diff options
Diffstat (limited to 'src/lib/libcrypto/evp')
43 files changed, 1428 insertions, 504 deletions
diff --git a/src/lib/libcrypto/evp/bio_b64.c b/src/lib/libcrypto/evp/bio_b64.c index 33349c2f98..fa5cbc7eb1 100644 --- a/src/lib/libcrypto/evp/bio_b64.c +++ b/src/lib/libcrypto/evp/bio_b64.c | |||
@@ -165,7 +165,7 @@ static int b64_read(BIO *b, char *out, int outl) | |||
165 | { | 165 | { |
166 | i=ctx->buf_len-ctx->buf_off; | 166 | i=ctx->buf_len-ctx->buf_off; |
167 | if (i > outl) i=outl; | 167 | if (i > outl) i=outl; |
168 | OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf); | 168 | OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf)); |
169 | memcpy(out,&(ctx->buf[ctx->buf_off]),i); | 169 | memcpy(out,&(ctx->buf[ctx->buf_off]),i); |
170 | ret=i; | 170 | ret=i; |
171 | out+=i; | 171 | out+=i; |
diff --git a/src/lib/libcrypto/evp/bio_enc.c b/src/lib/libcrypto/evp/bio_enc.c index b8cda1a9f0..f6ac94c6e1 100644 --- a/src/lib/libcrypto/evp/bio_enc.c +++ b/src/lib/libcrypto/evp/bio_enc.c | |||
@@ -405,8 +405,8 @@ EVP_CIPHER_ctx *c; | |||
405 | } | 405 | } |
406 | */ | 406 | */ |
407 | 407 | ||
408 | void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, unsigned char *k, | 408 | void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, |
409 | unsigned char *i, int e) | 409 | const unsigned char *i, int e) |
410 | { | 410 | { |
411 | BIO_ENC_CTX *ctx; | 411 | BIO_ENC_CTX *ctx; |
412 | 412 | ||
diff --git a/src/lib/libcrypto/evp/bio_md.c b/src/lib/libcrypto/evp/bio_md.c index f4aa41ac4b..d648ac6da6 100644 --- a/src/lib/libcrypto/evp/bio_md.c +++ b/src/lib/libcrypto/evp/bio_md.c | |||
@@ -153,7 +153,7 @@ static int md_write(BIO *b, const char *in, int inl) | |||
153 | { | 153 | { |
154 | if (ret > 0) | 154 | if (ret > 0) |
155 | { | 155 | { |
156 | EVP_DigestUpdate(ctx,(unsigned char *)in, | 156 | EVP_DigestUpdate(ctx,(const unsigned char *)in, |
157 | (unsigned int)ret); | 157 | (unsigned int)ret); |
158 | } | 158 | } |
159 | } | 159 | } |
@@ -192,8 +192,13 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
192 | ret=0; | 192 | ret=0; |
193 | break; | 193 | break; |
194 | case BIO_C_GET_MD_CTX: | 194 | case BIO_C_GET_MD_CTX: |
195 | pctx=ptr; | 195 | if (b->init) |
196 | *pctx=ctx; | 196 | { |
197 | pctx=ptr; | ||
198 | *pctx=ctx; | ||
199 | } | ||
200 | else | ||
201 | ret=0; | ||
197 | break; | 202 | break; |
198 | case BIO_C_SET_MD_CTX: | 203 | case BIO_C_SET_MD_CTX: |
199 | if (b->init) | 204 | if (b->init) |
diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c index fa60a73ead..a5da52e62d 100644 --- a/src/lib/libcrypto/evp/c_all.c +++ b/src/lib/libcrypto/evp/c_all.c | |||
@@ -74,6 +74,12 @@ void OpenSSL_add_all_algorithms(void) | |||
74 | 74 | ||
75 | void OPENSSL_add_all_algorithms_noconf(void) | 75 | void OPENSSL_add_all_algorithms_noconf(void) |
76 | { | 76 | { |
77 | /* | ||
78 | * For the moment OPENSSL_cpuid_setup does something | ||
79 | * only on IA-32, but we reserve the option for all | ||
80 | * platforms... | ||
81 | */ | ||
82 | OPENSSL_cpuid_setup(); | ||
77 | OpenSSL_add_all_ciphers(); | 83 | OpenSSL_add_all_ciphers(); |
78 | OpenSSL_add_all_digests(); | 84 | OpenSSL_add_all_digests(); |
79 | #ifndef OPENSSL_NO_ENGINE | 85 | #ifndef OPENSSL_NO_ENGINE |
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c index f21c63842c..762e6d3450 100644 --- a/src/lib/libcrypto/evp/digest.c +++ b/src/lib/libcrypto/evp/digest.c | |||
@@ -137,39 +137,6 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) | |||
137 | return EVP_DigestInit_ex(ctx, type, NULL); | 137 | return EVP_DigestInit_ex(ctx, type, NULL); |
138 | } | 138 | } |
139 | 139 | ||
140 | #ifdef OPENSSL_FIPS | ||
141 | |||
142 | /* The purpose of these is to trap programs that attempt to use non FIPS | ||
143 | * algorithms in FIPS mode and ignore the errors. | ||
144 | */ | ||
145 | |||
146 | static int bad_init(EVP_MD_CTX *ctx) | ||
147 | { FIPS_ERROR_IGNORED("Digest init"); return 0;} | ||
148 | |||
149 | static int bad_update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | ||
150 | { FIPS_ERROR_IGNORED("Digest update"); return 0;} | ||
151 | |||
152 | static int bad_final(EVP_MD_CTX *ctx,unsigned char *md) | ||
153 | { FIPS_ERROR_IGNORED("Digest Final"); return 0;} | ||
154 | |||
155 | static const EVP_MD bad_md = | ||
156 | { | ||
157 | 0, | ||
158 | 0, | ||
159 | 0, | ||
160 | 0, | ||
161 | bad_init, | ||
162 | bad_update, | ||
163 | bad_final, | ||
164 | NULL, | ||
165 | NULL, | ||
166 | NULL, | ||
167 | 0, | ||
168 | {0,0,0,0}, | ||
169 | }; | ||
170 | |||
171 | #endif | ||
172 | |||
173 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | 140 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) |
174 | { | 141 | { |
175 | EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); | 142 | EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); |
@@ -192,7 +159,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | |||
192 | { | 159 | { |
193 | if (!ENGINE_init(impl)) | 160 | if (!ENGINE_init(impl)) |
194 | { | 161 | { |
195 | EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); | 162 | EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); |
196 | return 0; | 163 | return 0; |
197 | } | 164 | } |
198 | } | 165 | } |
@@ -206,7 +173,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | |||
206 | if(!d) | 173 | if(!d) |
207 | { | 174 | { |
208 | /* Same comment from evp_enc.c */ | 175 | /* Same comment from evp_enc.c */ |
209 | EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); | 176 | EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); |
210 | return 0; | 177 | return 0; |
211 | } | 178 | } |
212 | /* We'll use the ENGINE's private digest definition */ | 179 | /* We'll use the ENGINE's private digest definition */ |
@@ -222,24 +189,12 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | |||
222 | else | 189 | else |
223 | if(!ctx->digest) | 190 | if(!ctx->digest) |
224 | { | 191 | { |
225 | EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET); | 192 | EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET); |
226 | return 0; | 193 | return 0; |
227 | } | 194 | } |
228 | #endif | 195 | #endif |
229 | if (ctx->digest != type) | 196 | if (ctx->digest != type) |
230 | { | 197 | { |
231 | #ifdef OPENSSL_FIPS | ||
232 | if (FIPS_mode()) | ||
233 | { | ||
234 | if (!(type->flags & EVP_MD_FLAG_FIPS) | ||
235 | && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) | ||
236 | { | ||
237 | EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS); | ||
238 | ctx->digest = &bad_md; | ||
239 | return 0; | ||
240 | } | ||
241 | } | ||
242 | #endif | ||
243 | if (ctx->digest && ctx->digest->ctx_size) | 198 | if (ctx->digest && ctx->digest->ctx_size) |
244 | OPENSSL_free(ctx->md_data); | 199 | OPENSSL_free(ctx->md_data); |
245 | ctx->digest=type; | 200 | ctx->digest=type; |
@@ -253,9 +208,9 @@ skip_to_init: | |||
253 | } | 208 | } |
254 | 209 | ||
255 | int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, | 210 | int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, |
256 | unsigned int count) | 211 | size_t count) |
257 | { | 212 | { |
258 | return ctx->digest->update(ctx,data,(unsigned long)count); | 213 | return ctx->digest->update(ctx,data,count); |
259 | } | 214 | } |
260 | 215 | ||
261 | /* The caller can assume that this removes any secret data from the context */ | 216 | /* The caller can assume that this removes any secret data from the context */ |
@@ -296,14 +251,14 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) | |||
296 | unsigned char *tmp_buf; | 251 | unsigned char *tmp_buf; |
297 | if ((in == NULL) || (in->digest == NULL)) | 252 | if ((in == NULL) || (in->digest == NULL)) |
298 | { | 253 | { |
299 | EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); | 254 | EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,EVP_R_INPUT_NOT_INITIALIZED); |
300 | return 0; | 255 | return 0; |
301 | } | 256 | } |
302 | #ifndef OPENSSL_NO_ENGINE | 257 | #ifndef OPENSSL_NO_ENGINE |
303 | /* Make sure it's safe to copy a digest context using an ENGINE */ | 258 | /* Make sure it's safe to copy a digest context using an ENGINE */ |
304 | if (in->engine && !ENGINE_init(in->engine)) | 259 | if (in->engine && !ENGINE_init(in->engine)) |
305 | { | 260 | { |
306 | EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB); | 261 | EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB); |
307 | return 0; | 262 | return 0; |
308 | } | 263 | } |
309 | #endif | 264 | #endif |
@@ -330,7 +285,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) | |||
330 | return 1; | 285 | return 1; |
331 | } | 286 | } |
332 | 287 | ||
333 | int EVP_Digest(void *data, unsigned int count, | 288 | int EVP_Digest(const void *data, size_t count, |
334 | unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) | 289 | unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) |
335 | { | 290 | { |
336 | EVP_MD_CTX ctx; | 291 | EVP_MD_CTX ctx; |
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c index 7b67984fa1..bd6c0a3a62 100644 --- a/src/lib/libcrypto/evp/e_aes.c +++ b/src/lib/libcrypto/evp/e_aes.c | |||
@@ -48,10 +48,12 @@ | |||
48 | * | 48 | * |
49 | */ | 49 | */ |
50 | 50 | ||
51 | #include <openssl/opensslconf.h> | ||
51 | #ifndef OPENSSL_NO_AES | 52 | #ifndef OPENSSL_NO_AES |
52 | #include <openssl/evp.h> | 53 | #include <openssl/evp.h> |
53 | #include <openssl/err.h> | 54 | #include <openssl/err.h> |
54 | #include <string.h> | 55 | #include <string.h> |
56 | #include <assert.h> | ||
55 | #include <openssl/aes.h> | 57 | #include <openssl/aes.h> |
56 | #include "evp_locl.h" | 58 | #include "evp_locl.h" |
57 | 59 | ||
@@ -67,32 +69,32 @@ typedef struct | |||
67 | 69 | ||
68 | IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, | 70 | IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, |
69 | NID_aes_128, 16, 16, 16, 128, | 71 | NID_aes_128, 16, 16, 16, 128, |
70 | EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, | 72 | 0, aes_init_key, NULL, |
71 | EVP_CIPHER_set_asn1_iv, | 73 | EVP_CIPHER_set_asn1_iv, |
72 | EVP_CIPHER_get_asn1_iv, | 74 | EVP_CIPHER_get_asn1_iv, |
73 | NULL) | 75 | NULL) |
74 | IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, | 76 | IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, |
75 | NID_aes_192, 16, 24, 16, 128, | 77 | NID_aes_192, 16, 24, 16, 128, |
76 | EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, | 78 | 0, aes_init_key, NULL, |
77 | EVP_CIPHER_set_asn1_iv, | 79 | EVP_CIPHER_set_asn1_iv, |
78 | EVP_CIPHER_get_asn1_iv, | 80 | EVP_CIPHER_get_asn1_iv, |
79 | NULL) | 81 | NULL) |
80 | IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, | 82 | IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, |
81 | NID_aes_256, 16, 32, 16, 128, | 83 | NID_aes_256, 16, 32, 16, 128, |
82 | EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, | 84 | 0, aes_init_key, NULL, |
83 | EVP_CIPHER_set_asn1_iv, | 85 | EVP_CIPHER_set_asn1_iv, |
84 | EVP_CIPHER_get_asn1_iv, | 86 | EVP_CIPHER_get_asn1_iv, |
85 | NULL) | 87 | NULL) |
86 | 88 | ||
87 | #define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags) | 89 | #define IMPLEMENT_AES_CFBR(ksize,cbits) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16) |
88 | 90 | ||
89 | IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS) | 91 | IMPLEMENT_AES_CFBR(128,1) |
90 | IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS) | 92 | IMPLEMENT_AES_CFBR(192,1) |
91 | IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS) | 93 | IMPLEMENT_AES_CFBR(256,1) |
92 | 94 | ||
93 | IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS) | 95 | IMPLEMENT_AES_CFBR(128,8) |
94 | IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS) | 96 | IMPLEMENT_AES_CFBR(192,8) |
95 | IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS) | 97 | IMPLEMENT_AES_CFBR(256,8) |
96 | 98 | ||
97 | static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 99 | static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
98 | const unsigned char *iv, int enc) | 100 | const unsigned char *iv, int enc) |
diff --git a/src/lib/libcrypto/evp/e_bf.c b/src/lib/libcrypto/evp/e_bf.c index e74337567b..cc224e5363 100644 --- a/src/lib/libcrypto/evp/e_bf.c +++ b/src/lib/libcrypto/evp/e_bf.c | |||
@@ -56,9 +56,9 @@ | |||
56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
57 | */ | 57 | */ |
58 | 58 | ||
59 | #ifndef OPENSSL_NO_BF | ||
60 | #include <stdio.h> | 59 | #include <stdio.h> |
61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
61 | #ifndef OPENSSL_NO_BF | ||
62 | #include <openssl/evp.h> | 62 | #include <openssl/evp.h> |
63 | #include "evp_locl.h" | 63 | #include "evp_locl.h" |
64 | #include <openssl/objects.h> | 64 | #include <openssl/objects.h> |
diff --git a/src/lib/libcrypto/evp/e_camellia.c b/src/lib/libcrypto/evp/e_camellia.c new file mode 100644 index 0000000000..a7b40d1c60 --- /dev/null +++ b/src/lib/libcrypto/evp/e_camellia.c | |||
@@ -0,0 +1,131 @@ | |||
1 | /* crypto/evp/e_camellia.c -*- mode:C; c-file-style: "eay" -*- */ | ||
2 | /* ==================================================================== | ||
3 | * Copyright (c) 2006 The OpenSSL Project. All rights reserved. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions | ||
7 | * are met: | ||
8 | * | ||
9 | * 1. Redistributions of source code must retain the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer. | ||
11 | * | ||
12 | * 2. Redistributions in binary form must reproduce the above copyright | ||
13 | * notice, this list of conditions and the following disclaimer in | ||
14 | * the documentation and/or other materials provided with the | ||
15 | * distribution. | ||
16 | * | ||
17 | * 3. All advertising materials mentioning features or use of this | ||
18 | * software must display the following acknowledgment: | ||
19 | * "This product includes software developed by the OpenSSL Project | ||
20 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
21 | * | ||
22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
23 | * endorse or promote products derived from this software without | ||
24 | * prior written permission. For written permission, please contact | ||
25 | * openssl-core@openssl.org. | ||
26 | * | ||
27 | * 5. Products derived from this software may not be called "OpenSSL" | ||
28 | * nor may "OpenSSL" appear in their names without prior written | ||
29 | * permission of the OpenSSL Project. | ||
30 | * | ||
31 | * 6. Redistributions of any form whatsoever must retain the following | ||
32 | * acknowledgment: | ||
33 | * "This product includes software developed by the OpenSSL Project | ||
34 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
35 | * | ||
36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
48 | * ==================================================================== | ||
49 | * | ||
50 | * This product includes cryptographic software written by Eric Young | ||
51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
52 | * Hudson (tjh@cryptsoft.com). | ||
53 | * | ||
54 | */ | ||
55 | |||
56 | #include <openssl/opensslconf.h> | ||
57 | #ifndef OPENSSL_NO_CAMELLIA | ||
58 | #include <openssl/evp.h> | ||
59 | #include <openssl/err.h> | ||
60 | #include <string.h> | ||
61 | #include <assert.h> | ||
62 | #include <openssl/camellia.h> | ||
63 | #include "evp_locl.h" | ||
64 | |||
65 | static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | ||
66 | const unsigned char *iv, int enc); | ||
67 | |||
68 | /* Camellia subkey Structure */ | ||
69 | typedef struct | ||
70 | { | ||
71 | CAMELLIA_KEY ks; | ||
72 | } EVP_CAMELLIA_KEY; | ||
73 | |||
74 | /* Attribute operation for Camellia */ | ||
75 | #define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY,ctx) | ||
76 | |||
77 | IMPLEMENT_BLOCK_CIPHER(camellia_128, ks, Camellia, EVP_CAMELLIA_KEY, | ||
78 | NID_camellia_128, 16, 16, 16, 128, | ||
79 | 0, camellia_init_key, NULL, | ||
80 | EVP_CIPHER_set_asn1_iv, | ||
81 | EVP_CIPHER_get_asn1_iv, | ||
82 | NULL) | ||
83 | IMPLEMENT_BLOCK_CIPHER(camellia_192, ks, Camellia, EVP_CAMELLIA_KEY, | ||
84 | NID_camellia_192, 16, 24, 16, 128, | ||
85 | 0, camellia_init_key, NULL, | ||
86 | EVP_CIPHER_set_asn1_iv, | ||
87 | EVP_CIPHER_get_asn1_iv, | ||
88 | NULL) | ||
89 | IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY, | ||
90 | NID_camellia_256, 16, 32, 16, 128, | ||
91 | 0, camellia_init_key, NULL, | ||
92 | EVP_CIPHER_set_asn1_iv, | ||
93 | EVP_CIPHER_get_asn1_iv, | ||
94 | NULL) | ||
95 | |||
96 | #define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16) | ||
97 | |||
98 | IMPLEMENT_CAMELLIA_CFBR(128,1) | ||
99 | IMPLEMENT_CAMELLIA_CFBR(192,1) | ||
100 | IMPLEMENT_CAMELLIA_CFBR(256,1) | ||
101 | |||
102 | IMPLEMENT_CAMELLIA_CFBR(128,8) | ||
103 | IMPLEMENT_CAMELLIA_CFBR(192,8) | ||
104 | IMPLEMENT_CAMELLIA_CFBR(256,8) | ||
105 | |||
106 | |||
107 | |||
108 | /* The subkey for Camellia is generated. */ | ||
109 | static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | ||
110 | const unsigned char *iv, int enc) | ||
111 | { | ||
112 | int ret; | ||
113 | |||
114 | ret=Camellia_set_key(key, ctx->key_len * 8, ctx->cipher_data); | ||
115 | |||
116 | if(ret < 0) | ||
117 | { | ||
118 | EVPerr(EVP_F_CAMELLIA_INIT_KEY,EVP_R_CAMELLIA_KEY_SETUP_FAILED); | ||
119 | return 0; | ||
120 | } | ||
121 | |||
122 | return 1; | ||
123 | } | ||
124 | |||
125 | #else | ||
126 | |||
127 | # ifdef PEDANTIC | ||
128 | static void *dummy=&dummy; | ||
129 | # endif | ||
130 | |||
131 | #endif | ||
diff --git a/src/lib/libcrypto/evp/e_cast.c b/src/lib/libcrypto/evp/e_cast.c index 3400fef187..d77bcd9298 100644 --- a/src/lib/libcrypto/evp/e_cast.c +++ b/src/lib/libcrypto/evp/e_cast.c | |||
@@ -56,10 +56,10 @@ | |||
56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
57 | */ | 57 | */ |
58 | 58 | ||
59 | #ifndef OPENSSL_NO_CAST | ||
60 | |||
61 | #include <stdio.h> | 59 | #include <stdio.h> |
62 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
61 | |||
62 | #ifndef OPENSSL_NO_CAST | ||
63 | #include <openssl/evp.h> | 63 | #include <openssl/evp.h> |
64 | #include <openssl/objects.h> | 64 | #include <openssl/objects.h> |
65 | #include "evp_locl.h" | 65 | #include "evp_locl.h" |
diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c index 46e2899825..856323648c 100644 --- a/src/lib/libcrypto/evp/e_des.c +++ b/src/lib/libcrypto/evp/e_des.c | |||
@@ -63,9 +63,11 @@ | |||
63 | #include <openssl/objects.h> | 63 | #include <openssl/objects.h> |
64 | #include "evp_locl.h" | 64 | #include "evp_locl.h" |
65 | #include <openssl/des.h> | 65 | #include <openssl/des.h> |
66 | #include <openssl/rand.h> | ||
66 | 67 | ||
67 | static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 68 | static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
68 | const unsigned char *iv, int enc); | 69 | const unsigned char *iv, int enc); |
70 | static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); | ||
69 | 71 | ||
70 | /* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */ | 72 | /* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */ |
71 | 73 | ||
@@ -127,28 +129,48 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
127 | } | 129 | } |
128 | 130 | ||
129 | BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, | 131 | BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, |
130 | EVP_CIPH_FLAG_FIPS, des_init_key, NULL, | 132 | EVP_CIPH_RAND_KEY, des_init_key, NULL, |
131 | EVP_CIPHER_set_asn1_iv, | 133 | EVP_CIPHER_set_asn1_iv, |
132 | EVP_CIPHER_get_asn1_iv, | 134 | EVP_CIPHER_get_asn1_iv, |
133 | NULL) | 135 | des_ctrl) |
134 | 136 | ||
135 | BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, | 137 | BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, |
136 | EVP_CIPH_FLAG_FIPS,des_init_key,NULL, | 138 | EVP_CIPH_RAND_KEY, des_init_key,NULL, |
137 | EVP_CIPHER_set_asn1_iv, | 139 | EVP_CIPHER_set_asn1_iv, |
138 | EVP_CIPHER_get_asn1_iv,NULL) | 140 | EVP_CIPHER_get_asn1_iv,des_ctrl) |
139 | 141 | ||
140 | BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, | 142 | BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, |
141 | EVP_CIPH_FLAG_FIPS,des_init_key,NULL, | 143 | EVP_CIPH_RAND_KEY,des_init_key,NULL, |
142 | EVP_CIPHER_set_asn1_iv, | 144 | EVP_CIPHER_set_asn1_iv, |
143 | EVP_CIPHER_get_asn1_iv,NULL) | 145 | EVP_CIPHER_get_asn1_iv,des_ctrl) |
144 | 146 | ||
145 | static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 147 | static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
146 | const unsigned char *iv, int enc) | 148 | const unsigned char *iv, int enc) |
147 | { | 149 | { |
148 | DES_cblock *deskey = (DES_cblock *)key; | 150 | DES_cblock *deskey = (DES_cblock *)key; |
149 | 151 | #ifdef EVP_CHECK_DES_KEY | |
152 | if(DES_set_key_checked(deskey,ctx->cipher_data) != 0) | ||
153 | return 0; | ||
154 | #else | ||
150 | DES_set_key_unchecked(deskey,ctx->cipher_data); | 155 | DES_set_key_unchecked(deskey,ctx->cipher_data); |
156 | #endif | ||
151 | return 1; | 157 | return 1; |
152 | } | 158 | } |
153 | 159 | ||
160 | static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) | ||
161 | { | ||
162 | |||
163 | switch(type) | ||
164 | { | ||
165 | case EVP_CTRL_RAND_KEY: | ||
166 | if (RAND_bytes(ptr, 8) <= 0) | ||
167 | return 0; | ||
168 | DES_set_odd_parity((DES_cblock *)ptr); | ||
169 | return 1; | ||
170 | |||
171 | default: | ||
172 | return -1; | ||
173 | } | ||
174 | } | ||
175 | |||
154 | #endif | 176 | #endif |
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c index 677322bf02..ac148efab2 100644 --- a/src/lib/libcrypto/evp/e_des3.c +++ b/src/lib/libcrypto/evp/e_des3.c | |||
@@ -63,6 +63,7 @@ | |||
63 | #include <openssl/objects.h> | 63 | #include <openssl/objects.h> |
64 | #include "evp_locl.h" | 64 | #include "evp_locl.h" |
65 | #include <openssl/des.h> | 65 | #include <openssl/des.h> |
66 | #include <openssl/rand.h> | ||
66 | 67 | ||
67 | static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 68 | static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
68 | const unsigned char *iv,int enc); | 69 | const unsigned char *iv,int enc); |
@@ -70,6 +71,8 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |||
70 | static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 71 | static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
