From 15b5d84f9da2ce4bfae8580e56e34a859f74ad71 Mon Sep 17 00:00:00 2001 From: markus <> Date: Thu, 5 Sep 2002 12:51:50 +0000 Subject: import openssl-0.9.7-beta1 --- src/lib/libcrypto/evp/bio_b64.c | 93 +++-- src/lib/libcrypto/evp/bio_enc.c | 126 +++--- src/lib/libcrypto/evp/bio_md.c | 101 ++--- src/lib/libcrypto/evp/c_all.c | 130 +----- src/lib/libcrypto/evp/digest.c | 259 +++++++++++- src/lib/libcrypto/evp/e_aes.c | 4 +- src/lib/libcrypto/evp/e_bf.c | 16 +- src/lib/libcrypto/evp/e_cast.c | 16 +- src/lib/libcrypto/evp/e_des.c | 21 +- src/lib/libcrypto/evp/e_des3.c | 88 ++-- src/lib/libcrypto/evp/e_idea.c | 22 +- src/lib/libcrypto/evp/e_null.c | 42 +- src/lib/libcrypto/evp/e_rc2.c | 67 +-- src/lib/libcrypto/evp/e_rc4.c | 75 ++-- src/lib/libcrypto/evp/e_xcbc_d.c | 82 ++-- src/lib/libcrypto/evp/encode.c | 74 ++-- src/lib/libcrypto/evp/evp.h | 875 +++++++++++++++++++++------------------ src/lib/libcrypto/evp/evp_enc.c | 452 ++++++++++++++------ src/lib/libcrypto/evp/evp_err.c | 174 +++++--- src/lib/libcrypto/evp/evp_key.c | 67 +-- src/lib/libcrypto/evp/evp_lib.c | 55 ++- src/lib/libcrypto/evp/evp_locl.h | 125 ++++-- src/lib/libcrypto/evp/evp_pbe.c | 18 +- src/lib/libcrypto/evp/evp_pkey.c | 296 +++++++++---- src/lib/libcrypto/evp/m_dss.c | 31 +- src/lib/libcrypto/evp/m_dss1.c | 30 +- src/lib/libcrypto/evp/m_md4.c | 27 +- src/lib/libcrypto/evp/m_md5.c | 31 +- src/lib/libcrypto/evp/m_null.c | 31 +- src/lib/libcrypto/evp/m_ripemd.c | 31 +- src/lib/libcrypto/evp/m_sha1.c | 30 +- src/lib/libcrypto/evp/names.c | 244 ++--------- src/lib/libcrypto/evp/p5_crpt.c | 43 +- src/lib/libcrypto/evp/p5_crpt2.c | 17 +- src/lib/libcrypto/evp/p_dec.c | 23 +- src/lib/libcrypto/evp/p_enc.c | 23 +- src/lib/libcrypto/evp/p_lib.c | 145 ++++--- src/lib/libcrypto/evp/p_open.c | 52 +-- src/lib/libcrypto/evp/p_seal.c | 52 +-- src/lib/libcrypto/evp/p_sign.c | 31 +- src/lib/libcrypto/evp/p_verify.c | 19 +- 41 files changed, 2403 insertions(+), 1735 deletions(-) (limited to 'src/lib/libcrypto/evp') diff --git a/src/lib/libcrypto/evp/bio_b64.c b/src/lib/libcrypto/evp/bio_b64.c index 73172b9a07..f12eac1b55 100644 --- a/src/lib/libcrypto/evp/bio_b64.c +++ b/src/lib/libcrypto/evp/bio_b64.c @@ -59,27 +59,17 @@ #include #include #include "cryptlib.h" -#include "buffer.h" -#include "evp.h" - -#ifndef NOPROTO -static int b64_write(BIO *h,char *buf,int num); -static int b64_read(BIO *h,char *buf,int size); -/*static int b64_puts(BIO *h,char *str); */ -/*static int b64_gets(BIO *h,char *str,int size); */ -static long b64_ctrl(BIO *h,int cmd,long arg1,char *arg2); +#include +#include + +static int b64_write(BIO *h, const char *buf, int num); +static int b64_read(BIO *h, char *buf, int size); +/*static int b64_puts(BIO *h, const char *str); */ +/*static int b64_gets(BIO *h, char *str, int size); */ +static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int b64_new(BIO *h); static int b64_free(BIO *data); -#else -static int b64_write(); -static int b64_read(); -/*static int b64_puts(); */ -/*static int b64_gets(); */ -static long b64_ctrl(); -static int b64_new(); -static int b64_free(); -#endif - +static long b64_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp); #define B64_BLOCK_SIZE 1024 #define B64_BLOCK_SIZE2 768 #define B64_NONE 0 @@ -111,19 +101,19 @@ static BIO_METHOD methods_b64= b64_ctrl, b64_new, b64_free, + b64_callback_ctrl, }; -BIO_METHOD *BIO_f_base64() +BIO_METHOD *BIO_f_base64(void) { return(&methods_b64); } -static int b64_new(bi) -BIO *bi; +static int b64_new(BIO *bi) { BIO_B64_CTX *ctx; - ctx=(BIO_B64_CTX *)Malloc(sizeof(BIO_B64_CTX)); + ctx=(BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX)); if (ctx == NULL) return(0); ctx->buf_len=0; @@ -140,21 +130,17 @@ BIO *bi; return(1); } -static int b64_free(a) -BIO *a; +static int b64_free(BIO *a) { if (a == NULL) return(0); - Free(a->ptr); + OPENSSL_free(a->ptr); a->ptr=NULL; a->init=0; a->flags=0; return(1); } -static int b64_read(b,out,outl) -BIO *b; -char *out; -int outl; +static int b64_read(BIO *b, char *out, int outl) { int ret=0,i,ii,j,k,x,n,num,ret_code=0; BIO_B64_CTX *ctx; @@ -253,8 +239,8 @@ int outl; &(ctx->tmp[0])); for (x=0; x < i; x++) ctx->tmp[x]=p[x]; - EVP_DecodeInit(&ctx->base64); } + EVP_DecodeInit(&ctx->base64); ctx->start=0; break; } @@ -354,10 +340,7 @@ int outl; return((ret == 0)?ret_code:ret); } -static int b64_write(b,in,inl) -BIO *b; -char *in; -int inl; +static int b64_write(BIO *b, const char *in, int inl) { int ret=inl,n,i; BIO_B64_CTX *ctx; @@ -387,10 +370,11 @@ int inl; n-=i; } /* at this point all pending data has been written */ + ctx->buf_off=0; + ctx->buf_len=0; if ((in == NULL) || (inl <= 0)) return(0); - ctx->buf_off=0; while (inl > 0) { n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl; @@ -400,14 +384,20 @@ int inl; if (ctx->tmp_len > 0) { n=3-ctx->tmp_len; + /* There's a teoretical possibility for this */ + if (n > inl) + n=inl; memcpy(&(ctx->tmp[ctx->tmp_len]),in,n); ctx->tmp_len+=n; - n=ctx->tmp_len; - if (n < 3) + if (ctx->tmp_len < 3) break; ctx->buf_len=EVP_EncodeBlock( (unsigned char *)ctx->buf, - (unsigned char *)ctx->tmp,n); + (unsigned char *)ctx->tmp, + ctx->tmp_len); + /* Since we're now done using the temporary + buffer, the length should be 0'd */ + ctx->tmp_len=0; } else { @@ -451,11 +441,7 @@ int inl; return(ret); } -static long b64_ctrl(b,cmd,num,ptr) -BIO *b; -int cmd; -long num; -char *ptr; +static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) { BIO_B64_CTX *ctx; long ret=1; @@ -479,7 +465,8 @@ char *ptr; break; case BIO_CTRL_WPENDING: /* More to write in buffer */ ret=ctx->buf_len-ctx->buf_off; - if ((ret == 0) && (ctx->base64.num != 0)) + if ((ret == 0) && (ctx->encode != B64_NONE) + && (ctx->base64.num != 0)) ret=1; else if (ret <= 0) ret=BIO_ctrl(b->next_bio,cmd,num,ptr); @@ -514,7 +501,7 @@ again: goto again; } } - else if (ctx->base64.num != 0) + else if (ctx->encode != B64_NONE && ctx->base64.num != 0) { ctx->buf_off=0; EVP_EncodeFinal(&(ctx->base64), @@ -545,3 +532,17 @@ again: return(ret); } +static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) + { + long ret=1; + + if (b->next_bio == NULL) return(0); + switch (cmd) + { + default: + ret=BIO_callback_ctrl(b->next_bio,cmd,fp); + break; + } + return(ret); + } + diff --git a/src/lib/libcrypto/evp/bio_enc.c b/src/lib/libcrypto/evp/bio_enc.c index 6c30ddfc54..64fb2353af 100644 --- a/src/lib/libcrypto/evp/bio_enc.c +++ b/src/lib/libcrypto/evp/bio_enc.c @@ -59,28 +59,19 @@ #include #include #include "cryptlib.h" -#include "buffer.h" -#include "evp.h" - -#ifndef NOPROTO -static int enc_write(BIO *h,char *buf,int num); -static int enc_read(BIO *h,char *buf,int size); -/*static int enc_puts(BIO *h,char *str); */ -/*static int enc_gets(BIO *h,char *str,int size); */ -static long enc_ctrl(BIO *h,int cmd,long arg1,char *arg2); +#include +#include + +static int enc_write(BIO *h, const char *buf, int num); +static int enc_read(BIO *h, char *buf, int size); +/*static int enc_puts(BIO *h, const char *str); */ +/*static int enc_gets(BIO *h, char *str, int size); */ +static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int enc_new(BIO *h); static int enc_free(BIO *data); -#else -static int enc_write(); -static int enc_read(); -/*static int enc_puts(); */ -/*static int enc_gets(); */ -static long enc_ctrl(); -static int enc_new(); -static int enc_free(); -#endif - +static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps); #define ENC_BLOCK_SIZE (1024*4) +#define BUF_OFFSET EVP_MAX_BLOCK_LENGTH typedef struct enc_struct { @@ -90,7 +81,10 @@ typedef struct enc_struct int finished; int ok; /* bad decrypt */ EVP_CIPHER_CTX cipher; - char buf[ENC_BLOCK_SIZE+10]; + /* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate + * can return up to a block more data than is presented to it + */ + char buf[ENC_BLOCK_SIZE+BUF_OFFSET+2]; } BIO_ENC_CTX; static BIO_METHOD methods_enc= @@ -103,21 +97,21 @@ static BIO_METHOD methods_enc= enc_ctrl, enc_new, enc_free, + enc_callback_ctrl, }; -BIO_METHOD *BIO_f_cipher() +BIO_METHOD *BIO_f_cipher(void) { return(&methods_enc); } -static int enc_new(bi) -BIO *bi; +static int enc_new(BIO *bi) { BIO_ENC_CTX *ctx; - ctx=(BIO_ENC_CTX *)Malloc(sizeof(BIO_ENC_CTX)); - EVP_CIPHER_CTX_init(&ctx->cipher); + ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX)); if (ctx == NULL) return(0); + EVP_CIPHER_CTX_init(&ctx->cipher); ctx->buf_len=0; ctx->buf_off=0; @@ -131,8 +125,7 @@ BIO *bi; return(1); } -static int enc_free(a) -BIO *a; +static int enc_free(BIO *a) { BIO_ENC_CTX *b; @@ -140,17 +133,14 @@ BIO *a; b=(BIO_ENC_CTX *)a->ptr; EVP_CIPHER_CTX_cleanup(&(b->cipher)); memset(a->ptr,0,sizeof(BIO_ENC_CTX)); - Free(a->ptr); + OPENSSL_free(a->ptr); a->ptr=NULL; a->init=0; a->flags=0; return(1); } -static int enc_read(b,out,outl) -BIO *b; -char *out; -int outl; +static int enc_read(BIO *b, char *out, int outl) { int ret=0,i; BIO_ENC_CTX *ctx; @@ -184,9 +174,9 @@ int outl; { if (ctx->cont <= 0) break; - /* read in at offset 8, read the EVP_Cipher + /* read in at IV offset, read the EVP_Cipher * documentation about why */ - i=BIO_read(b->next_bio,&(ctx->buf[8]),ENC_BLOCK_SIZE); + i=BIO_read(b->next_bio,&(ctx->buf[BUF_OFFSET]),ENC_BLOCK_SIZE); if (i <= 0) { @@ -194,29 +184,37 @@ int outl; if (!BIO_should_retry(b->next_bio)) { ctx->cont=i; - i=EVP_CipherFinal(&(ctx->cipher), + i=EVP_CipherFinal_ex(&(ctx->cipher), (unsigned char *)ctx->buf, &(ctx->buf_len)); ctx->ok=i; ctx->buf_off=0; } - else + else + { ret=(ret == 0)?i:ret; - break; + break; + } } else { EVP_CipherUpdate(&(ctx->cipher), (unsigned char *)ctx->buf,&ctx->buf_len, - (unsigned char *)&(ctx->buf[8]),i); + (unsigned char *)&(ctx->buf[BUF_OFFSET]),i); ctx->cont=1; + /* Note: it is possible for EVP_CipherUpdate to + * decrypt zero bytes because this is or looks like + * the final block: if this happens we should retry + * and either read more data or decrypt the final + * block + */ + if(ctx->buf_len == 0) continue; } if (ctx->buf_len <= outl) i=ctx->buf_len; else i=outl; - if (i <= 0) break; memcpy(out,ctx->buf,i); ret+=i; @@ -230,10 +228,7 @@ int outl; return((ret == 0)?ctx->cont:ret); } -static int enc_write(b,in,inl) -BIO *b; -char *in; -int inl; +static int enc_write(BIO *b, const char *in, int inl) { int ret=0,n,i; BIO_ENC_CTX *ctx; @@ -288,16 +283,13 @@ int inl; return(ret); } -static long enc_ctrl(b,cmd,num,ptr) -BIO *b; -int cmd; -long num; -char *ptr; +static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) { BIO *dbio; BIO_ENC_CTX *ctx,*dctx; long ret=1; int i; + EVP_CIPHER_CTX **c_ctx; ctx=(BIO_ENC_CTX *)b->ptr; @@ -306,7 +298,7 @@ char *ptr; case BIO_CTRL_RESET: ctx->ok=1; ctx->finished=0; - EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL, + EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL, ctx->cipher.encrypt); ret=BIO_ctrl(b->next_bio,cmd,num,ptr); break; @@ -343,7 +335,7 @@ again: { ctx->finished=1; ctx->buf_off=0; - ret=EVP_CipherFinal(&(ctx->cipher), + ret=EVP_CipherFinal_ex(&(ctx->cipher), (unsigned char *)ctx->buf, &(ctx->buf_len)); ctx->ok=(int)ret; @@ -364,7 +356,11 @@ again: ret=BIO_ctrl(b->next_bio,cmd,num,ptr); BIO_copy_next_retry(b); break; - + case BIO_C_GET_CIPHER_CTX: + c_ctx=(EVP_CIPHER_CTX **)ptr; + (*c_ctx)= &(ctx->cipher); + b->init=1; + break; case BIO_CTRL_DUP: dbio=(BIO *)ptr; dctx=(BIO_ENC_CTX *)dbio->ptr; @@ -378,6 +374,20 @@ again: return(ret); } +static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) + { + long ret=1; + + if (b->next_bio == NULL) return(0); + switch (cmd) + { + default: + ret=BIO_callback_ctrl(b->next_bio,cmd,fp); + break; + } + return(ret); + } + /* void BIO_set_cipher_ctx(b,c) BIO *b; @@ -398,26 +408,22 @@ EVP_CIPHER_ctx *c; } */ -void BIO_set_cipher(b,c,k,i,e) -BIO *b; -EVP_CIPHER *c; -unsigned char *k; -unsigned char *i; -int e; +void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, unsigned char *k, + unsigned char *i, int e) { BIO_ENC_CTX *ctx; if (b == NULL) return; if ((b->callback != NULL) && - (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0)) + (b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,0L) <= 0)) return; b->init=1; ctx=(BIO_ENC_CTX *)b->ptr; - EVP_CipherInit(&(ctx->cipher),c,k,i,e); + EVP_CipherInit_ex(&(ctx->cipher),c,NULL, k,i,e); if (b->callback != NULL) - b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L); + b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L); } diff --git a/src/lib/libcrypto/evp/bio_md.c