summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/evp')
-rw-r--r--src/lib/libcrypto/evp/bio_b64.c77
-rw-r--r--src/lib/libcrypto/evp/bio_enc.c6
-rw-r--r--src/lib/libcrypto/evp/bio_md.c16
-rw-r--r--src/lib/libcrypto/evp/c_all.c2
-rw-r--r--src/lib/libcrypto/evp/digest.c211
-rw-r--r--src/lib/libcrypto/evp/e_aes.c35
-rw-r--r--src/lib/libcrypto/evp/e_camellia.c2
-rw-r--r--src/lib/libcrypto/evp/e_des.c91
-rw-r--r--src/lib/libcrypto/evp/e_des3.c95
-rw-r--r--src/lib/libcrypto/evp/e_idea.c2
-rw-r--r--src/lib/libcrypto/evp/e_null.c8
-rw-r--r--src/lib/libcrypto/evp/e_rc2.c5
-rw-r--r--src/lib/libcrypto/evp/e_rc4.c5
-rw-r--r--src/lib/libcrypto/evp/e_xcbc_d.c19
-rw-r--r--src/lib/libcrypto/evp/encode.c4
-rw-r--r--src/lib/libcrypto/evp/evp.h535
-rw-r--r--src/lib/libcrypto/evp/evp_enc.c267
-rw-r--r--src/lib/libcrypto/evp/evp_err.c60
-rw-r--r--src/lib/libcrypto/evp/evp_key.c9
-rw-r--r--src/lib/libcrypto/evp/evp_lib.c44
-rw-r--r--src/lib/libcrypto/evp/evp_locl.h155
-rw-r--r--src/lib/libcrypto/evp/evp_pbe.c266
-rw-r--r--src/lib/libcrypto/evp/evp_pkey.c646
-rw-r--r--src/lib/libcrypto/evp/m_dss.c2
-rw-r--r--src/lib/libcrypto/evp/m_dss1.c5
-rw-r--r--src/lib/libcrypto/evp/m_ecdsa.c2
-rw-r--r--src/lib/libcrypto/evp/m_md4.c1
-rw-r--r--src/lib/libcrypto/evp/m_md5.c1
-rw-r--r--src/lib/libcrypto/evp/m_sha1.c17
-rw-r--r--src/lib/libcrypto/evp/m_sigver.c200
-rw-r--r--src/lib/libcrypto/evp/m_wp.c42
-rw-r--r--src/lib/libcrypto/evp/names.c87
-rw-r--r--src/lib/libcrypto/evp/p5_crpt.c39
-rw-r--r--src/lib/libcrypto/evp/p5_crpt2.c86
-rw-r--r--src/lib/libcrypto/evp/p_dec.c4
-rw-r--r--src/lib/libcrypto/evp/p_enc.c4
-rw-r--r--src/lib/libcrypto/evp/p_lib.c394
-rw-r--r--src/lib/libcrypto/evp/p_open.c2
-rw-r--r--src/lib/libcrypto/evp/p_seal.c2
-rw-r--r--src/lib/libcrypto/evp/p_sign.c47
-rw-r--r--src/lib/libcrypto/evp/p_verify.c44
-rw-r--r--src/lib/libcrypto/evp/pmeth_fn.c368
-rw-r--r--src/lib/libcrypto/evp/pmeth_gn.c220
-rw-r--r--src/lib/libcrypto/evp/pmeth_lib.c538
44 files changed, 3190 insertions, 1475 deletions
diff --git a/src/lib/libcrypto/evp/bio_b64.c b/src/lib/libcrypto/evp/bio_b64.c
index fa5cbc7eb1..72a2a67277 100644
--- a/src/lib/libcrypto/evp/bio_b64.c
+++ b/src/lib/libcrypto/evp/bio_b64.c
@@ -64,7 +64,7 @@
64 64
65static int b64_write(BIO *h, const char *buf, int num); 65static int b64_write(BIO *h, const char *buf, int num);
66static int b64_read(BIO *h, char *buf, int size); 66static int b64_read(BIO *h, char *buf, int size);
67/*static int b64_puts(BIO *h, const char *str); */ 67static int b64_puts(BIO *h, const char *str);
68/*static int b64_gets(BIO *h, char *str, int size); */ 68/*static int b64_gets(BIO *h, char *str, int size); */
69static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2); 69static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
70static int b64_new(BIO *h); 70static int b64_new(BIO *h);
@@ -96,7 +96,7 @@ static BIO_METHOD methods_b64=
96 BIO_TYPE_BASE64,"base64 encoding", 96 BIO_TYPE_BASE64,"base64 encoding",
97 b64_write, 97 b64_write,
98 b64_read, 98 b64_read,
99 NULL, /* b64_puts, */ 99 b64_puts,
100 NULL, /* b64_gets, */ 100 NULL, /* b64_gets, */
101 b64_ctrl, 101 b64_ctrl,
102 b64_new, 102 b64_new,
@@ -127,6 +127,7 @@ static int b64_new(BIO *bi)
127 bi->init=1; 127 bi->init=1;
128 bi->ptr=(char *)ctx; 128 bi->ptr=(char *)ctx;
129 bi->flags=0; 129 bi->flags=0;
130 bi->num = 0;
130 return(1); 131 return(1);
131 } 132 }
132 133
@@ -151,6 +152,8 @@ static int b64_read(BIO *b, char *out, int outl)
151 152
152 if ((ctx == NULL) || (b->next_bio == NULL)) return(0); 153 if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
153 154
155 BIO_clear_retry_flags(b);
156
154 if (ctx->encode != B64_DECODE) 157 if (ctx->encode != B64_DECODE)
155 { 158 {
156 ctx->encode=B64_DECODE; 159 ctx->encode=B64_DECODE;
@@ -163,6 +166,7 @@ static int b64_read(BIO *b, char *out, int outl)
163 /* First check if there are bytes decoded/encoded */ 166 /* First check if there are bytes decoded/encoded */
164 if (ctx->buf_len > 0) 167 if (ctx->buf_len > 0)
165 { 168 {
169 OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
166 i=ctx->buf_len-ctx->buf_off; 170 i=ctx->buf_len-ctx->buf_off;
167 if (i > outl) i=outl; 171 if (i > outl) i=outl;
168 OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf)); 172 OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf));
@@ -184,7 +188,6 @@ static int b64_read(BIO *b, char *out, int outl)
184 ret_code=0; 188 ret_code=0;
185 while (outl > 0) 189 while (outl > 0)
186 { 190 {
187
188 if (ctx->cont <= 0) 191 if (ctx->cont <= 0)
189 break; 192 break;
190 193
@@ -195,7 +198,7 @@ static int b64_read(BIO *b, char *out, int outl)
195 { 198 {
196 ret_code=i; 199 ret_code=i;
197 200
198 /* Should be continue next time we are called? */ 201 /* Should we continue next time we are called? */
199 if (!BIO_should_retry(b->next_bio)) 202 if (!BIO_should_retry(b->next_bio))
200 { 203 {
201 ctx->cont=i; 204 ctx->cont=i;
@@ -285,19 +288,27 @@ static int b64_read(BIO *b, char *out, int outl)
285 continue; 288 continue;
286 } 289 }
287 else 290 else
291 {
288 ctx->tmp_len=0; 292 ctx->tmp_len=0;
289 } 293 }
290 /* If buffer isn't full and we can retry then 294 }
291 * restart to read in more data.
292 */
293 else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) 295 else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0))
296 {
297 /* If buffer isn't full and we can retry then
298 * restart to read in more data.
299 */
294 continue; 300 continue;
301 }
295 302
296 if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) 303 if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
297 { 304 {
298 int z,jj; 305 int z,jj;
299 306
307#if 0
300 jj=(i>>2)<<2; 308 jj=(i>>2)<<2;
309#else
310 jj = i & ~3; /* process per 4 */
311#endif
301 z=EVP_DecodeBlock((unsigned char *)ctx->buf, 312 z=EVP_DecodeBlock((unsigned char *)ctx->buf,
302 (unsigned char *)ctx->tmp,jj); 313 (unsigned char *)ctx->tmp,jj);
303 if (jj > 2) 314 if (jj > 2)
@@ -313,18 +324,15 @@ static int b64_read(BIO *b, char *out, int outl)
313 * number consumed */ 324 * number consumed */
314 if (jj != i) 325 if (jj != i)
315 { 326 {
316 memcpy((unsigned char *)ctx->tmp, 327 memmove(ctx->tmp, &ctx->tmp[jj], i-jj);
317 (unsigned char *)&(ctx->tmp[jj]),i-jj);
318 ctx->tmp_len=i-jj; 328 ctx->tmp_len=i-jj;
319 } 329 }
320 ctx->buf_len=0; 330 ctx->buf_len=0;
321 if (z > 0) 331 if (z > 0)
322 { 332 {
323 ctx->buf_len=z; 333 ctx->buf_len=z;
324 i=1;
325 } 334 }
326 else 335 i=z;
327 i=z;
328 } 336 }
329 else 337 else
330 { 338 {
@@ -357,14 +365,16 @@ static int b64_read(BIO *b, char *out, int outl)
357 outl-=i; 365 outl-=i;
358 out+=i; 366 out+=i;
359 } 367 }
360 BIO_clear_retry_flags(b); 368 /* BIO_clear_retry_flags(b); */
361 BIO_copy_next_retry(b); 369 BIO_copy_next_retry(b);
362 return((ret == 0)?ret_code:ret); 370 return((ret == 0)?ret_code:ret);
363 } 371 }
364 372
365static int b64_write(BIO *b, const char *in, int inl) 373static int b64_write(BIO *b, const char *in, int inl)
366 { 374 {
367 int ret=inl,n,i; 375 int ret=0;
376 int n;
377 int i;
368 BIO_B64_CTX *ctx; 378 BIO_B64_CTX *ctx;
369 379
370 ctx=(BIO_B64_CTX *)b->ptr; 380 ctx=(BIO_B64_CTX *)b->ptr;
@@ -379,6 +389,9 @@ static int b64_write(BIO *b, const char *in, int inl)
379 EVP_EncodeInit(&(ctx->base64)); 389 EVP_EncodeInit(&(ctx->base64));
380 } 390 }
381 391
392 OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf));
393 OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
394 OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
382 n=ctx->buf_len-ctx->buf_off; 395 n=ctx->buf_len-ctx->buf_off;
383 while (n > 0) 396 while (n > 0)
384 { 397 {
@@ -388,7 +401,10 @@ static int b64_write(BIO *b, const char *in, int inl)
388 BIO_copy_next_retry(b); 401 BIO_copy_next_retry(b);
389 return(i); 402 return(i);
390 } 403 }
404 OPENSSL_assert(i <= n);
391 ctx->buf_off+=i; 405 ctx->buf_off+=i;
406 OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
407 OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
392 n-=i; 408 n-=i;
393 } 409 }
394 /* at this point all pending data has been written */ 410 /* at this point all pending data has been written */
@@ -405,18 +421,19 @@ static int b64_write(BIO *b, const char *in, int inl)
405 { 421 {
406 if (ctx->tmp_len > 0) 422 if (ctx->tmp_len > 0)
407 { 423 {
424 OPENSSL_assert(ctx->tmp_len <= 3);
408 n=3-ctx->tmp_len; 425 n=3-ctx->tmp_len;
409 /* There's a teoretical possibility for this */ 426 /* There's a theoretical possibility for this */
410 if (n > inl) 427 if (n > inl)
411 n=inl; 428 n=inl;
412 memcpy(&(ctx->tmp[ctx->tmp_len]),in,n); 429 memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
413 ctx->tmp_len+=n; 430 ctx->tmp_len+=n;
431 ret += n;
414 if (ctx->tmp_len < 3) 432 if (ctx->tmp_len < 3)
415 break; 433 break;
416 ctx->buf_len=EVP_EncodeBlock( 434 ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(unsigned char *)ctx->tmp,ctx->tmp_len);
417 (unsigned char *)ctx->buf, 435 OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
418 (unsigned char *)ctx->tmp, 436 OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
419 ctx->tmp_len);
420 /* Since we're now done using the temporary 437 /* Since we're now done using the temporary
421 buffer, the length should be 0'd */ 438 buffer, the length should be 0'd */
422 ctx->tmp_len=0; 439 ctx->tmp_len=0;
@@ -425,14 +442,16 @@ static int b64_write(BIO *b, const char *in, int inl)
425 { 442 {
426 if (n < 3) 443 if (n < 3)
427 { 444 {
428 memcpy(&(ctx->tmp[0]),in,n); 445 memcpy(ctx->tmp,in,n);
429 ctx->tmp_len=n; 446 ctx->tmp_len=n;
447 ret += n;
430 break; 448 break;
431 } 449 }
432 n-=n%3; 450 n-=n%3;
433 ctx->buf_len=EVP_EncodeBlock( 451 ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(const unsigned char *)in,n);
434 (unsigned char *)ctx->buf, 452 OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
435 (unsigned char *)in,n); 453 OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
454 ret += n;
436 } 455 }
437 } 456 }
438 else 457 else
@@ -440,6 +459,9 @@ static int b64_write(BIO *b, const char *in, int inl)
440 EVP_EncodeUpdate(&(ctx->base64), 459 EVP_EncodeUpdate(&(ctx->base64),
441 (unsigned char *)ctx->buf,&ctx->buf_len, 460 (unsigned char *)ctx->buf,&ctx->buf_len,
442 (unsigned char *)in,n); 461 (unsigned char *)in,n);
462 OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
463 OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
464 ret += n;
443 } 465 }
444 inl-=n; 466 inl-=n;
445 in+=n; 467 in+=n;
@@ -454,8 +476,11 @@ static int b64_write(BIO *b, const char *in, int inl)
454 BIO_copy_next_retry(b); 476 BIO_copy_next_retry(b);
455 return((ret == 0)?i:ret); 477 return((ret == 0)?i:ret);
456 } 478 }
479 OPENSSL_assert(i <= n);
457 n-=i; 480 n-=i;
458 ctx->buf_off+=i; 481 ctx->buf_off+=i;
482 OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
483 OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
459 } 484 }
460 ctx->buf_len=0; 485 ctx->buf_len=0;
461 ctx->buf_off=0; 486 ctx->buf_off=0;
@@ -486,6 +511,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
486 ret=BIO_ctrl(b->next_bio,cmd,num,ptr); 511 ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
487 break; 512 break;
488 case BIO_CTRL_WPENDING: /* More to write in buffer */ 513 case BIO_CTRL_WPENDING: /* More to write in buffer */
514 OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
489 ret=ctx->buf_len-ctx->buf_off; 515 ret=ctx->buf_len-ctx->buf_off;
490 if ((ret == 0) && (ctx->encode != B64_NONE) 516 if ((ret == 0) && (ctx->encode != B64_NONE)
491 && (ctx->base64.num != 0)) 517 && (ctx->base64.num != 0))
@@ -494,6 +520,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
494 ret=BIO_ctrl(b->next_bio,cmd,num,ptr); 520 ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
495 break; 521 break;
496 case BIO_CTRL_PENDING: /* More to read in buffer */ 522 case BIO_CTRL_PENDING: /* More to read in buffer */
523 OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
497 ret=ctx->buf_len-ctx->buf_off; 524 ret=ctx->buf_len-ctx->buf_off;
498 if (ret <= 0) 525 if (ret <= 0)
499 ret=BIO_ctrl(b->next_bio,cmd,num,ptr); 526 ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
@@ -565,3 +592,7 @@ static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
565 return(ret); 592 return(ret);
566 } 593 }
567 594
595static int b64_puts(BIO *b, const char *str)
596 {
597 return b64_write(b,str,strlen(str));
598 }
diff --git a/src/lib/libcrypto/evp/bio_enc.c b/src/lib/libcrypto/evp/bio_enc.c
index f6ac94c6e1..b6efb5fbc4 100644
--- a/src/lib/libcrypto/evp/bio_enc.c
+++ b/src/lib/libcrypto/evp/bio_enc.c
@@ -361,8 +361,10 @@ again:
361 case BIO_CTRL_DUP: 361 case BIO_CTRL_DUP:
362 dbio=(BIO *)ptr; 362 dbio=(BIO *)ptr;
363 dctx=(BIO_ENC_CTX *)dbio->ptr; 363 dctx=(BIO_ENC_CTX *)dbio->ptr;
364 memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher)); 364 EVP_CIPHER_CTX_init(&dctx->cipher);
365 dbio->init=1; 365 ret = EVP_CIPHER_CTX_copy(&dctx->cipher,&ctx->cipher);
366 if (ret)
367 dbio->init=1;
366 break; 368 break;
367 default: 369 default:
368 ret=BIO_ctrl(b->next_bio,cmd,num,ptr); 370 ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
diff --git a/src/lib/libcrypto/evp/bio_md.c b/src/lib/libcrypto/evp/bio_md.c
index ed5c1135fd..9841e32e1a 100644
--- a/src/lib/libcrypto/evp/bio_md.c
+++ b/src/lib/libcrypto/evp/bio_md.c
@@ -130,8 +130,8 @@ static int md_read(BIO *b, char *out, int outl)
130 { 130 {
131 if (ret > 0) 131 if (ret > 0)
132 { 132 {
133 EVP_DigestUpdate(ctx,(unsigned char *)out, 133 if (EVP_DigestUpdate(ctx,(unsigned char *)out,
134 (unsigned int)ret); 134 (unsigned int)ret)<=0) return (-1);
135 } 135 }
136 } 136 }
137 BIO_clear_retry_flags(b); 137 BIO_clear_retry_flags(b);
@@ -157,8 +157,11 @@ static int md_write(BIO *b, const char *in, int inl)
157 (unsigned int)ret); 157 (unsigned int)ret);
158 } 158 }
159 } 159 }
160 BIO_clear_retry_flags(b); 160 if(b->next_bio != NULL)
161 BIO_copy_next_retry(b); 161 {
162 BIO_clear_retry_flags(b);
163 BIO_copy_next_retry(b);
164 }
162 return(ret); 165 return(ret);
163 } 166 }
164 167
@@ -194,6 +197,7 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
194 case BIO_C_GET_MD_CTX: 197 case BIO_C_GET_MD_CTX:
195 pctx=ptr; 198 pctx=ptr;
196 *pctx=ctx; 199 *pctx=ctx;
200 b->init = 1;
197 break; 201 break;
198 case BIO_C_SET_MD_CTX: 202 case BIO_C_SET_MD_CTX:
199 if (b->init) 203 if (b->init)
@@ -249,7 +253,9 @@ static int md_gets(BIO *bp, char *buf, int size)
249 ctx=bp->ptr; 253 ctx=bp->ptr;
250 if (size < ctx->digest->md_size) 254 if (size < ctx->digest->md_size)
251 return(0); 255 return(0);
252 EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret); 256 if (EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret)<=0)
257 return -1;
258
253 return((int)ret); 259 return((int)ret);
254 } 260 }
255 261
diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c
index a5da52e62d..766c4cecdf 100644
--- a/src/lib/libcrypto/evp/c_all.c
+++ b/src/lib/libcrypto/evp/c_all.c
@@ -83,7 +83,7 @@ void OPENSSL_add_all_algorithms_noconf(void)
83 OpenSSL_add_all_ciphers(); 83 OpenSSL_add_all_ciphers();
84 OpenSSL_add_all_digests(); 84 OpenSSL_add_all_digests();
85#ifndef OPENSSL_NO_ENGINE 85#ifndef OPENSSL_NO_ENGINE
86# if defined(__OpenBSD__) || defined(__FreeBSD__) 86# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
87 ENGINE_setup_bsd_cryptodev(); 87 ENGINE_setup_bsd_cryptodev();
88# endif 88# endif
89#endif 89#endif
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index 3bc2d1295c..982ba2b136 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -116,7 +116,6 @@
116#ifndef OPENSSL_NO_ENGINE 116#ifndef OPENSSL_NO_ENGINE
117#include <openssl/engine.h> 117#include <openssl/engine.h>
118#endif 118#endif
119#include "evp_locl.h"
120 119
121void EVP_MD_CTX_init(EVP_MD_CTX *ctx) 120void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
122 { 121 {
@@ -127,7 +126,8 @@ EVP_MD_CTX *EVP_MD_CTX_create(void)
127 { 126 {
128 EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx); 127 EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
129 128
130 EVP_MD_CTX_init(ctx); 129 if (ctx)
130 EVP_MD_CTX_init(ctx);
131 131
132 return ctx; 132 return ctx;
133 } 133 }
@@ -138,77 +138,18 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
138 return EVP_DigestInit_ex(ctx, type, NULL); 138 return EVP_DigestInit_ex(ctx, type, NULL);
139 } 139 }
140 140
141#ifdef OPENSSL_FIPS 141int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
142
143/* The purpose of these is to trap programs that attempt to use non FIPS
144 * algorithms in FIPS mode and ignore the errors.
145 */
146
147static int bad_init(EVP_MD_CTX *ctx)
148 { FIPS_ERROR_IGNORED("Digest init"); return 0;}
149
150static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count)
151 { FIPS_ERROR_IGNORED("Digest update"); return 0;}
152
153static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
154 { FIPS_ERROR_IGNORED("Digest Final"); return 0;}
155
156static const EVP_MD bad_md =
157 { 142 {
158 0, 143 EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
159 0,
160 0,
161 0,
162 bad_init,
163 bad_update,
164 bad_final,
165 NULL,
166 NULL,
167 NULL,
168 0,
169 {0,0,0,0},
170 };
171
172#endif
173
174#ifndef OPENSSL_NO_ENGINE 144#ifndef OPENSSL_NO_ENGINE
175 145 /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
176#ifdef OPENSSL_FIPS 146 * so this context may already have an ENGINE! Try to avoid releasing
177 147 * the previous handle, re-querying for an ENGINE, and having a
178static int do_engine_null(ENGINE *impl) { return 0;} 148 * reinitialisation, when it may all be unecessary. */
179static int do_evp_md_engine_null(EVP_MD_CTX *ctx, 149 if (ctx->engine && ctx->digest && (!type ||
180 const EVP_MD **ptype, ENGINE *impl) 150 (type && (type->type == ctx->digest->type))))
181 { return 1; } 151 goto skip_to_init;
182 152 if (type)
183static int (*do_engine_init)(ENGINE *impl)
184 = do_engine_null;
185
186static int (*do_engine_finish)(ENGINE *impl)
187 = do_engine_null;
188
189static int (*do_evp_md_engine)
190 (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
191 = do_evp_md_engine_null;
192
193void int_EVP_MD_set_engine_callbacks(
194 int (*eng_md_init)(ENGINE *impl),
195 int (*eng_md_fin)(ENGINE *impl),
196 int (*eng_md_evp)
197 (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl))
198 {
199 do_engine_init = eng_md_init;
200 do_engine_finish = eng_md_fin;
201 do_evp_md_engine = eng_md_evp;
202 }
203
204#else
205
206#define do_engine_init ENGINE_init
207#define do_engine_finish ENGINE_finish
208
209static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
210 {
211 if (*ptype)
212 { 153 {
213 /* Ensure an ENGINE left lying around from last time is cleared 154 /* Ensure an ENGINE left lying around from last time is cleared
214 * (the previous check attempted to avoid this if the same 155 * (the previous check attempted to avoid this if the same
@@ -219,25 +160,26 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
219 { 160 {
220 if (!ENGINE_init(impl)) 161 if (!ENGINE_init(impl))
221 { 162 {
222 EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR); 163 EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
223 return 0; 164 return 0;
224 } 165 }
225 } 166 }
226 else 167 else
227 /* Ask if an ENGINE is reserved for this job */ 168 /* Ask if an ENGINE is reserved for this job */
228 impl = ENGINE_get_digest_engine((*ptype)->type); 169 impl = ENGINE_get_digest_engine(type->type);
229 if(impl) 170 if(impl)
230 { 171 {
231 /* There's an ENGINE for this job ... (apparently) */ 172 /* There's an ENGINE for this job ... (apparently) */
232 const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type); 173 const EVP_MD *d = ENGINE_get_digest(impl, type->type);
233 if(!d) 174 if(!d)
234 { 175 {
235 /* Same comment from evp_enc.c */ 176 /* Same comment from evp_enc.c */
236 EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR); 177 EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
178 ENGINE_finish(impl);
237 return 0; 179 return 0;
238 } 180 }
239 /* We'll use the ENGINE's private digest definition */ 181 /* We'll use the ENGINE's private digest definition */
240 *ptype = d; 182 type = d;
241 /* Store the ENGINE functional reference so we know 183 /* Store the ENGINE functional reference so we know
242 * 'type' came from an ENGINE and we need to release 184 * 'type' came from an ENGINE and we need to release
243 * it when done. */ 185 * it when done. */
@@ -249,71 +191,46 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
249 else 191 else
250 if(!ctx->digest) 192 if(!ctx->digest)
251 { 193 {
252 EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_NO_DIGEST_SET); 194 EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET);
253 return 0; 195 return 0;
254 } 196 }
255 return 1;
256 }
257
258#endif
259
260#endif
261
262int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
263 {
264 M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
265#ifdef OPENSSL_FIPS
266 if(FIPS_selftest_failed())
267 {
268 FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
269 ctx->digest = &bad_md;
270 return 0;
271 }
272#endif
273#ifndef OPENSSL_NO_ENGINE
274 /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
275 * so this context may already have an ENGINE! Try to avoid releasing
276 * the previous handle, re-querying for an ENGINE, and having a
277 * reinitialisation, when it may all be unecessary. */
278 if (ctx->engine && ctx->digest && (!type ||
279 (type && (type->type == ctx->digest->type))))
280 goto skip_to_init;
281 if (!do_evp_md_engine(ctx, &type, impl))
282 return 0;
283#endif 197#endif
284 if (ctx->digest != type) 198 if (ctx->digest != type)
285 { 199 {
286#ifdef OPENSSL_FIPS 200 if (ctx->digest && ctx->digest->ctx_size)
287 if (FIPS_mode()) 201 OPENSSL_free(ctx->md_data);
202 ctx->digest=type;
203 if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size)
288 { 204 {
289 if (!(type->flags & EVP_MD_FLAG_FIPS) 205 ctx->update = type->update;
290 && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) 206 ctx->md_data=OPENSSL_malloc(type->ctx_size);
207 if (ctx->md_data == NULL)
291 { 208 {
292 EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS); 209 EVPerr(EVP_F_EVP_DIGESTINIT_EX,
293 ctx->digest = &bad_md; 210 ERR_R_MALLOC_FAILURE);
294 return 0; 211 return 0;
295 } 212 }
296 } 213 }
297#endif
298 if (ctx->digest && ctx->digest->ctx_size)
299 OPENSSL_free(ctx->md_data);
300 ctx->digest=type;
301 if (type->ctx_size)
302 ctx->md_data=OPENSSL_malloc(type->ctx_size);
303 } 214 }
304#ifndef OPENSSL_NO_ENGINE 215#ifndef OPENSSL_NO_ENGINE
305 skip_to_init: 216skip_to_init:
306#endif 217#endif
218 if (ctx->pctx)
219 {
220 int r;
221 r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
222 EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);
223 if (r <= 0 && (r != -2))
224 return 0;
225 }
226 if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
227 return 1;
307 return ctx->digest->init(ctx); 228 return ctx->digest->init(ctx);
308 } 229 }
309 230
310int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, 231int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
311 size_t count)
312 { 232 {
313#ifdef OPENSSL_FIPS 233 return ctx->update(ctx,data,count);
314 FIPS_selftest_check();
315#endif
316 return ctx->digest->update(ctx,data,count);
317 } 234 }
318 235
319/* The caller can assume that this removes any secret data from the context */ 236/* The caller can assume that this removes any secret data from the context */
@@ -329,9 +246,6 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
329int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) 246int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
330 { 247 {
331 int ret; 248 int ret;
332#ifdef OPENSSL_FIPS
333 FIPS_selftest_check();
334#endif
335 249
336 OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); 250 OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
337 ret=ctx->digest->final(ctx,md); 251 ret=ctx->digest->final(ctx,md);
@@ -340,7 +254,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
340 if (ctx->digest->cleanup) 254 if (ctx->digest->cleanup)
341 { 255 {
342 ctx->digest->cleanup(ctx); 256 ctx->digest->cleanup(ctx);
343 M_EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); 257 EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
344 } 258 }
345 memset(ctx->md_data,0,ctx->digest->ctx_size); 259 memset(ctx->md_data,0,ctx->digest->ctx_size);
346 return ret; 260 return ret;
@@ -362,7 +276,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
362 } 276 }
363#ifndef OPENSSL_NO_ENGINE 277#ifndef OPENSSL_NO_ENGINE
364 /* Make sure it's safe to copy a digest context using an ENGINE */ 278 /* Make sure it's safe to copy a digest context using an ENGINE */
365 if (in->engine && !do_engine_init(in->engine)) 279 if (in->engine && !ENGINE_init(in->engine))
366 { 280 {
367 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB); 281 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB);
368 return 0; 282 return 0;
@@ -372,19 +286,40 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
372 if (out->digest == in->digest) 286 if (out->digest == in->digest)
373 { 287 {
374 tmp_buf = out->md_data; 288 tmp_buf = out->md_data;
375 M_EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE); 289 EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
376 } 290 }
377 else tmp_buf = NULL; 291 else tmp_buf = NULL;
378 EVP_MD_CTX_cleanup(out); 292 EVP_MD_CTX_cleanup(out);
379 memcpy(out,in,sizeof *out); 293 memcpy(out,in,sizeof *out);
380 294
381 if (out->digest->ctx_size) 295 if (in->md_data && out->digest->ctx_size)
382 { 296 {
383 if (tmp_buf) out->md_data = tmp_buf; 297 if (tmp_buf)
384 else out->md_data=OPENSSL_malloc(out->digest->ctx_size); 298 out->md_data = tmp_buf;
299 else
300 {
301 out->md_data=OPENSSL_malloc(out->digest->ctx_size);
302 if (!out->md_data)
303 {
304 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE);
305 return 0;
306 }
307 }
385 memcpy(out->md_data,in->md_data,out->digest->ctx_size); 308 memcpy(out->md_data,in->md_data,out->digest->ctx_size);
386 } 309 }
387 310
311 out->update = in->update;
312
313 if (in->pctx)
314 {
315 out->pctx = EVP_PKEY_CTX_dup(in->pctx);
316 if (!out->pctx)
317 {
318 EVP_MD_CTX_cleanup(out);
319 return 0;
320 }
321 }
322
388 if (out->digest->copy) 323 if (out->digest->copy)
389 return out->digest->copy(out,in); 324 return out->digest->copy(out,in);
390 325
@@ -398,7 +333,7 @@ int EVP_Digest(const void *data, size_t count,
398 int ret; 333 int ret;
399 334
400 EVP_MD_CTX_init(&ctx); 335 EVP_MD_CTX_init(&ctx);
401 M_EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT); 336 EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
402 ret=EVP_DigestInit_ex(&ctx, type, impl) 337 ret=EVP_DigestInit_ex(&ctx, type, impl)
403 && EVP_DigestUpdate(&ctx, data, count) 338 && EVP_DigestUpdate(&ctx, data, count)
404 && EVP_DigestFinal_ex(&ctx, md, size); 339 && EVP_DigestFinal_ex(&ctx, md, size);
@@ -420,19 +355,21 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
420 * because sometimes only copies of the context are ever finalised. 355 * because sometimes only copies of the context are ever finalised.