71 | const unsigned char *iv,int enc); | 72 | const unsigned char *iv,int enc); |
72 | 73 | ||
74 | static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); | ||
75 | |||
73 | typedef struct | 76 | typedef struct |
74 | { | 77 | { |
75 | DES_key_schedule ks1;/* key schedule */ | 78 | DES_key_schedule ks1;/* key schedule */ |
@@ -85,7 +88,8 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
85 | const unsigned char *in, unsigned int inl) | 88 | const unsigned char *in, unsigned int inl) |
86 | { | 89 | { |
87 | BLOCK_CIPHER_ecb_loop() | 90 | BLOCK_CIPHER_ecb_loop() |
88 | DES_ecb3_encrypt(in + i,out + i, | 91 | DES_ecb3_encrypt((const_DES_cblock *)(in + i), |
92 | (DES_cblock *)(out + i), | ||
89 | &data(ctx)->ks1, &data(ctx)->ks2, | 93 | &data(ctx)->ks1, &data(ctx)->ks2, |
90 | &data(ctx)->ks3, | 94 | &data(ctx)->ks3, |
91 | ctx->encrypt); | 95 | ctx->encrypt); |
@@ -160,10 +164,10 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
160 | } | 164 | } |
161 | 165 | ||
162 | BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, | 166 | BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, |
163 | EVP_CIPH_FLAG_FIPS, des_ede_init_key, NULL, | 167 | EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, |
164 | EVP_CIPHER_set_asn1_iv, | 168 | EVP_CIPHER_set_asn1_iv, |
165 | EVP_CIPHER_get_asn1_iv, | 169 | EVP_CIPHER_get_asn1_iv, |
166 | NULL) | 170 | des3_ctrl) |
167 | 171 | ||
168 | #define des_ede3_cfb64_cipher des_ede_cfb64_cipher | 172 | #define des_ede3_cfb64_cipher des_ede_cfb64_cipher |
169 | #define des_ede3_ofb_cipher des_ede_ofb_cipher | 173 | #define des_ede3_ofb_cipher des_ede_ofb_cipher |
@@ -171,28 +175,35 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, | |||
171 | #define des_ede3_ecb_cipher des_ede_ecb_cipher | 175 | #define des_ede3_ecb_cipher des_ede_ecb_cipher |
172 | 176 | ||
173 | BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, | 177 | BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, |
174 | EVP_CIPH_FLAG_FIPS, des_ede3_init_key, NULL, | 178 | EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, |
175 | EVP_CIPHER_set_asn1_iv, | 179 | EVP_CIPHER_set_asn1_iv, |
176 | EVP_CIPHER_get_asn1_iv, | 180 | EVP_CIPHER_get_asn1_iv, |
177 | NULL) | 181 | des3_ctrl) |
178 | 182 | ||
179 | BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, | 183 | BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, |
180 | EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL, | 184 | EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, |
181 | EVP_CIPHER_set_asn1_iv, | 185 | EVP_CIPHER_set_asn1_iv, |
182 | EVP_CIPHER_get_asn1_iv,NULL) | 186 | EVP_CIPHER_get_asn1_iv, |
187 | des3_ctrl) | ||
183 | 188 | ||
184 | BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, | 189 | BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, |
185 | EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL, | 190 | EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, |
186 | EVP_CIPHER_set_asn1_iv, | 191 | EVP_CIPHER_set_asn1_iv, |
187 | EVP_CIPHER_get_asn1_iv,NULL) | 192 | EVP_CIPHER_get_asn1_iv, |
193 | des3_ctrl) | ||
188 | 194 | ||
189 | static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 195 | static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
190 | const unsigned char *iv, int enc) | 196 | const unsigned char *iv, int enc) |
191 | { | 197 | { |
192 | DES_cblock *deskey = (DES_cblock *)key; | 198 | DES_cblock *deskey = (DES_cblock *)key; |
193 | 199 | #ifdef EVP_CHECK_DES_KEY | |
200 | if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1) | ||
201 | !! DES_set_key_checked(&deskey[1],&data(ctx)->ks2)) | ||
202 | return 0; | ||
203 | #else | ||
194 | DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); | 204 | DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); |
195 | DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); | 205 | DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); |
206 | #endif | ||
196 | memcpy(&data(ctx)->ks3,&data(ctx)->ks1, | 207 | memcpy(&data(ctx)->ks3,&data(ctx)->ks1, |
197 | sizeof(data(ctx)->ks1)); | 208 | sizeof(data(ctx)->ks1)); |
198 | return 1; | 209 | return 1; |
@@ -213,13 +224,41 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |||
213 | } | 224 | } |
214 | #endif /* KSSL_DEBUG */ | 225 | #endif /* KSSL_DEBUG */ |
215 | 226 | ||
227 | #ifdef EVP_CHECK_DES_KEY | ||
228 | if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1) | ||
229 | || DES_set_key_checked(&deskey[1],&data(ctx)->ks2) | ||
230 | || DES_set_key_checked(&deskey[2],&data(ctx)->ks3)) | ||
231 | return 0; | ||
232 | #else | ||
216 | DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); | 233 | DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); |
217 | DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); | 234 | DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); |
218 | DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3); | 235 | DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3); |
219 | 236 | #endif | |
220 | return 1; | 237 | return 1; |
221 | } | 238 | } |
222 | 239 | ||
240 | static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) | ||
241 | { | ||
242 | |||
243 | DES_cblock *deskey = ptr; | ||
244 | |||
245 | switch(type) | ||
246 | { | ||
247 | case EVP_CTRL_RAND_KEY: | ||
248 | if (RAND_bytes(ptr, c->key_len) <= 0) | ||
249 | return 0; | ||
250 | DES_set_odd_parity(deskey); | ||
251 | if (c->key_len >= 16) | ||
252 | DES_set_odd_parity(deskey + 1); | ||
253 | if (c->key_len >= 24) | ||
254 | DES_set_odd_parity(deskey + 2); | ||
255 | return 1; | ||
256 | |||
257 | default: | ||
258 | return -1; | ||
259 | } | ||
260 | } | ||
261 | |||
223 | const EVP_CIPHER *EVP_des_ede(void) | 262 | const EVP_CIPHER *EVP_des_ede(void) |
224 | { | 263 | { |
225 | return &des_ede_ecb; | 264 | return &des_ede_ecb; |
diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c index b9efa75ae7..48c33a774a 100644 --- a/src/lib/libcrypto/evp/e_idea.c +++ b/src/lib/libcrypto/evp/e_idea.c | |||
@@ -56,10 +56,10 @@ | |||
56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
57 | */ | 57 | */ |
58 | 58 | ||
59 | #ifndef OPENSSL_NO_IDEA | ||
60 | |||
61 | #include <stdio.h> | 59 | #include <stdio.h> |
62 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
61 | |||
62 | #ifndef OPENSSL_NO_IDEA | ||
63 | #include <openssl/evp.h> | 63 | #include <openssl/evp.h> |
64 | #include <openssl/objects.h> | 64 | #include <openssl/objects.h> |
65 | #include "evp_locl.h" | 65 | #include "evp_locl.h" |
diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c index a84b0f14b1..5205259f18 100644 --- a/src/lib/libcrypto/evp/e_null.c +++ b/src/lib/libcrypto/evp/e_null.c | |||
@@ -69,13 +69,14 @@ static const EVP_CIPHER n_cipher= | |||
69 | { | 69 | { |
70 | NID_undef, | 70 | NID_undef, |
71 | 1,0,0, | 71 | 1,0,0, |
72 | EVP_CIPH_FLAG_FIPS, | 72 | 0, |
73 | null_init_key, | 73 | null_init_key, |
74 | null_cipher, | 74 | null_cipher, |
75 | NULL, | 75 | NULL, |
76 | 0, | 76 | 0, |
77 | NULL, | 77 | NULL, |
78 | NULL, | 78 | NULL, |
79 | NULL, | ||
79 | NULL | 80 | NULL |
80 | }; | 81 | }; |
81 | 82 | ||
@@ -95,7 +96,7 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
95 | const unsigned char *in, unsigned int inl) | 96 | const unsigned char *in, unsigned int inl) |
96 | { | 97 | { |
97 | if (in != out) | 98 | if (in != out) |
98 | memcpy((char *)out,(char *)in,(int)inl); | 99 | memcpy((char *)out,(const char *)in,(size_t)inl); |
99 | return 1; | 100 | return 1; |
100 | } | 101 | } |
101 | 102 | ||
diff --git a/src/lib/libcrypto/evp/e_old.c b/src/lib/libcrypto/evp/e_old.c index 92dc498945..1642af4869 100644 --- a/src/lib/libcrypto/evp/e_old.c +++ b/src/lib/libcrypto/evp/e_old.c | |||
@@ -56,6 +56,10 @@ | |||
56 | * | 56 | * |
57 | */ | 57 | */ |
58 | 58 | ||
59 | #ifdef OPENSSL_NO_DEPRECATED | ||
60 | static void *dummy = &dummy; | ||
61 | #else | ||
62 | |||
59 | #include <openssl/evp.h> | 63 | #include <openssl/evp.h> |
60 | 64 | ||
61 | /* Define some deprecated functions, so older programs | 65 | /* Define some deprecated functions, so older programs |
@@ -66,43 +70,56 @@ | |||
66 | 70 | ||
67 | #ifndef OPENSSL_NO_BF | 71 | #ifndef OPENSSL_NO_BF |
68 | #undef EVP_bf_cfb | 72 | #undef EVP_bf_cfb |
73 | const EVP_CIPHER *EVP_bf_cfb(void); | ||
69 | const EVP_CIPHER *EVP_bf_cfb(void) { return EVP_bf_cfb64(); } | 74 | const EVP_CIPHER *EVP_bf_cfb(void) { return EVP_bf_cfb64(); } |
70 | #endif | 75 | #endif |
71 | 76 | ||
72 | #ifndef OPENSSL_NO_DES | 77 | #ifndef OPENSSL_NO_DES |
73 | #undef EVP_des_cfb | 78 | #undef EVP_des_cfb |
79 | const EVP_CIPHER *EVP_des_cfb(void); | ||
74 | const EVP_CIPHER *EVP_des_cfb(void) { return EVP_des_cfb64(); } | 80 | const EVP_CIPHER *EVP_des_cfb(void) { return EVP_des_cfb64(); } |
75 | #undef EVP_des_ede3_cfb | 81 | #undef EVP_des_ede3_cfb |
82 | const EVP_CIPHER *EVP_des_ede3_cfb(void); | ||
76 | const EVP_CIPHER *EVP_des_ede3_cfb(void) { return EVP_des_ede3_cfb64(); } | 83 | const EVP_CIPHER *EVP_des_ede3_cfb(void) { return EVP_des_ede3_cfb64(); } |
77 | #undef EVP_des_ede_cfb | 84 | #undef EVP_des_ede_cfb |
85 | const EVP_CIPHER *EVP_des_ede_cfb(void); | ||
78 | const EVP_CIPHER *EVP_des_ede_cfb(void) { return EVP_des_ede_cfb64(); } | 86 | const EVP_CIPHER *EVP_des_ede_cfb(void) { return EVP_des_ede_cfb64(); } |
79 | #endif | 87 | #endif |
80 | 88 | ||
81 | #ifndef OPENSSL_NO_IDEA | 89 | #ifndef OPENSSL_NO_IDEA |
82 | #undef EVP_idea_cfb | 90 | #undef EVP_idea_cfb |
91 | const EVP_CIPHER *EVP_idea_cfb(void); | ||
83 | const EVP_CIPHER *EVP_idea_cfb(void) { return EVP_idea_cfb64(); } | 92 | const EVP_CIPHER *EVP_idea_cfb(void) { return EVP_idea_cfb64(); } |
84 | #endif | 93 | #endif |
85 | 94 | ||
86 | #ifndef OPENSSL_NO_RC2 | 95 | #ifndef OPENSSL_NO_RC2 |
87 | #undef EVP_rc2_cfb | 96 | #undef EVP_rc2_cfb |
97 | const EVP_CIPHER *EVP_rc2_cfb(void); | ||
88 | const EVP_CIPHER *EVP_rc2_cfb(void) { return EVP_rc2_cfb64(); } | 98 | const EVP_CIPHER *EVP_rc2_cfb(void) { return EVP_rc2_cfb64(); } |
89 | #endif | 99 | #endif |
90 | 100 | ||
91 | #ifndef OPENSSL_NO_CAST | 101 | #ifndef OPENSSL_NO_CAST |
92 | #undef EVP_cast5_cfb | 102 | #undef EVP_cast5_cfb |
103 | const EVP_CIPHER *EVP_cast5_cfb(void); | ||
93 | const EVP_CIPHER *EVP_cast5_cfb(void) { return EVP_cast5_cfb64(); } | 104 | const EVP_CIPHER *EVP_cast5_cfb(void) { return EVP_cast5_cfb64(); } |
94 | #endif | 105 | #endif |
95 | 106 | ||
96 | #ifndef OPENSSL_NO_RC5 | 107 | #ifndef OPENSSL_NO_RC5 |
97 | #undef EVP_rc5_32_12_16_cfb | 108 | #undef EVP_rc5_32_12_16_cfb |
109 | const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); | ||
98 | const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) { return EVP_rc5_32_12_16_cfb64(); } | 110 | const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) { return EVP_rc5_32_12_16_cfb64(); } |
99 | #endif | 111 | #endif |
100 | 112 | ||
101 | #ifndef OPENSSL_NO_AES | 113 | #ifndef OPENSSL_NO_AES |
102 | #undef EVP_aes_128_cfb | 114 | #undef EVP_aes_128_cfb |
115 | const EVP_CIPHER *EVP_aes_128_cfb(void); | ||
103 | const EVP_CIPHER *EVP_aes_128_cfb(void) { return EVP_aes_128_cfb128(); } | 116 | const EVP_CIPHER *EVP_aes_128_cfb(void) { return EVP_aes_128_cfb128(); } |
104 | #undef EVP_aes_192_cfb | 117 | #undef EVP_aes_192_cfb |
118 | const EVP_CIPHER *EVP_aes_192_cfb(void); | ||
105 | const EVP_CIPHER *EVP_aes_192_cfb(void) { return EVP_aes_192_cfb128(); } | 119 | const EVP_CIPHER *EVP_aes_192_cfb(void) { return EVP_aes_192_cfb128(); } |
106 | #undef EVP_aes_256_cfb | 120 | #undef EVP_aes_256_cfb |
121 | const EVP_CIPHER *EVP_aes_256_cfb(void); | ||
107 | const EVP_CIPHER *EVP_aes_256_cfb(void) { return EVP_aes_256_cfb128(); } | 122 | const EVP_CIPHER *EVP_aes_256_cfb(void) { return EVP_aes_256_cfb128(); } |
108 | #endif | 123 | #endif |
124 | |||
125 | #endif | ||
diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c index d42cbfd17e..d37726ffae 100644 --- a/src/lib/libcrypto/evp/e_rc2.c +++ b/src/lib/libcrypto/evp/e_rc2.c | |||
@@ -56,10 +56,11 @@ | |||
56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
57 | */ | 57 | */ |
58 | 58 | ||
59 | #ifndef OPENSSL_NO_RC2 | ||
60 | |||
61 | #include <stdio.h> | 59 | #include <stdio.h> |
62 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
61 | |||
62 | #ifndef OPENSSL_NO_RC2 | ||
63 | |||
63 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
64 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
65 | #include "evp_locl.h" | 66 | #include "evp_locl.h" |
@@ -167,16 +168,17 @@ static int rc2_magic_to_meth(int i) | |||
167 | static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) | 168 | static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) |
168 | { | 169 | { |
169 | long num=0; | 170 | long num=0; |
170 | int i=0,l; | 171 | int i=0; |
171 | int key_bits; | 172 | int key_bits; |
173 | unsigned int l; | ||
172 | unsigned char iv[EVP_MAX_IV_LENGTH]; | 174 | unsigned char iv[EVP_MAX_IV_LENGTH]; |
173 | 175 | ||
174 | if (type != NULL) | 176 | if (type != NULL) |
175 | { | 177 | { |
176 | l=EVP_CIPHER_CTX_iv_length(c); | 178 | l=EVP_CIPHER_CTX_iv_length(c); |
177 | OPENSSL_assert(l <= sizeof iv); | 179 | OPENSSL_assert(l <= sizeof(iv)); |
178 | i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l); | 180 | i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l); |
179 | if (i != l) | 181 | if (i != (int)l) |
180 | return(-1); | 182 | return(-1); |
181 | key_bits =rc2_magic_to_meth((int)num); | 183 | key_bits =rc2_magic_to_meth((int)num); |
182 | if (!key_bits) | 184 | if (!key_bits) |
diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c index 8aa70585b9..67af850bea 100644 --- a/src/lib/libcrypto/evp/e_rc4.c +++ b/src/lib/libcrypto/evp/e_rc4.c | |||
@@ -56,13 +56,13 @@ | |||
56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
57 | */ | 57 | */ |
58 | 58 | ||
59 | #ifndef OPENSSL_NO_RC4 | ||
60 | |||
61 | #include <stdio.h> | 59 | #include <stdio.h> |
62 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
61 | |||
62 | #ifndef OPENSSL_NO_RC4 | ||
63 | |||
63 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
64 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
65 | #include "evp_locl.h" | ||
66 | #include <openssl/rc4.h> | 66 | #include <openssl/rc4.h> |
67 | 67 | ||
68 | /* FIXME: surely this is available elsewhere? */ | 68 | /* FIXME: surely this is available elsewhere? */ |
@@ -90,6 +90,7 @@ static const EVP_CIPHER r4_cipher= | |||
90 | sizeof(EVP_RC4_KEY), | 90 | sizeof(EVP_RC4_KEY), |
91 | NULL, | 91 | NULL, |
92 | NULL, | 92 | NULL, |
93 | NULL, | ||
93 | NULL | 94 | NULL |
94 | }; | 95 | }; |
95 | 96 | ||
@@ -104,6 +105,7 @@ static const EVP_CIPHER r4_40_cipher= | |||
104 | sizeof(EVP_RC4_KEY), | 105 | sizeof(EVP_RC4_KEY), |
105 | NULL, | 106 | NULL, |
106 | NULL, | 107 | NULL, |
108 | NULL, | ||
107 | NULL | 109 | NULL |
108 | }; | 110 | }; |
109 | 111 | ||
diff --git a/src/lib/libcrypto/evp/e_xcbc_d.c b/src/lib/libcrypto/evp/e_xcbc_d.c index a6f849e93d..8832da2433 100644 --- a/src/lib/libcrypto/evp/e_xcbc_d.c +++ b/src/lib/libcrypto/evp/e_xcbc_d.c | |||
@@ -56,9 +56,11 @@ | |||
56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
57 | */ | 57 | */ |
58 | 58 | ||
59 | #ifndef OPENSSL_NO_DES | ||
60 | #include <stdio.h> | 59 | #include <stdio.h> |
61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
61 | |||
62 | #ifndef OPENSSL_NO_DES | ||
63 | |||
62 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
63 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
64 | #include <openssl/des.h> | 66 | #include <openssl/des.h> |
@@ -89,6 +91,7 @@ static const EVP_CIPHER d_xcbc_cipher= | |||
89 | sizeof(DESX_CBC_KEY), | 91 | sizeof(DESX_CBC_KEY), |
90 | EVP_CIPHER_set_asn1_iv, | 92 | EVP_CIPHER_set_asn1_iv, |
91 | EVP_CIPHER_get_asn1_iv, | 93 | EVP_CIPHER_get_asn1_iv, |
94 | NULL, | ||
92 | NULL | 95 | NULL |
93 | }; | 96 | }; |
94 | 97 | ||
diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c index 33e540087d..5921f0d710 100644 --- a/src/lib/libcrypto/evp/encode.c +++ b/src/lib/libcrypto/evp/encode.c | |||
@@ -129,14 +129,14 @@ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) | |||
129 | } | 129 | } |
130 | 130 | ||
131 | void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, | 131 | void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, |
132 | unsigned char *in, int inl) | 132 | const unsigned char *in, int inl) |
133 | { | 133 | { |
134 | int i,j; | 134 | int i,j; |
135 | unsigned int total=0; | 135 | unsigned int total=0; |
136 | 136 | ||
137 | *outl=0; | 137 | *outl=0; |
138 | if (inl == 0) return; | 138 | if (inl == 0) return; |
139 | OPENSSL_assert(ctx->length <= sizeof ctx->enc_data); | 139 | OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); |
140 | if ((ctx->num+inl) < ctx->length) | 140 | if ((ctx->num+inl) < ctx->length) |
141 | { | 141 | { |
142 | memcpy(&(ctx->enc_data[ctx->num]),in,inl); | 142 | memcpy(&(ctx->enc_data[ctx->num]),in,inl); |
@@ -233,7 +233,7 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) | |||
233 | * 1 for full line | 233 | * 1 for full line |
234 | */ | 234 | */ |
235 | int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, | 235 | int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, |
236 | unsigned char *in, int inl) | 236 | const unsigned char *in, int inl) |
237 | { | 237 | { |
238 | int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl; | 238 | int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl; |
239 | unsigned char *d; | 239 | unsigned char *d; |
@@ -259,7 +259,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, | |||
259 | /* only save the good data :-) */ | 259 | /* only save the good data :-) */ |
260 | if (!B64_NOT_BASE64(v)) | 260 | if (!B64_NOT_BASE64(v)) |
261 | { | 261 | { |
262 | OPENSSL_assert(n < sizeof ctx->enc_data); | 262 | OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); |
263 | d[n++]=tmp; | 263 | d[n++]=tmp; |
264 | ln++; | 264 | ln++; |
265 | } | 265 | } |
@@ -323,8 +323,8 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, | |||
323 | if (n > 0) | 323 | if (n > 0) |
324 | { | 324 | { |
325 | v=EVP_DecodeBlock(out,d,n); | 325 | v=EVP_DecodeBlock(out,d,n); |
326 | if (v < 0) { rv=0; goto end; } | ||
327 | n=0; | 326 | n=0; |
327 | if (v < 0) { rv=0; goto end; } | ||
328 | ret+=(v-eof); | 328 | ret+=(v-eof); |
329 | } | 329 | } |
330 | else | 330 | else |
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index 56eec23fef..bdd3b7ecaa 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h | |||
@@ -74,56 +74,6 @@ | |||
74 | #ifndef OPENSSL_NO_BIO | 74 | #ifndef OPENSSL_NO_BIO |
75 | #include <openssl/bio.h> | 75 | #include <openssl/bio.h> |
76 | #endif | 76 | #endif |
77 | #ifndef OPENSSL_NO_MD2 | ||
78 | #include <openssl/md2.h> | ||
79 | #endif | ||
80 | #ifndef OPENSSL_NO_MD4 | ||
81 | #include <openssl/md4.h> | ||
82 | #endif | ||
83 | #ifndef OPENSSL_NO_MD5 | ||
84 | #include <openssl/md5.h> | ||
85 | #endif | ||
86 | #ifndef OPENSSL_NO_SHA | ||
87 | #ifndef OPENSSL_FIPS | ||
88 | #include <openssl/sha.h> | ||
89 | #else | ||
90 | #include <openssl/fips_sha.h> | ||
91 | #endif | ||
92 | #endif | ||
93 | #ifndef OPENSSL_NO_RIPEMD | ||
94 | #include <openssl/ripemd.h> | ||
95 | #endif | ||
96 | #ifndef OPENSSL_NO_DES | ||
97 | #include <openssl/des.h> | ||
98 | #endif | ||
99 | #ifndef OPENSSL_NO_RC4 | ||
100 | #include <openssl/rc4.h> | ||
101 | #endif | ||
102 | #ifndef OPENSSL_NO_RC2 | ||
103 | #include <openssl/rc2.h> | ||
104 | #endif | ||
105 | #ifndef OPENSSL_NO_RC5 | ||
106 | #include <openssl/rc5.h> | ||
107 | #endif | ||
108 | #ifndef OPENSSL_NO_BF | ||
109 | #include <openssl/blowfish.h> | ||
110 | #endif | ||
111 | #ifndef OPENSSL_NO_CAST | ||
112 | #include <openssl/cast.h> | ||
113 | #endif | ||
114 | #ifndef OPENSSL_NO_IDEA | ||
115 | #include <openssl/idea.h> | ||
116 | #endif | ||
117 | #ifndef OPENSSL_NO_MDC2 | ||
118 | #include <openssl/mdc2.h> | ||
119 | #endif | ||
120 | #ifndef OPENSSL_NO_AES | ||
121 | #include <openssl/aes.h> | ||
122 | #endif | ||
123 | |||
124 | #ifdef OPENSSL_FIPS | ||
125 | #include <openssl/fips.h> | ||
126 | #endif | ||
127 | 77 | ||
128 | /* | 78 | /* |
129 | #define EVP_RC2_KEY_SIZE 16 | 79 | #define EVP_RC2_KEY_SIZE 16 |
@@ -132,11 +82,7 @@ | |||
132 | #define EVP_CAST5_KEY_SIZE 16 | 82 | #define EVP_CAST5_KEY_SIZE 16 |
133 | #define EVP_RC5_32_12_16_KEY_SIZE 16 | 83 | #define EVP_RC5_32_12_16_KEY_SIZE 16 |
134 | */ | 84 | */ |
135 | #ifdef OPENSSL_FIPS | 85 | #define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */ |
136 | #define EVP_MAX_MD_SIZE 64 /* longest known SHA512 */ | ||
137 | #else | ||
138 | #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ | ||
139 | #endif | ||
140 | #define EVP_MAX_KEY_LENGTH 32 | 86 | #define EVP_MAX_KEY_LENGTH 32 |
141 | #define EVP_MAX_IV_LENGTH 16 | 87 | #define EVP_MAX_IV_LENGTH 16 |
142 | #define EVP_MAX_BLOCK_LENGTH 32 | 88 | #define EVP_MAX_BLOCK_LENGTH 32 |
@@ -145,28 +91,18 @@ | |||
145 | /* Default PKCS#5 iteration count */ | 91 | /* Default PKCS#5 iteration count */ |
146 | #define PKCS5_DEFAULT_ITER 2048 | 92 | #define PKCS5_DEFAULT_ITER 2048 |
147 | 93 | ||
148 | #ifndef OPENSSL_NO_RSA | ||
149 | #include <openssl/rsa.h> | ||
150 | #endif | ||
151 | |||
152 | #ifndef OPENSSL_NO_DSA | ||
153 | #include <openssl/dsa.h> | ||
154 | #endif | ||
155 | |||
156 | #ifndef OPENSSL_NO_DH | ||
157 | #include <openssl/dh.h> | ||
158 | #endif | ||
159 | |||
160 | #include <openssl/objects.h> | 94 | #include <openssl/objects.h> |
161 | 95 | ||
162 | #define EVP_PK_RSA 0x0001 | 96 | #define EVP_PK_RSA 0x0001 |
163 | #define EVP_PK_DSA 0x0002 | 97 | #define EVP_PK_DSA 0x0002 |
164 | #define EVP_PK_DH 0x0004 | 98 | #define EVP_PK_DH 0x0004 |
99 | #define EVP_PK_EC 0x0008 | ||
165 | #define EVP_PKT_SIGN 0x0010 | 100 | #define EVP_PKT_SIGN 0x0010 |
166 | #define EVP_PKT_ENC 0x0020 | 101 | #define EVP_PKT_ENC 0x0020 |
167 | #define EVP_PKT_EXCH 0x0040 | 102 | #define EVP_PKT_EXCH 0x0040 |
168 | #define EVP_PKS_RSA 0x0100 | 103 | #define EVP_PKS_RSA 0x0100 |
169 | #define EVP_PKS_DSA 0x0200 | 104 | #define EVP_PKS_DSA 0x0200 |
105 | #define EVP_PKS_EC 0x0400 | ||
