ret);
449 } 442 }
450 443
451static void longswap(void *_ptr, int len) 444static void longswap(void *_ptr, size_t len)
452{ 445{ const union { long one; char little; } is_endian = {1};
453#ifndef L_ENDIAN
454 int i;
455 char *ptr=_ptr;
456 446
457 for(i= 0;i < len;i+= 4){ 447 if (is_endian.little) {
458 *((unsigned long *)&(ptr[i]))= swapem(*((unsigned long *)&(ptr[i]))); 448 size_t i;
449 unsigned char *p=_ptr,c;
450
451 for(i= 0;i < len;i+= 4) {
452 c=p[0],p[0]=p[3],p[3]=c;
453 c=p[1],p[1]=p[2],p[2]=c;
454 }
459 } 455 }
460#endif
461} 456}
462 457
463static void sig_out(BIO* b) 458static void sig_out(BIO* b)
@@ -496,7 +491,7 @@ static void sig_in(BIO* b)
496 ctx=b->ptr; 491 ctx=b->ptr;
497 md=&ctx->md; 492 md=&ctx->md;
498 493
499 if(ctx->buf_len- ctx->buf_off < 2* md->digest->md_size) return; 494 if((int)(ctx->buf_len-ctx->buf_off) < 2*md->digest->md_size) return;
500 495
501 EVP_DigestInit_ex(md, md->digest, NULL); 496 EVP_DigestInit_ex(md, md->digest, NULL);
502 memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size); 497 memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size);
@@ -533,9 +528,10 @@ static void block_out(BIO* b)
533 md=&ctx->md; 528 md=&ctx->md;
534 529
535 tl= ctx->buf_len- OK_BLOCK_BLOCK; 530 tl= ctx->buf_len- OK_BLOCK_BLOCK;
536 tl= swapem(tl); 531 ctx->buf[0]=(unsigned char)(tl>>24);
537 memcpy(ctx->buf, &tl, OK_BLOCK_BLOCK); 532 ctx->buf[1]=(unsigned char)(tl>>16);
538 tl= swapem(tl); 533 ctx->buf[2]=(unsigned char)(tl>>8);
534 ctx->buf[3]=(unsigned char)(tl);
539 EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); 535 EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
540 EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); 536 EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);
541 ctx->buf_len+= md->digest->md_size; 537 ctx->buf_len+= md->digest->md_size;
@@ -546,14 +542,18 @@ static void block_in(BIO* b)
546 { 542 {
547 BIO_OK_CTX *ctx; 543 BIO_OK_CTX *ctx;
548 EVP_MD_CTX *md; 544 EVP_MD_CTX *md;
549 long tl= 0; 545 unsigned long tl= 0;
550 unsigned char tmp[EVP_MAX_MD_SIZE]; 546 unsigned char tmp[EVP_MAX_MD_SIZE];
551 547
552 ctx=b->ptr; 548 ctx=b->ptr;
553 md=&ctx->md; 549 md=&ctx->md;
554 550
555 memcpy(&tl, ctx->buf, OK_BLOCK_BLOCK); 551 assert(sizeof(tl)>=OK_BLOCK_BLOCK); /* always true */
556 tl= swapem(tl); 552 tl =ctx->buf[0]; tl<<=8;
553 tl|=ctx->buf[1]; tl<<=8;
554 tl|=ctx->buf[2]; tl<<=8;
555 tl|=ctx->buf[3];
556
557 if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return; 557 if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return;
558 558
559 EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); 559 EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c
index fa60a73ead..a5da52e62d 100644
--- a/src/lib/libcrypto/evp/c_all.c
+++ b/src/lib/libcrypto/evp/c_all.c
@@ -74,6 +74,12 @@ void OpenSSL_add_all_algorithms(void)
74 74
75void OPENSSL_add_all_algorithms_noconf(void) 75void OPENSSL_add_all_algorithms_noconf(void)
76 { 76 {
77 /*
78 * For the moment OPENSSL_cpuid_setup does something
79 * only on IA-32, but we reserve the option for all
80 * platforms...
81 */
82 OPENSSL_cpuid_setup();
77 OpenSSL_add_all_ciphers(); 83 OpenSSL_add_all_ciphers();
78 OpenSSL_add_all_digests(); 84 OpenSSL_add_all_digests();
79#ifndef OPENSSL_NO_ENGINE 85#ifndef OPENSSL_NO_ENGINE
diff --git a/src/lib/libcrypto/evp/c_allc.c b/src/lib/libcrypto/evp/c_allc.c
index fc96812365..7054d8125d 100644
--- a/src/lib/libcrypto/evp/c_allc.c
+++ b/src/lib/libcrypto/evp/c_allc.c
@@ -107,6 +107,15 @@ void OpenSSL_add_all_ciphers(void)
107 EVP_add_cipher_alias(SN_idea_cbc,"idea"); 107 EVP_add_cipher_alias(SN_idea_cbc,"idea");
108#endif 108#endif
109 109
110#ifndef OPENSSL_NO_SEED
111 EVP_add_cipher(EVP_seed_ecb());
112 EVP_add_cipher(EVP_seed_cfb());
113 EVP_add_cipher(EVP_seed_ofb());
114 EVP_add_cipher(EVP_seed_cbc());
115 EVP_add_cipher_alias(SN_seed_cbc,"SEED");
116 EVP_add_cipher_alias(SN_seed_cbc,"seed");
117#endif
118
110#ifndef OPENSSL_NO_RC2 119#ifndef OPENSSL_NO_RC2
111 EVP_add_cipher(EVP_rc2_ecb()); 120 EVP_add_cipher(EVP_rc2_ecb());
112 EVP_add_cipher(EVP_rc2_cfb()); 121 EVP_add_cipher(EVP_rc2_cfb());
@@ -183,6 +192,34 @@ void OpenSSL_add_all_ciphers(void)
183 EVP_add_cipher_alias(SN_aes_256_cbc,"AES256"); 192 EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
184 EVP_add_cipher_alias(SN_aes_256_cbc,"aes256"); 193 EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
185#endif 194#endif
195
196#ifndef OPENSSL_NO_CAMELLIA
197 EVP_add_cipher(EVP_camellia_128_ecb());
198 EVP_add_cipher(EVP_camellia_128_cbc());
199 EVP_add_cipher(EVP_camellia_128_cfb());
200 EVP_add_cipher(EVP_camellia_128_cfb1());
201 EVP_add_cipher(EVP_camellia_128_cfb8());
202 EVP_add_cipher(EVP_camellia_128_ofb());
203 EVP_add_cipher_alias(SN_camellia_128_cbc,"CAMELLIA128");
204 EVP_add_cipher_alias(SN_camellia_128_cbc,"camellia128");
205 EVP_add_cipher(EVP_camellia_192_ecb());
206 EVP_add_cipher(EVP_camellia_192_cbc());
207 EVP_add_cipher(EVP_camellia_192_cfb());
208 EVP_add_cipher(EVP_camellia_192_cfb1());
209 EVP_add_cipher(EVP_camellia_192_cfb8());
210 EVP_add_cipher(EVP_camellia_192_ofb());
211 EVP_add_cipher_alias(SN_camellia_192_cbc,"CAMELLIA192");
212 EVP_add_cipher_alias(SN_camellia_192_cbc,"camellia192");
213 EVP_add_cipher(EVP_camellia_256_ecb());
214 EVP_add_cipher(EVP_camellia_256_cbc());
215 EVP_add_cipher(EVP_camellia_256_cfb());
216 EVP_add_cipher(EVP_camellia_256_cfb1());
217 EVP_add_cipher(EVP_camellia_256_cfb8());
218 EVP_add_cipher(EVP_camellia_256_ofb());
219 EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");
220 EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");
221#endif
222
186 PKCS12_PBE_add(); 223 PKCS12_PBE_add();
187 PKCS5_PBE_add(); 224 PKCS5_PBE_add();
188 } 225 }
diff --git a/src/lib/libcrypto/evp/c_alld.c b/src/lib/libcrypto/evp/c_alld.c
index 929ea56a3e..d270b0ee03 100644
--- a/src/lib/libcrypto/evp/c_alld.c
+++ b/src/lib/libcrypto/evp/c_alld.c
@@ -91,6 +91,9 @@ void OpenSSL_add_all_digests(void)
91 EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); 91 EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
92 EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); 92 EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
93#endif 93#endif
94#ifndef OPENSSL_NO_ECDSA
95 EVP_add_digest(EVP_ecdsa());
96#endif
94#endif 97#endif
95#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) 98#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
96 EVP_add_digest(EVP_mdc2()); 99 EVP_add_digest(EVP_mdc2());
@@ -100,7 +103,6 @@ void OpenSSL_add_all_digests(void)
100 EVP_add_digest_alias(SN_ripemd160,"ripemd"); 103 EVP_add_digest_alias(SN_ripemd160,"ripemd");
101 EVP_add_digest_alias(SN_ripemd160,"rmd160"); 104 EVP_add_digest_alias(SN_ripemd160,"rmd160");
102#endif 105#endif
103#ifdef OPENSSL_FIPS
104#ifndef OPENSSL_NO_SHA256 106#ifndef OPENSSL_NO_SHA256
105 EVP_add_digest(EVP_sha224()); 107 EVP_add_digest(EVP_sha224());
106 EVP_add_digest(EVP_sha256()); 108 EVP_add_digest(EVP_sha256());
@@ -109,5 +111,4 @@ void OpenSSL_add_all_digests(void)
109 EVP_add_digest(EVP_sha384()); 111 EVP_add_digest(EVP_sha384());
110 EVP_add_digest(EVP_sha512()); 112 EVP_add_digest(EVP_sha512());
111#endif 113#endif
112#endif
113 } 114 }
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index f21c63842c..762e6d3450 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -137,39 +137,6 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
137 return EVP_DigestInit_ex(ctx, type, NULL); 137 return EVP_DigestInit_ex(ctx, type, NULL);
138 } 138 }
139 139
140#ifdef OPENSSL_FIPS
141
142/* The purpose of these is to trap programs that attempt to use non FIPS
143 * algorithms in FIPS mode and ignore the errors.
144 */
145
146static int bad_init(EVP_MD_CTX *ctx)
147 { FIPS_ERROR_IGNORED("Digest init"); return 0;}
148
149static int bad_update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
150 { FIPS_ERROR_IGNORED("Digest update"); return 0;}
151
152static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
153 { FIPS_ERROR_IGNORED("Digest Final"); return 0;}
154
155static const EVP_MD bad_md =
156 {
157 0,
158 0,
159 0,
160 0,
161 bad_init,
162 bad_update,
163 bad_final,
164 NULL,
165 NULL,
166 NULL,
167 0,
168 {0,0,0,0},
169 };
170
171#endif
172
173int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) 140int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
174 { 141 {
175 EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); 142 EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
@@ -192,7 +159,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
192 { 159 {
193 if (!ENGINE_init(impl)) 160 if (!ENGINE_init(impl))
194 { 161 {
195 EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); 162 EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
196 return 0; 163 return 0;
197 } 164 }
198 } 165 }
@@ -206,7 +173,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
206 if(!d) 173 if(!d)
207 { 174 {
208 /* Same comment from evp_enc.c */ 175 /* Same comment from evp_enc.c */
209 EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); 176 EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
210 return 0; 177 return 0;
211 } 178 }
212 /* We'll use the ENGINE's private digest definition */ 179 /* We'll use the ENGINE's private digest definition */
@@ -222,24 +189,12 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
222 else 189 else
223 if(!ctx->digest) 190 if(!ctx->digest)
224 { 191 {
225 EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET); 192 EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET);
226 return 0; 193 return 0;
227 } 194 }
228#endif 195#endif
229 if (ctx->digest != type) 196 if (ctx->digest != type)
230 { 197 {
231#ifdef OPENSSL_FIPS
232 if (FIPS_mode())
233 {
234 if (!(type->flags & EVP_MD_FLAG_FIPS)
235 && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
236 {
237 EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS);
238 ctx->digest = &bad_md;
239 return 0;
240 }
241 }
242#endif
243 if (ctx->digest && ctx->digest->ctx_size) 198 if (ctx->digest && ctx->digest->ctx_size)
244 OPENSSL_free(ctx->md_data); 199 OPENSSL_free(ctx->md_data);
245 ctx->digest=type; 200 ctx->digest=type;
@@ -253,9 +208,9 @@ skip_to_init:
253 } 208 }
254 209
255int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, 210int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
256 unsigned int count) 211 size_t count)
257 { 212 {
258 return ctx->digest->update(ctx,data,(unsigned long)count); 213 return ctx->digest->update(ctx,data,count);
259 } 214 }
260 215
261/* The caller can assume that this removes any secret data from the context */ 216/* The caller can assume that this removes any secret data from the context */
@@ -296,14 +251,14 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
296 unsigned char *tmp_buf; 251 unsigned char *tmp_buf;
297 if ((in == NULL) || (in->digest == NULL)) 252 if ((in == NULL) || (in->digest == NULL))
298 { 253 {
299 EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); 254 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,EVP_R_INPUT_NOT_INITIALIZED);
300 return 0; 255 return 0;
301 } 256 }
302#ifndef OPENSSL_NO_ENGINE 257#ifndef OPENSSL_NO_ENGINE
303 /* Make sure it's safe to copy a digest context using an ENGINE */ 258 /* Make sure it's safe to copy a digest context using an ENGINE */
304 if (in->engine && !ENGINE_init(in->engine)) 259 if (in->engine && !ENGINE_init(in->engine))
305 { 260 {
306 EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB); 261 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB);
307 return 0; 262 return 0;
308 } 263 }
309#endif 264#endif
@@ -330,7 +285,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
330 return 1; 285 return 1;
331 } 286 }
332 287
333int EVP_Digest(void *data, unsigned int count, 288int EVP_Digest(const void *data, size_t count,
334 unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) 289 unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl)
335 { 290 {
336 EVP_MD_CTX ctx; 291 EVP_MD_CTX ctx;
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 7b67984fa1..bd6c0a3a62 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -48,10 +48,12 @@
48 * 48 *
49 */ 49 */
50 50
51#include <openssl/opensslconf.h>
51#ifndef OPENSSL_NO_AES 52#ifndef OPENSSL_NO_AES
52#include <openssl/evp.h> 53#include <openssl/evp.h>
53#include <openssl/err.h> 54#include <openssl/err.h>
54#include <string.h> 55#include <string.h>
56#include <assert.h>
55#include <openssl/aes.h> 57#include <openssl/aes.h>
56#include "evp_locl.h" 58#include "evp_locl.h"
57 59
@@ -67,32 +69,32 @@ typedef struct
67 69
68IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, 70IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
69 NID_aes_128, 16, 16, 16, 128, 71 NID_aes_128, 16, 16, 16, 128,
70 EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 72 0, aes_init_key, NULL,
71 EVP_CIPHER_set_asn1_iv, 73 EVP_CIPHER_set_asn1_iv,
72 EVP_CIPHER_get_asn1_iv, 74 EVP_CIPHER_get_asn1_iv,
73 NULL) 75 NULL)
74IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, 76IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
75 NID_aes_192, 16, 24, 16, 128, 77 NID_aes_192, 16, 24, 16, 128,
76 EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 78 0, aes_init_key, NULL,
77 EVP_CIPHER_set_asn1_iv, 79 EVP_CIPHER_set_asn1_iv,
78 EVP_CIPHER_get_asn1_iv, 80 EVP_CIPHER_get_asn1_iv,
79 NULL) 81 NULL)
80IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, 82IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
81 NID_aes_256, 16, 32, 16, 128, 83 NID_aes_256, 16, 32, 16, 128,
82 EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 84 0, aes_init_key, NULL,
83 EVP_CIPHER_set_asn1_iv, 85 EVP_CIPHER_set_asn1_iv,
84 EVP_CIPHER_get_asn1_iv, 86 EVP_CIPHER_get_asn1_iv,
85 NULL) 87 NULL)
86 88
87#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags) 89#define IMPLEMENT_AES_CFBR(ksize,cbits) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16)
88 90
89IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS) 91IMPLEMENT_AES_CFBR(128,1)
90IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS) 92IMPLEMENT_AES_CFBR(192,1)
91IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS) 93IMPLEMENT_AES_CFBR(256,1)
92 94
93IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS) 95IMPLEMENT_AES_CFBR(128,8)
94IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS) 96IMPLEMENT_AES_CFBR(192,8)
95IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS) 97IMPLEMENT_AES_CFBR(256,8)
96 98
97static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 99static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
98 const unsigned char *iv, int enc) 100 const unsigned char *iv, int enc)
diff --git a/src/lib/libcrypto/evp/e_bf.c b/src/lib/libcrypto/evp/e_bf.c
index e74337567b..cc224e5363 100644
--- a/src/lib/libcrypto/evp/e_bf.c
+++ b/src/lib/libcrypto/evp/e_bf.c
@@ -56,9 +56,9 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_BF
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61#ifndef OPENSSL_NO_BF
62#include <openssl/evp.h> 62#include <openssl/evp.h>
63#include "evp_locl.h" 63#include "evp_locl.h"
64#include <openssl/objects.h> 64#include <openssl/objects.h>
diff --git a/src/lib/libcrypto/evp/e_cast.c b/src/lib/libcrypto/evp/e_cast.c
index 3400fef187..d77bcd9298 100644
--- a/src/lib/libcrypto/evp/e_cast.c
+++ b/src/lib/libcrypto/evp/e_cast.c
@@ -56,10 +56,10 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_CAST
60
61#include <stdio.h> 59#include <stdio.h>
62#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_CAST
63#include <openssl/evp.h> 63#include <openssl/evp.h>
64#include <openssl/objects.h> 64#include <openssl/objects.h>
65#include "evp_locl.h" 65#include "evp_locl.h"
diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c
index 46e2899825..856323648c 100644
--- a/src/lib/libcrypto/evp/e_des.c
+++ b/src/lib/libcrypto/evp/e_des.c
@@ -63,9 +63,11 @@
63#include <openssl/objects.h> 63#include <openssl/objects.h>
64#include "evp_locl.h" 64#include "evp_locl.h"
65#include <openssl/des.h> 65#include <openssl/des.h>
66#include <openssl/rand.h>
66 67
67static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 68static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
68 const unsigned char *iv, int enc); 69 const unsigned char *iv, int enc);
70static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
69 71
70/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */ 72/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */
71 73
@@ -127,28 +129,48 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
127 } 129 }
128 130
129BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, 131BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
130 EVP_CIPH_FLAG_FIPS, des_init_key, NULL, 132 EVP_CIPH_RAND_KEY, des_init_key, NULL,
131 EVP_CIPHER_set_asn1_iv, 133 EVP_CIPHER_set_asn1_iv,
132 EVP_CIPHER_get_asn1_iv, 134 EVP_CIPHER_get_asn1_iv,
133 NULL) 135 des_ctrl)
134 136
135BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, 137BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,
136 EVP_CIPH_FLAG_FIPS,des_init_key,NULL, 138 EVP_CIPH_RAND_KEY, des_init_key,NULL,
137 EVP_CIPHER_set_asn1_iv, 139 EVP_CIPHER_set_asn1_iv,
138 EVP_CIPHER_get_asn1_iv,NULL) 140 EVP_CIPHER_get_asn1_iv,des_ctrl)
139 141
140BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, 142BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,
141 EVP_CIPH_FLAG_FIPS,des_init_key,NULL, 143 EVP_CIPH_RAND_KEY,des_init_key,NULL,
142 EVP_CIPHER_set_asn1_iv, 144 EVP_CIPHER_set_asn1_iv,
143 EVP_CIPHER_get_asn1_iv,NULL) 145 EVP_CIPHER_get_asn1_iv,des_ctrl)
144 146
145static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 147static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
146 const unsigned char *iv, int enc) 148 const unsigned char *iv, int enc)
147 { 149 {
148 DES_cblock *deskey = (DES_cblock *)key; 150 DES_cblock *deskey = (DES_cblock *)key;
149 151#ifdef EVP_CHECK_DES_KEY
152 if(DES_set_key_checked(deskey,ctx->cipher_data) != 0)
153 return 0;
154#else
150 DES_set_key_unchecked(deskey,ctx->cipher_data); 155 DES_set_key_unchecked(deskey,ctx->cipher_data);
156#endif
151 return 1; 157 return 1;
152 } 158 }
153 159
160static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
161 {
162
163 switch(type)
164 {
165 case EVP_CTRL_RAND_KEY:
166 if (RAND_bytes(ptr, 8) <= 0)
167 return 0;
168 DES_set_odd_parity((DES_cblock *)ptr);
169 return 1;
170
171 default:
172 return -1;
173 }
174 }
175
154#endif 176#endif
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
index 677322bf02..ac148efab2 100644
--- a/src/lib/libcrypto/evp/e_des3.c
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -63,6 +63,7 @@
63#include <openssl/objects.h> 63#include <openssl/objects.h>
64#include "evp_locl.h" 64#include "evp_locl.h"
65#include <openssl/des.h> 65#include <openssl/des.h>
66#include <openssl/rand.h>
66 67
67static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 68static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
68 const unsigned char *iv,int enc); 69 const unsigned char *iv,int enc);
@@ -70,6 +71,8 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
70static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 71static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
71 const unsigned char *iv,int enc); 72 const unsigned char *iv,int enc);
72 73
74static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
75
73typedef struct 76typedef struct
74 { 77 {
75 DES_key_schedule ks1;/* key schedule */ 78 DES_key_schedule ks1;/* key schedule */
@@ -85,7 +88,8 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
85 const unsigned char *in, unsigned int inl) 88 const unsigned char *in, unsigned int inl)
86{ 89{
87 BLOCK_CIPHER_ecb_loop() 90 BLOCK_CIPHER_ecb_loop()
88 DES_ecb3_encrypt(in + i,out + i, 91 DES_ecb3_encrypt((const_DES_cblock *)(in + i),
92 (DES_cblock *)(out + i),
89 &data(ctx)->ks1, &data(ctx)->ks2, 93 &data(ctx)->ks1, &data(ctx)->ks2,
90 &data(ctx)->ks3, 94 &data(ctx)->ks3,
91 ctx->encrypt); 95 ctx->encrypt);
@@ -160,10 +164,10 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
160 } 164 }
161 165
162BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, 166BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
163 EVP_CIPH_FLAG_FIPS, des_ede_init_key, NULL, 167 EVP_CIPH_RAND_KEY, des_ede_init_key, NULL,
164 EVP_CIPHER_set_asn1_iv, 168 EVP_CIPHER_set_asn1_iv,
165 EVP_CIPHER_get_asn1_iv, 169 EVP_CIPHER_get_asn1_iv,
166 NULL) 170 des3_ctrl)
167 171
168#define des_ede3_cfb64_cipher des_ede_cfb64_cipher 172#define des_ede3_cfb64_cipher des_ede_cfb64_cipher
169#define des_ede3_ofb_cipher des_ede_ofb_cipher 173#define des_ede3_ofb_cipher des_ede_ofb_cipher
@@ -171,28 +175,35 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
171#define des_ede3_ecb_cipher des_ede_ecb_cipher 175#define des_ede3_ecb_cipher des_ede_ecb_cipher
172 176
173BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, 177BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
174 EVP_CIPH_FLAG_FIPS, des_ede3_init_key, NULL, 178 EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
175 EVP_CIPHER_set_asn1_iv, 179 EVP_CIPHER_set_asn1_iv,
176 EVP_CIPHER_get_asn1_iv, 180 EVP_CIPHER_get_asn1_iv,
177 NULL) 181 des3_ctrl)
178 182
179BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, 183BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