421 */ 356 */
422 if (ctx->digest && ctx->digest->cleanup 357 if (ctx->digest && ctx->digest->cleanup
423 && !M_EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) 358 && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
424 ctx->digest->cleanup(ctx); 359 ctx->digest->cleanup(ctx);
425 if (ctx->digest && ctx->digest->ctx_size && ctx->md_data 360 if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
426 && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) 361 && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
427 { 362 {
428 OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); 363 OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
429 OPENSSL_free(ctx->md_data); 364 OPENSSL_free(ctx->md_data);
430 } 365 }
366 if (ctx->pctx)
367 EVP_PKEY_CTX_free(ctx->pctx);
431#ifndef OPENSSL_NO_ENGINE 368#ifndef OPENSSL_NO_ENGINE
432 if(ctx->engine) 369 if(ctx->engine)
433 /* The EVP_MD we used belongs to an ENGINE, release the 370 /* The EVP_MD we used belongs to an ENGINE, release the
434 * functional reference we held for this reason. */ 371 * functional reference we held for this reason. */
435 do_engine_finish(ctx->engine); 372 ENGINE_finish(ctx->engine);
436#endif 373#endif
437 memset(ctx,'\0',sizeof *ctx); 374 memset(ctx,'\0',sizeof *ctx);
438 375
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index c9a5ee8d75..bd6c0a3a62 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -69,29 +69,32 @@ typedef struct
69 69
70IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, 70IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
71 NID_aes_128, 16, 16, 16, 128, 71 NID_aes_128, 16, 16, 16, 128,
72 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, 72 0, aes_init_key, NULL,
73 aes_init_key, 73 EVP_CIPHER_set_asn1_iv,
74 NULL, NULL, NULL, NULL) 74 EVP_CIPHER_get_asn1_iv,
75 NULL)
75IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, 76IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
76 NID_aes_192, 16, 24, 16, 128, 77 NID_aes_192, 16, 24, 16, 128,
77 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, 78 0, aes_init_key, NULL,
78 aes_init_key, 79 EVP_CIPHER_set_asn1_iv,
79 NULL, NULL, NULL, NULL) 80 EVP_CIPHER_get_asn1_iv,
81 NULL)
80IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, 82IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
81 NID_aes_256, 16, 32, 16, 128, 83 NID_aes_256, 16, 32, 16, 128,
82 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, 84 0, aes_init_key, NULL,
83 aes_init_key, 85 EVP_CIPHER_set_asn1_iv,
84 NULL, NULL, NULL, NULL) 86 EVP_CIPHER_get_asn1_iv,
87 NULL)
85 88
86#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags) 89#define IMPLEMENT_AES_CFBR(ksize,cbits) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16)
87 90
88IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS) 91IMPLEMENT_AES_CFBR(128,1)
89IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS) 92IMPLEMENT_AES_CFBR(192,1)
90IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS) 93IMPLEMENT_AES_CFBR(256,1)
91 94
92IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS) 95IMPLEMENT_AES_CFBR(128,8)
93IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS) 96IMPLEMENT_AES_CFBR(192,8)
94IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS) 97IMPLEMENT_AES_CFBR(256,8)
95 98
96static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 99static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
97 const unsigned char *iv, int enc) 100 const unsigned char *iv, int enc)
diff --git a/src/lib/libcrypto/evp/e_camellia.c b/src/lib/libcrypto/evp/e_camellia.c
index 365d397164..a7b40d1c60 100644
--- a/src/lib/libcrypto/evp/e_camellia.c
+++ b/src/lib/libcrypto/evp/e_camellia.c
@@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY,
93 EVP_CIPHER_get_asn1_iv, 93 EVP_CIPHER_get_asn1_iv,
94 NULL) 94 NULL)
95 95
96#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16,0) 96#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16)
97 97
98IMPLEMENT_CAMELLIA_CFBR(128,1) 98IMPLEMENT_CAMELLIA_CFBR(128,1)
99IMPLEMENT_CAMELLIA_CFBR(192,1) 99IMPLEMENT_CAMELLIA_CFBR(192,1)
diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c
index 04376df232..ca009f2c52 100644
--- a/src/lib/libcrypto/evp/e_des.c
+++ b/src/lib/libcrypto/evp/e_des.c
@@ -72,7 +72,7 @@ static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
72/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */ 72/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */
73 73
74static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 74static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
75 const unsigned char *in, unsigned int inl) 75 const unsigned char *in, size_t inl)
76{ 76{
77 BLOCK_CIPHER_ecb_loop() 77 BLOCK_CIPHER_ecb_loop()
78 DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ctx->cipher_data, ctx->encrypt); 78 DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ctx->cipher_data, ctx->encrypt);
@@ -80,24 +80,52 @@ static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
80} 80}
81 81
82static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 82static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
83 const unsigned char *in, unsigned int inl) 83 const unsigned char *in, size_t inl)
84{ 84{
85 DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num); 85 while(inl>=EVP_MAXCHUNK)
86 {
87 DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
88 (DES_cblock *)ctx->iv, &ctx->num);
89 inl-=EVP_MAXCHUNK;
90 in +=EVP_MAXCHUNK;
91 out+=EVP_MAXCHUNK;
92 }
93 if (inl)
94 DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data,
95 (DES_cblock *)ctx->iv, &ctx->num);
86 return 1; 96 return 1;
87} 97}
88 98
89static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 99static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
90 const unsigned char *in, unsigned int inl) 100 const unsigned char *in, size_t inl)
91{ 101{
92 DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data, 102 while(inl>=EVP_MAXCHUNK)
93 (DES_cblock *)ctx->iv, ctx->encrypt); 103 {
104 DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
105 (DES_cblock *)ctx->iv, ctx->encrypt);
106 inl-=EVP_MAXCHUNK;
107 in +=EVP_MAXCHUNK;
108 out+=EVP_MAXCHUNK;
109 }
110 if (inl)
111 DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,
112 (DES_cblock *)ctx->iv, ctx->encrypt);
94 return 1; 113 return 1;
95} 114}
96 115
97static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 116static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
98 const unsigned char *in, unsigned int inl) 117 const unsigned char *in, size_t inl)
99{ 118{
100 DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, 119 while(inl>=EVP_MAXCHUNK)
120 {
121 DES_cfb64_encrypt(in,out, (long)EVP_MAXCHUNK, ctx->cipher_data,
122 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
123 inl-=EVP_MAXCHUNK;
124 in +=EVP_MAXCHUNK;
125 out+=EVP_MAXCHUNK;
126 }
127 if (inl)
128 DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
101 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); 129 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
102 return 1; 130 return 1;
103} 131}
@@ -105,45 +133,62 @@ static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
105/* Although we have a CFB-r implementation for DES, it doesn't pack the right 133/* Although we have a CFB-r implementation for DES, it doesn't pack the right
106 way, so wrap it here */ 134 way, so wrap it here */
107static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 135static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
108 const unsigned char *in, unsigned int inl) 136 const unsigned char *in, size_t inl)
109 { 137 {
110 unsigned int n; 138 size_t n,chunk=EVP_MAXCHUNK/8;
111 unsigned char c[1],d[1]; 139 unsigned char c[1],d[1];
112 140
113 for(n=0 ; n < inl ; ++n) 141 if (inl<chunk) chunk=inl;
142
143 while (inl && inl>=chunk)
114 { 144 {
115 c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; 145 for(n=0 ; n < chunk*8; ++n)
116 DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv, 146 {
147 c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
148 DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv,
117 ctx->encrypt); 149 ctx->encrypt);
118 out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8)); 150 out[n/8]=(out[n/8]&~(0x80 >> (unsigned int)(n%8))) |
151 ((d[0]&0x80) >> (unsigned int)(n%8));
152 }
153 inl-=chunk;
154 in +=chunk;
155 out+=chunk;
156 if (inl<chunk) chunk=inl;
119 } 157 }
158
120 return 1; 159 return 1;
121 } 160 }
122 161
123static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 162static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
124 const unsigned char *in, unsigned int inl) 163 const unsigned char *in, size_t inl)
125 { 164 {
126 DES_cfb_encrypt(in,out,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv, 165 while (inl>=EVP_MAXCHUNK)
127 ctx->encrypt); 166 {
167 DES_cfb_encrypt(in,out,8,(long)EVP_MAXCHUNK,ctx->cipher_data,
168 (DES_cblock *)ctx->iv,ctx->encrypt);
169 inl-=EVP_MAXCHUNK;
170 in +=EVP_MAXCHUNK;
171 out+=EVP_MAXCHUNK;
172 }
173 if (inl)
174 DES_cfb_encrypt(in,out,8,(long)inl,ctx->cipher_data,
175 (DES_cblock *)ctx->iv,ctx->encrypt);
128 return 1; 176 return 1;
129 } 177 }
130 178
131BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, 179BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
132 EVP_CIPH_RAND_KEY, 180 EVP_CIPH_RAND_KEY, des_init_key, NULL,
133 des_init_key, NULL,
134 EVP_CIPHER_set_asn1_iv, 181 EVP_CIPHER_set_asn1_iv,
135 EVP_CIPHER_get_asn1_iv, 182 EVP_CIPHER_get_asn1_iv,
136 des_ctrl) 183 des_ctrl)
137 184
138BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, 185BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,
139 EVP_CIPH_RAND_KEY, 186 EVP_CIPH_RAND_KEY, des_init_key,NULL,
140 des_init_key, NULL,
141 EVP_CIPHER_set_asn1_iv, 187 EVP_CIPHER_set_asn1_iv,
142 EVP_CIPHER_get_asn1_iv,des_ctrl) 188 EVP_CIPHER_get_asn1_iv,des_ctrl)
143 189
144BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, 190BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,
145 EVP_CIPH_RAND_KEY, 191 EVP_CIPH_RAND_KEY,des_init_key,NULL,
146 des_init_key,NULL,
147 EVP_CIPHER_set_asn1_iv, 192 EVP_CIPHER_set_asn1_iv,
148 EVP_CIPHER_get_asn1_iv,des_ctrl) 193 EVP_CIPHER_get_asn1_iv,des_ctrl)
149 194
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
index f910af19b1..3232cfe024 100644
--- a/src/lib/libcrypto/evp/e_des3.c
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -85,7 +85,7 @@ typedef struct
85/* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */ 85/* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */
86 86
87static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 87static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
88 const unsigned char *in, unsigned int inl) 88 const unsigned char *in, size_t inl)
89{ 89{
90 BLOCK_CIPHER_ecb_loop() 90 BLOCK_CIPHER_ecb_loop()
91 DES_ecb3_encrypt((const_DES_cblock *)(in + i), 91 DES_ecb3_encrypt((const_DES_cblock *)(in + i),
@@ -97,48 +97,80 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
97} 97}
98 98
99static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 99static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
100 const unsigned char *in, unsigned int inl) 100 const unsigned char *in, size_t inl)
101{ 101{
102 DES_ede3_ofb64_encrypt(in, out, (long)inl, 102 if (inl>=EVP_MAXCHUNK)
103 {
104 DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
103 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 105 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
104 (DES_cblock *)ctx->iv, &ctx->num); 106 (DES_cblock *)ctx->iv, &ctx->num);
107 inl-=EVP_MAXCHUNK;
108 in +=EVP_MAXCHUNK;
109 out+=EVP_MAXCHUNK;
110 }
111 if (inl)
112 DES_ede3_ofb64_encrypt(in, out, (long)inl,
113 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
114 (DES_cblock *)ctx->iv, &ctx->num);
115
105 return 1; 116 return 1;
106} 117}
107 118
108static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 119static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
109 const unsigned char *in, unsigned int inl) 120 const unsigned char *in, size_t inl)
110{ 121{
111#ifdef KSSL_DEBUG 122#ifdef KSSL_DEBUG
112 { 123 {
113 int i; 124 int i;
114 printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", (unsigned long)ctx, ctx->buf_len); 125 char *cp;
126 printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len);
115 printf("\t iv= "); 127 printf("\t iv= ");
116 for(i=0;i<8;i++) 128 for(i=0;i<8;i++)
117 printf("%02X",ctx->iv[i]); 129 printf("%02X",ctx->iv[i]);
118 printf("\n"); 130 printf("\n");
119 } 131 }
120#endif /* KSSL_DEBUG */ 132#endif /* KSSL_DEBUG */
121 DES_ede3_cbc_encrypt(in, out, (long)inl, 133 if (inl>=EVP_MAXCHUNK)
134 {
135 DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
122 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 136 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
123 (DES_cblock *)ctx->iv, ctx->encrypt); 137 (DES_cblock *)ctx->iv, ctx->encrypt);
138 inl-=EVP_MAXCHUNK;
139 in +=EVP_MAXCHUNK;
140 out+=EVP_MAXCHUNK;
141 }
142 if (inl)
143 DES_ede3_cbc_encrypt(in, out, (long)inl,
144 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
145 (DES_cblock *)ctx->iv, ctx->encrypt);
124 return 1; 146 return 1;
125} 147}
126 148
127static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 149static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
128 const unsigned char *in, unsigned int inl) 150 const unsigned char *in, size_t inl)
129{ 151{
130 DES_ede3_cfb64_encrypt(in, out, (long)inl, 152 if (inl>=EVP_MAXCHUNK)
153 {
154 DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
131 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 155 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
132 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); 156 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
157 inl-=EVP_MAXCHUNK;
158 in +=EVP_MAXCHUNK;
159 out+=EVP_MAXCHUNK;
160 }
161 if (inl)
162 DES_ede3_cfb64_encrypt(in, out, (long)inl,
163 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
164 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
133 return 1; 165 return 1;
134} 166}
135 167
136/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right 168/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right
137 way, so wrap it here */ 169 way, so wrap it here */
138static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 170static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
139 const unsigned char *in, unsigned int inl) 171 const unsigned char *in, size_t inl)
140 { 172 {
141 unsigned int n; 173 size_t n;
142 unsigned char c[1],d[1]; 174 unsigned char c[1],d[1];
143 175
144 for(n=0 ; n < inl ; ++n) 176 for(n=0 ; n < inl ; ++n)
@@ -147,25 +179,36 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
147 DES_ede3_cfb_encrypt(c,d,1,1, 179 DES_ede3_cfb_encrypt(c,d,1,1,
148 &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3, 180 &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
149 (DES_cblock *)ctx->iv,ctx->encrypt); 181 (DES_cblock *)ctx->iv,ctx->encrypt);
150 out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8)); 182 out[n/8]=(out[n/8]&~(0x80 >> (unsigned int)(n%8))) |
183 ((d[0]&0x80) >> (unsigned int)(n%8));
151 } 184 }
152 185
153 return 1; 186 return 1;
154 } 187 }
155 188
156static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 189static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
157 const unsigned char *in, unsigned int inl) 190 const unsigned char *in, size_t inl)
158 { 191 {
159 DES_ede3_cfb_encrypt(in,out,8,inl, 192 while (inl>=EVP_MAXCHUNK)
193 {
194 DES_ede3_cfb_encrypt(in,out,8,(long)EVP_MAXCHUNK,
160 &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3, 195 &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
161 (DES_cblock *)ctx->iv,ctx->encrypt); 196 (DES_cblock *)ctx->iv,ctx->encrypt);
197 inl-=EVP_MAXCHUNK;
198 in +=EVP_MAXCHUNK;
199 out+=EVP_MAXCHUNK;
200 }
201 if (inl)
202 DES_ede3_cfb_encrypt(in,out,8,(long)inl,
203 &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
204 (DES_cblock *)ctx->iv,ctx->encrypt);
162 return 1; 205 return 1;
163 } 206 }
164 207
165BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, 208BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
166 EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, 209 EVP_CIPH_RAND_KEY, des_ede_init_key, NULL,
167 des_ede_init_key, 210 EVP_CIPHER_set_asn1_iv,
168 NULL, NULL, NULL, 211 EVP_CIPHER_get_asn1_iv,
169 des3_ctrl) 212 des3_ctrl)
170 213
171#define des_ede3_cfb64_cipher des_ede_cfb64_cipher 214#define des_ede3_cfb64_cipher des_ede_cfb64_cipher
@@ -174,21 +217,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
174#define des_ede3_ecb_cipher des_ede_ecb_cipher 217#define des_ede3_ecb_cipher des_ede_ecb_cipher
175 218
176BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, 219BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
177 EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, 220 EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
178 des_ede3_init_key, 221 EVP_CIPHER_set_asn1_iv,
179 NULL, NULL, NULL, 222 EVP_CIPHER_get_asn1_iv,
180 des3_ctrl) 223 des3_ctrl)
181 224
182BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, 225BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
183 EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, 226 EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
184 des_ede3_init_key, 227 EVP_CIPHER_set_asn1_iv,
185 NULL, NULL, NULL, 228 EVP_CIPHER_get_asn1_iv,
186 des3_ctrl) 229 des3_ctrl)
187 230
188BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, 231BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
189 EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, 232 EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
190 des_ede3_init_key, 233 EVP_CIPHER_set_asn1_iv,
191 NULL, NULL, NULL, 234 EVP_CIPHER_get_asn1_iv,
192 des3_ctrl) 235 des3_ctrl)
193 236
194static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 237static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -215,7 +258,7 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
215#ifdef KSSL_DEBUG 258#ifdef KSSL_DEBUG
216 { 259 {
217 int i; 260 int i;
218 printf("des_ede3_init_key(ctx=%lx)\n", (unsigned long)ctx); 261 printf("des_ede3_init_key(ctx=%lx)\n", ctx);
219 printf("\tKEY= "); 262 printf("\tKEY= ");
220 for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n"); 263 for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n");
221 printf("\t IV= "); 264 printf("\t IV= ");
diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c
index 48c33a774a..806b080360 100644
--- a/src/lib/libcrypto/evp/e_idea.c
+++ b/src/lib/libcrypto/evp/e_idea.c
@@ -73,7 +73,7 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
73 */ 73 */
74 74
75static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 75static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
76 const unsigned char *in, unsigned int inl) 76 const unsigned char *in, size_t inl)
77{ 77{
78 BLOCK_CIPHER_ecb_loop() 78 BLOCK_CIPHER_ecb_loop()
79 idea_ecb_encrypt(in + i, out + i, ctx->cipher_data); 79 idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c
index 0872d733e4..7cf50e1416 100644
--- a/src/lib/libcrypto/evp/e_null.c
+++ b/src/lib/libcrypto/evp/e_null.c
@@ -64,12 +64,12 @@
64static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 64static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
65 const unsigned char *iv,int enc); 65 const unsigned char *iv,int enc);
66static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 66static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
67 const unsigned char *in, unsigned int inl); 67 const unsigned char *in, size_t inl);
68static const EVP_CIPHER n_cipher= 68static const EVP_CIPHER n_cipher=
69 { 69 {
70 NID_undef, 70 NID_undef,
71 1,0,0, 71 1,0,0,
72 EVP_CIPH_FLAG_FIPS, 72 0,
73 null_init_key, 73 null_init_key,
74 null_cipher, 74 null_cipher,
75 NULL, 75 NULL,
@@ -93,10 +93,10 @@ static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
93 } 93 }
94 94
95static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 95static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
96 const unsigned char *in, unsigned int inl) 96 const unsigned char *in, size_t inl)
97 { 97 {
98 if (in != out) 98 if (in != out)
99 memcpy((char *)out,(const char *)in,(size_t)inl); 99 memcpy((char *)out,(const char *)in,inl);
100 return 1; 100 return 1;
101 } 101 }
102 102
diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c
index d37726ffae..f78d781129 100644
--- a/src/lib/libcrypto/evp/e_rc2.c
+++ b/src/lib/libcrypto/evp/e_rc2.c
@@ -223,6 +223,11 @@ static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
223 return 1; 223 return 1;
224 } 224 }
225 return 0; 225 return 0;
226#ifdef PBE_PRF_TEST
227 case EVP_CTRL_PBE_PRF_NID:
228 *(int *)ptr = NID_hmacWithMD5;
229 return 1;
230#endif
226 231
227 default: 232 default:
228 return -1; 233 return -1;
diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c
index 55baad7446..8b5175e0fd 100644
--- a/src/lib/libcrypto/evp/e_rc4.c
+++ b/src/lib/libcrypto/evp/e_rc4.c
@@ -64,7 +64,6 @@
64#include <openssl/evp.h> 64#include <openssl/evp.h>
65#include <openssl/objects.h> 65#include <openssl/objects.h>
66#include <openssl/rc4.h> 66#include <openssl/rc4.h>
67#include "evp_locl.h"
68 67
69/* FIXME: surely this is available elsewhere? */ 68/* FIXME: surely this is available elsewhere? */
70#define EVP_RC4_KEY_SIZE 16 69#define EVP_RC4_KEY_SIZE 16
@@ -79,7 +78,7 @@ typedef struct
79static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 78static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
80 const unsigned char *iv,int enc); 79 const unsigned char *iv,int enc);
81static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 80static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
82 const unsigned char *in, unsigned int inl); 81 const unsigned char *in, size_t inl);
83static const EVP_CIPHER r4_cipher= 82static const EVP_CIPHER r4_cipher=
84 { 83 {
85 NID_rc4, 84 NID_rc4,
@@ -129,7 +128,7 @@ static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
129 } 128 }
130 129
131static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 130static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
132 const unsigned char *in, unsigned int inl) 131 const unsigned char *in, size_t inl)
133 { 132 {
134 RC4(&data(ctx)->ks,inl,in,out); 133 RC4(&data(ctx)->ks,inl,in,out);
135 return 1; 134 return 1;
diff --git a/src/lib/libcrypto/evp/e_xcbc_d.c b/src/lib/libcrypto/evp/e_xcbc_d.c
index 8832da2433..250e88c8c5 100644
--- a/src/lib/libcrypto/evp/e_xcbc_d.c
+++ b/src/lib/libcrypto/evp/e_xcbc_d.c
@@ -63,12 +63,13 @@
63 63
64#include <openssl/evp.h> 64#include <openssl/evp.h>
65#include <openssl/objects.h> 65#include <openssl/objects.h>
66#include "evp_locl.h"
66#include <openssl/des.h> 67#include <openssl/des.h>
67 68
68static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 69static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
69 const unsigned char *iv,int enc); 70 const unsigned char *iv,int enc);
70static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 71static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
71 const unsigned char *in, unsigned int inl); 72 const unsigned char *in, size_t inl);
72 73
73 74
74typedef struct 75typedef struct
@@ -113,13 +114,25 @@ static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
113 } 114 }
114 115
115static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 116static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
116 const unsigned char *in, unsigned int inl) 117 const unsigned char *in, size_t inl)
117 { 118 {
118 DES_xcbc_encrypt(in,out,inl,&data(ctx)->ks, 119 while (inl>=EVP_MAXCHUNK)
120 {
121 DES_xcbc_encrypt(in,out,(long)EVP_MAXCHUNK,&data(ctx)->ks,
119 (DES_cblock *)&(ctx->iv[0]), 122 (DES_cblock *)&(ctx->iv[0]),
120 &data(ctx)->inw, 123 &data(ctx)->inw,
121 &data(ctx)->outw, 124 &data(ctx)->outw,
122 ctx->encrypt); 125 ctx->encrypt);
126 inl-=EVP_MAXCHUNK;
127 in +=EVP_MAXCHUNK;
128 out+=EVP_MAXCHUNK;
129 }
130 if (inl)
131 DES_xcbc_encrypt(in,out,(long)inl,&data(ctx)->ks,
132 (DES_cblock *)&(ctx->iv[0]),
133 &data(ctx)->inw,
134 &data(ctx)->outw,
135 ctx->encrypt);
123 return 1; 136 return 1;
124 } 137 }
125#endif 138#endif
diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c
index 5921f0d710..b42c747249 100644
--- a/src/lib/libcrypto/evp/encode.c
+++ b/src/lib/libcrypto/evp/encode.c
@@ -85,7 +85,7 @@
85#define CHUNKS_PER_LINE (64/4) 85#define CHUNKS_PER_LINE (64/4)
86#define CHAR_PER_LINE (64+1) 86#define CHAR_PER_LINE (64+1)
87 87
88static unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\ 88static const unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\
89abcdefghijklmnopqrstuvwxyz0123456789+/"; 89abcdefghijklmnopqrstuvwxyz0123456789+/";
90 90
91/* 0xF0 is a EOLN 91/* 0xF0 is a EOLN
@@ -102,7 +102,7 @@ abcdefghijklmnopqrstuvwxyz0123456789+/";
102#define B64_ERROR 0xFF 102#define B64_ERROR 0xFF
103#define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3) 103#define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3)
104 104
105static unsigned char data_ascii2bin[128]={ 105static const unsigned char data_ascii2bin[128]={
106 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 106 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
107 0xFF,0xE0,0xF0,0xFF,0xFF,0xF1,0xFF,0xFF, 107 0xFF,0xE0,0xF0,0xFF,0xFF,0xF1,0xFF,0xFF,
108 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 108 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 79c097181f..9f9795e2d9 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -75,10 +75,6 @@
75#include <openssl/bio.h> 75#include <openssl/bio.h>
76#endif 76#endif
77 77
78#ifdef OPENSSL_FIPS
79#include <openssl/fips.h>
80#endif
81
82/* 78/*
83#define EVP_RC2_KEY_SIZE 16 79#define EVP_RC2_KEY_SIZE 16
84#define EVP_RC4_KEY_SIZE 16 80#define EVP_RC4_KEY_SIZE 16
@@ -119,6 +115,7 @@
119#define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 115#define EVP_PKEY_DSA4 NID_dsaWithSHA1_2
120#define EVP_PKEY_DH NID_dhKeyAgreement 116#define EVP_PKEY_DH NID_dhKeyAgreement
121#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey 117#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey
118#define EVP_PKEY_HMAC NID_hmac
122 119
123#ifdef __cplusplus 120#ifdef __cplusplus
124extern "C" { 121extern "C" {
@@ -132,6 +129,8 @@ struct evp_pkey_st
132 int type; 129 int type;
133 int save_type; 130 int save_type;
134 int references; 131 int references;
132 const EVP_PKEY_ASN1_METHOD *ameth;
133 ENGINE *engine;
135 union { 134 union {
136 char *ptr; 135 char *ptr;
137#ifndef OPENSSL_NO_RSA 136#ifndef OPENSSL_NO_RSA
@@ -156,73 +155,6 @@ struct evp_pkey_st
156#define EVP_PKEY_MO_ENCRYPT 0x0004 155#define EVP_PKEY_MO_ENCRYPT 0x0004
157#define EVP_PKEY_MO_DECRYPT 0x0008 156#define EVP_PKEY_MO_DECRYPT 0x0008
158 157
159#if 0
160/* This structure is required to tie the message digest and signing together.
