summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/evp')
-rw-r--r--src/lib/libcrypto/evp/Makefile70
-rw-r--r--src/lib/libcrypto/evp/bio_md.c11
-rw-r--r--src/lib/libcrypto/evp/bio_ok.c103
-rw-r--r--src/lib/libcrypto/evp/c_allc.c18
-rw-r--r--src/lib/libcrypto/evp/digest.c28
-rw-r--r--src/lib/libcrypto/evp/e_aes.c1273
-rw-r--r--src/lib/libcrypto/evp/e_des3.c3
-rw-r--r--src/lib/libcrypto/evp/e_null.c4
-rw-r--r--src/lib/libcrypto/evp/e_rc2.c3
-rw-r--r--src/lib/libcrypto/evp/e_rc4.c1
-rw-r--r--src/lib/libcrypto/evp/evp.h98
-rw-r--r--src/lib/libcrypto/evp/evp_enc.c95
-rw-r--r--src/lib/libcrypto/evp/evp_err.c19
-rw-r--r--src/lib/libcrypto/evp/evp_key.c27
-rw-r--r--src/lib/libcrypto/evp/evp_lib.c4
-rw-r--r--src/lib/libcrypto/evp/evp_locl.h40
-rw-r--r--src/lib/libcrypto/evp/evp_pbe.c5
-rw-r--r--src/lib/libcrypto/evp/evptests.txt13
-rw-r--r--src/lib/libcrypto/evp/m_dss.c2
-rw-r--r--src/lib/libcrypto/evp/m_dss1.c3
-rw-r--r--src/lib/libcrypto/evp/m_md4.c2
-rw-r--r--src/lib/libcrypto/evp/m_md5.c1
-rw-r--r--src/lib/libcrypto/evp/m_mdc2.c2
-rw-r--r--src/lib/libcrypto/evp/m_ripemd.c1
-rw-r--r--src/lib/libcrypto/evp/m_sha.c1
-rw-r--r--src/lib/libcrypto/evp/m_sha1.c5
-rw-r--r--src/lib/libcrypto/evp/names.c5
-rw-r--r--src/lib/libcrypto/evp/p5_crpt.c33
-rw-r--r--src/lib/libcrypto/evp/p5_crpt2.c89
-rw-r--r--src/lib/libcrypto/evp/p_open.c3
-rw-r--r--src/lib/libcrypto/evp/p_seal.c3
-rw-r--r--src/lib/libcrypto/evp/p_sign.c10
-rw-r--r--src/lib/libcrypto/evp/p_verify.c10
33 files changed, 1806 insertions, 179 deletions
diff --git a/src/lib/libcrypto/evp/Makefile b/src/lib/libcrypto/evp/Makefile
index 82825e5299..0fe1b96bff 100644
--- a/src/lib/libcrypto/evp/Makefile
+++ b/src/lib/libcrypto/evp/Makefile
@@ -28,7 +28,8 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
28 bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ 28 bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
29 c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ 29 c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
30 evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \ 30 evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
31 e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c 31 e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c \
32 e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
32 33
33LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \ 34LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
34 e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\ 35 e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\
@@ -40,7 +41,8 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
40 bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \ 41 bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
41 c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \ 42 c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
42 evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \ 43 evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
43 e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o 44 e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o evp_fips.o \
45 e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o
44 46
45SRC= $(LIBSRC) 47SRC= $(LIBSRC)
46 48
@@ -189,11 +191,27 @@ e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
189e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h 191e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
190e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h 192e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
191e_aes.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h 193e_aes.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
192e_aes.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h 194e_aes.o: ../../include/openssl/modes.h ../../include/openssl/obj_mac.h
193e_aes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 195e_aes.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
194e_aes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h 196e_aes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
195e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h e_aes.c 197e_aes.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
196e_aes.o: evp_locl.h 198e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
199e_aes.o: ../modes/modes_lcl.h e_aes.c evp_locl.h
200e_aes_cbc_hmac_sha1.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
201e_aes_cbc_hmac_sha1.o: ../../include/openssl/bio.h
202e_aes_cbc_hmac_sha1.o: ../../include/openssl/crypto.h
203e_aes_cbc_hmac_sha1.o: ../../include/openssl/e_os2.h
204e_aes_cbc_hmac_sha1.o: ../../include/openssl/evp.h
205e_aes_cbc_hmac_sha1.o: ../../include/openssl/obj_mac.h
206e_aes_cbc_hmac_sha1.o: ../../include/openssl/objects.h
207e_aes_cbc_hmac_sha1.o: ../../include/openssl/opensslconf.h
208e_aes_cbc_hmac_sha1.o: ../../include/openssl/opensslv.h
209e_aes_cbc_hmac_sha1.o: ../../include/openssl/ossl_typ.h
210e_aes_cbc_hmac_sha1.o: ../../include/openssl/safestack.h
211e_aes_cbc_hmac_sha1.o: ../../include/openssl/sha.h
212e_aes_cbc_hmac_sha1.o: ../../include/openssl/stack.h
213e_aes_cbc_hmac_sha1.o: ../../include/openssl/symhacks.h e_aes_cbc_hmac_sha1.c
214e_aes_cbc_hmac_sha1.o: evp_locl.h
197e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h 215e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
198e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h 216e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h
199e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h 217e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -279,7 +297,18 @@ e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
279e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 297e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
280e_rc4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h 298e_rc4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h
281e_rc4.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 299e_rc4.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
282e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc4.c 300e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc4.c evp_locl.h
301e_rc4_hmac_md5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
302e_rc4_hmac_md5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
303e_rc4_hmac_md5.o: ../../include/openssl/evp.h ../../include/openssl/md5.h
304e_rc4_hmac_md5.o: ../../include/openssl/obj_mac.h
305e_rc4_hmac_md5.o: ../../include/openssl/objects.h
306e_rc4_hmac_md5.o: ../../include/openssl/opensslconf.h
307e_rc4_hmac_md5.o: ../../include/openssl/opensslv.h
308e_rc4_hmac_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h
309e_rc4_hmac_md5.o: ../../include/openssl/safestack.h
310e_rc4_hmac_md5.o: ../../include/openssl/stack.h
311e_rc4_hmac_md5.o: ../../include/openssl/symhacks.h e_rc4_hmac_md5.c
283e_rc5.o: ../../e_os.h ../../include/openssl/bio.h 312e_rc5.o: ../../e_os.h ../../include/openssl/bio.h
284e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 313e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
285e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h 314e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -349,6 +378,13 @@ evp_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
349evp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 378evp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
350evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 379evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
351evp_err.o: ../../include/openssl/symhacks.h evp_err.c 380evp_err.o: ../../include/openssl/symhacks.h evp_err.c
381evp_fips.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
382evp_fips.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
383evp_fips.o: ../../include/openssl/evp.h ../../include/openssl/obj_mac.h
384evp_fips.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
385evp_fips.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
386evp_fips.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
387evp_fips.o: ../../include/openssl/symhacks.h evp_fips.c
352evp_key.o: ../../e_os.h ../../include/openssl/asn1.h 388evp_key.o: ../../e_os.h ../../include/openssl/asn1.h
353evp_key.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h 389evp_key.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
354evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h 390evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -383,7 +419,7 @@ evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
383evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h 419evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
384evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 420evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
385evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h 421evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
386evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pbe.c 422evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h evp_pbe.c
387evp_pkey.o: ../../e_os.h ../../include/openssl/asn1.h 423evp_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
388evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h 424evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
389evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h 425evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -456,7 +492,7 @@ m_md4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
456m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h 492m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
457m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 493m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
458m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h 494m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
459m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md4.c 495m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_md4.c
460m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h 496m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
461m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 497m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
462m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h 498m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
@@ -469,7 +505,7 @@ m_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
469m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h 505m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
470m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 506m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
471m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h 507m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
472m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md5.c 508m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_md5.c
473m_mdc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h 509m_mdc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
474m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 510m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
475m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h 511m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
@@ -484,7 +520,7 @@ m_mdc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
484m_mdc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 520m_mdc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
485m_mdc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h 521m_mdc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
486m_mdc2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h 522m_mdc2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
487m_mdc2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_mdc2.c 523m_mdc2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_mdc2.c
488m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h 524m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
489m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 525m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
490m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h 526m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
@@ -510,7 +546,8 @@ m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/ripemd.h
510m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h 546m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
511m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 547m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
512m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h 548m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
513m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ripemd.c 549m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h
550m_ripemd.o: m_ripemd.c
514m_sha.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h 551m_sha.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
515m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 552m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
516m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h 553m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
@@ -523,7 +560,7 @@ m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
523m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h 560m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
524m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 561m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
525m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h 562m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
526m_sha.o: ../cryptlib.h m_sha.c 563m_sha.o: ../cryptlib.h evp_locl.h m_sha.c
527m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h 564m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
528m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 565m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
529m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h 566m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
@@ -563,7 +600,7 @@ m_wp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
563m_wp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 600m_wp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
564m_wp.o: ../../include/openssl/symhacks.h ../../include/openssl/whrlpool.h 601m_wp.o: ../../include/openssl/symhacks.h ../../include/openssl/whrlpool.h
565m_wp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h 602m_wp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
566m_wp.o: ../cryptlib.h m_wp.c 603m_wp.o: ../cryptlib.h evp_locl.h m_wp.c
567names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h 604names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
568names.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 605names.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
569names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h 606names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
@@ -601,7 +638,8 @@ p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
601p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h 638p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
602p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 639p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
603p5_crpt2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h 640p5_crpt2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
604p5_crpt2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt2.c 641p5_crpt2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h
642p5_crpt2.o: p5_crpt2.c
605p_dec.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h 643p_dec.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
606p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 644p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
607p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h 645p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
diff --git a/src/lib/libcrypto/evp/bio_md.c b/src/lib/libcrypto/evp/bio_md.c
index 9841e32e1a..144fdfd56a 100644
--- a/src/lib/libcrypto/evp/bio_md.c
+++ b/src/lib/libcrypto/evp/bio_md.c
@@ -153,8 +153,12 @@ static int md_write(BIO *b, const char *in, int inl)
153 { 153 {
154 if (ret > 0) 154 if (ret > 0)
155 { 155 {
156 EVP_DigestUpdate(ctx,(const unsigned char *)in, 156 if (!EVP_DigestUpdate(ctx,(const unsigned char *)in,
157 (unsigned int)ret); 157 (unsigned int)ret))
158 {
159 BIO_clear_retry_flags(b);
160 return 0;
161 }
158 } 162 }
159 } 163 }
160 if(b->next_bio != NULL) 164 if(b->next_bio != NULL)
@@ -220,7 +224,8 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
220 case BIO_CTRL_DUP: 224 case BIO_CTRL_DUP:
221 dbio=ptr; 225 dbio=ptr;
222 dctx=dbio->ptr; 226 dctx=dbio->ptr;
223 EVP_MD_CTX_copy_ex(dctx,ctx); 227 if (!EVP_MD_CTX_copy_ex(dctx,ctx))
228 return 0;
224 b->init=1; 229 b->init=1;
225 break; 230 break;
226 default: 231 default:
diff --git a/src/lib/libcrypto/evp/bio_ok.c b/src/lib/libcrypto/evp/bio_ok.c
index 98bc1ab409..e64335353f 100644
--- a/src/lib/libcrypto/evp/bio_ok.c
+++ b/src/lib/libcrypto/evp/bio_ok.c
@@ -133,10 +133,10 @@ static int ok_new(BIO *h);
133static int ok_free(BIO *data); 133static int ok_free(BIO *data);
134static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); 134static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
135 135
136static void sig_out(BIO* b); 136static int sig_out(BIO* b);
137static void sig_in(BIO* b); 137static int sig_in(BIO* b);
138static void block_out(BIO* b); 138static int block_out(BIO* b);
139static void block_in(BIO* b); 139static int block_in(BIO* b);
140#define OK_BLOCK_SIZE (1024*4) 140#define OK_BLOCK_SIZE (1024*4)
141#define OK_BLOCK_BLOCK 4 141#define OK_BLOCK_BLOCK 4
142#define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE) 142#define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)
@@ -266,10 +266,24 @@ static int ok_read(BIO *b, char *out, int outl)
266 ctx->buf_len+= i; 266 ctx->buf_len+= i;
267 267
268 /* no signature yet -- check if we got one */ 268 /* no signature yet -- check if we got one */
269 if (ctx->sigio == 1) sig_in(b); 269 if (ctx->sigio == 1)
270 {
271 if (!sig_in(b))
272 {
273 BIO_clear_retry_flags(b);
274 return 0;
275 }
276 }
270 277
271 /* signature ok -- check if we got block */ 278 /* signature ok -- check if we got block */
272 if (ctx->sigio == 0) block_in(b); 279 if (ctx->sigio == 0)
280 {
281 if (!block_in(b))
282 {
283 BIO_clear_retry_flags(b);
284 return 0;
285 }
286 }
273 287
274 /* invalid block -- cancel */ 288 /* invalid block -- cancel */
275 if (ctx->cont <= 0) break; 289 if (ctx->cont <= 0) break;
@@ -293,7 +307,8 @@ static int ok_write(BIO *b, const char *in, int inl)
293 307
294 if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0); 308 if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);
295 309
296 if(ctx->sigio) sig_out(b); 310 if(ctx->sigio && !sig_out(b))
311 return 0;
297 312
298 do{ 313 do{
299 BIO_clear_retry_flags(b); 314 BIO_clear_retry_flags(b);
@@ -332,7 +347,11 @@ static int ok_write(BIO *b, const char *in, int inl)
332 347
333 if(ctx->buf_len >= OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) 348 if(ctx->buf_len >= OK_BLOCK_SIZE+ OK_BLOCK_BLOCK)
334 { 349 {
335 block_out(b); 350 if (!block_out(b))
351 {
352 BIO_clear_retry_flags(b);
353 return 0;
354 }
336 } 355 }
337 }while(inl > 0); 356 }while(inl > 0);
338 357
@@ -379,7 +398,8 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
379 case BIO_CTRL_FLUSH: 398 case BIO_CTRL_FLUSH:
380 /* do a final write */ 399 /* do a final write */
381 if(ctx->blockout == 0) 400 if(ctx->blockout == 0)
382 block_out(b); 401 if (!block_out(b))
402 return 0;
383 403
384 while (ctx->blockout) 404 while (ctx->blockout)
385 { 405 {
@@ -408,7 +428,8 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
408 break; 428 break;
409 case BIO_C_SET_MD: 429 case BIO_C_SET_MD:
410 md=ptr; 430 md=ptr;
411 EVP_DigestInit_ex(&ctx->md, md, NULL); 431 if (!EVP_DigestInit_ex(&ctx->md, md, NULL))
432 return 0;
412 b->init=1; 433 b->init=1;
413 break; 434 break;
414 case BIO_C_GET_MD: 435 case BIO_C_GET_MD:
@@ -455,7 +476,7 @@ static void longswap(void *_ptr, size_t len)
455 } 476 }
456} 477}
457 478
458static void sig_out(BIO* b) 479static int sig_out(BIO* b)
459 { 480 {
460 BIO_OK_CTX *ctx; 481 BIO_OK_CTX *ctx;
461 EVP_MD_CTX *md; 482 EVP_MD_CTX *md;
@@ -463,9 +484,10 @@ static void sig_out(BIO* b)
463 ctx=b->ptr; 484 ctx=b->ptr;
464 md=&ctx->md; 485 md=&ctx->md;
465 486
466 if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return; 487 if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return 1;
467 488
468 EVP_DigestInit_ex(md, md->digest, NULL); 489 if (!EVP_DigestInit_ex(md, md->digest, NULL))
490 goto berr;
469 /* FIXME: there's absolutely no guarantee this makes any sense at all, 491 /* FIXME: there's absolutely no guarantee this makes any sense at all,
470 * particularly now EVP_MD_CTX has been restructured. 492 * particularly now EVP_MD_CTX has been restructured.