170 | #define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ | 106 | #define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ |
171 | 107 | ||
172 | #define EVP_PKEY_NONE NID_undef | 108 | #define EVP_PKEY_NONE NID_undef |
@@ -178,6 +114,7 @@ | |||
178 | #define EVP_PKEY_DSA3 NID_dsaWithSHA1 | 114 | #define EVP_PKEY_DSA3 NID_dsaWithSHA1 |
179 | #define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 | 115 | #define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 |
180 | #define EVP_PKEY_DH NID_dhKeyAgreement | 116 | #define EVP_PKEY_DH NID_dhKeyAgreement |
117 | #define EVP_PKEY_EC NID_X9_62_id_ecPublicKey | ||
181 | 118 | ||
182 | #ifdef __cplusplus | 119 | #ifdef __cplusplus |
183 | extern "C" { | 120 | extern "C" { |
@@ -202,6 +139,9 @@ struct evp_pkey_st | |||
202 | #ifndef OPENSSL_NO_DH | 139 | #ifndef OPENSSL_NO_DH |
203 | struct dh_st *dh; /* DH */ | 140 | struct dh_st *dh; /* DH */ |
204 | #endif | 141 | #endif |
142 | #ifndef OPENSSL_NO_EC | ||
143 | struct ec_key_st *ec; /* ECC */ | ||
144 | #endif | ||
205 | } pkey; | 145 | } pkey; |
206 | int save_parameters; | 146 | int save_parameters; |
207 | STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ | 147 | STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ |
@@ -287,39 +227,58 @@ struct env_md_st | |||
287 | int md_size; | 227 | int md_size; |
288 | unsigned long flags; | 228 | unsigned long flags; |
289 | int (*init)(EVP_MD_CTX *ctx); | 229 | int (*init)(EVP_MD_CTX *ctx); |
290 | int (*update)(EVP_MD_CTX *ctx,const void *data,unsigned long count); | 230 | int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count); |
291 | int (*final)(EVP_MD_CTX *ctx,unsigned char *md); | 231 | int (*final)(EVP_MD_CTX *ctx,unsigned char *md); |
292 | int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from); | 232 | int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from); |
293 | int (*cleanup)(EVP_MD_CTX *ctx); | 233 | int (*cleanup)(EVP_MD_CTX *ctx); |
294 | 234 | ||
295 | /* FIXME: prototype these some day */ | 235 | /* FIXME: prototype these some day */ |
296 | int (*sign)(); | 236 | int (*sign)(int type, const unsigned char *m, unsigned int m_length, |
297 | int (*verify)(); | 237 | unsigned char *sigret, unsigned int *siglen, void *key); |
238 | int (*verify)(int type, const unsigned char *m, unsigned int m_length, | ||
239 | const unsigned char *sigbuf, unsigned int siglen, | ||
240 | void *key); | ||
298 | int required_pkey_type[5]; /*EVP_PKEY_xxx */ | 241 | int required_pkey_type[5]; /*EVP_PKEY_xxx */ |
299 | int block_size; | 242 | int block_size; |
300 | int ctx_size; /* how big does the ctx->md_data need to be */ | 243 | int ctx_size; /* how big does the ctx->md_data need to be */ |
301 | } /* EVP_MD */; | 244 | } /* EVP_MD */; |
302 | 245 | ||
246 | typedef int evp_sign_method(int type,const unsigned char *m, | ||
247 | unsigned int m_length,unsigned char *sigret, | ||
248 | unsigned int *siglen, void *key); | ||
249 | typedef int evp_verify_method(int type,const unsigned char *m, | ||
250 | unsigned int m_length,const unsigned char *sigbuf, | ||
251 | unsigned int siglen, void *key); | ||
252 | |||
303 | #define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single | 253 | #define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single |
304 | * block */ | 254 | * block */ |
305 | #define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */ | ||
306 | 255 | ||
307 | #define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} | 256 | #define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} |
308 | 257 | ||
309 | #ifndef OPENSSL_NO_DSA | 258 | #ifndef OPENSSL_NO_DSA |
310 | #define EVP_PKEY_DSA_method DSA_sign,DSA_verify, \ | 259 | #define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \ |
260 | (evp_verify_method *)DSA_verify, \ | ||
311 | {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ | 261 | {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ |
312 | EVP_PKEY_DSA4,0} | 262 | EVP_PKEY_DSA4,0} |
313 | #else | 263 | #else |
314 | #define EVP_PKEY_DSA_method EVP_PKEY_NULL_method | 264 | #define EVP_PKEY_DSA_method EVP_PKEY_NULL_method |
315 | #endif | 265 | #endif |
316 | 266 | ||
267 | #ifndef OPENSSL_NO_ECDSA | ||
268 | #define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ | ||
269 | (evp_verify_method *)ECDSA_verify, \ | ||
270 | {EVP_PKEY_EC,0,0,0} | ||
271 | #else | ||
272 | #define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method | ||
273 | #endif | ||
274 | |||
317 | #ifndef OPENSSL_NO_RSA | 275 | #ifndef OPENSSL_NO_RSA |
318 | #define EVP_PKEY_RSA_method RSA_sign,RSA_verify, \ | 276 | #define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \ |
277 | (evp_verify_method *)RSA_verify, \ | ||
319 | {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} | 278 | {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} |
320 | #define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ | 279 | #define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ |
321 | RSA_sign_ASN1_OCTET_STRING, \ | 280 | (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \ |
322 | RSA_verify_ASN1_OCTET_STRING, \ | 281 | (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \ |
323 | {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} | 282 | {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} |
324 | #else | 283 | #else |
325 | #define EVP_PKEY_RSA_method EVP_PKEY_NULL_method | 284 | #define EVP_PKEY_RSA_method EVP_PKEY_NULL_method |
@@ -345,9 +304,6 @@ struct env_md_ctx_st | |||
345 | #define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data | 304 | #define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data |
346 | * in EVP_MD_CTX_cleanup */ | 305 | * in EVP_MD_CTX_cleanup */ |
347 | 306 | ||
348 | #define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest | ||
349 | * in FIPS mode */ | ||
350 | |||
351 | struct evp_cipher_st | 307 | struct evp_cipher_st |
352 | { | 308 | { |
353 | int nid; | 309 | int nid; |
@@ -389,10 +345,8 @@ struct evp_cipher_st | |||
389 | #define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 | 345 | #define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 |
390 | /* Don't use standard block padding */ | 346 | /* Don't use standard block padding */ |
391 | #define EVP_CIPH_NO_PADDING 0x100 | 347 | #define EVP_CIPH_NO_PADDING 0x100 |
392 | /* Note if suitable for use in FIPS mode */ | 348 | /* cipher handles random key generation */ |
393 | #define EVP_CIPH_FLAG_FIPS 0x400 | 349 | #define EVP_CIPH_RAND_KEY 0x200 |
394 | /* Allow non FIPS cipher in FIPS mode */ | ||
395 | #define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 | ||
396 | 350 | ||
397 | /* ctrl() values */ | 351 | /* ctrl() values */ |
398 | 352 | ||
@@ -402,6 +356,7 @@ struct evp_cipher_st | |||
402 | #define EVP_CTRL_SET_RC2_KEY_BITS 0x3 | 356 | #define EVP_CTRL_SET_RC2_KEY_BITS 0x3 |
403 | #define EVP_CTRL_GET_RC5_ROUNDS 0x4 | 357 | #define EVP_CTRL_GET_RC5_ROUNDS 0x4 |
404 | #define EVP_CTRL_SET_RC5_ROUNDS 0x5 | 358 | #define EVP_CTRL_SET_RC5_ROUNDS 0x5 |
359 | #define EVP_CTRL_RAND_KEY 0x6 | ||
405 | 360 | ||
406 | typedef struct evp_cipher_info_st | 361 | typedef struct evp_cipher_info_st |
407 | { | 362 | { |
@@ -463,45 +418,47 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
463 | (char *)(dh)) | 418 | (char *)(dh)) |
464 | #endif | 419 | #endif |
465 | 420 | ||
421 | #ifndef OPENSSL_NO_EC | ||
422 | #define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ | ||
423 | (char *)(eckey)) | ||
424 | #endif | ||
425 | |||
466 | /* Add some extra combinations */ | 426 | /* Add some extra combinations */ |
467 | #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) | 427 | #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) |
468 | #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) | 428 | #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) |
469 | #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) | 429 | #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) |
470 | #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) | 430 | #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) |
471 | 431 | ||
472 | #define EVP_MD_type(e) ((e)->type) | 432 | int EVP_MD_type(const EVP_MD *md); |
473 | #define EVP_MD_nid(e) EVP_MD_type(e) | 433 | #define EVP_MD_nid(e) EVP_MD_type(e) |
474 | #define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) | 434 | #define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) |
475 | #define EVP_MD_pkey_type(e) ((e)->pkey_type) | 435 | int EVP_MD_pkey_type(const EVP_MD *md); |
476 | #define EVP_MD_size(e) ((e)->md_size) | 436 | int EVP_MD_size(const EVP_MD *md); |
477 | #define EVP_MD_block_size(e) ((e)->block_size) | 437 | int EVP_MD_block_size(const EVP_MD *md); |
478 | 438 | ||
479 | #define EVP_MD_CTX_md(e) ((e)->digest) | 439 | const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx); |
480 | #define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest) | 440 | #define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) |
481 | #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) | 441 | #define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) |
482 | #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) | 442 | #define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) |
483 | 443 | ||
484 | #define EVP_CIPHER_nid(e) ((e)->nid) | 444 | int EVP_CIPHER_nid(const EVP_CIPHER *cipher); |
485 | #define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) | 445 | #define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) |
486 | #define EVP_CIPHER_block_size(e) ((e)->block_size) | 446 | int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); |
487 | #define EVP_CIPHER_key_length(e) ((e)->key_len) | 447 | int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); |
488 | #define EVP_CIPHER_iv_length(e) ((e)->iv_len) | 448 | int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); |
489 | #define EVP_CIPHER_flags(e) ((e)->flags) | 449 | unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); |
490 | #define EVP_CIPHER_mode(e) (((e)->flags) & EVP_CIPH_MODE) | 450 | #define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) |
491 | 451 | ||
492 | #define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) | 452 | const EVP_CIPHER * EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); |
493 | #define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) | 453 | int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); |
494 | #define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) | 454 | int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); |
495 | #define EVP_CIPHER_CTX_key_length(e) ((e)->key_len) | 455 | int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); |
496 | #define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) | 456 | int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); |
497 | #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) | 457 | void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); |
498 | #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) | 458 | void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); |
499 | #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) | 459 | #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) |
500 | #define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) | 460 | unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); |
501 | #define EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) | 461 | #define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) |
502 | #define EVP_CIPHER_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) | ||
503 | #define EVP_CIPHER_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) | ||
504 | #define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE) | ||
505 | 462 | ||
506 | #define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) | 463 | #define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) |
507 | #define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) | 464 | #define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) |
@@ -526,7 +483,10 @@ void BIO_set_md(BIO *,const EVP_MD *md); | |||
526 | #define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) | 483 | #define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) |
527 | #define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) | 484 | #define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) |
528 | 485 | ||
529 | #define EVP_Cipher(c,o,i,l) (c)->cipher->do_cipher((c),(o),(i),(l)) | 486 | int EVP_Cipher(EVP_CIPHER_CTX *c, |
487 | unsigned char *out, | ||
488 | const unsigned char *in, | ||
489 | unsigned int inl); | ||
530 | 490 | ||
531 | #define EVP_add_cipher_alias(n,alias) \ | 491 | #define EVP_add_cipher_alias(n,alias) \ |
532 | OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) | 492 | OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) |
@@ -542,14 +502,14 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); | |||
542 | EVP_MD_CTX *EVP_MD_CTX_create(void); | 502 | EVP_MD_CTX *EVP_MD_CTX_create(void); |
543 | void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); | 503 | void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); |
544 | int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); | 504 | int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); |
545 | #define EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) | 505 | void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); |
546 | #define EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) | 506 | void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); |
547 | #define EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) | 507 | int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags); |
548 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); | 508 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); |
549 | int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, | 509 | int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, |
550 | unsigned int cnt); | 510 | size_t cnt); |
551 | int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); | 511 | int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); |
552 | int EVP_Digest(void *data, unsigned int count, | 512 | int EVP_Digest(const void *data, size_t count, |
553 | unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); | 513 | unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); |
554 | 514 | ||
555 | int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); | 515 | int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); |
@@ -557,7 +517,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); | |||
557 | int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); | 517 | int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); |
558 | 518 | ||
559 | int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); | 519 | int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); |
560 | void EVP_set_pw_prompt(char *prompt); | 520 | void EVP_set_pw_prompt(const char *prompt); |
561 | char * EVP_get_pw_prompt(void); | 521 | char * EVP_get_pw_prompt(void); |
562 | 522 | ||
563 | int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, | 523 | int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, |
@@ -596,43 +556,48 @@ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); | |||
596 | int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, | 556 | int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, |
597 | EVP_PKEY *pkey); | 557 | EVP_PKEY *pkey); |
598 | 558 | ||
599 | int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, | 559 | int EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf, |
600 | unsigned int siglen,EVP_PKEY *pkey); | 560 | unsigned int siglen,EVP_PKEY *pkey); |
601 | 561 | ||
602 | int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *ek, | 562 | int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, |
603 | int ekl,unsigned char *iv,EVP_PKEY *priv); | 563 | const unsigned char *ek, int ekl, const unsigned char *iv, |
564 | EVP_PKEY *priv); | ||
604 | int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); | 565 | int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); |
605 | 566 | ||
606 | int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, | 567 | int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, |
607 | int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); | 568 | unsigned char **ek, int *ekl, unsigned char *iv, |
569 | EVP_PKEY **pubk, int npubk); | ||
608 | int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); | 570 | int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); |
609 | 571 | ||
610 | void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); | 572 | void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); |
611 | void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out, | 573 | void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, |
612 | int *outl,unsigned char *in,int inl); | 574 | const unsigned char *in,int inl); |
613 | void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); | 575 | void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); |
614 | int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); | 576 | int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); |
615 | 577 | ||
616 | void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); | 578 | void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); |
617 | int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, | 579 | int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, |
618 | unsigned char *in, int inl); | 580 | const unsigned char *in, int inl); |
619 | int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned | 581 | int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned |
620 | char *out, int *outl); | 582 | char *out, int *outl); |
621 | int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); | 583 | int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); |
622 | 584 | ||
623 | void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); | 585 | void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); |
624 | int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); | 586 | int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); |
587 | EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); | ||
588 | void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a); | ||
625 | int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); | 589 | int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); |
626 | int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); | 590 | int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); |
627 | int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); | 591 | int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); |
592 | int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); | ||
628 | 593 | ||
629 | #ifndef OPENSSL_NO_BIO | 594 | #ifndef OPENSSL_NO_BIO |
630 | BIO_METHOD *BIO_f_md(void); | 595 | BIO_METHOD *BIO_f_md(void); |
631 | BIO_METHOD *BIO_f_base64(void); | 596 | BIO_METHOD *BIO_f_base64(void); |
632 | BIO_METHOD *BIO_f_cipher(void); | 597 | BIO_METHOD *BIO_f_cipher(void); |
633 | BIO_METHOD *BIO_f_reliable(void); | 598 | BIO_METHOD *BIO_f_reliable(void); |
634 | void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k, | 599 | void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,const unsigned char *k, |
635 | unsigned char *i, int enc); | 600 | const unsigned char *i, int enc); |
636 | #endif | 601 | #endif |
637 | 602 | ||
638 | const EVP_MD *EVP_md_null(void); | 603 | const EVP_MD *EVP_md_null(void); |
@@ -650,7 +615,8 @@ const EVP_MD *EVP_sha(void); | |||
650 | const EVP_MD *EVP_sha1(void); | 615 | const EVP_MD *EVP_sha1(void); |
651 | const EVP_MD *EVP_dss(void); | 616 | const EVP_MD *EVP_dss(void); |
652 | const EVP_MD *EVP_dss1(void); | 617 | const EVP_MD *EVP_dss1(void); |
653 | #ifdef OPENSSL_FIPS | 618 | const EVP_MD *EVP_ecdsa(void); |
619 | #endif | ||
654 | #ifndef OPENSSL_NO_SHA256 | 620 | #ifndef OPENSSL_NO_SHA256 |
655 | const EVP_MD *EVP_sha224(void); | 621 | const EVP_MD *EVP_sha224(void); |
656 | const EVP_MD *EVP_sha256(void); | 622 | const EVP_MD *EVP_sha256(void); |
@@ -659,8 +625,6 @@ const EVP_MD *EVP_sha256(void); | |||
659 | const EVP_MD *EVP_sha384(void); | 625 | const EVP_MD *EVP_sha384(void); |
660 | const EVP_MD *EVP_sha512(void); | 626 | const EVP_MD *EVP_sha512(void); |
661 | #endif | 627 | #endif |
662 | #endif | ||
663 | #endif | ||
664 | #ifndef OPENSSL_NO_MDC2 | 628 | #ifndef OPENSSL_NO_MDC2 |
665 | const EVP_MD *EVP_mdc2(void); | 629 | const EVP_MD *EVP_mdc2(void); |
666 | #endif | 630 | #endif |
@@ -778,6 +742,37 @@ const EVP_CIPHER *EVP_aes_256_ofb(void); | |||
778 | const EVP_CIPHER *EVP_aes_256_ctr(void); | 742 | const EVP_CIPHER *EVP_aes_256_ctr(void); |
779 | #endif | 743 | #endif |
780 | #endif | 744 | #endif |
745 | #ifndef OPENSSL_NO_CAMELLIA | ||
746 | const EVP_CIPHER *EVP_camellia_128_ecb(void); | ||
747 | const EVP_CIPHER *EVP_camellia_128_cbc(void); | ||
748 | const EVP_CIPHER *EVP_camellia_128_cfb1(void); | ||
749 | const EVP_CIPHER *EVP_camellia_128_cfb8(void); | ||
750 | const EVP_CIPHER *EVP_camellia_128_cfb128(void); | ||
751 | # define EVP_camellia_128_cfb EVP_camellia_128_cfb128 | ||
752 | const EVP_CIPHER *EVP_camellia_128_ofb(void); | ||
753 | const EVP_CIPHER *EVP_camellia_192_ecb(void); | ||
754 | const EVP_CIPHER *EVP_camellia_192_cbc(void); | ||
755 | const EVP_CIPHER *EVP_camellia_192_cfb1(void); | ||
756 | const EVP_CIPHER *EVP_camellia_192_cfb8(void); | ||
757 | const EVP_CIPHER *EVP_camellia_192_cfb128(void); | ||
758 | # define EVP_camellia_192_cfb EVP_camellia_192_cfb128 | ||
759 | const EVP_CIPHER *EVP_camellia_192_ofb(void); | ||
760 | const EVP_CIPHER *EVP_camellia_256_ecb(void); | ||
761 | const EVP_CIPHER *EVP_camellia_256_cbc(void); | ||
762 | const EVP_CIPHER *EVP_camellia_256_cfb1(void); | ||
763 | const EVP_CIPHER *EVP_camellia_256_cfb8(void); | ||
764 | const EVP_CIPHER *EVP_camellia_256_cfb128(void); | ||
765 | # define EVP_camellia_256_cfb EVP_camellia_256_cfb128 | ||