180 EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL, 184 EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
181 EVP_CIPHER_set_asn1_iv, 185 EVP_CIPHER_set_asn1_iv,
182 EVP_CIPHER_get_asn1_iv,NULL) 186 EVP_CIPHER_get_asn1_iv,
187 des3_ctrl)
183 188
184BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, 189BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
185 EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL, 190 EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
186 EVP_CIPHER_set_asn1_iv, 191 EVP_CIPHER_set_asn1_iv,
187 EVP_CIPHER_get_asn1_iv,NULL) 192 EVP_CIPHER_get_asn1_iv,
193 des3_ctrl)
188 194
189static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 195static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
190 const unsigned char *iv, int enc) 196 const unsigned char *iv, int enc)
191 { 197 {
192 DES_cblock *deskey = (DES_cblock *)key; 198 DES_cblock *deskey = (DES_cblock *)key;
193 199#ifdef EVP_CHECK_DES_KEY
200 if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)
201 !! DES_set_key_checked(&deskey[1],&data(ctx)->ks2))
202 return 0;
203#else
194 DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); 204 DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
195 DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); 205 DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
206#endif
196 memcpy(&data(ctx)->ks3,&data(ctx)->ks1, 207 memcpy(&data(ctx)->ks3,&data(ctx)->ks1,
197 sizeof(data(ctx)->ks1)); 208 sizeof(data(ctx)->ks1));
198 return 1; 209 return 1;
@@ -213,13 +224,41 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
213 } 224 }
214#endif /* KSSL_DEBUG */ 225#endif /* KSSL_DEBUG */
215 226
227#ifdef EVP_CHECK_DES_KEY
228 if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)
229 || DES_set_key_checked(&deskey[1],&data(ctx)->ks2)
230 || DES_set_key_checked(&deskey[2],&data(ctx)->ks3))
231 return 0;
232#else
216 DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); 233 DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
217 DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); 234 DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
218 DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3); 235 DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3);
219 236#endif
220 return 1; 237 return 1;
221 } 238 }
222 239
240static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
241 {
242
243 DES_cblock *deskey = ptr;
244
245 switch(type)
246 {
247 case EVP_CTRL_RAND_KEY:
248 if (RAND_bytes(ptr, c->key_len) <= 0)
249 return 0;
250 DES_set_odd_parity(deskey);
251 if (c->key_len >= 16)
252 DES_set_odd_parity(deskey + 1);
253 if (c->key_len >= 24)
254 DES_set_odd_parity(deskey + 2);
255 return 1;
256
257 default:
258 return -1;
259 }
260 }
261
223const EVP_CIPHER *EVP_des_ede(void) 262const EVP_CIPHER *EVP_des_ede(void)
224{ 263{
225 return &des_ede_ecb; 264 return &des_ede_ecb;
diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c
index b9efa75ae7..48c33a774a 100644
--- a/src/lib/libcrypto/evp/e_idea.c
+++ b/src/lib/libcrypto/evp/e_idea.c
@@ -56,10 +56,10 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_IDEA
60
61#include <stdio.h> 59#include <stdio.h>
62#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_IDEA
63#include <openssl/evp.h> 63#include <openssl/evp.h>
64#include <openssl/objects.h> 64#include <openssl/objects.h>
65#include "evp_locl.h" 65#include "evp_locl.h"
diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c
index a84b0f14b1..5205259f18 100644
--- a/src/lib/libcrypto/evp/e_null.c
+++ b/src/lib/libcrypto/evp/e_null.c
@@ -69,13 +69,14 @@ static const EVP_CIPHER n_cipher=
69 { 69 {
70 NID_undef, 70 NID_undef,
71 1,0,0, 71 1,0,0,
72 EVP_CIPH_FLAG_FIPS, 72 0,
73 null_init_key, 73 null_init_key,
74 null_cipher, 74 null_cipher,
75 NULL, 75 NULL,
76 0, 76 0,
77 NULL, 77 NULL,
78 NULL, 78 NULL,
79 NULL,
79 NULL 80 NULL
80 }; 81 };
81 82
@@ -95,7 +96,7 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
95 const unsigned char *in, unsigned int inl) 96 const unsigned char *in, unsigned int inl)
96 { 97 {
97 if (in != out) 98 if (in != out)
98 memcpy((char *)out,(char *)in,(int)inl); 99 memcpy((char *)out,(const char *)in,(size_t)inl);
99 return 1; 100 return 1;
100 } 101 }
101 102
diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c
index d42cbfd17e..d37726ffae 100644
--- a/src/lib/libcrypto/evp/e_rc2.c
+++ b/src/lib/libcrypto/evp/e_rc2.c
@@ -56,10 +56,11 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_RC2
60
61#include <stdio.h> 59#include <stdio.h>
62#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_RC2
63
63#include <openssl/evp.h> 64#include <openssl/evp.h>
64#include <openssl/objects.h> 65#include <openssl/objects.h>
65#include "evp_locl.h" 66#include "evp_locl.h"
@@ -167,16 +168,17 @@ static int rc2_magic_to_meth(int i)
167static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) 168static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
168 { 169 {
169 long num=0; 170 long num=0;
170 int i=0,l; 171 int i=0;
171 int key_bits; 172 int key_bits;
173 unsigned int l;
172 unsigned char iv[EVP_MAX_IV_LENGTH]; 174 unsigned char iv[EVP_MAX_IV_LENGTH];
173 175
174 if (type != NULL) 176 if (type != NULL)
175 { 177 {
176 l=EVP_CIPHER_CTX_iv_length(c); 178 l=EVP_CIPHER_CTX_iv_length(c);
177 OPENSSL_assert(l <= sizeof iv); 179 OPENSSL_assert(l <= sizeof(iv));
178 i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l); 180 i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l);
179 if (i != l) 181 if (i != (int)l)
180 return(-1); 182 return(-1);
181 key_bits =rc2_magic_to_meth((int)num); 183 key_bits =rc2_magic_to_meth((int)num);
182 if (!key_bits) 184 if (!key_bits)
diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c
index 8aa70585b9..67af850bea 100644
--- a/src/lib/libcrypto/evp/e_rc4.c
+++ b/src/lib/libcrypto/evp/e_rc4.c
@@ -56,13 +56,13 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_RC4
60
61#include <stdio.h> 59#include <stdio.h>
62#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_RC4
63
63#include <openssl/evp.h> 64#include <openssl/evp.h>
64#include <openssl/objects.h> 65#include <openssl/objects.h>
65#include "evp_locl.h"
66#include <openssl/rc4.h> 66#include <openssl/rc4.h>
67 67
68/* FIXME: surely this is available elsewhere? */ 68/* FIXME: surely this is available elsewhere? */
@@ -90,6 +90,7 @@ static const EVP_CIPHER r4_cipher=
90 sizeof(EVP_RC4_KEY), 90 sizeof(EVP_RC4_KEY),
91 NULL, 91 NULL,
92 NULL, 92 NULL,
93 NULL,
93 NULL 94 NULL
94 }; 95 };
95 96
@@ -104,6 +105,7 @@ static const EVP_CIPHER r4_40_cipher=
104 sizeof(EVP_RC4_KEY), 105 sizeof(EVP_RC4_KEY),
105 NULL, 106 NULL,
106 NULL, 107 NULL,
108 NULL,
107 NULL 109 NULL
108 }; 110 };
109 111
diff --git a/src/lib/libcrypto/evp/e_rc5.c b/src/lib/libcrypto/evp/e_rc5.c
index 3c7713b181..19a10c6402 100644
--- a/src/lib/libcrypto/evp/e_rc5.c
+++ b/src/lib/libcrypto/evp/e_rc5.c
@@ -56,10 +56,11 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_RC5
60
61#include <stdio.h> 59#include <stdio.h>
62#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_RC5
63
63#include <openssl/evp.h> 64#include <openssl/evp.h>
64#include <openssl/objects.h> 65#include <openssl/objects.h>
65#include "evp_locl.h" 66#include "evp_locl.h"
diff --git a/src/lib/libcrypto/evp/e_xcbc_d.c b/src/lib/libcrypto/evp/e_xcbc_d.c
index a6f849e93d..8832da2433 100644
--- a/src/lib/libcrypto/evp/e_xcbc_d.c
+++ b/src/lib/libcrypto/evp/e_xcbc_d.c
@@ -56,9 +56,11 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_DES
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_DES
63
62#include <openssl/evp.h> 64#include <openssl/evp.h>
63#include <openssl/objects.h> 65#include <openssl/objects.h>
64#include <openssl/des.h> 66#include <openssl/des.h>
@@ -89,6 +91,7 @@ static const EVP_CIPHER d_xcbc_cipher=
89 sizeof(DESX_CBC_KEY), 91 sizeof(DESX_CBC_KEY),
90 EVP_CIPHER_set_asn1_iv, 92 EVP_CIPHER_set_asn1_iv,
91 EVP_CIPHER_get_asn1_iv, 93 EVP_CIPHER_get_asn1_iv,
94 NULL,
92 NULL 95 NULL
93 }; 96 };
94 97
diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c
index 33e540087d..5921f0d710 100644
--- a/src/lib/libcrypto/evp/encode.c
+++ b/src/lib/libcrypto/evp/encode.c
@@ -129,14 +129,14 @@ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
129 } 129 }
130 130
131void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, 131void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
132 unsigned char *in, int inl) 132 const unsigned char *in, int inl)
133 { 133 {
134 int i,j; 134 int i,j;
135 unsigned int total=0; 135 unsigned int total=0;
136 136
137 *outl=0; 137 *outl=0;
138 if (inl == 0) return; 138 if (inl == 0) return;
139 OPENSSL_assert(ctx->length <= sizeof ctx->enc_data); 139 OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
140 if ((ctx->num+inl) < ctx->length) 140 if ((ctx->num+inl) < ctx->length)
141 { 141 {
142 memcpy(&(ctx->enc_data[ctx->num]),in,inl); 142 memcpy(&(ctx->enc_data[ctx->num]),in,inl);
@@ -233,7 +233,7 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
233 * 1 for full line 233 * 1 for full line
234 */ 234 */
235int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, 235int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
236 unsigned char *in, int inl) 236 const unsigned char *in, int inl)
237 { 237 {
238 int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl; 238 int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl;
239 unsigned char *d; 239 unsigned char *d;
@@ -259,7 +259,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
259 /* only save the good data :-) */ 259 /* only save the good data :-) */
260 if (!B64_NOT_BASE64(v)) 260 if (!B64_NOT_BASE64(v))
261 { 261 {
262 OPENSSL_assert(n < sizeof ctx->enc_data); 262 OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
263 d[n++]=tmp; 263 d[n++]=tmp;
264 ln++; 264 ln++;
265 } 265 }
@@ -323,8 +323,8 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
323 if (n > 0) 323 if (n > 0)
324 { 324 {
325 v=EVP_DecodeBlock(out,d,n); 325 v=EVP_DecodeBlock(out,d,n);
326 if (v < 0) { rv=0; goto end; }
327 n=0; 326 n=0;
327 if (v < 0) { rv=0; goto end; }
328 ret+=(v-eof); 328 ret+=(v-eof);
329 } 329 }
330 else 330 else
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index f29e0ba8f0..c19d764c15 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -75,10 +75,6 @@
75#include <openssl/bio.h> 75#include <openssl/bio.h>
76#endif 76#endif
77 77
78#ifdef OPENSSL_FIPS
79#include <openssl/fips.h>
80#endif
81
82/* 78/*
83#define EVP_RC2_KEY_SIZE 16 79#define EVP_RC2_KEY_SIZE 16
84#define EVP_RC4_KEY_SIZE 16 80#define EVP_RC4_KEY_SIZE 16
@@ -86,7 +82,7 @@
86#define EVP_CAST5_KEY_SIZE 16 82#define EVP_CAST5_KEY_SIZE 16
87#define EVP_RC5_32_12_16_KEY_SIZE 16 83#define EVP_RC5_32_12_16_KEY_SIZE 16
88*/ 84*/
89#define EVP_MAX_MD_SIZE 64 /* longest known SHA512 */ 85#define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */
90#define EVP_MAX_KEY_LENGTH 32 86#define EVP_MAX_KEY_LENGTH 32
91#define EVP_MAX_IV_LENGTH 16 87#define EVP_MAX_IV_LENGTH 16
92#define EVP_MAX_BLOCK_LENGTH 32 88#define EVP_MAX_BLOCK_LENGTH 32
@@ -100,11 +96,13 @@
100#define EVP_PK_RSA 0x0001 96#define EVP_PK_RSA 0x0001
101#define EVP_PK_DSA 0x0002 97#define EVP_PK_DSA 0x0002
102#define EVP_PK_DH 0x0004 98#define EVP_PK_DH 0x0004
99#define EVP_PK_EC 0x0008
103#define EVP_PKT_SIGN 0x0010 100#define EVP_PKT_SIGN 0x0010
104#define EVP_PKT_ENC 0x0020 101#define EVP_PKT_ENC 0x0020
105#define EVP_PKT_EXCH 0x0040 102#define EVP_PKT_EXCH 0x0040
106#define EVP_PKS_RSA 0x0100 103#define EVP_PKS_RSA 0x0100
107#define EVP_PKS_DSA 0x0200 104#define EVP_PKS_DSA 0x0200
105#define EVP_PKS_EC 0x0400
108#define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ 106#define EVP_PKT_EXP 0x1000 /* <= 512 bit key */
109 107
110#define EVP_PKEY_NONE NID_undef 108#define EVP_PKEY_NONE NID_undef
@@ -116,6 +114,7 @@
116#define EVP_PKEY_DSA3 NID_dsaWithSHA1 114#define EVP_PKEY_DSA3 NID_dsaWithSHA1
117#define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 115#define EVP_PKEY_DSA4 NID_dsaWithSHA1_2
118#define EVP_PKEY_DH NID_dhKeyAgreement 116#define EVP_PKEY_DH NID_dhKeyAgreement
117#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey
119 118
120#ifdef __cplusplus 119#ifdef __cplusplus
121extern "C" { 120extern "C" {
@@ -140,6 +139,9 @@ struct evp_pkey_st
140#ifndef OPENSSL_NO_DH 139#ifndef OPENSSL_NO_DH
141 struct dh_st *dh; /* DH */ 140 struct dh_st *dh; /* DH */
142#endif 141#endif
142#ifndef OPENSSL_NO_EC
143 struct ec_key_st *ec; /* ECC */
144#endif
143 } pkey; 145 } pkey;
144 int save_parameters; 146 int save_parameters;
145 STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ 147 STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
@@ -225,39 +227,58 @@ struct env_md_st
225 int md_size; 227 int md_size;
226 unsigned long flags; 228 unsigned long flags;
227 int (*init)(EVP_MD_CTX *ctx); 229 int (*init)(EVP_MD_CTX *ctx);
228 int (*update)(EVP_MD_CTX *ctx,const void *data,unsigned long count); 230 int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count);
229 int (*final)(EVP_MD_CTX *ctx,unsigned char *md); 231 int (*final)(EVP_MD_CTX *ctx,unsigned char *md);
230 int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from); 232 int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from);
231 int (*cleanup)(EVP_MD_CTX *ctx); 233 int (*cleanup)(EVP_MD_CTX *ctx);
232 234
233 /* FIXME: prototype these some day */ 235 /* FIXME: prototype these some day */
234 int (*sign)(); 236 int (*sign)(int type, const unsigned char *m, unsigned int m_length,
235 int (*verify)(); 237 unsigned char *sigret, unsigned int *siglen, void *key);
238 int (*verify)(int type, const unsigned char *m, unsigned int m_length,
239 const unsigned char *sigbuf, unsigned int siglen,
240 void *key);
236 int required_pkey_type[5]; /*EVP_PKEY_xxx */ 241 int required_pkey_type[5]; /*EVP_PKEY_xxx */
237 int block_size; 242 int block_size;
238 int ctx_size; /* how big does the ctx->md_data need to be */ 243 int ctx_size; /* how big does the ctx->md_data need to be */
239 } /* EVP_MD */; 244 } /* EVP_MD */;
240 245
246typedef int evp_sign_method(int type,const unsigned char *m,
247 unsigned int m_length,unsigned char *sigret,
248 unsigned int *siglen, void *key);
249typedef int evp_verify_method(int type,const unsigned char *m,
250 unsigned int m_length,const unsigned char *sigbuf,
251 unsigned int siglen, void *key);
252
241#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single 253#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single
242 * block */ 254 * block */
243#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */
244 255
245#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} 256#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0}
246 257
247#ifndef OPENSSL_NO_DSA 258#ifndef OPENSSL_NO_DSA
248#define EVP_PKEY_DSA_method DSA_sign,DSA_verify, \ 259#define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \
260 (evp_verify_method *)DSA_verify, \
249 {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ 261 {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \
250 EVP_PKEY_DSA4,0} 262 EVP_PKEY_DSA4,0}
251#else 263#else
252#define EVP_PKEY_DSA_method EVP_PKEY_NULL_method 264#define EVP_PKEY_DSA_method EVP_PKEY_NULL_method
253#endif 265#endif
254 266
267#ifndef OPENSSL_NO_ECDSA
268#define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \
269 (evp_verify_method *)ECDSA_verify, \
270 {EVP_PKEY_EC,0,0,0}
271#else
272#define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method
273#endif
274
255#ifndef OPENSSL_NO_RSA 275#ifndef OPENSSL_NO_RSA
256#define EVP_PKEY_RSA_method RSA_sign,RSA_verify, \ 276#define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \
277 (evp_verify_method *)RSA_verify, \
257 {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} 278 {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
258#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ 279#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \
259 RSA_sign_ASN1_OCTET_STRING, \ 280 (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \
260 RSA_verify_ASN1_OCTET_STRING, \ 281 (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \
261 {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} 282 {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
262#else 283#else
263#define EVP_PKEY_RSA_method EVP_PKEY_NULL_method 284#define EVP_PKEY_RSA_method EVP_PKEY_NULL_method
@@ -283,9 +304,6 @@ struct env_md_ctx_st
283#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data 304#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data
284 * in EVP_MD_CTX_cleanup */ 305 * in EVP_MD_CTX_cleanup */
285 306
286#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest
287 * in FIPS mode */
288
289struct evp_cipher_st 307struct evp_cipher_st
290 { 308 {
291 int nid; 309 int nid;
@@ -327,10 +345,8 @@ struct evp_cipher_st
327#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 345#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80
328/* Don't use standard block padding */ 346/* Don't use standard block padding */
329#define EVP_CIPH_NO_PADDING 0x100 347#define EVP_CIPH_NO_PADDING 0x100
330/* Note if suitable for use in FIPS mode */ 348/* cipher handles random key generation */
331#define EVP_CIPH_FLAG_FIPS 0x400 349#define EVP_CIPH_RAND_KEY 0x200
332/* Allow non FIPS cipher in FIPS mode */
333#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800
334 350
335/* ctrl() values */ 351/* ctrl() values */
336 352
@@ -341,6 +357,7 @@ struct evp_cipher_st
341#define EVP_CTRL_GET_RC5_ROUNDS 0x4 357#define EVP_CTRL_GET_RC5_ROUNDS 0x4
342#define EVP_CTRL_SET_RC5_ROUNDS 0x5 358#define EVP_CTRL_SET_RC5_ROUNDS 0x5
343#define EVP_CTRL_SET_ACSS_MODE 0x6 359#define EVP_CTRL_SET_ACSS_MODE 0x6
360#define EVP_CTRL_RAND_KEY 0x7
344 361
345typedef struct evp_cipher_info_st 362typedef struct evp_cipher_info_st
346 { 363 {
@@ -402,45 +419,47 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
402 (char *)(dh)) 419 (char *)(dh))
403#endif 420#endif
404 421
422#ifndef OPENSSL_NO_EC
423#define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\
424 (char *)(eckey))
425#endif
426
405/* Add some extra combinations */ 427/* Add some extra combinations */
406#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) 428#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
407#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) 429#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
408#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) 430#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
409#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) 431#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
410 432
411#define EVP_MD_type(e) ((e)->type) 433int EVP_MD_type(const EVP_MD *md);
412#define EVP_MD_nid(e) EVP_MD_type(e) 434#define EVP_MD_nid(e) EVP_MD_type(e)
413#define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) 435#define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e))
414#define EVP_MD_pkey_type(e) ((e)->pkey_type) 436int EVP_MD_pkey_type(const EVP_MD *md);
415#define EVP_MD_size(e) ((e)->md_size) 437int EVP_MD_size(const EVP_MD *md);
416#define EVP_MD_block_size(e) ((e)->block_size) 438int EVP_MD_block_size(const EVP_MD *md);
417 439
418#define EVP_MD_CTX_md(e) ((e)->digest) 440const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
419#define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest) 441#define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e))
420#define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) 442#define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e))
421#define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) 443#define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e))
422 444
423#define EVP_CIPHER_nid(e) ((e)->nid) 445int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
424#define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) 446#define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
425#define EVP_CIPHER_block_size(e) ((e)->block_size) 447int EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
426#define EVP_CIPHER_key_length(e) ((e)->key_len) 448int EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
427#define EVP_CIPHER_iv_length(e) ((e)->iv_len) 449int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
428#define EVP_CIPHER_flags(e) ((e)->flags) 450unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher);
429#define EVP_CIPHER_mode(e) (((e)->flags) & EVP_CIPH_MODE) 451#define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE)
430 452
431#define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) 453const EVP_CIPHER * EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
432#define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) 454int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
433#define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) 455int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
434#define EVP_CIPHER_CTX_key_length(e) ((e)->key_len) 456int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
435#define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) 457int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
436#define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) 458void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