471 */ 493 */
@@ -474,14 +496,20 @@ static void sig_out(BIO* b)
474 longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size); 496 longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
475 ctx->buf_len+= md->digest->md_size; 497 ctx->buf_len+= md->digest->md_size;
476 498
477 EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)); 499 if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
478 EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); 500 goto berr;
501 if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
502 goto berr;
479 ctx->buf_len+= md->digest->md_size; 503 ctx->buf_len+= md->digest->md_size;
480 ctx->blockout= 1; 504 ctx->blockout= 1;
481 ctx->sigio= 0; 505 ctx->sigio= 0;
506 return 1;
507 berr:
508 BIO_clear_retry_flags(b);
509 return 0;
482 } 510 }
483 511
484static void sig_in(BIO* b) 512static int sig_in(BIO* b)
485 { 513 {
486 BIO_OK_CTX *ctx; 514 BIO_OK_CTX *ctx;
487 EVP_MD_CTX *md; 515 EVP_MD_CTX *md;
@@ -491,15 +519,18 @@ static void sig_in(BIO* b)
491 ctx=b->ptr; 519 ctx=b->ptr;
492 md=&ctx->md; 520 md=&ctx->md;
493 521
494 if((int)(ctx->buf_len-ctx->buf_off) < 2*md->digest->md_size) return; 522 if((int)(ctx->buf_len-ctx->buf_off) < 2*md->digest->md_size) return 1;
495 523
496 EVP_DigestInit_ex(md, md->digest, NULL); 524 if (!EVP_DigestInit_ex(md, md->digest, NULL))
525 goto berr;
497 memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size); 526 memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size);
498 longswap(md->md_data, md->digest->md_size); 527 longswap(md->md_data, md->digest->md_size);
499 ctx->buf_off+= md->digest->md_size; 528 ctx->buf_off+= md->digest->md_size;
500 529
501 EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)); 530 if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
502 EVP_DigestFinal_ex(md, tmp, NULL); 531 goto berr;
532 if (!EVP_DigestFinal_ex(md, tmp, NULL))
533 goto berr;
503 ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0; 534 ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
504 ctx->buf_off+= md->digest->md_size; 535 ctx->buf_off+= md->digest->md_size;
505 if(ret == 1) 536 if(ret == 1)
@@ -516,9 +547,13 @@ static void sig_in(BIO* b)
516 { 547 {
517 ctx->cont= 0; 548 ctx->cont= 0;
518 } 549 }
550 return 1;
551 berr:
552 BIO_clear_retry_flags(b);
553 return 0;
519 } 554 }
520 555
521static void block_out(BIO* b) 556static int block_out(BIO* b)
522 { 557 {
523 BIO_OK_CTX *ctx; 558 BIO_OK_CTX *ctx;
524 EVP_MD_CTX *md; 559 EVP_MD_CTX *md;
@@ -532,13 +567,20 @@ static void block_out(BIO* b)
532 ctx->buf[1]=(unsigned char)(tl>>16); 567 ctx->buf[1]=(unsigned char)(tl>>16);
533 ctx->buf[2]=(unsigned char)(tl>>8); 568 ctx->buf[2]=(unsigned char)(tl>>8);
534 ctx->buf[3]=(unsigned char)(tl); 569 ctx->buf[3]=(unsigned char)(tl);
535 EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); 570 if (!EVP_DigestUpdate(md,
536 EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); 571 (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl))
572 goto berr;
573 if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
574 goto berr;
537 ctx->buf_len+= md->digest->md_size; 575 ctx->buf_len+= md->digest->md_size;
538 ctx->blockout= 1; 576 ctx->blockout= 1;
577 return 1;
578 berr:
579 BIO_clear_retry_flags(b);
580 return 0;
539 } 581 }
540 582
541static void block_in(BIO* b) 583static int block_in(BIO* b)
542 { 584 {
543 BIO_OK_CTX *ctx; 585 BIO_OK_CTX *ctx;
544 EVP_MD_CTX *md; 586 EVP_MD_CTX *md;
@@ -554,10 +596,13 @@ static void block_in(BIO* b)
554 tl|=ctx->buf[2]; tl<<=8; 596 tl|=ctx->buf[2]; tl<<=8;
555 tl|=ctx->buf[3]; 597 tl|=ctx->buf[3];
556 598
557 if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return; 599 if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return 1;
558 600
559 EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); 601 if (!EVP_DigestUpdate(md,
560 EVP_DigestFinal_ex(md, tmp, NULL); 602 (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl))
603 goto berr;
604 if (!EVP_DigestFinal_ex(md, tmp, NULL))
605 goto berr;
561 if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0) 606 if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0)
562 { 607 {
563 /* there might be parts from next block lurking around ! */ 608 /* there might be parts from next block lurking around ! */
@@ -571,5 +616,9 @@ static void block_in(BIO* b)
571 { 616 {
572 ctx->cont= 0; 617 ctx->cont= 0;
573 } 618 }
619 return 1;
620 berr:
621 BIO_clear_retry_flags(b);
622 return 0;
574 } 623 }
575 624
diff --git a/src/lib/libcrypto/evp/c_allc.c b/src/lib/libcrypto/evp/c_allc.c
index c5f9268378..2a45d435e5 100644
--- a/src/lib/libcrypto/evp/c_allc.c
+++ b/src/lib/libcrypto/evp/c_allc.c
@@ -98,6 +98,9 @@ void OpenSSL_add_all_ciphers(void)
98#ifndef OPENSSL_NO_RC4 98#ifndef OPENSSL_NO_RC4
99 EVP_add_cipher(EVP_rc4()); 99 EVP_add_cipher(EVP_rc4());
100 EVP_add_cipher(EVP_rc4_40()); 100 EVP_add_cipher(EVP_rc4_40());
101#ifndef OPENSSL_NO_MD5
102 EVP_add_cipher(EVP_rc4_hmac_md5());
103#endif
101#endif 104#endif
102 105
103#ifndef OPENSSL_NO_IDEA 106#ifndef OPENSSL_NO_IDEA
@@ -166,9 +169,9 @@ void OpenSSL_add_all_ciphers(void)
166 EVP_add_cipher(EVP_aes_128_cfb1()); 169 EVP_add_cipher(EVP_aes_128_cfb1());
167 EVP_add_cipher(EVP_aes_128_cfb8()); 170 EVP_add_cipher(EVP_aes_128_cfb8());
168 EVP_add_cipher(EVP_aes_128_ofb()); 171 EVP_add_cipher(EVP_aes_128_ofb());
169#if 0
170 EVP_add_cipher(EVP_aes_128_ctr()); 172 EVP_add_cipher(EVP_aes_128_ctr());
171#endif 173 EVP_add_cipher(EVP_aes_128_gcm());
174 EVP_add_cipher(EVP_aes_128_xts());
172 EVP_add_cipher_alias(SN_aes_128_cbc,"AES128"); 175 EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");
173 EVP_add_cipher_alias(SN_aes_128_cbc,"aes128"); 176 EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");
174 EVP_add_cipher(EVP_aes_192_ecb()); 177 EVP_add_cipher(EVP_aes_192_ecb());
@@ -177,9 +180,8 @@ void OpenSSL_add_all_ciphers(void)
177 EVP_add_cipher(EVP_aes_192_cfb1()); 180 EVP_add_cipher(EVP_aes_192_cfb1());
178 EVP_add_cipher(EVP_aes_192_cfb8()); 181 EVP_add_cipher(EVP_aes_192_cfb8());
179 EVP_add_cipher(EVP_aes_192_ofb()); 182 EVP_add_cipher(EVP_aes_192_ofb());
180#if 0
181 EVP_add_cipher(EVP_aes_192_ctr()); 183 EVP_add_cipher(EVP_aes_192_ctr());
182#endif 184 EVP_add_cipher(EVP_aes_192_gcm());
183 EVP_add_cipher_alias(SN_aes_192_cbc,"AES192"); 185 EVP_add_cipher_alias(SN_aes_192_cbc,"AES192");
184 EVP_add_cipher_alias(SN_aes_192_cbc,"aes192"); 186 EVP_add_cipher_alias(SN_aes_192_cbc,"aes192");
185 EVP_add_cipher(EVP_aes_256_ecb()); 187 EVP_add_cipher(EVP_aes_256_ecb());
@@ -188,11 +190,15 @@ void OpenSSL_add_all_ciphers(void)
188 EVP_add_cipher(EVP_aes_256_cfb1()); 190 EVP_add_cipher(EVP_aes_256_cfb1());
189 EVP_add_cipher(EVP_aes_256_cfb8()); 191 EVP_add_cipher(EVP_aes_256_cfb8());
190 EVP_add_cipher(EVP_aes_256_ofb()); 192 EVP_add_cipher(EVP_aes_256_ofb());
191#if 0
192 EVP_add_cipher(EVP_aes_256_ctr()); 193 EVP_add_cipher(EVP_aes_256_ctr());
193#endif 194 EVP_add_cipher(EVP_aes_256_gcm());
195 EVP_add_cipher(EVP_aes_256_xts());
194 EVP_add_cipher_alias(SN_aes_256_cbc,"AES256"); 196 EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
195 EVP_add_cipher_alias(SN_aes_256_cbc,"aes256"); 197 EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
198#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
199 EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
200 EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
201#endif
196#endif 202#endif
197 203
198#ifndef OPENSSL_NO_CAMELLIA 204#ifndef OPENSSL_NO_CAMELLIA
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index 982ba2b136..467e6b5ae9 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -117,6 +117,10 @@
117#include <openssl/engine.h> 117#include <openssl/engine.h>
118#endif 118#endif
119 119
120#ifdef OPENSSL_FIPS
121#include <openssl/fips.h>
122#endif
123
120void EVP_MD_CTX_init(EVP_MD_CTX *ctx) 124void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
121 { 125 {
122 memset(ctx,'\0',sizeof *ctx); 126 memset(ctx,'\0',sizeof *ctx);
@@ -225,12 +229,26 @@ skip_to_init:
225 } 229 }
226 if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) 230 if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
227 return 1; 231 return 1;
232#ifdef OPENSSL_FIPS
233 if (FIPS_mode())
234 {
235 if (FIPS_digestinit(ctx, type))
236 return 1;
237 OPENSSL_free(ctx->md_data);
238 ctx->md_data = NULL;
239 return 0;
240 }
241#endif
228 return ctx->digest->init(ctx); 242 return ctx->digest->init(ctx);
229 } 243 }
230 244
231int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) 245int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
232 { 246 {
247#ifdef OPENSSL_FIPS
248 return FIPS_digestupdate(ctx, data, count);
249#else
233 return ctx->update(ctx,data,count); 250 return ctx->update(ctx,data,count);
251#endif
234 } 252 }
235 253
236/* The caller can assume that this removes any secret data from the context */ 254/* The caller can assume that this removes any secret data from the context */
@@ -245,8 +263,10 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
245/* The caller can assume that this removes any secret data from the context */ 263/* The caller can assume that this removes any secret data from the context */
246int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) 264int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
247 { 265 {
266#ifdef OPENSSL_FIPS
267 return FIPS_digestfinal(ctx, md, size);
268#else
248 int ret; 269 int ret;
249
250 OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); 270 OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
251 ret=ctx->digest->final(ctx,md); 271 ret=ctx->digest->final(ctx,md);
252 if (size != NULL) 272 if (size != NULL)
@@ -258,6 +278,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
258 } 278 }
259 memset(ctx->md_data,0,ctx->digest->ctx_size); 279 memset(ctx->md_data,0,ctx->digest->ctx_size);
260 return ret; 280 return ret;
281#endif
261 } 282 }
262 283
263int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) 284int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
@@ -351,6 +372,7 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
351/* This call frees resources associated with the context */ 372/* This call frees resources associated with the context */
352int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) 373int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
353 { 374 {
375#ifndef OPENSSL_FIPS
354 /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final, 376 /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
355 * because sometimes only copies of the context are ever finalised. 377 * because sometimes only copies of the context are ever finalised.
356 */ 378 */
@@ -363,6 +385,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
363 OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); 385 OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
364 OPENSSL_free(ctx->md_data); 386 OPENSSL_free(ctx->md_data);
365 } 387 }
388#endif
366 if (ctx->pctx) 389 if (ctx->pctx)
367 EVP_PKEY_CTX_free(ctx->pctx); 390 EVP_PKEY_CTX_free(ctx->pctx);
368#ifndef OPENSSL_NO_ENGINE 391#ifndef OPENSSL_NO_ENGINE
@@ -371,6 +394,9 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
371 * functional reference we held for this reason. */ 394 * functional reference we held for this reason. */
372 ENGINE_finish(ctx->engine); 395 ENGINE_finish(ctx->engine);
373#endif 396#endif
397#ifdef OPENSSL_FIPS
398 FIPS_md_ctx_cleanup(ctx);
399#endif
374 memset(ctx,'\0',sizeof *ctx); 400 memset(ctx,'\0',sizeof *ctx);
375 401
376 return 1; 402 return 1;
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index bd6c0a3a62..1e4af0cb75 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,5 +1,5 @@
1/* ==================================================================== 1/* ====================================================================
2 * Copyright (c) 2001 The OpenSSL Project. All rights reserved. 2 * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
@@ -56,57 +56,511 @@
56#include <assert.h> 56#include <assert.h>
57#include <openssl/aes.h> 57#include <openssl/aes.h>
58#include "evp_locl.h" 58#include "evp_locl.h"
59 59#ifndef OPENSSL_FIPS
60static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 60#include "modes_lcl.h"
61 const unsigned char *iv, int enc); 61#include <openssl/rand.h>
62 62
63typedef struct 63typedef struct
64 { 64 {
65 AES_KEY ks; 65 AES_KEY ks;
66 block128_f block;
67 union {
68 cbc128_f cbc;
69 ctr128_f ctr;
70 } stream;
66 } EVP_AES_KEY; 71 } EVP_AES_KEY;
67 72
68#define data(ctx) EVP_C_DATA(EVP_AES_KEY,ctx) 73typedef struct
69 74 {
70IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, 75 AES_KEY ks; /* AES key schedule to use */
71 NID_aes_128, 16, 16, 16, 128, 76 int key_set; /* Set if key initialised */
72 0, aes_init_key, NULL, 77 int iv_set; /* Set if an iv is set */
73 EVP_CIPHER_set_asn1_iv, 78 GCM128_CONTEXT gcm;
74 EVP_CIPHER_get_asn1_iv, 79 unsigned char *iv; /* Temporary IV store */
75 NULL) 80 int ivlen; /* IV length */
76IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, 81 int taglen;
77 NID_aes_192, 16, 24, 16, 128, 82 int iv_gen; /* It is OK to generate IVs */
78 0, aes_init_key, NULL, 83 int tls_aad_len; /* TLS AAD length */
79 EVP_CIPHER_set_asn1_iv, 84 ctr128_f ctr;
80 EVP_CIPHER_get_asn1_iv, 85 } EVP_AES_GCM_CTX;
81 NULL) 86
82IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, 87typedef struct
83 NID_aes_256, 16, 32, 16, 128, 88 {
84 0, aes_init_key, NULL, 89 AES_KEY ks1, ks2; /* AES key schedules to use */
85 EVP_CIPHER_set_asn1_iv, 90 XTS128_CONTEXT xts;
86 EVP_CIPHER_get_asn1_iv, 91 void (*stream)(const unsigned char *in,
87 NULL) 92 unsigned char *out, size_t length,
88 93 const AES_KEY *key1, const AES_KEY *key2,
89#define IMPLEMENT_AES_CFBR(ksize,cbits) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16) 94 const unsigned char iv[16]);
90 95 } EVP_AES_XTS_CTX;
91IMPLEMENT_AES_CFBR(128,1) 96
92IMPLEMENT_AES_CFBR(192,1) 97typedef struct
93IMPLEMENT_AES_CFBR(256,1) 98 {
94 99 AES_KEY ks; /* AES key schedule to use */
95IMPLEMENT_AES_CFBR(128,8) 100 int key_set; /* Set if key initialised */
96IMPLEMENT_AES_CFBR(192,8) 101 int iv_set; /* Set if an iv is set */
97IMPLEMENT_AES_CFBR(256,8) 102 int tag_set; /* Set if tag is valid */
103 int len_set; /* Set if message length set */
104 int L, M; /* L and M parameters from RFC3610 */
105 CCM128_CONTEXT ccm;
106 ccm128_f str;
107 } EVP_AES_CCM_CTX;
108
109#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))
110
111#ifdef VPAES_ASM
112int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
113 AES_KEY *key);
114int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
115 AES_KEY *key);
116
117void vpaes_encrypt(const unsigned char *in, unsigned char *out,
118 const AES_KEY *key);
119void vpaes_decrypt(const unsigned char *in, unsigned char *out,
120 const AES_KEY *key);
121
122void vpaes_cbc_encrypt(const unsigned char *in,
123 unsigned char *out,
124 size_t length,
125 const AES_KEY *key,
126 unsigned char *ivec, int enc);
127#endif
128#ifdef BSAES_ASM
129void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
130 size_t length, const AES_KEY *key,
131 unsigned char ivec[16], int enc);
132void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
133 size_t len, const AES_KEY *key,
134 const unsigned char ivec[16]);
135void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
136 size_t len, const AES_KEY *key1,
137 const AES_KEY *key2, const unsigned char iv[16]);
138void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
139 size_t len, const AES_KEY *key1,
140 const AES_KEY *key2, const unsigned char iv[16]);
141#endif
142#ifdef AES_CTR_ASM
143void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
144 size_t blocks, const AES_KEY *key,
145 const unsigned char ivec[AES_BLOCK_SIZE]);
146#endif
147#ifdef AES_XTS_ASM
148void AES_xts_encrypt(const char *inp,char *out,size_t len,
149 const AES_KEY *key1, const AES_KEY *key2,
150 const unsigned char iv[16]);
151void AES_xts_decrypt(const char *inp,char *out,size_t len,
152 const AES_KEY *key1, const AES_KEY *key2,
153 const unsigned char iv[16]);
154#endif
155
156#if defined(AES_ASM) && !defined(I386_ONLY) && ( \
157 ((defined(__i386) || defined(__i386__) || \
158 defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
159 defined(__x86_64) || defined(__x86_64__) || \
160 defined(_M_AMD64) || defined(_M_X64) || \
161 defined(__INTEL__) )
162
163extern unsigned int OPENSSL_ia32cap_P[2];
164
165#ifdef VPAES_ASM
166#define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
167#endif
168#ifdef BSAES_ASM
169#define BSAES_CAPABLE VPAES_CAPABLE
170#endif
171/*
172 * AES-NI section
173 */
174#define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
175
176int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
177 AES_KEY *key);
178int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
179 AES_KEY *key);
180
181void aesni_encrypt(const unsigned char *in, unsigned char *out,
182 const AES_KEY *key);
183void aesni_decrypt(const unsigned char *in, unsigned char *out,
184 const AES_KEY *key);
185
186void aesni_ecb_encrypt(const unsigned char *in,
187 unsigned char *out,
188 size_t length,
189 const AES_KEY *key,
190 int enc);
191void aesni_cbc_encrypt(const unsigned char *in,
192 unsigned char *out,
193 size_t length,
194 const AES_KEY *key,
195 unsigned char *ivec, int enc);
196
197void aesni_ctr32_encrypt_blocks(const unsigned char *in,
198 unsigned char *out,
199 size_t blocks,
200 const void *key,
201 const unsigned char *ivec);
202
203void aesni_xts_encrypt(const unsigned char *in,
204 unsigned char *out,
205 size_t length,
206 const AES_KEY *key1, const AES_KEY *key2,
207 const unsigned char iv[16]);
208
209void aesni_xts_decrypt(const unsigned char *in,
210 unsigned char *out,
211 size_t length,
212 const AES_KEY *key1, const AES_KEY *key2,
213 const unsigned char iv[16]);
214
215void aesni_ccm64_encrypt_blocks (const unsigned char *in,
216 unsigned char *out,
217 size_t blocks,
218 const void *key,
219 const unsigned char ivec[16],
220 unsigned char cmac[16]);
221
222void aesni_ccm64_decrypt_blocks (const unsigned char *in,
223 unsigned char *out,
224 size_t blocks,
225 const void *key,
226 const unsigned char ivec[16],
227 unsigned char cmac[16]);
228
229static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
230 const unsigned char *iv, int enc)
231 {
232 int ret, mode;
233 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
234
235 mode = ctx->cipher->flags & EVP_CIPH_MODE;
236 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
237 && !enc)
238 {
239 ret = aesni_set_decrypt_key(key, ctx->key_len*8, ctx->cipher_data);
240 dat->block = (block128_f)aesni_decrypt;
241 dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ?