b/src/lib/libcrypto/evp/bio_md.c index fa5fdc055b..c632dfb202 100644 --- a/src/lib/libcrypto/evp/bio_md.c +++ b/src/lib/libcrypto/evp/bio_md.c @@ -59,29 +59,20 @@ #include #include #include "cryptlib.h" -#include "buffer.h" -#include "evp.h" +#include +#include /* BIO_put and BIO_get both add to the digest, * BIO_gets returns the digest */ -#ifndef NOPROTO -static int md_write(BIO *h,char *buf,int num); -static int md_read(BIO *h,char *buf,int size); -/*static int md_puts(BIO *h,char *str); */ -static int md_gets(BIO *h,char *str,int size); -static long md_ctrl(BIO *h,int cmd,long arg1,char *arg2); +static int md_write(BIO *h, char const *buf, int num); +static int md_read(BIO *h, char *buf, int size); +/*static int md_puts(BIO *h, const char *str); */ +static int md_gets(BIO *h, char *str, int size); +static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int md_new(BIO *h); static int md_free(BIO *data); -#else -static int md_write(); -static int md_read(); -/*static int md_puts(); */ -static int md_gets(); -static long md_ctrl(); -static int md_new(); -static int md_free(); -#endif +static long md_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp); static BIO_METHOD methods_md= { @@ -93,19 +84,19 @@ static BIO_METHOD methods_md= md_ctrl, md_new, md_free, + md_callback_ctrl, }; -BIO_METHOD *BIO_f_md() +BIO_METHOD *BIO_f_md(void) { return(&methods_md); } -static int md_new(bi) -BIO *bi; +static int md_new(BIO *bi) { EVP_MD_CTX *ctx; - ctx=(EVP_MD_CTX *)Malloc(sizeof(EVP_MD_CTX)); + ctx=EVP_MD_CTX_create(); if (ctx == NULL) return(0); bi->init=0; @@ -114,27 +105,23 @@ BIO *bi; return(1); } -static int md_free(a) -BIO *a; +static int md_free(BIO *a) { if (a == NULL) return(0); - Free(a->ptr); + EVP_MD_CTX_destroy(a->ptr); a->ptr=NULL; a->init=0; a->flags=0; return(1); } -static int md_read(b,out,outl) -BIO *b; -char *out; -int outl; +static int md_read(BIO *b, char *out, int outl) { int ret=0; EVP_MD_CTX *ctx; if (out == NULL) return(0); - ctx=(EVP_MD_CTX *)b->ptr; + ctx=b->ptr; if ((ctx == NULL) || (b->next_bio == NULL)) return(0); @@ -152,16 +139,13 @@ int outl; return(ret); } -static int md_write(b,in,inl) -BIO *b; -char *in; -int inl; +static int md_write(BIO *b, const char *in, int inl) { int ret=0; EVP_MD_CTX *ctx; if ((in == NULL) || (inl <= 0)) return(0); - ctx=(EVP_MD_CTX *)b->ptr; + ctx=b->ptr; if ((ctx != NULL) && (b->next_bio != NULL)) ret=BIO_write(b->next_bio,in,inl); @@ -178,25 +162,21 @@ int inl; return(ret); } -static long md_ctrl(b,cmd,num,ptr) -BIO *b; -int cmd; -long num; -char *ptr; +static long md_ctrl(BIO *b, int cmd, long num, void *ptr) { EVP_MD_CTX *ctx,*dctx,**pctx; - EVP_MD **ppmd; + const EVP_MD **ppmd; EVP_MD *md; long ret=1; BIO *dbio; - ctx=(EVP_MD_CTX *)b->ptr; + ctx=b->ptr; switch (cmd) { case BIO_CTRL_RESET: if (b->init) - EVP_DigestInit(ctx,ctx->digest); + EVP_DigestInit_ex(ctx,ctx->digest, NULL); else ret=0; ret=BIO_ctrl(b->next_bio,cmd,num,ptr); @@ -204,7 +184,7 @@ char *ptr; case BIO_C_GET_MD: if (b->init) { - ppmd=(EVP_MD **)ptr; + ppmd=ptr; *ppmd=ctx->digest; } else @@ -213,7 +193,7 @@ char *ptr; case BIO_C_GET_MD_CTX: if (b->init) { - pctx=(EVP_MD_CTX **)ptr; + pctx=ptr; *pctx=ctx; } else @@ -226,14 +206,14 @@ char *ptr; break; case BIO_C_SET_MD: - md=(EVP_MD *)ptr; - EVP_DigestInit(ctx,md); + md=ptr; + EVP_DigestInit_ex(ctx,md, NULL); b->init=1; break; case BIO_CTRL_DUP: - dbio=(BIO *)ptr; - dctx=(EVP_MD_CTX *)dbio->ptr; - memcpy(dctx,ctx,sizeof(ctx)); + dbio=ptr; + dctx=dbio->ptr; + EVP_MD_CTX_copy_ex(dctx,ctx); b->init=1; break; default: @@ -243,19 +223,30 @@ char *ptr; return(ret); } -static int md_gets(bp,buf,size) -BIO *bp; -char *buf; -int size; +static long md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) + { + long ret=1; + + if (b->next_bio == NULL) return(0); + switch (cmd) + { + default: + ret=BIO_callback_ctrl(b->next_bio,cmd,fp); + break; + } + return(ret); + } + +static int md_gets(BIO *bp, char *buf, int size) { EVP_MD_CTX *ctx; unsigned int ret; - ctx=(EVP_MD_CTX *)bp->ptr; + ctx=bp->ptr; if (size < ctx->digest->md_size) return(0); - EVP_DigestFinal(ctx,(unsigned char *)buf,&ret); + EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret); return((int)ret); } diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c index e77d1c896b..5ffd352ea0 100644 --- a/src/lib/libcrypto/evp/c_all.c +++ b/src/lib/libcrypto/evp/c_all.c @@ -58,133 +58,17 @@ #include #include "cryptlib.h" -#include "evp.h" -#include "objects.h" +#include -void SSLeay_add_all_algorithms() - { - SSLeay_add_all_ciphers(); - SSLeay_add_all_digests(); - } +#undef OpenSSL_add_all_algorithms -void SSLeay_add_all_ciphers() +void OpenSSL_add_all_algorithms(void) { -#ifndef NO_DES - EVP_add_cipher(EVP_des_cfb()); - EVP_add_cipher(EVP_des_ede_cfb()); - EVP_add_cipher(EVP_des_ede3_cfb()); - - EVP_add_cipher(EVP_des_ofb()); - EVP_add_cipher(EVP_des_ede_ofb()); - EVP_add_cipher(EVP_des_ede3_ofb()); - - EVP_add_cipher(EVP_desx_cbc()); - EVP_add_alias(SN_desx_cbc,"DESX"); - EVP_add_alias(SN_desx_cbc,"desx"); - - EVP_add_cipher(EVP_des_cbc()); - EVP_add_alias(SN_des_cbc,"DES"); - EVP_add_alias(SN_des_cbc,"des"); - EVP_add_cipher(EVP_des_ede_cbc()); - EVP_add_cipher(EVP_des_ede3_cbc()); - EVP_add_alias(SN_des_ede3_cbc,"DES3"); - EVP_add_alias(SN_des_ede3_cbc,"des3"); - - EVP_add_cipher(EVP_des_ecb()); - EVP_add_cipher(EVP_des_ede()); - EVP_add_cipher(EVP_des_ede3()); -#endif - -#ifndef NO_RC4 - EVP_add_cipher(EVP_rc4()); - EVP_add_cipher(EVP_rc4_40()); -#endif - -#ifndef NO_IDEA - EVP_add_cipher(EVP_idea_ecb()); - EVP_add_cipher(EVP_idea_cfb()); - EVP_add_cipher(EVP_idea_ofb()); - EVP_add_cipher(EVP_idea_cbc()); - EVP_add_alias(SN_idea_cbc,"IDEA"); - EVP_add_alias(SN_idea_cbc,"idea"); -#endif - -#ifndef NO_RC2 - EVP_add_cipher(EVP_rc2_ecb()); - EVP_add_cipher(EVP_rc2_cfb()); - EVP_add_cipher(EVP_rc2_ofb()); - EVP_add_cipher(EVP_rc2_cbc()); - EVP_add_cipher(EVP_rc2_40_cbc()); - EVP_add_alias(SN_rc2_cbc,"RC2"); - EVP_add_alias(SN_rc2_cbc,"rc2"); -#endif - -#ifndef NO_BLOWFISH - EVP_add_cipher(EVP_bf_ecb()); - EVP_add_cipher(EVP_bf_cfb()); - EVP_add_cipher(EVP_bf_ofb()); - EVP_add_cipher(EVP_bf_cbc()); - EVP_add_alias(SN_bf_cbc,"BF"); - EVP_add_alias(SN_bf_cbc,"bf"); - EVP_add_alias(SN_bf_cbc,"blowfish"); -#endif - -#ifndef NO_CAST - EVP_add_cipher(EVP_cast5_ecb()); - EVP_add_cipher(EVP_cast5_cfb()); - EVP_add_cipher(EVP_cast5_ofb()); - EVP_add_cipher(EVP_cast5_cbc()); - EVP_add_alias(SN_cast5_cbc,"CAST"); - EVP_add_alias(SN_cast5_cbc,"cast"); - EVP_add_alias(SN_cast5_cbc,"CAST-cbc"); - EVP_add_alias(SN_cast5_cbc,"cast-cbc"); -#endif - -#ifndef NO_RC5 - EVP_add_cipher(EVP_rc5_32_12_16_ecb()); - EVP_add_cipher(EVP_rc5_32_12_16_cfb()); - EVP_add_cipher(EVP_rc5_32_12_16_ofb()); - EVP_add_cipher(EVP_rc5_32_12_16_cbc()); - EVP_add_alias(SN_rc5_cbc,"rc5"); - EVP_add_alias(SN_rc5_cbc,"RC5"); - EVP_add_alias(SN_rc5_cbc,"rc5-cbc"); - EVP_add_alias(SN_rc5_cbc,"RC5-cbc"); -#endif + OPENSSL_add_all_algorithms_noconf(); } - -void SSLeay_add_all_digests() +void OPENSSL_add_all_algorithms_noconf(void) { -#ifndef NO_MD2 - EVP_add_digest(EVP_md2()); -#endif -#ifndef NO_MD5 - EVP_add_digest(EVP_md5()); - EVP_add_alias(SN_md5,"ssl2-md5"); - EVP_add_alias(SN_md5,"ssl3-md5"); -#endif -#ifndef NO_SHA - EVP_add_digest(EVP_sha()); -#ifndef NO_DSA - EVP_add_digest(EVP_dss()); -#endif -#endif -#ifndef NO_SHA1 - EVP_add_digest(EVP_sha1()); - EVP_add_alias(SN_sha1,"ssl3-sha1"); -#ifndef NO_DSA - EVP_add_digest(EVP_dss1()); - EVP_add_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); - EVP_add_alias(SN_dsaWithSHA1,"DSS1"); - EVP_add_alias(SN_dsaWithSHA1,"dss1"); -#endif -#endif -#if !defined(NO_MDC2) && !defined(NO_DES) - EVP_add_digest(EVP_mdc2()); -#endif -#ifndef NO_RIPEMD160 - EVP_add_digest(EVP_ripemd160()); - EVP_add_alias(SN_ripemd160,"ripemd"); - EVP_add_alias(SN_ripemd160,"rmd160"); -#endif + OpenSSL_add_all_ciphers(); + OpenSSL_add_all_digests(); } diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c index d65f0036f7..a969ac69ed 100644 --- a/src/lib/libcrypto/evp/digest.c +++ b/src/lib/libcrypto/evp/digest.c @@ -55,35 +55,258 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include #include "cryptlib.h" -#include "objects.h" -#include "evp.h" +#include +#include +#include + +void