766 | const EVP_CIPHER *EVP_camellia_256_ofb(void); | ||
767 | #endif | ||
768 | |||
769 | #ifndef OPENSSL_NO_SEED | ||
770 | const EVP_CIPHER *EVP_seed_ecb(void); | ||
771 | const EVP_CIPHER *EVP_seed_cbc(void); | ||
772 | const EVP_CIPHER *EVP_seed_cfb128(void); | ||
773 | # define EVP_seed_cfb EVP_seed_cfb128 | ||
774 | const EVP_CIPHER *EVP_seed_ofb(void); | ||
775 | #endif | ||
781 | 776 | ||
782 | void OPENSSL_add_all_algorithms_noconf(void); | 777 | void OPENSSL_add_all_algorithms_noconf(void); |
783 | void OPENSSL_add_all_algorithms_conf(void); | 778 | void OPENSSL_add_all_algorithms_conf(void); |
@@ -803,10 +798,12 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name); | |||
803 | const EVP_MD *EVP_get_digestbyname(const char *name); | 798 | const EVP_MD *EVP_get_digestbyname(const char *name); |
804 | void EVP_cleanup(void); | 799 | void EVP_cleanup(void); |
805 | 800 | ||
806 | int EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key, | 801 | int EVP_PKEY_decrypt(unsigned char *dec_key, |
807 | int enc_key_len,EVP_PKEY *private_key); | 802 | const unsigned char *enc_key,int enc_key_len, |
803 | EVP_PKEY *private_key); | ||
808 | int EVP_PKEY_encrypt(unsigned char *enc_key, | 804 | int EVP_PKEY_encrypt(unsigned char *enc_key, |
809 | unsigned char *key,int key_len,EVP_PKEY *pub_key); | 805 | const unsigned char *key,int key_len, |
806 | EVP_PKEY *pub_key); | ||
810 | int EVP_PKEY_type(int type); | 807 | int EVP_PKEY_type(int type); |
811 | int EVP_PKEY_bits(EVP_PKEY *pkey); | 808 | int EVP_PKEY_bits(EVP_PKEY *pkey); |
812 | int EVP_PKEY_size(EVP_PKEY *pkey); | 809 | int EVP_PKEY_size(EVP_PKEY *pkey); |
@@ -827,24 +824,31 @@ struct dh_st; | |||
827 | int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key); | 824 | int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key); |
828 | struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); | 825 | struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); |
829 | #endif | 826 | #endif |
830 | 827 | #ifndef OPENSSL_NO_EC | |
828 | struct ec_key_st; | ||
829 | int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,struct ec_key_st *key); | ||
830 | struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); | ||
831 | #endif | ||
831 | 832 | ||
832 | EVP_PKEY * EVP_PKEY_new(void); | 833 | EVP_PKEY * EVP_PKEY_new(void); |
833 | void EVP_PKEY_free(EVP_PKEY *pkey); | 834 | void EVP_PKEY_free(EVP_PKEY *pkey); |
834 | EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp, | 835 | |
836 | EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp, | ||
835 | long length); | 837 | long length); |
836 | int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); | 838 | int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); |
837 | 839 | ||
838 | EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp, | 840 | EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, const unsigned char **pp, |
839 | long length); | 841 | long length); |
840 | EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp, | 842 | EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, |
841 | long length); | 843 | long length); |
842 | int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); | 844 | int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); |
843 | 845 | ||
844 | int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from); | 846 | int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); |
845 | int EVP_PKEY_missing_parameters(EVP_PKEY *pkey); | 847 | int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); |
846 | int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); | 848 | int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); |
847 | int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b); | 849 | int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); |
850 | |||
851 | int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); | ||
848 | 852 | ||
849 | int EVP_CIPHER_type(const EVP_CIPHER *ctx); | 853 | int EVP_CIPHER_type(const EVP_CIPHER *ctx); |
850 | 854 | ||
@@ -861,7 +865,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
861 | ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, | 865 | ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, |
862 | int en_de); | 866 | int en_de); |
863 | int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, | 867 | int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, |
864 | unsigned char *salt, int saltlen, int iter, | 868 | const unsigned char *salt, int saltlen, int iter, |
865 | int keylen, unsigned char *out); | 869 | int keylen, unsigned char *out); |
866 | int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | 870 | int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, |
867 | ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, | 871 | ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, |
@@ -884,30 +888,32 @@ void ERR_load_EVP_strings(void); | |||
884 | /* Error codes for the EVP functions. */ | 888 | /* Error codes for the EVP functions. */ |
885 | 889 | ||
886 | /* Function codes. */ | 890 | /* Function codes. */ |
887 | #define EVP_F_AES_INIT_KEY 129 | 891 | #define EVP_F_AES_INIT_KEY 133 |
892 | #define EVP_F_CAMELLIA_INIT_KEY 159 | ||
888 | #define EVP_F_D2I_PKEY 100 | 893 | #define EVP_F_D2I_PKEY 100 |
889 | #define EVP_F_EVP_ADD_CIPHER 130 | 894 | #define EVP_F_DSAPKEY2PKCS8 134 |
890 | #define EVP_F_EVP_ADD_DIGEST 131 | 895 | #define EVP_F_DSA_PKEY2PKCS8 135 |
891 | #define EVP_F_EVP_CIPHERINIT 123 | 896 | #define EVP_F_ECDSA_PKEY2PKCS8 129 |
897 | #define EVP_F_ECKEY_PKEY2PKCS8 132 | ||
898 | #define EVP_F_EVP_CIPHERINIT_EX 123 | ||
892 | #define EVP_F_EVP_CIPHER_CTX_CTRL 124 | 899 | #define EVP_F_EVP_CIPHER_CTX_CTRL 124 |
893 | #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 | 900 | #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 |
894 | #define EVP_F_EVP_DECRYPTFINAL 101 | 901 | #define EVP_F_EVP_DECRYPTFINAL_EX 101 |
895 | #define EVP_F_EVP_DIGESTINIT 128 | 902 | #define EVP_F_EVP_DIGESTINIT_EX 128 |
896 | #define EVP_F_EVP_ENCRYPTFINAL 127 | 903 | #define EVP_F_EVP_ENCRYPTFINAL_EX 127 |
897 | #define EVP_F_EVP_GET_CIPHERBYNAME 132 | 904 | #define EVP_F_EVP_MD_CTX_COPY_EX 110 |
898 | #define EVP_F_EVP_GET_DIGESTBYNAME 133 | ||
899 | #define EVP_F_EVP_MD_CTX_COPY 110 | ||
900 | #define EVP_F_EVP_OPENINIT 102 | 905 | #define EVP_F_EVP_OPENINIT 102 |
901 | #define EVP_F_EVP_PBE_ALG_ADD 115 | 906 | #define EVP_F_EVP_PBE_ALG_ADD 115 |
902 | #define EVP_F_EVP_PBE_CIPHERINIT 116 | 907 | #define EVP_F_EVP_PBE_CIPHERINIT 116 |
903 | #define EVP_F_EVP_PKCS82PKEY 111 | 908 | #define EVP_F_EVP_PKCS82PKEY 111 |
904 | #define EVP_F_EVP_PKCS8_SET_BROKEN 112 | 909 | #define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 |
905 | #define EVP_F_EVP_PKEY2PKCS8 113 | ||
906 | #define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 | 910 | #define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 |
907 | #define EVP_F_EVP_PKEY_DECRYPT 104 | 911 | #define EVP_F_EVP_PKEY_DECRYPT 104 |
908 | #define EVP_F_EVP_PKEY_ENCRYPT 105 | 912 | #define EVP_F_EVP_PKEY_ENCRYPT 105 |
909 | #define EVP_F_EVP_PKEY_GET1_DH 119 | 913 | #define EVP_F_EVP_PKEY_GET1_DH 119 |
910 | #define EVP_F_EVP_PKEY_GET1_DSA 120 | 914 | #define EVP_F_EVP_PKEY_GET1_DSA 120 |
915 | #define EVP_F_EVP_PKEY_GET1_ECDSA 130 | ||
916 | #define EVP_F_EVP_PKEY_GET1_EC_KEY 131 | ||
911 | #define EVP_F_EVP_PKEY_GET1_RSA 121 | 917 | #define EVP_F_EVP_PKEY_GET1_RSA 121 |
912 | #define EVP_F_EVP_PKEY_NEW 106 | 918 | #define EVP_F_EVP_PKEY_NEW 106 |
913 | #define EVP_F_EVP_RIJNDAEL 126 | 919 | #define EVP_F_EVP_RIJNDAEL 126 |
@@ -915,28 +921,32 @@ void ERR_load_EVP_strings(void); | |||
915 | #define EVP_F_EVP_VERIFYFINAL 108 | 921 | #define EVP_F_EVP_VERIFYFINAL 108 |
916 | #define EVP_F_PKCS5_PBE_KEYIVGEN 117 | 922 | #define EVP_F_PKCS5_PBE_KEYIVGEN 117 |
917 | #define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 | 923 | #define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 |
924 | #define EVP_F_PKCS8_SET_BROKEN 112 | ||
918 | #define EVP_F_RC2_MAGIC_TO_METH 109 | 925 | #define EVP_F_RC2_MAGIC_TO_METH 109 |
919 | #define EVP_F_RC5_CTRL 125 | 926 | #define EVP_F_RC5_CTRL 125 |
920 | 927 | ||
921 | /* Reason codes. */ | 928 | /* Reason codes. */ |
922 | #define EVP_R_AES_KEY_SETUP_FAILED 140 | 929 | #define EVP_R_AES_KEY_SETUP_FAILED 143 |
930 | #define EVP_R_ASN1_LIB 140 | ||
923 | #define EVP_R_BAD_BLOCK_LENGTH 136 | 931 | #define EVP_R_BAD_BLOCK_LENGTH 136 |
924 | #define EVP_R_BAD_DECRYPT 100 | 932 | #define EVP_R_BAD_DECRYPT 100 |
925 | #define EVP_R_BAD_KEY_LENGTH 137 | 933 | #define EVP_R_BAD_KEY_LENGTH 137 |
926 | #define EVP_R_BN_DECODE_ERROR 112 | 934 | #define EVP_R_BN_DECODE_ERROR 112 |
927 | #define EVP_R_BN_PUBKEY_ERROR 113 | 935 | #define EVP_R_BN_PUBKEY_ERROR 113 |
936 | #define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 | ||
928 | #define EVP_R_CIPHER_PARAMETER_ERROR 122 | 937 | #define EVP_R_CIPHER_PARAMETER_ERROR 122 |
929 | #define EVP_R_CTRL_NOT_IMPLEMENTED 132 | 938 | #define EVP_R_CTRL_NOT_IMPLEMENTED 132 |
930 | #define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 | 939 | #define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 |
931 | #define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 | 940 | #define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 |
932 | #define EVP_R_DECODE_ERROR 114 | 941 | #define EVP_R_DECODE_ERROR 114 |
933 | #define EVP_R_DIFFERENT_KEY_TYPES 101 | 942 | #define EVP_R_DIFFERENT_KEY_TYPES 101 |
934 | #define EVP_R_DISABLED_FOR_FIPS 141 | ||
935 | #define EVP_R_ENCODE_ERROR 115 | 943 | #define EVP_R_ENCODE_ERROR 115 |
936 | #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 | 944 | #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 |
937 | #define EVP_R_EXPECTING_AN_RSA_KEY 127 | 945 | #define EVP_R_EXPECTING_AN_RSA_KEY 127 |
938 | #define EVP_R_EXPECTING_A_DH_KEY 128 | 946 | #define EVP_R_EXPECTING_A_DH_KEY 128 |
939 | #define EVP_R_EXPECTING_A_DSA_KEY 129 | 947 | #define EVP_R_EXPECTING_A_DSA_KEY 129 |
948 | #define EVP_R_EXPECTING_A_ECDSA_KEY 141 | ||
949 | #define EVP_R_EXPECTING_A_EC_KEY 142 | ||
940 | #define EVP_R_INITIALIZATION_ERROR 134 | 950 | #define EVP_R_INITIALIZATION_ERROR 134 |
941 | #define EVP_R_INPUT_NOT_INITIALIZED 111 | 951 | #define EVP_R_INPUT_NOT_INITIALIZED 111 |
942 | #define EVP_R_INVALID_KEY_LENGTH 130 | 952 | #define EVP_R_INVALID_KEY_LENGTH 130 |
@@ -961,6 +971,7 @@ void ERR_load_EVP_strings(void); | |||
961 | #define EVP_R_UNSUPPORTED_SALT_TYPE 126 | 971 | #define EVP_R_UNSUPPORTED_SALT_TYPE 126 |
962 | #define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 | 972 | #define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 |
963 | #define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 | 973 | #define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 |
974 | #define EVP_R_SEED_KEY_SETUP_FAILED 162 | ||
964 | 975 | ||
965 | #ifdef __cplusplus | 976 | #ifdef __cplusplus |
966 | } | 977 | } |
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index f549eeb437..a1904993bf 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c | |||
@@ -60,12 +60,13 @@ | |||
60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
61 | #include <openssl/evp.h> | 61 | #include <openssl/evp.h> |
62 | #include <openssl/err.h> | 62 | #include <openssl/err.h> |
63 | #include <openssl/rand.h> | ||
63 | #ifndef OPENSSL_NO_ENGINE | 64 | #ifndef OPENSSL_NO_ENGINE |
64 | #include <openssl/engine.h> | 65 | #include <openssl/engine.h> |
65 | #endif | 66 | #endif |
66 | #include "evp_locl.h" | 67 | #include "evp_locl.h" |
67 | 68 | ||
68 | const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT; | 69 | const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; |
69 | 70 | ||
70 | void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) | 71 | void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) |
71 | { | 72 | { |
@@ -73,6 +74,13 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) | |||
73 | /* ctx->cipher=NULL; */ | 74 | /* ctx->cipher=NULL; */ |
74 | } | 75 | } |
75 | 76 | ||
77 | EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) | ||
78 | { | ||
79 | EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx); | ||
80 | if (ctx) | ||
81 | EVP_CIPHER_CTX_init(ctx); | ||
82 | return ctx; | ||
83 | } | ||
76 | 84 | ||
77 | int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, | 85 | int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, |
78 | const unsigned char *key, const unsigned char *iv, int enc) | 86 | const unsigned char *key, const unsigned char *iv, int enc) |
@@ -82,48 +90,6 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, | |||
82 | return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); | 90 | return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); |
83 | } | 91 | } |
84 | 92 | ||
85 | #ifdef OPENSSL_FIPS | ||
86 | |||
87 | /* The purpose of these is to trap programs that attempt to use non FIPS | ||
88 | * algorithms in FIPS mode and ignore the errors. | ||
89 | */ | ||
90 | |||
91 | int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, | ||
92 | const unsigned char *iv, int enc) | ||
93 | { FIPS_ERROR_IGNORED("Cipher init"); return 0;} | ||
94 | |||
95 | int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
96 | const unsigned char *in, unsigned int inl) | ||
97 | { FIPS_ERROR_IGNORED("Cipher update"); return 0;} | ||
98 | |||
99 | /* NB: no cleanup because it is allowed after failed init */ | ||
100 | |||
101 | int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) | ||
102 | { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;} | ||
103 | int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) | ||
104 | { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;} | ||
105 | int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) | ||
106 | { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;} | ||
107 | |||
108 | static const EVP_CIPHER bad_cipher = | ||
109 | { | ||
110 | 0, | ||
111 | 0, | ||
112 | 0, | ||
113 | 0, | ||
114 | 0, | ||
115 | bad_init, | ||
116 | bad_do_cipher, | ||
117 | NULL, | ||
118 | 0, | ||
119 | bad_set_asn1, | ||
120 | bad_get_asn1, | ||
121 | bad_ctrl, | ||
122 | NULL | ||
123 | }; | ||
124 | |||
125 | #endif | ||
126 | |||
127 | int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, | 93 | int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, |
128 | const unsigned char *key, const unsigned char *iv, int enc) | 94 | const unsigned char *key, const unsigned char *iv, int enc) |
129 | { | 95 | { |
@@ -158,7 +124,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp | |||
158 | { | 124 | { |
159 | if (!ENGINE_init(impl)) | 125 | if (!ENGINE_init(impl)) |
160 | { | 126 | { |
161 | EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); | 127 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); |
162 | return 0; | 128 | return 0; |
163 | } | 129 | } |
164 | } | 130 | } |
@@ -175,7 +141,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp | |||
175 | * control history, is that we should at least | 141 | * control history, is that we should at least |
176 | * be able to avoid using US mispellings of | 142 | * be able to avoid using US mispellings of |
177 | * "initialisation"? */ | 143 | * "initialisation"? */ |
178 | EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); | 144 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); |
179 | return 0; | 145 | return 0; |
180 | } | 146 | } |
181 | /* We'll use the ENGINE's private cipher definition */ | 147 | /* We'll use the ENGINE's private cipher definition */ |
@@ -188,13 +154,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp | |||
188 | else | 154 | else |
189 | ctx->engine = NULL; | 155 | ctx->engine = NULL; |
190 | #endif | 156 | #endif |
157 | |||
191 | ctx->cipher=cipher; | 158 | ctx->cipher=cipher; |
192 | if (ctx->cipher->ctx_size) | 159 | if (ctx->cipher->ctx_size) |
193 | { | 160 | { |
194 | ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); | 161 | ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); |
195 | if (!ctx->cipher_data) | 162 | if (!ctx->cipher_data) |
196 | { | 163 | { |
197 | EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE); | 164 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); |
198 | return 0; | 165 | return 0; |
199 | } | 166 | } |
200 | } | 167 | } |
@@ -208,14 +175,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp | |||
208 | { | 175 | { |
209 | if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) | 176 | if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) |
210 | { | 177 | { |
211 | EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); | 178 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); |
212 | return 0; | 179 | return 0; |
213 | } | 180 | } |
214 | } | 181 | } |
215 | } | 182 | } |
216 | else if(!ctx->cipher) | 183 | else if(!ctx->cipher) |
217 | { | 184 | { |
218 | EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET); | 185 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET); |
219 | return 0; | 186 | return 0; |
220 | } | 187 | } |
221 | #ifndef OPENSSL_NO_ENGINE | 188 | #ifndef OPENSSL_NO_ENGINE |
@@ -240,7 +207,8 @@ skip_to_init: | |||
240 | 207 | ||
241 | case EVP_CIPH_CBC_MODE: | 208 | case EVP_CIPH_CBC_MODE: |
242 | 209 | ||
243 | OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv); | 210 | OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= |
211 | (int)sizeof(ctx->iv)); | ||
244 | if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); | 212 | if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); |
245 | memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); | 213 | memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); |
246 | break; | 214 | break; |
@@ -251,24 +219,6 @@ skip_to_init: | |||
251 | } | 219 | } |
252 | } | 220 | } |
253 | 221 | ||
254 | #ifdef OPENSSL_FIPS | ||
255 | /* After 'key' is set no further parameters changes are permissible. | ||
256 | * So only check for non FIPS enabling at this point. | ||
257 | */ | ||
258 | if (key && FIPS_mode()) | ||
259 | { | ||
260 | if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS) | ||
261 | & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) | ||
262 | { | ||
263 | EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS); | ||
264 | ERR_add_error_data(2, "cipher=", | ||
265 | EVP_CIPHER_name(ctx->cipher)); | ||
266 | ctx->cipher = &bad_cipher; | ||
267 | return 0; | ||
268 | } | ||
269 | } | ||
270 | #endif | ||
271 | |||
272 | if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { | 222 | if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { |
273 | if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; | 223 | if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; |
274 | } | 224 | } |
@@ -345,7 +295,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, | |||
345 | } | 295 | } |
346 | i=ctx->buf_len; | 296 | i=ctx->buf_len; |
347 | bl=ctx->cipher->block_size; | 297 | bl=ctx->cipher->block_size; |
348 | OPENSSL_assert(bl <= sizeof ctx->buf); | 298 | OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); |
349 | if (i != 0) | 299 | if (i != 0) |
350 | { | 300 | { |
351 | if (i+inl < bl) | 301 | if (i+inl < bl) |
@@ -391,7 +341,8 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
391 | 341 | ||
392 | int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | 342 | int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
393 | { | 343 | { |
394 | int i,n,b,bl,ret; | 344 | int n,ret; |
345 | unsigned int i, b, bl; | ||
395 | 346 | ||
396 | b=ctx->cipher->block_size; | 347 | b=ctx->cipher->block_size; |
397 | OPENSSL_assert(b <= sizeof ctx->buf); | 348 | OPENSSL_assert(b <= sizeof ctx->buf); |
@@ -405,7 +356,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
405 | { | 356 | { |
406 | if(bl) | 357 | if(bl) |
407 | { | 358 | { |
408 | EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); | 359 | EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); |
409 | return 0; | 360 | return 0; |
410 | } | 361 | } |
411 | *outl = 0; | 362 | *outl = 0; |
@@ -427,7 +378,8 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
427 | int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, | 378 | int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, |
428 | const unsigned char *in, int inl) | 379 | const unsigned char *in, int inl) |
429 | { | 380 | { |
430 | int b, fix_len; | 381 | int fix_len; |
382 | unsigned int b; | ||
431 | 383 | ||
432 | if (inl == 0) | 384 | if (inl == 0) |
433 | { | 385 | { |
@@ -480,8 +432,8 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
480 | 432 | ||
481 | int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | 433 | int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
482 | { | 434 | { |
483 | int i,b; | 435 | int i,n; |
484 | int n; | 436 | unsigned int b; |
485 | 437 | ||
486 | *outl=0; | 438 | *outl=0; |
487 | b=ctx->cipher->block_size; | 439 | b=ctx->cipher->block_size; |
@@ -489,7 +441,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
489 | { | 441 | { |
490 | if(ctx->buf_len) | 442 | if(ctx->buf_len) |
491 | { | 443 | { |
492 | EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); | 444 | EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); |
493 | return 0; | 445 | return 0; |
494 | } | 446 | } |
495 | *outl = 0; | 447 | *outl = 0; |
@@ -499,21 +451,21 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
499 | { | 451 | { |
500 | if (ctx->buf_len || !ctx->final_used) | 452 | if (ctx->buf_len || !ctx->final_used) |
501 | { | 453 | { |
502 | EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH); | 454 | EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH); |
503 | return(0); | 455 | return(0); |
504 | } | 456 | } |
505 | OPENSSL_assert(b <= sizeof ctx->final); | 457 | OPENSSL_assert(b <= sizeof ctx->final); |
506 | n=ctx->final[b-1]; | 458 | n=ctx->final[b-1]; |
507 | if (n > b) | 459 | if (n == 0 || n > (int)b) |
508 | { | 460 | { |
509 | EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); | 461 | EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); |
510 | return(0); | 462 | return(0); |
511 | } | 463 | } |
512 | for (i=0; i<n; i++) | 464 | for (i=0; i<n; i++) |