242 (cbc128_f)aesni_cbc_encrypt :
243 NULL;
244 }
245 else {
246 ret = aesni_set_encrypt_key(key, ctx->key_len*8, ctx->cipher_data);
247 dat->block = (block128_f)aesni_encrypt;
248 if (mode==EVP_CIPH_CBC_MODE)
249 dat->stream.cbc = (cbc128_f)aesni_cbc_encrypt;
250 else if (mode==EVP_CIPH_CTR_MODE)
251 dat->stream.ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
252 else
253 dat->stream.cbc = NULL;
254 }
255
256 if(ret < 0)
257 {
258 EVPerr(EVP_F_AESNI_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
259 return 0;
260 }
261
262 return 1;
263 }
264
265static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
266 const unsigned char *in, size_t len)
267{
268 aesni_cbc_encrypt(in,out,len,ctx->cipher_data,ctx->iv,ctx->encrypt);
269
270 return 1;
271}
272
273static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
274 const unsigned char *in, size_t len)
275{
276 size_t bl = ctx->cipher->block_size;
277
278 if (len<bl) return 1;
279
280 aesni_ecb_encrypt(in,out,len,ctx->cipher_data,ctx->encrypt);
281
282 return 1;
283}
284
285#define aesni_ofb_cipher aes_ofb_cipher
286static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
287 const unsigned char *in,size_t len);
288
289#define aesni_cfb_cipher aes_cfb_cipher
290static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
291 const unsigned char *in,size_t len);
292
293#define aesni_cfb8_cipher aes_cfb8_cipher
294static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
295 const unsigned char *in,size_t len);
296
297#define aesni_cfb1_cipher aes_cfb1_cipher
298static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
299 const unsigned char *in,size_t len);
300
301#define aesni_ctr_cipher aes_ctr_cipher
302static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
303 const unsigned char *in, size_t len);
304
305static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
306 const unsigned char *iv, int enc)
307 {
308 EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
309 if (!iv && !key)
310 return 1;
311 if (key)
312 {
313 aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
314 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
315 (block128_f)aesni_encrypt);
316 gctx->ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
317 /* If we have an iv can set it directly, otherwise use
318 * saved IV.
319 */
320 if (iv == NULL && gctx->iv_set)
321 iv = gctx->iv;
322 if (iv)
323 {
324 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
325 gctx->iv_set = 1;
326 }
327 gctx->key_set = 1;
328 }
329 else
330 {
331 /* If key set use IV, otherwise copy */
332 if (gctx->key_set)
333 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
334 else
335 memcpy(gctx->iv, iv, gctx->ivlen);
336 gctx->iv_set = 1;
337 gctx->iv_gen = 0;
338 }
339 return 1;
340 }
341
342#define aesni_gcm_cipher aes_gcm_cipher
343static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
344 const unsigned char *in, size_t len);
345
346static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
347 const unsigned char *iv, int enc)
348 {
349 EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
350 if (!iv && !key)
351 return 1;
352
353 if (key)
354 {
355 /* key_len is two AES keys */
356 if (enc)
357 {
358 aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
359 xctx->xts.block1 = (block128_f)aesni_encrypt;
360 xctx->stream = aesni_xts_encrypt;
361 }
362 else
363 {
364 aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
365 xctx->xts.block1 = (block128_f)aesni_decrypt;
366 xctx->stream = aesni_xts_decrypt;
367 }
368
369 aesni_set_encrypt_key(key + ctx->key_len/2,
370 ctx->key_len * 4, &xctx->ks2);
371 xctx->xts.block2 = (block128_f)aesni_encrypt;
372
373 xctx->xts.key1 = &xctx->ks1;
374 }
375
376 if (iv)
377 {
378 xctx->xts.key2 = &xctx->ks2;
379 memcpy(ctx->iv, iv, 16);
380 }
381
382 return 1;
383 }
384
385#define aesni_xts_cipher aes_xts_cipher
386static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
387 const unsigned char *in, size_t len);
388
389static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
390 const unsigned char *iv, int enc)
391 {
392 EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
393 if (!iv && !key)
394 return 1;
395 if (key)
396 {
397 aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
398 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
399 &cctx->ks, (block128_f)aesni_encrypt);
400 cctx->str = enc?(ccm128_f)aesni_ccm64_encrypt_blocks :
401 (ccm128_f)aesni_ccm64_decrypt_blocks;
402 cctx->key_set = 1;
403 }
404 if (iv)
405 {
406 memcpy(ctx->iv, iv, 15 - cctx->L);
407 cctx->iv_set = 1;
408 }
409 return 1;
410 }
411
412#define aesni_ccm_cipher aes_ccm_cipher
413static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
414 const unsigned char *in, size_t len);
415
416#define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
417static const EVP_CIPHER aesni_##keylen##_##mode = { \
418 nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
419 flags|EVP_CIPH_##MODE##_MODE, \
420 aesni_init_key, \
421 aesni_##mode##_cipher, \
422 NULL, \
423 sizeof(EVP_AES_KEY), \
424 NULL,NULL,NULL,NULL }; \
425static const EVP_CIPHER aes_##keylen##_##mode = { \
426 nid##_##keylen##_##nmode,blocksize, \
427 keylen/8,ivlen, \
428 flags|EVP_CIPH_##MODE##_MODE, \
429 aes_init_key, \
430 aes_##mode##_cipher, \
431 NULL, \
432 sizeof(EVP_AES_KEY), \
433 NULL,NULL,NULL,NULL }; \
434const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
435{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
436
437#define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
438static const EVP_CIPHER aesni_##keylen##_##mode = { \
439 nid##_##keylen##_##mode,blocksize, \
440 (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
441 flags|EVP_CIPH_##MODE##_MODE, \
442 aesni_##mode##_init_key, \
443 aesni_##mode##_cipher, \
444 aes_##mode##_cleanup, \
445 sizeof(EVP_AES_##MODE##_CTX), \
446 NULL,NULL,aes_##mode##_ctrl,NULL }; \
447static const EVP_CIPHER aes_##keylen##_##mode = { \
448 nid##_##keylen##_##mode,blocksize, \
449 (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
450 flags|EVP_CIPH_##MODE##_MODE, \
451 aes_##mode##_init_key, \
452 aes_##mode##_cipher, \
453 aes_##mode##_cleanup, \
454 sizeof(EVP_AES_##MODE##_CTX), \
455 NULL,NULL,aes_##mode##_ctrl,NULL }; \
456const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
457{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
458
459#else
460
461#define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
462static const EVP_CIPHER aes_##keylen##_##mode = { \
463 nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
464 flags|EVP_CIPH_##MODE##_MODE, \
465 aes_init_key, \
466 aes_##mode##_cipher, \
467 NULL, \
468 sizeof(EVP_AES_KEY), \
469 NULL,NULL,NULL,NULL }; \
470const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
471{ return &aes_##keylen##_##mode; }
472
473#define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
474static const EVP_CIPHER aes_##keylen##_##mode = { \
475 nid##_##keylen##_##mode,blocksize, \
476 (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
477 flags|EVP_CIPH_##MODE##_MODE, \
478 aes_##mode##_init_key, \
479 aes_##mode##_cipher, \
480 aes_##mode##_cleanup, \
481 sizeof(EVP_AES_##MODE##_CTX), \
482 NULL,NULL,aes_##mode##_ctrl,NULL }; \
483const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
484{ return &aes_##keylen##_##mode; }
485#endif
486
487#define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \
488 BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
489 BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
490 BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
491 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
492 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \
493 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \
494 BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags)
98 495
99static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 496static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
100 const unsigned char *iv, int enc) 497 const unsigned char *iv, int enc)
101 { 498 {
102 int ret; 499 int ret, mode;
500 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
103 501
104 if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE 502 mode = ctx->cipher->flags & EVP_CIPH_MODE;
105 || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE 503 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
106 || enc) 504 && !enc)
107 ret=AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); 505#ifdef BSAES_CAPABLE
506 if (BSAES_CAPABLE && mode==EVP_CIPH_CBC_MODE)
507 {
508 ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks);
509 dat->block = (block128_f)AES_decrypt;
510 dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt;
511 }
512 else
513#endif
514#ifdef VPAES_CAPABLE
515 if (VPAES_CAPABLE)
516 {
517 ret = vpaes_set_decrypt_key(key,ctx->key_len*8,&dat->ks);
518 dat->block = (block128_f)vpaes_decrypt;
519 dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ?
520 (cbc128_f)vpaes_cbc_encrypt :
521 NULL;
522 }
523 else
524#endif
525 {
526 ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks);
527 dat->block = (block128_f)AES_decrypt;
528 dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ?
529 (cbc128_f)AES_cbc_encrypt :
530 NULL;
531 }
108 else 532 else
109 ret=AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); 533#ifdef BSAES_CAPABLE
534 if (BSAES_CAPABLE && mode==EVP_CIPH_CTR_MODE)
535 {
536 ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks);
537 dat->block = (block128_f)AES_encrypt;
538 dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks;
539 }
540 else
541#endif
542#ifdef VPAES_CAPABLE
543 if (VPAES_CAPABLE)
544 {
545 ret = vpaes_set_encrypt_key(key,ctx->key_len*8,&dat->ks);
546 dat->block = (block128_f)vpaes_encrypt;
547 dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ?
548 (cbc128_f)vpaes_cbc_encrypt :
549 NULL;
550 }
551 else
552#endif
553 {
554 ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks);
555 dat->block = (block128_f)AES_encrypt;
556 dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ?
557 (cbc128_f)AES_cbc_encrypt :
558 NULL;
559#ifdef AES_CTR_ASM
560 if (mode==EVP_CIPH_CTR_MODE)
561 dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt;
562#endif
563 }
110 564
111 if(ret < 0) 565 if(ret < 0)
112 { 566 {
@@ -117,4 +571,743 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
117 return 1; 571 return 1;
118 } 572 }
119 573
574static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
575 const unsigned char *in, size_t len)
576{
577 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
578
579 if (dat->stream.cbc)
580 (*dat->stream.cbc)(in,out,len,&dat->ks,ctx->iv,ctx->encrypt);
581 else if (ctx->encrypt)
582 CRYPTO_cbc128_encrypt(in,out,len,&dat->ks,ctx->iv,dat->block);
583 else
584 CRYPTO_cbc128_encrypt(in,out,len,&dat->ks,ctx->iv,dat->block);
585
586 return 1;
587}
588
589static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
590 const unsigned char *in, size_t len)
591{
592 size_t bl = ctx->cipher->block_size;
593 size_t i;
594 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
595
596 if (len<bl) return 1;
597
598 for (i=0,len-=bl;i<=len;i+=bl)
599 (*dat->block)(in+i,out+i,&dat->ks);
600
601 return 1;
602}
603
604static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
605 const unsigned char *in,size_t len)
606{
607 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
608
609 CRYPTO_ofb128_encrypt(in,out,len,&dat->ks,
610 ctx->iv,&ctx->num,dat->block);
611 return 1;
612}
613
614static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
615 const unsigned char *in,size_t len)
616{
617 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
618
619 CRYPTO_cfb128_encrypt(in,out,len,&dat->ks,
620 ctx->iv,&ctx->num,ctx->encrypt,dat->block);
621 return 1;
622}
623
624static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
625 const unsigned char *in,size_t len)
626{
627 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
628
629 CRYPTO_cfb128_8_encrypt(in,out,len,&dat->ks,
630 ctx->iv,&ctx->num,ctx->encrypt,dat->block);
631 return 1;
632}
633
634static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
635 const unsigned char *in,size_t len)
636{
637 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
638
639 if (ctx->flags&EVP_CIPH_FLAG_LENGTH_BITS) {
640 CRYPTO_cfb128_1_encrypt(in,out,len,&dat->ks,
641 ctx->iv,&ctx->num,ctx->encrypt,dat->block);
642 return 1;
643 }
644
645 while (len>=MAXBITCHUNK) {
646 CRYPTO_cfb128_1_encrypt(in,out,MAXBITCHUNK*8,&dat->ks,
647 ctx->iv,&ctx->num,ctx->encrypt,dat->block);
648 len-=MAXBITCHUNK;
649 }
650 if (len)
651 CRYPTO_cfb128_1_encrypt(in,out,len*8,&dat->ks,
652 ctx->iv,&ctx->num,ctx->encrypt,dat->block);
653
654 return 1;
655}
656
657static int aes_ctr_cipher (EVP_CIPHER_CTX *ctx, unsigned char *out,
658 const unsigned char *in, size_t len)
659{
660 unsigned int num = ctx->num;
661 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
662
663 if (dat->stream.ctr)
664 CRYPTO_ctr128_encrypt_ctr32(in,out,len,&dat->ks,
665 ctx->iv,ctx->buf,&num,dat->stream.ctr);
666 else
667 CRYPTO_ctr128_encrypt(in,out,len,&dat->ks,
668 ctx->iv,ctx->buf,&num,dat->block);
669 ctx->num = (size_t)num;
670 return 1;
671}
672
673BLOCK_CIPHER_generic_pack(NID_aes,128,EVP_CIPH_FLAG_FIPS)
674BLOCK_CIPHER_generic_pack(NID_aes,192,EVP_CIPH_FLAG_FIPS)
675BLOCK_CIPHER_generic_pack(NID_aes,256,EVP_CIPH_FLAG_FIPS)
676
677static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
678 {
679 EVP_AES_GCM_CTX *gctx = c->cipher_data;
680 OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
681 if (gctx->iv != c->iv)
682 OPENSSL_free(gctx->iv);
683 return 1;
684 }
685
686/* increment counter (64-bit int) by 1 */
687static void ctr64_inc(unsigned char *counter) {
688 int n=8;
689 unsigned char c;
690
691 do {
692 --n;
693 c = counter[n];
694 ++c;
695 counter[n] = c;
696 if (c) return;
697 } while (n);
698}
699
700static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
701 {
702 EVP_AES_GCM_CTX *gctx = c->cipher_data;
703 switch (type)
704 {
705 case EVP_CTRL_INIT:
706 gctx->key_set = 0;
707 gctx->iv_set = 0;
708 gctx->ivlen = c->cipher->iv_len;
709 gctx->iv = c->iv;
710 gctx->taglen = -1;
711 gctx->iv_gen = 0;
712 gctx->tls_aad_len = -1;
713 return 1;
714
715 case EVP_CTRL_GCM_SET_IVLEN:
716 if (arg <= 0)
717 return 0;
718#ifdef OPENSSL_FIPS
719 if (FIPS_module_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)
720 && arg < 12)
721 return 0;
722#endif
723 /* Allocate memory for IV if needed */
724 if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen))
725 {
726 if (gctx->iv != c->iv)
727 OPENSSL_free(gctx->iv);
728 gctx->iv = OPENSSL_malloc(arg);
729 if (!gctx->iv)
730 return 0;
731 }
732 gctx->ivlen = arg;
733 return 1;
734
735 case EVP_CTRL_GCM_SET_TAG:
736 if (arg <= 0 || arg > 16 || c->encrypt)
737 return 0;
738 memcpy(c->buf, ptr, arg);
739 gctx->taglen = arg;
740 return 1;
741
742 case EVP_CTRL_GCM_GET_TAG:
743 if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0)
744 return 0;
745 memcpy(ptr, c->buf, arg);
746 return 1;
747
748 case EVP_CTRL_GCM_SET_IV_FIXED:
749 /* Special case: -1 length restores whole IV */
750 if (arg == -1)
751 {
752 memcpy(gctx->iv, ptr, gctx->ivlen);
753 gctx->iv_gen = 1;
754 return 1;
755 }
756 /* Fixed field must be at least 4 bytes and invocation field
757 * at least 8.