161 * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or
162 * oid, md and pkey.
163 * This is required because for various smart-card perform the digest and
164 * signing/verification on-board. To handle this case, the specific
165 * EVP_MD and EVP_PKEY_METHODs need to be closely associated.
166 * When a PKEY is created, it will have a EVP_PKEY_METHOD associated with it.
167 * This can either be software or a token to provide the required low level
168 * routines.
169 */
170typedef struct evp_pkey_md_st
171 {
172 int oid;
173 EVP_MD *md;
174 EVP_PKEY_METHOD *pkey;
175 } EVP_PKEY_MD;
176
177#define EVP_rsa_md2() \
178 EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\
179 EVP_rsa_pkcs1(),EVP_md2())
180#define EVP_rsa_md5() \
181 EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\
182 EVP_rsa_pkcs1(),EVP_md5())
183#define EVP_rsa_sha0() \
184 EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\
185 EVP_rsa_pkcs1(),EVP_sha())
186#define EVP_rsa_sha1() \
187 EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\
188 EVP_rsa_pkcs1(),EVP_sha1())
189#define EVP_rsa_ripemd160() \
190 EVP_PKEY_MD_add(NID_ripemd160WithRSA,\
191 EVP_rsa_pkcs1(),EVP_ripemd160())
192#define EVP_rsa_mdc2() \
193 EVP_PKEY_MD_add(NID_mdc2WithRSA,\
194 EVP_rsa_octet_string(),EVP_mdc2())
195#define EVP_dsa_sha() \
196 EVP_PKEY_MD_add(NID_dsaWithSHA,\
197 EVP_dsa(),EVP_sha())
198#define EVP_dsa_sha1() \
199 EVP_PKEY_MD_add(NID_dsaWithSHA1,\
200 EVP_dsa(),EVP_sha1())
201
202typedef struct evp_pkey_method_st
203 {
204 char *name;
205 int flags;
206 int type; /* RSA, DSA, an SSLeay specific constant */
207 int oid; /* For the pub-key type */
208 int encrypt_oid; /* pub/priv key encryption */
209
210 int (*sign)();
211 int (*verify)();
212 struct {
213 int (*set)(); /* get and/or set the underlying type */
214 int (*get)();
215 int (*encrypt)();
216 int (*decrypt)();
217 int (*i2d)();
218 int (*d2i)();
219 int (*dup)();
220 } pub,priv;
221 int (*set_asn1_parameters)();
222 int (*get_asn1_parameters)();
223 } EVP_PKEY_METHOD;
224#endif
225
226#ifndef EVP_MD 158#ifndef EVP_MD
227struct env_md_st 159struct env_md_st
228 { 160 {
@@ -245,6 +177,8 @@ struct env_md_st
245 int required_pkey_type[5]; /*EVP_PKEY_xxx */ 177 int required_pkey_type[5]; /*EVP_PKEY_xxx */
246 int block_size; 178 int block_size;
247 int ctx_size; /* how big does the ctx->md_data need to be */ 179 int ctx_size; /* how big does the ctx->md_data need to be */
180 /* control function */
181 int (*md_ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
248 } /* EVP_MD */; 182 } /* EVP_MD */;
249 183
250typedef int evp_sign_method(int type,const unsigned char *m, 184typedef int evp_sign_method(int type,const unsigned char *m,
@@ -254,18 +188,42 @@ typedef int evp_verify_method(int type,const unsigned char *m,
254 unsigned int m_length,const unsigned char *sigbuf, 188 unsigned int m_length,const unsigned char *sigbuf,
255 unsigned int siglen, void *key); 189 unsigned int siglen, void *key);
256 190
257typedef struct
258 {
259 EVP_MD_CTX *mctx;
260 void *key;
261 } EVP_MD_SVCTX;
262
263#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single 191#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single
264 * block */ 192 * block */
265 193
266#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */ 194#define EVP_MD_FLAG_PKEY_DIGEST 0x0002 /* digest is a "clone" digest used
195 * which is a copy of an existing
196 * one for a specific public key type.
197 * EVP_dss1() etc */
198
199/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */
200
201#define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004
202
203/* DigestAlgorithmIdentifier flags... */
204
205#define EVP_MD_FLAG_DIGALGID_MASK 0x0018
267 206
268#define EVP_MD_FLAG_SVCTX 0x0800 /* pass EVP_MD_SVCTX to sign/verify */ 207/* NULL or absent parameter accepted. Use NULL */
208
209#define EVP_MD_FLAG_DIGALGID_NULL 0x0000
210
211/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */
212
213#define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008
214
215/* Custom handling via ctrl */
216
217#define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018
218
219/* Digest ctrls */
220
221#define EVP_MD_CTRL_DIGALGID 0x1
222#define EVP_MD_CTRL_MICALG 0x2
223
224/* Minimum Algorithm specific ctrl value */
225
226#define EVP_MD_CTRL_ALG_CTRL 0x1000
269 227
270#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} 228#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0}
271 229
@@ -307,6 +265,10 @@ struct env_md_ctx_st
307 ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ 265 ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */
308 unsigned long flags; 266 unsigned long flags;
309 void *md_data; 267 void *md_data;
268 /* Public key context for sign/verify */
269 EVP_PKEY_CTX *pctx;
270 /* Update function: usually copied from EVP_MD */
271 int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count);
310 } /* EVP_MD_CTX */; 272 } /* EVP_MD_CTX */;
311 273
312/* values for EVP_MD_CTX flags */ 274/* values for EVP_MD_CTX flags */
@@ -317,17 +279,23 @@ struct env_md_ctx_st
317 * cleaned */ 279 * cleaned */
318#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data 280#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data
319 * in EVP_MD_CTX_cleanup */ 281 * in EVP_MD_CTX_cleanup */
282/* FIPS and pad options are ignored in 1.0.0, definitions are here
283 * so we don't accidentally reuse the values for other purposes.
284 */
285
320#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest 286#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest
321 * in FIPS mode */ 287 * in FIPS mode */
322 288
289/* The following PAD options are also currently ignored in 1.0.0, digest
290 * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*()
291 * instead.
292 */
323#define EVP_MD_CTX_FLAG_PAD_MASK 0xF0 /* RSA mode to use */ 293#define EVP_MD_CTX_FLAG_PAD_MASK 0xF0 /* RSA mode to use */
324#define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */ 294#define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */
325#define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */ 295#define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */
326#define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */ 296#define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */
327#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \ 297
328 ((ctx->flags>>16) &0xFFFF) /* seed length */ 298#define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */
329#define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF /* salt len same as digest */
330#define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE /* salt max or auto recovered */
331 299
332struct evp_cipher_st 300struct evp_cipher_st
333 { 301 {
@@ -339,7 +307,7 @@ struct evp_cipher_st
339 int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, 307 int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
340 const unsigned char *iv, int enc); /* init key */ 308 const unsigned char *iv, int enc); /* init key */
341 int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, 309 int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
342 const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */ 310 const unsigned char *in, size_t inl);/* encrypt/decrypt data */
343 int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */ 311 int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
344 int ctx_size; /* how big ctx->cipher_data needs to be */ 312 int ctx_size; /* how big ctx->cipher_data needs to be */
345 int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */ 313 int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */
@@ -357,7 +325,7 @@ struct evp_cipher_st
357#define EVP_CIPH_CBC_MODE 0x2 325#define EVP_CIPH_CBC_MODE 0x2
358#define EVP_CIPH_CFB_MODE 0x3 326#define EVP_CIPH_CFB_MODE 0x3
359#define EVP_CIPH_OFB_MODE 0x4 327#define EVP_CIPH_OFB_MODE 0x4
360#define EVP_CIPH_MODE 0x7 328#define EVP_CIPH_MODE 0xF0007
361/* Set if variable length cipher */ 329/* Set if variable length cipher */
362#define EVP_CIPH_VARIABLE_LENGTH 0x8 330#define EVP_CIPH_VARIABLE_LENGTH 0x8
363/* Set if the iv handling should be done by the cipher itself */ 331/* Set if the iv handling should be done by the cipher itself */
@@ -372,10 +340,8 @@ struct evp_cipher_st
372#define EVP_CIPH_NO_PADDING 0x100 340#define EVP_CIPH_NO_PADDING 0x100
373/* cipher handles random key generation */ 341/* cipher handles random key generation */
374#define EVP_CIPH_RAND_KEY 0x200 342#define EVP_CIPH_RAND_KEY 0x200
375/* Note if suitable for use in FIPS mode */ 343/* cipher has its own additional copying logic */
376#define EVP_CIPH_FLAG_FIPS 0x400 344#define EVP_CIPH_CUSTOM_COPY 0x400
377/* Allow non FIPS cipher in FIPS mode */
378#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800
379/* Allow use default ASN1 get/set iv */ 345/* Allow use default ASN1 get/set iv */
380#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 346#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000
381/* Buffer length in bits not bytes: CFB1 mode only */ 347/* Buffer length in bits not bytes: CFB1 mode only */
@@ -390,6 +356,8 @@ struct evp_cipher_st
390#define EVP_CTRL_GET_RC5_ROUNDS 0x4 356#define EVP_CTRL_GET_RC5_ROUNDS 0x4
391#define EVP_CTRL_SET_RC5_ROUNDS 0x5 357#define EVP_CTRL_SET_RC5_ROUNDS 0x5
392#define EVP_CTRL_RAND_KEY 0x6 358#define EVP_CTRL_RAND_KEY 0x6
359#define EVP_CTRL_PBE_PRF_NID 0x7
360#define EVP_CTRL_COPY 0x8
393 361
394typedef struct evp_cipher_info_st 362typedef struct evp_cipher_info_st
395 { 363 {
@@ -462,26 +430,15 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
462#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) 430#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
463#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) 431#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
464 432
465/* Macros to reduce FIPS dependencies: do NOT use in applications */
466#define M_EVP_MD_size(e) ((e)->md_size)
467#define M_EVP_MD_block_size(e) ((e)->block_size)
468#define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
469#define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
470#define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
471#define M_EVP_MD_type(e) ((e)->type)
472#define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e))
473#define M_EVP_MD_CTX_md(e) ((e)->digest)
474
475#define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
476
477int EVP_MD_type(const EVP_MD *md); 433int EVP_MD_type(const EVP_MD *md);
478#define EVP_MD_nid(e) EVP_MD_type(e) 434#define EVP_MD_nid(e) EVP_MD_type(e)
479#define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) 435#define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e))
480int EVP_MD_pkey_type(const EVP_MD *md); 436int EVP_MD_pkey_type(const EVP_MD *md);
481int EVP_MD_size(const EVP_MD *md); 437int EVP_MD_size(const EVP_MD *md);
482int EVP_MD_block_size(const EVP_MD *md); 438int EVP_MD_block_size(const EVP_MD *md);
439unsigned long EVP_MD_flags(const EVP_MD *md);
483 440
484const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx); 441const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
485#define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) 442#define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e))
486#define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) 443#define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e))
487#define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) 444#define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e))
@@ -499,6 +456,7 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
499int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); 456int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
500int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); 457int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
501int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); 458int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
459int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
502void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); 460void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
503void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); 461void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
504#define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) 462#define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
@@ -516,6 +474,8 @@ unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
516#define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) 474#define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
517#define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) 475#define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e)
518#define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) 476#define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e)
477#define EVP_DigestSignUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
478#define EVP_DigestVerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
519 479
520#ifdef CONST_STRICT 480#ifdef CONST_STRICT
521void BIO_set_md(BIO *,const EVP_MD *md); 481void BIO_set_md(BIO *,const EVP_MD *md);
@@ -562,6 +522,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
562int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); 522int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
563 523
564int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); 524int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
525int EVP_read_pw_string_min(char *buf,int minlen,int maxlen,const char *prompt,int verify);
565void EVP_set_pw_prompt(const char *prompt); 526void EVP_set_pw_prompt(const char *prompt);
566char * EVP_get_pw_prompt(void); 527char * EVP_get_pw_prompt(void);
567 528
@@ -608,6 +569,16 @@ int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
608int EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf, 569int EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf,
609 unsigned int siglen,EVP_PKEY *pkey); 570 unsigned int siglen,EVP_PKEY *pkey);
610 571
572int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
573 const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
574int EVP_DigestSignFinal(EVP_MD_CTX *ctx,
575 unsigned char *sigret, size_t *siglen);
576
577int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
578 const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
579int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx,
580 unsigned char *sig, size_t siglen);
581
611int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, 582int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
612 const unsigned char *ek, int ekl, const unsigned char *iv, 583 const unsigned char *ek, int ekl, const unsigned char *iv,
613 EVP_PKEY *priv); 584 EVP_PKEY *priv);
@@ -680,6 +651,9 @@ const EVP_MD *EVP_mdc2(void);
680#ifndef OPENSSL_NO_RIPEMD 651#ifndef OPENSSL_NO_RIPEMD
681const EVP_MD *EVP_ripemd160(void); 652const EVP_MD *EVP_ripemd160(void);
682#endif 653#endif
654#ifndef OPENSSL_NO_WHIRLPOOL
655const EVP_MD *EVP_whirlpool(void);
656#endif
683const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ 657const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */
684#ifndef OPENSSL_NO_DES 658#ifndef OPENSSL_NO_DES
685const EVP_CIPHER *EVP_des_ecb(void); 659const EVP_CIPHER *EVP_des_ecb(void);
@@ -847,16 +821,31 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
847const EVP_MD *EVP_get_digestbyname(const char *name); 821const EVP_MD *EVP_get_digestbyname(const char *name);
848void EVP_cleanup(void); 822void EVP_cleanup(void);
849 823
850int EVP_PKEY_decrypt(unsigned char *dec_key, 824void EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph,
825 const char *from, const char *to, void *x), void *arg);
826void EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph,
827 const char *from, const char *to, void *x), void *arg);
828
829void EVP_MD_do_all(void (*fn)(const EVP_MD *ciph,
830 const char *from, const char *to, void *x), void *arg);
831void EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *ciph,
832 const char *from, const char *to, void *x), void *arg);
833
834int EVP_PKEY_decrypt_old(unsigned char *dec_key,
851 const unsigned char *enc_key,int enc_key_len, 835 const unsigned char *enc_key,int enc_key_len,
852 EVP_PKEY *private_key); 836 EVP_PKEY *private_key);
853int EVP_PKEY_encrypt(unsigned char *enc_key, 837int EVP_PKEY_encrypt_old(unsigned char *enc_key,
854 const unsigned char *key,int key_len, 838 const unsigned char *key,int key_len,
855 EVP_PKEY *pub_key); 839 EVP_PKEY *pub_key);
856int EVP_PKEY_type(int type); 840int EVP_PKEY_type(int type);
841int EVP_PKEY_id(const EVP_PKEY *pkey);
842int EVP_PKEY_base_id(const EVP_PKEY *pkey);
857int EVP_PKEY_bits(EVP_PKEY *pkey); 843int EVP_PKEY_bits(EVP_PKEY *pkey);
858int EVP_PKEY_size(EVP_PKEY *pkey); 844int EVP_PKEY_size(EVP_PKEY *pkey);
859int EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key); 845int EVP_PKEY_set_type(EVP_PKEY *pkey,int type);
846int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
847int EVP_PKEY_assign(EVP_PKEY *pkey,int type,void *key);
848void * EVP_PKEY_get0(EVP_PKEY *pkey);
860 849
861#ifndef OPENSSL_NO_RSA 850#ifndef OPENSSL_NO_RSA
862struct rsa_st; 851struct rsa_st;
@@ -899,6 +888,15 @@ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
899 888
900int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); 889int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
901 890
891int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
892 int indent, ASN1_PCTX *pctx);
893int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
894 int indent, ASN1_PCTX *pctx);
895int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
896 int indent, ASN1_PCTX *pctx);
897
898int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
899
902int EVP_CIPHER_type(const EVP_CIPHER *ctx); 900int EVP_CIPHER_type(const EVP_CIPHER *ctx);
903 901
904/* calls methods */ 902/* calls methods */
@@ -916,6 +914,10 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
916int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, 914int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
917 const unsigned char *salt, int saltlen, int iter, 915 const unsigned char *salt, int saltlen, int iter,
918 int keylen, unsigned char *out); 916 int keylen, unsigned char *out);
917int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
918 const unsigned char *salt, int saltlen, int iter,
919 const EVP_MD *digest,
920 int keylen, unsigned char *out);
919int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 921int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
920 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, 922 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
921 int en_de); 923 int en_de);
@@ -924,27 +926,260 @@ void PKCS5_PBE_add(void);
924 926
925int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, 927int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
926 ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); 928 ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
929
930/* PBE type */
931
932/* Can appear as the outermost AlgorithmIdentifier */
933#define EVP_PBE_TYPE_OUTER 0x0
934/* Is an PRF type OID */
935#define EVP_PBE_TYPE_PRF 0x1
936
937int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid,
938 EVP_PBE_KEYGEN *keygen);
927int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, 939int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
928 EVP_PBE_KEYGEN *keygen); 940 EVP_PBE_KEYGEN *keygen);
941int EVP_PBE_find(int type, int pbe_nid,
942 int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen);
929void EVP_PBE_cleanup(void); 943void EVP_PBE_cleanup(void);
930 944
931#ifdef OPENSSL_FIPS 945#define ASN1_PKEY_ALIAS 0x1
932#ifndef OPENSSL_NO_ENGINE 946#define ASN1_PKEY_DYNAMIC 0x2
933void int_EVP_MD_set_engine_callbacks( 947#define ASN1_PKEY_SIGPARAM_NULL 0x4
934 int (*eng_md_init)(ENGINE *impl), 948
935 int (*eng_md_fin)(ENGINE *impl), 949#define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1
936 int (*eng_md_evp) 950#define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2
937 (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)); 951#define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3
938void int_EVP_MD_init_engine_callbacks(void); 952#define ASN1_PKEY_CTRL_CMS_SIGN 0x5
939void int_EVP_CIPHER_set_engine_callbacks( 953#define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7
940 int (*eng_ciph_fin)(ENGINE *impl), 954
941 int (*eng_ciph_evp) 955int EVP_PKEY_asn1_get_count(void);
942 (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl)); 956const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
943void int_EVP_CIPHER_init_engine_callbacks(void); 957const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type);
944#endif 958const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
945#endif 959 const char *str, int len);
960int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth);
961int EVP_PKEY_asn1_add_alias(int to, int from);
962int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, int *ppkey_flags,
963 const char **pinfo, const char **ppem_str,
964 const EVP_PKEY_ASN1_METHOD *ameth);
965
966const EVP_PKEY_ASN1_METHOD* EVP_PKEY_get0_asn1(EVP_PKEY *pkey);
967EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
968 const char *pem_str, const char *info);
969void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
970 const EVP_PKEY_ASN1_METHOD *src);
971void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth);
972void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
973 int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub),
974 int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk),
975 int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b),
976 int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent,
977 ASN1_PCTX *pctx),
978 int (*pkey_size)(const EVP_PKEY *pk),
979 int (*pkey_bits)(const EVP_PKEY *pk));
980void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
981 int (*priv_decode)(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf),
982 int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk),
983 int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,
984 ASN1_PCTX *pctx));
985void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
986 int (*param_decode)(EVP_PKEY *pkey,
987 const unsigned char **pder, int derlen),
988 int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder),
989 int (*param_missing)(const EVP_PKEY *pk),
990 int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from),
991 int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b),
992 int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent,
993 ASN1_PCTX *pctx));
994
995void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
996 void (*pkey_free)(EVP_PKEY *pkey));
997void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
998 int (*pkey_ctrl)(EVP_PKEY *pkey, int op,
999 long arg1, void *arg2));
1000
1001
1002#define EVP_PKEY_OP_UNDEFINED 0
1003#define EVP_PKEY_OP_PARAMGEN (1<<1)
1004#define EVP_PKEY_OP_KEYGEN (1<<2)
1005#define EVP_PKEY_OP_SIGN (1<<3)
1006#define EVP_PKEY_OP_VERIFY (1<<4)
1007#define EVP_PKEY_OP_VERIFYRECOVER (1<<5)
1008#define EVP_PKEY_OP_SIGNCTX (1<<6)
1009#define EVP_PKEY_OP_VERIFYCTX (1<<7)
1010#define EVP_PKEY_OP_ENCRYPT (1<<8)
1011#define EVP_PKEY_OP_DECRYPT (1<<9)
1012#define EVP_PKEY_OP_DERIVE (1<<10)
1013
1014#define EVP_PKEY_OP_TYPE_SIG \
1015 (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \
1016 | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX)
1017
1018#define EVP_PKEY_OP_TYPE_CRYPT \
1019 (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)
1020
1021#define EVP_PKEY_OP_TYPE_NOGEN \
1022 (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE)
1023
1024#define EVP_PKEY_OP_TYPE_GEN \
1025 (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
1026
1027#define EVP_PKEY_CTX_set_signature_md(ctx, md) \
1028 EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \
1029 EVP_PKEY_CTRL_MD, 0, (void *)md)
1030
1031#define EVP_PKEY_CTRL_MD 1
1032#define EVP_PKEY_CTRL_PEER_KEY 2
1033
1034#define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3
1035#define EVP_PKEY_CTRL_PKCS7_DECRYPT 4
1036
1037#define EVP_PKEY_CTRL_PKCS7_SIGN 5
1038
1039#define EVP_PKEY_CTRL_SET_MAC_KEY 6
1040
1041#define EVP_PKEY_CTRL_DIGESTINIT 7
1042
1043/* Used by GOST key encryption in TLS */
1044#define EVP_PKEY_CTRL_SET_IV 8
1045
1046#define EVP_PKEY_CTRL_CMS_ENCRYPT 9
1047#define EVP_PKEY_CTRL_CMS_DECRYPT 10
1048#define EVP_PKEY_CTRL_CMS_SIGN 11
1049
1050#define EVP_PKEY_ALG_CTRL 0x1000
1051
1052
1053#define EVP_PKEY_FLAG_AUTOARGLEN 2
1054
1055const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
1056EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags);
1057void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
1058int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
1059
1060EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
1061EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
1062EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx);
1063void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
1064
1065int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
1066 int cmd, int p1, void *p2);
1067int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
1068 const char *value);
1069
1070int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx);
1071void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
1072
1073EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
1074 unsigned char *key, int keylen);
1075
1076void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data);
1077void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx);
1078EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx);
1079
1080EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx);
1081
1082void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
1083void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
1084
1085int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
1086int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
1087 unsigned char *sig, size_t *siglen,
1088 const unsigned char *tbs, size_t tbslen);
1089int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
1090int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
1091 const unsigned char *sig, size_t siglen,
1092 const unsigned char *tbs, size_t tbslen);
1093int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
1094int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
1095 unsigned char *rout, size_t *routlen,
1096 const unsigned char *sig, size_t siglen);
1097int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
1098int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
1099 unsigned char *out, size_t *outlen,
1100 const unsigned char *in, size_t inlen);
1101int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
1102int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
1103 unsigned char *out, size_t *outlen,
1104 const unsigned char *in, size_t inlen);
1105
1106int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
1107int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
1108int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
1109
1110typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
1111
1112int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
1113int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
1114int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
1115int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
1116
1117void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
1118EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
1119
1120int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
1121
1122void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
1123 int (*init)(EVP_PKEY_CTX *ctx));
1124
1125void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
1126 int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src));
1127
1128void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
1129 void (*cleanup)(EVP_PKEY_CTX *ctx));
1130
1131void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
1132 int (*paramgen_init)(EVP_PKEY_CTX *ctx),
1133 int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey));
1134
1135void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
1136 int (*keygen_init)(EVP_PKEY_CTX *ctx),
1137 int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey));
946 1138
947void EVP_add_alg_module(void); 1139void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
1140 int (*sign_init)(EVP_PKEY_CTX *ctx),
1141 int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
1142 const unsigned char *tbs, size_t tbslen));
1143
1144void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
1145 int (*verify_init)(EVP_PKEY_CTX *ctx),
1146 int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
1147 const unsigned char *tbs, size_t tbslen));
1148
1149void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
1150 int (*verify_recover_init)(EVP_PKEY_CTX *ctx),
1151 int (*verify_recover)(EVP_PKEY_CTX *ctx,
1152 unsigned char *sig, size_t *siglen,
1153 const unsigned char *tbs, size_t tbslen));
1154
1155void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
1156 int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx),
1157 int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
1158 EVP_MD_CTX *mctx));
1159
1160void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
1161 int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx),
1162 int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig,int siglen,
1163 EVP_MD_CTX *mctx));
1164
1165void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
1166 int (*encrypt_init)(EVP_PKEY_CTX *ctx),
1167 int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
1168 const unsigned char *in, size_t inlen));
1169
1170void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
1171 int (*decrypt_init)(EVP_PKEY_CTX *ctx),
1172 int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