437#define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) 459void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
438#define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) 460#define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
439#define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) 461unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
440#define EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) 462#define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)
441#define EVP_CIPHER_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
442#define EVP_CIPHER_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
443#define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE)
444 463
445#define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) 464#define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80)
446#define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) 465#define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80)
@@ -465,7 +484,10 @@ void BIO_set_md(BIO *,const EVP_MD *md);
465#define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) 484#define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
466#define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) 485#define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)
467 486
468#define EVP_Cipher(c,o,i,l) (c)->cipher->do_cipher((c),(o),(i),(l)) 487int EVP_Cipher(EVP_CIPHER_CTX *c,
488 unsigned char *out,
489 const unsigned char *in,
490 unsigned int inl);
469 491
470#define EVP_add_cipher_alias(n,alias) \ 492#define EVP_add_cipher_alias(n,alias) \
471 OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) 493 OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n))
@@ -481,14 +503,14 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
481EVP_MD_CTX *EVP_MD_CTX_create(void); 503EVP_MD_CTX *EVP_MD_CTX_create(void);
482void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); 504void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
483int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); 505int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);
484#define EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) 506void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
485#define EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) 507void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
486#define EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) 508int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags);
487int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); 509int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
488int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, 510int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
489 unsigned int cnt); 511 size_t cnt);
490int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); 512int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
491int EVP_Digest(void *data, unsigned int count, 513int EVP_Digest(const void *data, size_t count,
492 unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); 514 unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl);
493 515
494int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); 516int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);
@@ -496,7 +518,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
496int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); 518int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
497 519
498int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); 520int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
499void EVP_set_pw_prompt(char *prompt); 521void EVP_set_pw_prompt(const char *prompt);
500char * EVP_get_pw_prompt(void); 522char * EVP_get_pw_prompt(void);
501 523
502int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, 524int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
@@ -535,43 +557,48 @@ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
535int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, 557int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
536 EVP_PKEY *pkey); 558 EVP_PKEY *pkey);
537 559
538int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, 560int EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf,
539 unsigned int siglen,EVP_PKEY *pkey); 561 unsigned int siglen,EVP_PKEY *pkey);
540 562
541int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *ek, 563int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
542 int ekl,unsigned char *iv,EVP_PKEY *priv); 564 const unsigned char *ek, int ekl, const unsigned char *iv,
565 EVP_PKEY *priv);
543int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); 566int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
544 567
545int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, 568int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
546 int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); 569 unsigned char **ek, int *ekl, unsigned char *iv,
570 EVP_PKEY **pubk, int npubk);
547int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); 571int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
548 572
549void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); 573void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
550void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out, 574void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
551 int *outl,unsigned char *in,int inl); 575 const unsigned char *in,int inl);
552void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); 576void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl);
553int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); 577int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
554 578
555void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); 579void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
556int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, 580int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
557 unsigned char *in, int inl); 581 const unsigned char *in, int inl);
558int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned 582int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
559 char *out, int *outl); 583 char *out, int *outl);
560int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); 584int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
561 585
562void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); 586void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
563int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); 587int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
588EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
589void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a);
564int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); 590int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
565int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); 591int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
566int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); 592int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
593int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
567 594
568#ifndef OPENSSL_NO_BIO 595#ifndef OPENSSL_NO_BIO
569BIO_METHOD *BIO_f_md(void); 596BIO_METHOD *BIO_f_md(void);
570BIO_METHOD *BIO_f_base64(void); 597BIO_METHOD *BIO_f_base64(void);
571BIO_METHOD *BIO_f_cipher(void); 598BIO_METHOD *BIO_f_cipher(void);
572BIO_METHOD *BIO_f_reliable(void); 599BIO_METHOD *BIO_f_reliable(void);
573void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k, 600void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,const unsigned char *k,
574 unsigned char *i, int enc); 601 const unsigned char *i, int enc);
575#endif 602#endif
576 603
577const EVP_MD *EVP_md_null(void); 604const EVP_MD *EVP_md_null(void);
@@ -589,7 +616,8 @@ const EVP_MD *EVP_sha(void);
589const EVP_MD *EVP_sha1(void); 616const EVP_MD *EVP_sha1(void);
590const EVP_MD *EVP_dss(void); 617const EVP_MD *EVP_dss(void);
591const EVP_MD *EVP_dss1(void); 618const EVP_MD *EVP_dss1(void);
592#ifdef OPENSSL_FIPS 619const EVP_MD *EVP_ecdsa(void);
620#endif
593#ifndef OPENSSL_NO_SHA256 621#ifndef OPENSSL_NO_SHA256
594const EVP_MD *EVP_sha224(void); 622const EVP_MD *EVP_sha224(void);
595const EVP_MD *EVP_sha256(void); 623const EVP_MD *EVP_sha256(void);
@@ -598,8 +626,6 @@ const EVP_MD *EVP_sha256(void);
598const EVP_MD *EVP_sha384(void); 626const EVP_MD *EVP_sha384(void);
599const EVP_MD *EVP_sha512(void); 627const EVP_MD *EVP_sha512(void);
600#endif 628#endif
601#endif
602#endif
603#ifndef OPENSSL_NO_MDC2 629#ifndef OPENSSL_NO_MDC2
604const EVP_MD *EVP_mdc2(void); 630const EVP_MD *EVP_mdc2(void);
605#endif 631#endif
@@ -720,6 +746,37 @@ const EVP_CIPHER *EVP_aes_256_ctr(void);
720#ifndef OPENSSL_NO_ACSS 746#ifndef OPENSSL_NO_ACSS
721const EVP_CIPHER *EVP_acss(void); 747const EVP_CIPHER *EVP_acss(void);
722#endif 748#endif
749#ifndef OPENSSL_NO_CAMELLIA
750const EVP_CIPHER *EVP_camellia_128_ecb(void);
751const EVP_CIPHER *EVP_camellia_128_cbc(void);
752const EVP_CIPHER *EVP_camellia_128_cfb1(void);
753const EVP_CIPHER *EVP_camellia_128_cfb8(void);
754const EVP_CIPHER *EVP_camellia_128_cfb128(void);
755# define EVP_camellia_128_cfb EVP_camellia_128_cfb128
756const EVP_CIPHER *EVP_camellia_128_ofb(void);
757const EVP_CIPHER *EVP_camellia_192_ecb(void);
758const EVP_CIPHER *EVP_camellia_192_cbc(void);
759const EVP_CIPHER *EVP_camellia_192_cfb1(void);
760const EVP_CIPHER *EVP_camellia_192_cfb8(void);
761const EVP_CIPHER *EVP_camellia_192_cfb128(void);
762# define EVP_camellia_192_cfb EVP_camellia_192_cfb128
763const EVP_CIPHER *EVP_camellia_192_ofb(void);
764const EVP_CIPHER *EVP_camellia_256_ecb(void);
765const EVP_CIPHER *EVP_camellia_256_cbc(void);
766const EVP_CIPHER *EVP_camellia_256_cfb1(void);
767const EVP_CIPHER *EVP_camellia_256_cfb8(void);
768const EVP_CIPHER *EVP_camellia_256_cfb128(void);
769# define EVP_camellia_256_cfb EVP_camellia_256_cfb128
770const EVP_CIPHER *EVP_camellia_256_ofb(void);
771#endif
772
773#ifndef OPENSSL_NO_SEED
774const EVP_CIPHER *EVP_seed_ecb(void);
775const EVP_CIPHER *EVP_seed_cbc(void);
776const EVP_CIPHER *EVP_seed_cfb128(void);
777# define EVP_seed_cfb EVP_seed_cfb128
778const EVP_CIPHER *EVP_seed_ofb(void);
779#endif
723 780
724void OPENSSL_add_all_algorithms_noconf(void); 781void OPENSSL_add_all_algorithms_noconf(void);
725void OPENSSL_add_all_algorithms_conf(void); 782void OPENSSL_add_all_algorithms_conf(void);
@@ -745,10 +802,12 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
745const EVP_MD *EVP_get_digestbyname(const char *name); 802const EVP_MD *EVP_get_digestbyname(const char *name);
746void EVP_cleanup(void); 803void EVP_cleanup(void);
747 804
748int EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key, 805int EVP_PKEY_decrypt(unsigned char *dec_key,
749 int enc_key_len,EVP_PKEY *private_key); 806 const unsigned char *enc_key,int enc_key_len,
807 EVP_PKEY *private_key);
750int EVP_PKEY_encrypt(unsigned char *enc_key, 808int EVP_PKEY_encrypt(unsigned char *enc_key,
751 unsigned char *key,int key_len,EVP_PKEY *pub_key); 809 const unsigned char *key,int key_len,
810 EVP_PKEY *pub_key);
752int EVP_PKEY_type(int type); 811int EVP_PKEY_type(int type);
753int EVP_PKEY_bits(EVP_PKEY *pkey); 812int EVP_PKEY_bits(EVP_PKEY *pkey);
754int EVP_PKEY_size(EVP_PKEY *pkey); 813int EVP_PKEY_size(EVP_PKEY *pkey);
@@ -769,24 +828,31 @@ struct dh_st;
769int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key); 828int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key);
770struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); 829struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
771#endif 830#endif
772 831#ifndef OPENSSL_NO_EC
832struct ec_key_st;
833int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,struct ec_key_st *key);
834struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
835#endif
773 836
774EVP_PKEY * EVP_PKEY_new(void); 837EVP_PKEY * EVP_PKEY_new(void);
775void EVP_PKEY_free(EVP_PKEY *pkey); 838void EVP_PKEY_free(EVP_PKEY *pkey);
776EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp, 839
840EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp,
777 long length); 841 long length);
778int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); 842int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
779 843
780EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp, 844EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, const unsigned char **pp,
781 long length); 845 long length);
782EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp, 846EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
783 long length); 847 long length);
784int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); 848int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
785 849
786int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from); 850int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
787int EVP_PKEY_missing_parameters(EVP_PKEY *pkey); 851int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
788int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); 852int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode);
789int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b); 853int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
854
855int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
790 856
791int EVP_CIPHER_type(const EVP_CIPHER *ctx); 857int EVP_CIPHER_type(const EVP_CIPHER *ctx);
792 858
@@ -803,7 +869,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
803 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, 869 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
804 int en_de); 870 int en_de);
805int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, 871int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
806 unsigned char *salt, int saltlen, int iter, 872 const unsigned char *salt, int saltlen, int iter,
807 int keylen, unsigned char *out); 873 int keylen, unsigned char *out);
808int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 874int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
809 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, 875 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
@@ -826,30 +892,32 @@ void ERR_load_EVP_strings(void);
826/* Error codes for the EVP functions. */ 892/* Error codes for the EVP functions. */
827 893
828/* Function codes. */ 894/* Function codes. */
829#define EVP_F_AES_INIT_KEY 129 895#define EVP_F_AES_INIT_KEY 133
896#define EVP_F_CAMELLIA_INIT_KEY 159
830#define EVP_F_D2I_PKEY 100 897#define EVP_F_D2I_PKEY 100
831#define EVP_F_EVP_ADD_CIPHER 130 898#define EVP_F_DSAPKEY2PKCS8 134
832#define EVP_F_EVP_ADD_DIGEST 131 899#define EVP_F_DSA_PKEY2PKCS8 135
833#define EVP_F_EVP_CIPHERINIT 123 900#define EVP_F_ECDSA_PKEY2PKCS8 129
901#define EVP_F_ECKEY_PKEY2PKCS8 132
902#define EVP_F_EVP_CIPHERINIT_EX 123
834#define EVP_F_EVP_CIPHER_CTX_CTRL 124 903#define EVP_F_EVP_CIPHER_CTX_CTRL 124
835#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 904#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
836#define EVP_F_EVP_DECRYPTFINAL 101 905#define EVP_F_EVP_DECRYPTFINAL_EX 101
837#define EVP_F_EVP_DIGESTINIT 128 906#define EVP_F_EVP_DIGESTINIT_EX 128
838#define EVP_F_EVP_ENCRYPTFINAL 127 907#define EVP_F_EVP_ENCRYPTFINAL_EX 127
839#define EVP_F_EVP_GET_CIPHERBYNAME 132 908#define EVP_F_EVP_MD_CTX_COPY_EX 110
840#define EVP_F_EVP_GET_DIGESTBYNAME 133
841#define EVP_F_EVP_MD_CTX_COPY 110
842#define EVP_F_EVP_OPENINIT 102 909#define EVP_F_EVP_OPENINIT 102
843#define EVP_F_EVP_PBE_ALG_ADD 115 910#define EVP_F_EVP_PBE_ALG_ADD 115
844#define EVP_F_EVP_PBE_CIPHERINIT 116 911#define EVP_F_EVP_PBE_CIPHERINIT 116
845#define EVP_F_EVP_PKCS82PKEY 111 912#define EVP_F_EVP_PKCS82PKEY 111
846#define EVP_F_EVP_PKCS8_SET_BROKEN 112 913#define EVP_F_EVP_PKEY2PKCS8_BROKEN 113
847#define EVP_F_EVP_PKEY2PKCS8 113
848#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 914#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103
849#define EVP_F_EVP_PKEY_DECRYPT 104 915#define EVP_F_EVP_PKEY_DECRYPT 104
850#define EVP_F_EVP_PKEY_ENCRYPT 105 916#define EVP_F_EVP_PKEY_ENCRYPT 105
851#define EVP_F_EVP_PKEY_GET1_DH 119 917#define EVP_F_EVP_PKEY_GET1_DH 119
852#define EVP_F_EVP_PKEY_GET1_DSA 120 918#define EVP_F_EVP_PKEY_GET1_DSA 120
919#define EVP_F_EVP_PKEY_GET1_ECDSA 130
920#define EVP_F_EVP_PKEY_GET1_EC_KEY 131
853#define EVP_F_EVP_PKEY_GET1_RSA 121 921#define EVP_F_EVP_PKEY_GET1_RSA 121
854#define EVP_F_EVP_PKEY_NEW 106 922#define EVP_F_EVP_PKEY_NEW 106
855#define EVP_F_EVP_RIJNDAEL 126 923#define EVP_F_EVP_RIJNDAEL 126
@@ -857,28 +925,32 @@ void ERR_load_EVP_strings(void);
857#define EVP_F_EVP_VERIFYFINAL 108 925#define EVP_F_EVP_VERIFYFINAL 108
858#define EVP_F_PKCS5_PBE_KEYIVGEN 117 926#define EVP_F_PKCS5_PBE_KEYIVGEN 117
859#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 927#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118
928#define EVP_F_PKCS8_SET_BROKEN 112
860#define EVP_F_RC2_MAGIC_TO_METH 109 929#define EVP_F_RC2_MAGIC_TO_METH 109
861#define EVP_F_RC5_CTRL 125 930#define EVP_F_RC5_CTRL 125
862 931
863/* Reason codes. */ 932/* Reason codes. */
864#define EVP_R_AES_KEY_SETUP_FAILED 140 933#define EVP_R_AES_KEY_SETUP_FAILED 143
934#define EVP_R_ASN1_LIB 140
865#define EVP_R_BAD_BLOCK_LENGTH 136 935#define EVP_R_BAD_BLOCK_LENGTH 136
866#define EVP_R_BAD_DECRYPT 100 936#define EVP_R_BAD_DECRYPT 100
867#define EVP_R_BAD_KEY_LENGTH 137 937#define EVP_R_BAD_KEY_LENGTH 137
868#define EVP_R_BN_DECODE_ERROR 112 938#define EVP_R_BN_DECODE_ERROR 112
869#define EVP_R_BN_PUBKEY_ERROR 113 939#define EVP_R_BN_PUBKEY_ERROR 113
940#define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157
870#define EVP_R_CIPHER_PARAMETER_ERROR 122 941#define EVP_R_CIPHER_PARAMETER_ERROR 122
871#define EVP_R_CTRL_NOT_IMPLEMENTED 132 942#define EVP_R_CTRL_NOT_IMPLEMENTED 132
872#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 943#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133
873#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 944#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
874#define EVP_R_DECODE_ERROR 114 945#define EVP_R_DECODE_ERROR 114
875#define EVP_R_DIFFERENT_KEY_TYPES 101 946#define EVP_R_DIFFERENT_KEY_TYPES 101
876#define EVP_R_DISABLED_FOR_FIPS 141
877#define EVP_R_ENCODE_ERROR 115 947#define EVP_R_ENCODE_ERROR 115
878#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 948#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
879#define EVP_R_EXPECTING_AN_RSA_KEY 127 949#define EVP_R_EXPECTING_AN_RSA_KEY 127
880#define EVP_R_EXPECTING_A_DH_KEY 128 950#define EVP_R_EXPECTING_A_DH_KEY 128
881#define EVP_R_EXPECTING_A_DSA_KEY 129 951#define EVP_R_EXPECTING_A_DSA_KEY 129
952#define EVP_R_EXPECTING_A_ECDSA_KEY 141
953#define EVP_R_EXPECTING_A_EC_KEY 142
882#define EVP_R_INITIALIZATION_ERROR 134 954#define EVP_R_INITIALIZATION_ERROR 134
883#define EVP_R_INPUT_NOT_INITIALIZED 111 955#define EVP_R_INPUT_NOT_INITIALIZED 111
884#define EVP_R_INVALID_KEY_LENGTH 130 956#define EVP_R_INVALID_KEY_LENGTH 130
@@ -903,6 +975,7 @@ void ERR_load_EVP_strings(void);
903#define EVP_R_UNSUPPORTED_SALT_TYPE 126 975#define EVP_R_UNSUPPORTED_SALT_TYPE 126
904#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 976#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
905#define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 977#define EVP_R_WRONG_PUBLIC_KEY_TYPE 110
978#define EVP_R_SEED_KEY_SETUP_FAILED 162
906 979
907#ifdef __cplusplus 980#ifdef __cplusplus
908} 981}
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index f549eeb437..a1904993bf 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -60,12 +60,13 @@
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/evp.h> 61#include <openssl/evp.h>
62#include <openssl/err.h> 62#include <openssl/err.h>
63#include <openssl/rand.h>
63#ifndef OPENSSL_NO_ENGINE 64#ifndef OPENSSL_NO_ENGINE
64#include <openssl/engine.h> 65#include <openssl/engine.h>
65#endif 66#endif
66#include "evp_locl.h" 67#include "evp_locl.h"
67 68
68const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT; 69const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
69 70
70void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) 71void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
71 { 72 {
@@ -73,6 +74,13 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
73 /* ctx->cipher=NULL; */ 74 /* ctx->cipher=NULL; */
74 } 75 }
75 76
77EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
78 {
79 EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
80 if (ctx)
81 EVP_CIPHER_CTX_init(ctx);
82 return ctx;
83 }
76 84
77int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 85int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
78 const unsigned char *key, const unsigned char *iv, int enc) 86 const unsigned char *key, const unsigned char *iv, int enc)
@@ -82,48 +90,6 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
82 return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); 90 return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
83 } 91 }
84 92
85#ifdef OPENSSL_FIPS
86
87/* The purpose of these is to trap programs that attempt to use non FIPS
88 * algorithms in FIPS mode and ignore the errors.