758 */
759 if ((arg < 4) || (gctx->ivlen - arg) < 8)
760 return 0;
761 if (arg)
762 memcpy(gctx->iv, ptr, arg);
763 if (c->encrypt &&
764 RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
765 return 0;
766 gctx->iv_gen = 1;
767 return 1;
768
769 case EVP_CTRL_GCM_IV_GEN:
770 if (gctx->iv_gen == 0 || gctx->key_set == 0)
771 return 0;
772 CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
773 if (arg <= 0 || arg > gctx->ivlen)
774 arg = gctx->ivlen;
775 memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
776 /* Invocation field will be at least 8 bytes in size and
777 * so no need to check wrap around or increment more than
778 * last 8 bytes.
779 */
780 ctr64_inc(gctx->iv + gctx->ivlen - 8);
781 gctx->iv_set = 1;
782 return 1;
783
784 case EVP_CTRL_GCM_SET_IV_INV:
785 if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt)
786 return 0;
787 memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
788 CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
789 gctx->iv_set = 1;
790 return 1;
791
792 case EVP_CTRL_AEAD_TLS1_AAD:
793 /* Save the AAD for later use */
794 if (arg != 13)
795 return 0;
796 memcpy(c->buf, ptr, arg);
797 gctx->tls_aad_len = arg;
798 {
799 unsigned int len=c->buf[arg-2]<<8|c->buf[arg-1];
800 /* Correct length for explicit IV */
801 len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
802 /* If decrypting correct for tag too */
803 if (!c->encrypt)
804 len -= EVP_GCM_TLS_TAG_LEN;
805 c->buf[arg-2] = len>>8;
806 c->buf[arg-1] = len & 0xff;
807 }
808 /* Extra padding: tag appended to record */
809 return EVP_GCM_TLS_TAG_LEN;
810
811 default:
812 return -1;
813
814 }
815 }
816
817static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
818 const unsigned char *iv, int enc)
819 {
820 EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
821 if (!iv && !key)
822 return 1;
823 if (key)
824 { do {
825#ifdef BSAES_CAPABLE
826 if (BSAES_CAPABLE)
827 {
828 AES_set_encrypt_key(key,ctx->key_len*8,&gctx->ks);
829 CRYPTO_gcm128_init(&gctx->gcm,&gctx->ks,
830 (block128_f)AES_encrypt);
831 gctx->ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks;
832 break;
833 }
834 else
835#endif
836#ifdef VPAES_CAPABLE
837 if (VPAES_CAPABLE)
838 {
839 vpaes_set_encrypt_key(key,ctx->key_len*8,&gctx->ks);
840 CRYPTO_gcm128_init(&gctx->gcm,&gctx->ks,
841 (block128_f)vpaes_encrypt);
842 gctx->ctr = NULL;
843 break;
844 }
845#endif
846 AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
847 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt);
848#ifdef AES_CTR_ASM
849 gctx->ctr = (ctr128_f)AES_ctr32_encrypt;
850#else
851 gctx->ctr = NULL;
852#endif
853 } while (0);
854
855 /* If we have an iv can set it directly, otherwise use
856 * saved IV.
857 */
858 if (iv == NULL && gctx->iv_set)
859 iv = gctx->iv;
860 if (iv)
861 {
862 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
863 gctx->iv_set = 1;
864 }
865 gctx->key_set = 1;
866 }
867 else
868 {
869 /* If key set use IV, otherwise copy */
870 if (gctx->key_set)
871 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
872 else
873 memcpy(gctx->iv, iv, gctx->ivlen);
874 gctx->iv_set = 1;
875 gctx->iv_gen = 0;
876 }
877 return 1;
878 }
879
880/* Handle TLS GCM packet format. This consists of the last portion of the IV
881 * followed by the payload and finally the tag. On encrypt generate IV,
882 * encrypt payload and write the tag. On verify retrieve IV, decrypt payload
883 * and verify tag.
884 */
885
886static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
887 const unsigned char *in, size_t len)
888 {
889 EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
890 int rv = -1;
891 /* Encrypt/decrypt must be performed in place */
892 if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN+EVP_GCM_TLS_TAG_LEN))
893 return -1;
894 /* Set IV from start of buffer or generate IV and write to start
895 * of buffer.
896 */
897 if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
898 EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
899 EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
900 goto err;
901 /* Use saved AAD */
902 if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len))
903 goto err;
904 /* Fix buffer and length to point to payload */
905 in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
906 out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
907 len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
908 if (ctx->encrypt)
909 {
910 /* Encrypt payload */
911 if (gctx->ctr)
912 {
913 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
914 in, out, len,
915 gctx->ctr))
916 goto err;
917 }
918 else {
919 if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
920 goto err;
921 }
922 out += len;
923 /* Finally write tag */
924 CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
925 rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
926 }
927 else
928 {
929 /* Decrypt */
930 if (gctx->ctr)
931 {
932 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
933 in, out, len,
934 gctx->ctr))
935 goto err;
936 }
937 else {
938 if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
939 goto err;
940 }
941 /* Retrieve tag */
942 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf,
943 EVP_GCM_TLS_TAG_LEN);
944 /* If tag mismatch wipe buffer */
945 if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN))
946 {
947 OPENSSL_cleanse(out, len);
948 goto err;
949 }
950 rv = len;
951 }
952
953 err:
954 gctx->iv_set = 0;
955 gctx->tls_aad_len = -1;
956 return rv;
957 }
958
959static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
960 const unsigned char *in, size_t len)
961 {
962 EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
963 /* If not set up, return error */
964 if (!gctx->key_set)
965 return -1;
966
967 if (gctx->tls_aad_len >= 0)
968 return aes_gcm_tls_cipher(ctx, out, in, len);
969
970 if (!gctx->iv_set)
971 return -1;
972 if (!ctx->encrypt && gctx->taglen < 0)
973 return -1;
974 if (in)
975 {
976 if (out == NULL)
977 {
978 if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
979 return -1;
980 }
981 else if (ctx->encrypt)
982 {
983 if (gctx->ctr)
984 {
985 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
986 in, out, len,
987 gctx->ctr))
988 return -1;
989 }
990 else {
991 if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
992 return -1;
993 }
994 }
995 else
996 {
997 if (gctx->ctr)
998 {
999 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
1000 in, out, len,
1001 gctx->ctr))
1002 return -1;
1003 }
1004 else {
1005 if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
1006 return -1;
1007 }
1008 }
1009 return len;
1010 }
1011 else
1012 {
1013 if (!ctx->encrypt)
1014 {
1015 if (CRYPTO_gcm128_finish(&gctx->gcm,
1016 ctx->buf, gctx->taglen) != 0)
1017 return -1;
1018 gctx->iv_set = 0;
1019 return 0;
1020 }
1021 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16);
1022 gctx->taglen = 16;
1023 /* Don't reuse the IV */
1024 gctx->iv_set = 0;
1025 return 0;
1026 }
1027
1028 }
1029
1030#define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \
1031 | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
1032 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT)
1033
1034BLOCK_CIPHER_custom(NID_aes,128,1,12,gcm,GCM,
1035 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
1036BLOCK_CIPHER_custom(NID_aes,192,1,12,gcm,GCM,
1037 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
1038BLOCK_CIPHER_custom(NID_aes,256,1,12,gcm,GCM,
1039 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
1040
1041static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
1042 {
1043 EVP_AES_XTS_CTX *xctx = c->cipher_data;
1044 if (type != EVP_CTRL_INIT)
1045 return -1;
1046 /* key1 and key2 are used as an indicator both key and IV are set */
1047 xctx->xts.key1 = NULL;
1048 xctx->xts.key2 = NULL;
1049 return 1;
1050 }
1051
1052static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1053 const unsigned char *iv, int enc)
1054 {
1055 EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
1056 if (!iv && !key)
1057 return 1;
1058
1059 if (key) do
1060 {
1061#ifdef AES_XTS_ASM
1062 xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
1063#else
1064 xctx->stream = NULL;
1065#endif
1066 /* key_len is two AES keys */
1067#ifdef BSAES_CAPABLE
1068 if (BSAES_CAPABLE)
1069 xctx->stream = enc ? bsaes_xts_encrypt : bsaes_xts_decrypt;
1070 else
1071#endif
1072#ifdef VPAES_CAPABLE
1073 if (VPAES_CAPABLE)
1074 {
1075 if (enc)
1076 {
1077 vpaes_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
1078 xctx->xts.block1 = (block128_f)vpaes_encrypt;
1079 }
1080 else
1081 {
1082 vpaes_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
1083 xctx->xts.block1 = (block128_f)vpaes_decrypt;
1084 }
1085
1086 vpaes_set_encrypt_key(key + ctx->key_len/2,
1087 ctx->key_len * 4, &xctx->ks2);
1088 xctx->xts.block2 = (block128_f)vpaes_encrypt;
1089
1090 xctx->xts.key1 = &xctx->ks1;
1091 break;
1092 }
1093#endif
1094 if (enc)
1095 {
1096 AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
1097 xctx->xts.block1 = (block128_f)AES_encrypt;
1098 }
1099 else
1100 {
1101 AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
1102 xctx->xts.block1 = (block128_f)AES_decrypt;
1103 }
1104
1105 AES_set_encrypt_key(key + ctx->key_len/2,
1106 ctx->key_len * 4, &xctx->ks2);
1107 xctx->xts.block2 = (block128_f)AES_encrypt;
1108
1109 xctx->xts.key1 = &xctx->ks1;
1110 } while (0);
1111
1112 if (iv)
1113 {
1114 xctx->xts.key2 = &xctx->ks2;
1115 memcpy(ctx->iv, iv, 16);
1116 }
1117
1118 return 1;
1119 }
1120
1121static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1122 const unsigned char *in, size_t len)
1123 {
1124 EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
1125 if (!xctx->xts.key1 || !xctx->xts.key2)
1126 return 0;
1127 if (!out || !in || len<AES_BLOCK_SIZE)
1128 return 0;
1129#ifdef OPENSSL_FIPS
1130 /* Requirement of SP800-38E */
1131 if (FIPS_module_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
1132 (len > (1UL<<20)*16))
1133 {
1134 EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE);
1135 return 0;
1136 }
1137#endif
1138 if (xctx->stream)
1139 (*xctx->stream)(in, out, len,
1140 xctx->xts.key1, xctx->xts.key2, ctx->iv);
1141 else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len,
1142 ctx->encrypt))
1143 return 0;
1144 return 1;
1145 }
1146
1147#define aes_xts_cleanup NULL
1148
1149#define XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \
1150 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT)
1151
1152BLOCK_CIPHER_custom(NID_aes,128,1,16,xts,XTS,EVP_CIPH_FLAG_FIPS|XTS_FLAGS)
1153BLOCK_CIPHER_custom(NID_aes,256,1,16,xts,XTS,EVP_CIPH_FLAG_FIPS|XTS_FLAGS)
1154
1155static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
1156 {
1157 EVP_AES_CCM_CTX *cctx = c->cipher_data;
1158 switch (type)
1159 {
1160 case EVP_CTRL_INIT:
1161 cctx->key_set = 0;
1162 cctx->iv_set = 0;
1163 cctx->L = 8;
1164 cctx->M = 12;
1165 cctx->tag_set = 0;
1166 cctx->len_set = 0;
1167 return 1;
1168
1169 case EVP_CTRL_CCM_SET_IVLEN:
1170 arg = 15 - arg;
1171 case EVP_CTRL_CCM_SET_L:
1172 if (arg < 2 || arg > 8)
1173 return 0;
1174 cctx->L = arg;
1175 return 1;
1176
1177 case EVP_CTRL_CCM_SET_TAG:
1178 if ((arg & 1) || arg < 4 || arg > 16)
1179 return 0;
1180 if ((c->encrypt && ptr) || (!c->encrypt && !ptr))
1181 return 0;
1182 if (ptr)
1183 {
1184 cctx->tag_set = 1;
1185 memcpy(c->buf, ptr, arg);
1186 }
1187 cctx->M = arg;
1188 return 1;
1189
1190 case EVP_CTRL_CCM_GET_TAG:
1191 if (!c->encrypt || !cctx->tag_set)
1192 return 0;
1193 if(!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
1194 return 0;
1195 cctx->tag_set = 0;
1196 cctx->iv_set = 0;
1197 cctx->len_set = 0;
1198 return 1;
1199
1200 default:
1201 return -1;
1202
1203 }
1204 }
1205
1206static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1207 const unsigned char *iv, int enc)
1208 {
1209 EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
1210 if (!iv && !key)
1211 return 1;
1212 if (key) do
1213 {
1214#ifdef VPAES_CAPABLE
1215 if (VPAES_CAPABLE)
1216 {
1217 vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
1218 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
1219 &cctx->ks, (block128_f)vpaes_encrypt);
1220 cctx->key_set = 1;
1221 break;
1222 }
1223#endif
1224 AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
1225 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
1226 &cctx->ks, (block128_f)AES_encrypt);
1227 cctx->str = NULL;
1228 cctx->key_set = 1;
1229 } while (0);
1230 if (iv)
1231 {
1232 memcpy(ctx->iv, iv, 15 - cctx->L);
1233 cctx->iv_set = 1;
1234 }
1235 return 1;
1236 }
1237
1238static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1239 const unsigned char *in, size_t len)
1240 {
1241 EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
1242 CCM128_CONTEXT *ccm = &cctx->ccm;
1243 /* If not set up, return error */
1244 if (!cctx->iv_set && !cctx->key_set)
1245 return -1;
1246 if (!ctx->encrypt && !cctx->tag_set)
1247 return -1;
1248 if (!out)
1249 {
1250 if (!in)
1251 {