1173 const unsigned char *in, size_t inlen));
1174
1175void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
1176 int (*derive_init)(EVP_PKEY_CTX *ctx),
1177 int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen));
1178
1179void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
1180 int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2),
1181 int (*ctrl_str)(EVP_PKEY_CTX *ctx,
1182 const char *type, const char *value));
948 1183
949/* BEGIN ERROR CODES */ 1184/* BEGIN ERROR CODES */
950/* The following lines are auto generated by the script mkerr.pl. Any changes 1185/* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -956,46 +1191,66 @@ void ERR_load_EVP_strings(void);
956 1191
957/* Function codes. */ 1192/* Function codes. */
958#define EVP_F_AES_INIT_KEY 133 1193#define EVP_F_AES_INIT_KEY 133
959#define EVP_F_ALG_MODULE_INIT 138
960#define EVP_F_CAMELLIA_INIT_KEY 159 1194#define EVP_F_CAMELLIA_INIT_KEY 159
961#define EVP_F_D2I_PKEY 100 1195#define EVP_F_D2I_PKEY 100
962#define EVP_F_DO_EVP_ENC_ENGINE 140 1196#define EVP_F_DO_SIGVER_INIT 161
963#define EVP_F_DO_EVP_ENC_ENGINE_FULL 141
964#define EVP_F_DO_EVP_MD_ENGINE 139
965#define EVP_F_DO_EVP_MD_ENGINE_FULL 142
966#define EVP_F_DSAPKEY2PKCS8 134 1197#define EVP_F_DSAPKEY2PKCS8 134
967#define EVP_F_DSA_PKEY2PKCS8 135 1198#define EVP_F_DSA_PKEY2PKCS8 135
968#define EVP_F_ECDSA_PKEY2PKCS8 129 1199#define EVP_F_ECDSA_PKEY2PKCS8 129
969#define EVP_F_ECKEY_PKEY2PKCS8 132 1200#define EVP_F_ECKEY_PKEY2PKCS8 132
970#define EVP_F_EVP_CIPHERINIT 137
971#define EVP_F_EVP_CIPHERINIT_EX 123 1201#define EVP_F_EVP_CIPHERINIT_EX 123
1202#define EVP_F_EVP_CIPHER_CTX_COPY 163
972#define EVP_F_EVP_CIPHER_CTX_CTRL 124 1203#define EVP_F_EVP_CIPHER_CTX_CTRL 124
973#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 1204#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
974#define EVP_F_EVP_DECRYPTFINAL_EX 101 1205#define EVP_F_EVP_DECRYPTFINAL_EX 101
975#define EVP_F_EVP_DIGESTINIT 136
976#define EVP_F_EVP_DIGESTINIT_EX 128 1206#define EVP_F_EVP_DIGESTINIT_EX 128
977#define EVP_F_EVP_ENCRYPTFINAL_EX 127 1207#define EVP_F_EVP_ENCRYPTFINAL_EX 127
978#define EVP_F_EVP_MD_CTX_COPY_EX 110 1208#define EVP_F_EVP_MD_CTX_COPY_EX 110
1209#define EVP_F_EVP_MD_SIZE 162
979#define EVP_F_EVP_OPENINIT 102 1210#define EVP_F_EVP_OPENINIT 102
980#define EVP_F_EVP_PBE_ALG_ADD 115 1211#define EVP_F_EVP_PBE_ALG_ADD 115
1212#define EVP_F_EVP_PBE_ALG_ADD_TYPE 160
981#define EVP_F_EVP_PBE_CIPHERINIT 116 1213#define EVP_F_EVP_PBE_CIPHERINIT 116
982#define EVP_F_EVP_PKCS82PKEY 111 1214#define EVP_F_EVP_PKCS82PKEY 111
1215#define EVP_F_EVP_PKCS82PKEY_BROKEN 136
983#define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 1216#define EVP_F_EVP_PKEY2PKCS8_BROKEN 113
984#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 1217#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103
1218#define EVP_F_EVP_PKEY_CTX_CTRL 137
1219#define EVP_F_EVP_PKEY_CTX_CTRL_STR 150
1220#define EVP_F_EVP_PKEY_CTX_DUP 156
985#define EVP_F_EVP_PKEY_DECRYPT 104 1221#define EVP_F_EVP_PKEY_DECRYPT 104
1222#define EVP_F_EVP_PKEY_DECRYPT_INIT 138
1223#define EVP_F_EVP_PKEY_DECRYPT_OLD 151
1224#define EVP_F_EVP_PKEY_DERIVE 153
1225#define EVP_F_EVP_PKEY_DERIVE_INIT 154
1226#define EVP_F_EVP_PKEY_DERIVE_SET_PEER 155
986#define EVP_F_EVP_PKEY_ENCRYPT 105 1227#define EVP_F_EVP_PKEY_ENCRYPT 105
1228#define EVP_F_EVP_PKEY_ENCRYPT_INIT 139
1229#define EVP_F_EVP_PKEY_ENCRYPT_OLD 152
987#define EVP_F_EVP_PKEY_GET1_DH 119 1230#define EVP_F_EVP_PKEY_GET1_DH 119
988#define EVP_F_EVP_PKEY_GET1_DSA 120 1231#define EVP_F_EVP_PKEY_GET1_DSA 120
989#define EVP_F_EVP_PKEY_GET1_ECDSA 130 1232#define EVP_F_EVP_PKEY_GET1_ECDSA 130
990#define EVP_F_EVP_PKEY_GET1_EC_KEY 131 1233#define EVP_F_EVP_PKEY_GET1_EC_KEY 131
991#define EVP_F_EVP_PKEY_GET1_RSA 121 1234#define EVP_F_EVP_PKEY_GET1_RSA 121
1235#define EVP_F_EVP_PKEY_KEYGEN 146
1236#define EVP_F_EVP_PKEY_KEYGEN_INIT 147
992#define EVP_F_EVP_PKEY_NEW 106 1237#define EVP_F_EVP_PKEY_NEW 106
1238#define EVP_F_EVP_PKEY_PARAMGEN 148
1239#define EVP_F_EVP_PKEY_PARAMGEN_INIT 149
1240#define EVP_F_EVP_PKEY_SIGN 140
1241#define EVP_F_EVP_PKEY_SIGN_INIT 141
1242#define EVP_F_EVP_PKEY_VERIFY 142
1243#define EVP_F_EVP_PKEY_VERIFY_INIT 143
1244#define EVP_F_EVP_PKEY_VERIFY_RECOVER 144
1245#define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145
993#define EVP_F_EVP_RIJNDAEL 126 1246#define EVP_F_EVP_RIJNDAEL 126
994#define EVP_F_EVP_SIGNFINAL 107 1247#define EVP_F_EVP_SIGNFINAL 107
995#define EVP_F_EVP_VERIFYFINAL 108 1248#define EVP_F_EVP_VERIFYFINAL 108
1249#define EVP_F_INT_CTX_NEW 157
996#define EVP_F_PKCS5_PBE_KEYIVGEN 117 1250#define EVP_F_PKCS5_PBE_KEYIVGEN 117
997#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 1251#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118
998#define EVP_F_PKCS8_SET_BROKEN 112 1252#define EVP_F_PKCS8_SET_BROKEN 112
1253#define EVP_F_PKEY_SET_TYPE 158
999#define EVP_F_RC2_MAGIC_TO_METH 109 1254#define EVP_F_RC2_MAGIC_TO_METH 109
1000#define EVP_F_RC5_CTRL 125 1255#define EVP_F_RC5_CTRL 125
1001 1256
@@ -1007,41 +1262,52 @@ void ERR_load_EVP_strings(void);
1007#define EVP_R_BAD_KEY_LENGTH 137 1262#define EVP_R_BAD_KEY_LENGTH 137
1008#define EVP_R_BN_DECODE_ERROR 112 1263#define EVP_R_BN_DECODE_ERROR 112
1009#define EVP_R_BN_PUBKEY_ERROR 113 1264#define EVP_R_BN_PUBKEY_ERROR 113
1265#define EVP_R_BUFFER_TOO_SMALL 155
1010#define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 1266#define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157
1011#define EVP_R_CIPHER_PARAMETER_ERROR 122 1267#define EVP_R_CIPHER_PARAMETER_ERROR 122
1268#define EVP_R_COMMAND_NOT_SUPPORTED 147
1012#define EVP_R_CTRL_NOT_IMPLEMENTED 132 1269#define EVP_R_CTRL_NOT_IMPLEMENTED 132
1013#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 1270#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133
1014#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 1271#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
1015#define EVP_R_DECODE_ERROR 114 1272#define EVP_R_DECODE_ERROR 114
1016#define EVP_R_DIFFERENT_KEY_TYPES 101 1273#define EVP_R_DIFFERENT_KEY_TYPES 101
1017#define EVP_R_DISABLED_FOR_FIPS 144 1274#define EVP_R_DIFFERENT_PARAMETERS 153
1018#define EVP_R_ENCODE_ERROR 115 1275#define EVP_R_ENCODE_ERROR 115
1019#define EVP_R_ERROR_LOADING_SECTION 145
1020#define EVP_R_ERROR_SETTING_FIPS_MODE 146
1021#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 1276#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
1022#define EVP_R_EXPECTING_AN_RSA_KEY 127 1277#define EVP_R_EXPECTING_AN_RSA_KEY 127
1023#define EVP_R_EXPECTING_A_DH_KEY 128 1278#define EVP_R_EXPECTING_A_DH_KEY 128
1024#define EVP_R_EXPECTING_A_DSA_KEY 129 1279#define EVP_R_EXPECTING_A_DSA_KEY 129
1025#define EVP_R_EXPECTING_A_ECDSA_KEY 141 1280#define EVP_R_EXPECTING_A_ECDSA_KEY 141
1026#define EVP_R_EXPECTING_A_EC_KEY 142 1281#define EVP_R_EXPECTING_A_EC_KEY 142
1027#define EVP_R_FIPS_MODE_NOT_SUPPORTED 147
1028#define EVP_R_INITIALIZATION_ERROR 134 1282#define EVP_R_INITIALIZATION_ERROR 134
1029#define EVP_R_INPUT_NOT_INITIALIZED 111 1283#define EVP_R_INPUT_NOT_INITIALIZED 111
1030#define EVP_R_INVALID_FIPS_MODE 148 1284#define EVP_R_INVALID_DIGEST 152
1031#define EVP_R_INVALID_KEY_LENGTH 130 1285#define EVP_R_INVALID_KEY_LENGTH 130
1286#define EVP_R_INVALID_OPERATION 148
1032#define EVP_R_IV_TOO_LARGE 102 1287#define EVP_R_IV_TOO_LARGE 102
1033#define EVP_R_KEYGEN_FAILURE 120 1288#define EVP_R_KEYGEN_FAILURE 120
1289#define EVP_R_MESSAGE_DIGEST_IS_NULL 159
1290#define EVP_R_METHOD_NOT_SUPPORTED 144
1034#define EVP_R_MISSING_PARAMETERS 103 1291#define EVP_R_MISSING_PARAMETERS 103
1035#define EVP_R_NO_CIPHER_SET 131 1292#define EVP_R_NO_CIPHER_SET 131
1293#define EVP_R_NO_DEFAULT_DIGEST 158
1036#define EVP_R_NO_DIGEST_SET 139 1294#define EVP_R_NO_DIGEST_SET 139
1037#define EVP_R_NO_DSA_PARAMETERS 116 1295#define EVP_R_NO_DSA_PARAMETERS 116
1296#define EVP_R_NO_KEY_SET 154
1297#define EVP_R_NO_OPERATION_SET 149
1038#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 1298#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104
1039#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 1299#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105
1300#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
1301#define EVP_R_OPERATON_NOT_INITIALIZED 151
1040#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 1302#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117
1303#define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
1304#define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
1041#define EVP_R_PUBLIC_KEY_NOT_RSA 106 1305#define EVP_R_PUBLIC_KEY_NOT_RSA 106
1042#define EVP_R_UNKNOWN_OPTION 149 1306#define EVP_R_UNKNOWN_CIPHER 160
1307#define EVP_R_UNKNOWN_DIGEST 161
1043#define EVP_R_UNKNOWN_PBE_ALGORITHM 121 1308#define EVP_R_UNKNOWN_PBE_ALGORITHM 121
1044#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 1309#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135
1310#define EVP_R_UNSUPPORTED_ALGORITHM 156
1045#define EVP_R_UNSUPPORTED_CIPHER 107 1311#define EVP_R_UNSUPPORTED_CIPHER 107
1046#define EVP_R_UNSUPPORTED_KEYLENGTH 123 1312#define EVP_R_UNSUPPORTED_KEYLENGTH 123
1047#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 1313#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124
@@ -1051,7 +1317,6 @@ void ERR_load_EVP_strings(void);
1051#define EVP_R_UNSUPPORTED_SALT_TYPE 126 1317#define EVP_R_UNSUPPORTED_SALT_TYPE 126
1052#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 1318#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
1053#define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 1319#define EVP_R_WRONG_PUBLIC_KEY_TYPE 110
1054#define EVP_R_SEED_KEY_SETUP_FAILED 162
1055 1320
1056#ifdef __cplusplus 1321#ifdef __cplusplus
1057} 1322}
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index 30e0ca4d9f..bead6a2170 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -66,16 +66,14 @@
66#endif 66#endif
67#include "evp_locl.h" 67#include "evp_locl.h"
68 68
69#ifdef OPENSSL_FIPS
70 #define M_do_cipher(ctx, out, in, inl) \
71 EVP_Cipher(ctx,out,in,inl)
72#else
73 #define M_do_cipher(ctx, out, in, inl) \
74 ctx->cipher->do_cipher(ctx,out,in,inl)
75#endif
76
77const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; 69const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
78 70
71void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
72 {
73 memset(ctx,0,sizeof(EVP_CIPHER_CTX));
74 /* ctx->cipher=NULL; */
75 }
76
79EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) 77EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
80 { 78 {
81 EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx); 79 EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
@@ -92,6 +90,144 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
92 return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); 90 return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
93 } 91 }
94 92
93int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
94 const unsigned char *key, const unsigned char *iv, int enc)
95 {
96 if (enc == -1)
97 enc = ctx->encrypt;
98 else
99 {
100 if (enc)
101 enc = 1;
102 ctx->encrypt = enc;
103 }
104#ifndef OPENSSL_NO_ENGINE
105 /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
106 * so this context may already have an ENGINE! Try to avoid releasing
107 * the previous handle, re-querying for an ENGINE, and having a
108 * reinitialisation, when it may all be unecessary. */
109 if (ctx->engine && ctx->cipher && (!cipher ||
110 (cipher && (cipher->nid == ctx->cipher->nid))))
111 goto skip_to_init;
112#endif
113 if (cipher)
114 {
115 /* Ensure a context left lying around from last time is cleared
116 * (the previous check attempted to avoid this if the same
117 * ENGINE and EVP_CIPHER could be used). */
118 EVP_CIPHER_CTX_cleanup(ctx);
119
120 /* Restore encrypt field: it is zeroed by cleanup */
121 ctx->encrypt = enc;
122#ifndef OPENSSL_NO_ENGINE
123 if(impl)
124 {
125 if (!ENGINE_init(impl))
126 {
127 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
128 return 0;
129 }
130 }
131 else
132 /* Ask if an ENGINE is reserved for this job */
133 impl = ENGINE_get_cipher_engine(cipher->nid);
134 if(impl)
135 {
136 /* There's an ENGINE for this job ... (apparently) */
137 const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
138 if(!c)
139 {
140 /* One positive side-effect of US's export
141 * control history, is that we should at least
142 * be able to avoid using US mispellings of
143 * "initialisation"? */
144 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
145 return 0;
146 }
147 /* We'll use the ENGINE's private cipher definition */
148 cipher = c;
149 /* Store the ENGINE functional reference so we know
150 * 'cipher' came from an ENGINE and we need to release
151 * it when done. */
152 ctx->engine = impl;
153 }
154 else
155 ctx->engine = NULL;
156#endif
157
158 ctx->cipher=cipher;
159 if (ctx->cipher->ctx_size)
160 {
161 ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
162 if (!ctx->cipher_data)
163 {
164 EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
165 return 0;
166 }
167 }
168 else
169 {
170 ctx->cipher_data = NULL;
171 }
172 ctx->key_len = cipher->key_len;
173 ctx->flags = 0;
174 if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
175 {
176 if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
177 {
178 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
179 return 0;
180 }
181 }
182 }
183 else if(!ctx->cipher)
184 {
185 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
186 return 0;
187 }
188#ifndef OPENSSL_NO_ENGINE
189skip_to_init:
190#endif
191 /* we assume block size is a power of 2 in *cryptUpdate */
192 OPENSSL_assert(ctx->cipher->block_size == 1
193 || ctx->cipher->block_size == 8
194 || ctx->cipher->block_size == 16);
195
196 if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
197 switch(EVP_CIPHER_CTX_mode(ctx)) {
198
199 case EVP_CIPH_STREAM_CIPHER:
200 case EVP_CIPH_ECB_MODE:
201 break;
202
203 case EVP_CIPH_CFB_MODE:
204 case EVP_CIPH_OFB_MODE:
205
206 ctx->num = 0;
207
208 case EVP_CIPH_CBC_MODE:
209
210 OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
211 (int)sizeof(ctx->iv));
212 if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
213 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
214 break;
215
216 default:
217 return 0;
218 break;
219 }
220 }
221
222 if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
223 if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
224 }
225 ctx->buf_len=0;
226 ctx->final_used=0;
227 ctx->block_mask=ctx->cipher->block_size-1;
228 return 1;
229 }
230
95int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, 231int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
96 const unsigned char *in, int inl) 232 const unsigned char *in, int inl)
97 { 233 {
@@ -151,7 +287,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
151 287
152 if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) 288 if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
153 { 289 {
154 if(M_do_cipher(ctx,out,in,inl)) 290 if(ctx->cipher->do_cipher(ctx,out,in,inl))
155 { 291 {
156 *outl=inl; 292 *outl=inl;
157 return 1; 293 return 1;
@@ -178,7 +314,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
178 { 314 {
179 j=bl-i; 315 j=bl-i;
180 memcpy(&(ctx->buf[i]),in,j); 316 memcpy(&(ctx->buf[i]),in,j);
181 if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0; 317 if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;
182 inl-=j; 318 inl-=j;
183 in+=j; 319 in+=j;
184 out+=bl; 320 out+=bl;
@@ -191,7 +327,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
191 inl-=i; 327 inl-=i;
192 if (inl > 0) 328 if (inl > 0)
193 { 329 {
194 if(!M_do_cipher(ctx,out,in,inl)) return 0; 330 if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;
195 *outl+=inl; 331 *outl+=inl;
196 } 332 }
197 333
@@ -235,7 +371,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
235 n=b-bl; 371 n=b-bl;
236 for (i=bl; i<b; i++) 372 for (i=bl; i<b; i++)
237 ctx->buf[i]=n; 373 ctx->buf[i]=n;
238 ret=M_do_cipher(ctx,out,ctx->buf,b); 374 ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
239 375
240 376
241 if(ret) 377 if(ret)
@@ -357,6 +493,28 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
357 } 493 }
358 } 494 }
359 495
496int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
497 {
498 if (c->cipher != NULL)
499 {
500 if(c->cipher->cleanup && !c->cipher->cleanup(c))
501 return 0;
502 /* Cleanse cipher context data */
503 if (c->cipher_data)
504 OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
505 }
506 if (c->cipher_data)
507 OPENSSL_free(c->cipher_data);
508#ifndef OPENSSL_NO_ENGINE
509 if (c->engine)
510 /* The EVP_CIPHER we used belongs to an ENGINE, release the
511 * functional reference we held for this reason. */
512 ENGINE_finish(c->engine);
513#endif
514 memset(c,0,sizeof(EVP_CIPHER_CTX));
515 return 1;
516 }
517
360int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) 518int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
361 { 519 {
362 if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) 520 if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
@@ -378,6 +536,27 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
378 return 1; 536 return 1;
379 } 537 }
380 538
539int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
540{
541 int ret;
542 if(!ctx->cipher) {
543 EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
544 return 0;
545 }
546
547 if(!ctx->cipher->ctrl) {
548 EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
549 return 0;
550 }
551
552 ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
553 if(ret == -1) {
554 EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
555 return 0;
556 }
557 return ret;
558}
559
381int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) 560int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
382 { 561 {
383 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) 562 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
@@ -387,54 +566,38 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
387 return 1; 566 return 1;
388 } 567 }
389 568
390#ifndef OPENSSL_NO_ENGINE 569int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
391
392#ifdef OPENSSL_FIPS
393
394static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl)
395 { 570 {
396 if(impl) 571 if ((in == NULL) || (in->cipher == NULL))
397 { 572 {
398 if (!ENGINE_init(impl)) 573 EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
399 { 574 return 0;
400 EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
401 return 0;
402 }
403 } 575 }
404 else 576#ifndef OPENSSL_NO_ENGINE
405 /* Ask if an ENGINE is reserved for this job */ 577 /* Make sure it's safe to copy a cipher context using an ENGINE */
406 impl = ENGINE_get_cipher_engine((*pcipher)->nid); 578 if (in->engine && !ENGINE_init(in->engine))
407 if(impl) 579 {
580 EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_ENGINE_LIB);
581 return 0;
582 }
583#endif
584
585 EVP_CIPHER_CTX_cleanup(out);
586 memcpy(out,in,sizeof *out);
587
588 if (in->cipher_data && in->cipher->ctx_size)
408 { 589 {
409 /* There's an ENGINE for this job ... (apparently) */ 590 out->cipher_data=OPENSSL_malloc(in->cipher->ctx_size);
410 const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid); 591 if (!out->cipher_data)
411 if(!c)
412 { 592 {
413 /* One positive side-effect of US's export 593 EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_MALLOC_FAILURE);
414 * control history, is that we should at least
415 * be able to avoid using US mispellings of
416 * "initialisation"? */
417 EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
418 return 0; 594 return 0;
419 } 595 }
420 /* We'll use the ENGINE's private cipher definition */ 596 memcpy(out->cipher_data,in->cipher_data,in->cipher->ctx_size);
421 *pcipher = c;
422 /* Store the ENGINE functional reference so we know
423 * 'cipher' came from an ENGINE and we need to release
424 * it when done. */
425 ctx->engine = impl;
426 } 597 }
427 else
428 ctx->engine = NULL;
429 return 1;
430 }
431 598
432void int_EVP_CIPHER_init_engine_callbacks(void) 599 if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
433 { 600 return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
434 int_EVP_CIPHER_set_engine_callbacks( 601 return 1;
435 ENGINE_finish, do_evp_enc_engine_full);
436 } 602 }
437 603
438#endif
439
440#endif
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c
index b5b900d4fe..d8bfec0959 100644
--- a/src/lib/libcrypto/evp/evp_err.c
+++ b/src/lib/libcrypto/evp/evp_err.c
@@ -1,6 +1,6 @@
1/* crypto/evp/evp_err.c */ 1/* crypto/evp/evp_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -71,46 +71,66 @@
71static ERR_STRING_DATA EVP_str_functs[]= 71static ERR_STRING_DATA EVP_str_functs[]=
72 { 72 {
73{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, 73{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
74{ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"},
75{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, 74{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"},
76{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, 75{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
77{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE), "DO_EVP_ENC_ENGINE"}, 76{ERR_FUNC(EVP_F_DO_SIGVER_INIT), "DO_SIGVER_INIT"},
78{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE_FULL), "DO_EVP_ENC_ENGINE_FULL"},
79{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE), "DO_EVP_MD_ENGINE"},
80{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE_FULL), "DO_EVP_MD_ENGINE_FULL"},
81{ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, 77{ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"},
82{ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"}, 78{ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"},
83{ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"}, 79{ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"},
84{ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"}, 80{ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"},
85{ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"},
86{ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, 81{ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"},
82{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_COPY), "EVP_CIPHER_CTX_copy"},
87{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, 83{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
88{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"}, 84{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"},
89{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, 85{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
90{ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"},
91{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, 86{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
92{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, 87{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
93{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, 88{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
89{ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_SIZE"},
94{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, 90{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
95{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, 91{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
92{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"},
96{ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, 93{ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"},
97{ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, 94{ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"},
95{ERR_FUNC(EVP_F_EVP_PKCS82PKEY_BROKEN), "EVP_PKCS82PKEY_BROKEN"},
98{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"}, 96{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"},
99{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, 97{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"},
98{ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL), "EVP_PKEY_CTX_ctrl"},
99{ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL_STR), "EVP_PKEY_CTX_ctrl_str"},
100{ERR_FUNC(EVP_F_EVP_PKEY_CTX_DUP), "EVP_PKEY_CTX_dup"},
100{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"}, 101{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"},
102{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_INIT), "EVP_PKEY_decrypt_init"},
103{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_OLD), "EVP_PKEY_decrypt_old"},
104{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE), "EVP_PKEY_derive"},
105{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_INIT), "EVP_PKEY_derive_init"},
106{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_SET_PEER), "EVP_PKEY_derive_set_peer"},
101{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, 107{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"},
108{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT), "EVP_PKEY_encrypt_init"},
109{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"},
102{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"}, 110{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"},
103{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"}, 111{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"},
104{ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"}, 112{ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"},
105{ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"}, 113{ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"},
106{ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"}, 114{ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"},
115{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"},
116{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"},
107{ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, 117{ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"},
118{ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN), "EVP_PKEY_paramgen"},
119{ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN_INIT), "EVP_PKEY_paramgen_init"},
120{ERR_FUNC(EVP_F_EVP_PKEY_SIGN), "EVP_PKEY_sign"},
121{ERR_FUNC(EVP_F_EVP_PKEY_SIGN_INIT), "EVP_PKEY_sign_init"},
122{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY), "EVP_PKEY_verify"},
123{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_INIT), "EVP_PKEY_verify_init"},
124{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER), "EVP_PKEY_verify_recover"},
125{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT), "EVP_PKEY_verify_recover_init"},
108{ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, 126{ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"},
109{ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"}, 127{ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"},
110{ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, 128{ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"},
129{ERR_FUNC(EVP_F_INT_CTX_NEW), "INT_CTX_NEW"},
111{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, 130{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"},
112{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, 131{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
113{ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"}, 132{ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"},
133{ERR_FUNC(EVP_F_PKEY_SET_TYPE), "PKEY_SET_TYPE"},
114{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, 134{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"},
115{ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, 135{ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"},
116{0,NULL} 136{0,NULL}
@@ -125,42 +145,52 @@ static ERR_STRING_DATA EVP_str_reasons[]=
125{ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"}, 145{ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"},
126{ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"}, 146{ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"},
127{ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"}, 147{ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"},
148{ERR_REASON(EVP_R_BUFFER_TOO_SMALL) ,"buffer too small"},
128{ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),"camellia key setup failed"}, 149{ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),"camellia key setup failed"},
129{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"}, 150{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"},
151{ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED) ,"command not supported"},
130{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"}, 152{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"},
131{ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"}, 153{ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"},
132{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"}, 154{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"},
133{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, 155{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"},
134{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, 156{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"},
135{ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"}, 157{ERR_REASON(EVP_R_DIFFERENT_PARAMETERS) ,"different parameters"},
136{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, 158{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"},
137{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"},
138{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"},
139{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, 159{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
140{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, 160{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"},
141{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"}, 161{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"},
142{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"}, 162{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"},