513 | { | 465 | { |
514 | if (ctx->final[--b] != n) | 466 | if (ctx->final[--b] != n) |
515 | { | 467 | { |
516 | EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); | 468 | EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); |
517 | return(0); | 469 | return(0); |
518 | } | 470 | } |
519 | } | 471 | } |
@@ -527,6 +479,15 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
527 | return(1); | 479 | return(1); |
528 | } | 480 | } |
529 | 481 | ||
482 | void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) | ||
483 | { | ||
484 | if (ctx) | ||
485 | { | ||
486 | EVP_CIPHER_CTX_cleanup(ctx); | ||
487 | OPENSSL_free(ctx); | ||
488 | } | ||
489 | } | ||
490 | |||
530 | int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) | 491 | int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) |
531 | { | 492 | { |
532 | if (c->cipher != NULL) | 493 | if (c->cipher != NULL) |
@@ -590,3 +551,13 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) | |||
590 | } | 551 | } |
591 | return ret; | 552 | return ret; |
592 | } | 553 | } |
554 | |||
555 | int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) | ||
556 | { | ||
557 | if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) | ||
558 | return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); | ||
559 | if (RAND_bytes(key, ctx->key_len) <= 0) | ||
560 | return 0; | ||
561 | return 1; | ||
562 | } | ||
563 | |||
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c index 77eee070d3..e8c9e8de9c 100644 --- a/src/lib/libcrypto/evp/evp_err.c +++ b/src/lib/libcrypto/evp/evp_err.c | |||
@@ -71,29 +71,31 @@ | |||
71 | static ERR_STRING_DATA EVP_str_functs[]= | 71 | static ERR_STRING_DATA EVP_str_functs[]= |
72 | { | 72 | { |
73 | {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, | 73 | {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, |
74 | {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, | ||
74 | {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, | 75 | {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, |
75 | {ERR_FUNC(EVP_F_EVP_ADD_CIPHER), "EVP_add_cipher"}, | 76 | {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, |
76 | {ERR_FUNC(EVP_F_EVP_ADD_DIGEST), "EVP_add_digest"}, | 77 | {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"}, |
77 | {ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"}, | 78 | {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"}, |
79 | {ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"}, | ||
80 | {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, | ||
78 | {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, | 81 | {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, |
79 | {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"}, | 82 | {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"}, |
80 | {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL), "EVP_DecryptFinal"}, | 83 | {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, |
81 | {ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"}, | 84 | {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, |
82 | {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL), "EVP_EncryptFinal"}, | 85 | {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, |
83 | {ERR_FUNC(EVP_F_EVP_GET_CIPHERBYNAME), "EVP_get_cipherbyname"}, | 86 | {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, |
84 | {ERR_FUNC(EVP_F_EVP_GET_DIGESTBYNAME), "EVP_get_digestbyname"}, | ||
85 | {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY), "EVP_MD_CTX_copy"}, | ||
86 | {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, | 87 | {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, |
87 | {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, | 88 | {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, |
88 | {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, | 89 | {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, |
89 | {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, | 90 | {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, |
90 | {ERR_FUNC(EVP_F_EVP_PKCS8_SET_BROKEN), "EVP_PKCS8_SET_BROKEN"}, | 91 | {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"}, |
91 | {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8), "EVP_PKEY2PKCS8"}, | ||
92 | {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, | 92 | {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, |
93 | {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"}, | 93 | {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"}, |
94 | {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, | 94 | {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, |
95 | {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"}, | 95 | {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"}, |
96 | {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"}, | 96 | {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"}, |
97 | {ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"}, | ||
98 | {ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"}, | ||
97 | {ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"}, | 99 | {ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"}, |
98 | {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, | 100 | {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, |
99 | {ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, | 101 | {ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, |
@@ -101,6 +103,7 @@ static ERR_STRING_DATA EVP_str_functs[]= | |||
101 | {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, | 103 | {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, |
102 | {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, | 104 | {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, |
103 | {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, | 105 | {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, |
106 | {ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"}, | ||
104 | {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, | 107 | {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, |
105 | {ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, | 108 | {ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, |
106 | {0,NULL} | 109 | {0,NULL} |
@@ -109,23 +112,26 @@ static ERR_STRING_DATA EVP_str_functs[]= | |||
109 | static ERR_STRING_DATA EVP_str_reasons[]= | 112 | static ERR_STRING_DATA EVP_str_reasons[]= |
110 | { | 113 | { |
111 | {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"}, | 114 | {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"}, |
115 | {ERR_REASON(EVP_R_ASN1_LIB) ,"asn1 lib"}, | ||
112 | {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"}, | 116 | {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"}, |
113 | {ERR_REASON(EVP_R_BAD_DECRYPT) ,"bad decrypt"}, | 117 | {ERR_REASON(EVP_R_BAD_DECRYPT) ,"bad decrypt"}, |
114 | {ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"}, | 118 | {ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"}, |
115 | {ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"}, | 119 | {ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"}, |
116 | {ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"}, | 120 | {ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"}, |
121 | {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),"camellia key setup failed"}, | ||
117 | {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"}, | 122 | {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"}, |
118 | {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"}, | 123 | {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"}, |
119 | {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"}, | 124 | {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"}, |
120 | {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"}, | 125 | {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"}, |
121 | {ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, | 126 | {ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, |
122 | {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, | 127 | {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, |
123 | {ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"}, | ||
124 | {ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, | 128 | {ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, |
125 | {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, | 129 | {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, |
126 | {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, | 130 | {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, |
127 | {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"}, | 131 | {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"}, |
128 | {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"}, | 132 | {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"}, |
133 | {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"}, | ||
134 | {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) ,"expecting a ec key"}, | ||
129 | {ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"}, | 135 | {ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"}, |
130 | {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"}, | 136 | {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"}, |
131 | {ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"}, | 137 | {ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"}, |
@@ -157,15 +163,12 @@ static ERR_STRING_DATA EVP_str_reasons[]= | |||
157 | 163 | ||
158 | void ERR_load_EVP_strings(void) | 164 | void ERR_load_EVP_strings(void) |
159 | { | 165 | { |
160 | static int init=1; | 166 | #ifndef OPENSSL_NO_ERR |
161 | 167 | ||
162 | if (init) | 168 | if (ERR_func_error_string(EVP_str_functs[0].error) == NULL) |
163 | { | 169 | { |
164 | init=0; | ||
165 | #ifndef OPENSSL_NO_ERR | ||
166 | ERR_load_strings(0,EVP_str_functs); | 170 | ERR_load_strings(0,EVP_str_functs); |
167 | ERR_load_strings(0,EVP_str_reasons); | 171 | ERR_load_strings(0,EVP_str_reasons); |
168 | #endif | ||
169 | |||
170 | } | 172 | } |
173 | #endif | ||
171 | } | 174 | } |
diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c index f8650d5df6..361ea69ab6 100644 --- a/src/lib/libcrypto/evp/evp_key.c +++ b/src/lib/libcrypto/evp/evp_key.c | |||
@@ -66,7 +66,7 @@ | |||
66 | /* should be init to zeros. */ | 66 | /* should be init to zeros. */ |
67 | static char prompt_string[80]; | 67 | static char prompt_string[80]; |
68 | 68 | ||
69 | void EVP_set_pw_prompt(char *prompt) | 69 | void EVP_set_pw_prompt(const char *prompt) |
70 | { | 70 | { |
71 | if (prompt == NULL) | 71 | if (prompt == NULL) |
72 | prompt_string[0]='\0'; | 72 | prompt_string[0]='\0'; |
diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c index a63ba19317..edb28ef38e 100644 --- a/src/lib/libcrypto/evp/evp_lib.c +++ b/src/lib/libcrypto/evp/evp_lib.c | |||
@@ -68,7 +68,7 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) | |||
68 | if (c->cipher->set_asn1_parameters != NULL) | 68 | if (c->cipher->set_asn1_parameters != NULL) |
69 | ret=c->cipher->set_asn1_parameters(c,type); | 69 | ret=c->cipher->set_asn1_parameters(c,type); |
70 | else | 70 | else |
71 | return -1; | 71 | ret=-1; |
72 | return(ret); | 72 | return(ret); |
73 | } | 73 | } |
74 | 74 | ||
@@ -79,20 +79,21 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) | |||
79 | if (c->cipher->get_asn1_parameters != NULL) | 79 | if (c->cipher->get_asn1_parameters != NULL) |
80 | ret=c->cipher->get_asn1_parameters(c,type); | 80 | ret=c->cipher->get_asn1_parameters(c,type); |
81 | else | 81 | else |
82 | return -1; | 82 | ret=-1; |
83 | return(ret); | 83 | return(ret); |
84 | } | 84 | } |
85 | 85 | ||
86 | int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) | 86 | int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) |
87 | { | 87 | { |
88 | int i=0,l; | 88 | int i=0; |
89 | unsigned int l; | ||
89 | 90 | ||
90 | if (type != NULL) | 91 | if (type != NULL) |
91 | { | 92 | { |
92 | l=EVP_CIPHER_CTX_iv_length(c); | 93 | l=EVP_CIPHER_CTX_iv_length(c); |
93 | OPENSSL_assert(l <= sizeof c->iv); | 94 | OPENSSL_assert(l <= sizeof(c->iv)); |
94 | i=ASN1_TYPE_get_octetstring(type,c->oiv,l); | 95 | i=ASN1_TYPE_get_octetstring(type,c->oiv,l); |
95 | if (i != l) | 96 | if (i != (int)l) |
96 | return(-1); | 97 | return(-1); |
97 | else if (i > 0) | 98 | else if (i > 0) |
98 | memcpy(c->iv,c->oiv,l); | 99 | memcpy(c->iv,c->oiv,l); |
@@ -102,12 +103,13 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) | |||
102 | 103 | ||
103 | int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) | 104 | int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) |
104 | { | 105 | { |
105 | int i=0,j; | 106 | int i=0; |
107 | unsigned int j; | ||
106 | 108 | ||
107 | if (type != NULL) | 109 | if (type != NULL) |
108 | { | 110 | { |
109 | j=EVP_CIPHER_CTX_iv_length(c); | 111 | j=EVP_CIPHER_CTX_iv_length(c); |
110 | OPENSSL_assert(j <= sizeof c->iv); | 112 | OPENSSL_assert(j <= sizeof(c->iv)); |
111 | i=ASN1_TYPE_set_octetstring(type,c->oiv,j); | 113 | i=ASN1_TYPE_set_octetstring(type,c->oiv,j); |
112 | } | 114 | } |
113 | return(i); | 115 | return(i); |
@@ -166,3 +168,112 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx) | |||
166 | } | 168 | } |
167 | } | 169 | } |
168 | 170 | ||
171 | int EVP_CIPHER_block_size(const EVP_CIPHER *e) | ||
172 | { | ||
173 | return e->block_size; | ||
174 | } | ||
175 | |||
176 | int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) | ||
177 | { | ||
178 | return ctx->cipher->block_size; | ||
179 | } | ||
180 | |||
181 | int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) | ||
182 | { | ||
183 | return ctx->cipher->do_cipher(ctx,out,in,inl); | ||
184 | } | ||
185 | |||
186 | const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) | ||
187 | { | ||
188 | return ctx->cipher; | ||
189 | } | ||
190 | |||
191 | unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) | ||
192 | { | ||
193 | return cipher->flags; | ||
194 | } | ||
195 | |||
196 | unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) | ||
197 | { | ||
198 | return ctx->cipher->flags; | ||
199 | } | ||
200 | |||
201 | void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) | ||
202 | { | ||
203 | return ctx->app_data; | ||
204 | } | ||
205 | |||
206 | void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) | ||
207 | { | ||
208 | ctx->app_data = data; | ||
209 | } | ||
210 | |||
211 | int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) | ||
212 | { | ||
213 | return cipher->iv_len; | ||
214 | } | ||
215 | |||
216 | int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) | ||
217 | { | ||
218 | return ctx->cipher->iv_len; | ||
219 | } | ||
220 | |||
221 | int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) | ||
222 | { | ||
223 | return cipher->key_len; | ||
224 | } | ||
225 | |||
226 | int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) | ||
227 | { | ||
228 | return ctx->key_len; | ||
229 | } | ||
230 | |||
231 | int EVP_CIPHER_nid(const EVP_CIPHER *cipher) | ||
232 | { | ||
233 | return cipher->nid; | ||
234 | } | ||
235 | |||
236 | int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) | ||
237 | { | ||
238 | return ctx->cipher->nid; | ||
239 | } | ||
240 | |||
241 | int EVP_MD_block_size(const EVP_MD *md) | ||
242 | { | ||
243 | return md->block_size; | ||
244 | } | ||
245 | |||
246 | int EVP_MD_type(const EVP_MD *md) | ||
247 | { | ||
248 | return md->type; | ||
249 | } | ||
250 | |||
251 | int EVP_MD_pkey_type(const EVP_MD *md) | ||
252 | { | ||
253 | return md->pkey_type; | ||
254 | } | ||
255 | |||
256 | int EVP_MD_size(const EVP_MD *md) | ||
257 | { | ||
258 | return md->md_size; | ||
259 | } | ||
260 | |||
261 | const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx) | ||
262 | { | ||
263 | return ctx->digest; | ||
264 | } | ||
265 | |||
266 | void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags) | ||
267 | { | ||
268 | ctx->flags |= flags; | ||
269 | } | ||
270 | |||
271 | void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags) | ||
272 | { | ||
273 | ctx->flags &= ~flags; | ||
274 | } | ||
275 | |||
276 | int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags) | ||
277 | { | ||
278 | return (ctx->flags & flags); | ||
279 | } | ||
diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h index f8c5343620..073b0adcff 100644 --- a/src/lib/libcrypto/evp/evp_locl.h +++ b/src/lib/libcrypto/evp/evp_locl.h | |||
@@ -65,7 +65,7 @@ | |||
65 | bl = ctx->cipher->block_size;\ | 65 | bl = ctx->cipher->block_size;\ |
66 | if(inl < bl) return 1;\ | 66 | if(inl < bl) return 1;\ |
67 | inl -= bl; \ | 67 | inl -= bl; \ |
68 | for(i=0; i <= inl; i+=bl) \ | 68 | for(i=0; i <= inl; i+=bl) |
69 | 69 | ||
70 | #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ | 70 | #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ |
71 | static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ | 71 | static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ |
@@ -92,7 +92,7 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns | |||
92 | #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ | 92 | #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ |
93 | static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ | 93 | static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ |
94 | {\ | 94 | {\ |
95 | cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ | 95 | cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ |
96 | return 1;\ | 96 | return 1;\ |
97 | } | 97 | } |
98 | 98 | ||
@@ -226,27 +226,11 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } | |||
226 | 226 | ||
227 | #define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) | 227 | #define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) |
228 | 228 | ||
229 | #define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,flags) \ | 229 | #define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \ |
230 | BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ | 230 | BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ |
231 | BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ | 231 | BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ |
232 | NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ | 232 | NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ |
233 | flags, cipher##_init_key, NULL, \ | 233 | 0, cipher##_init_key, NULL, \ |
234 | EVP_CIPHER_set_asn1_iv, \ | 234 | EVP_CIPHER_set_asn1_iv, \ |
235 | EVP_CIPHER_get_asn1_iv, \ | 235 | EVP_CIPHER_get_asn1_iv, \ |
236 | NULL) | 236 | NULL) |
237 | |||
238 | #ifdef OPENSSL_FIPS | ||
239 | #define RC2_set_key private_RC2_set_key | ||
240 | #define RC4_set_key private_RC4_set_key | ||
241 | #define CAST_set_key private_CAST_set_key | ||
242 | #define RC5_32_set_key private_RC5_32_set_key | ||
243 | #define BF_set_key private_BF_set_key | ||
244 | #define idea_set_encrypt_key private_idea_set_encrypt_key | ||
245 | |||
246 | #define MD5_Init private_MD5_Init | ||
247 | #define MD4_Init private_MD4_Init | ||
248 | #define MD2_Init private_MD2_Init | ||
249 | #define MDC2_Init private_MDC2_Init | ||
250 | #define SHA_Init private_SHA_Init | ||
251 | |||
252 | #endif | ||
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c index 91e545a141..c26d2de0f3 100644 --- a/src/lib/libcrypto/evp/evp_pbe.c +++ b/src/lib/libcrypto/evp/evp_pbe.c | |||
@@ -74,7 +74,7 @@ const EVP_MD *md; | |||
74 | EVP_PBE_KEYGEN *keygen; | 74 | EVP_PBE_KEYGEN *keygen; |
75 | } EVP_PBE_CTL; | 75 | } EVP_PBE_CTL; |
76 | 76 | ||
77 | int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, | 77 | int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, |
78 | ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) | 78 | ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) |
79 | { | 79 | { |
80 | 80 | ||
@@ -106,7 +106,8 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, | |||
106 | 106 | ||
107 | static int pbe_cmp(const char * const *a, const char * const *b) | 107 | static int pbe_cmp(const char * const *a, const char * const *b) |
108 | { | 108 | { |
109 | EVP_PBE_CTL **pbe1 = (EVP_PBE_CTL **) a, **pbe2 = (EVP_PBE_CTL **)b; | 109 | const EVP_PBE_CTL * const *pbe1 = (const EVP_PBE_CTL * const *) a, |
110 | * const *pbe2 = (const EVP_PBE_CTL * const *)b; | ||
110 | return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); | 111 | return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); |
111 | } | 112 | } |
112 | 113 | ||
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c index 47a69932a5..0147f3e02a 100644 --- a/src/lib/libcrypto/evp/evp_pkey.c +++ b/src/lib/libcrypto/evp/evp_pkey.c | |||
@@ -3,7 +3,7 @@ | |||
3 | * project 1999. | 3 | * project 1999. |
4 | */ | 4 | */ |
5 | /* ==================================================================== | 5 | /* ==================================================================== |
6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. |
7 | * | 7 | * |
8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
@@ -61,14 +61,24 @@ | |||
61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
62 | #include <openssl/x509.h> | 62 | #include <openssl/x509.h> |
63 | #include <openssl/rand.h> | 63 | #include <openssl/rand.h> |
64 | #ifndef OPENSSL_NO_RSA | ||
65 | #include <openssl/rsa.h> | ||
66 | #endif | ||
67 | #ifndef OPENSSL_NO_DSA | ||
68 | #include <openssl/dsa.h> | ||
69 | #endif | ||
70 | #include <openssl/bn.h> | ||
64 | 71 | ||
65 | #ifndef OPENSSL_NO_DSA | 72 | #ifndef OPENSSL_NO_DSA |
66 | static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); | 73 | static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); |
67 | #endif | 74 | #endif |
75 | #ifndef OPENSSL_NO_EC | ||
76 | static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); | ||
77 | #endif | ||
68 | 78 | ||
69 | /* Extract a private key from a PKCS8 structure */ | 79 | /* Extract a private key from a PKCS8 structure */ |
70 | 80 | ||
71 | EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) | 81 | EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) |
72 | { | 82 | { |
73 | EVP_PKEY *pkey = NULL; | 83 | EVP_PKEY *pkey = NULL; |
74 | #ifndef OPENSSL_NO_RSA | 84 | #ifndef OPENSSL_NO_RSA |