1252 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L,len))
1253 return -1;
1254 cctx->len_set = 1;
1255 return len;
1256 }
1257 /* If have AAD need message length */
1258 if (!cctx->len_set && len)
1259 return -1;
1260 CRYPTO_ccm128_aad(ccm, in, len);
1261 return len;
1262 }
1263 /* EVP_*Final() doesn't return any data */
1264 if (!in)
1265 return 0;
1266 /* If not set length yet do it */
1267 if (!cctx->len_set)
1268 {
1269 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
1270 return -1;
1271 cctx->len_set = 1;
1272 }
1273 if (ctx->encrypt)
1274 {
1275 if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
1276 cctx->str) :
1277 CRYPTO_ccm128_encrypt(ccm, in, out, len))
1278 return -1;
1279 cctx->tag_set = 1;
1280 return len;
1281 }
1282 else
1283 {
1284 int rv = -1;
1285 if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
1286 cctx->str) :
1287 !CRYPTO_ccm128_decrypt(ccm, in, out, len))
1288 {
1289 unsigned char tag[16];
1290 if (CRYPTO_ccm128_tag(ccm, tag, cctx->M))
1291 {
1292 if (!memcmp(tag, ctx->buf, cctx->M))
1293 rv = len;
1294 }
1295 }
1296 if (rv == -1)
1297 OPENSSL_cleanse(out, len);
1298 cctx->iv_set = 0;
1299 cctx->tag_set = 0;
1300 cctx->len_set = 0;
1301 return rv;
1302 }
1303
1304 }
1305
1306#define aes_ccm_cleanup NULL
1307
1308BLOCK_CIPHER_custom(NID_aes,128,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
1309BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
1310BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
1311
1312#endif
120#endif 1313#endif
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
index 3232cfe024..1e69972662 100644
--- a/src/lib/libcrypto/evp/e_des3.c
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -65,6 +65,8 @@
65#include <openssl/des.h> 65#include <openssl/des.h>
66#include <openssl/rand.h> 66#include <openssl/rand.h>
67 67
68#ifndef OPENSSL_FIPS
69
68static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 70static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
69 const unsigned char *iv,int enc); 71 const unsigned char *iv,int enc);
70 72
@@ -311,3 +313,4 @@ const EVP_CIPHER *EVP_des_ede3(void)
311 return &des_ede3_ecb; 313 return &des_ede3_ecb;
312} 314}
313#endif 315#endif
316#endif
diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c
index 7cf50e1416..f0c1f78b5f 100644
--- a/src/lib/libcrypto/evp/e_null.c
+++ b/src/lib/libcrypto/evp/e_null.c
@@ -61,6 +61,8 @@
61#include <openssl/evp.h> 61#include <openssl/evp.h>
62#include <openssl/objects.h> 62#include <openssl/objects.h>
63 63
64#ifndef OPENSSL_FIPS
65
64static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 66static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
65 const unsigned char *iv,int enc); 67 const unsigned char *iv,int enc);
66static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 68static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
@@ -99,4 +101,4 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
99 memcpy((char *)out,(const char *)in,inl); 101 memcpy((char *)out,(const char *)in,inl);
100 return 1; 102 return 1;
101 } 103 }
102 104#endif
diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c
index f78d781129..d4c33b58d4 100644
--- a/src/lib/libcrypto/evp/e_rc2.c
+++ b/src/lib/libcrypto/evp/e_rc2.c
@@ -183,7 +183,8 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
183 key_bits =rc2_magic_to_meth((int)num); 183 key_bits =rc2_magic_to_meth((int)num);
184 if (!key_bits) 184 if (!key_bits)
185 return(-1); 185 return(-1);
186 if(i > 0) EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1); 186 if(i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1))
187 return -1;
187 EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); 188 EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
188 EVP_CIPHER_CTX_set_key_length(c, key_bits / 8); 189 EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
189 } 190 }
diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c
index 8b5175e0fd..b4f6bda82d 100644
--- a/src/lib/libcrypto/evp/e_rc4.c
+++ b/src/lib/libcrypto/evp/e_rc4.c
@@ -62,6 +62,7 @@
62#ifndef OPENSSL_NO_RC4 62#ifndef OPENSSL_NO_RC4
63 63
64#include <openssl/evp.h> 64#include <openssl/evp.h>
65#include "evp_locl.h"
65#include <openssl/objects.h> 66#include <openssl/objects.h>
66#include <openssl/rc4.h> 67#include <openssl/rc4.h>
67 68
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index da93e945f5..aa9616e11b 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -83,7 +83,7 @@
83#define EVP_RC5_32_12_16_KEY_SIZE 16 83#define EVP_RC5_32_12_16_KEY_SIZE 16
84*/ 84*/
85#define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */ 85#define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */
86#define EVP_MAX_KEY_LENGTH 32 86#define EVP_MAX_KEY_LENGTH 64
87#define EVP_MAX_IV_LENGTH 16 87#define EVP_MAX_IV_LENGTH 16
88#define EVP_MAX_BLOCK_LENGTH 32 88#define EVP_MAX_BLOCK_LENGTH 32
89 89
@@ -116,6 +116,7 @@
116#define EVP_PKEY_DH NID_dhKeyAgreement 116#define EVP_PKEY_DH NID_dhKeyAgreement
117#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey 117#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey
118#define EVP_PKEY_HMAC NID_hmac 118#define EVP_PKEY_HMAC NID_hmac
119#define EVP_PKEY_CMAC NID_cmac
119 120
120#ifdef __cplusplus 121#ifdef __cplusplus
121extern "C" { 122extern "C" {
@@ -216,6 +217,8 @@ typedef int evp_verify_method(int type,const unsigned char *m,
216 217
217#define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 218#define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018
218 219
220#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */
221
219/* Digest ctrls */ 222/* Digest ctrls */
220 223
221#define EVP_MD_CTRL_DIGALGID 0x1 224#define EVP_MD_CTRL_DIGALGID 0x1
@@ -325,6 +328,10 @@ struct evp_cipher_st
325#define EVP_CIPH_CBC_MODE 0x2 328#define EVP_CIPH_CBC_MODE 0x2
326#define EVP_CIPH_CFB_MODE 0x3 329#define EVP_CIPH_CFB_MODE 0x3
327#define EVP_CIPH_OFB_MODE 0x4 330#define EVP_CIPH_OFB_MODE 0x4
331#define EVP_CIPH_CTR_MODE 0x5
332#define EVP_CIPH_GCM_MODE 0x6
333#define EVP_CIPH_CCM_MODE 0x7
334#define EVP_CIPH_XTS_MODE 0x10001
328#define EVP_CIPH_MODE 0xF0007 335#define EVP_CIPH_MODE 0xF0007
329/* Set if variable length cipher */ 336/* Set if variable length cipher */
330#define EVP_CIPH_VARIABLE_LENGTH 0x8 337#define EVP_CIPH_VARIABLE_LENGTH 0x8
@@ -346,6 +353,15 @@ struct evp_cipher_st
346#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 353#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000
347/* Buffer length in bits not bytes: CFB1 mode only */ 354/* Buffer length in bits not bytes: CFB1 mode only */
348#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 355#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
356/* Note if suitable for use in FIPS mode */
357#define EVP_CIPH_FLAG_FIPS 0x4000
358/* Allow non FIPS cipher in FIPS mode */
359#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000
360/* Cipher handles any and all padding logic as well
361 * as finalisation.
362 */
363#define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000
364#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
349 365
350/* ctrl() values */ 366/* ctrl() values */
351 367
@@ -358,7 +374,36 @@ struct evp_cipher_st
358#define EVP_CTRL_RAND_KEY 0x6 374#define EVP_CTRL_RAND_KEY 0x6
359#define EVP_CTRL_PBE_PRF_NID 0x7 375#define EVP_CTRL_PBE_PRF_NID 0x7
360#define EVP_CTRL_COPY 0x8 376#define EVP_CTRL_COPY 0x8
361#define EVP_CTRL_SET_ACSS_MODE 0x9 377#define EVP_CTRL_GCM_SET_IVLEN 0x9
378#define EVP_CTRL_GCM_GET_TAG 0x10
379#define EVP_CTRL_GCM_SET_TAG 0x11
380#define EVP_CTRL_GCM_SET_IV_FIXED 0x12
381#define EVP_CTRL_GCM_IV_GEN 0x13
382#define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN
383#define EVP_CTRL_CCM_GET_TAG EVP_CTRL_GCM_GET_TAG
384#define EVP_CTRL_CCM_SET_TAG EVP_CTRL_GCM_SET_TAG
385#define EVP_CTRL_CCM_SET_L 0x14
386#define EVP_CTRL_CCM_SET_MSGLEN 0x15
387/* AEAD cipher deduces payload length and returns number of bytes
388 * required to store MAC and eventual padding. Subsequent call to
389 * EVP_Cipher even appends/verifies MAC.
390 */
391#define EVP_CTRL_AEAD_TLS1_AAD 0x16
392/* Used by composite AEAD ciphers, no-op in GCM, CCM... */
393#define EVP_CTRL_AEAD_SET_MAC_KEY 0x17
394/* Set the GCM invocation field, decrypt only */
395#define EVP_CTRL_GCM_SET_IV_INV 0x18
396
397/* OpenBSD extension */
398#define EVP_CTRL_SET_ACSS_MODE 0x80
399
400/* GCM TLS constants */
401/* Length of fixed part of IV derived from PRF */
402#define EVP_GCM_TLS_FIXED_IV_LEN 4
403/* Length of explicit part of IV part of TLS records */
404#define EVP_GCM_TLS_EXPLICIT_IV_LEN 8
405/* Length of tag for TLS */
406#define EVP_GCM_TLS_TAG_LEN 16
362 407
363typedef struct evp_cipher_info_st 408typedef struct evp_cipher_info_st
364 { 409 {
@@ -376,7 +421,7 @@ struct evp_cipher_ctx_st
376 unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ 421 unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */
377 unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ 422 unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */
378 unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */ 423 unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */
379 int num; /* used by cfb/ofb mode */ 424 int num; /* used by cfb/ofb/ctr mode */
380 425
381 void *app_data; /* application stuff */ 426 void *app_data; /* application stuff */
382 int key_len; /* May change for variable length cipher */ 427 int key_len; /* May change for variable length cipher */
@@ -696,6 +741,9 @@ const EVP_MD *EVP_dev_crypto_md5(void);
696#ifndef OPENSSL_NO_RC4 741#ifndef OPENSSL_NO_RC4
697const EVP_CIPHER *EVP_rc4(void); 742const EVP_CIPHER *EVP_rc4(void);
698const EVP_CIPHER *EVP_rc4_40(void); 743const EVP_CIPHER *EVP_rc4_40(void);
744#ifndef OPENSSL_NO_MD5
745const EVP_CIPHER *EVP_rc4_hmac_md5(void);
746#endif
699#endif 747#endif
700#ifndef OPENSSL_NO_IDEA 748#ifndef OPENSSL_NO_IDEA
701const EVP_CIPHER *EVP_idea_ecb(void); 749const EVP_CIPHER *EVP_idea_ecb(void);
@@ -742,9 +790,10 @@ const EVP_CIPHER *EVP_aes_128_cfb8(void);
742const EVP_CIPHER *EVP_aes_128_cfb128(void); 790const EVP_CIPHER *EVP_aes_128_cfb128(void);
743# define EVP_aes_128_cfb EVP_aes_128_cfb128 791# define EVP_aes_128_cfb EVP_aes_128_cfb128
744const EVP_CIPHER *EVP_aes_128_ofb(void); 792const EVP_CIPHER *EVP_aes_128_ofb(void);
745#if 0
746const EVP_CIPHER *EVP_aes_128_ctr(void); 793const EVP_CIPHER *EVP_aes_128_ctr(void);
747#endif 794const EVP_CIPHER *EVP_aes_128_gcm(void);
795const EVP_CIPHER *EVP_aes_128_ccm(void);
796const EVP_CIPHER *EVP_aes_128_xts(void);
748const EVP_CIPHER *EVP_aes_192_ecb(void); 797const EVP_CIPHER *EVP_aes_192_ecb(void);
749const EVP_CIPHER *EVP_aes_192_cbc(void); 798const EVP_CIPHER *EVP_aes_192_cbc(void);
750const EVP_CIPHER *EVP_aes_192_cfb1(void); 799const EVP_CIPHER *EVP_aes_192_cfb1(void);
@@ -752,9 +801,9 @@ const EVP_CIPHER *EVP_aes_192_cfb8(void);
752const EVP_CIPHER *EVP_aes_192_cfb128(void); 801const EVP_CIPHER *EVP_aes_192_cfb128(void);
753# define EVP_aes_192_cfb EVP_aes_192_cfb128 802# define EVP_aes_192_cfb EVP_aes_192_cfb128
754const EVP_CIPHER *EVP_aes_192_ofb(void); 803const EVP_CIPHER *EVP_aes_192_ofb(void);
755#if 0
756const EVP_CIPHER *EVP_aes_192_ctr(void); 804const EVP_CIPHER *EVP_aes_192_ctr(void);
757#endif 805const EVP_CIPHER *EVP_aes_192_gcm(void);
806const EVP_CIPHER *EVP_aes_192_ccm(void);
758const EVP_CIPHER *EVP_aes_256_ecb(void); 807const EVP_CIPHER *EVP_aes_256_ecb(void);
759const EVP_CIPHER *EVP_aes_256_cbc(void); 808const EVP_CIPHER *EVP_aes_256_cbc(void);
760const EVP_CIPHER *EVP_aes_256_cfb1(void); 809const EVP_CIPHER *EVP_aes_256_cfb1(void);
@@ -762,8 +811,13 @@ const EVP_CIPHER *EVP_aes_256_cfb8(void);
762const EVP_CIPHER *EVP_aes_256_cfb128(void); 811const EVP_CIPHER *EVP_aes_256_cfb128(void);
763# define EVP_aes_256_cfb EVP_aes_256_cfb128 812# define EVP_aes_256_cfb EVP_aes_256_cfb128
764const EVP_CIPHER *EVP_aes_256_ofb(void); 813const EVP_CIPHER *EVP_aes_256_ofb(void);
765#if 0
766const EVP_CIPHER *EVP_aes_256_ctr(void); 814const EVP_CIPHER *EVP_aes_256_ctr(void);
815const EVP_CIPHER *EVP_aes_256_gcm(void);
816const EVP_CIPHER *EVP_aes_256_ccm(void);
817const EVP_CIPHER *EVP_aes_256_xts(void);
818#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
819const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
820const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void);
767#endif 821#endif
768#endif 822#endif
769#ifndef OPENSSL_NO_ACSS 823#ifndef OPENSSL_NO_ACSS
@@ -1051,13 +1105,22 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
1051#define EVP_PKEY_CTRL_CMS_DECRYPT 10 1105#define EVP_PKEY_CTRL_CMS_DECRYPT 10
1052#define EVP_PKEY_CTRL_CMS_SIGN 11 1106#define EVP_PKEY_CTRL_CMS_SIGN 11
1053 1107
1108#define EVP_PKEY_CTRL_CIPHER 12
1109
1054#define EVP_PKEY_ALG_CTRL 0x1000 1110#define EVP_PKEY_ALG_CTRL 0x1000
1055 1111
1056 1112
1057#define EVP_PKEY_FLAG_AUTOARGLEN 2 1113#define EVP_PKEY_FLAG_AUTOARGLEN 2
1114/* Method handles all operations: don't assume any digest related
1115 * defaults.