143{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"}, 163{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"},
144{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) ,"expecting a ec key"}, 164{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) ,"expecting a ec key"},
145{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"},
146{ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"}, 165{ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"},
147{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"}, 166{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
148{ERR_REASON(EVP_R_INVALID_FIPS_MODE) ,"invalid fips mode"}, 167{ERR_REASON(EVP_R_INVALID_DIGEST) ,"invalid digest"},
149{ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"}, 168{ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"},
169{ERR_REASON(EVP_R_INVALID_OPERATION) ,"invalid operation"},
150{ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"}, 170{ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"},
151{ERR_REASON(EVP_R_KEYGEN_FAILURE) ,"keygen failure"}, 171{ERR_REASON(EVP_R_KEYGEN_FAILURE) ,"keygen failure"},
172{ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL),"message digest is null"},
173{ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED) ,"method not supported"},
152{ERR_REASON(EVP_R_MISSING_PARAMETERS) ,"missing parameters"}, 174{ERR_REASON(EVP_R_MISSING_PARAMETERS) ,"missing parameters"},
153{ERR_REASON(EVP_R_NO_CIPHER_SET) ,"no cipher set"}, 175{ERR_REASON(EVP_R_NO_CIPHER_SET) ,"no cipher set"},
176{ERR_REASON(EVP_R_NO_DEFAULT_DIGEST) ,"no default digest"},
154{ERR_REASON(EVP_R_NO_DIGEST_SET) ,"no digest set"}, 177{ERR_REASON(EVP_R_NO_DIGEST_SET) ,"no digest set"},
155{ERR_REASON(EVP_R_NO_DSA_PARAMETERS) ,"no dsa parameters"}, 178{ERR_REASON(EVP_R_NO_DSA_PARAMETERS) ,"no dsa parameters"},
179{ERR_REASON(EVP_R_NO_KEY_SET) ,"no key set"},
180{ERR_REASON(EVP_R_NO_OPERATION_SET) ,"no operation set"},
156{ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),"no sign function configured"}, 181{ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),"no sign function configured"},
157{ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"}, 182{ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"},
183{ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"},
184{ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED),"operaton not initialized"},
158{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"}, 185{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"},
186{ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR),"private key decode error"},
187{ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR),"private key encode error"},
159{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, 188{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
160{ERR_REASON(EVP_R_SEED_KEY_SETUP_FAILED) ,"seed key setup failed"}, 189{ERR_REASON(EVP_R_UNKNOWN_CIPHER) ,"unknown cipher"},
161{ERR_REASON(EVP_R_UNKNOWN_OPTION) ,"unknown option"}, 190{ERR_REASON(EVP_R_UNKNOWN_DIGEST) ,"unknown digest"},
162{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"}, 191{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
163{ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"}, 192{ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
193{ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM) ,"unsupported algorithm"},
164{ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, 194{ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
165{ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) ,"unsupported keylength"}, 195{ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) ,"unsupported keylength"},
166{ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),"unsupported key derivation function"}, 196{ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),"unsupported key derivation function"},
diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c
index 361ea69ab6..839d6a3a16 100644
--- a/src/lib/libcrypto/evp/evp_key.c
+++ b/src/lib/libcrypto/evp/evp_key.c
@@ -90,6 +90,11 @@ char *EVP_get_pw_prompt(void)
90 * this function will fail */ 90 * this function will fail */
91int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) 91int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
92 { 92 {
93 return EVP_read_pw_string_min(buf, 0, len, prompt, verify);
94 }
95
96int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int verify)
97 {
93 int ret; 98 int ret;
94 char buff[BUFSIZ]; 99 char buff[BUFSIZ];
95 UI *ui; 100 UI *ui;
@@ -97,10 +102,10 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
97 if ((prompt == NULL) && (prompt_string[0] != '\0')) 102 if ((prompt == NULL) && (prompt_string[0] != '\0'))
98 prompt=prompt_string; 103 prompt=prompt_string;
99 ui = UI_new(); 104 ui = UI_new();
100 UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len); 105 UI_add_input_string(ui,prompt,0,buf,min,(len>=BUFSIZ)?BUFSIZ-1:len);
101 if (verify) 106 if (verify)
102 UI_add_verify_string(ui,prompt,0, 107 UI_add_verify_string(ui,prompt,0,
103 buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf); 108 buff,min,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
104 ret = UI_process(ui); 109 ret = UI_process(ui);
105 UI_free(ui); 110 UI_free(ui);
106 OPENSSL_cleanse(buff,BUFSIZ); 111 OPENSSL_cleanse(buff,BUFSIZ);
diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c
index 174cf6c594..40951a04f0 100644
--- a/src/lib/libcrypto/evp/evp_lib.c
+++ b/src/lib/libcrypto/evp/evp_lib.c
@@ -67,8 +67,6 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
67 67
68 if (c->cipher->set_asn1_parameters != NULL) 68 if (c->cipher->set_asn1_parameters != NULL)
69 ret=c->cipher->set_asn1_parameters(c,type); 69 ret=c->cipher->set_asn1_parameters(c,type);
70 else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
71 ret=EVP_CIPHER_set_asn1_iv(c, type);
72 else 70 else
73 ret=-1; 71 ret=-1;
74 return(ret); 72 return(ret);
@@ -80,8 +78,6 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
80 78
81 if (c->cipher->get_asn1_parameters != NULL) 79 if (c->cipher->get_asn1_parameters != NULL)
82 ret=c->cipher->get_asn1_parameters(c,type); 80 ret=c->cipher->get_asn1_parameters(c,type);
83 else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
84 ret=EVP_CIPHER_get_asn1_iv(c, type);
85 else 81 else
86 ret=-1; 82 ret=-1;
87 return(ret); 83 return(ret);
@@ -163,6 +159,12 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
163 159
164 return NID_des_cfb64; 160 return NID_des_cfb64;
165 161
162 case NID_des_ede3_cfb64:
163 case NID_des_ede3_cfb8:
164 case NID_des_ede3_cfb1:
165
166 return NID_des_cfb64;
167
166 default: 168 default:
167 /* Check it has an OID and it is valid */ 169 /* Check it has an OID and it is valid */
168 otmp = OBJ_nid2obj(nid); 170 otmp = OBJ_nid2obj(nid);
@@ -182,6 +184,11 @@ int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
182 return ctx->cipher->block_size; 184 return ctx->cipher->block_size;
183 } 185 }
184 186
187int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
188 {
189 return ctx->cipher->do_cipher(ctx,out,in,inl);
190 }
191
185const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) 192const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
186 { 193 {
187 return ctx->cipher; 194 return ctx->cipher;
@@ -192,6 +199,11 @@ unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
192 return cipher->flags; 199 return cipher->flags;
193 } 200 }
194 201
202unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
203 {
204 return ctx->cipher->flags;
205 }
206
195void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) 207void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
196 { 208 {
197 return ctx->app_data; 209 return ctx->app_data;
@@ -207,6 +219,11 @@ int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
207 return cipher->iv_len; 219 return cipher->iv_len;
208 } 220 }
209 221
222int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
223 {
224 return ctx->cipher->iv_len;
225 }
226
210int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) 227int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
211 { 228 {
212 return cipher->key_len; 229 return cipher->key_len;
@@ -217,6 +234,11 @@ int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
217 return ctx->key_len; 234 return ctx->key_len;
218 } 235 }
219 236
237int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
238 {
239 return cipher->nid;
240 }
241
220int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) 242int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
221 { 243 {
222 return ctx->cipher->nid; 244 return ctx->cipher->nid;
@@ -239,11 +261,23 @@ int EVP_MD_pkey_type(const EVP_MD *md)
239 261
240int EVP_MD_size(const EVP_MD *md) 262int EVP_MD_size(const EVP_MD *md)
241 { 263 {
264 if (!md)
265 {
266 EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL);
267 return -1;
268 }
242 return md->md_size; 269 return md->md_size;
243 } 270 }
244 271
245const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx) 272unsigned long EVP_MD_flags(const EVP_MD *md)
273 {
274 return md->flags;
275 }
276
277const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
246 { 278 {
279 if (!ctx)
280 return NULL;
247 return ctx->digest; 281 return ctx->digest;
248 } 282 }
249 283
diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h
index eabcc96f30..292d74c188 100644
--- a/src/lib/libcrypto/evp/evp_locl.h
+++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -61,38 +61,66 @@
61/* Wrapper functions for each cipher mode */ 61/* Wrapper functions for each cipher mode */
62 62
63#define BLOCK_CIPHER_ecb_loop() \ 63#define BLOCK_CIPHER_ecb_loop() \
64 unsigned int i, bl; \ 64 size_t i, bl; \
65 bl = ctx->cipher->block_size;\ 65 bl = ctx->cipher->block_size;\
66 if(inl < bl) return 1;\ 66 if(inl < bl) return 1;\
67 inl -= bl; \ 67 inl -= bl; \
68 for(i=0; i <= inl; i+=bl) 68 for(i=0; i <= inl; i+=bl)
69 69
70#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ 70#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
71static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ 71static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
72{\ 72{\
73 BLOCK_CIPHER_ecb_loop() \ 73 BLOCK_CIPHER_ecb_loop() \
74 cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\ 74 cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\
75 return 1;\ 75 return 1;\
76} 76}
77 77
78#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2))
79
78#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ 80#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
79static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ 81static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
80{\ 82{\
81 cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ 83 while(inl>=EVP_MAXCHUNK)\
84 {\
85 cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\
86 inl-=EVP_MAXCHUNK;\
87 in +=EVP_MAXCHUNK;\
88 out+=EVP_MAXCHUNK;\
89 }\
90 if (inl)\
91 cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\
82 return 1;\ 92 return 1;\
83} 93}
84 94
85#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ 95#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
86static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ 96static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
87{\ 97{\
88 cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ 98 while(inl>=EVP_MAXCHUNK) \
99 {\
100 cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\
101 inl-=EVP_MAXCHUNK;\
102 in +=EVP_MAXCHUNK;\
103 out+=EVP_MAXCHUNK;\
104 }\
105 if (inl)\
106 cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\
89 return 1;\ 107 return 1;\
90} 108}
91 109
92#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ 110#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
93static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ 111static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
94{\ 112{\
95 cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ 113 size_t chunk=EVP_MAXCHUNK;\
114 if (cbits==1) chunk>>=3;\
115 if (inl<chunk) chunk=inl;\
116 while(inl && inl>=chunk)\
117 {\
118 cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
119 inl-=chunk;\
120 in +=chunk;\
121 out+=chunk;\
122 if(inl<chunk) chunk=inl;\
123 }\
96 return 1;\ 124 return 1;\
97} 125}
98 126
@@ -139,10 +167,10 @@ BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
139 get_asn1, ctrl) 167 get_asn1, ctrl)
140 168
141#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \ 169#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
142 iv_len, flags, init_key, cleanup, set_asn1, \ 170 flags, init_key, cleanup, set_asn1, \
143 get_asn1, ctrl) \ 171 get_asn1, ctrl) \
144BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ 172BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
145 iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) 173 0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
146 174
147#define BLOCK_CIPHER_defs(cname, kstruct, \ 175#define BLOCK_CIPHER_defs(cname, kstruct, \
148 nid, block_size, key_len, iv_len, cbits, flags, \ 176 nid, block_size, key_len, iv_len, cbits, flags, \
@@ -153,7 +181,7 @@ BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
153 flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ 181 flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
154BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \ 182BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
155 flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ 183 flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
156BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ 184BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
157 init_key, cleanup, set_asn1, get_asn1, ctrl) 185 init_key, cleanup, set_asn1, get_asn1, ctrl)
158 186
159 187
@@ -226,27 +254,92 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
226 254
227#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) 255#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data)
228 256
229#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \ 257#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \
230 BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ 258 BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
231 BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ 259 BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
232 NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ 260 NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
233 (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \ 261 0, cipher##_init_key, NULL, \
234 cipher##_init_key, NULL, NULL, NULL, NULL) 262 EVP_CIPHER_set_asn1_iv, \
235 263 EVP_CIPHER_get_asn1_iv, \
236#ifdef OPENSSL_FIPS 264 NULL)
237#define RC2_set_key private_RC2_set_key 265
238#define RC4_set_key private_RC4_set_key 266struct evp_pkey_ctx_st
239#define CAST_set_key private_CAST_set_key 267 {
240#define RC5_32_set_key private_RC5_32_set_key 268 /* Method associated with this operation */
241#define BF_set_key private_BF_set_key 269 const EVP_PKEY_METHOD *pmeth;
242#define Camellia_set_key private_Camellia_set_key 270 /* Engine that implements this method or NULL if builtin */
243#define idea_set_encrypt_key private_idea_set_encrypt_key 271 ENGINE *engine;
244 272 /* Key: may be NULL */
245#define MD5_Init private_MD5_Init 273 EVP_PKEY *pkey;
246#define MD4_Init private_MD4_Init 274 /* Peer key for key agreement, may be NULL */
247#define MD2_Init private_MD2_Init 275 EVP_PKEY *peerkey;
248#define MDC2_Init private_MDC2_Init 276 /* Actual operation */
249#define SHA_Init private_SHA_Init 277 int operation;
250 278 /* Algorithm specific data */
251#endif 279 void *data;
280 /* Application specific data */
281 void *app_data;
282 /* Keygen callback */
283 EVP_PKEY_gen_cb *pkey_gencb;
284 /* implementation specific keygen data */
285 int *keygen_info;
286 int keygen_info_count;
287 } /* EVP_PKEY_CTX */;
288
289#define EVP_PKEY_FLAG_DYNAMIC 1
290
291struct evp_pkey_method_st
292 {
293 int pkey_id;
294 int flags;
295
296 int (*init)(EVP_PKEY_CTX *ctx);
297 int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);
298 void (*cleanup)(EVP_PKEY_CTX *ctx);
299
300 int (*paramgen_init)(EVP_PKEY_CTX *ctx);
301 int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
302
303 int (*keygen_init)(EVP_PKEY_CTX *ctx);
304 int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
305
306 int (*sign_init)(EVP_PKEY_CTX *ctx);
307 int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
308 const unsigned char *tbs, size_t tbslen);
309
310 int (*verify_init)(EVP_PKEY_CTX *ctx);
311 int (*verify)(EVP_PKEY_CTX *ctx,
312 const unsigned char *sig, size_t siglen,
313 const unsigned char *tbs, size_t tbslen);
314
315 int (*verify_recover_init)(EVP_PKEY_CTX *ctx);
316 int (*verify_recover)(EVP_PKEY_CTX *ctx,
317 unsigned char *rout, size_t *routlen,
318 const unsigned char *sig, size_t siglen);
319
320 int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
321 int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
322 EVP_MD_CTX *mctx);
323
324 int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
325 int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig,int siglen,
326 EVP_MD_CTX *mctx);
327
328 int (*encrypt_init)(EVP_PKEY_CTX *ctx);
329 int (*encrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
330 const unsigned char *in, size_t inlen);
331
332 int (*decrypt_init)(EVP_PKEY_CTX *ctx);
333 int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
334 const unsigned char *in, size_t inlen);
335
336 int (*derive_init)(EVP_PKEY_CTX *ctx);
337 int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
338
339 int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
340 int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value);
341
342
343 } /* EVP_PKEY_METHOD */;
252 344
345void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
index 5e830be65f..c9d932d205 100644
--- a/src/lib/libcrypto/evp/evp_pbe.c
+++ b/src/lib/libcrypto/evp/evp_pbe.c
@@ -3,7 +3,7 @@
3 * project 1999. 3 * project 1999.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -59,79 +59,253 @@
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/evp.h> 61#include <openssl/evp.h>
62#include <openssl/pkcs12.h>
62#include <openssl/x509.h> 63#include <openssl/x509.h>
63 64
64/* Password based encryption (PBE) functions */ 65/* Password based encryption (PBE) functions */
65 66
66static STACK *pbe_algs; 67DECLARE_STACK_OF(EVP_PBE_CTL)
68static STACK_OF(EVP_PBE_CTL) *pbe_algs;
67 69
68/* Setup a cipher context from a PBE algorithm */ 70/* Setup a cipher context from a PBE algorithm */
69 71
70typedef struct { 72typedef struct
71int pbe_nid; 73 {
72const EVP_CIPHER *cipher; 74 int pbe_type;
73const EVP_MD *md; 75 int pbe_nid;
74EVP_PBE_KEYGEN *keygen; 76 int cipher_nid;
75} EVP_PBE_CTL; 77 int md_nid;
78 EVP_PBE_KEYGEN *keygen;
79 } EVP_PBE_CTL;
76 80
77int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, 81static const EVP_PBE_CTL builtin_pbe[] =
78 ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) 82 {
79{ 83 {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC,
84 NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen},
85 {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC,
86 NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen},
87 {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,
88 NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen},
80 89
81 EVP_PBE_CTL *pbetmp, pbelu; 90 {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4,
82 int i; 91 NID_rc4, NID_sha1, PKCS12_PBE_keyivgen},
83 pbelu.pbe_nid = OBJ_obj2nid(pbe_obj); 92 {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4,
84 if (pbelu.pbe_nid != NID_undef) i = sk_find(pbe_algs, (char *)&pbelu); 93 NID_rc4_40, NID_sha1, PKCS12_PBE_keyivgen},
85 else i = -1; 94 {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
95 NID_des_ede3_cbc, NID_sha1, PKCS12_PBE_keyivgen},
96 {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
97 NID_des_ede_cbc, NID_sha1, PKCS12_PBE_keyivgen},
98 {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC2_CBC,
99 NID_rc2_cbc, NID_sha1, PKCS12_PBE_keyivgen},
100 {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC,
101 NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen},
102
103#ifndef OPENSSL_NO_HMAC
104 {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen},
105#endif
106 {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC,
107 NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen},
108 {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC,
109 NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen},
110 {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndDES_CBC,
111 NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen},
112
113
114 {EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0},
115 {EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0},
116 {EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0},
117 {EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0},
118 {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},
119 {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
120 {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},
121 };
122
123#ifdef TEST
124int main(int argc, char **argv)
125 {
126 int i, nid_md, nid_cipher;
127 EVP_PBE_CTL *tpbe, *tpbe2;
128 /*OpenSSL_add_all_algorithms();*/
129
130 for (i = 0; i < sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL); i++)
131 {
132 tpbe = builtin_pbe + i;
133 fprintf(stderr, "%d %d %s ", tpbe->pbe_type, tpbe->pbe_nid,
134 OBJ_nid2sn(tpbe->pbe_nid));
135 if (EVP_PBE_find(tpbe->pbe_type, tpbe->pbe_nid,
136 &nid_cipher ,&nid_md,0))
137 fprintf(stderr, "Found %s %s\n",
138 OBJ_nid2sn(nid_cipher),
139 OBJ_nid2sn(nid_md));
140 else
141 fprintf(stderr, "Find ERROR!!\n");
142 }
143
144 return 0;
145 }
146#endif
147
148
149
150int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
151 ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
152 {
153 const EVP_CIPHER *cipher;
154 const EVP_MD *md;
155 int cipher_nid, md_nid;
156 EVP_PBE_KEYGEN *keygen;
86 157
87 if (i == -1) { 158 if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj),
159 &cipher_nid, &md_nid, &keygen))
160 {
88 char obj_tmp[80]; 161 char obj_tmp[80];
89 EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM); 162 EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
90 if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); 163 if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
91 else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); 164 else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
92 ERR_add_error_data(2, "TYPE=", obj_tmp); 165 ERR_add_error_data(2, "TYPE=", obj_tmp);
93 return 0; 166 return 0;
94 } 167 }
95 if(!pass) passlen = 0; 168
96 else if (passlen == -1) passlen = strlen(pass); 169 if(!pass)
97 pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i); 170 passlen = 0;
98 i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher, 171 else if (passlen == -1)
99 pbetmp->md, en_de); 172 passlen = strlen(pass);
100 if (!i) { 173
174 if (cipher_nid == -1)
175 cipher = NULL;
176 else
177 {
178 cipher = EVP_get_cipherbynid(cipher_nid);
179 if (!cipher)
180 {
181 EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_CIPHER);
182 return 0;
183 }
184 }
185
186 if (md_nid == -1)
187 md = NULL;
188 else
189 {
190 md = EVP_get_digestbynid(md_nid);
191 if (!md)
192 {
193 EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_DIGEST);
194 return 0;
195 }
196 }
197
198 if (!keygen(ctx, pass, passlen, param, cipher, md, en_de))
199 {
101 EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE); 200 EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE);
102 return 0; 201 return 0;
103 } 202 }
104 return 1; 203 return 1;
105} 204}
106 205
107static int pbe_cmp(const char * const *a, const char * const *b) 206DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2);
108{ 207
109 const EVP_PBE_CTL * const *pbe1 = (const EVP_PBE_CTL * const *) a, 208static int pbe2_cmp(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2)
110 * const *pbe2 = (const EVP_PBE_CTL * const *)b; 209 {
111 return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); 210 int ret = pbe1->pbe_type - pbe2->pbe_type;
112} 211 if (ret)
212 return ret;
213 else
214 return pbe1->pbe_nid - pbe2->pbe_nid;
215 }
216
217IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2);
218
219static int pbe_cmp(const EVP_PBE_CTL * const *a, const EVP_PBE_CTL * const *b)
220 {
221 int ret = (*a)->pbe_type - (*b)->pbe_type;
222 if (ret)
223 return ret;
224 else
225 return (*a)->pbe_nid - (*b)->pbe_nid;
226 }
113 227
114/* Add a PBE algorithm */ 228/* Add a PBE algorithm */
115 229
116int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, 230int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid,
117 EVP_PBE_KEYGEN *keygen) 231 EVP_PBE_KEYGEN *keygen)
118{ 232 {
119 EVP_PBE_CTL *pbe_tmp; 233 EVP_PBE_CTL *pbe_tmp;
120 if (!pbe_algs) pbe_algs = sk_new(pbe_cmp); 234 if (!pbe_algs)
121 if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) { 235 pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp);
122 EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE); 236 if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL))))
237 {
238 EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE,ERR_R_MALLOC_FAILURE);
123 return 0; 239 return 0;
124 } 240 }
125 pbe_tmp->pbe_nid = nid; 241 pbe_tmp->pbe_type = pbe_type;
126 pbe_tmp->cipher = cipher; 242 pbe_tmp->pbe_nid = pbe_nid;
127 pbe_tmp->md = md; 243 pbe_tmp->cipher_nid = cipher_nid;
244 pbe_tmp->md_nid = md_nid;
128 pbe_tmp->keygen = keygen; 245 pbe_tmp->keygen = keygen;
129 sk_push (pbe_algs, (char *)pbe_tmp); 246
247
248 sk_EVP_PBE_CTL_push (pbe_algs, pbe_tmp);
130 return 1; 249 return 1;
131} 250 }
251
252int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
253 EVP_PBE_KEYGEN *keygen)
254 {
255 int cipher_nid, md_nid;
256 if (cipher)
257 cipher_nid = EVP_CIPHER_type(cipher);
258 else
259 cipher_nid = -1;
260 if (md)
261 md_nid = EVP_MD_type(md);
262 else
263 md_nid = -1;
264
265 return EVP_PBE_alg_add_type(EVP_PBE_TYPE_OUTER, nid,
266 cipher_nid, md_nid, keygen);
267 }
268
269int EVP_PBE_find(int type, int pbe_nid,
270 int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen)
271 {
272 EVP_PBE_CTL *pbetmp = NULL, pbelu;
273 int i;
274 if (pbe_nid == NID_undef)
275 return 0;
276
277 pbelu.pbe_type = type;
278 pbelu.pbe_nid = pbe_nid;
279
280 if (pbe_algs)
281 {
282 i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu);
283 if (i != -1)
284 pbetmp = sk_EVP_PBE_CTL_value (pbe_algs, i);
285 }
286 if (pbetmp == NULL)
287 {
288 pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe,
289 sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL));
290 }
291 if (pbetmp == NULL)
292 return 0;
293 if (pcnid)
294 *pcnid = pbetmp->cipher_nid;
295 if (pmnid)
296 *pmnid = pbetmp->md_nid;
297 if (pkeygen)
298 *pkeygen = pbetmp->keygen;
299 return 1;
300 }
301
302static void free_evp_pbe_ctl(EVP_PBE_CTL *pbe)
303 {
304 OPENSSL_freeFunc(pbe);
305 }
132 306
133void EVP_PBE_cleanup(void) 307void EVP_PBE_cleanup(void)
134{ 308 {
135 sk_pop_free(pbe_algs, OPENSSL_freeFunc); 309 sk_EVP_PBE_CTL_pop_free(pbe_algs, free_evp_pbe_ctl);
136 pbe_algs = NULL; 310 pbe_algs = NULL;
137} 311 }
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
index 10d9e9e772..ceebf69284 100644
--- a/src/lib/libcrypto/evp/evp_pkey.c
+++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -3,7 +3,7 @@
3 * project 1999. 3 * project 1999.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -61,287 +61,52 @@
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63#include <openssl/rand.h> 63#include <openssl/rand.h>
64#ifndef OPENSSL_NO_RSA 64#include "asn1_locl.h"
65#include <openssl/rsa.h>
66#endif
67#ifndef OPENSSL_NO_DSA
68#include <openssl/dsa.h>
69#endif
70#include <openssl/bn.h>
71
72#ifndef OPENSSL_NO_DSA
73static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
74#endif
75#ifndef OPENSSL_NO_EC
76static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
77#endif
78 65
79/* Extract a private key from a PKCS8 structure */ 66/* Extract a private key from a PKCS8 structure */
80 67
81EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) 68EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
82{ 69{
83 EVP_PKEY *pkey = NULL; 70 EVP_PKEY *pkey = NULL;
84#ifndef OPENSSL_NO_RSA 71 ASN1_OBJECT *algoid;
85 RSA *rsa = NULL;
86#endif
87#ifndef OPENSSL_NO_DSA
88 DSA *dsa = NULL;
89 ASN1_TYPE *t1, *t2;
90 ASN1_INTEGER *privkey;
91 STACK_OF(ASN1_TYPE) *ndsa = NULL;
92#endif
93#ifndef OPENSSL_NO_EC
94 EC_KEY *eckey = NULL;
95 const unsigned char *p_tmp;
96#endif
97#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
98 ASN1_TYPE *param = NULL;
99 BN_CTX *ctx = NULL;
100 int plen;
101#endif
102 X509_ALGOR *a;
103 const unsigned char *p;
104 const unsigned char *cp;
105 int pkeylen;
106 int nid;
107 char obj_tmp[80]; 72 char obj_tmp[80];
108 73
109 if(p8->pkey->type == V_ASN1_OCTET_STRING) { 74 if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8))
110 p8->broken = PKCS8_OK; 75 return NULL;
111 p = p8->pkey->value.octet_string->data; 76
112 pkeylen = p8->pkey->value.octet_string->length;
113 } else {
114 p8->broken = PKCS8_NO_OCTET;
115 p = p8->pkey->value.sequence->data;
116 pkeylen = p8->pkey->value.sequence->length;
117 }
118 if (!(pkey = EVP_PKEY_new())) { 77 if (!(pkey = EVP_PKEY_new())) {
119 EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); 78 EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
120 return NULL; 79 return NULL;
121 } 80 }
122 a = p8->pkeyalg;
123 nid = OBJ_obj2nid(a->algorithm);
124 switch(nid)
125 {
126#ifndef OPENSSL_NO_RSA
127 case NID_rsaEncryption:
128 cp = p;
129 if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) {
130 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
131 return NULL;
132 }
133 EVP_PKEY_assign_RSA (pkey, rsa);
134 break;
135#endif
136#ifndef OPENSSL_NO_DSA
137 case NID_dsa:
138 /* PKCS#8 DSA is weird: you just get a private key integer
139 * and parameters in the AlgorithmIdentifier the pubkey must
140 * be recalculated.