89 */
90
91int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
92 const unsigned char *iv, int enc)
93 { FIPS_ERROR_IGNORED("Cipher init"); return 0;}
94
95int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
96 const unsigned char *in, unsigned int inl)
97 { FIPS_ERROR_IGNORED("Cipher update"); return 0;}
98
99/* NB: no cleanup because it is allowed after failed init */
100
101int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
102 { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
103int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
104 { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
105int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
106 { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
107
108static const EVP_CIPHER bad_cipher =
109 {
110 0,
111 0,
112 0,
113 0,
114 0,
115 bad_init,
116 bad_do_cipher,
117 NULL,
118 0,
119 bad_set_asn1,
120 bad_get_asn1,
121 bad_ctrl,
122 NULL
123 };
124
125#endif
126
127int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, 93int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
128 const unsigned char *key, const unsigned char *iv, int enc) 94 const unsigned char *key, const unsigned char *iv, int enc)
129 { 95 {
@@ -158,7 +124,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
158 { 124 {
159 if (!ENGINE_init(impl)) 125 if (!ENGINE_init(impl))
160 { 126 {
161 EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); 127 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
162 return 0; 128 return 0;
163 } 129 }
164 } 130 }
@@ -175,7 +141,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
175 * control history, is that we should at least 141 * control history, is that we should at least
176 * be able to avoid using US mispellings of 142 * be able to avoid using US mispellings of
177 * "initialisation"? */ 143 * "initialisation"? */
178 EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); 144 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
179 return 0; 145 return 0;
180 } 146 }
181 /* We'll use the ENGINE's private cipher definition */ 147 /* We'll use the ENGINE's private cipher definition */
@@ -188,13 +154,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
188 else 154 else
189 ctx->engine = NULL; 155 ctx->engine = NULL;
190#endif 156#endif
157
191 ctx->cipher=cipher; 158 ctx->cipher=cipher;
192 if (ctx->cipher->ctx_size) 159 if (ctx->cipher->ctx_size)
193 { 160 {
194 ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); 161 ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
195 if (!ctx->cipher_data) 162 if (!ctx->cipher_data)
196 { 163 {
197 EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE); 164 EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
198 return 0; 165 return 0;
199 } 166 }
200 } 167 }
@@ -208,14 +175,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
208 { 175 {
209 if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) 176 if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
210 { 177 {
211 EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); 178 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
212 return 0; 179 return 0;
213 } 180 }
214 } 181 }
215 } 182 }
216 else if(!ctx->cipher) 183 else if(!ctx->cipher)
217 { 184 {
218 EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET); 185 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
219 return 0; 186 return 0;
220 } 187 }
221#ifndef OPENSSL_NO_ENGINE 188#ifndef OPENSSL_NO_ENGINE
@@ -240,7 +207,8 @@ skip_to_init:
240 207
241 case EVP_CIPH_CBC_MODE: 208 case EVP_CIPH_CBC_MODE:
242 209
243 OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv); 210 OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
211 (int)sizeof(ctx->iv));
244 if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); 212 if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
245 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); 213 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
246 break; 214 break;
@@ -251,24 +219,6 @@ skip_to_init:
251 } 219 }
252 } 220 }
253 221
254#ifdef OPENSSL_FIPS
255 /* After 'key' is set no further parameters changes are permissible.
256 * So only check for non FIPS enabling at this point.
257 */
258 if (key && FIPS_mode())
259 {
260 if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
261 & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
262 {
263 EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS);
264 ERR_add_error_data(2, "cipher=",
265 EVP_CIPHER_name(ctx->cipher));
266 ctx->cipher = &bad_cipher;
267 return 0;
268 }
269 }
270#endif
271
272 if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { 222 if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
273 if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; 223 if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
274 } 224 }
@@ -345,7 +295,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
345 } 295 }
346 i=ctx->buf_len; 296 i=ctx->buf_len;
347 bl=ctx->cipher->block_size; 297 bl=ctx->cipher->block_size;
348 OPENSSL_assert(bl <= sizeof ctx->buf); 298 OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
349 if (i != 0) 299 if (i != 0)
350 { 300 {
351 if (i+inl < bl) 301 if (i+inl < bl)
@@ -391,7 +341,8 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
391 341
392int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 342int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
393 { 343 {
394 int i,n,b,bl,ret; 344 int n,ret;
345 unsigned int i, b, bl;
395 346
396 b=ctx->cipher->block_size; 347 b=ctx->cipher->block_size;
397 OPENSSL_assert(b <= sizeof ctx->buf); 348 OPENSSL_assert(b <= sizeof ctx->buf);
@@ -405,7 +356,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
405 { 356 {
406 if(bl) 357 if(bl)
407 { 358 {
408 EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); 359 EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
409 return 0; 360 return 0;
410 } 361 }
411 *outl = 0; 362 *outl = 0;
@@ -427,7 +378,8 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
427int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, 378int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
428 const unsigned char *in, int inl) 379 const unsigned char *in, int inl)
429 { 380 {
430 int b, fix_len; 381 int fix_len;
382 unsigned int b;
431 383
432 if (inl == 0) 384 if (inl == 0)
433 { 385 {
@@ -480,8 +432,8 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
480 432
481int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 433int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
482 { 434 {
483 int i,b; 435 int i,n;
484 int n; 436 unsigned int b;
485 437
486 *outl=0; 438 *outl=0;
487 b=ctx->cipher->block_size; 439 b=ctx->cipher->block_size;
@@ -489,7 +441,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
489 { 441 {
490 if(ctx->buf_len) 442 if(ctx->buf_len)
491 { 443 {
492 EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); 444 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
493 return 0; 445 return 0;
494 } 446 }
495 *outl = 0; 447 *outl = 0;
@@ -499,21 +451,21 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
499 { 451 {
500 if (ctx->buf_len || !ctx->final_used) 452 if (ctx->buf_len || !ctx->final_used)
501 { 453 {
502 EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH); 454 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
503 return(0); 455 return(0);
504 } 456 }
505 OPENSSL_assert(b <= sizeof ctx->final); 457 OPENSSL_assert(b <= sizeof ctx->final);
506 n=ctx->final[b-1]; 458 n=ctx->final[b-1];
507 if (n > b) 459 if (n == 0 || n > (int)b)
508 { 460 {
509 EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); 461 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
510 return(0); 462 return(0);
511 } 463 }
512 for (i=0; i<n; i++) 464 for (i=0; i<n; i++)
513 { 465 {
514 if (ctx->final[--b] != n) 466 if (ctx->final[--b] != n)
515 { 467 {
516 EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); 468 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
517 return(0); 469 return(0);
518 } 470 }
519 } 471 }
@@ -527,6 +479,15 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
527 return(1); 479 return(1);
528 } 480 }
529 481
482void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
483 {
484 if (ctx)
485 {
486 EVP_CIPHER_CTX_cleanup(ctx);
487 OPENSSL_free(ctx);
488 }
489 }
490
530int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) 491int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
531 { 492 {
532 if (c->cipher != NULL) 493 if (c->cipher != NULL)
@@ -590,3 +551,13 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
590 } 551 }
591 return ret; 552 return ret;
592} 553}
554
555int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
556 {
557 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
558 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
559 if (RAND_bytes(key, ctx->key_len) <= 0)
560 return 0;
561 return 1;
562 }
563
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c
index 77eee070d3..e8c9e8de9c 100644
--- a/src/lib/libcrypto/evp/evp_err.c
+++ b/src/lib/libcrypto/evp/evp_err.c
@@ -71,29 +71,31 @@
71static ERR_STRING_DATA EVP_str_functs[]= 71static ERR_STRING_DATA EVP_str_functs[]=
72 { 72 {
73{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, 73{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
74{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"},
74{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, 75{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
75{ERR_FUNC(EVP_F_EVP_ADD_CIPHER), "EVP_add_cipher"}, 76{ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"},
76{ERR_FUNC(EVP_F_EVP_ADD_DIGEST), "EVP_add_digest"}, 77{ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"},
77{ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"}, 78{ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"},
79{ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"},
80{ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"},
78{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, 81{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
79{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"}, 82{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"},
80{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL), "EVP_DecryptFinal"}, 83{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
81{ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"}, 84{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
82{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL), "EVP_EncryptFinal"}, 85{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
83{ERR_FUNC(EVP_F_EVP_GET_CIPHERBYNAME), "EVP_get_cipherbyname"}, 86{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
84{ERR_FUNC(EVP_F_EVP_GET_DIGESTBYNAME), "EVP_get_digestbyname"},
85{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY), "EVP_MD_CTX_copy"},
86{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, 87{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
87{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, 88{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
88{ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, 89{ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"},
89{ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, 90{ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"},
90{ERR_FUNC(EVP_F_EVP_PKCS8_SET_BROKEN), "EVP_PKCS8_SET_BROKEN"}, 91{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"},
91{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8), "EVP_PKEY2PKCS8"},
92{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, 92{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"},
93{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"}, 93{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"},
94{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, 94{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"},
95{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"}, 95{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"},
96{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"}, 96{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"},
97{ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"},
98{ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"},
97{ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"}, 99{ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"},
98{ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, 100{ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"},
99{ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, 101{ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"},
@@ -101,6 +103,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
101{ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, 103{ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"},
102{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, 104{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"},
103{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, 105{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
106{ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"},
104{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, 107{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"},
105{ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, 108{ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"},
106{0,NULL} 109{0,NULL}
@@ -109,23 +112,26 @@ static ERR_STRING_DATA EVP_str_functs[]=
109static ERR_STRING_DATA EVP_str_reasons[]= 112static ERR_STRING_DATA EVP_str_reasons[]=
110 { 113 {
111{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"}, 114{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"},
115{ERR_REASON(EVP_R_ASN1_LIB) ,"asn1 lib"},
112{ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"}, 116{ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"},
113{ERR_REASON(EVP_R_BAD_DECRYPT) ,"bad decrypt"}, 117{ERR_REASON(EVP_R_BAD_DECRYPT) ,"bad decrypt"},
114{ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"}, 118{ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"},
115{ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"}, 119{ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"},
116{ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"}, 120{ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"},
121{ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),"camellia key setup failed"},
117{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"}, 122{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"},
118{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"}, 123{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"},
119{ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"}, 124{ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"},
120{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"}, 125{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"},
121{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, 126{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"},
122{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, 127{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"},
123{ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"},
124{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, 128{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"},
125{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, 129{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
126{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, 130{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"},
127{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"}, 131{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"},
128{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"}, 132{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"},
133{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"},
134{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) ,"expecting a ec key"},
129{ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"}, 135{ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"},
130{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"}, 136{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
131{ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"}, 137{ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"},
@@ -157,15 +163,12 @@ static ERR_STRING_DATA EVP_str_reasons[]=
157 163
158void ERR_load_EVP_strings(void) 164void ERR_load_EVP_strings(void)
159 { 165 {
160 static int init=1; 166#ifndef OPENSSL_NO_ERR
161 167
162 if (init) 168 if (ERR_func_error_string(EVP_str_functs[0].error) == NULL)
163 { 169 {
164 init=0;
165#ifndef OPENSSL_NO_ERR
166 ERR_load_strings(0,EVP_str_functs); 170 ERR_load_strings(0,EVP_str_functs);
167 ERR_load_strings(0,EVP_str_reasons); 171 ERR_load_strings(0,EVP_str_reasons);
168#endif
169
170 } 172 }
173#endif
171 } 174 }
diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c
index f8650d5df6..361ea69ab6 100644
--- a/src/lib/libcrypto/evp/evp_key.c
+++ b/src/lib/libcrypto/evp/evp_key.c
@@ -66,7 +66,7 @@
66/* should be init to zeros. */ 66/* should be init to zeros. */
67static char prompt_string[80]; 67static char prompt_string[80];
68 68
69void EVP_set_pw_prompt(char *prompt) 69void EVP_set_pw_prompt(const char *prompt)
70 { 70 {
71 if (prompt == NULL) 71 if (prompt == NULL)
72 prompt_string[0]='\0'; 72 prompt_string[0]='\0';
diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c
index a63ba19317..edb28ef38e 100644
--- a/src/lib/libcrypto/evp/evp_lib.c
+++ b/src/lib/libcrypto/evp/evp_lib.c
@@ -68,7 +68,7 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
68 if (c->cipher->set_asn1_parameters != NULL) 68 if (c->cipher->set_asn1_parameters != NULL)
69 ret=c->cipher->set_asn1_parameters(c,type); 69 ret=c->cipher->set_asn1_parameters(c,type);
70 else 70 else
71 return -1; 71 ret=-1;
72 return(ret); 72 return(ret);
73 } 73 }
74 74
@@ -79,20 +79,21 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
79 if (c->cipher->get_asn1_parameters != NULL) 79 if (c->cipher->get_asn1_parameters != NULL)
80 ret=c->cipher->get_asn1_parameters(c,type); 80 ret=c->cipher->get_asn1_parameters(c,type);
81 else 81 else
82 return -1; 82 ret=-1;
83 return(ret); 83 return(ret);
84 } 84 }
85 85
86int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) 86int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
87 { 87 {
88 int i=0,l; 88 int i=0;
89 unsigned int l;
89 90
90 if (type != NULL) 91 if (type != NULL)
91 { 92 {
92 l=EVP_CIPHER_CTX_iv_length(c); 93 l=EVP_CIPHER_CTX_iv_length(c);
93 OPENSSL_assert(l <= sizeof c->iv); 94 OPENSSL_assert(l <= sizeof(c->iv));
94 i=ASN1_TYPE_get_octetstring(type,c->oiv,l); 95 i=ASN1_TYPE_get_octetstring(type,c->oiv,l);
95 if (i != l) 96 if (i != (int)l)
96 return(-1); 97 return(-1);
97 else if (i > 0) 98 else if (i > 0)
98 memcpy(c->iv,c->oiv,l); 99 memcpy(c->iv,c->oiv,l);
@@ -102,12 +103,13 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
102 103
103int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) 104int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
104 { 105 {
105 int i=0,j; 106 int i=0;
107 unsigned int j;
106 108
107 if (type != NULL) 109 if (type != NULL)
108 { 110 {
109 j=EVP_CIPHER_CTX_iv_length(c); 111 j=EVP_CIPHER_CTX_iv_length(c);
110 OPENSSL_assert(j <= sizeof c->iv); 112 OPENSSL_assert(j <= sizeof(c->iv));
111 i=ASN1_TYPE_set_octetstring(type,c->oiv,j); 113 i=ASN1_TYPE_set_octetstring(type,c->oiv,j);
112 } 114 }
113 return(i); 115 return(i);
@@ -166,3 +168,112 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
166 } 168 }
167} 169}
168 170
171int EVP_CIPHER_block_size(const EVP_CIPHER *e)
172 {
173 return e->block_size;
174 }
175
176int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
177 {
178 return ctx->cipher->block_size;
179 }
180
181int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
182 {
183 return ctx->cipher->do_cipher(ctx,out,in,inl);
184 }
185
186const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
187 {
188 return ctx->cipher;
189 }
190
191unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
192 {
193 return cipher->flags;
194 }
195
196unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
197 {
198 return ctx->cipher->flags;
199 }
200
201void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
202 {
203 return ctx->app_data;
204 }
205
206void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
207 {
208 ctx->app_data = data;
209 }
210
211int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
212 {
213 return cipher->iv_len;
214 }
215
216int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
217 {
218 return ctx->cipher->iv_len;
219 }
220
221int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
222 {
223 return cipher->key_len;
224 }
225
226int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
227 {
228 return ctx->key_len;
229 }
230
231int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
232 {
233 return cipher->nid;
234 }
235
236int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
237 {
238 return ctx->cipher->nid;
239 }
240
241int EVP_MD_block_size(const EVP_MD *md)
242 {
243 return md->block_size;
244 }
245
246int EVP_MD_type(const EVP_MD *md)
247 {
248 return md->type;
249 }
250
251int EVP_MD_pkey_type(const EVP_MD *md)
252 {
253 return md->pkey_type;
254 }
255
256int EVP_MD_size(const EVP_MD *md)
257 {
258 return md->md_size;
259 }
260
261const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
262 {
263 return ctx->digest;
264 }
265
266void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags)
267 {
268 ctx->flags |= flags;
269 }
270
271void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags)
272 {
273 ctx->flags &= ~flags;
274 }
275
276int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags)
277 {
278 return (ctx->flags & flags);
279 }
diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h
index f8c5343620..073b0adcff 100644
--- a/src/lib/libcrypto/evp/evp_locl.h
+++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -65,7 +65,7 @@
65 bl = ctx->cipher->block_size;\ 65 bl = ctx->cipher->block_size;\
66 if(inl < bl) return 1;\ 66 if(inl < bl) return 1;\
67 inl -= bl; \ 67 inl -= bl; \
68 for(i=0; i <= inl; i+=bl) \ 68 for(i=0; i <= inl; i+=bl)
69 69
70#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ 70#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
71static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ 71static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
@@ -92,7 +92,7 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns
92#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ 92#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
93static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ 93static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
94{\ 94{\
95 cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ 95 cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
96 return 1;\ 96 return 1;\
97} 97}
98 98
@@ -226,27 +226,11 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
226 226
227#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) 227#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data)
228 228
229#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,flags) \ 229#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \
230 BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ 230 BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
231 BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ 231 BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
232 NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ 232 NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
233 flags, cipher##_init_key, NULL, \ 233 0, cipher##_init_key, NULL, \
234 EVP_CIPHER_set_asn1_iv, \ 234 EVP_CIPHER_set_asn1_iv, \
235 EVP_CIPHER_get_asn1_iv, \ 235 EVP_CIPHER_get_asn1_iv, \
236 NULL) 236 NULL)
237
238#ifdef OPENSSL_FIPS
239#define RC2_set_key private_RC2_set_key
240#define RC4_set_key private_RC4_set_key
241#define CAST_set_key private_CAST_set_key
242#define RC5_32_set_key private_RC5_32_set_key
243#define BF_set_key private_BF_set_key
244#define idea_set_encrypt_key private_idea_set_encrypt_key
245
246#define MD5_Init private_MD5_Init
247#define MD4_Init private_MD4_Init
248#define MD2_Init private_MD2_Init
249#define MDC2_Init private_MDC2_Init
250#define SHA_Init private_SHA_Init
251
252#endif
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
index 91e545a141..c26d2de0f3 100644
--- a/src/lib/libcrypto/evp/evp_pbe.c
+++ b/src/lib/libcrypto/evp/evp_pbe.c
@@ -74,7 +74,7 @@ const EVP_MD *md;
74EVP_PBE_KEYGEN *keygen; 74EVP_PBE_KEYGEN *keygen;
75} EVP_PBE_CTL; 75} EVP_PBE_CTL;
76 76
77int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, 77int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
78 ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) 78 ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
79{ 79{
80 80
@@ -106,7 +106,8 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
106 106
107static int pbe_cmp(const char * const *a, const char * const *b) 107static int pbe_cmp(const char * const *a, const char * const *b)
108{ 108{
109 EVP_PBE_CTL **pbe1 = (EVP_PBE_CTL **) a, **pbe2 = (EVP_PBE_CTL **)b; 109 const EVP_PBE_CTL * const *pbe1 = (const EVP_PBE_CTL * const *) a,
110 * const *pbe2 = (const EVP_PBE_CTL * const *)b;
110 return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); 111 return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid);
111} 112}
112 113
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
index 47a69932a5..0147f3e02a 100644
--- a/src/lib/libcrypto/evp/evp_pkey.c
+++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -3,7 +3,7 @@
3 * project 1999. 3 * project 1999.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -61,14 +61,24 @@
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63#include <openssl/rand.h> 63#include <openssl/rand.h>
64#ifndef OPENSSL_NO_RSA
65#include <openssl/rsa.h>
66#endif
67#ifndef OPENSSL_NO_DSA
68#include <openssl/dsa.h>
69#endif
70#include <openssl/bn.h>
64 71
65#ifndef OPENSSL_NO_DSA 72#ifndef OPENSSL_NO_DSA
66static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); 73static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
67#endif 74#endif
75#ifndef OPENSSL_NO_EC
76static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
77#endif
68 78
69/* Extract a private key from a PKCS8 structure */ 79/* Extract a private key from a PKCS8 structure */
70 80
71EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) 81EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
72{ 82{
73 EVP_PKEY *pkey = NULL; 83 EVP_PKEY *pkey = NULL;
74#ifndef OPENSSL_NO_RSA 84#ifndef OPENSSL_NO_RSA
@@ -76,16 +86,24 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
76#endif 86#endif
77#ifndef OPENSSL_NO_DSA 87#ifndef OPENSSL_NO_DSA
78 DSA *dsa = NULL; 88 DSA *dsa = NULL;
89 ASN1_TYPE *t1, *t2;
79 ASN1_INTEGER *privkey; 90 ASN1_INTEGER *privkey;
80 ASN1_TYPE *t1, *t2, *param = NULL;
81 STACK_OF(ASN1_TYPE) *ndsa = NULL; 91 STACK_OF(ASN1_TYPE) *ndsa = NULL;
92#endif
93#ifndef OPENSSL_NO_EC
94 EC_KEY *eckey = NULL;
95 const unsigned char *p_tmp;
96#endif
97#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
98 ASN1_TYPE *param = NULL;
82 BN_CTX *ctx = NULL; 99 BN_CTX *ctx = NULL;
83 int plen; 100 int plen;
84#endif 101#endif
85 X509_ALGOR *a; 102 X509_ALGOR *a;
86 unsigned char *p; 103 const unsigned char *p;
87 const unsigned char *cp; 104 const unsigned char *cp;
88 int pkeylen; 105 int pkeylen;
106 int nid;
89 char obj_tmp[80]; 107 char obj_tmp[80];
90 108
91 if(p8->pkey->type == V_ASN1_OCTET_STRING) { 109 if(p8->pkey->type == V_ASN1_OCTET_STRING) {
@@ -102,7 +120,8 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
102 return NULL; 120 return NULL;
103 } 121 }
104 a = p8->pkeyalg; 122 a = p8->pkeyalg;
105 switch (OBJ_obj2nid(a->algorithm)) 123 nid = OBJ_obj2nid(a->algorithm);
124 switch(nid)
106 { 125 {
107#ifndef OPENSSL_NO_RSA 126#ifndef OPENSSL_NO_RSA
108 case NID_rsaEncryption: 127 case NID_rsaEncryption:
@@ -208,6 +227,112 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
208 return NULL; 227 return NULL;
209 break; 228 break;
210#endif 229#endif
230#ifndef OPENSSL_NO_EC
231 case NID_X9_62_id_ecPublicKey:
232 p_tmp = p;
233 /* extract the ec parameters */
234 param = p8->pkeyalg->parameter;
235
236 if (!param || ((param->type != V_ASN1_SEQUENCE) &&
237 (param->type != V_ASN1_OBJECT)))
238 {
239 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
240 goto ecerr;
241 }
242
243 if (param->type == V_ASN1_SEQUENCE)
244 {
245 cp = p = param->value.sequence->data;
246 plen = param->value.sequence->length;
247
248 if (!(eckey = d2i_ECParameters(NULL, &cp, plen)))
249 {
250 EVPerr(EVP_F_EVP_PKCS82PKEY,
251 EVP_R_DECODE_ERROR);
252 goto ecerr;
253 }
254 }
255 else
256 {
257 EC_GROUP *group;
258 cp = p = param->value.object->data;
259 plen = param->value.object->length;
260
261 /* type == V_ASN1_OBJECT => the parameters are given
262 * by an asn1 OID
263 */
264 if ((eckey = EC_KEY_new()) == NULL)
265 {
266 EVPerr(EVP_F_EVP_PKCS82PKEY,
267 ERR_R_MALLOC_FAILURE);
268 goto ecerr;
269 }
270 group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
271 if (group == NULL)
272 goto ecerr;
273 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
274 if (EC_KEY_set_group(eckey, group) == 0)
275 goto ecerr;
276 EC_GROUP_free(group);
277 }
278
279 /* We have parameters now set private key */
280 if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen))
281 {
282 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
283 goto ecerr;
284 }
285
286 /* calculate public key (if necessary) */
287 if (EC_KEY_get0_public_key(eckey) == NULL)
288 {
289 const BIGNUM *priv_key;
290 const EC_GROUP *group;
291 EC_POINT *pub_key;
292 /* the public key was not included in the SEC1 private
293 * key => calculate the public key */
294 group = EC_KEY_get0_group(eckey);
295 pub_key = EC_POINT_new(group);
296 if (pub_key == NULL)
297 {
298 EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
299 goto ecerr;
300 }
301 if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))
302 {
303 EC_POINT_free(pub_key);
304 EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
305 goto ecerr;
306 }
307 priv_key = EC_KEY_get0_private_key(eckey);
308 if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
309 {
310 EC_POINT_free(pub_key);
311 EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
312 goto ecerr;
313 }
314 if (EC_KEY_set_public_key(eckey, pub_key) == 0)
315 {
316 EC_POINT_free(pub_key);
317 EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
318 goto ecerr;
319 }
320 EC_POINT_free(pub_key);
321 }
322
323 EVP_PKEY_assign_EC_KEY(pkey, eckey);
324 if (ctx)
325 BN_CTX_free(ctx);
326 break;
327ecerr:
328 if (ctx)
329 BN_CTX_free(ctx);
330 if (eckey)
331 EC_KEY_free(eckey);
332 if (pkey)
333 EVP_PKEY_free(pkey);
334 return NULL;
335#endif
211 default: 336 default:
212 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); 337 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
213 if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); 338 if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
@@ -231,17 +356,17 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
231 PKCS8_PRIV_KEY_INFO *p8; 356 PKCS8_PRIV_KEY_INFO *p8;
232 357
233 if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { 358 if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {
234 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 359 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
235 return NULL; 360 return NULL;
236 } 361 }
237 p8->broken = broken; 362 p8->broken = broken;
238 if (!ASN1_INTEGER_set(p8->version, 0)) { 363 if (!ASN1_INTEGER_set(p8->version, 0)) {
239 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 364 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
240 PKCS8_PRIV_KEY_INFO_free (p8); 365 PKCS8_PRIV_KEY_INFO_free (p8);
241 return NULL; 366 return NULL;
242 } 367 }
243 if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { 368 if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
244 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 369 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
245 PKCS8_PRIV_KEY_INFO_free (p8); 370 PKCS8_PRIV_KEY_INFO_free (p8);
246 return NULL; 371 return NULL;
247 } 372 }
@@ -254,9 +379,9 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
254 379
255 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); 380 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
256 p8->pkeyalg->parameter->type = V_ASN1_NULL; 381 p8->pkeyalg->parameter->type = V_ASN1_NULL;
257 if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey, 382 if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey,
258 &p8->pkey->value.octet_string)) { 383 &p8->pkey->value.octet_string)) {
259 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 384 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
260 PKCS8_PRIV_KEY_INFO_free (p8); 385 PKCS8_PRIV_KEY_INFO_free (p8);
261 return NULL; 386 return NULL;
262 } 387 }
@@ -271,13 +396,22 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
271 396
272 break; 397 break;
273#endif 398#endif
399#ifndef OPENSSL_NO_EC
400 case EVP_PKEY_EC:
401 if (!eckey_pkey2pkcs8(p8, pkey))
402 {
403 PKCS8_PRIV_KEY_INFO_free(p8);
404 return(NULL);
405 }
406 break;
407#endif
274 default: 408 default:
275 EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); 409 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
276 PKCS8_PRIV_KEY_INFO_free (p8); 410 PKCS8_PRIV_KEY_INFO_free (p8);
277 return NULL; 411 return NULL;
278 } 412 }
279 RAND_add(p8->pkey->value.octet_string->data, 413 RAND_add(p8->pkey->value.octet_string->data,
280 p8->pkey->value.octet_string->length, 0); 414 p8->pkey->value.octet_string->length, 0.0);
281 return p8; 415 return p8;
282} 416}
283 417
@@ -297,10 +431,8 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
297 break; 431 break;
298 432
299 default: 433 default:
300 EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); 434 EVPerr(EVP_F_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
301 return NULL; 435 return NULL;
302 break;
303
304 } 436 }
305} 437}
306 438
@@ -317,24 +449,24 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
317 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); 449 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
318 len = i2d_DSAparams (pkey->pkey.dsa, NULL); 450 len = i2d_DSAparams (pkey->pkey.dsa, NULL);
319 if (!(p = OPENSSL_malloc(len))) { 451 if (!(p = OPENSSL_malloc(len))) {
320 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 452 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
321 goto err; 453 goto err;
322 } 454 }
323 q = p; 455 q = p;
324 i2d_DSAparams (pkey->pkey.dsa, &q); 456 i2d_DSAparams (pkey->pkey.dsa, &q);
325 if (!(params = ASN1_STRING_new())) { 457 if (!(params = ASN1_STRING_new())) {
326 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 458 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
327 goto err; 459 goto err;
328 } 460 }
329 if (!ASN1_STRING_set(params, p, len)) { 461 if (!ASN1_STRING_set(params, p, len)) {
330 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 462 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
331 goto err; 463 goto err;
332 } 464 }
333 OPENSSL_free(p); 465 OPENSSL_free(p);
334 p = NULL; 466 p = NULL;
335 /* Get private key into integer */ 467 /* Get private key into integer */
336 if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { 468 if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
337 EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); 469 EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
338 goto err; 470 goto err;
339 } 471 }
340 472
@@ -343,9 +475,9 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
343 case PKCS8_OK: 475 case PKCS8_OK:
344 case PKCS8_NO_OCTET: 476 case PKCS8_NO_OCTET:
345 477
346 if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER, 478 if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER,
347 &p8->pkey->value.octet_string)) { 479 &p8->pkey->value.octet_string)) {
348 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 480 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
349 goto err; 481 goto err;
350 } 482 }
351 483
@@ -363,39 +495,39 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
363 params = NULL; 495 params = NULL;
364 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; 496 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
365 if (!(ndsa = sk_ASN1_TYPE_new_null())) { 497 if (!(ndsa = sk_ASN1_TYPE_new_null())) {
366 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 498 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
367 goto err; 499 goto err;
368 } 500 }
369 if (!(ttmp = ASN1_TYPE_new())) { 501 if (!(ttmp = ASN1_TYPE_new())) {
370 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 502 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
371 goto err; 503 goto err;
372 } 504 }
373 if (!(ttmp->value.integer = 505 if (!(ttmp->value.integer =
374 BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) { 506 BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
375 EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); 507 EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
376 goto err; 508 goto err;
377 } 509 }
378 ttmp->type = V_ASN1_INTEGER; 510 ttmp->type = V_ASN1_INTEGER;
379 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { 511 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
380 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 512 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
381 goto err; 513 goto err;
382 } 514 }
383 515
384 if (!(ttmp = ASN1_TYPE_new())) { 516 if (!(ttmp = ASN1_TYPE_new())) {
385 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 517 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
386 goto err; 518 goto err;
387 } 519 }
388 ttmp->value.integer = prkey; 520 ttmp->value.integer = prkey;
389 prkey = NULL; 521 prkey = NULL;
390 ttmp->type = V_ASN1_INTEGER; 522 ttmp->type = V_ASN1_INTEGER;
391 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { 523 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
392 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 524 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
393 goto err; 525 goto err;
394 } 526 }
395 ttmp = NULL; 527 ttmp = NULL;
396 528
397 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { 529 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
398 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 530 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
399 goto err; 531 goto err;
400 } 532 }
401 533
@@ -403,7 +535,7 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
403 &p8->pkey->value.octet_string->data, 535 &p8->pkey->value.octet_string->data,
404 &p8->pkey->value.octet_string->length)) { 536 &p8->pkey->value.octet_string->length)) {
405 537
406 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 538 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
407 goto err; 539 goto err;
408 } 540 }
409 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 541 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
@@ -413,36 +545,36 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
413 545
414 p8->pkeyalg->parameter->type = V_ASN1_NULL; 546 p8->pkeyalg->parameter->type = V_ASN1_NULL;
415 if (!(ndsa = sk_ASN1_TYPE_new_null())) { 547 if (!(ndsa = sk_ASN1_TYPE_new_null())) {
416 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 548 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
417 goto err; 549 goto err;
418 } 550 }
419 if (!(ttmp = ASN1_TYPE_new())) { 551 if (!(ttmp = ASN1_TYPE_new())) {
420 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 552 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
421 goto err; 553 goto err;
422 } 554 }
423 ttmp->value.sequence = params; 555 ttmp->value.sequence = params;
424 params = NULL; 556 params = NULL;
425 ttmp->type = V_ASN1_SEQUENCE; 557 ttmp->type = V_ASN1_SEQUENCE;
426 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { 558 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
427 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 559 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
428 goto err; 560 goto err;
429 } 561 }
430 562
431 if (!(ttmp = ASN1_TYPE_new())) { 563 if (!(ttmp = ASN1_TYPE_new())) {
432 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 564 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
433 goto err; 565 goto err;
434 } 566 }
435 ttmp->value.integer = prkey; 567 ttmp->value.integer = prkey;
436 prkey = NULL; 568 prkey = NULL;
437 ttmp->type = V_ASN1_INTEGER; 569 ttmp->type = V_ASN1_INTEGER;
438 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { 570 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
439 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 571 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
440 goto err; 572 goto err;
441 } 573 }
442 ttmp = NULL; 574 ttmp = NULL;
443 575
444 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { 576 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
445 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 577 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
446 goto err; 578 goto err;
447 } 579 }
448 580
@@ -450,7 +582,7 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
450 &p8->pkey->value.octet_string->data, 582 &p8->pkey->value.octet_string->data,
451 &p8->pkey->value.octet_string->length)) { 583 &p8->pkey->value.octet_string->length)) {
452 584
453 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 585 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
454 goto err; 586 goto err;
455 } 587 }
456 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 588 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
@@ -466,3 +598,197 @@ err:
466 return 0; 598 return 0;
467} 599}
468#endif 600#endif
601
602#ifndef OPENSSL_NO_EC
603static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
604{
605 EC_KEY *ec_key;
606 const EC_GROUP *group;
607 unsigned char *p, *pp;
608 int nid, i, ret = 0;
609 unsigned int tmp_flags, old_flags;
610
611 ec_key = pkey->pkey.ec;
612 if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL)
613 {
614 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);
615 return 0;
616 }
617
618 /* set the ec parameters OID */
619 if (p8->pkeyalg->algorithm)
620 ASN1_OBJECT_free(p8->pkeyalg->algorithm);
621
622 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);
623
624 /* set the ec parameters */
625
626 if (p8->pkeyalg->parameter)
627 {
628 ASN1_TYPE_free(p8->pkeyalg->parameter);
629 p8->pkeyalg->parameter = NULL;
630 }
631
632 if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL)
633 {
634 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
635 return 0;
636 }
637
638 if (EC_GROUP_get_asn1_flag(group)
639 && (nid = EC_GROUP_get_curve_name(group)))
640 {
641 /* we have a 'named curve' => just set the OID */
642 p8->pkeyalg->parameter->type = V_ASN1_OBJECT;
643 p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);
644 }
645 else /* explicit parameters */
646 {
647 if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
648 {
649 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
650 return 0;
651 }
652 if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
653 {
654 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
655 return 0;
656 }
657 pp = p;
658 if (!i2d_ECParameters(ec_key, &pp))
659 {
660 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
661 OPENSSL_free(p);
662 return 0;
663 }
664 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
665 if ((p8->pkeyalg->parameter->value.sequence
666 = ASN1_STRING_new()) == NULL)
667 {
668 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB);
669 OPENSSL_free(p);
670 return 0;
671 }
672 ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);
673 OPENSSL_free(p);
674 }
675
676 /* set the private key */
677
678 /* do not include the parameters in the SEC1 private key
679 * see PKCS#11 12.11 */
680 old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);
681 tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
682 EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);
683 i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);
684 if (!i)
685 {
686 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
687 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
688 return 0;
689 }
690 p = (unsigned char *) OPENSSL_malloc(i);
691 if (!p)
692 {
693 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
694 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
695 return 0;
696 }
697 pp = p;
698 if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp))
699 {
700 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
701 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
702 OPENSSL_free(p);
703 return 0;
704 }
705 /* restore old encoding flags */
706 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
707
708 switch(p8->broken) {
709