1116 */
1117#define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4
1058 1118
1059const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); 1119const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
1060EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags); 1120EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags);
1121void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
1122 const EVP_PKEY_METHOD *meth);
1123void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src);
1061void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); 1124void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
1062int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); 1125int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
1063 1126
@@ -1075,7 +1138,7 @@ int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx);
1075void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); 1138void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
1076 1139
1077EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, 1140EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
1078 unsigned char *key, int keylen); 1141 const unsigned char *key, int keylen);
1079 1142
1080void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); 1143void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data);
1081void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx); 1144void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx);
@@ -1194,9 +1257,13 @@ void ERR_load_EVP_strings(void);
1194/* Error codes for the EVP functions. */ 1257/* Error codes for the EVP functions. */
1195 1258
1196/* Function codes. */ 1259/* Function codes. */
1197#define EVP_F_AESNI_INIT_KEY 165 1260#define EVP_F_AESNI_INIT_KEY 165
1261#define EVP_F_AESNI_XTS_CIPHER 176
1198#define EVP_F_AES_INIT_KEY 133 1262#define EVP_F_AES_INIT_KEY 133
1263#define EVP_F_AES_XTS 172
1264#define EVP_F_AES_XTS_CIPHER 175
1199#define EVP_F_CAMELLIA_INIT_KEY 159 1265#define EVP_F_CAMELLIA_INIT_KEY 159
1266#define EVP_F_CMAC_INIT 173
1200#define EVP_F_D2I_PKEY 100 1267#define EVP_F_D2I_PKEY 100
1201#define EVP_F_DO_SIGVER_INIT 161 1268#define EVP_F_DO_SIGVER_INIT 161
1202#define EVP_F_DSAPKEY2PKCS8 134 1269#define EVP_F_DSAPKEY2PKCS8 134
@@ -1251,15 +1318,24 @@ void ERR_load_EVP_strings(void);
1251#define EVP_F_EVP_RIJNDAEL 126 1318#define EVP_F_EVP_RIJNDAEL 126
1252#define EVP_F_EVP_SIGNFINAL 107 1319#define EVP_F_EVP_SIGNFINAL 107
1253#define EVP_F_EVP_VERIFYFINAL 108 1320#define EVP_F_EVP_VERIFYFINAL 108
1321#define EVP_F_FIPS_CIPHERINIT 166
1322#define EVP_F_FIPS_CIPHER_CTX_COPY 170
1323#define EVP_F_FIPS_CIPHER_CTX_CTRL 167
1324#define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH 171
1325#define EVP_F_FIPS_DIGESTINIT 168
1326#define EVP_F_FIPS_MD_CTX_COPY 169
1327#define EVP_F_HMAC_INIT_EX 174
1254#define EVP_F_INT_CTX_NEW 157 1328#define EVP_F_INT_CTX_NEW 157
1255#define EVP_F_PKCS5_PBE_KEYIVGEN 117 1329#define EVP_F_PKCS5_PBE_KEYIVGEN 117
1256#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 1330#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118
1331#define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164
1257#define EVP_F_PKCS8_SET_BROKEN 112 1332#define EVP_F_PKCS8_SET_BROKEN 112
1258#define EVP_F_PKEY_SET_TYPE 158 1333#define EVP_F_PKEY_SET_TYPE 158
1259#define EVP_F_RC2_MAGIC_TO_METH 109 1334#define EVP_F_RC2_MAGIC_TO_METH 109
1260#define EVP_F_RC5_CTRL 125 1335#define EVP_F_RC5_CTRL 125
1261 1336
1262/* Reason codes. */ 1337/* Reason codes. */
1338#define EVP_R_AES_IV_SETUP_FAILED 162
1263#define EVP_R_AES_KEY_SETUP_FAILED 143 1339#define EVP_R_AES_KEY_SETUP_FAILED 143
1264#define EVP_R_ASN1_LIB 140 1340#define EVP_R_ASN1_LIB 140
1265#define EVP_R_BAD_BLOCK_LENGTH 136 1341#define EVP_R_BAD_BLOCK_LENGTH 136
@@ -1277,6 +1353,7 @@ void ERR_load_EVP_strings(void);
1277#define EVP_R_DECODE_ERROR 114 1353#define EVP_R_DECODE_ERROR 114
1278#define EVP_R_DIFFERENT_KEY_TYPES 101 1354#define EVP_R_DIFFERENT_KEY_TYPES 101
1279#define EVP_R_DIFFERENT_PARAMETERS 153 1355#define EVP_R_DIFFERENT_PARAMETERS 153
1356#define EVP_R_DISABLED_FOR_FIPS 163
1280#define EVP_R_ENCODE_ERROR 115 1357#define EVP_R_ENCODE_ERROR 115
1281#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 1358#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
1282#define EVP_R_EXPECTING_AN_RSA_KEY 127 1359#define EVP_R_EXPECTING_AN_RSA_KEY 127
@@ -1308,6 +1385,7 @@ void ERR_load_EVP_strings(void);
1308#define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 1385#define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
1309#define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 1386#define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
1310#define EVP_R_PUBLIC_KEY_NOT_RSA 106 1387#define EVP_R_PUBLIC_KEY_NOT_RSA 106
1388#define EVP_R_TOO_LARGE 164
1311#define EVP_R_UNKNOWN_CIPHER 160 1389#define EVP_R_UNKNOWN_CIPHER 160
1312#define EVP_R_UNKNOWN_DIGEST 161 1390#define EVP_R_UNKNOWN_DIGEST 161
1313#define EVP_R_UNKNOWN_PBE_ALGORITHM 121 1391#define EVP_R_UNKNOWN_PBE_ALGORITHM 121
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index c268d25cb4..0c54f05e6e 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -64,8 +64,18 @@
64#ifndef OPENSSL_NO_ENGINE 64#ifndef OPENSSL_NO_ENGINE
65#include <openssl/engine.h> 65#include <openssl/engine.h>
66#endif 66#endif
67#ifdef OPENSSL_FIPS
68#include <openssl/fips.h>
69#endif
67#include "evp_locl.h" 70#include "evp_locl.h"
68 71
72#ifdef OPENSSL_FIPS
73#define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
74#else
75#define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
76#endif
77
78
69const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; 79const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
70 80
71void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) 81void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
@@ -115,10 +125,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
115 /* Ensure a context left lying around from last time is cleared 125 /* Ensure a context left lying around from last time is cleared
116 * (the previous check attempted to avoid this if the same 126 * (the previous check attempted to avoid this if the same
117 * ENGINE and EVP_CIPHER could be used). */ 127 * ENGINE and EVP_CIPHER could be used). */
118 EVP_CIPHER_CTX_cleanup(ctx); 128 if (ctx->cipher)
119 129 {
120 /* Restore encrypt field: it is zeroed by cleanup */ 130 unsigned long flags = ctx->flags;
121 ctx->encrypt = enc; 131 EVP_CIPHER_CTX_cleanup(ctx);
132 /* Restore encrypt and flags */
133 ctx->encrypt = enc;
134 ctx->flags = flags;
135 }
122#ifndef OPENSSL_NO_ENGINE 136#ifndef OPENSSL_NO_ENGINE
123 if(impl) 137 if(impl)
124 { 138 {
@@ -155,6 +169,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
155 ctx->engine = NULL; 169 ctx->engine = NULL;
156#endif 170#endif
157 171
172#ifdef OPENSSL_FIPS
173 if (FIPS_mode())
174 return FIPS_cipherinit(ctx, cipher, key, iv, enc);
175#endif
158 ctx->cipher=cipher; 176 ctx->cipher=cipher;
159 if (ctx->cipher->ctx_size) 177 if (ctx->cipher->ctx_size)
160 { 178 {
@@ -188,6 +206,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
188#ifndef OPENSSL_NO_ENGINE 206#ifndef OPENSSL_NO_ENGINE
189skip_to_init: 207skip_to_init:
190#endif 208#endif
209#ifdef OPENSSL_FIPS
210 if (FIPS_mode())
211 return FIPS_cipherinit(ctx, cipher, key, iv, enc);
212#endif
191 /* we assume block size is a power of 2 in *cryptUpdate */ 213 /* we assume block size is a power of 2 in *cryptUpdate */
192 OPENSSL_assert(ctx->cipher->block_size == 1 214 OPENSSL_assert(ctx->cipher->block_size == 1
193 || ctx->cipher->block_size == 8 215 || ctx->cipher->block_size == 8
@@ -214,6 +236,13 @@ skip_to_init:
214 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); 236 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
215 break; 237 break;
216 238
239 case EVP_CIPH_CTR_MODE:
240 ctx->num = 0;
241 /* Don't reuse IV for CTR mode */
242 if(iv)
243 memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
244 break;
245
217 default: 246 default:
218 return 0; 247 return 0;
219 break; 248 break;
@@ -280,6 +309,16 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
280 { 309 {
281 int i,j,bl; 310 int i,j,bl;
282 311
312 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
313 {
314 i = M_do_cipher(ctx, out, in, inl);
315 if (i < 0)
316 return 0;
317 else
318 *outl = i;
319 return 1;
320 }
321
283 if (inl <= 0) 322 if (inl <= 0)
284 { 323 {
285 *outl = 0; 324 *outl = 0;
@@ -288,7 +327,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
288 327
289 if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) 328 if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
290 { 329 {
291 if(ctx->cipher->do_cipher(ctx,out,in,inl)) 330 if(M_do_cipher(ctx,out,in,inl))
292 { 331 {
293 *outl=inl; 332 *outl=inl;
294 return 1; 333 return 1;
@@ -315,7 +354,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
315 { 354 {
316 j=bl-i; 355 j=bl-i;
317 memcpy(&(ctx->buf[i]),in,j); 356 memcpy(&(ctx->buf[i]),in,j);
318 if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0; 357 if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;
319 inl-=j; 358 inl-=j;
320 in+=j; 359 in+=j;
321 out+=bl; 360 out+=bl;
@@ -328,7 +367,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
328 inl-=i; 367 inl-=i;
329 if (inl > 0) 368 if (inl > 0)
330 { 369 {
331 if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0; 370 if(!M_do_cipher(ctx,out,in,inl)) return 0;
332 *outl+=inl; 371 *outl+=inl;
333 } 372 }
334 373
@@ -350,6 +389,16 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
350 int n,ret; 389 int n,ret;
351 unsigned int i, b, bl; 390 unsigned int i, b, bl;
352 391
392 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
393 {
394 ret = M_do_cipher(ctx, out, NULL, 0);
395 if (ret < 0)
396 return 0;
397 else
398 *outl = ret;
399 return 1;
400 }
401
353 b=ctx->cipher->block_size; 402 b=ctx->cipher->block_size;
354 OPENSSL_assert(b <= sizeof ctx->buf); 403 OPENSSL_assert(b <= sizeof ctx->buf);
355 if (b == 1) 404 if (b == 1)
@@ -372,7 +421,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
372 n=b-bl; 421 n=b-bl;
373 for (i=bl; i<b; i++) 422 for (i=bl; i<b; i++)
374 ctx->buf[i]=n; 423 ctx->buf[i]=n;
375 ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b); 424 ret=M_do_cipher(ctx,out,ctx->buf,b);
376 425
377 426
378 if(ret) 427 if(ret)
@@ -387,6 +436,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
387 int fix_len; 436 int fix_len;
388 unsigned int b; 437 unsigned int b;
389 438
439 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
440 {
441 fix_len = M_do_cipher(ctx, out, in, inl);
442 if (fix_len < 0)
443 {
444 *outl = 0;
445 return 0;
446 }
447 else
448 *outl = fix_len;
449 return 1;
450 }
451
390 if (inl <= 0) 452 if (inl <= 0)
391 { 453 {
392 *outl = 0; 454 *outl = 0;
@@ -440,8 +502,18 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
440 { 502 {
441 int i,n; 503 int i,n;
442 unsigned int b; 504 unsigned int b;
443
444 *outl=0; 505 *outl=0;
506
507 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
508 {
509 i = M_do_cipher(ctx, out, NULL, 0);
510 if (i < 0)
511 return 0;
512 else
513 *outl = i;
514 return 1;
515 }
516
445 b=ctx->cipher->block_size; 517 b=ctx->cipher->block_size;
446 if (ctx->flags & EVP_CIPH_NO_PADDING) 518 if (ctx->flags & EVP_CIPH_NO_PADDING)
447 { 519 {
@@ -496,6 +568,7 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
496 568
497int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) 569int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
498 { 570 {
571#ifndef OPENSSL_FIPS
499 if (c->cipher != NULL) 572 if (c->cipher != NULL)
500 { 573 {
501 if(c->cipher->cleanup && !c->cipher->cleanup(c)) 574 if(c->cipher->cleanup && !c->cipher->cleanup(c))
@@ -506,12 +579,16 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
506 } 579 }
507 if (c->cipher_data) 580 if (c->cipher_data)
508 OPENSSL_free(c->cipher_data); 581 OPENSSL_free(c->cipher_data);
582#endif
509#ifndef OPENSSL_NO_ENGINE 583#ifndef OPENSSL_NO_ENGINE
510 if (c->engine) 584 if (c->engine)
511 /* The EVP_CIPHER we used belongs to an ENGINE, release the 585 /* The EVP_CIPHER we used belongs to an ENGINE, release the
512 * functional reference we held for this reason. */ 586 * functional reference we held for this reason. */
513 ENGINE_finish(c->engine); 587 ENGINE_finish(c->engine);
514#endif 588#endif
589#ifdef OPENSSL_FIPS
590 FIPS_cipher_ctx_cleanup(c);
591#endif
515 memset(c,0,sizeof(EVP_CIPHER_CTX)); 592 memset(c,0,sizeof(EVP_CIPHER_CTX));
516 return 1; 593 return 1;
517 } 594 }
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c
index 6b585c7483..db0f76d59b 100644
--- a/src/lib/libcrypto/evp/evp_err.c
+++ b/src/lib/libcrypto/evp/evp_err.c
@@ -1,6 +1,6 @@
1/* crypto/evp/evp_err.c */ 1/* crypto/evp/evp_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -71,8 +71,12 @@
71static ERR_STRING_DATA EVP_str_functs[]= 71static ERR_STRING_DATA EVP_str_functs[]=
72 { 72 {
73{ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"}, 73{ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"},
74{ERR_FUNC(EVP_F_AESNI_XTS_CIPHER), "AESNI_XTS_CIPHER"},
74{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, 75{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
76{ERR_FUNC(EVP_F_AES_XTS), "AES_XTS"},
77{ERR_FUNC(EVP_F_AES_XTS_CIPHER), "AES_XTS_CIPHER"},
75{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, 78{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"},
79{ERR_FUNC(EVP_F_CMAC_INIT), "CMAC_INIT"},
76{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, 80{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
77{ERR_FUNC(EVP_F_DO_SIGVER_INIT), "DO_SIGVER_INIT"}, 81{ERR_FUNC(EVP_F_DO_SIGVER_INIT), "DO_SIGVER_INIT"},
78{ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, 82{ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"},
@@ -87,7 +91,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
87{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, 91{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
88{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, 92{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
89{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, 93{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
90{ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_SIZE"}, 94{ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"},
91{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, 95{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
92{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, 96{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
93{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"}, 97{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"},
@@ -127,9 +131,17 @@ static ERR_STRING_DATA EVP_str_functs[]=
127{ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, 131{ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"},
128{ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"}, 132{ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"},
129{ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, 133{ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"},
134{ERR_FUNC(EVP_F_FIPS_CIPHERINIT), "FIPS_CIPHERINIT"},
135{ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_COPY), "FIPS_CIPHER_CTX_COPY"},
136{ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_CTRL), "FIPS_CIPHER_CTX_CTRL"},
137{ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH), "FIPS_CIPHER_CTX_SET_KEY_LENGTH"},
138{ERR_FUNC(EVP_F_FIPS_DIGESTINIT), "FIPS_DIGESTINIT"},
139{ERR_FUNC(EVP_F_FIPS_MD_CTX_COPY), "FIPS_MD_CTX_COPY"},
140{ERR_FUNC(EVP_F_HMAC_INIT_EX), "HMAC_Init_ex"},
130{ERR_FUNC(EVP_F_INT_CTX_NEW), "INT_CTX_NEW"}, 141{ERR_FUNC(EVP_F_INT_CTX_NEW), "INT_CTX_NEW"},
131{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, 142{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"},