141 */
142
143 /* Check for broken DSA PKCS#8, UGH! */
144 if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
145 if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen,
146 d2i_ASN1_TYPE,
147 ASN1_TYPE_free))) {
148 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
149 goto dsaerr;
150 }
151 if(sk_ASN1_TYPE_num(ndsa) != 2 ) {
152 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
153 goto dsaerr;
154 }
155 /* Handle Two broken types:
156 * SEQUENCE {parameters, priv_key}
157 * SEQUENCE {pub_key, priv_key}
158 */
159
160 t1 = sk_ASN1_TYPE_value(ndsa, 0);
161 t2 = sk_ASN1_TYPE_value(ndsa, 1);
162 if(t1->type == V_ASN1_SEQUENCE) {
163 p8->broken = PKCS8_EMBEDDED_PARAM;
164 param = t1;
165 } else if(a->parameter->type == V_ASN1_SEQUENCE) {
166 p8->broken = PKCS8_NS_DB;
167 param = a->parameter;
168 } else {
169 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
170 goto dsaerr;
171 }
172
173 if(t2->type != V_ASN1_INTEGER) {
174 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
175 goto dsaerr;
176 }
177 privkey = t2->value.integer;
178 } else {
179 if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
180 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
181 goto dsaerr;
182 }
183 param = p8->pkeyalg->parameter;
184 }
185 if (!param || (param->type != V_ASN1_SEQUENCE)) {
186 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
187 goto dsaerr;
188 }
189 cp = p = param->value.sequence->data;
190 plen = param->value.sequence->length;
191 if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) {
192 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
193 goto dsaerr;
194 }
195 /* We have parameters now set private key */
196 if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
197 EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
198 goto dsaerr;
199 }
200 /* Calculate public key (ouch!) */
201 if (!(dsa->pub_key = BN_new())) {
202 EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
203 goto dsaerr;
204 }
205 if (!(ctx = BN_CTX_new())) {
206 EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
207 goto dsaerr;
208 }
209
210 if (!BN_mod_exp(dsa->pub_key, dsa->g,
211 dsa->priv_key, dsa->p, ctx)) {
212
213 EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
214 goto dsaerr;
215 }
216 81
217 EVP_PKEY_assign_DSA(pkey, dsa); 82 if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid)))
218 BN_CTX_free (ctx);
219 if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
220 else ASN1_INTEGER_free(privkey);
221 break;
222 dsaerr:
223 BN_CTX_free (ctx);
224 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
225 DSA_free(dsa);
226 EVP_PKEY_free(pkey);
227 return NULL;
228 break;
229#endif
230#ifndef OPENSSL_NO_EC
231 case NID_X9_62_id_ecPublicKey:
232 p_tmp = p;
233 /* extract the ec parameters */
234 param = p8->pkeyalg->parameter;
235
236 if (!param || ((param->type != V_ASN1_SEQUENCE) &&
237 (param->type != V_ASN1_OBJECT)))
238 { 83 {
239 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); 84 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
240 goto ecerr; 85 i2t_ASN1_OBJECT(obj_tmp, 80, algoid);
86 ERR_add_error_data(2, "TYPE=", obj_tmp);
87 goto error;
241 } 88 }
242 89
243 if (param->type == V_ASN1_SEQUENCE) 90 if (pkey->ameth->priv_decode)
244 { 91 {
245 cp = p = param->value.sequence->data; 92 if (!pkey->ameth->priv_decode(pkey, p8))
246 plen = param->value.sequence->length;
247
248 if (!(eckey = d2i_ECParameters(NULL, &cp, plen)))
249 { 93 {
250 EVPerr(EVP_F_EVP_PKCS82PKEY, 94 EVPerr(EVP_F_EVP_PKCS82PKEY,
251 EVP_R_DECODE_ERROR); 95 EVP_R_PRIVATE_KEY_DECODE_ERROR);
252 goto ecerr; 96 goto error;
253 } 97 }
254 } 98 }
255 else 99 else
256 { 100 {
257 EC_GROUP *group; 101 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_METHOD_NOT_SUPPORTED);
258 cp = p = param->value.object->data; 102 goto error;
259 plen = param->value.object->length;
260
261 /* type == V_ASN1_OBJECT => the parameters are given
262 * by an asn1 OID
263 */
264 if ((eckey = EC_KEY_new()) == NULL)
265 {
266 EVPerr(EVP_F_EVP_PKCS82PKEY,
267 ERR_R_MALLOC_FAILURE);
268 goto ecerr;
269 }
270 group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
271 if (group == NULL)
272 goto ecerr;
273 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
274 if (EC_KEY_set_group(eckey, group) == 0)
275 goto ecerr;
276 EC_GROUP_free(group);
277 }
278
279 /* We have parameters now set private key */
280 if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen))
281 {
282 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
283 goto ecerr;
284 }
285
286 /* calculate public key (if necessary) */
287 if (EC_KEY_get0_public_key(eckey) == NULL)
288 {
289 const BIGNUM *priv_key;
290 const EC_GROUP *group;
291 EC_POINT *pub_key;
292 /* the public key was not included in the SEC1 private
293 * key => calculate the public key */
294 group = EC_KEY_get0_group(eckey);
295 pub_key = EC_POINT_new(group);
296 if (pub_key == NULL)
297 {
298 EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
299 goto ecerr;
300 }
301 if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))
302 {
303 EC_POINT_free(pub_key);
304 EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
305 goto ecerr;
306 }
307 priv_key = EC_KEY_get0_private_key(eckey);
308 if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
309 {
310 EC_POINT_free(pub_key);
311 EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
312 goto ecerr;
313 }
314 if (EC_KEY_set_public_key(eckey, pub_key) == 0)
315 {
316 EC_POINT_free(pub_key);
317 EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
318 goto ecerr;
319 }
320 EC_POINT_free(pub_key);
321 } 103 }
322 104
323 EVP_PKEY_assign_EC_KEY(pkey, eckey);
324 if (ctx)
325 BN_CTX_free(ctx);
326 break;
327ecerr:
328 if (ctx)
329 BN_CTX_free(ctx);
330 if (eckey)
331 EC_KEY_free(eckey);
332 if (pkey)
333 EVP_PKEY_free(pkey);
334 return NULL;
335#endif
336 default:
337 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
338 if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
339 else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
340 ERR_add_error_data(2, "TYPE=", obj_tmp);
341 EVP_PKEY_free (pkey);
342 return NULL;
343 }
344 return pkey; 105 return pkey;
106
107 error:
108 EVP_PKEY_free (pkey);
109 return NULL;
345} 110}
346 111
347PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) 112PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
@@ -360,59 +125,37 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
360 return NULL; 125 return NULL;
361 } 126 }
362 p8->broken = broken; 127 p8->broken = broken;
363 if (!ASN1_INTEGER_set(p8->version, 0)) {
364 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
365 PKCS8_PRIV_KEY_INFO_free (p8);
366 return NULL;
367 }
368 if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
369 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
370 PKCS8_PRIV_KEY_INFO_free (p8);
371 return NULL;
372 }
373 p8->pkey->type = V_ASN1_OCTET_STRING;
374 switch (EVP_PKEY_type(pkey->type)) {
375#ifndef OPENSSL_NO_RSA
376 case EVP_PKEY_RSA:
377 128
378 if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE; 129 if (pkey->ameth)
379 130 {
380 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); 131 if (pkey->ameth->priv_encode)
381 p8->pkeyalg->parameter->type = V_ASN1_NULL; 132 {
382 if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey, 133 if (!pkey->ameth->priv_encode(p8, pkey))
383 &p8->pkey->value.octet_string)) { 134 {
384 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); 135 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
385 PKCS8_PRIV_KEY_INFO_free (p8); 136 EVP_R_PRIVATE_KEY_ENCODE_ERROR);
386 return NULL; 137 goto error;
387 } 138 }
388 break; 139 }
389#endif 140 else
390#ifndef OPENSSL_NO_DSA 141 {
391 case EVP_PKEY_DSA: 142 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
392 if(!dsa_pkey2pkcs8(p8, pkey)) { 143 EVP_R_METHOD_NOT_SUPPORTED);
393 PKCS8_PRIV_KEY_INFO_free (p8); 144 goto error;
394 return NULL; 145 }
395 } 146 }
396 147 else
397 break;
398#endif
399#ifndef OPENSSL_NO_EC
400 case EVP_PKEY_EC:
401 if (!eckey_pkey2pkcs8(p8, pkey))
402 { 148 {
403 PKCS8_PRIV_KEY_INFO_free(p8); 149 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
404 return(NULL); 150 EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
151 goto error;
405 } 152 }
406 break;
407#endif
408 default:
409 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
410 PKCS8_PRIV_KEY_INFO_free (p8);
411 return NULL;
412 }
413 RAND_add(p8->pkey->value.octet_string->data, 153 RAND_add(p8->pkey->value.octet_string->data,
414 p8->pkey->value.octet_string->length, 0.0); 154 p8->pkey->value.octet_string->length, 0.0);
415 return p8; 155 return p8;
156 error:
157 PKCS8_PRIV_KEY_INFO_free(p8);
158 return NULL;
416} 159}
417 160
418PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) 161PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
@@ -436,301 +179,6 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
436 } 179 }
437} 180}
438 181
439#ifndef OPENSSL_NO_DSA
440static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
441{
442 ASN1_STRING *params = NULL;
443 ASN1_INTEGER *prkey = NULL;
444 ASN1_TYPE *ttmp = NULL;
445 STACK_OF(ASN1_TYPE) *ndsa = NULL;
446 unsigned char *p = NULL, *q;
447 int len;
448
449 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
450 len = i2d_DSAparams (pkey->pkey.dsa, NULL);
451 if (!(p = OPENSSL_malloc(len))) {
452 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
453 goto err;
454 }
455 q = p;
456 i2d_DSAparams (pkey->pkey.dsa, &q);
457 if (!(params = ASN1_STRING_new())) {
458 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
459 goto err;
460 }
461 if (!ASN1_STRING_set(params, p, len)) {
462 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
463 goto err;
464 }
465 OPENSSL_free(p);
466 p = NULL;
467 /* Get private key into integer */
468 if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
469 EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
470 goto err;
471 }
472
473 switch(p8->broken) {
474
475 case PKCS8_OK:
476 case PKCS8_NO_OCTET:
477
478 if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER,
479 &p8->pkey->value.octet_string)) {
480 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
481 goto err;
482 }
483
484 M_ASN1_INTEGER_free (prkey);
485 prkey = NULL;
486 p8->pkeyalg->parameter->value.sequence = params;
487 params = NULL;
488 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
489
490 break;
491
492 case PKCS8_NS_DB:
493
494 p8->pkeyalg->parameter->value.sequence = params;
495 params = NULL;
496 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
497 if (!(ndsa = sk_ASN1_TYPE_new_null())) {
498 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
499 goto err;
500 }
501 if (!(ttmp = ASN1_TYPE_new())) {
502 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
503 goto err;
504 }
505 if (!(ttmp->value.integer =
506 BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
507 EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
508 goto err;
509 }
510 ttmp->type = V_ASN1_INTEGER;
511 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
512 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
513 goto err;
514 }
515
516 if (!(ttmp = ASN1_TYPE_new())) {
517 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
518 goto err;
519 }
520 ttmp->value.integer = prkey;
521 prkey = NULL;
522 ttmp->type = V_ASN1_INTEGER;
523 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
524 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
525 goto err;
526 }
527 ttmp = NULL;
528
529 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
530 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
531 goto err;
532 }
533
534 if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
535 &p8->pkey->value.octet_string->data,
536 &p8->pkey->value.octet_string->length)) {
537
538 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
539 goto err;
540 }
541 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
542 break;
543
544 case PKCS8_EMBEDDED_PARAM:
545
546 p8->pkeyalg->parameter->type = V_ASN1_NULL;
547 if (!(ndsa = sk_ASN1_TYPE_new_null())) {
548 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
549 goto err;
550 }
551 if (!(ttmp = ASN1_TYPE_new())) {
552 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
553 goto err;
554 }
555 ttmp->value.sequence = params;
556 params = NULL;
557 ttmp->type = V_ASN1_SEQUENCE;
558 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
559 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
560 goto err;
561 }
562
563 if (!(ttmp = ASN1_TYPE_new())) {
564 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
565 goto err;
566 }
567 ttmp->value.integer = prkey;
568 prkey = NULL;
569 ttmp->type = V_ASN1_INTEGER;
570 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
571 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
572 goto err;
573 }
574 ttmp = NULL;
575
576 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
577 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
578 goto err;
579 }
580
581 if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
582 &p8->pkey->value.octet_string->data,
583 &p8->pkey->value.octet_string->length)) {
584
585 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
586 goto err;
587 }
588 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
589 break;
590 }
591 return 1;
592err:
593 if (p != NULL) OPENSSL_free(p);
594 if (params != NULL) ASN1_STRING_free(params);
595 if (prkey != NULL) M_ASN1_INTEGER_free(prkey);
596 if (ttmp != NULL) ASN1_TYPE_free(ttmp);
597 if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
598 return 0;
599}
600#endif
601
602#ifndef OPENSSL_NO_EC
603static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
604{
605 EC_KEY *ec_key;
606 const EC_GROUP *group;
607 unsigned char *p, *pp;
608 int nid, i, ret = 0;
609 unsigned int tmp_flags, old_flags;
610
611 ec_key = pkey->pkey.ec;
612 if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL)
613 {
614 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);
615 return 0;
616 }
617
618 /* set the ec parameters OID */
619 if (p8->pkeyalg->algorithm)
620 ASN1_OBJECT_free(p8->pkeyalg->algorithm);
621
622 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);
623
624 /* set the ec parameters */
625
626 if (p8->pkeyalg->parameter)
627 {
628 ASN1_TYPE_free(p8->pkeyalg->parameter);
629 p8->pkeyalg->parameter = NULL;
630 }
631
632 if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL)
633 {
634 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
635 return 0;
636 }
637
638 if (EC_GROUP_get_asn1_flag(group)
639 && (nid = EC_GROUP_get_curve_name(group)))
640 {
641 /* we have a 'named curve' => just set the OID */
642 p8->pkeyalg->parameter->type = V_ASN1_OBJECT;
643 p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);
644 }
645 else /* explicit parameters */
646 {
647 if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
648 {
649 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
650 return 0;
651 }
652 if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
653 {
654 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
655 return 0;
656 }
657 pp = p;
658 if (!i2d_ECParameters(ec_key, &pp))
659 {
660 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
661 OPENSSL_free(p);
662 return 0;
663 }
664 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
665 if ((p8->pkeyalg->parameter->value.sequence
666 = ASN1_STRING_new()) == NULL)
667 {
668 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB);
669 OPENSSL_free(p);
670 return 0;
671 }
672 ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);
673 OPENSSL_free(p);
674 }
675
676 /* set the private key */
677
678 /* do not include the parameters in the SEC1 private key
679 * see PKCS#11 12.11 */
680 old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);
681 tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
682 EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);
683 i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);
684 if (!i)
685 {
686 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
687 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
688 return 0;
689 }
690 p = (unsigned char *) OPENSSL_malloc(i);
691 if (!p)
692 {
693 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
694 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
695 return 0;
696 }
697 pp = p;
698 if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp))
699 {
700 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
701 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
702 OPENSSL_free(p);
703 return 0;
704 }
705 /* restore old encoding flags */
706 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
707
708 switch(p8->broken) {
709
710 case PKCS8_OK:
711 p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
712 if (!p8->pkey->value.octet_string ||
713 !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string,
714 (const void *)p, i))
715
716 {
717 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
718 }
719 else
720 ret = 1;
721 break;
722 case PKCS8_NO_OCTET: /* RSA specific */
723 case PKCS8_NS_DB: /* DSA specific */
724 case PKCS8_EMBEDDED_PARAM: /* DSA specific */
725 default:
726 EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
727 }
728 OPENSSL_cleanse(p, (size_t)i);
729 OPENSSL_free(p);
730 return ret;
731}
732#endif
733
734/* EVP_PKEY attribute functions */ 182/* EVP_PKEY attribute functions */
735 183
736int EVP_PKEY_get_attr_count(const EVP_PKEY *key) 184int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c
index 6b0c0aa7a3..48c2689504 100644
--- a/src/lib/libcrypto/evp/m_dss.c
+++ b/src/lib/libcrypto/evp/m_dss.c
@@ -81,7 +81,7 @@ static const EVP_MD dsa_md=
81 NID_dsaWithSHA, 81 NID_dsaWithSHA,
82 NID_dsaWithSHA, 82 NID_dsaWithSHA,
83 SHA_DIGEST_LENGTH, 83 SHA_DIGEST_LENGTH,
84 EVP_MD_FLAG_FIPS, 84 EVP_MD_FLAG_PKEY_DIGEST,
85 init, 85 init,
86 update, 86 update,
87 final, 87 final,
diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c
index da8babc147..4f03fb70e0 100644
--- a/src/lib/libcrypto/evp/m_dss1.c
+++ b/src/lib/libcrypto/evp/m_dss1.c
@@ -68,8 +68,6 @@
68#include <openssl/dsa.h> 68#include <openssl/dsa.h>
69#endif 69#endif
70 70
71#ifndef OPENSSL_FIPS
72
73static int init(EVP_MD_CTX *ctx) 71static int init(EVP_MD_CTX *ctx)
74 { return SHA1_Init(ctx->md_data); } 72 { return SHA1_Init(ctx->md_data); }
75 73
@@ -84,7 +82,7 @@ static const EVP_MD dss1_md=
84 NID_dsa, 82 NID_dsa,
85 NID_dsaWithSHA1, 83 NID_dsaWithSHA1,
86 SHA_DIGEST_LENGTH, 84 SHA_DIGEST_LENGTH,
87 0, 85 EVP_MD_FLAG_PKEY_DIGEST,
88 init, 86 init,
89 update, 87 update,
90 final, 88 final,
@@ -100,4 +98,3 @@ const EVP_MD *EVP_dss1(void)
100 return(&dss1_md); 98 return(&dss1_md);
101 } 99 }
102#endif 100#endif
103#endif
diff --git a/src/lib/libcrypto/evp/m_ecdsa.c b/src/lib/libcrypto/evp/m_ecdsa.c
index fad270faca..8d87a49ebe 100644
--- a/src/lib/libcrypto/evp/m_ecdsa.c
+++ b/src/lib/libcrypto/evp/m_ecdsa.c
@@ -130,7 +130,7 @@ static const EVP_MD ecdsa_md=
130 NID_ecdsa_with_SHA1, 130 NID_ecdsa_with_SHA1,
131 NID_ecdsa_with_SHA1, 131 NID_ecdsa_with_SHA1,
132 SHA_DIGEST_LENGTH, 132 SHA_DIGEST_LENGTH,
133 0, 133 EVP_MD_FLAG_PKEY_DIGEST,
134 init, 134 init,
135 update, 135 update,
136 final, 136 final,
diff --git a/src/lib/libcrypto/evp/m_md4.c b/src/lib/libcrypto/evp/m_md4.c
index 5cd2ab5ade..1e0b7c5b42 100644
--- a/src/lib/libcrypto/evp/m_md4.c
+++ b/src/lib/libcrypto/evp/m_md4.c
@@ -58,7 +58,6 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "evp_locl.h"
62 61
63#ifndef OPENSSL_NO_MD4 62#ifndef OPENSSL_NO_MD4
64 63
diff --git a/src/lib/libcrypto/evp/m_md5.c b/src/lib/libcrypto/evp/m_md5.c
index 6455829671..63c142119e 100644
--- a/src/lib/libcrypto/evp/m_md5.c
+++ b/src/lib/libcrypto/evp/m_md5.c
@@ -62,7 +62,6 @@
62#ifndef OPENSSL_NO_MD5 62#ifndef OPENSSL_NO_MD5
63 63
64#include <openssl/evp.h> 64#include <openssl/evp.h>
65#include "evp_locl.h"
66#include <openssl/objects.h> 65#include <openssl/objects.h>
67#include <openssl/x509.h> 66#include <openssl/x509.h>
68#include <openssl/md5.h> 67#include <openssl/md5.h>
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c
index 471ec30be0..9a2790fdea 100644
--- a/src/lib/libcrypto/evp/m_sha1.c
+++ b/src/lib/libcrypto/evp/m_sha1.c
@@ -68,8 +68,6 @@
68#include <openssl/rsa.h> 68#include <openssl/rsa.h>
69#endif 69#endif
70 70
71#ifndef OPENSSL_FIPS
72
73static int init(EVP_MD_CTX *ctx) 71static int init(EVP_MD_CTX *ctx)
74 { return SHA1_Init(ctx->md_data); } 72 { return SHA1_Init(ctx->md_data); }
75 73
@@ -84,7 +82,7 @@ static const EVP_MD sha1_md=
84 NID_sha1, 82 NID_sha1,
85 NID_sha1WithRSAEncryption, 83 NID_sha1WithRSAEncryption,
86 SHA_DIGEST_LENGTH, 84 SHA_DIGEST_LENGTH,
87 0, 85 EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
88 init, 86 init,
89 update, 87 update,
90 final, 88 final,
@@ -99,6 +97,7 @@ const EVP_MD *EVP_sha1(void)
99 { 97 {
100 return(&sha1_md); 98 return(&sha1_md);
101 } 99 }
100#endif
102 101
103#ifndef OPENSSL_NO_SHA256 102#ifndef OPENSSL_NO_SHA256
104static int init224(EVP_MD_CTX *ctx) 103static int init224(EVP_MD_CTX *ctx)
@@ -120,7 +119,7 @@ static const EVP_MD sha224_md=
120 NID_sha224, 119 NID_sha224,
121 NID_sha224WithRSAEncryption, 120 NID_sha224WithRSAEncryption,
122 SHA224_DIGEST_LENGTH, 121 SHA224_DIGEST_LENGTH,
123 0, 122 EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
124 init224, 123 init224,
125 update256, 124 update256,
126 final256, 125 final256,
@@ -139,7 +138,7 @@ static const EVP_MD sha256_md=
139 NID_sha256, 138 NID_sha256,
140 NID_sha256WithRSAEncryption, 139 NID_sha256WithRSAEncryption,
141 SHA256_DIGEST_LENGTH, 140 SHA256_DIGEST_LENGTH,
142 0, 141 EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
143 init256, 142 init256,
144 update256, 143 update256,
145 final256, 144 final256,
@@ -170,7 +169,7 @@ static const EVP_MD sha384_md=
170 NID_sha384, 169 NID_sha384,
171 NID_sha384WithRSAEncryption, 170 NID_sha384WithRSAEncryption,
172 SHA384_DIGEST_LENGTH, 171 SHA384_DIGEST_LENGTH,
173 0, 172 EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
174 init384, 173 init384,
175 update512, 174 update512,
176 final512, 175 final512,
@@ -189,7 +188,7 @@ static const EVP_MD sha512_md=
189 NID_sha512, 188 NID_sha512,
190 NID_sha512WithRSAEncryption, 189 NID_sha512WithRSAEncryption,
191 SHA512_DIGEST_LENGTH, 190 SHA512_DIGEST_LENGTH,
192 0, 191 EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
193 init512, 192 init512,
194 update512, 193 update512,
195 final512, 194 final512,
@@ -203,7 +202,3 @@ static const EVP_MD sha512_md=
203const EVP_MD *EVP_sha512(void) 202const EVP_MD *EVP_sha512(void)
204 { return(&sha512_md); } 203 { return(&sha512_md); }
205#endif /* ifndef OPENSSL_NO_SHA512 */ 204#endif /* ifndef OPENSSL_NO_SHA512 */
206
207#endif
208
209#endif
diff --git a/src/lib/libcrypto/evp/m_sigver.c b/src/lib/libcrypto/evp/m_sigver.c
new file mode 100644
index 0000000000..f0b7f95059
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_sigver.c
@@ -0,0 +1,200 @@
1/* m_sigver.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006.
4 */
5/* ====================================================================
6 * Copyright (c) 2006,2007 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/evp.h>
62#include <openssl/objects.h>
63#include <openssl/x509.h>
64#include "evp_locl.h"
65
66static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
67 const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey,
68 int ver)
69 {
70 if (ctx->pctx == NULL)
71 ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
72 if (ctx->pctx == NULL)
73 return 0;
74
75 if (type == NULL)
76 {
77 int def_nid;
78 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
79 type = EVP_get_digestbynid(def_nid);
80 }
81
82 if (type == NULL)
83 {
84 EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST);
85 return 0;
86 }
87
88 if (ver)
89 {
90 if (ctx->pctx->pmeth->verifyctx_init)
91 {
92 if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <=0)
93 return 0;
94 ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX;
95 }
96 else if (EVP_PKEY_verify_init(ctx->pctx) <= 0)
97 return 0;
98 }
99 else
100 {
101 if (ctx->pctx->pmeth->signctx_init)
102 {
103 if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0)
104 return 0;
105 ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX;
106 }
107 else if (EVP_PKEY_sign_init(ctx->pctx) <= 0)
108 return 0;
109 }
110 if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
111 return 0;
112 if (pctx)
113 *pctx = ctx->pctx;
114 if (!EVP_DigestInit_ex(ctx, type, e))
115 return 0;
116 return 1;
117 }
118
119int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
120 const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
121 {
122 return do_sigver_init(ctx, pctx, type, e, pkey, 0);
123 }
124
125int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
126 const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
127 {
128 return do_sigver_init(ctx, pctx, type, e, pkey, 1);
129 }
130
131int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
132 {
133 int sctx, r = 0;
134 if (ctx->pctx->pmeth->signctx)
135 sctx = 1;
136 else
137 sctx = 0;
138 if (sigret)
139 {
140 MS_STATIC EVP_MD_CTX tmp_ctx;
141 unsigned char md[EVP_MAX_MD_SIZE];
142 unsigned int mdlen;
143 EVP_MD_CTX_init(&tmp_ctx);
144 if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx))
145 return 0;
146 if (sctx)
147 r = tmp_ctx.pctx->pmeth->signctx(tmp_ctx.pctx,
148 sigret, siglen, &tmp_ctx);
149 else
150 r = EVP_DigestFinal_ex(&tmp_ctx,md,&mdlen);
151 EVP_MD_CTX_cleanup(&tmp_ctx);
152 if (sctx || !r)
153 return r;
154 if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0)
155 return 0;
156 }
157 else
158 {
159 if (sctx)
160 {
161 if (ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx) <= 0)
162 return 0;
163 }
164 else
165 {
166 int s = EVP_MD_size(ctx->digest);
167 if (s < 0 || EVP_PKEY_sign(ctx->pctx, sigret, siglen, NULL, s) <= 0)
168 return 0;
169 }
170 }
171 return 1;
172 }
173
174int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen)
175 {
176 MS_STATIC EVP_MD_CTX tmp_ctx;
177 unsigned char md[EVP_MAX_MD_SIZE];
178 int r;
179 unsigned int mdlen;
180 int vctx;
181
182 if (ctx->pctx->pmeth->verifyctx)
183 vctx = 1;
184 else
185 vctx = 0;
186 EVP_MD_CTX_init(&tmp_ctx);
187 if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx))
188 return -1;
189 if (vctx)
190 {
191 r = tmp_ctx.pctx->pmeth->verifyctx(tmp_ctx.pctx,
192 sig, siglen, &tmp_ctx);
193 }
194 else
195 r = EVP_DigestFinal_ex(&tmp_ctx,md,&mdlen);
196 EVP_MD_CTX_cleanup(&tmp_ctx);
197 if (vctx || !r)
198 return r;
199 return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen);
200 }
diff --git a/src/lib/libcrypto/evp/m_wp.c b/src/lib/libcrypto/evp/m_wp.c
new file mode 100644
index 0000000000..1ce47c040b
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_wp.c
@@ -0,0 +1,42 @@
1/* crypto/evp/m_wp.c */
2
3#include <stdio.h>
4#include "cryptlib.h"
5
6#ifndef OPENSSL_NO_WHIRLPOOL
7
8#include <openssl/evp.h>
9#include <openssl/objects.h>
10#include <openssl/x509.h>
11#include <openssl/whrlpool.h>
12
13static int init(EVP_MD_CTX *ctx)
14 { return WHIRLPOOL_Init(ctx->md_data); }
15
16static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
17 { return WHIRLPOOL_Update(ctx->md_data,data,count); }
18
19static int final(EVP_MD_CTX *ctx,unsigned char *md)
20 { return WHIRLPOOL_Final(md,ctx->md_data); }
21
22static const EVP_MD whirlpool_md=
23 {
24 NID_whirlpool,
25 0,
26 WHIRLPOOL_DIGEST_LENGTH,
27 0,
28 init,
29 update,
30 final,
31 NULL,
32 NULL,
33 EVP_PKEY_NULL_method,
34 WHIRLPOOL_BBLOCK/8,
35 sizeof(EVP_MD *)+sizeof(WHIRLPOOL_CTX),
36 };
37
38const EVP_MD *EVP_whirlpool(void)
39 {
40 return(&whirlpool_md);
41 }
42#endif
diff --git a/src/lib/libcrypto/evp/names.c b/src/lib/libcrypto/evp/names.c
index e2e04c3570..f2869f5c78 100644
--- a/src/lib/libcrypto/evp/names.c
+++ b/src/lib/libcrypto/evp/names.c
@@ -66,35 +66,32 @@ int EVP_add_cipher(const EVP_CIPHER *c)
66 { 66 {
67 int r; 67 int r;
68 68
69#ifdef OPENSSL_FIPS
70 OPENSSL_init();
71#endif
72
73 r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); 69 r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
74 if (r == 0) return(0); 70 if (r == 0) return(0);
71 check_defer(c->nid);
75 r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); 72 r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
76 return(r); 73 return(r);
77 } 74 }
78 75
76
79int EVP_add_digest(const EVP_MD *md) 77int EVP_add_digest(const EVP_MD *md)
80 { 78 {
81 int r; 79 int r;
82 const char *name; 80 const char *name;
83 81
84#ifdef OPENSSL_FIPS
85 OPENSSL_init();
86#endif
87 name=OBJ_nid2sn(md->type); 82 name=OBJ_nid2sn(md->type);
88 r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); 83 r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);
89 if (r == 0) return(0); 84 if (r == 0) return(0);
85 check_defer(md->type);
90 r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md); 86 r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md);
91 if (r == 0) return(0); 87 if (r == 0) return(0);
92 88
93 if (md->type != md->pkey_type) 89 if (md->pkey_type && md->type != md->pkey_type)
94 { 90 {
95 r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type), 91 r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),
96 OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name); 92 OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
97 if (r == 0) return(0); 93 if (r == 0) return(0);
94 check_defer(md->pkey_type);
98 r=OBJ_NAME_add(OBJ_nid2ln(md->pkey_type), 95 r=OBJ_NAME_add(OBJ_nid2ln(md->pkey_type),
99 OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name); 96 OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
100 } 97 }
@@ -127,4 +124,78 @@ void EVP_cleanup(void)
127 OBJ_NAME_cleanup(-1); 124 OBJ_NAME_cleanup(-1);
128 125
129 EVP_PBE_cleanup(); 126 EVP_PBE_cleanup();
127 if (obj_cleanup_defer == 2)
128 {
129 obj_cleanup_defer = 0;
130 OBJ_cleanup();
131 }
132 OBJ_sigid_free();
133 }
134
135struct doall_cipher
136 {
137 void *arg;
138 void (*fn)(const EVP_CIPHER *ciph,
139 const char *from, const char *to, void *arg);
140 };
141
142static void do_all_cipher_fn(const OBJ_NAME *nm, void *arg)
143 {
144 struct doall_cipher *dc = arg;
145 if (nm->alias)
146 dc->fn(NULL, nm->name, nm->data, dc->arg);
147 else
148 dc->fn((const EVP_CIPHER *)nm->data, nm->name, NULL, dc->arg);
149 }
150
151void EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph,
152 const char *from, const char *to, void *x), void *arg)
153 {
154 struct doall_cipher dc;
155 dc.fn = fn;
156 dc.arg = arg;
157 OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc);
158 }
159
160void EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph,
161 const char *from, const char *to, void *x), void *arg)
162 {
163 struct doall_cipher dc;
164 dc.fn = fn;
165 dc.arg = arg;
166 OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn,&dc);
167 }
168
169struct doall_md
170 {
171 void *arg;
172 void (*fn)(const EVP_MD *ciph,
173 const char *from, const char *to, void *arg);
174 };
175
176static void do_all_md_fn(const OBJ_NAME *nm, void *arg)
177 {
178 struct doall_md *dc = arg;
179 if (nm->alias)
180 dc->fn(NULL, nm->name, nm->data, dc->arg);
181 else
182 dc->fn((const EVP_MD *)nm->data, nm->name, NULL, dc->arg);
183 }
184
185void EVP_MD_do_all(void (*fn)(const EVP_MD *md,
186 const char *from, const char *to, void *x), void *arg)
187 {
188 struct doall_md dc;
189 dc.fn = fn;
190 dc.arg = arg;
191 OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc);
192 }
193
194void EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *md,
195 const char *from, const char *to, void *x), void *arg)
196 {
197 struct doall_md dc;
198 dc.fn = fn;
199 dc.arg = arg;
200 OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc);
130 } 201 }
diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c
index 2a265fdee2..7ecfa8dad9 100644
--- a/src/lib/libcrypto/evp/p5_crpt.c
+++ b/src/lib/libcrypto/evp/p5_crpt.c
@@ -62,42 +62,11 @@
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63#include <openssl/evp.h> 63#include <openssl/evp.h>
64 64
65/* PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info. 65/* Doesn't do anything now: Builtin PBE algorithms in static table.
66 */ 66 */
67 67
68void PKCS5_PBE_add(void) 68void PKCS5_PBE_add(void)
69{ 69{
70#ifndef OPENSSL_NO_DES
71# ifndef OPENSSL_NO_MD5
72EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(),
73 PKCS5_PBE_keyivgen);
74# endif
75# ifndef OPENSSL_NO_MD2
76EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(),
77 PKCS5_PBE_keyivgen);
78# endif
79# ifndef OPENSSL_NO_SHA
80EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(),
81 PKCS5_PBE_keyivgen);
82# endif
83#endif
84#ifndef OPENSSL_NO_RC2
85# ifndef OPENSSL_NO_MD5
86EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(),
87 PKCS5_PBE_keyivgen);
88# endif
89# ifndef OPENSSL_NO_MD2
90EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(),
91 PKCS5_PBE_keyivgen);
92# endif
93# ifndef OPENSSL_NO_SHA
94EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(),
95 PKCS5_PBE_keyivgen);
96# endif
97#endif
98#ifndef OPENSSL_NO_HMAC
99EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen);
100#endif
101} 70}
102 71
103int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, 72int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
@@ -112,6 +81,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
112 int saltlen, iter; 81 int saltlen, iter;
113 unsigned char *salt; 82 unsigned char *salt;
114 const unsigned char *pbuf; 83 const unsigned char *pbuf;
84 int mdsize;
115 85
116 /* Extract useful info from parameter */ 86 /* Extract useful info from parameter */
117 if (param == NULL || param->type != V_ASN1_SEQUENCE || 87 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
@@ -140,9 +110,12 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
140 EVP_DigestUpdate(&ctx, salt, saltlen); 110 EVP_DigestUpdate(&ctx, salt, saltlen);
141 PBEPARAM_free(pbe); 111 PBEPARAM_free(pbe);
142 EVP_DigestFinal_ex(&ctx, md_tmp, NULL); 112 EVP_DigestFinal_ex(&ctx, md_tmp, NULL);
113 mdsize = EVP_MD_size(md);
114 if (mdsize < 0)
115 return 0;
143 for (i = 1; i < iter; i++) { 116 for (i = 1; i < iter; i++) {
144 EVP_DigestInit_ex(&ctx, md, NULL); 117 EVP_DigestInit_ex(&ctx, md, NULL);
145 EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md)); 118 EVP_DigestUpdate(&ctx, md_tmp, mdsize);
146 EVP_DigestFinal_ex (&ctx, md_tmp, NULL); 119 EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
147 } 120 }
148 EVP_MD_CTX_cleanup(&ctx); 121 EVP_MD_CTX_cleanup(&ctx);
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
index 6bec77baf9..334379f310 100644
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -3,7 +3,7 @@
3 * project 1999. 3 * project 1999.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -71,28 +71,38 @@
71#endif 71#endif
72 72
73/* This is an implementation of PKCS#5 v2.0 password based encryption key 73/* This is an implementation of PKCS#5 v2.0 password based encryption key
74 * derivation function PBKDF2 using the only currently defined function HMAC 74 * derivation function PBKDF2.