@@ -76,16 +86,24 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) | |||
76 | #endif | 86 | #endif |
77 | #ifndef OPENSSL_NO_DSA | 87 | #ifndef OPENSSL_NO_DSA |
78 | DSA *dsa = NULL; | 88 | DSA *dsa = NULL; |
89 | ASN1_TYPE *t1, *t2; | ||
79 | ASN1_INTEGER *privkey; | 90 | ASN1_INTEGER *privkey; |
80 | ASN1_TYPE *t1, *t2, *param = NULL; | ||
81 | STACK_OF(ASN1_TYPE) *ndsa = NULL; | 91 | STACK_OF(ASN1_TYPE) *ndsa = NULL; |
92 | #endif | ||
93 | #ifndef OPENSSL_NO_EC | ||
94 | EC_KEY *eckey = NULL; | ||
95 | const unsigned char *p_tmp; | ||
96 | #endif | ||
97 | #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) | ||
98 | ASN1_TYPE *param = NULL; | ||
82 | BN_CTX *ctx = NULL; | 99 | BN_CTX *ctx = NULL; |
83 | int plen; | 100 | int plen; |
84 | #endif | 101 | #endif |
85 | X509_ALGOR *a; | 102 | X509_ALGOR *a; |
86 | unsigned char *p; | 103 | const unsigned char *p; |
87 | const unsigned char *cp; | 104 | const unsigned char *cp; |
88 | int pkeylen; | 105 | int pkeylen; |
106 | int nid; | ||
89 | char obj_tmp[80]; | 107 | char obj_tmp[80]; |
90 | 108 | ||
91 | if(p8->pkey->type == V_ASN1_OCTET_STRING) { | 109 | if(p8->pkey->type == V_ASN1_OCTET_STRING) { |
@@ -102,7 +120,8 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) | |||
102 | return NULL; | 120 | return NULL; |
103 | } | 121 | } |
104 | a = p8->pkeyalg; | 122 | a = p8->pkeyalg; |
105 | switch (OBJ_obj2nid(a->algorithm)) | 123 | nid = OBJ_obj2nid(a->algorithm); |
124 | switch(nid) | ||
106 | { | 125 | { |
107 | #ifndef OPENSSL_NO_RSA | 126 | #ifndef OPENSSL_NO_RSA |
108 | case NID_rsaEncryption: | 127 | case NID_rsaEncryption: |
@@ -208,6 +227,112 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) | |||
208 | return NULL; | 227 | return NULL; |
209 | break; | 228 | break; |
210 | #endif | 229 | #endif |
230 | #ifndef OPENSSL_NO_EC | ||
231 | case NID_X9_62_id_ecPublicKey: | ||
232 | p_tmp = p; | ||
233 | /* extract the ec parameters */ | ||
234 | param = p8->pkeyalg->parameter; | ||
235 | |||
236 | if (!param || ((param->type != V_ASN1_SEQUENCE) && | ||
237 | (param->type != V_ASN1_OBJECT))) | ||
238 | { | ||
239 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); | ||
240 | goto ecerr; | ||
241 | } | ||
242 | |||
243 | if (param->type == V_ASN1_SEQUENCE) | ||
244 | { | ||
245 | cp = p = param->value.sequence->data; | ||
246 | plen = param->value.sequence->length; | ||
247 | |||
248 | if (!(eckey = d2i_ECParameters(NULL, &cp, plen))) | ||
249 | { | ||
250 | EVPerr(EVP_F_EVP_PKCS82PKEY, | ||
251 | EVP_R_DECODE_ERROR); | ||
252 | goto ecerr; | ||
253 | } | ||
254 | } | ||
255 | else | ||
256 | { | ||
257 | EC_GROUP *group; | ||
258 | cp = p = param->value.object->data; | ||
259 | plen = param->value.object->length; | ||
260 | |||
261 | /* type == V_ASN1_OBJECT => the parameters are given | ||
262 | * by an asn1 OID | ||
263 | */ | ||
264 | if ((eckey = EC_KEY_new()) == NULL) | ||
265 | { | ||
266 | EVPerr(EVP_F_EVP_PKCS82PKEY, | ||
267 | ERR_R_MALLOC_FAILURE); | ||
268 | goto ecerr; | ||
269 | } | ||
270 | group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object)); | ||
271 | if (group == NULL) | ||
272 | goto ecerr; | ||
273 | EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); | ||
274 | if (EC_KEY_set_group(eckey, group) == 0) | ||
275 | goto ecerr; | ||
276 | EC_GROUP_free(group); | ||
277 | } | ||
278 | |||
279 | /* We have parameters now set private key */ | ||
280 | if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen)) | ||
281 | { | ||
282 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); | ||
283 | goto ecerr; | ||
284 | } | ||
285 | |||
286 | /* calculate public key (if necessary) */ | ||
287 | if (EC_KEY_get0_public_key(eckey) == NULL) | ||
288 | { | ||
289 | const BIGNUM *priv_key; | ||
290 | const EC_GROUP *group; | ||
291 | EC_POINT *pub_key; | ||
292 | /* the public key was not included in the SEC1 private | ||
293 | * key => calculate the public key */ | ||
294 | group = EC_KEY_get0_group(eckey); | ||
295 | pub_key = EC_POINT_new(group); | ||
296 | if (pub_key == NULL) | ||
297 | { | ||
298 | EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); | ||
299 | goto ecerr; | ||
300 | } | ||
301 | if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) | ||
302 | { | ||
303 | EC_POINT_free(pub_key); | ||
304 | EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); | ||
305 | goto ecerr; | ||
306 | } | ||
307 | priv_key = EC_KEY_get0_private_key(eckey); | ||
308 | if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) | ||
309 | { | ||
310 | EC_POINT_free(pub_key); | ||
311 | EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); | ||
312 | goto ecerr; | ||
313 | } | ||
314 | if (EC_KEY_set_public_key(eckey, pub_key) == 0) | ||
315 | { | ||
316 | EC_POINT_free(pub_key); | ||
317 | EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); | ||
318 | goto ecerr; | ||
319 | } | ||
320 | EC_POINT_free(pub_key); | ||
321 | } | ||
322 | |||
323 | EVP_PKEY_assign_EC_KEY(pkey, eckey); | ||
324 | if (ctx) | ||
325 | BN_CTX_free(ctx); | ||
326 | break; | ||
327 | ecerr: | ||
328 | if (ctx) | ||
329 | BN_CTX_free(ctx); | ||
330 | if (eckey) | ||
331 | EC_KEY_free(eckey); | ||
332 | if (pkey) | ||
333 | EVP_PKEY_free(pkey); | ||
334 | return NULL; | ||
335 | #endif | ||
211 | default: | 336 | default: |
212 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); | 337 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); |
213 | if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); | 338 | if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); |
@@ -231,17 +356,17 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) | |||
231 | PKCS8_PRIV_KEY_INFO *p8; | 356 | PKCS8_PRIV_KEY_INFO *p8; |
232 | 357 | ||
233 | if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { | 358 | if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { |
234 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 359 | EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); |
235 | return NULL; | 360 | return NULL; |
236 | } | 361 | } |
237 | p8->broken = broken; | 362 | p8->broken = broken; |
238 | if (!ASN1_INTEGER_set(p8->version, 0)) { | 363 | if (!ASN1_INTEGER_set(p8->version, 0)) { |
239 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 364 | EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); |
240 | PKCS8_PRIV_KEY_INFO_free (p8); | 365 | PKCS8_PRIV_KEY_INFO_free (p8); |
241 | return NULL; | 366 | return NULL; |
242 | } | 367 | } |
243 | if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { | 368 | if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { |
244 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 369 | EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); |
245 | PKCS8_PRIV_KEY_INFO_free (p8); | 370 | PKCS8_PRIV_KEY_INFO_free (p8); |
246 | return NULL; | 371 | return NULL; |
247 | } | 372 | } |
@@ -254,9 +379,9 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) | |||
254 | 379 | ||
255 | p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); | 380 | p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); |
256 | p8->pkeyalg->parameter->type = V_ASN1_NULL; | 381 | p8->pkeyalg->parameter->type = V_ASN1_NULL; |
257 | if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey, | 382 | if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey, |
258 | &p8->pkey->value.octet_string)) { | 383 | &p8->pkey->value.octet_string)) { |
259 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 384 | EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); |
260 | PKCS8_PRIV_KEY_INFO_free (p8); | 385 | PKCS8_PRIV_KEY_INFO_free (p8); |
261 | return NULL; | 386 | return NULL; |
262 | } | 387 | } |
@@ -271,13 +396,22 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) | |||
271 | 396 | ||
272 | break; | 397 | break; |
273 | #endif | 398 | #endif |
399 | #ifndef OPENSSL_NO_EC | ||
400 | case EVP_PKEY_EC: | ||
401 | if (!eckey_pkey2pkcs8(p8, pkey)) | ||
402 | { | ||
403 | PKCS8_PRIV_KEY_INFO_free(p8); | ||
404 | return(NULL); | ||
405 | } | ||
406 | break; | ||
407 | #endif | ||
274 | default: | 408 | default: |
275 | EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); | 409 | EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); |
276 | PKCS8_PRIV_KEY_INFO_free (p8); | 410 | PKCS8_PRIV_KEY_INFO_free (p8); |
277 | return NULL; | 411 | return NULL; |
278 | } | 412 | } |
279 | RAND_add(p8->pkey->value.octet_string->data, | 413 | RAND_add(p8->pkey->value.octet_string->data, |
280 | p8->pkey->value.octet_string->length, 0); | 414 | p8->pkey->value.octet_string->length, 0.0); |
281 | return p8; | 415 | return p8; |
282 | } | 416 | } |
283 | 417 | ||
@@ -297,10 +431,8 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) | |||
297 | break; | 431 | break; |
298 | 432 | ||
299 | default: | 433 | default: |
300 | EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); | 434 | EVPerr(EVP_F_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); |
301 | return NULL; | 435 | return NULL; |
302 | break; | ||
303 | |||
304 | } | 436 | } |
305 | } | 437 | } |
306 | 438 | ||
@@ -317,24 +449,24 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) | |||
317 | p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); | 449 | p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); |
318 | len = i2d_DSAparams (pkey->pkey.dsa, NULL); | 450 | len = i2d_DSAparams (pkey->pkey.dsa, NULL); |
319 | if (!(p = OPENSSL_malloc(len))) { | 451 | if (!(p = OPENSSL_malloc(len))) { |
320 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 452 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
321 | goto err; | 453 | goto err; |
322 | } | 454 | } |
323 | q = p; | 455 | q = p; |
324 | i2d_DSAparams (pkey->pkey.dsa, &q); | 456 | i2d_DSAparams (pkey->pkey.dsa, &q); |
325 | if (!(params = ASN1_STRING_new())) { | 457 | if (!(params = ASN1_STRING_new())) { |
326 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 458 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
327 | goto err; | 459 | goto err; |
328 | } | 460 | } |
329 | if (!ASN1_STRING_set(params, p, len)) { | 461 | if (!ASN1_STRING_set(params, p, len)) { |
330 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 462 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
331 | goto err; | 463 | goto err; |
332 | } | 464 | } |
333 | OPENSSL_free(p); | 465 | OPENSSL_free(p); |
334 | p = NULL; | 466 | p = NULL; |
335 | /* Get private key into integer */ | 467 | /* Get private key into integer */ |
336 | if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { | 468 | if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { |
337 | EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); | 469 | EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR); |
338 | goto err; | 470 | goto err; |
339 | } | 471 | } |
340 | 472 | ||
@@ -343,9 +475,9 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) | |||
343 | case PKCS8_OK: | 475 | case PKCS8_OK: |
344 | case PKCS8_NO_OCTET: | 476 | case PKCS8_NO_OCTET: |
345 | 477 | ||
346 | if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER, | 478 | if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER, |
347 | &p8->pkey->value.octet_string)) { | 479 | &p8->pkey->value.octet_string)) { |
348 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 480 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
349 | goto err; | 481 | goto err; |
350 | } | 482 | } |
351 | 483 | ||
@@ -363,39 +495,39 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) | |||
363 | params = NULL; | 495 | params = NULL; |
364 | p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; | 496 | p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; |
365 | if (!(ndsa = sk_ASN1_TYPE_new_null())) { | 497 | if (!(ndsa = sk_ASN1_TYPE_new_null())) { |
366 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 498 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
367 | goto err; | 499 | goto err; |
368 | } | 500 | } |
369 | if (!(ttmp = ASN1_TYPE_new())) { | 501 | if (!(ttmp = ASN1_TYPE_new())) { |
370 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 502 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
371 | goto err; | 503 | goto err; |
372 | } | 504 | } |
373 | if (!(ttmp->value.integer = | 505 | if (!(ttmp->value.integer = |
374 | BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) { | 506 | BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) { |
375 | EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); | 507 | EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR); |
376 | goto err; | 508 | goto err; |
377 | } | 509 | } |
378 | ttmp->type = V_ASN1_INTEGER; | 510 | ttmp->type = V_ASN1_INTEGER; |
379 | if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { | 511 | if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { |
380 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 512 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
381 | goto err; | 513 | goto err; |
382 | } | 514 | } |
383 | 515 | ||
384 | if (!(ttmp = ASN1_TYPE_new())) { | 516 | if (!(ttmp = ASN1_TYPE_new())) { |
385 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 517 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
386 | goto err; | 518 | goto err; |
387 | } | 519 | } |
388 | ttmp->value.integer = prkey; | 520 | ttmp->value.integer = prkey; |
389 | prkey = NULL; | 521 | prkey = NULL; |
390 | ttmp->type = V_ASN1_INTEGER; | 522 | ttmp->type = V_ASN1_INTEGER; |
391 | if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { | 523 | if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { |
392 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 524 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
393 | goto err; | 525 | goto err; |
394 | } | 526 | } |
395 | ttmp = NULL; | 527 | ttmp = NULL; |
396 | 528 | ||
397 | if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { | 529 | if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { |
398 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 530 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
399 | goto err; | 531 | goto err; |
400 | } | 532 | } |
401 | 533 | ||
@@ -403,7 +535,7 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) | |||
403 | &p8->pkey->value.octet_string->data, | 535 | &p8->pkey->value.octet_string->data, |
404 | &p8->pkey->value.octet_string->length)) { | 536 | &p8->pkey->value.octet_string->length)) { |
405 | 537 | ||
406 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 538 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
407 | goto err; | 539 | goto err; |
408 | } | 540 | } |
409 | sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); | 541 | sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); |
@@ -413,36 +545,36 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) | |||
413 | 545 | ||
414 | p8->pkeyalg->parameter->type = V_ASN1_NULL; | 546 | p8->pkeyalg->parameter->type = V_ASN1_NULL; |
415 | if (!(ndsa = sk_ASN1_TYPE_new_null())) { | 547 | if (!(ndsa = sk_ASN1_TYPE_new_null())) { |
416 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 548 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
417 | goto err; | 549 | goto err; |
418 | } | 550 | } |
419 | if (!(ttmp = ASN1_TYPE_new())) { | 551 | if (!(ttmp = ASN1_TYPE_new())) { |
420 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 552 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
421 | goto err; | 553 | goto err; |
422 | } | 554 | } |
423 | ttmp->value.sequence = params; | 555 | ttmp->value.sequence = params; |
424 | params = NULL; | 556 | params = NULL; |
425 | ttmp->type = V_ASN1_SEQUENCE; | 557 | ttmp->type = V_ASN1_SEQUENCE; |
426 | if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { | 558 | if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { |
427 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 559 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
428 | goto err; | 560 | goto err; |
429 | } | 561 | } |
430 | 562 | ||
431 | if (!(ttmp = ASN1_TYPE_new())) { | 563 | if (!(ttmp = ASN1_TYPE_new())) { |
432 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 564 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
433 | goto err; | 565 | goto err; |
434 | } | 566 | } |
435 | ttmp->value.integer = prkey; | 567 | ttmp->value.integer = prkey; |
436 | prkey = NULL; | 568 | prkey = NULL; |
437 | ttmp->type = V_ASN1_INTEGER; | 569 | ttmp->type = V_ASN1_INTEGER; |
438 | if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { | 570 | if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { |
439 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 571 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
440 | goto err; | 572 | goto err; |
441 | } | 573 | } |
442 | ttmp = NULL; | 574 | ttmp = NULL; |
443 | 575 | ||
444 | if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { | 576 | if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { |
445 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 577 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
446 | goto err; | 578 | goto err; |
447 | } | 579 | } |
448 | 580 | ||
@@ -450,7 +582,7 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) | |||
450 | &p8->pkey->value.octet_string->data, | 582 | &p8->pkey->value.octet_string->data, |
451 | &p8->pkey->value.octet_string->length)) { | 583 | &p8->pkey->value.octet_string->length)) { |
452 | 584 | ||
453 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 585 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
454 | goto err; | 586 | goto err; |
455 | } | 587 | } |
456 | sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); | 588 | sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); |
@@ -466,3 +598,197 @@ err: | |||
466 | return 0; | 598 | return 0; |
467 | } | 599 | } |
468 | #endif | 600 | #endif |
601 | |||
602 | #ifndef OPENSSL_NO_EC | ||
603 | static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) | ||
604 | { | ||
605 | EC_KEY *ec_key; | ||
606 | const EC_GROUP *group; | ||
607 | unsigned char *p, *pp; | ||
608 | int nid, i, ret = 0; | ||
609 | unsigned int tmp_flags, old_flags; | ||
610 | |||
611 | ec_key = pkey->pkey.ec; | ||
612 | if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) | ||
613 | { | ||
614 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS); | ||
615 | return 0; | ||
616 | } | ||
617 | |||
618 | /* set the ec parameters OID */ | ||
619 | if (p8->pkeyalg->algorithm) | ||
620 | ASN1_OBJECT_free(p8->pkeyalg->algorithm); | ||
621 | |||
622 | p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey); | ||
623 | |||
624 | /* set the ec parameters */ | ||
625 | |||
626 | if (p8->pkeyalg->parameter) | ||
627 | { | ||
628 | ASN1_TYPE_free(p8->pkeyalg->parameter); | ||
629 | p8->pkeyalg->parameter = NULL; | ||
630 | } | ||
631 | |||
632 | if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL) | ||
633 | { | ||
634 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); | ||
635 | return 0; | ||
636 | } | ||
637 | |||
638 | if (EC_GROUP_get_asn1_flag(group) | ||
639 | && (nid = EC_GROUP_get_curve_name(group))) | ||
640 | { | ||
641 | /* we have a 'named curve' => just set the OID */ | ||
642 | p8->pkeyalg->parameter->type = V_ASN1_OBJECT; | ||
643 | p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid); | ||
644 | } | ||
645 | else /* explicit parameters */ | ||
646 | { | ||
647 | if ((i = i2d_ECParameters(ec_key, NULL)) == 0) | ||
648 | { | ||
649 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); | ||
650 | return 0; | ||
651 | } | ||
652 | if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL) | ||
653 | { | ||
654 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); | ||
655 | return 0; | ||
656 | } | ||
657 | pp = p; | ||
658 | if (!i2d_ECParameters(ec_key, &pp)) | ||
659 | { | ||
660 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); | ||
661 | OPENSSL_free(p); | ||
662 | return 0; | ||
663 | } | ||
664 | p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; | ||
665 | if ((p8->pkeyalg->parameter->value.sequence | ||
666 | = ASN1_STRING_new()) == NULL) | ||
667 | { | ||
668 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB); | ||
669 | OPENSSL_free(p); | ||
670 | return 0; | ||
671 | } | ||
672 | ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i); | ||
673 | OPENSSL_free(p); | ||
674 | } | ||
675 | |||
676 | /* set the private key */ | ||
677 | |||
678 | /* do not include the parameters in the SEC1 private key | ||
679 | * see PKCS#11 12.11 */ | ||
680 | old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec); | ||
681 | tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; | ||
682 | EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags); | ||
683 | i = i2d_ECPrivateKey(pkey->pkey.ec, NULL); | ||
684 | if (!i) | ||
685 | { | ||
686 | EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); | ||
687 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); | ||
688 | return 0; | ||
689 | } | ||
690 | p = (unsigned char *) OPENSSL_malloc(i); | ||
691 | if (!p) | ||
692 | { | ||
693 | EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); | ||
694 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); | ||
695 | return 0; | ||
696 | } | ||
697 | pp = p; | ||
698 | if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp)) | ||
699 | { | ||
700 | EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); | ||
701 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); | ||
702 | OPENSSL_free(p); | ||
703 | return 0; | ||
704 | } | ||
705 | /* restore old encoding flags */ | ||
706 | EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); | ||
707 | |||
708 | switch(p8->broken) { | ||
709 | |||
710 | case PKCS8_OK: | ||
711 | p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); | ||
712 | if (!p8->pkey->value.octet_string || | ||
713 | !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string, | ||
714 | (const void *)p, i)) | ||
715 | |||
716 | { | ||
717 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); | ||
718 | } | ||
719 | else | ||
720 | ret = 1; | ||
721 | break; | ||
722 | case PKCS8_NO_OCTET: /* RSA specific */ | ||
723 | case PKCS8_NS_DB: /* DSA specific */ | ||
724 | case PKCS8_EMBEDDED_PARAM: /* DSA specific */ | ||
725 | default: | ||