710 case PKCS8_OK:
711 p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
712 if (!p8->pkey->value.octet_string ||
713 !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string,
714 (const void *)p, i))
715
716 {
717 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
718 }
719 else
720 ret = 1;
721 break;
722 case PKCS8_NO_OCTET: /* RSA specific */
723 case PKCS8_NS_DB: /* DSA specific */
724 case PKCS8_EMBEDDED_PARAM: /* DSA specific */
725 default:
726 EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
727 }
728 OPENSSL_cleanse(p, (size_t)i);
729 OPENSSL_free(p);
730 return ret;
731}
732#endif
733
734/* EVP_PKEY attribute functions */
735
736int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
737{
738 return X509at_get_attr_count(key->attributes);
739}
740
741int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,
742 int lastpos)
743{
744 return X509at_get_attr_by_NID(key->attributes, nid, lastpos);
745}
746
747int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
748 int lastpos)
749{
750 return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos);
751}
752
753X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc)
754{
755 return X509at_get_attr(key->attributes, loc);
756}
757
758X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc)
759{
760 return X509at_delete_attr(key->attributes, loc);
761}
762
763int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr)
764{
765 if(X509at_add1_attr(&key->attributes, attr)) return 1;
766 return 0;
767}
768
769int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
770 const ASN1_OBJECT *obj, int type,
771 const unsigned char *bytes, int len)
772{
773 if(X509at_add1_attr_by_OBJ(&key->attributes, obj,
774 type, bytes, len)) return 1;
775 return 0;
776}
777
778int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
779 int nid, int type,
780 const unsigned char *bytes, int len)
781{
782 if(X509at_add1_attr_by_NID(&key->attributes, nid,
783 type, bytes, len)) return 1;
784 return 0;
785}
786
787int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
788 const char *attrname, int type,
789 const unsigned char *bytes, int len)
790{
791 if(X509at_add1_attr_by_txt(&key->attributes, attrname,
792 type, bytes, len)) return 1;
793 return 0;
794}
diff --git a/src/lib/libcrypto/evp/evp_test.c b/src/lib/libcrypto/evp/evp_test.c
index a624cfd248..bb6f02c2e9 100644
--- a/src/lib/libcrypto/evp/evp_test.c
+++ b/src/lib/libcrypto/evp/evp_test.c
@@ -52,6 +52,7 @@
52 52
53#include "../e_os.h" 53#include "../e_os.h"
54 54
55#include <openssl/opensslconf.h>
55#include <openssl/evp.h> 56#include <openssl/evp.h>
56#ifndef OPENSSL_NO_ENGINE 57#ifndef OPENSSL_NO_ENGINE
57#include <openssl/engine.h> 58#include <openssl/engine.h>
@@ -136,7 +137,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
136 const unsigned char *iv,int in, 137 const unsigned char *iv,int in,
137 const unsigned char *plaintext,int pn, 138 const unsigned char *plaintext,int pn,
138 const unsigned char *ciphertext,int cn, 139 const unsigned char *ciphertext,int cn,
139 int encdec,int multiplier) 140 int encdec)
140 { 141 {
141 EVP_CIPHER_CTX ctx; 142 EVP_CIPHER_CTX ctx;
142 unsigned char out[4096]; 143 unsigned char out[4096];
@@ -167,7 +168,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
167 } 168 }
168 EVP_CIPHER_CTX_set_padding(&ctx,0); 169 EVP_CIPHER_CTX_set_padding(&ctx,0);
169 170
170 if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn*multiplier)) 171 if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn))
171 { 172 {
172 fprintf(stderr,"Encrypt failed\n"); 173 fprintf(stderr,"Encrypt failed\n");
173 ERR_print_errors_fp(stderr); 174 ERR_print_errors_fp(stderr);
@@ -180,7 +181,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
180 test1_exit(7); 181 test1_exit(7);
181 } 182 }
182 183
183 if(outl+outl2 != cn*multiplier) 184 if(outl+outl2 != cn)
184 { 185 {
185 fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n", 186 fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n",
186 outl+outl2,cn); 187 outl+outl2,cn);
@@ -206,7 +207,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
206 } 207 }
207 EVP_CIPHER_CTX_set_padding(&ctx,0); 208 EVP_CIPHER_CTX_set_padding(&ctx,0);
208 209
209 if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn*multiplier)) 210 if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn))
210 { 211 {
211 fprintf(stderr,"Decrypt failed\n"); 212 fprintf(stderr,"Decrypt failed\n");
212 ERR_print_errors_fp(stderr); 213 ERR_print_errors_fp(stderr);
@@ -219,7 +220,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
219 test1_exit(7); 220 test1_exit(7);
220 } 221 }
221 222
222 if(outl+outl2 != cn*multiplier) 223 if(outl+outl2 != cn)
223 { 224 {
224 fprintf(stderr,"Plaintext length mismatch got %d expected %d\n", 225 fprintf(stderr,"Plaintext length mismatch got %d expected %d\n",
225 outl+outl2,cn); 226 outl+outl2,cn);
@@ -244,7 +245,7 @@ static int test_cipher(const char *cipher,const unsigned char *key,int kn,
244 const unsigned char *iv,int in, 245 const unsigned char *iv,int in,
245 const unsigned char *plaintext,int pn, 246 const unsigned char *plaintext,int pn,
246 const unsigned char *ciphertext,int cn, 247 const unsigned char *ciphertext,int cn,
247 int encdec,int multiplier) 248 int encdec)
248 { 249 {
249 const EVP_CIPHER *c; 250 const EVP_CIPHER *c;
250 251
@@ -252,7 +253,7 @@ static int test_cipher(const char *cipher,const unsigned char *key,int kn,
252 if(!c) 253 if(!c)
253 return 0; 254 return 0;
254 255
255 test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec,multiplier); 256 test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec);
256 257
257 return 1; 258 return 1;
258 } 259 }
@@ -368,7 +369,6 @@ int main(int argc,char **argv)
368 unsigned char *iv,*key,*plaintext,*ciphertext; 369 unsigned char *iv,*key,*plaintext,*ciphertext;
369 int encdec; 370 int encdec;
370 int kn,in,pn,cn; 371 int kn,in,pn,cn;
371 int multiplier=1;
372 372
373 if(!fgets((char *)line,sizeof line,f)) 373 if(!fgets((char *)line,sizeof line,f))
374 break; 374 break;
@@ -393,17 +393,44 @@ int main(int argc,char **argv)
393 pn=convert(plaintext); 393 pn=convert(plaintext);
394 cn=convert(ciphertext); 394 cn=convert(ciphertext);
395 395
396 if(strchr(cipher,'*')) 396 if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec)
397 {
398 p=cipher;
399 sstrsep(&p,"*");
400 multiplier=atoi(sstrsep(&p,"*"));
401 }
402
403 if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec,
404 multiplier)
405 && !test_digest(cipher,plaintext,pn,ciphertext,cn)) 397 && !test_digest(cipher,plaintext,pn,ciphertext,cn))
406 { 398 {
399#ifdef OPENSSL_NO_AES
400 if (strstr(cipher, "AES") == cipher)
401 {
402 fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
403 continue;
404 }
405#endif
406#ifdef OPENSSL_NO_DES
407 if (strstr(cipher, "DES") == cipher)
408 {
409 fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
410 continue;
411 }
412#endif
413#ifdef OPENSSL_NO_RC4
414 if (strstr(cipher, "RC4") == cipher)
415 {
416 fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
417 continue;
418 }
419#endif
420#ifdef OPENSSL_NO_CAMELLIA
421 if (strstr(cipher, "CAMELLIA") == cipher)
422 {
423 fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
424 continue;
425 }
426#endif
427#ifdef OPENSSL_NO_SEED
428 if (strstr(cipher, "SEED") == cipher)
429 {
430 fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
431 continue;
432 }
433#endif
407 fprintf(stderr,"Can't find %s\n",cipher); 434 fprintf(stderr,"Can't find %s\n",cipher);
408 EXIT(3); 435 EXIT(3);
409 } 436 }
diff --git a/src/lib/libcrypto/evp/evptests.txt b/src/lib/libcrypto/evp/evptests.txt
index dfe91a5bc0..beb12144b6 100644
--- a/src/lib/libcrypto/evp/evptests.txt
+++ b/src/lib/libcrypto/evp/evptests.txt
@@ -92,102 +92,7 @@ AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000
92AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D 92AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D
93AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461 93AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461
94AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B 94AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B
95 95# We don't support CFB{1,8}-AESxxx.{En,De}crypt
96# CFB1-AES128.Encrypt
97
98AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:00:00:1
99AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00020406080a0c0e10121416181a1c1e:80:80:1
100AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0004080c1014181c2024282c3034383d:80:80:1
101AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0008101820283038404850586068707b:00:00:1
102AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00102030405060708090a0b0c0d0e0f6:80:80:1
103AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0020406080a0c0e10121416181a1c1ed:00:00:1
104AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:004080c1014181c2024282c3034383da:80:00:1
105AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:008101820283038404850586068707b4:80:00:1
106AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f68:80:80:1
107AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:020406080a0c0e10121416181a1c1ed1:80:00:1
108AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:04080c1014181c2024282c3034383da2:00:80:1
109AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:08101820283038404850586068707b45:00:80:1
110AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:102030405060708090a0b0c0d0e0f68b:00:00:1
111AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:20406080a0c0e10121416181a1c1ed16:00:00:1
112AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:4080c1014181c2024282c3034383da2c:00:80:1
113AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:8101820283038404850586068707b459:80:80:1
114# all of the above packed into one...
115# in: 0110 1011 1100 0001 = 6bc1
116# out: 0110 1000 1011 0011 = 68b3
117AES-128-CFB1*8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1:68b3:1
118
119# CFB1-AES128.Decrypt
120AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:00:00:0
121AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00020406080a0c0e10121416181a1c1e:80:80:0
122AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0004080c1014181c2024282c3034383d:80:80:0
123AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0008101820283038404850586068707b:00:00:0
124AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00102030405060708090a0b0c0d0e0f6:80:80:0
125AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0020406080a0c0e10121416181a1c1ed:00:00:0
126AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:004080c1014181c2024282c3034383da:80:00:0
127AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:008101820283038404850586068707b4:80:00:0
128AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f68:80:80:0
129AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:020406080a0c0e10121416181a1c1ed1:80:00:0
130AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:04080c1014181c2024282c3034383da2:00:80:0
131AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:08101820283038404850586068707b45:00:80:0
132AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:102030405060708090a0b0c0d0e0f68b:00:00:0
133AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:20406080a0c0e10121416181a1c1ed16:00:00:0
134AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:4080c1014181c2024282c3034383da2c:00:80:0
135AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:8101820283038404850586068707b459:80:80:0
136# all of the above packed into one...
137# in: 0110 1000 1011 0011 = 68b3
138# out: 0110 1011 1100 0001 = 6bc1
139AES-128-CFB1*8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1:68b3:0
140
141# TODO: CFB1-AES192 and 256
142
143# CFB8-AES128.Encrypt
144
145AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6b:3b:1
146AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f3b:c1:79:1
147AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:02030405060708090a0b0c0d0e0f3b79:be:42:1
148AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:030405060708090a0b0c0d0e0f3b7942:e2:4c:1
149AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0405060708090a0b0c0d0e0f3b79424c:2e:9c:1
150AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:05060708090a0b0c0d0e0f3b79424c9c:40:0d:1
151AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:060708090a0b0c0d0e0f3b79424c9c0d:9f:d4:1
152AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0708090a0b0c0d0e0f3b79424c9c0dd4:96:36:1
153AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:08090a0b0c0d0e0f3b79424c9c0dd436:e9:ba:1
154AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:090a0b0c0d0e0f3b79424c9c0dd436ba:3d:ce:1
155AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0a0b0c0d0e0f3b79424c9c0dd436bace:7e:9e:1
156AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0b0c0d0e0f3b79424c9c0dd436bace9e:11:0e:1
157AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0c0d0e0f3b79424c9c0dd436bace9e0e:73:d4:1
158AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0d0e0f3b79424c9c0dd436bace9e0ed4:93:58:1
159AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0e0f3b79424c9c0dd436bace9e0ed458:17:6a:1
160AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0f3b79424c9c0dd436bace9e0ed4586a:2a:4f:1
161AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:3b79424c9c0dd436bace9e0ed4586a4f:ae:32:1
162AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:79424c9c0dd436bace9e0ed4586a4f32:2d:b9:1
163# all of the above packed into one
164AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1bee22e409f96e93d7e117393172aae2d:3b79424c9c0dd436bace9e0ed4586a4f32b9:1
165
166# CFB8-AES128.Decrypt
167
168AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6b:3b:0
169AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f3b:c1:79:0
170AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:02030405060708090a0b0c0d0e0f3b79:be:42:0
171AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:030405060708090a0b0c0d0e0f3b7942:e2:4c:0
172AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0405060708090a0b0c0d0e0f3b79424c:2e:9c:0
173AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:05060708090a0b0c0d0e0f3b79424c9c:40:0d:0
174AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:060708090a0b0c0d0e0f3b79424c9c0d:9f:d4:0
175AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0708090a0b0c0d0e0f3b79424c9c0dd4:96:36:0
176AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:08090a0b0c0d0e0f3b79424c9c0dd436:e9:ba:0
177AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:090a0b0c0d0e0f3b79424c9c0dd436ba:3d:ce:0
178AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0a0b0c0d0e0f3b79424c9c0dd436bace:7e:9e:0
179AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0b0c0d0e0f3b79424c9c0dd436bace9e:11:0e:0
180AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0c0d0e0f3b79424c9c0dd436bace9e0e:73:d4:0
181AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0d0e0f3b79424c9c0dd436bace9e0ed4:93:58:0
182AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0e0f3b79424c9c0dd436bace9e0ed458:17:6a:0
183AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0f3b79424c9c0dd436bace9e0ed4586a:2a:4f:0
184AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:3b79424c9c0dd436bace9e0ed4586a4f:ae:32:0
185AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:79424c9c0dd436bace9e0ed4586a4f32:2d:b9:0
186# all of the above packed into one
187AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1bee22e409f96e93d7e117393172aae2d:3b79424c9c0dd436bace9e0ed4586a4f32b9:0
188
189# TODO: 192 and 256 bit keys
190
191# For all CFB128 encrypts and decrypts, the transformed sequence is 96# For all CFB128 encrypts and decrypts, the transformed sequence is
192# AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec 97# AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
193# CFB128-AES128.Encrypt 98# CFB128-AES128.Encrypt
@@ -269,16 +174,6 @@ DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363
269# DES EDE3 CBC tests (from destest) 174# DES EDE3 CBC tests (from destest)
270DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 175DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
271 176
272# DES CFB1 from FIPS 81
273# plaintext: 0100 1110 0110 1111 0111 0111 = 4e6f77
274# ciphertext: 1100 1101 0001 1110 1100 1001 = cd1ec9
275
276DES-CFB1*8:0123456789abcdef:1234567890abcdef:4e6f77:cd1ec9
277
278# DES CFB8 from FIPS 81
279
280DES-CFB8:0123456789abcdef:1234567890abcdef:4e6f7720697320746865:f31fda07011462ee187f
281
282# RC4 tests (from rc4test) 177# RC4 tests (from rc4test)
283RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596 178RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596
284RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879 179RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879
@@ -286,3 +181,141 @@ RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a
286RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858 181RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858
287RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf 182RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf
288RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61 183RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61
184
185
186# Camellia tests from RFC3713
187# For all ECB encrypts and decrypts, the transformed sequence is
188# CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec
189CAMELLIA-128-ECB:0123456789abcdeffedcba9876543210::0123456789abcdeffedcba9876543210:67673138549669730857065648eabe43
190CAMELLIA-192-ECB:0123456789abcdeffedcba98765432100011223344556677::0123456789abcdeffedcba9876543210:b4993401b3e996f84ee5cee7d79b09b9
191CAMELLIA-256-ECB:0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff::0123456789abcdeffedcba9876543210:9acc237dff16d76c20ef7c919e3a7509
192
193# ECB-CAMELLIA128.Encrypt
194CAMELLIA-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:77CF412067AF8270613529149919546F:1
195CAMELLIA-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:B22F3C36B72D31329EEE8ADDC2906C68:1
196CAMELLIA-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:2EDF1F3418D53B88841FC8985FB1ECF2:1
197
198# ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt
199CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:432FC5DCD628115B7C388D770B270C96
200CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:0BE1F14023782A22E8384C5ABB7FAB2B
201CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:A0A1ABCD1893AB6FE0FE5B65DF5F8636
202CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:E61925E0D5DFAA9BB29F815B3076E51A
203
204# ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt
205CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:CCCC6C4E138B45848514D48D0D3439D3
206CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:5713C62C14B2EC0F8393B6AFD6F5785A
207CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:B40ED2B60EB54D09D030CF511FEEF366
208CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:909DBD95799096748CB27357E73E1D26
209
210# ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt
211CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:BEFD219B112FA00098919CD101C9CCFA
212CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:C91D3A8F1AEA08A9386CF4B66C0169EA
213CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:A623D711DC5F25A51BB8A80D56397D28
214CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:7960109FB6DC42947FCFE59EA3C5EB6B
215
216# For all CBC encrypts and decrypts, the transformed sequence is
217# CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec
218# CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt
219CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:1607CF494B36BBF00DAEB0B503C831AB
220CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:1607CF494B36BBF00DAEB0B503C831AB:AE2D8A571E03AC9C9EB76FAC45AF8E51:A2F2CF671629EF7840C5A5DFB5074887
221CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:A2F2CF671629EF7840C5A5DFB5074887:30C81C46A35CE411E5FBC1191A0A52EF:0F06165008CF8B8B5A63586362543E54
222CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:36A84CDAFD5F9A85ADA0F0A993D6D577:F69F2445DF4F9B17AD2B417BE66C3710:74C64268CDB8B8FAF5B34E8AF3732980
223
224# CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt
225CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:2A4830AB5AC4A1A2405955FD2195CF93
226CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2A4830AB5AC4A1A2405955FD2195CF93:AE2D8A571E03AC9C9EB76FAC45AF8E51:5D5A869BD14CE54264F892A6DD2EC3D5
227CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:5D5A869BD14CE54264F892A6DD2EC3D5:30C81C46A35CE411E5FBC1191A0A52EF:37D359C3349836D884E310ADDF68C449
228CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:37D359C3349836D884E310ADDF68C449:F69F2445DF4F9B17AD2B417BE66C3710:01FAAA930B4AB9916E9668E1428C6B08
229
230# CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt
231CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:E6CFA35FC02B134A4D2C0B6737AC3EDA
232CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E6CFA35FC02B134A4D2C0B6737AC3EDA:AE2D8A571E03AC9C9EB76FAC45AF8E51:36CBEB73BD504B4070B1B7DE2B21EB50
233CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:36CBEB73BD504B4070B1B7DE2B21EB50:30C81C46A35CE411E5FBC1191A0A52EF:E31A6055297D96CA3330CDF1B1860A83
234CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E31A6055297D96CA3330CDF1B1860A83:F69F2445DF4F9B17AD2B417BE66C3710:5D563F6D1CCCF236051C0C5C1C58F28F
235
236# We don't support CFB{1,8}-CAMELLIAxxx.{En,De}crypt
237# For all CFB128 encrypts and decrypts, the transformed sequence is
238# CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
239# CFB128-CAMELLIA128.Encrypt
240CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1
241CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:1
242CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:1
243CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:1
244
245# CFB128-CAMELLIA128.Decrypt
246CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0
247CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:0
248CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:0
249CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:0
250
251# CFB128-CAMELLIA192.Encrypt
252CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1
253CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:1
254CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:1
255CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:1
256
257# CFB128-CAMELLIA192.Decrypt
258CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0
259CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:0
260CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:0
261CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:0
262
263# CFB128-CAMELLIA256.Encrypt
264CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1
265CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:1
266CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:1
267CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:1
268
269# CFB128-CAMELLIA256.Decrypt
270CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0
271CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:0
272CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:0
273CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:0
274
275# For all OFB encrypts and decrypts, the transformed sequence is
276# CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec
277# OFB-CAMELLIA128.Encrypt
278CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1
279CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:1
280CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:1
281CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:1
282
283# OFB-CAMELLIA128.Decrypt
284CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0
285CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:0
286CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:0
287CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:0
288
289# OFB-CAMELLIA192.Encrypt
290CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1
291CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:1
292CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:1
293CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:1
294
295# OFB-CAMELLIA192.Decrypt
296CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0
297CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:0
298CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:0
299CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:0
300
301# OFB-CAMELLIA256.Encrypt
302CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1
303CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:1
304CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:1
305CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:1
306
307# OFB-CAMELLIA256.Decrypt
308CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0
309CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:0
310CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:0
311CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:0
312
313# SEED test vectors from RFC4269
314SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:0
315SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:0
316SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:0
317SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:0
318SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:1
319SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1
320SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1
321SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:1
diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c
index d393eb3400..a948c77fa4 100644
--- a/src/lib/libcrypto/evp/m_dss.c
+++ b/src/lib/libcrypto/evp/m_dss.c
@@ -61,12 +61,16 @@
61#include <openssl/evp.h> 61#include <openssl/evp.h>
62#include <openssl/objects.h> 62#include <openssl/objects.h>
63#include <openssl/x509.h> 63#include <openssl/x509.h>
64#ifndef OPENSSL_NO_DSA
65#include <openssl/dsa.h>
66#endif
64 67
65#ifndef OPENSSL_NO_SHA 68#ifndef OPENSSL_NO_SHA
69
66static int init(EVP_MD_CTX *ctx) 70static int init(EVP_MD_CTX *ctx)
67 { return SHA1_Init(ctx->md_data); } 71 { return SHA1_Init(ctx->md_data); }
68 72
69static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) 73static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
70 { return SHA1_Update(ctx->md_data,data,count); } 74 { return SHA1_Update(ctx->md_data,data,count); }
71 75
72static int final(EVP_MD_CTX *ctx,unsigned char *md) 76static int final(EVP_MD_CTX *ctx,unsigned char *md)
@@ -77,7 +81,7 @@ static const EVP_MD dsa_md=
77 NID_dsaWithSHA, 81 NID_dsaWithSHA,
78 NID_dsaWithSHA, 82 NID_dsaWithSHA,
79 SHA_DIGEST_LENGTH, 83 SHA_DIGEST_LENGTH,
80 EVP_MD_FLAG_FIPS, 84 0,
81 init, 85 init,
82 update, 86 update,
83 final, 87 final,
diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c
index 23b90d0538..c12e13972b 100644
--- a/src/lib/libcrypto/evp/m_dss1.c
+++ b/src/lib/libcrypto/evp/m_dss1.c
@@ -56,25 +56,23 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_SHA
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_SHA
63
62#include <openssl/evp.h> 64#include <openssl/evp.h>
63#include <openssl/objects.h> 65#include <openssl/objects.h>
64#include <openssl/x509.h> 66#include <openssl/x509.h>
67#ifndef OPENSSL_NO_DSA
68#include <openssl/dsa.h>
69#endif
65 70
66static int init(EVP_MD_CTX *ctx) 71static int init(EVP_MD_CTX *ctx)
67 { return SHA1_Init(ctx->md_data); } 72 { return SHA1_Init(ctx->md_data); }
68 73
69static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) 74static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
70#ifndef OPENSSL_FIPS
71 { return SHA1_Update(ctx->md_data,data,count); } 75 { return SHA1_Update(ctx->md_data,data,count); }
72#else
73 {
74 OPENSSL_assert(sizeof(count)<=sizeof(size_t));
75 return SHA1_Update(ctx->md_data,data,count);
76 }
77#endif
78 76
79static int final(EVP_MD_CTX *ctx,unsigned char *md) 77static int final(EVP_MD_CTX *ctx,unsigned char *md)
80 { return SHA1_Final(md,ctx->md_data); } 78 { return SHA1_Final(md,ctx->md_data); }
@@ -84,7 +82,7 @@ static const EVP_MD dss1_md=
84 NID_dsa, 82 NID_dsa,
85 NID_dsaWithSHA1, 83 NID_dsaWithSHA1,
86 SHA_DIGEST_LENGTH, 84 SHA_DIGEST_LENGTH,
87 EVP_MD_FLAG_FIPS, 85 0,
88 init, 86 init,
89 update, 87 update,
90 final, 88 final,
diff --git a/src/lib/libcrypto/evp/m_md2.c b/src/lib/libcrypto/evp/m_md2.c
index 0df48e5199..5ce849f161 100644
--- a/src/lib/libcrypto/evp/m_md2.c
+++ b/src/lib/libcrypto/evp/m_md2.c
@@ -56,19 +56,23 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_MD2
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_MD2
63
62#include <openssl/evp.h> 64#include <openssl/evp.h>
63#include "evp_locl.h"
64#include <openssl/objects.h> 65#include <openssl/objects.h>
65#include <openssl/x509.h> 66#include <openssl/x509.h>
66#include <openssl/md2.h> 67#include <openssl/md2.h>
68#ifndef OPENSSL_NO_RSA
69#include <openssl/rsa.h>
70#endif
67 71
68static int init(EVP_MD_CTX *ctx) 72static int init(EVP_MD_CTX *ctx)
69 { return MD2_Init(ctx->md_data); } 73 { return MD2_Init(ctx->md_data); }
70 74
71static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) 75static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
72 { return MD2_Update(ctx->md_data,data,count); } 76 { return MD2_Update(ctx->md_data,data,count); }
73 77
74static int final(EVP_MD_CTX *ctx,unsigned char *md) 78static int final(EVP_MD_CTX *ctx,unsigned char *md)
diff --git a/src/lib/libcrypto/evp/m_md4.c b/src/lib/libcrypto/evp/m_md4.c
index 0605e4b707..1e0b7c5b42 100644
--- a/src/lib/libcrypto/evp/m_md4.c
+++ b/src/lib/libcrypto/evp/m_md4.c
@@ -56,19 +56,23 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_MD4
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_MD4
63
62#include <openssl/evp.h> 64#include <openssl/evp.h>
63#include "evp_locl.h"
64#include <openssl/objects.h> 65#include <openssl/objects.h>
65#include <openssl/x509.h> 66#include <openssl/x509.h>
66#include <openssl/md4.h> 67#include <openssl/md4.h>
68#ifndef OPENSSL_NO_RSA
69#include <openssl/rsa.h>
70#endif
67 71
68static int init(EVP_MD_CTX *ctx) 72static int init(EVP_MD_CTX *ctx)
69 { return MD4_Init(ctx->md_data); } 73 { return MD4_Init(ctx->md_data); }
70 74
71static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) 75static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
72 { return MD4_Update(ctx->md_data,data,count); } 76 { return MD4_Update(ctx->md_data,data,count); }
73 77
74static int final(EVP_MD_CTX *ctx,unsigned char *md) 78static int final(EVP_MD_CTX *ctx,unsigned char *md)
diff --git a/src/lib/libcrypto/evp/m_md5.c b/src/lib/libcrypto/evp/m_md5.c
index 752615d473..63c142119e 100644
--- a/src/lib/libcrypto/evp/m_md5.c
+++ b/src/lib/libcrypto/evp/m_md5.c
@@ -56,19 +56,23 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_MD5
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_MD5
63
62#include <openssl/evp.h> 64#include <openssl/evp.h>
63#include "evp_locl.h"
64#include <openssl/objects.h> 65#include <openssl/objects.h>
65#include <openssl/x509.h> 66#include <openssl/x509.h>
66#include <openssl/md5.h> 67#include <openssl/md5.h>
68#ifndef OPENSSL_NO_RSA
69#include <openssl/rsa.h>
70#endif
67 71
68static int init(EVP_MD_CTX *ctx) 72static int init(EVP_MD_CTX *ctx)
69 { return MD5_Init(ctx->md_data); } 73 { return MD5_Init(ctx->md_data); }
70 74
71static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) 75static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
72 { return MD5_Update(ctx->md_data,data,count); } 76 { return MD5_Update(ctx->md_data,data,count); }
73 77
74static int final(EVP_MD_CTX *ctx,unsigned char *md) 78static int final(EVP_MD_CTX *ctx,unsigned char *md)
diff --git a/src/lib/libcrypto/evp/m_mdc2.c b/src/lib/libcrypto/evp/m_mdc2.c
index 62de1336b8..36c4e9b134 100644
--- a/src/lib/libcrypto/evp/m_mdc2.c
+++ b/src/lib/libcrypto/evp/m_mdc2.c
@@ -56,19 +56,21 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_MDC2
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_MDC2
63
62#include <openssl/evp.h> 64#include <openssl/evp.h>
63#include "evp_locl.h"
64#include <openssl/objects.h> 65#include <openssl/objects.h>
65#include <openssl/x509.h> 66#include <openssl/x509.h>
66#include <openssl/mdc2.h> 67#include <openssl/mdc2.h>
68#include <openssl/rsa.h>
67 69
68static int init(EVP_MD_CTX *ctx) 70static int init(EVP_MD_CTX *ctx)
69 { return MDC2_Init(ctx->md_data); } 71 { return MDC2_Init(ctx->md_data); }
70 72
71static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) 73static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
72 { return MDC2_Update(ctx->md_data,data,count); } 74 { return MDC2_Update(ctx->md_data,data,count); }
73 75
74static int final(EVP_MD_CTX *ctx,unsigned char *md) 76static int final(EVP_MD_CTX *ctx,unsigned char *md)
diff --git a/src/lib/libcrypto/evp/m_null.c b/src/lib/libcrypto/evp/m_null.c
index f6f0a1d2c0..cb0721699d 100644
--- a/src/lib/libcrypto/evp/m_null.c
+++ b/src/lib/libcrypto/evp/m_null.c
@@ -65,7 +65,7 @@
65static int init(EVP_MD_CTX *ctx) 65static int init(EVP_MD_CTX *ctx)
66 { return 1; } 66 { return 1; }
67 67
68static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) 68static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
69 { return 1; } 69 { return 1; }
70 70
71static int final(EVP_MD_CTX *ctx,unsigned char *md) 71static int final(EVP_MD_CTX *ctx,unsigned char *md)
diff --git a/src/lib/libcrypto/evp/m_ripemd.c b/src/lib/libcrypto/evp/m_ripemd.c
index 64725528dc..a1d60ee78d 100644
--- a/src/lib/libcrypto/evp/m_ripemd.c
+++ b/src/lib/libcrypto/evp/m_ripemd.c
@@ -56,18 +56,23 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_RIPEMD
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_RIPEMD
63
62#include <openssl/ripemd.h> 64#include <openssl/ripemd.h>
63#include <openssl/evp.h> 65#include <openssl/evp.h>
64#include <openssl/objects.h> 66#include <openssl/objects.h>
65#include <openssl/x509.h> 67#include <openssl/x509.h>
68#ifndef OPENSSL_NO_RSA
69#include <openssl/rsa.h>
70#endif
66 71
67static int init(EVP_MD_CTX *ctx) 72static int init(EVP_MD_CTX *ctx)
68 { return RIPEMD160_Init(ctx->md_data); } 73 { return RIPEMD160_Init(ctx->md_data); }
69 74
70static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) 75static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
71 { return RIPEMD160_Update(ctx->md_data,data,count); } 76 { return RIPEMD160_Update(ctx->md_data,data,count); }
72 77
73static int final(EVP_MD_CTX *ctx,unsigned char *md) 78static int final(EVP_MD_CTX *ctx,unsigned char *md)
diff --git a/src/lib/libcrypto/evp/m_sha.c b/src/lib/libcrypto/evp/m_sha.c
index ed54909b16..acccc8f92d 100644
--- a/src/lib/libcrypto/evp/m_sha.c
+++ b/src/lib/libcrypto/evp/m_sha.c
@@ -56,21 +56,22 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
62/* Including sha.h prior evp.h masks FIPS SHA declarations, but that's 61
63 * exactly what we want to achieve here... */ 62#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
64#include <openssl/sha.h> 63
65#include <openssl/evp.h> 64#include <openssl/evp.h>
66#include "evp_locl.h"
67#include <openssl/objects.h> 65#include <openssl/objects.h>
68#include <openssl/x509.h> 66#include <openssl/x509.h>
67#ifndef OPENSSL_NO_RSA
68#include <openssl/rsa.h>
69#endif
69 70
70static int init(EVP_MD_CTX *ctx) 71static int init(EVP_MD_CTX *ctx)
71 { return SHA_Init(ctx->md_data); } 72 { return SHA_Init(ctx->md_data); }
72 73
73static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) 74static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
74 { return SHA_Update(ctx->md_data,data,count); } 75 { return SHA_Update(ctx->md_data,data,count); }
75 76
76static int final(EVP_MD_CTX *ctx,unsigned char *md) 77static int final(EVP_MD_CTX *ctx,unsigned char *md)
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c
index 60da93873c..4679b1c463 100644
--- a/src/lib/libcrypto/evp/m_sha1.c
+++ b/src/lib/libcrypto/evp/m_sha1.c
@@ -56,25 +56,23 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_SHA
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_SHA
63
62#include <openssl/evp.h> 64#include <openssl/evp.h>
63#include <openssl/objects.h> 65#include <openssl/objects.h>
64#include <openssl/x509.h> 66#include <openssl/x509.h>
67#ifndef OPENSSL_NO_RSA
68#include <openssl/rsa.h>
69#endif
65 70
66static int init(EVP_MD_CTX *ctx) 71static int init(EVP_MD_CTX *ctx)
67 { return SHA1_Init(ctx->md_data); } 72 { return SHA1_Init(ctx->md_data); }
68 73
69static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) 74static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
70#ifndef OPENSSL_FIPS
71 { return SHA1_Update(ctx->md_data,data,count); } 75 { return SHA1_Update(ctx->md_data,data,count); }
72#else
73 {
74 OPENSSL_assert(sizeof(count)<=sizeof(size_t));
75 return SHA1_Update(ctx->md_data,data,count);
76 }
77#endif
78 76
79static int final(EVP_MD_CTX *ctx,unsigned char *md) 77static int final(EVP_MD_CTX *ctx,unsigned char *md)
80 { return SHA1_Final(md,ctx->md_data); } 78 { return SHA1_Final(md,ctx->md_data); }
@@ -84,7 +82,7 @@ static const EVP_MD sha1_md=
84 NID_sha1, 82 NID_sha1,
85 NID_sha1WithRSAEncryption, 83 NID_sha1WithRSAEncryption,
86 SHA_DIGEST_LENGTH, 84 SHA_DIGEST_LENGTH,
87 EVP_MD_FLAG_FIPS, 85 0,
88 init, 86 init,
89 update, 87 update,
90 final, 88 final,
@@ -101,7 +99,6 @@ const EVP_MD *EVP_sha1(void)
101 } 99 }
102#endif 100#endif
103 101
104#ifdef OPENSSL_FIPS
105#ifndef OPENSSL_NO_SHA256 102#ifndef OPENSSL_NO_SHA256
106static int init224(EVP_MD_CTX *ctx) 103static int init224(EVP_MD_CTX *ctx)
107 { return SHA224_Init(ctx->md_data); } 104 { return SHA224_Init(ctx->md_data); }
@@ -112,11 +109,8 @@ static int init256(EVP_MD_CTX *ctx)
112 * SHA256 functions even in SHA224 context. This is what happens 109 * SHA256 functions even in SHA224 context. This is what happens
113 * there anyway, so we can spare few CPU cycles:-) 110 * there anyway, so we can spare few CPU cycles:-)
114 */ 111 */
115static int update256(EVP_MD_CTX *ctx,const void *data,unsigned long count) 112static int update256(EVP_MD_CTX *ctx,const void *data,size_t count)
116 { 113 { return SHA256_Update(ctx->md_data,data,count); }
117 OPENSSL_assert(sizeof(count)<=sizeof(size_t));
118 return SHA256_Update(ctx->md_data,data,count);
119 }
120static int final256(EVP_MD_CTX *ctx,unsigned char *md) 114static int final256(EVP_MD_CTX *ctx,unsigned char *md)
121 { return SHA256_Final(md,ctx->md_data); } 115 { return SHA256_Final(md,ctx->md_data); }
122 116
@@ -125,7 +119,7 @@ static const EVP_MD sha224_md=
125 NID_sha224, 119 NID_sha224,
126 NID_sha224WithRSAEncryption, 120 NID_sha224WithRSAEncryption,
127 SHA224_DIGEST_LENGTH, 121 SHA224_DIGEST_LENGTH,
128 EVP_MD_FLAG_FIPS, 122 0,
129 init224, 123 init224,
130 update256, 124 update256,
131 final256, 125 final256,
@@ -144,7 +138,7 @@ static const EVP_MD sha256_md=
144 NID_sha256, 138 NID_sha256,
145 NID_sha256WithRSAEncryption, 139 NID_sha256WithRSAEncryption,
146 SHA256_DIGEST_LENGTH, 140 SHA256_DIGEST_LENGTH,
147 EVP_MD_FLAG_FIPS, 141 0,
148 init256, 142 init256,
149 update256, 143 update256,
150 final256, 144 final256,
@@ -157,7 +151,7 @@ static const EVP_MD sha256_md=
157 151
158const EVP_MD *EVP_sha256(void) 152const EVP_MD *EVP_sha256(void)
159 { return(&sha256_md); } 153 { return(&sha256_md); }
160#endif /* ifndef OPENSSL_NO_SHA256 */ 154#endif /* ifndef OPENSSL_NO_SHA256 */
161 155
162#ifndef OPENSSL_NO_SHA512 156#ifndef OPENSSL_NO_SHA512
163static int init384(EVP_MD_CTX *ctx) 157static int init384(EVP_MD_CTX *ctx)
@@ -165,11 +159,8 @@ static int init384(EVP_MD_CTX *ctx)
165static int init512(EVP_MD_CTX *ctx) 159static int init512(EVP_MD_CTX *ctx)
166 { return SHA512_Init(ctx->md_data); } 160 { return SHA512_Init(ctx->md_data); }
167/* See comment in SHA224/256 section */ 161/* See comment in SHA224/256 section */
168static int update512(EVP_MD_CTX *ctx,const void *data,unsigned long count) 162static int update512(EVP_MD_CTX *ctx,const void *data,size_t count)
169 { 163 { return SHA512_Update(ctx->md_data,data,count); }
170 OPENSSL_assert(sizeof(count)<=sizeof(size_t));
171 return SHA512_Update(ctx->md_data,data,count);
172 }
173static int final512(EVP_MD_CTX *ctx,unsigned char *md) 164static int final512(EVP_MD_CTX *ctx,unsigned char *md)
174 { return SHA512_Final(md,ctx->md_data); } 165 { return SHA512_Final(md,ctx->md_data); }
175 166
@@ -178,7 +169,7 @@ static const EVP_MD sha384_md=
178 NID_sha384, 169 NID_sha384,
179 NID_sha384WithRSAEncryption, 170 NID_sha384WithRSAEncryption,
180 SHA384_DIGEST_LENGTH, 171 SHA384_DIGEST_LENGTH,
181 EVP_MD_FLAG_FIPS, 172 0,
182 init384, 173 init384,
183 update512, 174 update512,
184 final512, 175 final512,
@@ -197,7 +188,7 @@ static const EVP_MD sha512_md=
197 NID_sha512, 188 NID_sha512,
198 NID_sha512WithRSAEncryption, 189 NID_sha512WithRSAEncryption,
199 SHA512_DIGEST_LENGTH, 190 SHA512_DIGEST_LENGTH,
200 EVP_MD_FLAG_FIPS, 191 0,
201 init512, 192 init512,
202 update512, 193 update512,
203 final512, 194 final512,
@@ -210,5 +201,4 @@ static const EVP_MD sha512_md=
210 201
211const EVP_MD *EVP_sha512(void) 202const EVP_MD *EVP_sha512(void)
212 { return(&sha512_md); } 203 { return(&sha512_md); }
213#endif /* ifndef OPENSSL_NO_SHA512 */ 204#endif /* ifndef OPENSSL_NO_SHA512 */
214#endif /* ifdef OPENSSL_FIPS */
diff --git a/src/lib/libcrypto/evp/names.c b/src/lib/libcrypto/evp/names.c
index 7712453046..88c1e780dd 100644
--- a/src/lib/libcrypto/evp/names.c
+++ b/src/lib/libcrypto/evp/names.c
@@ -61,17 +61,14 @@
61#include <openssl/evp.h> 61#include <openssl/evp.h>
62#include <openssl/objects.h> 62#include <openssl/objects.h>
63#include <openssl/x509.h> 63#include <openssl/x509.h>
64#ifdef OPENSSL_FIPS
65#include <openssl/fips.h>
66#endif
67 64
68int EVP_add_cipher(const EVP_CIPHER *c) 65int EVP_add_cipher(const EVP_CIPHER *c)
69 { 66 {
70 int r; 67 int r;
71 68
72 r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c); 69 r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
73 if (r == 0) return(0); 70 if (r == 0) return(0);
74 r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c); 71 r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
75 return(r); 72 return(r);
76 } 73 }
77 74
@@ -81,9 +78,9 @@ int EVP_add_digest(const EVP_MD *md)
81 const char *name; 78 const char *name;
82 79
83 name=OBJ_nid2sn(md->type); 80 name=OBJ_nid2sn(md->type);
84 r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(char *)md); 81 r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);
85 if (r == 0) return(0); 82 if (r == 0) return(0);
86 r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(char *)md); 83 r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md);
87 if (r == 0) return(0); 84 if (r == 0) return(0);
88 85
89 if (md->type != md->pkey_type) 86 if (md->type != md->pkey_type)
diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c
index a1874e83b2..48d50014a0 100644
--- a/src/lib/libcrypto/evp/p5_crpt.c
+++ b/src/lib/libcrypto/evp/p5_crpt.c
@@ -110,12 +110,18 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
110 int i; 110 int i;
111 PBEPARAM *pbe; 111 PBEPARAM *pbe;
112 int saltlen, iter; 112 int saltlen, iter;
113 unsigned char *salt, *pbuf; 113 unsigned char *salt;
114 const unsigned char *pbuf;
114 115
115 /* Extract useful info from parameter */ 116 /* Extract useful info from parameter */
117 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
118 param->value.sequence == NULL) {
119 EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
120 return 0;
121 }
122
116 pbuf = param->value.sequence->data; 123 pbuf = param->value.sequence->data;
117 if (!param || (param->type != V_ASN1_SEQUENCE) || 124 if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
118 !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
119 EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); 125 EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
120 return 0; 126 return 0;
121 } 127 }
@@ -140,7 +146,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
140 EVP_DigestFinal_ex (&ctx, md_tmp, NULL); 146 EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
141 } 147 }
142 EVP_MD_CTX_cleanup(&ctx); 148 EVP_MD_CTX_cleanup(&ctx);
143 OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp); 149 OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));
144 memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); 150 memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
145 OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); 151 OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
146 memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), 152 memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
index 1d5fabc4b2..c969d5a206 100644
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -55,10 +55,10 @@
55 * Hudson (tjh@cryptsoft.com). 55 * Hudson (tjh@cryptsoft.com).