75 * with SHA1. Verified against test vectors posted by Peter Gutmann 75 * SHA1 version verified against test vectors posted by Peter Gutmann
76 * <pgut001@cs.auckland.ac.nz> to the PKCS-TNG <pkcs-tng@rsa.com> mailing list. 76 * <pgut001@cs.auckland.ac.nz> to the PKCS-TNG <pkcs-tng@rsa.com> mailing list.
77 */ 77 */
78 78
79int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, 79int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
80 const unsigned char *salt, int saltlen, int iter, 80 const unsigned char *salt, int saltlen, int iter,
81 const EVP_MD *digest,
81 int keylen, unsigned char *out) 82 int keylen, unsigned char *out)
82{ 83 {
83 unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; 84 unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
84 int cplen, j, k, tkeylen; 85 int cplen, j, k, tkeylen, mdlen;
85 unsigned long i = 1; 86 unsigned long i = 1;
86 HMAC_CTX hctx; 87 HMAC_CTX hctx;
87 88
89 mdlen = EVP_MD_size(digest);
90 if (mdlen < 0)
91 return 0;
92
88 HMAC_CTX_init(&hctx); 93 HMAC_CTX_init(&hctx);
89 p = out; 94 p = out;
90 tkeylen = keylen; 95 tkeylen = keylen;
91 if(!pass) passlen = 0; 96 if(!pass)
92 else if(passlen == -1) passlen = strlen(pass); 97 passlen = 0;
93 while(tkeylen) { 98 else if(passlen == -1)
94 if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH; 99 passlen = strlen(pass);
95 else cplen = tkeylen; 100 while(tkeylen)
101 {
102 if(tkeylen > mdlen)
103 cplen = mdlen;
104 else
105 cplen = tkeylen;
96 /* We are unlikely to ever use more than 256 blocks (5120 bits!) 106 /* We are unlikely to ever use more than 256 blocks (5120 bits!)
97 * but just in case... 107 * but just in case...
98 */ 108 */
@@ -100,20 +110,22 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
100 itmp[1] = (unsigned char)((i >> 16) & 0xff); 110 itmp[1] = (unsigned char)((i >> 16) & 0xff);
101 itmp[2] = (unsigned char)((i >> 8) & 0xff); 111 itmp[2] = (unsigned char)((i >> 8) & 0xff);
102 itmp[3] = (unsigned char)(i & 0xff); 112 itmp[3] = (unsigned char)(i & 0xff);
103 HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL); 113 HMAC_Init_ex(&hctx, pass, passlen, digest, NULL);
104 HMAC_Update(&hctx, salt, saltlen); 114 HMAC_Update(&hctx, salt, saltlen);
105 HMAC_Update(&hctx, itmp, 4); 115 HMAC_Update(&hctx, itmp, 4);
106 HMAC_Final(&hctx, digtmp, NULL); 116 HMAC_Final(&hctx, digtmp, NULL);
107 memcpy(p, digtmp, cplen); 117 memcpy(p, digtmp, cplen);
108 for(j = 1; j < iter; j++) { 118 for(j = 1; j < iter; j++)
109 HMAC(EVP_sha1(), pass, passlen, 119 {
110 digtmp, SHA_DIGEST_LENGTH, digtmp, NULL); 120 HMAC(digest, pass, passlen,
111 for(k = 0; k < cplen; k++) p[k] ^= digtmp[k]; 121 digtmp, mdlen, digtmp, NULL);
112 } 122 for(k = 0; k < cplen; k++)
123 p[k] ^= digtmp[k];
124 }
113 tkeylen-= cplen; 125 tkeylen-= cplen;
114 i++; 126 i++;
115 p+= cplen; 127 p+= cplen;
116 } 128 }
117 HMAC_CTX_cleanup(&hctx); 129 HMAC_CTX_cleanup(&hctx);
118#ifdef DEBUG_PKCS5V2 130#ifdef DEBUG_PKCS5V2
119 fprintf(stderr, "Password:\n"); 131 fprintf(stderr, "Password:\n");
@@ -125,7 +137,15 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
125 h__dump (out, keylen); 137 h__dump (out, keylen);
126#endif 138#endif
127 return 1; 139 return 1;
128} 140 }
141
142int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
143 const unsigned char *salt, int saltlen, int iter,
144 int keylen, unsigned char *out)
145 {
146 return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, EVP_sha1(),
147 keylen, out);
148 }
129 149
130#ifdef DO_TEST 150#ifdef DO_TEST
131main() 151main()
@@ -155,6 +175,8 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
155 PBE2PARAM *pbe2 = NULL; 175 PBE2PARAM *pbe2 = NULL;
156 const EVP_CIPHER *cipher; 176 const EVP_CIPHER *cipher;
157 PBKDF2PARAM *kdf = NULL; 177 PBKDF2PARAM *kdf = NULL;
178 const EVP_MD *prfmd;
179 int prf_nid, hmac_md_nid;
158 180
159 if (param == NULL || param->type != V_ASN1_SEQUENCE || 181 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
160 param->value.sequence == NULL) { 182 param->value.sequence == NULL) {
@@ -180,8 +202,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
180 /* lets see if we recognise the encryption algorithm. 202 /* lets see if we recognise the encryption algorithm.
181 */ 203 */
182 204
183 cipher = EVP_get_cipherbyname( 205 cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm);
184 OBJ_nid2sn(OBJ_obj2nid(pbe2->encryption->algorithm)));
185 206
186 if(!cipher) { 207 if(!cipher) {
187 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, 208 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
@@ -226,10 +247,23 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
226 goto err; 247 goto err;
227 } 248 }
228 249
229 if(kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) { 250 if (kdf->prf)
251 prf_nid = OBJ_obj2nid(kdf->prf->algorithm);
252 else
253 prf_nid = NID_hmacWithSHA1;
254
255 if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0))
256 {
230 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); 257 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
231 goto err; 258 goto err;
232 } 259 }
260
261 prfmd = EVP_get_digestbynid(hmac_md_nid);
262 if (prfmd == NULL)
263 {
264 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
265 goto err;
266 }
233 267
234 if(kdf->salt->type != V_ASN1_OCTET_STRING) { 268 if(kdf->salt->type != V_ASN1_OCTET_STRING) {
235 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, 269 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
@@ -241,7 +275,9 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
241 salt = kdf->salt->value.octet_string->data; 275 salt = kdf->salt->value.octet_string->data;
242 saltlen = kdf->salt->value.octet_string->length; 276 saltlen = kdf->salt->value.octet_string->length;
243 iter = ASN1_INTEGER_get(kdf->iter); 277 iter = ASN1_INTEGER_get(kdf->iter);
244 PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key); 278 if(!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
279 keylen, key))
280 goto err;
245 EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); 281 EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
246 OPENSSL_cleanse(key, keylen); 282 OPENSSL_cleanse(key, keylen);
247 PBKDF2PARAM_free(kdf); 283 PBKDF2PARAM_free(kdf);
diff --git a/src/lib/libcrypto/evp/p_dec.c b/src/lib/libcrypto/evp/p_dec.c
index f64901f653..4201dcbad9 100644
--- a/src/lib/libcrypto/evp/p_dec.c
+++ b/src/lib/libcrypto/evp/p_dec.c
@@ -66,7 +66,7 @@
66#include <openssl/objects.h> 66#include <openssl/objects.h>
67#include <openssl/x509.h> 67#include <openssl/x509.h>
68 68
69int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl, 69int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl,
70 EVP_PKEY *priv) 70 EVP_PKEY *priv)
71 { 71 {
72 int ret= -1; 72 int ret= -1;
@@ -75,7 +75,7 @@ int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl,
75 if (priv->type != EVP_PKEY_RSA) 75 if (priv->type != EVP_PKEY_RSA)
76 { 76 {
77#endif 77#endif
78 EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA); 78 EVPerr(EVP_F_EVP_PKEY_DECRYPT_OLD,EVP_R_PUBLIC_KEY_NOT_RSA);
79#ifndef OPENSSL_NO_RSA 79#ifndef OPENSSL_NO_RSA
80 goto err; 80 goto err;
81 } 81 }
diff --git a/src/lib/libcrypto/evp/p_enc.c b/src/lib/libcrypto/evp/p_enc.c
index c2dfdc52ad..b5a3a84c41 100644
--- a/src/lib/libcrypto/evp/p_enc.c
+++ b/src/lib/libcrypto/evp/p_enc.c
@@ -66,7 +66,7 @@
66#include <openssl/objects.h> 66#include <openssl/objects.h>
67#include <openssl/x509.h> 67#include <openssl/x509.h>
68 68
69int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len, 69int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, int key_len,
70 EVP_PKEY *pubk) 70 EVP_PKEY *pubk)
71 { 71 {
72 int ret=0; 72 int ret=0;
@@ -75,7 +75,7 @@ int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len,
75 if (pubk->type != EVP_PKEY_RSA) 75 if (pubk->type != EVP_PKEY_RSA)
76 { 76 {
77#endif 77#endif
78 EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA); 78 EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD,EVP_R_PUBLIC_KEY_NOT_RSA);
79#ifndef OPENSSL_NO_RSA 79#ifndef OPENSSL_NO_RSA
80 goto err; 80 goto err;
81 } 81 }
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c
index 22155ecf62..1916c61699 100644
--- a/src/lib/libcrypto/evp/p_lib.c
+++ b/src/lib/libcrypto/evp/p_lib.c
@@ -74,66 +74,26 @@
74#include <openssl/dh.h> 74#include <openssl/dh.h>
75#endif 75#endif
76 76
77#ifndef OPENSSL_NO_ENGINE
78#include <openssl/engine.h>
79#endif
80
81#include "asn1_locl.h"
82
77static void EVP_PKEY_free_it(EVP_PKEY *x); 83static void EVP_PKEY_free_it(EVP_PKEY *x);
78 84
79int EVP_PKEY_bits(EVP_PKEY *pkey) 85int EVP_PKEY_bits(EVP_PKEY *pkey)
80 { 86 {
81 if (0) 87 if (pkey && pkey->ameth && pkey->ameth->pkey_bits)
82 return 0; 88 return pkey->ameth->pkey_bits(pkey);
83#ifndef OPENSSL_NO_RSA 89 return 0;
84 else if (pkey->type == EVP_PKEY_RSA)
85 return(BN_num_bits(pkey->pkey.rsa->n));
86#endif
87#ifndef OPENSSL_NO_DSA
88 else if (pkey->type == EVP_PKEY_DSA)
89 return(BN_num_bits(pkey->pkey.dsa->p));
90#endif
91#ifndef OPENSSL_NO_EC
92 else if (pkey->type == EVP_PKEY_EC)
93 {
94 BIGNUM *order = BN_new();
95 const EC_GROUP *group;
96 int ret;
97
98 if (!order)
99 {
100 ERR_clear_error();
101 return 0;
102 }
103 group = EC_KEY_get0_group(pkey->pkey.ec);
104 if (!EC_GROUP_get_order(group, order, NULL))
105 {
106 ERR_clear_error();
107 return 0;
108 }
109
110 ret = BN_num_bits(order);
111 BN_free(order);
112 return ret;
113 }
114#endif
115 return(0);
116 } 90 }
117 91
118int EVP_PKEY_size(EVP_PKEY *pkey) 92int EVP_PKEY_size(EVP_PKEY *pkey)
119 { 93 {
120 if (pkey == NULL) 94 if (pkey && pkey->ameth && pkey->ameth->pkey_size)
121 return(0); 95 return pkey->ameth->pkey_size(pkey);
122#ifndef OPENSSL_NO_RSA 96 return 0;
123 if (pkey->type == EVP_PKEY_RSA)
124 return(RSA_size(pkey->pkey.rsa));
125 else
126#endif
127#ifndef OPENSSL_NO_DSA
128 if (pkey->type == EVP_PKEY_DSA)
129 return(DSA_size(pkey->pkey.dsa));
130#endif
131#ifndef OPENSSL_NO_ECDSA
132 if (pkey->type == EVP_PKEY_EC)
133 return(ECDSA_size(pkey->pkey.ec));
134#endif
135
136 return(0);
137 } 97 }
138 98
139int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) 99int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
@@ -174,88 +134,26 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
174 EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS); 134 EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS);
175 goto err; 135 goto err;
176 } 136 }
177#ifndef OPENSSL_NO_DSA 137 if (from->ameth && from->ameth->param_copy)
178 if (to->type == EVP_PKEY_DSA) 138 return from->ameth->param_copy(to, from);
179 {
180 BIGNUM *a;
181
182 if ((a=BN_dup(from->pkey.dsa->p)) == NULL) goto err;
183 if (to->pkey.dsa->p != NULL) BN_free(to->pkey.dsa->p);
184 to->pkey.dsa->p=a;
185
186 if ((a=BN_dup(from->pkey.dsa->q)) == NULL) goto err;
187 if (to->pkey.dsa->q != NULL) BN_free(to->pkey.dsa->q);
188 to->pkey.dsa->q=a;
189
190 if ((a=BN_dup(from->pkey.dsa->g)) == NULL) goto err;
191 if (to->pkey.dsa->g != NULL) BN_free(to->pkey.dsa->g);
192 to->pkey.dsa->g=a;
193 }
194#endif
195#ifndef OPENSSL_NO_EC
196 if (to->type == EVP_PKEY_EC)
197 {
198 EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
199 if (group == NULL)
200 goto err;
201 if (EC_KEY_set_group(to->pkey.ec, group) == 0)
202 goto err;
203 EC_GROUP_free(group);
204 }
205#endif
206 return(1);
207err: 139err:
208 return(0); 140 return 0;
209 } 141 }
210 142
211int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) 143int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
212 { 144 {
213#ifndef OPENSSL_NO_DSA 145 if (pkey->ameth && pkey->ameth->param_missing)
214 if (pkey->type == EVP_PKEY_DSA) 146 return pkey->ameth->param_missing(pkey);
215 { 147 return 0;
216 DSA *dsa;
217
218 dsa=pkey->pkey.dsa;
219 if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
220 return(1);
221 }
222#endif
223#ifndef OPENSSL_NO_EC
224 if (pkey->type == EVP_PKEY_EC)
225 {
226 if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
227 return(1);
228 }
229#endif
230
231 return(0);
232 } 148 }
233 149
234int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) 150int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
235 { 151 {
236#ifndef OPENSSL_NO_DSA 152 if (a->type != b->type)
237 if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) 153 return -1;
238 { 154 if (a->ameth && a->ameth->param_cmp)
239 if ( BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) || 155 return a->ameth->param_cmp(a, b);
240 BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) || 156 return -2;
241 BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g))
242 return(0);
243 else
244 return(1);
245 }
246#endif
247#ifndef OPENSSL_NO_EC
248 if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC)
249 {
250 const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
251 *group_b = EC_KEY_get0_group(b->pkey.ec);
252 if (EC_GROUP_cmp(group_a, group_b, NULL))
253 return 0;
254 else
255 return 1;
256 }
257#endif
258 return(-1);
259 } 157 }
260 158
261int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) 159int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
@@ -263,51 +161,22 @@ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
263 if (a->type != b->type) 161 if (a->type != b->type)
264 return -1; 162 return -1;
265 163
266 if (EVP_PKEY_cmp_parameters(a, b) == 0) 164 if (a->ameth)
267 return 0;
268
269 switch (a->type)
270 { 165 {
271#ifndef OPENSSL_NO_RSA 166 int ret;
272 case EVP_PKEY_RSA: 167 /* Compare parameters if the algorithm has them */
273 if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0 168 if (a->ameth->param_cmp)
274 || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0)
275 return 0;
276 break;
277#endif
278#ifndef OPENSSL_NO_DSA
279 case EVP_PKEY_DSA:
280 if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0)
281 return 0;
282 break;
283#endif
284#ifndef OPENSSL_NO_EC
285 case EVP_PKEY_EC:
286 {
287 int r;
288 const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
289 const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
290 *pb = EC_KEY_get0_public_key(b->pkey.ec);
291 r = EC_POINT_cmp(group, pa, pb, NULL);
292 if (r != 0)
293 { 169 {
294 if (r == 1) 170 ret = a->ameth->param_cmp(a, b);
295 return 0; 171 if (ret <= 0)
296 else 172 return ret;
297 return -2;
298 } 173 }
299 } 174
300 break; 175 if (a->ameth->pub_cmp)
301#endif 176 return a->ameth->pub_cmp(a, b);
302#ifndef OPENSSL_NO_DH
303 case EVP_PKEY_DH:
304 return -2;
305#endif
306 default:
307 return -2;
308 } 177 }
309 178
310 return 1; 179 return -2;
311 } 180 }
312 181
313EVP_PKEY *EVP_PKEY_new(void) 182EVP_PKEY *EVP_PKEY_new(void)
@@ -321,22 +190,87 @@ EVP_PKEY *EVP_PKEY_new(void)
321 return(NULL); 190 return(NULL);
322 } 191 }
323 ret->type=EVP_PKEY_NONE; 192 ret->type=EVP_PKEY_NONE;
193 ret->save_type=EVP_PKEY_NONE;
324 ret->references=1; 194 ret->references=1;
195 ret->ameth=NULL;
196 ret->engine=NULL;
325 ret->pkey.ptr=NULL; 197 ret->pkey.ptr=NULL;
326 ret->attributes=NULL; 198 ret->attributes=NULL;
327 ret->save_parameters=1; 199 ret->save_parameters=1;
328 return(ret); 200 return(ret);
329 } 201 }
330 202
331int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key) 203/* Setup a public key ASN1 method and ENGINE from a NID or a string.
204 * If pkey is NULL just return 1 or 0 if the algorithm exists.
205 */
206
207static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
332 { 208 {
333 if (pkey == NULL) return(0); 209 const EVP_PKEY_ASN1_METHOD *ameth;
334 if (pkey->pkey.ptr != NULL) 210 ENGINE *e = NULL;
335 EVP_PKEY_free_it(pkey); 211 if (pkey)
336 pkey->type=EVP_PKEY_type(type); 212 {
337 pkey->save_type=type; 213 if (pkey->pkey.ptr)
214 EVP_PKEY_free_it(pkey);
215 /* If key type matches and a method exists then this
216 * lookup has succeeded once so just indicate success.
217 */
218 if ((type == pkey->save_type) && pkey->ameth)
219 return 1;
220#ifndef OPENSSL_NO_ENGINE
221 /* If we have an ENGINE release it */
222 if (pkey->engine)
223 {
224 ENGINE_finish(pkey->engine);
225 pkey->engine = NULL;
226 }
227#endif
228 }
229 if (str)
230 ameth = EVP_PKEY_asn1_find_str(&e, str, len);
231 else
232 ameth = EVP_PKEY_asn1_find(&e, type);
233#ifndef OPENSSL_NO_ENGINE
234 if (!pkey && e)
235 ENGINE_finish(e);
236#endif
237 if (!ameth)
238 {
239 EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM);
240 return 0;
241 }
242 if (pkey)
243 {
244 pkey->ameth = ameth;
245 pkey->engine = e;
246
247 pkey->type = pkey->ameth->pkey_id;
248 pkey->save_type=type;
249 }
250 return 1;
251 }
252
253int EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
254 {
255 return pkey_set_type(pkey, type, NULL, -1);
256 }
257
258int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
259 {
260 return pkey_set_type(pkey, EVP_PKEY_NONE, str, len);
261 }
262
263int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
264 {
265 if (!EVP_PKEY_set_type(pkey, type))
266 return 0;
338 pkey->pkey.ptr=key; 267 pkey->pkey.ptr=key;
339 return(key != NULL); 268 return (key != NULL);
269 }
270
271void *EVP_PKEY_get0(EVP_PKEY *pkey)
272 {
273 return pkey->pkey.ptr;
340 } 274 }
341 275
342#ifndef OPENSSL_NO_RSA 276#ifndef OPENSSL_NO_RSA
@@ -425,24 +359,29 @@ DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
425 359
426int EVP_PKEY_type(int type) 360int EVP_PKEY_type(int type)
427 { 361 {
428 switch (type) 362 int ret;
429 { 363 const EVP_PKEY_ASN1_METHOD *ameth;
430 case EVP_PKEY_RSA: 364 ENGINE *e;
431 case EVP_PKEY_RSA2: 365 ameth = EVP_PKEY_asn1_find(&e, type);
432 return(EVP_PKEY_RSA); 366 if (ameth)
433 case EVP_PKEY_DSA: 367 ret = ameth->pkey_id;
434 case EVP_PKEY_DSA1: 368 else
435 case EVP_PKEY_DSA2: 369 ret = NID_undef;
436 case EVP_PKEY_DSA3: 370#ifndef OPENSSL_NO_ENGINE
437 case EVP_PKEY_DSA4: 371 if (e)
438 return(EVP_PKEY_DSA); 372 ENGINE_finish(e);
439 case EVP_PKEY_DH: 373#endif
440 return(EVP_PKEY_DH); 374 return ret;
441 case EVP_PKEY_EC: 375 }
442 return(EVP_PKEY_EC); 376
443 default: 377int EVP_PKEY_id(const EVP_PKEY *pkey)
444 return(NID_undef); 378 {
445 } 379 return pkey->type;
380 }
381
382int EVP_PKEY_base_id(const EVP_PKEY *pkey)
383 {
384 return EVP_PKEY_type(pkey->type);
446 } 385 }
447 386
448void EVP_PKEY_free(EVP_PKEY *x) 387void EVP_PKEY_free(EVP_PKEY *x)
@@ -471,32 +410,57 @@ void EVP_PKEY_free(EVP_PKEY *x)
471 410
472static void EVP_PKEY_free_it(EVP_PKEY *x) 411static void EVP_PKEY_free_it(EVP_PKEY *x)
473 { 412 {
474 switch (x->type) 413 if (x->ameth && x->ameth->pkey_free)
414 x->ameth->pkey_free(x);
415#ifndef OPENSSL_NO_ENGINE
416 if (x->engine)
475 { 417 {
476#ifndef OPENSSL_NO_RSA 418 ENGINE_finish(x->engine);
477 case EVP_PKEY_RSA: 419 x->engine = NULL;
478 case EVP_PKEY_RSA2:
479 RSA_free(x->pkey.rsa);
480 break;
481#endif
482#ifndef OPENSSL_NO_DSA
483 case EVP_PKEY_DSA:
484 case EVP_PKEY_DSA2:
485 case EVP_PKEY_DSA3:
486 case EVP_PKEY_DSA4:
487 DSA_free(x->pkey.dsa);
488 break;
489#endif
490#ifndef OPENSSL_NO_EC
491 case EVP_PKEY_EC:
492 EC_KEY_free(x->pkey.ec);
493 break;
494#endif
495#ifndef OPENSSL_NO_DH
496 case EVP_PKEY_DH:
497 DH_free(x->pkey.dh);
498 break;
499#endif
500 } 420 }
421#endif
422 }
423
424static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent,
425 const char *kstr)
426 {
427 BIO_indent(out, indent, 128);
428 BIO_printf(out, "%s algorithm \"%s\" unsupported\n",
429 kstr, OBJ_nid2ln(pkey->type));
430 return 1;
431 }
432
433int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
434 int indent, ASN1_PCTX *pctx)
435 {
436 if (pkey->ameth && pkey->ameth->pub_print)
437 return pkey->ameth->pub_print(out, pkey, indent, pctx);
438
439 return unsup_alg(out, pkey, indent, "Public Key");
440 }
441
442int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
443 int indent, ASN1_PCTX *pctx)
444 {
445 if (pkey->ameth && pkey->ameth->priv_print)
446 return pkey->ameth->priv_print(out, pkey, indent, pctx);
447
448 return unsup_alg(out, pkey, indent, "Private Key");
449 }
450
451int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
452 int indent, ASN1_PCTX *pctx)
453 {
454 if (pkey->ameth && pkey->ameth->param_print)
455 return pkey->ameth->param_print(out, pkey, indent, pctx);
456 return unsup_alg(out, pkey, indent, "Parameters");
457 }
458
459int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
460 {
461 if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
462 return -2;
463 return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID,
464 0, pnid);
501 } 465 }
502 466
diff --git a/src/lib/libcrypto/evp/p_open.c b/src/lib/libcrypto/evp/p_open.c
index 9935206d0f..53a59a295c 100644
--- a/src/lib/libcrypto/evp/p_open.c
+++ b/src/lib/libcrypto/evp/p_open.c
@@ -95,7 +95,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
95 goto err; 95 goto err;
96 } 96 }
97 97
98 i=EVP_PKEY_decrypt(key,ek,ekl,priv); 98 i=EVP_PKEY_decrypt_old(key,ek,ekl,priv);
99 if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) 99 if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i))
100 { 100 {
101 /* ERROR */ 101 /* ERROR */
diff --git a/src/lib/libcrypto/evp/p_seal.c b/src/lib/libcrypto/evp/p_seal.c
index 8cc8fcb0bd..d8324526e7 100644
--- a/src/lib/libcrypto/evp/p_seal.c
+++ b/src/lib/libcrypto/evp/p_seal.c
@@ -87,7 +87,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek
87 87
88 for (i=0; i<npubk; i++) 88 for (i=0; i<npubk; i++)
89 { 89 {
90 ekl[i]=EVP_PKEY_encrypt(ek[i],key,EVP_CIPHER_CTX_key_length(ctx), 90 ekl[i]=EVP_PKEY_encrypt_old(ek[i],key,EVP_CIPHER_CTX_key_length(ctx),
91 pubk[i]); 91 pubk[i]);
92 if (ekl[i] <= 0) return(-1); 92 if (ekl[i] <= 0) return(-1);
93 } 93 }
diff --git a/src/lib/libcrypto/evp/p_sign.c b/src/lib/libcrypto/evp/p_sign.c
index bf41a0db68..8df6d48a7e 100644
--- a/src/lib/libcrypto/evp/p_sign.c
+++ b/src/lib/libcrypto/evp/p_sign.c
@@ -84,6 +84,32 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
84 MS_STATIC EVP_MD_CTX tmp_ctx; 84 MS_STATIC EVP_MD_CTX tmp_ctx;
85 85
86 *siglen=0; 86 *siglen=0;
87 EVP_MD_CTX_init(&tmp_ctx);
88 EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
89 EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
90 EVP_MD_CTX_cleanup(&tmp_ctx);
91
92 if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
93 {
94 EVP_PKEY_CTX *pkctx = NULL;
95 size_t sltmp = (size_t)EVP_PKEY_size(pkey);
96 i = 0;
97 pkctx = EVP_PKEY_CTX_new(pkey, NULL);
98 if (!pkctx)
99 goto err;
100 if (EVP_PKEY_sign_init(pkctx) <= 0)
101 goto err;
102 if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
103 goto err;
104 if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
105 goto err;
106 *siglen = sltmp;
107 i = 1;
108 err:
109 EVP_PKEY_CTX_free(pkctx);
110 return i;
111 }
112
87 for (i=0; i<4; i++) 113 for (i=0; i<4; i++)
88 { 114 {
89 v=ctx->digest->required_pkey_type[i]; 115 v=ctx->digest->required_pkey_type[i];
@@ -99,28 +125,13 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
99 EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE); 125 EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
100 return(0); 126 return(0);
101 } 127 }
128
102 if (ctx->digest->sign == NULL) 129 if (ctx->digest->sign == NULL)
103 { 130 {
104 EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED); 131 EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
105 return(0); 132 return(0);
106 } 133 }
107 EVP_MD_CTX_init(&tmp_ctx); 134 return(ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen,
108 EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); 135 pkey->pkey.ptr));
109 if (ctx->digest->flags & EVP_MD_FLAG_SVCTX)
110 {
111 EVP_MD_SVCTX sctmp;
112 sctmp.mctx = &tmp_ctx;
113 sctmp.key = pkey->pkey.ptr;
114 i = ctx->digest->sign(ctx->digest->type,
115 NULL, -1, sigret, siglen, &sctmp);
116 }
117 else
118 {
119 EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
120 i = ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen,
121 pkey->pkey.ptr);
122 }
123 EVP_MD_CTX_cleanup(&tmp_ctx);
124 return i;
125 } 136 }
126 137
diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c
index 2d46dffe7e..8db46412f3 100644
--- a/src/lib/libcrypto/evp/p_verify.c
+++ b/src/lib/libcrypto/evp/p_verify.c
@@ -70,6 +70,28 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
70 int i,ok=0,v; 70 int i,ok=0,v;
71 MS_STATIC EVP_MD_CTX tmp_ctx; 71 MS_STATIC EVP_MD_CTX tmp_ctx;
72 72
73 EVP_MD_CTX_init(&tmp_ctx);
74 EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
75 EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
76 EVP_MD_CTX_cleanup(&tmp_ctx);
77
78 if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
79 {
80 EVP_PKEY_CTX *pkctx = NULL;
81 i = -1;
82 pkctx = EVP_PKEY_CTX_new(pkey, NULL);
83 if (!pkctx)
84 goto err;
85 if (EVP_PKEY_verify_init(pkctx) <= 0)
86 goto err;
87 if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
88 goto err;
89 i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
90 err:
91 EVP_PKEY_CTX_free(pkctx);
92 return i;
93 }
94
73 for (i=0; i<4; i++) 95 for (i=0; i<4; i++)
74 { 96 {
75 v=ctx->digest->required_pkey_type[i]; 97 v=ctx->digest->required_pkey_type[i];
@@ -85,29 +107,13 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
85 EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE); 107 EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
86 return(-1); 108 return(-1);
87 } 109 }
88 if (ctx->digest->verify == NULL) 110 if (ctx->digest->verify == NULL)
89 { 111 {
90 EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); 112 EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
91 return(0); 113 return(0);
92 } 114 }
93 115
94 EVP_MD_CTX_init(&tmp_ctx); 116 return(ctx->digest->verify(ctx->digest->type,m,m_len,
95 EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); 117 sigbuf,siglen,pkey->pkey.ptr));
96 if (ctx->digest->flags & EVP_MD_FLAG_SVCTX)
97 {
98 EVP_MD_SVCTX sctmp;
99 sctmp.mctx = &tmp_ctx;
100 sctmp.key = pkey->pkey.ptr;
101 i = ctx->digest->verify(ctx->digest->type,
102 NULL, -1, sigbuf, siglen, &sctmp);
103 }
104 else
105 {
106 EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
107 i = ctx->digest->verify(ctx->digest->type,m,m_len,
108 sigbuf,siglen,pkey->pkey.ptr);
109 }
110 EVP_MD_CTX_cleanup(&tmp_ctx);
111 return i;
112 } 118 }
113 119
diff --git a/src/lib/libcrypto/evp/pmeth_fn.c b/src/lib/libcrypto/evp/pmeth_fn.c
new file mode 100644
index 0000000000..c4676f2f8d
--- /dev/null
+++ b/src/lib/libcrypto/evp/pmeth_fn.c
@@ -0,0 +1,368 @@
1/* pmeth_fn.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006.