132{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, 143{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
144{ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN), "PKCS5_V2_PBKDF2_KEYIVGEN"},
133{ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"}, 145{ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"},
134{ERR_FUNC(EVP_F_PKEY_SET_TYPE), "PKEY_SET_TYPE"}, 146{ERR_FUNC(EVP_F_PKEY_SET_TYPE), "PKEY_SET_TYPE"},
135{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, 147{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"},
@@ -139,6 +151,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
139 151
140static ERR_STRING_DATA EVP_str_reasons[]= 152static ERR_STRING_DATA EVP_str_reasons[]=
141 { 153 {
154{ERR_REASON(EVP_R_AES_IV_SETUP_FAILED) ,"aes iv setup failed"},
142{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"}, 155{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"},
143{ERR_REASON(EVP_R_ASN1_LIB) ,"asn1 lib"}, 156{ERR_REASON(EVP_R_ASN1_LIB) ,"asn1 lib"},
144{ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"}, 157{ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"},
@@ -156,6 +169,7 @@ static ERR_STRING_DATA EVP_str_reasons[]=
156{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, 169{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"},
157{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, 170{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"},
158{ERR_REASON(EVP_R_DIFFERENT_PARAMETERS) ,"different parameters"}, 171{ERR_REASON(EVP_R_DIFFERENT_PARAMETERS) ,"different parameters"},
172{ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"},
159{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, 173{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"},
160{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, 174{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
161{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, 175{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"},
@@ -187,6 +201,7 @@ static ERR_STRING_DATA EVP_str_reasons[]=
187{ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR),"private key decode error"}, 201{ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR),"private key decode error"},
188{ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR),"private key encode error"}, 202{ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR),"private key encode error"},
189{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, 203{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
204{ERR_REASON(EVP_R_TOO_LARGE) ,"too large"},
190{ERR_REASON(EVP_R_UNKNOWN_CIPHER) ,"unknown cipher"}, 205{ERR_REASON(EVP_R_UNKNOWN_CIPHER) ,"unknown cipher"},
191{ERR_REASON(EVP_R_UNKNOWN_DIGEST) ,"unknown digest"}, 206{ERR_REASON(EVP_R_UNKNOWN_DIGEST) ,"unknown digest"},
192{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"}, 207{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c
index 839d6a3a16..7961fbebf2 100644
--- a/src/lib/libcrypto/evp/evp_key.c
+++ b/src/lib/libcrypto/evp/evp_key.c
@@ -120,7 +120,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
120 unsigned char md_buf[EVP_MAX_MD_SIZE]; 120 unsigned char md_buf[EVP_MAX_MD_SIZE];
121 int niv,nkey,addmd=0; 121 int niv,nkey,addmd=0;
122 unsigned int mds=0,i; 122 unsigned int mds=0,i;
123 123 int rv = 0;
124 nkey=type->key_len; 124 nkey=type->key_len;
125 niv=type->iv_len; 125 niv=type->iv_len;
126 OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH); 126 OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
@@ -134,17 +134,24 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
134 if (!EVP_DigestInit_ex(&c,md, NULL)) 134 if (!EVP_DigestInit_ex(&c,md, NULL))
135 return 0; 135 return 0;
136 if (addmd++) 136 if (addmd++)
137 EVP_DigestUpdate(&c,&(md_buf[0]),mds); 137 if (!EVP_DigestUpdate(&c,&(md_buf[0]),mds))
138 EVP_DigestUpdate(&c,data,datal); 138 goto err;
139 if (!EVP_DigestUpdate(&c,data,datal))
140 goto err;
139 if (salt != NULL) 141 if (salt != NULL)
140 EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN); 142 if (!EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN))
141 EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds); 143 goto err;
144 if (!EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds))
145 goto err;
142 146
143 for (i=1; i<(unsigned int)count; i++) 147 for (i=1; i<(unsigned int)count; i++)
144 { 148 {
145 EVP_DigestInit_ex(&c,md, NULL); 149 if (!EVP_DigestInit_ex(&c,md, NULL))
146 EVP_DigestUpdate(&c,&(md_buf[0]),mds); 150 goto err;
147 EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds); 151 if (!EVP_DigestUpdate(&c,&(md_buf[0]),mds))
152 goto err;
153 if (!EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds))
154 goto err;
148 } 155 }
149 i=0; 156 i=0;
150 if (nkey) 157 if (nkey)
@@ -173,8 +180,10 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
173 } 180 }
174 if ((nkey == 0) && (niv == 0)) break; 181 if ((nkey == 0) && (niv == 0)) break;
175 } 182 }
183 rv = type->key_len;
184 err:
176 EVP_MD_CTX_cleanup(&c); 185 EVP_MD_CTX_cleanup(&c);
177 OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE); 186 OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
178 return(type->key_len); 187 return rv;
179 } 188 }
180 189
diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c
index 40951a04f0..b180e4828a 100644
--- a/src/lib/libcrypto/evp/evp_lib.c
+++ b/src/lib/libcrypto/evp/evp_lib.c
@@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
67 67
68 if (c->cipher->set_asn1_parameters != NULL) 68 if (c->cipher->set_asn1_parameters != NULL)
69 ret=c->cipher->set_asn1_parameters(c,type); 69 ret=c->cipher->set_asn1_parameters(c,type);
70 else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
71 ret=EVP_CIPHER_set_asn1_iv(c, type);
70 else 72 else
71 ret=-1; 73 ret=-1;
72 return(ret); 74 return(ret);
@@ -78,6 +80,8 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
78 80
79 if (c->cipher->get_asn1_parameters != NULL) 81 if (c->cipher->get_asn1_parameters != NULL)
80 ret=c->cipher->get_asn1_parameters(c,type); 82 ret=c->cipher->get_asn1_parameters(c,type);
83 else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
84 ret=EVP_CIPHER_get_asn1_iv(c, type);
81 else 85 else
82 ret=-1; 86 ret=-1;
83 return(ret); 87 return(ret);
diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h
index 292d74c188..08c0a66d39 100644
--- a/src/lib/libcrypto/evp/evp_locl.h
+++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -343,3 +343,43 @@ struct evp_pkey_method_st
343 } /* EVP_PKEY_METHOD */; 343 } /* EVP_PKEY_METHOD */;
344 344
345void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); 345void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
346
347int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
348 ASN1_TYPE *param,
349 const EVP_CIPHER *c, const EVP_MD *md, int en_de);
350
351#ifdef OPENSSL_FIPS
352
353#ifdef OPENSSL_DOING_MAKEDEPEND
354#undef SHA1_Init
355#undef SHA1_Update
356#undef SHA224_Init
357#undef SHA256_Init
358#undef SHA384_Init
359#undef SHA512_Init
360#undef DES_set_key_unchecked
361#endif
362
363#define RIPEMD160_Init private_RIPEMD160_Init
364#define WHIRLPOOL_Init private_WHIRLPOOL_Init
365#define MD5_Init private_MD5_Init
366#define MD4_Init private_MD4_Init
367#define MD2_Init private_MD2_Init
368#define MDC2_Init private_MDC2_Init
369#define SHA_Init private_SHA_Init
370#define SHA1_Init private_SHA1_Init
371#define SHA224_Init private_SHA224_Init
372#define SHA256_Init private_SHA256_Init
373#define SHA384_Init private_SHA384_Init
374#define SHA512_Init private_SHA512_Init
375
376#define BF_set_key private_BF_set_key
377#define CAST_set_key private_CAST_set_key
378#define idea_set_encrypt_key private_idea_set_encrypt_key
379#define SEED_set_key private_SEED_set_key
380#define RC2_set_key private_RC2_set_key
381#define RC4_set_key private_RC4_set_key
382#define DES_set_key_unchecked private_DES_set_key_unchecked
383#define Camellia_set_key private_Camellia_set_key
384
385#endif
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
index c9d932d205..f8c32d825e 100644
--- a/src/lib/libcrypto/evp/evp_pbe.c
+++ b/src/lib/libcrypto/evp/evp_pbe.c
@@ -61,6 +61,7 @@
61#include <openssl/evp.h> 61#include <openssl/evp.h>
62#include <openssl/pkcs12.h> 62#include <openssl/pkcs12.h>
63#include <openssl/x509.h> 63#include <openssl/x509.h>
64#include "evp_locl.h"
64 65
65/* Password based encryption (PBE) functions */ 66/* Password based encryption (PBE) functions */
66 67
@@ -87,6 +88,10 @@ static const EVP_PBE_CTL builtin_pbe[] =
87 {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC, 88 {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,
88 NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen}, 89 NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen},
89 90
91#ifndef OPENSSL_NO_HMAC
92 {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
93#endif
94
90 {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4, 95 {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4,
91 NID_rc4, NID_sha1, PKCS12_PBE_keyivgen}, 96 NID_rc4, NID_sha1, PKCS12_PBE_keyivgen},
92 {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4, 97 {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4,
diff --git a/src/lib/libcrypto/evp/evptests.txt b/src/lib/libcrypto/evp/evptests.txt
index beb12144b6..c273707c14 100644
--- a/src/lib/libcrypto/evp/evptests.txt
+++ b/src/lib/libcrypto/evp/evptests.txt
@@ -158,6 +158,19 @@ AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7B
158AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0 158AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0
159AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0 159AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0
160 160
161# AES Counter test vectors from RFC3686
162aes-128-ctr:AE6852F8121067CC4BF7A5765577F39E:00000030000000000000000000000001:53696E676C6520626C6F636B206D7367:E4095D4FB7A7B3792D6175A3261311B8:1
163aes-128-ctr:7E24067817FAE0D743D6CE1F32539163:006CB6DBC0543B59DA48D90B00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:5104A106168A72D9790D41EE8EDAD388EB2E1EFC46DA57C8FCE630DF9141BE28:1
164aes-128-ctr:7691BE035E5020A8AC6E618529F9A0DC:00E0017B27777F3F4A1786F000000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:C1CF48A89F2FFDD9CF4652E9EFDB72D74540A42BDE6D7836D59A5CEAAEF3105325B2072F:1
165
166aes-192-ctr:16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515:0000004836733C147D6D93CB00000001:53696E676C6520626C6F636B206D7367:4B55384FE259C9C84E7935A003CBE928:1
167aes-192-ctr:7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A:0096B03B020C6EADC2CB500D00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:453243FC609B23327EDFAAFA7131CD9F8490701C5AD4A79CFC1FE0FF42F4FB00:1
168aes-192-ctr:02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE:0007BDFD5CBD60278DCC091200000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:96893FC55E5C722F540B7DD1DDF7E758D288BC95C69165884536C811662F2188ABEE0935:1
169
170aes-256-ctr:776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104:00000060DB5672C97AA8F0B200000001:53696E676C6520626C6F636B206D7367:145AD01DBF824EC7560863DC71E3E0C0:1
171aes-256-ctr:F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884:00FAAC24C1585EF15A43D87500000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:F05E231B3894612C49EE000B804EB2A9B8306B508F839D6A5530831D9344AF1C:1
172aes-256-ctr:FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D:001CC5B751A51D70A1C1114800000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:EB6C52821D0BBBF7CE7594462ACA4FAAB407DF866569FD07F48CC0B583D6071F1EC0E6B8:1
173
161# DES ECB tests (from destest) 174# DES ECB tests (from destest)
162 175
163DES-ECB:0000000000000000::0000000000000000:8CA64DE9C1B123A7 176DES-ECB:0000000000000000::0000000000000000:8CA64DE9C1B123A7
diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c
index 48c2689504..4ad63ada6f 100644
--- a/src/lib/libcrypto/evp/m_dss.c
+++ b/src/lib/libcrypto/evp/m_dss.c
@@ -66,6 +66,7 @@
66#endif 66#endif
67 67
68#ifndef OPENSSL_NO_SHA 68#ifndef OPENSSL_NO_SHA
69#ifndef OPENSSL_FIPS
69 70
70static int init(EVP_MD_CTX *ctx) 71static int init(EVP_MD_CTX *ctx)
71 { return SHA1_Init(ctx->md_data); } 72 { return SHA1_Init(ctx->md_data); }
@@ -97,3 +98,4 @@ const EVP_MD *EVP_dss(void)
97 return(&dsa_md); 98 return(&dsa_md);
98 } 99 }
99#endif 100#endif
101#endif
diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c
index 4f03fb70e0..f80170efeb 100644
--- a/src/lib/libcrypto/evp/m_dss1.c
+++ b/src/lib/libcrypto/evp/m_dss1.c
@@ -68,6 +68,8 @@
68#include <openssl/dsa.h> 68#include <openssl/dsa.h>
69#endif 69#endif
70 70
71#ifndef OPENSSL_FIPS
72
71static int init(EVP_MD_CTX *ctx) 73static int init(EVP_MD_CTX *ctx)
72 { return SHA1_Init(ctx->md_data); } 74 { return SHA1_Init(ctx->md_data); }
73 75
@@ -98,3 +100,4 @@ const EVP_MD *EVP_dss1(void)
98 return(&dss1_md); 100 return(&dss1_md);
99 } 101 }
100#endif 102#endif
103#endif
diff --git a/src/lib/libcrypto/evp/m_md4.c b/src/lib/libcrypto/evp/m_md4.c
index 1e0b7c5b42..6d47f61b27 100644
--- a/src/lib/libcrypto/evp/m_md4.c
+++ b/src/lib/libcrypto/evp/m_md4.c
@@ -69,6 +69,8 @@
69#include <openssl/rsa.h> 69#include <openssl/rsa.h>
70#endif 70#endif
71 71
72#include "evp_locl.h"
73
72static int init(EVP_MD_CTX *ctx) 74static int init(EVP_MD_CTX *ctx)
73 { return MD4_Init(ctx->md_data); } 75 { return MD4_Init(ctx->md_data); }
74 76
diff --git a/src/lib/libcrypto/evp/m_md5.c b/src/lib/libcrypto/evp/m_md5.c
index 63c142119e..9a8bae0258 100644
--- a/src/lib/libcrypto/evp/m_md5.c
+++ b/src/lib/libcrypto/evp/m_md5.c
@@ -68,6 +68,7 @@
68#ifndef OPENSSL_NO_RSA 68#ifndef OPENSSL_NO_RSA
69#include <openssl/rsa.h> 69#include <openssl/rsa.h>
70#endif 70#endif
71#include "evp_locl.h"
71 72
72static int init(EVP_MD_CTX *ctx) 73static int init(EVP_MD_CTX *ctx)
73 { return MD5_Init(ctx->md_data); } 74 { return MD5_Init(ctx->md_data); }
diff --git a/src/lib/libcrypto/evp/m_mdc2.c b/src/lib/libcrypto/evp/m_mdc2.c
index b08d559803..3602bed316 100644
--- a/src/lib/libcrypto/evp/m_mdc2.c
+++ b/src/lib/libcrypto/evp/m_mdc2.c
@@ -69,6 +69,8 @@
69#include <openssl/rsa.h> 69#include <openssl/rsa.h>
70#endif 70#endif
71 71
72#include "evp_locl.h"
73
72static int init(EVP_MD_CTX *ctx) 74static int init(EVP_MD_CTX *ctx)
73 { return MDC2_Init(ctx->md_data); } 75 { return MDC2_Init(ctx->md_data); }
74 76
diff --git a/src/lib/libcrypto/evp/m_ripemd.c b/src/lib/libcrypto/evp/m_ripemd.c
index a1d60ee78d..7bf4804cf8 100644
--- a/src/lib/libcrypto/evp/m_ripemd.c
+++ b/src/lib/libcrypto/evp/m_ripemd.c
@@ -68,6 +68,7 @@
68#ifndef OPENSSL_NO_RSA 68#ifndef OPENSSL_NO_RSA
69#include <openssl/rsa.h> 69#include <openssl/rsa.h>
70#endif 70#endif
71#include "evp_locl.h"
71 72
72static int init(EVP_MD_CTX *ctx) 73static int init(EVP_MD_CTX *ctx)
73 { return RIPEMD160_Init(ctx->md_data); } 74 { return RIPEMD160_Init(ctx->md_data); }
diff --git a/src/lib/libcrypto/evp/m_sha.c b/src/lib/libcrypto/evp/m_sha.c
index acccc8f92d..8769cdd42f 100644
--- a/src/lib/libcrypto/evp/m_sha.c
+++ b/src/lib/libcrypto/evp/m_sha.c
@@ -67,6 +67,7 @@
67#ifndef OPENSSL_NO_RSA 67#ifndef OPENSSL_NO_RSA
68#include <openssl/rsa.h> 68#include <openssl/rsa.h>
69#endif 69#endif
70#include "evp_locl.h"
70 71
71static int init(EVP_MD_CTX *ctx) 72static int init(EVP_MD_CTX *ctx)
72 { return SHA_Init(ctx->md_data); } 73 { return SHA_Init(ctx->md_data); }
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c
index 9a2790fdea..3cb11f1ebb 100644
--- a/src/lib/libcrypto/evp/m_sha1.c
+++ b/src/lib/libcrypto/evp/m_sha1.c
@@ -59,6 +59,8 @@
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61 61
62#ifndef OPENSSL_FIPS
63
62#ifndef OPENSSL_NO_SHA 64#ifndef OPENSSL_NO_SHA
63 65
64#include <openssl/evp.h> 66#include <openssl/evp.h>
@@ -68,6 +70,7 @@
68#include <openssl/rsa.h> 70#include <openssl/rsa.h>
69#endif 71#endif
70 72
73