56 * 56 *
57 */ 57 */
58#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
59#include <stdio.h> 58#include <stdio.h>
60#include <stdlib.h> 59#include <stdlib.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63#include <openssl/evp.h> 63#include <openssl/evp.h>
64#include <openssl/hmac.h> 64#include <openssl/hmac.h>
@@ -77,7 +77,7 @@
77 */ 77 */
78 78
79int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, 79int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
80 unsigned char *salt, int saltlen, int iter, 80 const unsigned char *salt, int saltlen, int iter,
81 int keylen, unsigned char *out) 81 int keylen, unsigned char *out)
82{ 82{
83 unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; 83 unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4];
@@ -148,16 +148,23 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
148 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, 148 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md,
149 int en_de) 149 int en_de)
150{ 150{
151 unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH]; 151 unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
152 int saltlen, keylen, iter, plen; 152 const unsigned char *pbuf;
153 int saltlen, iter, plen;
154 unsigned int keylen;
153 PBE2PARAM *pbe2 = NULL; 155 PBE2PARAM *pbe2 = NULL;
154 const EVP_CIPHER *cipher; 156 const EVP_CIPHER *cipher;
155 PBKDF2PARAM *kdf = NULL; 157 PBKDF2PARAM *kdf = NULL;
156 158
159 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
160 param->value.sequence == NULL) {
161 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
162 return 0;
163 }
164
157 pbuf = param->value.sequence->data; 165 pbuf = param->value.sequence->data;
158 plen = param->value.sequence->length; 166 plen = param->value.sequence->length;
159 if(!param || (param->type != V_ASN1_SEQUENCE) || 167 if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
160 !(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
161 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); 168 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
162 return 0; 169 return 0;
163 } 170 }
@@ -213,7 +220,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
213 220
214 /* Now check the parameters of the kdf */ 221 /* Now check the parameters of the kdf */
215 222
216 if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != keylen)){ 223 if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){
217 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, 224 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
218 EVP_R_UNSUPPORTED_KEYLENGTH); 225 EVP_R_UNSUPPORTED_KEYLENGTH);
219 goto err; 226 goto err;
diff --git a/src/lib/libcrypto/evp/p_dec.c b/src/lib/libcrypto/evp/p_dec.c
index 8af620400e..f64901f653 100644
--- a/src/lib/libcrypto/evp/p_dec.c
+++ b/src/lib/libcrypto/evp/p_dec.c
@@ -66,7 +66,7 @@
66#include <openssl/objects.h> 66#include <openssl/objects.h>
67#include <openssl/x509.h> 67#include <openssl/x509.h>
68 68
69int EVP_PKEY_decrypt(unsigned char *key, unsigned char *ek, int ekl, 69int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl,
70 EVP_PKEY *priv) 70 EVP_PKEY *priv)
71 { 71 {
72 int ret= -1; 72 int ret= -1;
diff --git a/src/lib/libcrypto/evp/p_enc.c b/src/lib/libcrypto/evp/p_enc.c
index 656883b996..c2dfdc52ad 100644
--- a/src/lib/libcrypto/evp/p_enc.c
+++ b/src/lib/libcrypto/evp/p_enc.c
@@ -66,7 +66,7 @@
66#include <openssl/objects.h> 66#include <openssl/objects.h>
67#include <openssl/x509.h> 67#include <openssl/x509.h>
68 68
69int EVP_PKEY_encrypt(unsigned char *ek, unsigned char *key, int key_len, 69int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len,
70 EVP_PKEY *pubk) 70 EVP_PKEY *pubk)
71 { 71 {
72 int ret=0; 72 int ret=0;
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c
index 215b94292a..22155ecf62 100644
--- a/src/lib/libcrypto/evp/p_lib.c
+++ b/src/lib/libcrypto/evp/p_lib.c
@@ -58,24 +58,60 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/err.h>
61#include <openssl/objects.h> 63#include <openssl/objects.h>
62#include <openssl/evp.h> 64#include <openssl/evp.h>
63#include <openssl/asn1_mac.h> 65#include <openssl/asn1_mac.h>
64#include <openssl/x509.h> 66#include <openssl/x509.h>
67#ifndef OPENSSL_NO_RSA
68#include <openssl/rsa.h>
69#endif
70#ifndef OPENSSL_NO_DSA
71#include <openssl/dsa.h>
72#endif
73#ifndef OPENSSL_NO_DH
74#include <openssl/dh.h>
75#endif
65 76
66static void EVP_PKEY_free_it(EVP_PKEY *x); 77static void EVP_PKEY_free_it(EVP_PKEY *x);
67 78
68int EVP_PKEY_bits(EVP_PKEY *pkey) 79int EVP_PKEY_bits(EVP_PKEY *pkey)
69 { 80 {
81 if (0)
82 return 0;
70#ifndef OPENSSL_NO_RSA 83#ifndef OPENSSL_NO_RSA
71 if (pkey->type == EVP_PKEY_RSA) 84 else if (pkey->type == EVP_PKEY_RSA)
72 return(BN_num_bits(pkey->pkey.rsa->n)); 85 return(BN_num_bits(pkey->pkey.rsa->n));
73 else
74#endif 86#endif
75#ifndef OPENSSL_NO_DSA 87#ifndef OPENSSL_NO_DSA
76 if (pkey->type == EVP_PKEY_DSA) 88 else if (pkey->type == EVP_PKEY_DSA)
77 return(BN_num_bits(pkey->pkey.dsa->p)); 89 return(BN_num_bits(pkey->pkey.dsa->p));
78#endif 90#endif
91#ifndef OPENSSL_NO_EC
92 else if (pkey->type == EVP_PKEY_EC)
93 {
94 BIGNUM *order = BN_new();
95 const EC_GROUP *group;
96 int ret;
97
98 if (!order)
99 {
100 ERR_clear_error();
101 return 0;
102 }
103 group = EC_KEY_get0_group(pkey->pkey.ec);
104 if (!EC_GROUP_get_order(group, order, NULL))
105 {
106 ERR_clear_error();
107 return 0;
108 }
109
110 ret = BN_num_bits(order);
111 BN_free(order);
112 return ret;
113 }
114#endif
79 return(0); 115 return(0);
80 } 116 }
81 117
@@ -92,6 +128,11 @@ int EVP_PKEY_size(EVP_PKEY *pkey)
92 if (pkey->type == EVP_PKEY_DSA) 128 if (pkey->type == EVP_PKEY_DSA)
93 return(DSA_size(pkey->pkey.dsa)); 129 return(DSA_size(pkey->pkey.dsa));
94#endif 130#endif
131#ifndef OPENSSL_NO_ECDSA
132 if (pkey->type == EVP_PKEY_EC)
133 return(ECDSA_size(pkey->pkey.ec));
134#endif
135
95 return(0); 136 return(0);
96 } 137 }
97 138
@@ -107,10 +148,20 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
107 return(ret); 148 return(ret);
108 } 149 }
109#endif 150#endif
151#ifndef OPENSSL_NO_EC
152 if (pkey->type == EVP_PKEY_EC)
153 {
154 int ret = pkey->save_parameters;
155
156 if (mode >= 0)
157 pkey->save_parameters = mode;
158 return(ret);
159 }
160#endif
110 return(0); 161 return(0);
111 } 162 }
112 163
113int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from) 164int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
114 { 165 {
115 if (to->type != from->type) 166 if (to->type != from->type)
116 { 167 {
@@ -141,12 +192,23 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from)
141 to->pkey.dsa->g=a; 192 to->pkey.dsa->g=a;
142 } 193 }
143#endif 194#endif
195#ifndef OPENSSL_NO_EC
196 if (to->type == EVP_PKEY_EC)
197 {
198 EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
199 if (group == NULL)
200 goto err;
201 if (EC_KEY_set_group(to->pkey.ec, group) == 0)
202 goto err;
203 EC_GROUP_free(group);
204 }
205#endif
144 return(1); 206 return(1);
145err: 207err:
146 return(0); 208 return(0);
147 } 209 }
148 210
149int EVP_PKEY_missing_parameters(EVP_PKEY *pkey) 211int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
150 { 212 {
151#ifndef OPENSSL_NO_DSA 213#ifndef OPENSSL_NO_DSA
152 if (pkey->type == EVP_PKEY_DSA) 214 if (pkey->type == EVP_PKEY_DSA)
@@ -158,10 +220,18 @@ int EVP_PKEY_missing_parameters(EVP_PKEY *pkey)
158 return(1); 220 return(1);
159 } 221 }
160#endif 222#endif
223#ifndef OPENSSL_NO_EC
224 if (pkey->type == EVP_PKEY_EC)
225 {
226 if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
227 return(1);
228 }
229#endif
230
161 return(0); 231 return(0);
162 } 232 }
163 233
164int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b) 234int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
165 { 235 {
166#ifndef OPENSSL_NO_DSA 236#ifndef OPENSSL_NO_DSA
167 if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) 237 if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA))
@@ -174,9 +244,72 @@ int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b)
174 return(1); 244 return(1);
175 } 245 }
176#endif 246#endif
247#ifndef OPENSSL_NO_EC
248 if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC)
249 {
250 const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
251 *group_b = EC_KEY_get0_group(b->pkey.ec);
252 if (EC_GROUP_cmp(group_a, group_b, NULL))
253 return 0;
254 else
255 return 1;
256 }
257#endif
177 return(-1); 258 return(-1);
178 } 259 }
179 260
261int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
262 {
263 if (a->type != b->type)
264 return -1;
265
266 if (EVP_PKEY_cmp_parameters(a, b) == 0)
267 return 0;
268
269 switch (a->type)
270 {
271#ifndef OPENSSL_NO_RSA
272 case EVP_PKEY_RSA:
273 if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0
274 || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0)
275 return 0;
276 break;
277#endif
278#ifndef OPENSSL_NO_DSA
279 case EVP_PKEY_DSA:
280 if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0)
281 return 0;
282 break;
283#endif
284#ifndef OPENSSL_NO_EC
285 case EVP_PKEY_EC:
286 {
287 int r;
288 const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
289 const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
290 *pb = EC_KEY_get0_public_key(b->pkey.ec);
291 r = EC_POINT_cmp(group, pa, pb, NULL);
292 if (r != 0)
293 {
294 if (r == 1)
295 return 0;
296 else
297 return -2;
298 }
299 }
300 break;
301#endif
302#ifndef OPENSSL_NO_DH
303 case EVP_PKEY_DH:
304 return -2;
305#endif
306 default:
307 return -2;
308 }
309
310 return 1;
311 }
312
180EVP_PKEY *EVP_PKEY_new(void) 313EVP_PKEY *EVP_PKEY_new(void)
181 { 314 {
182 EVP_PKEY *ret; 315 EVP_PKEY *ret;
@@ -246,6 +379,29 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
246} 379}
247#endif 380#endif
248 381
382#ifndef OPENSSL_NO_EC
383
384int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
385{
386 int ret = EVP_PKEY_assign_EC_KEY(pkey,key);
387 if (ret)
388 EC_KEY_up_ref(key);
389 return ret;
390}
391
392EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
393{
394 if (pkey->type != EVP_PKEY_EC)
395 {
396 EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
397 return NULL;
398 }
399 EC_KEY_up_ref(pkey->pkey.ec);
400 return pkey->pkey.ec;
401}
402#endif
403
404
249#ifndef OPENSSL_NO_DH 405#ifndef OPENSSL_NO_DH
250 406
251int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) 407int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
@@ -282,6 +438,8 @@ int EVP_PKEY_type(int type)
282 return(EVP_PKEY_DSA); 438 return(EVP_PKEY_DSA);
283 case EVP_PKEY_DH: 439 case EVP_PKEY_DH:
284 return(EVP_PKEY_DH); 440 return(EVP_PKEY_DH);
441 case EVP_PKEY_EC:
442 return(EVP_PKEY_EC);
285 default: 443 default:
286 return(NID_undef); 444 return(NID_undef);
287 } 445 }
@@ -306,6 +464,8 @@ void EVP_PKEY_free(EVP_PKEY *x)
306 } 464 }
307#endif 465#endif
308 EVP_PKEY_free_it(x); 466 EVP_PKEY_free_it(x);
467 if (x->attributes)
468 sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
309 OPENSSL_free(x); 469 OPENSSL_free(x);
310 } 470 }
311 471
@@ -327,6 +487,11 @@ static void EVP_PKEY_free_it(EVP_PKEY *x)
327 DSA_free(x->pkey.dsa); 487 DSA_free(x->pkey.dsa);
328 break; 488 break;
329#endif 489#endif
490#ifndef OPENSSL_NO_EC
491 case EVP_PKEY_EC:
492 EC_KEY_free(x->pkey.ec);
493 break;
494#endif
330#ifndef OPENSSL_NO_DH 495#ifndef OPENSSL_NO_DH
331 case EVP_PKEY_DH: 496 case EVP_PKEY_DH:
332 DH_free(x->pkey.dh); 497 DH_free(x->pkey.dh);
diff --git a/src/lib/libcrypto/evp/p_open.c b/src/lib/libcrypto/evp/p_open.c
index 5a933d1cda..9935206d0f 100644
--- a/src/lib/libcrypto/evp/p_open.c
+++ b/src/lib/libcrypto/evp/p_open.c
@@ -56,15 +56,19 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_RSA
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61
62#ifndef OPENSSL_NO_RSA
63
62#include <openssl/evp.h> 64#include <openssl/evp.h>
63#include <openssl/objects.h> 65#include <openssl/objects.h>
64#include <openssl/x509.h> 66#include <openssl/x509.h>
67#include <openssl/rsa.h>
65 68
66int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek, 69int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
67 int ekl, unsigned char *iv, EVP_PKEY *priv) 70 const unsigned char *ek, int ekl, const unsigned char *iv,
71 EVP_PKEY *priv)
68 { 72 {
69 unsigned char *key=NULL; 73 unsigned char *key=NULL;
70 int i,size=0,ret=0; 74 int i,size=0,ret=0;
diff --git a/src/lib/libcrypto/evp/p_seal.c b/src/lib/libcrypto/evp/p_seal.c
index 37e547fe72..8cc8fcb0bd 100644
--- a/src/lib/libcrypto/evp/p_seal.c
+++ b/src/lib/libcrypto/evp/p_seal.c
@@ -78,7 +78,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek
78 } 78 }
79 if ((npubk <= 0) || !pubk) 79 if ((npubk <= 0) || !pubk)
80 return 1; 80 return 1;
81 if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0) 81 if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
82 return 0; 82 return 0;
83 if (EVP_CIPHER_CTX_iv_length(ctx)) 83 if (EVP_CIPHER_CTX_iv_length(ctx))
84 RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx)); 84 RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx));
diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c
index d854d743a5..21a40a375e 100644
--- a/src/lib/libcrypto/evp/p_verify.c
+++ b/src/lib/libcrypto/evp/p_verify.c
@@ -62,7 +62,7 @@
62#include <openssl/objects.h> 62#include <openssl/objects.h>
63#include <openssl/x509.h> 63#include <openssl/x509.h>
64 64
65int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, 65int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
66 unsigned int siglen, EVP_PKEY *pkey) 66 unsigned int siglen, EVP_PKEY *pkey)
67 { 67 {
68 unsigned char m[EVP_MAX_MD_SIZE]; 68 unsigned char m[EVP_MAX_MD_SIZE];
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 07:00:00 +0000