4 */
5/* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include "cryptlib.h"
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include "evp_locl.h"
65
66#define M_check_autoarg(ctx, arg, arglen, err) \
67 if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \
68 { \
69 size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \
70 if (!arg) \
71 { \
72 *arglen = pksize; \
73 return 1; \
74 } \
75 else if (*arglen < pksize) \
76 { \
77 EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/\
78 return 0; \
79 } \
80 }
81
82int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
83 {
84 int ret;
85 if (!ctx || !ctx->pmeth || !ctx->pmeth->sign)
86 {
87 EVPerr(EVP_F_EVP_PKEY_SIGN_INIT,
88 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
89 return -2;
90 }
91 ctx->operation = EVP_PKEY_OP_SIGN;
92 if (!ctx->pmeth->sign_init)
93 return 1;
94 ret = ctx->pmeth->sign_init(ctx);
95 if (ret <= 0)
96 ctx->operation = EVP_PKEY_OP_UNDEFINED;
97 return ret;
98 }
99
100int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
101 unsigned char *sig, size_t *siglen,
102 const unsigned char *tbs, size_t tbslen)
103 {
104 if (!ctx || !ctx->pmeth || !ctx->pmeth->sign)
105 {
106 EVPerr(EVP_F_EVP_PKEY_SIGN,
107 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
108 return -2;
109 }
110 if (ctx->operation != EVP_PKEY_OP_SIGN)
111 {
112 EVPerr(EVP_F_EVP_PKEY_SIGN, EVP_R_OPERATON_NOT_INITIALIZED);
113 return -1;
114 }
115 M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
116 return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
117 }
118
119int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
120 {
121 int ret;
122 if (!ctx || !ctx->pmeth || !ctx->pmeth->verify)
123 {
124 EVPerr(EVP_F_EVP_PKEY_VERIFY_INIT,
125 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
126 return -2;
127 }
128 ctx->operation = EVP_PKEY_OP_VERIFY;
129 if (!ctx->pmeth->verify_init)
130 return 1;
131 ret = ctx->pmeth->verify_init(ctx);
132 if (ret <= 0)
133 ctx->operation = EVP_PKEY_OP_UNDEFINED;
134 return ret;
135 }
136
137int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
138 const unsigned char *sig, size_t siglen,
139 const unsigned char *tbs, size_t tbslen)
140 {
141 if (!ctx || !ctx->pmeth || !ctx->pmeth->verify)
142 {
143 EVPerr(EVP_F_EVP_PKEY_VERIFY,
144 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
145 return -2;
146 }
147 if (ctx->operation != EVP_PKEY_OP_VERIFY)
148 {
149 EVPerr(EVP_F_EVP_PKEY_VERIFY, EVP_R_OPERATON_NOT_INITIALIZED);
150 return -1;
151 }
152 return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
153 }
154
155int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
156 {
157 int ret;
158 if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover)
159 {
160 EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT,
161 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
162 return -2;
163 }
164 ctx->operation = EVP_PKEY_OP_VERIFYRECOVER;
165 if (!ctx->pmeth->verify_recover_init)
166 return 1;
167 ret = ctx->pmeth->verify_recover_init(ctx);
168 if (ret <= 0)
169 ctx->operation = EVP_PKEY_OP_UNDEFINED;
170 return ret;
171 }
172
173int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
174 unsigned char *rout, size_t *routlen,
175 const unsigned char *sig, size_t siglen)
176 {
177 if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover)
178 {
179 EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER,
180 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
181 return -2;
182 }
183 if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER)
184 {
185 EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER, EVP_R_OPERATON_NOT_INITIALIZED);
186 return -1;
187 }
188 M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
189 return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
190 }
191
192int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx)
193 {
194 int ret;
195 if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt)
196 {
197 EVPerr(EVP_F_EVP_PKEY_ENCRYPT_INIT,
198 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
199 return -2;
200 }
201 ctx->operation = EVP_PKEY_OP_ENCRYPT;
202 if (!ctx->pmeth->encrypt_init)
203 return 1;
204 ret = ctx->pmeth->encrypt_init(ctx);
205 if (ret <= 0)
206 ctx->operation = EVP_PKEY_OP_UNDEFINED;
207 return ret;
208 }
209
210int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
211 unsigned char *out, size_t *outlen,
212 const unsigned char *in, size_t inlen)
213 {
214 if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt)
215 {
216 EVPerr(EVP_F_EVP_PKEY_ENCRYPT,
217 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
218 return -2;
219 }
220 if (ctx->operation != EVP_PKEY_OP_ENCRYPT)
221 {
222 EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
223 return -1;
224 }
225 M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT)
226 return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen);
227 }
228
229int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx)
230 {
231 int ret;
232 if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt)
233 {
234 EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT,
235 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
236 return -2;
237 }
238 ctx->operation = EVP_PKEY_OP_DECRYPT;
239 if (!ctx->pmeth->decrypt_init)
240 return 1;
241 ret = ctx->pmeth->decrypt_init(ctx);
242 if (ret <= 0)
243 ctx->operation = EVP_PKEY_OP_UNDEFINED;
244 return ret;
245 }
246
247int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
248 unsigned char *out, size_t *outlen,
249 const unsigned char *in, size_t inlen)
250 {
251 if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt)
252 {
253 EVPerr(EVP_F_EVP_PKEY_DECRYPT,
254 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
255 return -2;
256 }
257 if (ctx->operation != EVP_PKEY_OP_DECRYPT)
258 {
259 EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
260 return -1;
261 }
262 M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
263 return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
264 }
265
266
267int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
268 {
269 int ret;
270 if (!ctx || !ctx->pmeth || !ctx->pmeth->derive)
271 {
272 EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT,
273 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
274 return -2;
275 }
276 ctx->operation = EVP_PKEY_OP_DERIVE;
277 if (!ctx->pmeth->derive_init)
278 return 1;
279 ret = ctx->pmeth->derive_init(ctx);
280 if (ret <= 0)
281 ctx->operation = EVP_PKEY_OP_UNDEFINED;
282 return ret;
283 }
284
285int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
286 {
287 int ret;
288 if (!ctx || !ctx->pmeth || !(ctx->pmeth->derive||ctx->pmeth->encrypt||ctx->pmeth->decrypt) || !ctx->pmeth->ctrl)
289 {
290 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
291 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
292 return -2;
293 }
294 if (ctx->operation != EVP_PKEY_OP_DERIVE && ctx->operation != EVP_PKEY_OP_ENCRYPT && ctx->operation != EVP_PKEY_OP_DECRYPT)
295 {
296 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
297 EVP_R_OPERATON_NOT_INITIALIZED);
298 return -1;
299 }
300
301 ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);
302
303 if (ret <= 0)
304 return ret;
305
306 if (ret == 2)
307 return 1;
308
309 if (!ctx->pkey)
310 {
311 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET);
312 return -1;
313 }
314
315 if (ctx->pkey->type != peer->type)
316 {
317 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
318 EVP_R_DIFFERENT_KEY_TYPES);
319 return -1;
320 }
321
322 /* ran@cryptocom.ru: For clarity. The error is if parameters in peer are
323 * present (!missing) but don't match. EVP_PKEY_cmp_parameters may return
324 * 1 (match), 0 (don't match) and -2 (comparison is not defined). -1
325 * (different key types) is impossible here because it is checked earlier.
326 * -2 is OK for us here, as well as 1, so we can check for 0 only. */
327 if (!EVP_PKEY_missing_parameters(peer) &&
328 !EVP_PKEY_cmp_parameters(ctx->pkey, peer))
329 {
330 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
331 EVP_R_DIFFERENT_PARAMETERS);
332 return -1;
333 }
334
335 if (ctx->peerkey)
336 EVP_PKEY_free(ctx->peerkey);
337 ctx->peerkey = peer;
338
339 ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
340
341 if (ret <= 0)
342 {
343 ctx->peerkey = NULL;
344 return ret;
345 }
346
347 CRYPTO_add(&peer->references,1,CRYPTO_LOCK_EVP_PKEY);
348 return 1;
349 }
350
351
352int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
353 {
354 if (!ctx || !ctx->pmeth || !ctx->pmeth->derive)
355 {
356 EVPerr(EVP_F_EVP_PKEY_DERIVE,
357 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
358 return -2;
359 }
360 if (ctx->operation != EVP_PKEY_OP_DERIVE)
361 {
362 EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED);
363 return -1;
364 }
365 M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
366 return ctx->pmeth->derive(ctx, key, pkeylen);
367 }
368
diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c
new file mode 100644
index 0000000000..5d74161a09
--- /dev/null
+++ b/src/lib/libcrypto/evp/pmeth_gn.c
@@ -0,0 +1,220 @@
1/* pmeth_gn.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006.
4 */
5/* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include "cryptlib.h"
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/bn.h>
65#include "evp_locl.h"
66
67int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
68 {
69 int ret;
70 if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen)
71 {
72 EVPerr(EVP_F_EVP_PKEY_PARAMGEN_INIT,
73 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
74 return -2;
75 }
76 ctx->operation = EVP_PKEY_OP_PARAMGEN;
77 if (!ctx->pmeth->paramgen_init)
78 return 1;
79 ret = ctx->pmeth->paramgen_init(ctx);
80 if (ret <= 0)
81 ctx->operation = EVP_PKEY_OP_UNDEFINED;
82 return ret;
83 }
84
85int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
86 {
87 int ret;
88 if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen)
89 {
90 EVPerr(EVP_F_EVP_PKEY_PARAMGEN,
91 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
92 return -2;
93 }
94
95 if (ctx->operation != EVP_PKEY_OP_PARAMGEN)
96 {
97 EVPerr(EVP_F_EVP_PKEY_PARAMGEN, EVP_R_OPERATON_NOT_INITIALIZED);
98 return -1;
99 }
100
101 if (!ppkey)
102 return -1;
103
104 if (!*ppkey)
105 *ppkey = EVP_PKEY_new();
106
107 ret = ctx->pmeth->paramgen(ctx, *ppkey);
108 if (ret <= 0)
109 {
110 EVP_PKEY_free(*ppkey);
111 *ppkey = NULL;
112 }
113 return ret;
114 }
115
116int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx)
117 {
118 int ret;
119 if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen)
120 {
121 EVPerr(EVP_F_EVP_PKEY_KEYGEN_INIT,
122 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
123 return -2;
124 }
125 ctx->operation = EVP_PKEY_OP_KEYGEN;
126 if (!ctx->pmeth->keygen_init)
127 return 1;
128 ret = ctx->pmeth->keygen_init(ctx);
129 if (ret <= 0)
130 ctx->operation = EVP_PKEY_OP_UNDEFINED;
131 return ret;
132 }
133
134int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
135 {
136 int ret;
137
138 if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen)
139 {
140 EVPerr(EVP_F_EVP_PKEY_KEYGEN,
141 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
142 return -2;
143 }
144 if (ctx->operation != EVP_PKEY_OP_KEYGEN)
145 {
146 EVPerr(EVP_F_EVP_PKEY_KEYGEN, EVP_R_OPERATON_NOT_INITIALIZED);
147 return -1;
148 }
149
150 if (!ppkey)
151 return -1;
152
153 if (!*ppkey)
154 *ppkey = EVP_PKEY_new();
155
156 ret = ctx->pmeth->keygen(ctx, *ppkey);
157 if (ret <= 0)
158 {
159 EVP_PKEY_free(*ppkey);
160 *ppkey = NULL;
161 }
162 return ret;
163 }
164
165void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb)
166 {
167 ctx->pkey_gencb = cb;
168 }
169
170EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx)
171 {
172 return ctx->pkey_gencb;
173 }
174
175/* "translation callback" to call EVP_PKEY_CTX callbacks using BN_GENCB
176 * style callbacks.
177 */
178
179static int trans_cb(int a, int b, BN_GENCB *gcb)
180 {
181 EVP_PKEY_CTX *ctx = gcb->arg;
182 ctx->keygen_info[0] = a;
183 ctx->keygen_info[1] = b;
184 return ctx->pkey_gencb(ctx);
185 }
186
187void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx)
188 {
189 BN_GENCB_set(cb, trans_cb, ctx)
190 }
191
192int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx)
193 {
194 if (idx == -1)
195 return ctx->keygen_info_count;
196 if (idx < 0 || idx > ctx->keygen_info_count)
197 return 0;
198 return ctx->keygen_info[idx];
199 }
200
201EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
202 unsigned char *key, int keylen)
203 {
204 EVP_PKEY_CTX *mac_ctx = NULL;
205 EVP_PKEY *mac_key = NULL;
206 mac_ctx = EVP_PKEY_CTX_new_id(type, e);
207 if (!mac_ctx)
208 return NULL;
209 if (EVP_PKEY_keygen_init(mac_ctx) <= 0)
210 goto merr;
211 if (EVP_PKEY_CTX_ctrl(mac_ctx, -1, EVP_PKEY_OP_KEYGEN,
212 EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key) <= 0)
213 goto merr;
214 if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0)
215 goto merr;
216 merr:
217 if (mac_ctx)
218 EVP_PKEY_CTX_free(mac_ctx);
219 return mac_key;
220 }
diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c
new file mode 100644
index 0000000000..b2d8de3a8d
--- /dev/null
+++ b/src/lib/libcrypto/evp/pmeth_lib.c
@@ -0,0 +1,538 @@
1/* pmeth_lib.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006.
4 */
5/* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include "cryptlib.h"
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#ifndef OPENSSL_NO_ENGINE
65#include <openssl/engine.h>
66#endif
67#include "asn1_locl.h"
68#include "evp_locl.h"
69
70typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
71
72DECLARE_STACK_OF(EVP_PKEY_METHOD)
73STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
74
75extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth;
76extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth;
77
78static const EVP_PKEY_METHOD *standard_methods[] =
79 {
80#ifndef OPENSSL_NO_RSA
81 &rsa_pkey_meth,
82#endif
83#ifndef OPENSSL_NO_DH
84 &dh_pkey_meth,
85#endif
86#ifndef OPENSSL_NO_DSA
87 &dsa_pkey_meth,
88#endif
89#ifndef OPENSSL_NO_EC
90 &ec_pkey_meth,
91#endif
92 &hmac_pkey_meth,
93 };
94
95DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
96 pmeth);
97
98static int pmeth_cmp(const EVP_PKEY_METHOD * const *a,
99 const EVP_PKEY_METHOD * const *b)
100 {
101 return ((*a)->pkey_id - (*b)->pkey_id);
102 }
103
104IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
105 pmeth);
106
107const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
108 {
109 EVP_PKEY_METHOD tmp;
110 const EVP_PKEY_METHOD *t = &tmp, **ret;
111 tmp.pkey_id = type;
112 if (app_pkey_methods)
113 {
114 int idx;
115 idx = sk_EVP_PKEY_METHOD_find(app_pkey_methods, &tmp);
116 if (idx >= 0)
117 return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
118 }
119 ret = OBJ_bsearch_pmeth(&t, standard_methods,
120 sizeof(standard_methods)/sizeof(EVP_PKEY_METHOD *));
121 if (!ret || !*ret)
122 return NULL;
123 return *ret;
124 }
125
126static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
127 {
128 EVP_PKEY_CTX *ret;
129 const EVP_PKEY_METHOD *pmeth;
130 if (id == -1)
131 {
132 if (!pkey || !pkey->ameth)
133 return NULL;
134 id = pkey->ameth->pkey_id;
135 }
136#ifndef OPENSSL_NO_ENGINE
137 /* Try to find an ENGINE which implements this method */
138 if (e)
139 {
140 if (!ENGINE_init(e))
141 {
142 EVPerr(EVP_F_INT_CTX_NEW,ERR_R_ENGINE_LIB);
143 return NULL;
144 }
145 }
146 else
147 e = ENGINE_get_pkey_meth_engine(id);
148
149 /* If an ENGINE handled this method look it up. Othewise
150 * use internal tables.
151 */
152
153 if (e)
154 pmeth = ENGINE_get_pkey_meth(e, id);
155 else
156#endif
157 pmeth = EVP_PKEY_meth_find(id);
158
159 if (pmeth == NULL)
160 {
161 EVPerr(EVP_F_INT_CTX_NEW,EVP_R_UNSUPPORTED_ALGORITHM);
162 return NULL;
163 }
164
165 ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX));
166 if (!ret)
167 {
168#ifndef OPENSSL_NO_ENGINE
169 if (e)
170 ENGINE_finish(e);
171#endif
172 EVPerr(EVP_F_INT_CTX_NEW,ERR_R_MALLOC_FAILURE);
173 return NULL;
174 }
175 ret->engine = e;
176 ret->pmeth = pmeth;
177 ret->operation = EVP_PKEY_OP_UNDEFINED;
178 ret->pkey = pkey;
179 ret->peerkey = NULL;
180 ret->pkey_gencb = 0;
181 if (pkey)
182 CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
183 ret->data = NULL;
184
185 if (pmeth->init)
186 {
187 if (pmeth->init(ret) <= 0)
188 {
189 EVP_PKEY_CTX_free(ret);
190 return NULL;
191 }
192 }
193
194 return ret;
195 }
196
197EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags)
198 {
199 EVP_PKEY_METHOD *pmeth;
200 pmeth = OPENSSL_malloc(sizeof(EVP_PKEY_METHOD));
201 if (!pmeth)
202 return NULL;
203
204 pmeth->pkey_id = id;
205 pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;
206
207 pmeth->init = 0;
208 pmeth->copy = 0;
209 pmeth->cleanup = 0;
210 pmeth->paramgen_init = 0;
211 pmeth->paramgen = 0;
212 pmeth->keygen_init = 0;
213 pmeth->keygen = 0;
214 pmeth->sign_init = 0;
215 pmeth->sign = 0;
216 pmeth->verify_init = 0;
217 pmeth->verify = 0;
218 pmeth->verify_recover_init = 0;
219 pmeth->verify_recover = 0;
220 pmeth->signctx_init = 0;
221 pmeth->signctx = 0;
222 pmeth->verifyctx_init = 0;
223 pmeth->verifyctx = 0;
224 pmeth->encrypt_init = 0;
225 pmeth->encrypt = 0;
226 pmeth->decrypt_init = 0;
227 pmeth->decrypt = 0;
228 pmeth->derive_init = 0;
229 pmeth->derive = 0;
230 pmeth->ctrl = 0;
231 pmeth->ctrl_str = 0;
232
233 return pmeth;
234 }
235
236void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth)
237 {
238 if (pmeth && (pmeth->flags & EVP_PKEY_FLAG_DYNAMIC))
239 OPENSSL_free(pmeth);
240 }
241
242EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e)
243 {
244 return int_ctx_new(pkey, e, -1);
245 }
246
247EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e)
248 {
249 return int_ctx_new(NULL, e, id);
250 }
251
252EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
253 {
254 EVP_PKEY_CTX *rctx;
255 if (!pctx->pmeth || !pctx->pmeth->copy)
256 return NULL;
257#ifndef OPENSSL_NO_ENGINE
258 /* Make sure it's safe to copy a pkey context using an ENGINE */
259 if (pctx->engine && !ENGINE_init(pctx->engine))
260 {
261 EVPerr(EVP_F_EVP_PKEY_CTX_DUP,ERR_R_ENGINE_LIB);
262 return 0;
263 }
264#endif
265 rctx = OPENSSL_malloc(sizeof(EVP_PKEY_CTX));
266 if (!rctx)
267 return NULL;
268
269 rctx->pmeth = pctx->pmeth;
270#ifndef OPENSSL_NO_ENGINE
271 rctx->engine = pctx->engine;
272#endif
273
274 if (pctx->pkey)
275 CRYPTO_add(&pctx->pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
276
277 rctx->pkey = pctx->pkey;
278
279 if (pctx->peerkey)
280 CRYPTO_add(&pctx->peerkey->references,1,CRYPTO_LOCK_EVP_PKEY);
281
282 rctx->peerkey = pctx->peerkey;
283
284 rctx->data = NULL;
285 rctx->app_data = NULL;
286 rctx->operation = pctx->operation;
287
288 if (pctx->pmeth->copy(rctx, pctx) > 0)
289 return rctx;
290
291 EVP_PKEY_CTX_free(rctx);
292 return NULL;
293
294 }
295
296int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)
297 {
298 if (app_pkey_methods == NULL)
299 {
300 app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp);
301 if (!app_pkey_methods)
302 return 0;
303 }
304 if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth))
305 return 0;
306 sk_EVP_PKEY_METHOD_sort(app_pkey_methods);
307 return 1;
308 }
309
310void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx)
311 {
312 if (ctx == NULL)
313 return;
314 if (ctx->pmeth && ctx->pmeth->cleanup)
315 ctx->pmeth->cleanup(ctx);
316 if (ctx->pkey)
317 EVP_PKEY_free(ctx->pkey);
318 if (ctx->peerkey)
319 EVP_PKEY_free(ctx->peerkey);
320#ifndef OPENSSL_NO_ENGINE
321 if(ctx->engine)
322 /* The EVP_PKEY_CTX we used belongs to an ENGINE, release the
323 * functional reference we held for this reason. */
324 ENGINE_finish(ctx->engine);
325#endif
326 OPENSSL_free(ctx);
327 }
328
329int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
330 int cmd, int p1, void *p2)
331 {
332 int ret;
333 if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl)
334 {
335 EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
336 return -2;
337 }
338 if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype))
339 return -1;
340
341 if (ctx->operation == EVP_PKEY_OP_UNDEFINED)
342 {
343 EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_NO_OPERATION_SET);
344 return -1;
345 }
346
347 if ((optype != -1) && !(ctx->operation & optype))
348 {
349 EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_INVALID_OPERATION);
350 return -1;
351 }
352
353 ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2);
354
355 if (ret == -2)
356 EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
357
358 return ret;
359
360 }
361
362int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx,
363 const char *name, const char *value)
364 {
365 if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str)
366 {
367 EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR,
368 EVP_R_COMMAND_NOT_SUPPORTED);
369 return -2;
370 }
371 if (!strcmp(name, "digest"))
372 {
373 const EVP_MD *md;
374 if (!value || !(md = EVP_get_digestbyname(value)))
375 {
376 EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR,
377 EVP_R_INVALID_DIGEST);
378 return 0;
379 }
380 return EVP_PKEY_CTX_set_signature_md(ctx, md);
381 }
382 return ctx->pmeth->ctrl_str(ctx, name, value);
383 }
384
385int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx)
386 {
387 return ctx->operation;
388 }
389
390void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen)
391 {
392 ctx->keygen_info = dat;
393 ctx->keygen_info_count = datlen;
394 }
395
396void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data)
397 {
398 ctx->data = data;
399 }
400
401void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx)
402 {
403 return ctx->data;
404 }
405
406EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx)
407 {
408 return ctx->pkey;
409 }
410
411EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx)
412 {
413 return ctx->peerkey;
414 }
415
416void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data)
417 {
418 ctx->app_data = data;
419 }
420
421void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx)
422 {
423 return ctx->app_data;
424 }
425
426void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
427 int (*init)(EVP_PKEY_CTX *ctx))
428 {
429 pmeth->init = init;
430 }
431
432void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
433 int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src))
434 {
435 pmeth->copy = copy;
436 }
437
438void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
439 void (*cleanup)(EVP_PKEY_CTX *ctx))
440 {
441 pmeth->cleanup = cleanup;
442 }
443
444void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
445 int (*paramgen_init)(EVP_PKEY_CTX *ctx),
446 int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey))
447 {
448 pmeth->paramgen_init = paramgen_init;
449 pmeth->paramgen = paramgen;
450 }
451
452void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
453 int (*keygen_init)(EVP_PKEY_CTX *ctx),
454 int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey))
455 {
456 pmeth->keygen_init = keygen_init;
457 pmeth->keygen = keygen;
458 }
459
460void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
461 int (*sign_init)(EVP_PKEY_CTX *ctx),
462 int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
463 const unsigned char *tbs, size_t tbslen))
464 {
465 pmeth->sign_init = sign_init;
466 pmeth->sign = sign;
467 }
468
469void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
470 int (*verify_init)(EVP_PKEY_CTX *ctx),
471 int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
472 const unsigned char *tbs, size_t tbslen))
473 {
474 pmeth->verify_init = verify_init;
475 pmeth->verify = verify;
476 }
477
478void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
479 int (*verify_recover_init)(EVP_PKEY_CTX *ctx),
480 int (*verify_recover)(EVP_PKEY_CTX *ctx,
481 unsigned char *sig, size_t *siglen,
482 const unsigned char *tbs, size_t tbslen))
483 {
484 pmeth->verify_recover_init = verify_recover_init;
485 pmeth->verify_recover = verify_recover;
486 }
487
488void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
489 int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx),
490 int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
491 EVP_MD_CTX *mctx))
492 {
493 pmeth->signctx_init = signctx_init;
494 pmeth->signctx = signctx;
495 }
496
497void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
498 int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx),
499 int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig,int siglen,
500 EVP_MD_CTX *mctx))
501 {
502 pmeth->verifyctx_init = verifyctx_init;
503 pmeth->verifyctx = verifyctx;
504 }
505
506void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
507 int (*encrypt_init)(EVP_PKEY_CTX *ctx),
508 int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
509 const unsigned char *in, size_t inlen))
510 {
511 pmeth->encrypt_init = encrypt_init;
512 pmeth->encrypt = encryptfn;
513 }
514
515void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
516 int (*decrypt_init)(EVP_PKEY_CTX *ctx),
517 int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
518 const unsigned char *in, size_t inlen))
519 {
520 pmeth->decrypt_init = decrypt_init;
521 pmeth->decrypt = decrypt;
522 }
523
524void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
525 int (*derive_init)(EVP_PKEY_CTX *ctx),
526 int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen))
527 {
528 pmeth->derive_init = derive_init;
529 pmeth->derive = derive;
530 }
531
532void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
533 int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2),
534 int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value))
535 {
536 pmeth->ctrl = ctrl;
537 pmeth->ctrl_str = ctrl_str;
538 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-05 04:58:19 +0000