71static int init(EVP_MD_CTX *ctx) 74static int init(EVP_MD_CTX *ctx)
72 { return SHA1_Init(ctx->md_data); } 75 { return SHA1_Init(ctx->md_data); }
73 76
@@ -202,3 +205,5 @@ static const EVP_MD sha512_md=
202const EVP_MD *EVP_sha512(void) 205const EVP_MD *EVP_sha512(void)
203 { return(&sha512_md); } 206 { return(&sha512_md); }
204#endif /* ifndef OPENSSL_NO_SHA512 */ 207#endif /* ifndef OPENSSL_NO_SHA512 */
208
209#endif
diff --git a/src/lib/libcrypto/evp/names.c b/src/lib/libcrypto/evp/names.c
index f2869f5c78..6311ad7cfb 100644
--- a/src/lib/libcrypto/evp/names.c
+++ b/src/lib/libcrypto/evp/names.c
@@ -66,6 +66,10 @@ int EVP_add_cipher(const EVP_CIPHER *c)
66 { 66 {
67 int r; 67 int r;
68 68
69 if (c == NULL) return 0;
70
71 OPENSSL_init();
72
69 r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); 73 r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
70 if (r == 0) return(0); 74 if (r == 0) return(0);
71 check_defer(c->nid); 75 check_defer(c->nid);
@@ -78,6 +82,7 @@ int EVP_add_digest(const EVP_MD *md)
78 { 82 {
79 int r; 83 int r;
80 const char *name; 84 const char *name;
85 OPENSSL_init();
81 86
82 name=OBJ_nid2sn(md->type); 87 name=OBJ_nid2sn(md->type);
83 r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); 88 r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);
diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c
index 7ecfa8dad9..294cc90d87 100644
--- a/src/lib/libcrypto/evp/p5_crpt.c
+++ b/src/lib/libcrypto/evp/p5_crpt.c
@@ -82,6 +82,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
82 unsigned char *salt; 82 unsigned char *salt;
83 const unsigned char *pbuf; 83 const unsigned char *pbuf;
84 int mdsize; 84 int mdsize;
85 int rv = 0;
86 EVP_MD_CTX_init(&ctx);
85 87
86 /* Extract useful info from parameter */ 88 /* Extract useful info from parameter */
87 if (param == NULL || param->type != V_ASN1_SEQUENCE || 89 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
@@ -104,29 +106,38 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
104 if(!pass) passlen = 0; 106 if(!pass) passlen = 0;
105 else if(passlen == -1) passlen = strlen(pass); 107 else if(passlen == -1) passlen = strlen(pass);
106 108
107 EVP_MD_CTX_init(&ctx); 109 if (!EVP_DigestInit_ex(&ctx, md, NULL))
108 EVP_DigestInit_ex(&ctx, md, NULL); 110 goto err;
109 EVP_DigestUpdate(&ctx, pass, passlen); 111 if (!EVP_DigestUpdate(&ctx, pass, passlen))
110 EVP_DigestUpdate(&ctx, salt, saltlen); 112 goto err;
113 if (!EVP_DigestUpdate(&ctx, salt, saltlen))
114 goto err;
111 PBEPARAM_free(pbe); 115 PBEPARAM_free(pbe);
112 EVP_DigestFinal_ex(&ctx, md_tmp, NULL); 116 if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL))
117 goto err;
113 mdsize = EVP_MD_size(md); 118 mdsize = EVP_MD_size(md);
114 if (mdsize < 0) 119 if (mdsize < 0)
115 return 0; 120 return 0;
116 for (i = 1; i < iter; i++) { 121 for (i = 1; i < iter; i++) {
117 EVP_DigestInit_ex(&ctx, md, NULL); 122 if (!EVP_DigestInit_ex(&ctx, md, NULL))
118 EVP_DigestUpdate(&ctx, md_tmp, mdsize); 123 goto err;
119 EVP_DigestFinal_ex (&ctx, md_tmp, NULL); 124 if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize))
125 goto err;
126 if (!EVP_DigestFinal_ex (&ctx, md_tmp, NULL))
127 goto err;
120 } 128 }
121 EVP_MD_CTX_cleanup(&ctx);
122 OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); 129 OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));
123 memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); 130 memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
124 OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); 131 OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
125 memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), 132 memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
126 EVP_CIPHER_iv_length(cipher)); 133 EVP_CIPHER_iv_length(cipher));
127 EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de); 134 if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
135 goto err;
128 OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); 136 OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
129 OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); 137 OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
130 OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); 138 OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
131 return 1; 139 rv = 1;
140 err:
141 EVP_MD_CTX_cleanup(&ctx);
142 return rv;
132} 143}
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
index 334379f310..975d004df4 100644
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -62,6 +62,7 @@
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63#include <openssl/evp.h> 63#include <openssl/evp.h>
64#include <openssl/hmac.h> 64#include <openssl/hmac.h>
65#include "evp_locl.h"
65 66
66/* set this to print out info about the keygen algorithm */ 67/* set this to print out info about the keygen algorithm */
67/* #define DEBUG_PKCS5V2 */ 68/* #define DEBUG_PKCS5V2 */
@@ -110,10 +111,14 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
110 itmp[1] = (unsigned char)((i >> 16) & 0xff); 111 itmp[1] = (unsigned char)((i >> 16) & 0xff);
111 itmp[2] = (unsigned char)((i >> 8) & 0xff); 112 itmp[2] = (unsigned char)((i >> 8) & 0xff);
112 itmp[3] = (unsigned char)(i & 0xff); 113 itmp[3] = (unsigned char)(i & 0xff);
113 HMAC_Init_ex(&hctx, pass, passlen, digest, NULL); 114 if (!HMAC_Init_ex(&hctx, pass, passlen, digest, NULL)
114 HMAC_Update(&hctx, salt, saltlen); 115 || !HMAC_Update(&hctx, salt, saltlen)
115 HMAC_Update(&hctx, itmp, 4); 116 || !HMAC_Update(&hctx, itmp, 4)
116 HMAC_Final(&hctx, digtmp, NULL); 117 || !HMAC_Final(&hctx, digtmp, NULL))
118 {
119 HMAC_CTX_cleanup(&hctx);
120 return 0;
121 }
117 memcpy(p, digtmp, cplen); 122 memcpy(p, digtmp, cplen);
118 for(j = 1; j < iter; j++) 123 for(j = 1; j < iter; j++)
119 { 124 {
@@ -168,27 +173,24 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
168 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, 173 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md,
169 int en_de) 174 int en_de)
170{ 175{
171 unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
172 const unsigned char *pbuf; 176 const unsigned char *pbuf;
173 int saltlen, iter, plen; 177 int plen;
174 unsigned int keylen;
175 PBE2PARAM *pbe2 = NULL; 178 PBE2PARAM *pbe2 = NULL;
176 const EVP_CIPHER *cipher; 179 const EVP_CIPHER *cipher;
177 PBKDF2PARAM *kdf = NULL; 180
178 const EVP_MD *prfmd; 181 int rv = 0;
179 int prf_nid, hmac_md_nid;
180 182
181 if (param == NULL || param->type != V_ASN1_SEQUENCE || 183 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
182 param->value.sequence == NULL) { 184 param->value.sequence == NULL) {
183 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); 185 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
184 return 0; 186 goto err;
185 } 187 }
186 188
187 pbuf = param->value.sequence->data; 189 pbuf = param->value.sequence->data;
188 plen = param->value.sequence->length; 190 plen = param->value.sequence->length;
189 if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { 191 if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
190 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); 192 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
191 return 0; 193 goto err;
192 } 194 }
193 195
194 /* See if we recognise the key derivation function */ 196 /* See if we recognise the key derivation function */
@@ -211,38 +213,63 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
211 } 213 }
212 214
213 /* Fixup cipher based on AlgorithmIdentifier */ 215 /* Fixup cipher based on AlgorithmIdentifier */
214 EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de); 216 if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
217 goto err;
215 if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { 218 if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
216 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, 219 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
217 EVP_R_CIPHER_PARAMETER_ERROR); 220 EVP_R_CIPHER_PARAMETER_ERROR);
218 goto err; 221 goto err;
219 } 222 }
223 rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen,
224 pbe2->keyfunc->parameter, c, md, en_de);
225 err:
226 PBE2PARAM_free(pbe2);
227 return rv;
228}
229
230int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
231 ASN1_TYPE *param,
232 const EVP_CIPHER *c, const EVP_MD *md, int en_de)
233{
234 unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
235 const unsigned char *pbuf;
236 int saltlen, iter, plen;
237 int rv = 0;
238 unsigned int keylen = 0;
239 int prf_nid, hmac_md_nid;
240 PBKDF2PARAM *kdf = NULL;
241 const EVP_MD *prfmd;
242
243 if (EVP_CIPHER_CTX_cipher(ctx) == NULL)
244 {
245 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,EVP_R_NO_CIPHER_SET);
246 goto err;
247 }
220 keylen = EVP_CIPHER_CTX_key_length(ctx); 248 keylen = EVP_CIPHER_CTX_key_length(ctx);
221 OPENSSL_assert(keylen <= sizeof key); 249 OPENSSL_assert(keylen <= sizeof key);
222 250
223 /* Now decode key derivation function */ 251 /* Decode parameter */
224 252
225 if(!pbe2->keyfunc->parameter || 253 if(!param || (param->type != V_ASN1_SEQUENCE))
226 (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE))
227 { 254 {
228 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); 255 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,EVP_R_DECODE_ERROR);
229 goto err; 256 goto err;
230 } 257 }
231 258
232 pbuf = pbe2->keyfunc->parameter->value.sequence->data; 259 pbuf = param->value.sequence->data;
233 plen = pbe2->keyfunc->parameter->value.sequence->length; 260 plen = param->value.sequence->length;
261
234 if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { 262 if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
235 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); 263 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,EVP_R_DECODE_ERROR);
236 goto err; 264 goto err;
237 } 265 }
238 266
239 PBE2PARAM_free(pbe2); 267 keylen = EVP_CIPHER_CTX_key_length(ctx);
240 pbe2 = NULL;
241 268
242 /* Now check the parameters of the kdf */ 269 /* Now check the parameters of the kdf */
243 270
244 if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ 271 if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){
245 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, 272 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,
246 EVP_R_UNSUPPORTED_KEYLENGTH); 273 EVP_R_UNSUPPORTED_KEYLENGTH);
247 goto err; 274 goto err;
248 } 275 }
@@ -254,19 +281,19 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
254 281
255 if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) 282 if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0))
256 { 283 {
257 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); 284 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
258 goto err; 285 goto err;
259 } 286 }
260 287
261 prfmd = EVP_get_digestbynid(hmac_md_nid); 288 prfmd = EVP_get_digestbynid(hmac_md_nid);
262 if (prfmd == NULL) 289 if (prfmd == NULL)
263 { 290 {
264 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); 291 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
265 goto err; 292 goto err;
266 } 293 }
267 294
268 if(kdf->salt->type != V_ASN1_OCTET_STRING) { 295 if(kdf->salt->type != V_ASN1_OCTET_STRING) {
269 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, 296 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,
270 EVP_R_UNSUPPORTED_SALT_TYPE); 297 EVP_R_UNSUPPORTED_SALT_TYPE);
271 goto err; 298 goto err;
272 } 299 }
@@ -278,15 +305,11 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
278 if(!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd, 305 if(!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
279 keylen, key)) 306 keylen, key))
280 goto err; 307 goto err;
281 EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); 308 rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
282 OPENSSL_cleanse(key, keylen);
283 PBKDF2PARAM_free(kdf);
284 return 1;
285
286 err: 309 err:
287 PBE2PARAM_free(pbe2); 310 OPENSSL_cleanse(key, keylen);
288 PBKDF2PARAM_free(kdf); 311 PBKDF2PARAM_free(kdf);
289 return 0; 312 return rv;
290} 313}
291 314
292#ifdef DEBUG_PKCS5V2 315#ifdef DEBUG_PKCS5V2
diff --git a/src/lib/libcrypto/evp/p_open.c b/src/lib/libcrypto/evp/p_open.c
index 53a59a295c..c748fbea87 100644
--- a/src/lib/libcrypto/evp/p_open.c
+++ b/src/lib/libcrypto/evp/p_open.c
@@ -115,7 +115,8 @@ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
115 int i; 115 int i;
116 116
117 i=EVP_DecryptFinal_ex(ctx,out,outl); 117 i=EVP_DecryptFinal_ex(ctx,out,outl);
118 EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL); 118 if (i)
119 i = EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL);
119 return(i); 120 return(i);
120 } 121 }
121#else /* !OPENSSL_NO_RSA */ 122#else /* !OPENSSL_NO_RSA */
diff --git a/src/lib/libcrypto/evp/p_seal.c b/src/lib/libcrypto/evp/p_seal.c
index d8324526e7..e5919b0fbf 100644
--- a/src/lib/libcrypto/evp/p_seal.c
+++ b/src/lib/libcrypto/evp/p_seal.c
@@ -110,6 +110,7 @@ int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
110 { 110 {
111 int i; 111 int i;
112 i = EVP_EncryptFinal_ex(ctx,out,outl); 112 i = EVP_EncryptFinal_ex(ctx,out,outl);
113 EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL); 113 if (i)
114 i = EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL);
114 return i; 115 return i;
115 } 116 }
diff --git a/src/lib/libcrypto/evp/p_sign.c b/src/lib/libcrypto/evp/p_sign.c
index bb893f5bde..dfa48c157c 100644
--- a/src/lib/libcrypto/evp/p_sign.c
+++ b/src/lib/libcrypto/evp/p_sign.c
@@ -80,18 +80,20 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
80 { 80 {
81 unsigned char m[EVP_MAX_MD_SIZE]; 81 unsigned char m[EVP_MAX_MD_SIZE];
82 unsigned int m_len; 82 unsigned int m_len;
83 int i,ok=0,v; 83 int i=0,ok=0,v;
84 EVP_MD_CTX tmp_ctx; 84 EVP_MD_CTX tmp_ctx;
85 EVP_PKEY_CTX *pkctx = NULL;
85 86
86 *siglen=0; 87 *siglen=0;
87 EVP_MD_CTX_init(&tmp_ctx); 88 EVP_MD_CTX_init(&tmp_ctx);
88 EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); 89 if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx))
89 EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); 90 goto err;
91 if (!EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len))
92 goto err;
90 EVP_MD_CTX_cleanup(&tmp_ctx); 93 EVP_MD_CTX_cleanup(&tmp_ctx);
91 94
92 if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) 95 if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
93 { 96 {
94 EVP_PKEY_CTX *pkctx = NULL;
95 size_t sltmp = (size_t)EVP_PKEY_size(pkey); 97 size_t sltmp = (size_t)EVP_PKEY_size(pkey);
96 i = 0; 98 i = 0;
97 pkctx = EVP_PKEY_CTX_new(pkey, NULL); 99 pkctx = EVP_PKEY_CTX_new(pkey, NULL);
diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c
index 41d4b67130..5f5c409f45 100644
--- a/src/lib/libcrypto/evp/p_verify.c
+++ b/src/lib/libcrypto/evp/p_verify.c
@@ -67,17 +67,19 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
67 { 67 {
68 unsigned char m[EVP_MAX_MD_SIZE]; 68 unsigned char m[EVP_MAX_MD_SIZE];
69 unsigned int m_len; 69 unsigned int m_len;
70 int i,ok=0,v; 70 int i=-1,ok=0,v;
71 EVP_MD_CTX tmp_ctx; 71 EVP_MD_CTX tmp_ctx;
72 EVP_PKEY_CTX *pkctx = NULL;
72 73
73 EVP_MD_CTX_init(&tmp_ctx); 74 EVP_MD_CTX_init(&tmp_ctx);
74 EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); 75 if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx))
75 EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); 76 goto err;
77 if (!EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len))
78 goto err;
76 EVP_MD_CTX_cleanup(&tmp_ctx); 79 EVP_MD_CTX_cleanup(&tmp_ctx);
77 80
78 if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) 81 if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
79 { 82 {
80 EVP_PKEY_CTX *pkctx = NULL;
81 i = -1; 83 i = -1;
82 pkctx = EVP_PKEY_CTX_new(pkey, NULL); 84 pkctx = EVP_PKEY_CTX_new(pkey, NULL);
83 if (!pkctx) 85 if (!pkctx)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-27 16:34:40 +0000