726 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR); | ||
727 | } | ||
728 | OPENSSL_cleanse(p, (size_t)i); | ||
729 | OPENSSL_free(p); | ||
730 | return ret; | ||
731 | } | ||
732 | #endif | ||
733 | |||
734 | /* EVP_PKEY attribute functions */ | ||
735 | |||
736 | int EVP_PKEY_get_attr_count(const EVP_PKEY *key) | ||
737 | { | ||
738 | return X509at_get_attr_count(key->attributes); | ||
739 | } | ||
740 | |||
741 | int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, | ||
742 | int lastpos) | ||
743 | { | ||
744 | return X509at_get_attr_by_NID(key->attributes, nid, lastpos); | ||
745 | } | ||
746 | |||
747 | int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, | ||
748 | int lastpos) | ||
749 | { | ||
750 | return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos); | ||
751 | } | ||
752 | |||
753 | X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc) | ||
754 | { | ||
755 | return X509at_get_attr(key->attributes, loc); | ||
756 | } | ||
757 | |||
758 | X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc) | ||
759 | { | ||
760 | return X509at_delete_attr(key->attributes, loc); | ||
761 | } | ||
762 | |||
763 | int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr) | ||
764 | { | ||
765 | if(X509at_add1_attr(&key->attributes, attr)) return 1; | ||
766 | return 0; | ||
767 | } | ||
768 | |||
769 | int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, | ||
770 | const ASN1_OBJECT *obj, int type, | ||
771 | const unsigned char *bytes, int len) | ||
772 | { | ||
773 | if(X509at_add1_attr_by_OBJ(&key->attributes, obj, | ||
774 | type, bytes, len)) return 1; | ||
775 | return 0; | ||
776 | } | ||
777 | |||
778 | int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, | ||
779 | int nid, int type, | ||
780 | const unsigned char *bytes, int len) | ||
781 | { | ||
782 | if(X509at_add1_attr_by_NID(&key->attributes, nid, | ||
783 | type, bytes, len)) return 1; | ||
784 | return 0; | ||
785 | } | ||
786 | |||
787 | int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, | ||
788 | const char *attrname, int type, | ||
789 | const unsigned char *bytes, int len) | ||
790 | { | ||
791 | if(X509at_add1_attr_by_txt(&key->attributes, attrname, | ||
792 | type, bytes, len)) return 1; | ||
793 | return 0; | ||
794 | } | ||
diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c index d393eb3400..a948c77fa4 100644 --- a/src/lib/libcrypto/evp/m_dss.c +++ b/src/lib/libcrypto/evp/m_dss.c | |||
@@ -61,12 +61,16 @@ | |||
61 | #include <openssl/evp.h> | 61 | #include <openssl/evp.h> |
62 | #include <openssl/objects.h> | 62 | #include <openssl/objects.h> |
63 | #include <openssl/x509.h> | 63 | #include <openssl/x509.h> |
64 | #ifndef OPENSSL_NO_DSA | ||
65 | #include <openssl/dsa.h> | ||
66 | #endif | ||
64 | 67 | ||
65 | #ifndef OPENSSL_NO_SHA | 68 | #ifndef OPENSSL_NO_SHA |
69 | |||
66 | static int init(EVP_MD_CTX *ctx) | 70 | static int init(EVP_MD_CTX *ctx) |
67 | { return SHA1_Init(ctx->md_data); } | 71 | { return SHA1_Init(ctx->md_data); } |
68 | 72 | ||
69 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 73 | static int update(EVP_MD_CTX *ctx,const void *data,size_t count) |
70 | { return SHA1_Update(ctx->md_data,data,count); } | 74 | { return SHA1_Update(ctx->md_data,data,count); } |
71 | 75 | ||
72 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | 76 | static int final(EVP_MD_CTX *ctx,unsigned char *md) |
@@ -77,7 +81,7 @@ static const EVP_MD dsa_md= | |||
77 | NID_dsaWithSHA, | 81 | NID_dsaWithSHA, |
78 | NID_dsaWithSHA, | 82 | NID_dsaWithSHA, |
79 | SHA_DIGEST_LENGTH, | 83 | SHA_DIGEST_LENGTH, |
80 | EVP_MD_FLAG_FIPS, | 84 | 0, |
81 | init, | 85 | init, |
82 | update, | 86 | update, |
83 | final, | 87 | final, |
diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c index 23b90d0538..c12e13972b 100644 --- a/src/lib/libcrypto/evp/m_dss1.c +++ b/src/lib/libcrypto/evp/m_dss1.c | |||
@@ -56,25 +56,23 @@ | |||
56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
57 | */ | 57 | */ |
58 | 58 | ||
59 | #ifndef OPENSSL_NO_SHA | ||
60 | #include <stdio.h> | 59 | #include <stdio.h> |
61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
61 | |||
62 | #ifndef OPENSSL_NO_SHA | ||
63 | |||
62 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
63 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
64 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
67 | #ifndef OPENSSL_NO_DSA | ||
68 | #include <openssl/dsa.h> | ||
69 | #endif | ||
65 | 70 | ||
66 | static int init(EVP_MD_CTX *ctx) | 71 | static int init(EVP_MD_CTX *ctx) |
67 | { return SHA1_Init(ctx->md_data); } | 72 | { return SHA1_Init(ctx->md_data); } |
68 | 73 | ||
69 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 74 | static int update(EVP_MD_CTX *ctx,const void *data,size_t count) |
70 | #ifndef OPENSSL_FIPS | ||
71 | { return SHA1_Update(ctx->md_data,data,count); } | 75 | { return SHA1_Update(ctx->md_data,data,count); } |
72 | #else | ||
73 | { | ||
74 | OPENSSL_assert(sizeof(count)<=sizeof(size_t)); | ||
75 | return SHA1_Update(ctx->md_data,data,count); | ||
76 | } | ||
77 | #endif | ||
78 | 76 | ||
79 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | 77 | static int final(EVP_MD_CTX *ctx,unsigned char *md) |
80 | { return SHA1_Final(md,ctx->md_data); } | 78 | { return SHA1_Final(md,ctx->md_data); } |
@@ -84,7 +82,7 @@ static const EVP_MD dss1_md= | |||
84 | NID_dsa, | 82 | NID_dsa, |
85 | NID_dsaWithSHA1, | 83 | NID_dsaWithSHA1, |
86 | SHA_DIGEST_LENGTH, | 84 | SHA_DIGEST_LENGTH, |
87 | EVP_MD_FLAG_FIPS, | 85 | 0, |
88 | init, | 86 | init, |
89 | update, | 87 | update, |
90 | final, | 88 | final, |
diff --git a/src/lib/libcrypto/evp/m_ecdsa.c b/src/lib/libcrypto/evp/m_ecdsa.c new file mode 100644 index 0000000000..fad270faca --- /dev/null +++ b/src/lib/libcrypto/evp/m_ecdsa.c | |||
@@ -0,0 +1,148 @@ | |||
1 | /* crypto/evp/m_ecdsa.c */ | ||
2 | /* ==================================================================== | ||
3 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions | ||
7 | * are met: | ||
8 | * | ||
9 | * 1. Redistributions of source code must retain the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer. | ||
11 | * | ||
12 | * 2. Redistributions in binary form must reproduce the above copyright | ||
13 | * notice, this list of conditions and the following disclaimer in | ||
14 | * the documentation and/or other materials provided with the | ||
15 | * distribution. | ||
16 | * | ||
17 | * 3. All advertising materials mentioning features or use of this | ||
18 | * software must display the following acknowledgment: | ||
19 | * "This product includes software developed by the OpenSSL Project | ||
20 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
21 | * | ||
22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
23 | * endorse or promote products derived from this software without | ||
24 | * prior written permission. For written permission, please contact | ||
25 | * openssl-core@openssl.org. | ||
26 | * | ||
27 | * 5. Products derived from this software may not be called "OpenSSL" | ||
28 | * nor may "OpenSSL" appear in their names without prior written | ||
29 | * permission of the OpenSSL Project. | ||
30 | * | ||
31 | * 6. Redistributions of any form whatsoever must retain the following | ||
32 | * acknowledgment: | ||
33 | * "This product includes software developed by the OpenSSL Project | ||
34 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
35 | * | ||
36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
48 | * ==================================================================== | ||
49 | * | ||
50 | * This product includes cryptographic software written by Eric Young | ||
51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
52 | * Hudson (tjh@cryptsoft.com). | ||
53 | * | ||
54 | */ | ||
55 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
56 | * All rights reserved. | ||
57 | * | ||
58 | * This package is an SSL implementation written | ||
59 | * by Eric Young (eay@cryptsoft.com). | ||
60 | * The implementation was written so as to conform with Netscapes SSL. | ||
61 | * | ||
62 | * This library is free for commercial and non-commercial use as long as | ||
63 | * the following conditions are aheared to. The following conditions | ||
64 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
65 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
66 | * included with this distribution is covered by the same copyright terms | ||
67 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
68 | * | ||
69 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
70 | * the code are not to be removed. | ||
71 | * If this package is used in a product, Eric Young should be given attribution | ||
72 | * as the author of the parts of the library used. | ||
73 | * This can be in the form of a textual message at program startup or | ||
74 | * in documentation (online or textual) provided with the package. | ||
75 | * | ||
76 | * Redistribution and use in source and binary forms, with or without | ||
77 | * modification, are permitted provided that the following conditions | ||
78 | * are met: | ||
79 | * 1. Redistributions of source code must retain the copyright | ||
80 | * notice, this list of conditions and the following disclaimer. | ||
81 | * 2. Redistributions in binary form must reproduce the above copyright | ||
82 | * notice, this list of conditions and the following disclaimer in the | ||
83 | * documentation and/or other materials provided with the distribution. | ||
84 | * 3. All advertising materials mentioning features or use of this software | ||
85 | * must display the following acknowledgement: | ||
86 | * "This product includes cryptographic software written by | ||
87 | * Eric Young (eay@cryptsoft.com)" | ||
88 | * The word 'cryptographic' can be left out if the rouines from the library | ||
89 | * being used are not cryptographic related :-). | ||
90 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
91 | * the apps directory (application code) you must include an acknowledgement: | ||
92 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
93 | * | ||
94 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
95 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
96 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
97 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
98 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
99 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
100 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
101 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
102 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
103 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
104 | * SUCH DAMAGE. | ||
105 | * | ||
106 | * The licence and distribution terms for any publically available version or | ||
107 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
108 | * copied and put under another distribution licence | ||
109 | * [including the GNU Public Licence.] | ||
110 | */ | ||
111 | |||
112 | #include <stdio.h> | ||
113 | #include "cryptlib.h" | ||
114 | #include <openssl/evp.h> | ||
115 | #include <openssl/objects.h> | ||
116 | #include <openssl/x509.h> | ||
117 | |||
118 | #ifndef OPENSSL_NO_SHA | ||
119 | static int init(EVP_MD_CTX *ctx) | ||
120 | { return SHA1_Init(ctx->md_data); } | ||
121 | |||
122 | static int update(EVP_MD_CTX *ctx,const void *data,size_t count) | ||
123 | { return SHA1_Update(ctx->md_data,data,count); } | ||
124 | |||
125 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | ||
126 | { return SHA1_Final(md,ctx->md_data); } | ||
127 | |||
128 | static const EVP_MD ecdsa_md= | ||
129 | { | ||
130 | NID_ecdsa_with_SHA1, | ||
131 | NID_ecdsa_with_SHA1, | ||
132 | SHA_DIGEST_LENGTH, | ||
133 | 0, | ||
134 | init, | ||
135 | update, | ||
136 | final, | ||
137 | NULL, | ||
138 | NULL, | ||
139 | EVP_PKEY_ECDSA_method, | ||
140 | SHA_CBLOCK, | ||
141 | sizeof(EVP_MD *)+sizeof(SHA_CTX), | ||
142 | }; | ||
143 | |||
144 | const EVP_MD *EVP_ecdsa(void) | ||
145 | { | ||
146 | return(&ecdsa_md); | ||
147 | } | ||
148 | #endif | ||
diff --git a/src/lib/libcrypto/evp/m_md4.c b/src/lib/libcrypto/evp/m_md4.c index 0605e4b707..1e0b7c5b42 100644 --- a/src/lib/libcrypto/evp/m_md4.c +++ b/src/lib/libcrypto/evp/m_md4.c | |||
@@ -56,19 +56,23 @@ | |||
56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
57 | */ | 57 | */ |
58 | 58 | ||
59 | #ifndef OPENSSL_NO_MD4 | ||
60 | #include <stdio.h> | 59 | #include <stdio.h> |
61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
61 | |||
62 | #ifndef OPENSSL_NO_MD4 | ||
63 | |||
62 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
63 | #include "evp_locl.h" | ||
64 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
65 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
66 | #include <openssl/md4.h> | 67 | #include <openssl/md4.h> |
68 | #ifndef OPENSSL_NO_RSA | ||
69 | #include <openssl/rsa.h> | ||
70 | #endif | ||
67 | 71 | ||
68 | static int init(EVP_MD_CTX *ctx) | 72 | static int init(EVP_MD_CTX *ctx) |
69 | { return MD4_Init(ctx->md_data); } | 73 | { return MD4_Init(ctx->md_data); } |
70 | 74 | ||
71 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 75 | static int update(EVP_MD_CTX *ctx,const void *data,size_t count) |
72 | { return MD4_Update(ctx->md_data,data,count); } | 76 | { return MD4_Update(ctx->md_data,data,count); } |
73 | 77 | ||
74 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | 78 | static int final(EVP_MD_CTX *ctx,unsigned char *md) |
diff --git a/src/lib/libcrypto/evp/m_md5.c b/src/lib/libcrypto/evp/m_md5.c index 752615d473..63c142119e 100644 --- a/src/lib/libcrypto/evp/m_md5.c +++ b/src/lib/libcrypto/evp/m_md5.c | |||
@@ -56,19 +56,23 @@ | |||
56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
57 | */ | 57 | */ |
58 | 58 | ||
59 | #ifndef OPENSSL_NO_MD5 | ||
60 | #include <stdio.h> | 59 | #include <stdio.h> |
61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
61 | |||
62 | #ifndef OPENSSL_NO_MD5 | ||
63 | |||
62 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
63 | #include "evp_locl.h" | ||
64 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
65 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
66 | #include <openssl/md5.h> | 67 | #include <openssl/md5.h> |
68 | #ifndef OPENSSL_NO_RSA | ||
69 | #include <openssl/rsa.h> | ||
70 | #endif | ||
67 | 71 | ||
68 | static int init(EVP_MD_CTX *ctx) | 72 | static int init(EVP_MD_CTX *ctx) |
69 | { return MD5_Init(ctx->md_data); } | 73 | { return MD5_Init(ctx->md_data); } |
70 | 74 | ||
71 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 75 | static int update(EVP_MD_CTX *ctx,const void *data,size_t count) |
72 | { return MD5_Update(ctx->md_data,data,count); } | 76 | { return MD5_Update(ctx->md_data,data,count); } |
73 | 77 | ||
74 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | 78 | static int final(EVP_MD_CTX *ctx,unsigned char *md) |
diff --git a/src/lib/libcrypto/evp/m_null.c b/src/lib/libcrypto/evp/m_null.c index f6f0a1d2c0..cb0721699d 100644 --- a/src/lib/libcrypto/evp/m_null.c +++ b/src/lib/libcrypto/evp/m_null.c | |||
@@ -65,7 +65,7 @@ | |||
65 | static int init(EVP_MD_CTX *ctx) | 65 | static int init(EVP_MD_CTX *ctx) |
66 | { return 1; } | 66 | { return 1; } |
67 | 67 | ||
68 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 68 | static int update(EVP_MD_CTX *ctx,const void *data,size_t count) |
69 | { return 1; } | 69 | { return 1; } |
70 | 70 | ||
71 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | 71 | static int final(EVP_MD_CTX *ctx,unsigned char *md) |
diff --git a/src/lib/libcrypto/evp/m_ripemd.c b/src/lib/libcrypto/evp/m_ripemd.c index 64725528dc..a1d60ee78d 100644 --- a/src/lib/libcrypto/evp/m_ripemd.c +++ b/src/lib/libcrypto/evp/m_ripemd.c | |||
@@ -56,18 +56,23 @@ | |||
56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
57 | */ | 57 | */ |
58 | 58 | ||
59 | #ifndef OPENSSL_NO_RIPEMD | ||
60 | #include <stdio.h> | 59 | #include <stdio.h> |
61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
61 | |||
62 | #ifndef OPENSSL_NO_RIPEMD | ||
63 | |||
62 | #include <openssl/ripemd.h> | 64 | #include <openssl/ripemd.h> |
63 | #include <openssl/evp.h> | 65 | #include <openssl/evp.h> |
64 | #include <openssl/objects.h> | 66 | #include <openssl/objects.h> |
65 | #include <openssl/x509.h> | 67 | #include <openssl/x509.h> |
68 | #ifndef OPENSSL_NO_RSA | ||
69 | #include <openssl/rsa.h> | ||
70 | #endif | ||
66 | 71 | ||
67 | static int init(EVP_MD_CTX *ctx) | 72 | static int init(EVP_MD_CTX *ctx) |
68 | { return RIPEMD160_Init(ctx->md_data); } | 73 | { return RIPEMD160_Init(ctx->md_data); } |
69 | 74 | ||
70 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 75 | static int update(EVP_MD_CTX *ctx,const void *data,size_t count) |
71 | { return RIPEMD160_Update(ctx->md_data,data,count); } | 76 | { return RIPEMD160_Update(ctx->md_data,data,count); } |
72 | 77 | ||
73 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | 78 | static int final(EVP_MD_CTX *ctx,unsigned char *md) |
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c index 60da93873c..4679b1c463 100644 --- a/src/lib/libcrypto/evp/m_sha1.c +++ b/src/lib/libcrypto/evp/m_sha1.c | |||
@@ -56,25 +56,23 @@ | |||
56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
57 | */ | 57 | */ |
58 | 58 | ||
59 | #ifndef OPENSSL_NO_SHA | ||
60 | #include <stdio.h> | 59 | #include <stdio.h> |
61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
61 | |||
62 | #ifndef OPENSSL_NO_SHA | ||
63 | |||
62 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
63 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
64 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
67 | #ifndef OPENSSL_NO_RSA | ||
68 | #include <openssl/rsa.h> | ||
69 | #endif | ||
65 | 70 | ||
66 | static int init(EVP_MD_CTX *ctx) | 71 | static int init(EVP_MD_CTX *ctx) |
67 | { return SHA1_Init(ctx->md_data); } | 72 | { return SHA1_Init(ctx->md_data); } |
68 | 73 | ||
69 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 74 | static int update(EVP_MD_CTX *ctx,const void *data,size_t count) |
70 | #ifndef OPENSSL_FIPS | ||
71 | { return SHA1_Update(ctx->md_data,data,count); } | 75 | { return SHA1_Update(ctx->md_data,data,count); } |
72 | #else | ||
73 | { | ||
74 | OPENSSL_assert(sizeof(count)<=sizeof(size_t)); | ||
75 | return SHA1_Update(ctx->md_data,data,count); | ||
76 | } | ||
77 | #endif | ||
78 | 76 | ||
79 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | 77 | static int final(EVP_MD_CTX *ctx,unsigned char *md) |
80 | { return SHA1_Final(md,ctx->md_data); } | 78 | { return SHA1_Final(md,ctx->md_data); } |
@@ -84,7 +82,7 @@ static const EVP_MD sha1_md= | |||
84 | NID_sha1, | 82 | NID_sha1, |
85 | NID_sha1WithRSAEncryption, | 83 | NID_sha1WithRSAEncryption, |
86 | SHA_DIGEST_LENGTH, | 84 | SHA_DIGEST_LENGTH, |
87 | EVP_MD_FLAG_FIPS, | 85 | 0, |
88 | init, | 86 | init, |
89 | update, | 87 | update, |
90 | final, | 88 | final, |
@@ -101,7 +99,6 @@ const EVP_MD *EVP_sha1(void) | |||
101 | } | 99 | } |
102 | #endif | 100 | #endif |
103 | 101 | ||
104 | #ifdef OPENSSL_FIPS | ||
105 | #ifndef OPENSSL_NO_SHA256 | 102 | #ifndef OPENSSL_NO_SHA256 |
106 | static int init224(EVP_MD_CTX *ctx) | 103 | static int init224(EVP_MD_CTX *ctx) |
107 | { return SHA224_Init(ctx->md_data); } | 104 | { return SHA224_Init(ctx->md_data); } |
@@ -112,11 +109,8 @@ static int init256(EVP_MD_CTX *ctx) | |||
112 | * SHA256 functions even in SHA224 context. This is what happens | 109 | * SHA256 functions even in SHA224 context. This is what happens |
113 | * there anyway, so we can spare few CPU cycles:-) | 110 | * there anyway, so we can spare few CPU cycles:-) |
114 | */ | 111 | */ |
115 | static int update256(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 112 | static int update256(EVP_MD_CTX *ctx,const void *data,size_t count) |
116 | { | 113 | { return SHA256_Update(ctx->md_data,data,count); } |
117 | OPENSSL_assert(sizeof(count)<=sizeof(size_t)); | ||
118 | return SHA256_Update(ctx->md_data,data,count); | ||
119 | } | ||
120 | static int final256(EVP_MD_CTX *ctx,unsigned char *md) | 114 | static int final256(EVP_MD_CTX *ctx,unsigned char *md) |
121 | { return SHA256_Final(md,ctx->md_data); } | 115 | { return SHA256_Final(md,ctx->md_data); } |
122 | 116 | ||
@@ -125,7 +119,7 @@ static const EVP_MD sha224_md= | |||
125 | NID_sha224, | 119 | NID_sha224, |
126 | NID_sha224WithRSAEncryption, | 120 | NID_sha224WithRSAEncryption, |
127 | SHA224_DIGEST_LENGTH, | 121 | SHA224_DIGEST_LENGTH, |
128 | EVP_MD_FLAG_FIPS, | 122 | 0, |
129 | init224, | 123 | init224, |
130 | update256, | 124 | update256, |
131 | final256, | 125 | final256, |
@@ -144,7 +138,7 @@ static const EVP_MD sha256_md= | |||
144 | NID_sha256, | 138 | NID_sha256, |
145 | NID_sha256WithRSAEncryption, | 139 | NID_sha256WithRSAEncryption, |
146 | SHA256_DIGEST_LENGTH, | 140 | SHA256_DIGEST_LENGTH, |
147 | EVP_MD_FLAG_FIPS, | 141 | 0, |
148 | init256, | 142 | init256, |
149 | update256, | 143 | update256, |
150 | final256, | 144 | final256, |
@@ -157,7 +151,7 @@ static const EVP_MD sha256_md= | |||
157 | 151 | ||
158 | const EVP_MD *EVP_sha256(void) | 152 | const EVP_MD *EVP_sha256(void) |
159 | { return(&sha256_md); } | 153 | { return(&sha256_md); } |
160 | #endif /* ifndef OPENSSL_NO_SHA256 */ | 154 | #endif /* ifndef OPENSSL_NO_SHA256 */ |
161 | 155 | ||
162 | #ifndef OPENSSL_NO_SHA512 | 156 | #ifndef OPENSSL_NO_SHA512 |
163 | static int init384(EVP_MD_CTX *ctx) | 157 | static int init384(EVP_MD_CTX *ctx) |
@@ -165,11 +159,8 @@ static int init384(EVP_MD_CTX *ctx) | |||
165 | static int init512(EVP_MD_CTX *ctx) | 159 | static int init512(EVP_MD_CTX *ctx) |
166 | { return SHA512_Init(ctx->md_data); } | 160 | { return SHA512_Init(ctx->md_data); } |
167 | /* See comment in SHA224/256 section */ | 161 | /* See comment in SHA224/256 section */ |
168 | static int update512(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 162 | static int update512(EVP_MD_CTX *ctx,const void *data,size_t count) |
169 | { | 163 | { return SHA512_Update(ctx->md_data,data,count); } |
170 | OPENSSL_assert(sizeof(count)<=sizeof(size_t)); | ||
171 | return SHA512_Update(ctx->md_data,data,count); | ||
172 | } | ||
173 | static int final512(EVP_MD_CTX *ctx,unsigned char *md) | 164 | static int final512(EVP_MD_CTX *ctx,unsigned char *md) |
174 | { return SHA512_Final(md,ctx->md_data); } | 165 | { return SHA512_Final(md,ctx->md_data); } |
175 | 166 | ||
@@ -178,7 +169,7 @@ static const EVP_MD sha384_md= | |||
178 | NID_sha384, | 169 | NID_sha384, |
179 | NID_sha384WithRSAEncryption, | 170 | NID_sha384WithRSAEncryption, |
180 | SHA384_DIGEST_LENGTH, | 171 | SHA384_DIGEST_LENGTH, |
181 | EVP_MD_FLAG_FIPS, | 172 | 0, |
182 | init384, | 173 | init384, |
183 | update512, | 174 | update512, |
184 | final512, | 175 | final512, |
@@ -197,7 +188,7 @@ static const EVP_MD sha512_md= | |||
197 | NID_sha512, | 188 | NID_sha512, |
198 | NID_sha512WithRSAEncryption, | 189 | NID_sha512WithRSAEncryption, |
199 | SHA512_DIGEST_LENGTH, | 190 | SHA512_DIGEST_LENGTH, |
200 | EVP_MD_FLAG_FIPS, | 191 | 0, |
201 | init512, | 192 | init512, |
202 | update512, | 193 | update512, |
203 | final512, | 194 | final512, |
@@ -210,5 +201,4 @@ static const EVP_MD sha512_md= | |||
210 | 201 | ||
211 | const EVP_MD *EVP_sha512(void) | 202 | const EVP_MD *EVP_sha512(void) |
212 | { return(&sha512_md); } | 203 | { return(&sha512_md); } |
213 | #endif /* ifndef OPENSSL_NO_SHA512 */ | 204 | #endif /* ifndef OPENSSL_NO_SHA512 */ |
214 | #endif /* ifdef OPENSSL_FIPS */ | ||
diff --git a/src/lib/libcrypto/evp/names.c b/src/lib/libcrypto/evp/names.c index 7712453046..88c1e780dd 100644 --- a/src/lib/libcrypto/evp/names.c +++ b/src/lib/libcrypto/evp/names.c | |||
@@ -61,17 +61,14 @@ | |||
61 | #include <openssl/evp.h> | 61 | #include <openssl/evp.h> |
62 | #include <openssl/objects.h> | 62 | #include <openssl/objects.h> |
63 | #include <openssl/x509.h> | 63 | #include <openssl/x509.h> |
64 | #ifdef OPENSSL_FIPS | ||
65 | #include <openssl/fips.h> | ||
66 | #endif | ||
67 | 64 | ||
68 | int EVP_add_cipher(const EVP_CIPHER *c) | 65 | int EVP_add_cipher(const EVP_CIPHER *c) |
69 | { | 66 | { |
70 | int r; | 67 | int r; |
71 | 68 | ||
72 | r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c); | 69 | r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); |
73 | if (r == 0) return(0); | 70 | if (r == 0) return(0); |
74 | r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c); | 71 | r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); |
75 | return(r); | 72 | return(r); |
76 | } | 73 | } |
77 | 74 | ||
@@ -81,9 +78,9 @@ int EVP_add_digest(const EVP_MD *md) | |||
81 | const char *name; | 78 | const char *name; |
82 | 79 | ||
83 | name=OBJ_nid2sn(md->type); | 80 | name=OBJ_nid2sn(md->type); |
84 | r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(char *)md); | 81 | r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); |
85 | if (r == 0) return(0); | 82 | if (r == 0) return(0); |
86 | r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(char *)md); | 83 | r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md); |
87 | if (r == 0) return(0); | 84 | if (r == 0) return(0); |
88 | 85 | ||
89 | if (md->type != md->pkey_type) | 86 | if (md->type != md->pkey_type) |
diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c index a1874e83b2..48d50014a0 100644 --- a/src/lib/libcrypto/evp/p5_crpt.c +++ b/src/lib/libcrypto/evp/p5_crpt.c | |||
@@ -110,12 +110,18 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, | |||
110 | int i; | 110 | int i; |
111 | PBEPARAM *pbe; | 111 | PBEPARAM *pbe; |
112 | int saltlen, iter; | 112 | int saltlen, iter; |
113 | unsigned char *salt, *pbuf; | 113 | unsigned char *salt; |
114 | const unsigned char *pbuf; | ||
114 | 115 | ||
115 | /* Extract useful info from parameter */ | 116 | /* Extract useful info from parameter */ |
117 | if (param == NULL || param->type != V_ASN1_SEQUENCE || | ||
118 | param->value.sequence == NULL) { | ||
119 | EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); | ||
120 | return 0; | ||
121 | } | ||
122 | |||
116 | pbuf = param->value.sequence->data; | 123 | pbuf = param->value.sequence->data; |
117 | if (!param || (param->type != V_ASN1_SEQUENCE) || | 124 | if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { |
118 | !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) { | ||
119 | EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); | 125 | EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); |
120 | return 0; | 126 | return 0; |
121 | } | 127 | } |
@@ -140,7 +146,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, | |||
140 | EVP_DigestFinal_ex (&ctx, md_tmp, NULL); | 146 | EVP_DigestFinal_ex (&ctx, md_tmp, NULL); |
141 | } | 147 | } |
142 | EVP_MD_CTX_cleanup(&ctx); | 148 | EVP_MD_CTX_cleanup(&ctx); |
143 | OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp); | 149 | OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); |
144 | memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); | 150 | memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); |
145 | OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); | 151 | OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); |
146 | memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), | 152 | memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), |
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c index 1d5fabc4b2..c969d5a206 100644 --- a/src/lib/libcrypto/evp/p5_crpt2.c +++ b/src/lib/libcrypto/evp/p5_crpt2.c | |||
@@ -55,10 +55,10 @@ | |||
55 | * Hudson (tjh@cryptsoft.com). | 55 | * Hudson (tjh@cryptsoft.com). |
56 | * | 56 | * |
57 | */ | 57 | */ |
58 | #if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) | ||
59 | #include <stdio.h> | 58 | #include <stdio.h> |
60 | #include <stdlib.h> | 59 | #include <stdlib.h> |
61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
61 | #if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) | ||
62 | #include <openssl/x509.h> | 62 | #include <openssl/x509.h> |
63 | #include <openssl/evp.h> | 63 | #include <openssl/evp.h> |
64 | #include <openssl/hmac.h> | 64 | #include <openssl/hmac.h> |
@@ -77,7 +77,7 @@ | |||
77 | */ | 77 | */ |
78 | 78 | ||
79 | int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, | 79 | int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, |
80 | unsigned char *salt, int saltlen, int iter, | 80 | const unsigned char *salt, int saltlen, int iter, |
81 | int keylen, unsigned char *out) | 81 | int keylen, unsigned char *out) |
82 | { | 82 | { |
83 | unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; | 83 | unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; |
@@ -148,16 +148,23 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
148 | ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, | 148 | ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, |
149 | int en_de) | 149 | int en_de) |
150 | { | 150 | { |
151 | unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH]; | 151 | unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; |
152 | int saltlen, keylen, iter, plen; | 152 | const unsigned char *pbuf; |
153 | int saltlen, iter, plen; | ||
154 | unsigned int keylen; | ||
153 | PBE2PARAM *pbe2 = NULL; | 155 | PBE2PARAM *pbe2 = NULL; |
154 | const EVP_CIPHER *cipher; | 156 | const EVP_CIPHER *cipher; |
155 | PBKDF2PARAM *kdf = NULL; | 157 | PBKDF2PARAM *kdf = NULL; |
156 | 158 | ||
159 | if (param == NULL || param->type != V_ASN1_SEQUENCE || | ||
160 | param->value.sequence == NULL) { | ||
161 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); | ||
162 | return 0; | ||
163 | } | ||
164 | |||
157 | pbuf = param->value.sequence->data; | 165 | pbuf = param->value.sequence->data; |
158 | plen = param->value.sequence->length; | 166 | plen = param->value.sequence->length; |
159 | if(!param || (param->type != V_ASN1_SEQUENCE) || | 167 | if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { |
160 | !(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { | ||
161 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); | 168 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); |
162 | return 0; | 169 | return 0; |
163 | } | 170 | } |
@@ -213,7 +220,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
213 | 220 | ||
214 | /* Now check the parameters of the kdf */ | 221 | /* Now check the parameters of the kdf */ |
215 | 222 | ||
216 | if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != keylen)){ | 223 | if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ |
217 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, | 224 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, |
218 | EVP_R_UNSUPPORTED_KEYLENGTH); | 225 | EVP_R_UNSUPPORTED_KEYLENGTH); |
219 | goto err; | 226 | goto err; |
diff --git a/src/lib/libcrypto/evp/p_dec.c b/src/lib/libcrypto/evp/p_dec.c index 8af620400e..f64901f653 100644 --- a/src/lib/libcrypto/evp/p_dec.c +++ b/src/lib/libcrypto/evp/p_dec.c | |||
@@ -66,7 +66,7 @@ | |||
66 | #include <openssl/objects.h> | 66 | #include <openssl/objects.h> |
67 | #include <openssl/x509.h> | 67 | #include <openssl/x509.h> |
68 | 68 | ||
69 | int EVP_PKEY_decrypt(unsigned char *key, unsigned char *ek, int ekl, | 69 | int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl, |
70 | EVP_PKEY *priv) | 70 | EVP_PKEY *priv) |
71 | { | 71 | { |
72 | int ret= -1; | 72 | int ret= -1; |
diff --git a/src/lib/libcrypto/evp/p_enc.c b/src/lib/libcrypto/evp/p_enc.c index 656883b996..c2dfdc52ad 100644 --- a/src/lib/libcrypto/evp/p_enc.c +++ b/src/lib/libcrypto/evp/p_enc.c | |||
@@ -66,7 +66,7 @@ | |||
66 | #include <openssl/objects.h> | 66 | #include <openssl/objects.h> |
67 | #include <openssl/x509.h> | 67 | #include <openssl/x509.h> |
68 | 68 | ||
69 | int EVP_PKEY_encrypt(unsigned char *ek, unsigned char *key, int key_len, | 69 | int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len, |
70 | EVP_PKEY *pubk) | 70 | EVP_PKEY *pubk) |
71 | { | 71 | { |
72 | int ret=0; | 72 | int ret=0; |
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c index 215b94292a..22155ecf62 100644 --- a/src/lib/libcrypto/evp/p_lib.c +++ b/src/lib/libcrypto/evp/p_lib.c | |||
@@ -58,24 +58,60 @@ | |||
58 | 58 | ||
59 | #include <stdio.h> | 59 | #include <stdio.h> |
60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
61 | #include <openssl/bn.h> | ||
62 | #include <openssl/err.h> | ||
61 | #include <openssl/objects.h> | 63 | #include <openssl/objects.h> |
62 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
63 | #include <openssl/asn1_mac.h> | 65 | #include <openssl/asn1_mac.h> |
64 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
67 | #ifndef OPENSSL_NO_RSA | ||
68 | #include <openssl/rsa.h> | ||
69 | #endif | ||
70 | #ifndef OPENSSL_NO_DSA | ||
71 | #include <openssl/dsa.h> | ||
72 | #endif | ||
73 | #ifndef OPENSSL_NO_DH | ||
74 | #include <openssl/dh.h> | ||
75 | #endif | ||
65 | 76 | ||
66 | static void EVP_PKEY_free_it(EVP_PKEY *x); | 77 | static void EVP_PKEY_free_it(EVP_PKEY *x); |
67 | 78 | ||
68 | int EVP_PKEY_bits(EVP_PKEY *pkey) | 79 | int EVP_PKEY_bits(EVP_PKEY *pkey) |
69 | { | 80 | { |
81 | if (0) | ||
82 | return 0; | ||
70 | #ifndef OPENSSL_NO_RSA | 83 | #ifndef OPENSSL_NO_RSA |
71 | if (pkey->type == EVP_PKEY_RSA) | 84 | else if (pkey->type == EVP_PKEY_RSA) |
72 | return(BN_num_bits(pkey->pkey.rsa->n)); | 85 | return(BN_num_bits(pkey->pkey.rsa->n)); |
73 | else | ||
74 | #endif | 86 | #endif |
75 | #ifndef OPENSSL_NO_DSA | 87 | #ifndef OPENSSL_NO_DSA |
76 | if (pkey->type == EVP_PKEY_DSA) | 88 | else if (pkey->type == EVP_PKEY_DSA) |
77 | return(BN_num_bits(pkey->pkey.dsa->p)); | 89 | return(BN_num_bits(pkey->pkey.dsa->p)); |
78 | #endif | 90 | #endif |
91 | #ifndef OPENSSL_NO_EC | ||
92 | else if (pkey->type == EVP_PKEY_EC) | ||
93 | { | ||
94 | BIGNUM *order = BN_new(); | ||
95 | const EC_GROUP *group; | ||
96 | int ret; | ||
97 | |||
98 | if (!order) | ||
99 | { | ||
100 | ERR_clear_error(); | ||
101 | return 0; | ||
102 | } | ||
103 | group = EC_KEY_get0_group(pkey->pkey.ec); | ||
104 | if (!EC_GROUP_get_order(group, order, NULL)) | ||
105 | { | ||
106 | ERR_clear_error(); | ||
107 | return 0; | ||
108 | } | ||
109 | |||
110 | ret = BN_num_bits(order); | ||
111 | BN_free(order); | ||
112 | return ret; | ||
113 | } | ||
114 | #endif | ||
79 | return(0); | 115 | return(0); |
80 | } | 116 | } |
81 | 117 | ||
@@ -92,6 +128,11 @@ int EVP_PKEY_size(EVP_PKEY *pkey) | |||
92 | if (pkey->type == EVP_PKEY_DSA) | 128 | if (pkey->type == EVP_PKEY_DSA) |
93 | return(DSA_size(pkey->pkey.dsa)); | 129 | return(DSA_size(pkey->pkey.dsa)); |
94 | #endif | 130 | #endif |
131 | #ifndef OPENSSL_NO_ECDSA | ||
132 | if (pkey->type == EVP_PKEY_EC) | ||
133 | return(ECDSA_size(pkey->pkey.ec)); | ||
134 | #endif | ||
135 | |||
95 | return(0); | 136 | return(0); |
96 | } | 137 | } |
97 | 138 | ||
@@ -107,10 +148,20 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) | |||
107 | return(ret); | 148 | return(ret); |
108 | } | 149 | } |
109 | #endif | 150 | #endif |
151 | #ifndef OPENSSL_NO_EC | ||
152 | if (pkey->type == EVP_PKEY_EC) | ||
153 | { | ||
154 | int ret = pkey->save_parameters; | ||
155 | |||
156 | if (mode >= 0) | ||
157 | pkey->save_parameters = mode; | ||
158 | return(ret); | ||
159 | } | ||
160 | #endif | ||
110 | return(0); | 161 | return(0); |
111 | } | 162 | } |
112 | 163 | ||
113 | int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from) | 164 | int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) |
114 | { | 165 | { |
115 | if (to->type != from->type) | 166 | if (to->type != from->type) |
116 | { | 167 | { |
@@ -141,12 +192,23 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from) | |||
141 | to->pkey.dsa->g=a; | 192 | to->pkey.dsa->g=a; |
142 | } | 193 | } |
143 | #endif | 194 | #endif |
195 | #ifndef OPENSSL_NO_EC | ||
196 | if (to->type == EVP_PKEY_EC) | ||
197 | { | ||
198 | EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec)); | ||
199 | if (group == NULL) | ||
200 | goto err; | ||
201 | if (EC_KEY_set_group(to->pkey.ec, group) == 0) | ||
202 | goto err; | ||
203 | EC_GROUP_free(group); | ||
204 | } | ||
205 | #endif | ||
144 | return(1); | 206 | return(1); |
145 | err: | 207 | err: |
146 | return(0); | 208 | return(0); |
147 | } | 209 | } |
148 | 210 | ||
149 | int EVP_PKEY_missing_parameters(EVP_PKEY *pkey) | 211 | int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) |
150 | { | 212 | { |
151 | #ifndef OPENSSL_NO_DSA | 213 | #ifndef OPENSSL_NO_DSA |
152 | if (pkey->type == EVP_PKEY_DSA) | 214 | if (pkey->type == EVP_PKEY_DSA) |
@@ -158,10 +220,18 @@ int EVP_PKEY_missing_parameters(EVP_PKEY *pkey) | |||
158 | return(1); | 220 | return(1); |
159 | } | 221 | } |
160 | #endif | 222 | #endif |
223 | #ifndef OPENSSL_NO_EC | ||
224 | if (pkey->type == EVP_PKEY_EC) | ||
225 | { | ||
226 | if (EC_KEY_get0_group(pkey->pkey.ec) == NULL) | ||
227 | return(1); | ||
228 | } | ||
229 | #endif | ||
230 | |||
161 | return(0); | 231 | return(0); |
162 | } | 232 | } |
163 | 233 | ||
164 | int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b) | 234 | int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) |
165 | { | 235 | { |
166 | #ifndef OPENSSL_NO_DSA | 236 | #ifndef OPENSSL_NO_DSA |
167 | if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) | 237 | if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) |
@@ -174,9 +244,72 @@ int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b) | |||
174 | return(1); | 244 | return(1); |
175 | } | 245 | } |
176 | #endif | 246 | #endif |
247 | #ifndef OPENSSL_NO_EC | ||
248 | if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC) | ||
249 | { | ||
250 | const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), | ||
251 | *group_b = EC_KEY_get0_group(b->pkey.ec); | ||
252 | if (EC_GROUP_cmp(group_a, group_b, NULL)) | ||
253 | return 0; | ||
254 | else | ||
255 | return 1; | ||
256 | } | ||
257 | #endif | ||
177 | return(-1); | 258 | return(-1); |
178 | } | 259 | } |
179 | 260 | ||
261 | int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) | ||
262 | { | ||
263 | if (a->type != b->type) | ||
264 | return -1; | ||
265 | |||
266 | if (EVP_PKEY_cmp_parameters(a, b) == 0) | ||
267 | return 0; | ||
268 | |||
269 | switch (a->type) | ||
270 | { | ||
271 | #ifndef OPENSSL_NO_RSA | ||
272 | case EVP_PKEY_RSA: | ||
273 | if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0 | ||
274 | || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0) | ||
275 | return 0; | ||
276 | break; | ||
277 | #endif | ||
278 | #ifndef OPENSSL_NO_DSA | ||
279 | case EVP_PKEY_DSA: | ||
280 | if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0) | ||
281 | return 0; | ||
282 | break; | ||
283 | #endif | ||
284 | #ifndef OPENSSL_NO_EC | ||
285 | case EVP_PKEY_EC: | ||
286 | { | ||
287 | int r; | ||
288 | const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec); | ||
289 | const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), | ||
290 | *pb = EC_KEY_get0_public_key(b->pkey.ec); | ||
291 | r = EC_POINT_cmp(group, pa, pb, NULL); | ||
292 | if (r != 0) | ||
293 | { | ||
294 | if (r == 1) | ||
295 | return 0; | ||
296 | else | ||
297 | return -2; | ||
298 | } | ||
299 | } | ||
300 | break; | ||
301 | #endif | ||
302 | #ifndef OPENSSL_NO_DH | ||
303 | case EVP_PKEY_DH: | ||
304 | return -2; | ||
305 | #endif | ||
306 | default: | ||
307 | return -2; | ||
308 | } | ||
309 | |||
310 | return 1; | ||
311 | } | ||
312 | |||
180 | EVP_PKEY *EVP_PKEY_new(void) | 313 | EVP_PKEY *EVP_PKEY_new(void) |
181 | { | 314 | { |
182 | EVP_PKEY *ret; | 315 | EVP_PKEY *ret; |
@@ -246,6 +379,29 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) | |||
246 | } | 379 | } |
247 | #endif | 380 | #endif |
248 | 381 | ||
382 | #ifndef OPENSSL_NO_EC | ||
383 | |||
384 | int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) | ||
385 | { | ||
386 | int ret = EVP_PKEY_assign_EC_KEY(pkey,key); | ||
387 | if (ret) | ||
388 | EC_KEY_up_ref(key); | ||
389 | return ret; | ||
390 | } | ||
391 | |||
392 | EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) | ||
393 | { | ||
394 | if (pkey->type != EVP_PKEY_EC) | ||
395 | { | ||
396 | EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); | ||
397 | return NULL; | ||
398 | } | ||
399 | EC_KEY_up_ref(pkey->pkey.ec); | ||
400 | return pkey->pkey.ec; | ||
401 | } | ||
402 | #endif | ||
403 | |||
404 | |||
249 | #ifndef OPENSSL_NO_DH | 405 | #ifndef OPENSSL_NO_DH |
250 | 406 | ||
251 | int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) | 407 | int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) |
@@ -282,6 +438,8 @@ int EVP_PKEY_type(int type) | |||
282 | return(EVP_PKEY_DSA); | 438 | return(EVP_PKEY_DSA); |
283 | case EVP_PKEY_DH: | 439 | case EVP_PKEY_DH: |
284 | return(EVP_PKEY_DH); | 440 | return(EVP_PKEY_DH); |
441 | case EVP_PKEY_EC: | ||
442 | return(EVP_PKEY_EC); | ||
285 | default: | 443 | default: |
286 | return(NID_undef); | 444 | return(NID_undef); |
287 | } | 445 | } |
@@ -306,6 +464,8 @@ void EVP_PKEY_free(EVP_PKEY *x) | |||
306 | } | 464 | } |
307 | #endif | 465 | #endif |
308 | EVP_PKEY_free_it(x); | 466 | EVP_PKEY_free_it(x); |
467 | if (x->attributes) | ||
468 | sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); | ||
309 | OPENSSL_free(x); | 469 | OPENSSL_free(x); |
310 | } | 470 | } |
311 | 471 | ||
@@ -327,6 +487,11 @@ static void EVP_PKEY_free_it(EVP_PKEY *x) | |||
327 | DSA_free(x->pkey.dsa); | 487 | DSA_free(x->pkey.dsa); |
328 | break; | 488 | break; |
329 | #endif | 489 | #endif |
490 | #ifndef OPENSSL_NO_EC | ||
491 | case EVP_PKEY_EC: | ||
492 | EC_KEY_free(x->pkey.ec); | ||
493 | break; | ||
494 | #endif | ||
330 | #ifndef OPENSSL_NO_DH | 495 | #ifndef OPENSSL_NO_DH |
331 | case EVP_PKEY_DH: | 496 | case EVP_PKEY_DH: |
332 | DH_free(x->pkey.dh); | 497 | DH_free(x->pkey.dh); |
diff --git a/src/lib/libcrypto/evp/p_open.c b/src/lib/libcrypto/evp/p_open.c index 5a933d1cda..9935206d0f 100644 --- a/src/lib/libcrypto/evp/p_open.c +++ b/src/lib/libcrypto/evp/p_open.c | |||
@@ -56,15 +56,19 @@ | |||
56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
57 | */ | 57 | */ |
58 | 58 | ||
59 | #ifndef OPENSSL_NO_RSA | ||
60 | #include <stdio.h> | 59 | #include <stdio.h> |
61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
61 | |||
62 | #ifndef OPENSSL_NO_RSA | ||
63 | |||
62 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
63 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
64 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
67 | #include <openssl/rsa.h> | ||
65 | 68 | ||
66 | int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek, | 69 | int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, |
67 | int ekl, unsigned char *iv, EVP_PKEY *priv) | 70 | const unsigned char *ek, int ekl, const unsigned char *iv, |
71 | EVP_PKEY *priv) | ||
68 | { | 72 | { |
69 | unsigned char *key=NULL; | 73 | unsigned char *key=NULL; |
70 | int i,size=0,ret=0; | 74 | int i,size=0,ret=0; |
diff --git a/src/lib/libcrypto/evp/p_seal.c b/src/lib/libcrypto/evp/p_seal.c index 37e547fe72..8cc8fcb0bd 100644 --- a/src/lib/libcrypto/evp/p_seal.c +++ b/src/lib/libcrypto/evp/p_seal.c | |||
@@ -78,7 +78,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek | |||
78 | } | 78 | } |
79 | if ((npubk <= 0) || !pubk) | 79 | if ((npubk <= 0) || !pubk) |
80 | return 1; | 80 | return 1; |
81 | if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0) | 81 | if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) |
82 | return 0; | 82 | return 0; |
83 | if (EVP_CIPHER_CTX_iv_length(ctx)) | 83 | if (EVP_CIPHER_CTX_iv_length(ctx)) |
84 | RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx)); | 84 | RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx)); |
diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c index d854d743a5..21a40a375e 100644 --- a/src/lib/libcrypto/evp/p_verify.c +++ b/src/lib/libcrypto/evp/p_verify.c | |||
@@ -62,7 +62,7 @@ | |||
62 | #include <openssl/objects.h> | 62 | #include <openssl/objects.h> |
63 | #include <openssl/x509.h> | 63 | #include <openssl/x509.h> |
64 | 64 | ||
65 | int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, | 65 | int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, |
66 | unsigned int siglen, EVP_PKEY *pkey) | 66 | unsigned int siglen, EVP_PKEY *pkey) |
67 | { | 67 | { |
68 | unsigned char m[EVP_MAX_MD_SIZE]; | 68 | unsigned char m[EVP_MAX_MD_SIZE]; |