EVP_MD_CTX_init(EVP_MD_CTX *ctx) + { + memset(ctx,'\0',sizeof *ctx); + } + +EVP_MD_CTX *EVP_MD_CTX_create(void) + { + EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx); + + EVP_MD_CTX_init(ctx); + + return ctx; + } -void EVP_DigestInit(ctx,type) -EVP_MD_CTX *ctx; -EVP_MD *type; +int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) { - ctx->digest=type; - type->init(&(ctx->md)); + EVP_MD_CTX_init(ctx); + return EVP_DigestInit_ex(ctx, type, NULL); } -void EVP_DigestUpdate(ctx,data,count) -EVP_MD_CTX *ctx; -unsigned char *data; -unsigned int count; +int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { - ctx->digest->update(&(ctx->md.base[0]),data,(unsigned long)count); + EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); + /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts + * so this context may already have an ENGINE! Try to avoid releasing + * the previous handle, re-querying for an ENGINE, and having a + * reinitialisation, when it may all be unecessary. */ + if (ctx->engine && ctx->digest && (!type || + (type && (type->type == ctx->digest->type)))) + goto skip_to_init; + if (type) + { + /* Ensure an ENGINE left lying around from last time is cleared + * (the previous check attempted to avoid this if the same + * ENGINE and EVP_MD could be used). */ + if(ctx->engine) + ENGINE_finish(ctx->engine); + if(impl) + { + if (!ENGINE_init(impl)) + { + EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); + return 0; + } + } + else + /* Ask if an ENGINE is reserved for this job */ + impl = ENGINE_get_digest_engine(type->type); + if(impl) + { + /* There's an ENGINE for this job ... (apparently) */ + const EVP_MD *d = ENGINE_get_digest(impl, type->type); + if(!d) + { + /* Same comment from evp_enc.c */ + EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); + return 0; + } + /* We'll use the ENGINE's private digest definition */ + type = d; + /* Store the ENGINE functional reference so we know + * 'type' came from an ENGINE and we need to release + * it when done. */ + ctx->engine = impl; + } + else + ctx->engine = NULL; + } + else if(!ctx->digest) + { + EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET); + return 0; + } + if (ctx->digest != type) + { + if (ctx->digest && ctx->digest->ctx_size) + OPENSSL_free(ctx->md_data); + ctx->digest=type; + if (type->ctx_size) + ctx->md_data=OPENSSL_malloc(type->ctx_size); + } +skip_to_init: + return ctx->digest->init(ctx); } -void EVP_DigestFinal(ctx,md,size) -EVP_MD_CTX *ctx; -unsigned char *md; -unsigned int *size; +int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, + unsigned int count) { - ctx->digest->final(md,&(ctx->md.base[0])); + return ctx->digest->update(ctx,data,(unsigned long)count); + } + +/* The caller can assume that this removes any secret data from the context */ +int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) + { + int ret; + ret = EVP_DigestFinal_ex(ctx, md, size); + EVP_MD_CTX_cleanup(ctx); + return ret; + } + +/* The caller can assume that this removes any secret data from the context */ +int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) + { + int ret; + ret=ctx->digest->final(ctx,md); if (size != NULL) *size=ctx->digest->md_size; - memset(&(ctx->md),0,sizeof(ctx->md)); + if (ctx->digest->cleanup) + { + ctx->digest->cleanup(ctx); + EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); + } + memset(ctx->md_data,0,ctx->digest->ctx_size); + return ret; + } + +int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) + { + EVP_MD_CTX_init(out); + return EVP_MD_CTX_copy_ex(out, in); + } + +int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) + { + if ((in == NULL) || (in->digest == NULL)) + { + EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); + return 0; + } + /* Make sure it's safe to copy a digest context using an ENGINE */ + if (in->engine && !ENGINE_init(in->engine)) + { + EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB); + return 0; + } + + EVP_MD_CTX_cleanup(out); + memcpy(out,in,sizeof *out); + + if (out->digest->ctx_size) + { + out->md_data=OPENSSL_malloc(out->digest->ctx_size); + memcpy(out->md_data,in->md_data,out->digest->ctx_size); + } + + if (out->digest->copy) + return out->digest->copy(out,in); + + return 1; + } + +int EVP_Digest(void *data, unsigned int count, + unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) + { + EVP_MD_CTX ctx; + int ret; + + EVP_MD_CTX_init(&ctx); + EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT); + ret=EVP_DigestInit_ex(&ctx, type, impl) + && EVP_DigestUpdate(&ctx, data, count) + && EVP_DigestFinal_ex(&ctx, md, size); + EVP_MD_CTX_cleanup(&ctx); + + return ret; + } + +void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) + { + EVP_MD_CTX_cleanup(ctx); + OPENSSL_free(ctx); + } + +/* This call frees resources associated with the context */ +int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) + { + /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final, + * because sometimes only copies of the context are ever finalised. + */ + if (ctx->digest && ctx->digest->cleanup + && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) + ctx->digest->cleanup(ctx); + if (ctx->digest && ctx->digest->ctx_size && ctx->md_data) + { + memset(ctx->md_data,0,ctx->digest->ctx_size); + OPENSSL_free(ctx->md_data); + } + if(ctx->engine) + /* The EVP_MD we used belongs to an ENGINE, release the + * functional reference we held for this reason. */ + ENGINE_finish(ctx->engine); + memset(ctx,'\0',sizeof *ctx); + + return 1; } diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c index 9d03a9602f..c323fa2892 100644 --- a/src/lib/libcrypto/evp/e_aes.c +++ b/src/lib/libcrypto/evp/e_aes.c @@ -88,7 +88,9 @@ IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - if (enc) + if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE + || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE + || enc) AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); else AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); diff --git a/src/lib/libcrypto/evp/e_bf.c b/src/lib/libcrypto/evp/e_bf.c index 72047f64da..e74337567b 100644 --- a/src/lib/libcrypto/evp/e_bf.c +++ b/src/lib/libcrypto/evp/e_bf.c @@ -56,24 +56,32 @@ * [including the GNU Public Licence.] */ -#ifndef NO_BF +#ifndef OPENSSL_NO_BF #include #include "cryptlib.h" #include #include "evp_locl.h" #include +#include static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); -IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8, - 0, bf_init_key, NULL, +typedef struct + { + BF_KEY ks; + } EVP_BF_KEY; + +#define data(ctx) EVP_C_DATA(EVP_BF_KEY,ctx) + +IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64, + EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - BF_set_key(&(ctx->c.bf_ks),EVP_CIPHER_CTX_key_length(ctx),key); + BF_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key); return 1; } diff --git a/src/lib/libcrypto/evp/e_cast.c b/src/lib/libcrypto/evp/e_cast.c index e5af7fb4ed..3400fef187 100644 --- a/src/lib/libcrypto/evp/e_cast.c +++ b/src/lib/libcrypto/evp/e_cast.c @@ -56,26 +56,34 @@ * [including the GNU Public Licence.] */ -#ifndef NO_CAST +#ifndef OPENSSL_NO_CAST #include #include "cryptlib.h" #include #include #include "evp_locl.h" +#include static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv,int enc); -IMPLEMENT_BLOCK_CIPHER(cast5, cast_ks, CAST, cast_ks, - NID_cast5, 8, EVP_CAST5_KEY_SIZE, 8, +typedef struct + { + CAST_KEY ks; + } EVP_CAST_KEY; + +#define data(ctx) EVP_C_DATA(EVP_CAST_KEY,ctx) + +IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, + NID_cast5, 8, CAST_KEY_LENGTH, 8, 64, EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - CAST_set_key(&(ctx->c.cast_ks),EVP_CIPHER_CTX_key_length(ctx),key); + CAST_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key); return 1; } diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c index f4e998b81c..105266a4b3 100644 --- a/src/lib/libcrypto/evp/e_des.c +++ b/src/lib/libcrypto/evp/e_des.c @@ -56,12 +56,13 @@ * [including the GNU Public Licence.] */ -#ifndef NO_DES +#ifndef OPENSSL_NO_DES #include #include "cryptlib.h" #include #include #include "evp_locl.h" +#include static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); @@ -72,34 +73,34 @@ static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { BLOCK_CIPHER_ecb_loop() - des_ecb_encrypt((des_cblock *)(in + i), (des_cblock *)(out + i), ctx->c.des_ks, ctx->encrypt); + DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ctx->cipher_data, ctx->encrypt); return 1; } static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { - des_ofb64_encrypt(in, out, (long)inl, ctx->c.des_ks, (des_cblock *)ctx->iv, &ctx->num); + DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num); return 1; } static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { - des_ncbc_encrypt(in, out, (long)inl, ctx->c.des_ks, - (des_cblock *)ctx->iv, ctx->encrypt); + DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data, + (DES_cblock *)ctx->iv, ctx->encrypt); return 1; } static int des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { - des_cfb64_encrypt(in, out, (long)inl, ctx->c.des_ks, - (des_cblock *)ctx->iv, &ctx->num, ctx->encrypt); + DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, + (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); return 1; } -BLOCK_CIPHER_defs(des, des_ks, NID_des, 8, 8, 8, +BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, 0, des_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, @@ -109,9 +110,9 @@ BLOCK_CIPHER_defs(des, des_ks, NID_des, 8, 8, 8, static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - des_cblock *deskey = (des_cblock *)key; + DES_cblock *deskey = (DES_cblock *)key; - des_set_key_unchecked(deskey,ctx->c.des_ks); + DES_set_key_unchecked(deskey,ctx->cipher_data); return 1; } diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c index a9aba4ae70..077860e7b6 100644 --- a/src/lib/libcrypto/evp/e_des3.c +++ b/src/lib/libcrypto/evp/e_des3.c @@ -56,12 +56,13 @@ * [including the GNU Public Licence.] */ -#ifndef NO_DES +#ifndef OPENSSL_NO_DES #include #include "cryptlib.h" #include #include #include "evp_locl.h" +#include static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv,int enc); @@ -69,60 +70,78 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv,int enc); +typedef struct + { + DES_key_schedule ks1;/* key schedule */ + DES_key_schedule ks2;/* key schedule (for ede) */ + DES_key_schedule ks3;/* key schedule (for ede3) */ + } DES_EDE_KEY; + +#define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data) + /* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { BLOCK_CIPHER_ecb_loop() - des_ecb3_encrypt((des_cblock *)(in + i), (des_cblock *)(out + i), - ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3, - ctx->encrypt); + DES_ecb3_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), + &data(ctx)->ks1, &data(ctx)->ks2, + &data(ctx)->ks3, + ctx->encrypt); return 1; } static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { - des_ede3_ofb64_encrypt(in, out, (long)inl, - ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3, - (des_cblock *)ctx->iv, &ctx->num); + DES_ede3_ofb64_encrypt(in, out, (long)inl, + &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, + (DES_cblock *)ctx->iv, &ctx->num); return 1; } static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { - des_ede3_cbc_encrypt(in, out, (long)inl, - ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3, - (des_cblock *)ctx->iv, ctx->encrypt); +#ifdef KSSL_DEBUG + { + int i; + char *cp; + printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len); + printf("\t iv= "); + for(i=0;i<8;i++) + printf("%02X",ctx->iv[i]); + printf("\n"); + } +#endif /* KSSL_DEBUG */ + DES_ede3_cbc_encrypt(in, out, (long)inl, + &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, + (DES_cblock *)ctx->iv, ctx->encrypt); return 1; } static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { - des_ede3_cfb64_encrypt(in, out, (long)inl, - ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3, - (des_cblock *)ctx->iv, &ctx->num, ctx->encrypt); + DES_ede3_cfb64_encrypt(in, out, (long)inl, + &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, + (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); return 1; } -#define NID_des_ede_ecb NID_des_ede - -BLOCK_CIPHER_defs(des_ede, des_ede, NID_des_ede, 8, 16, 8, +BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, 0, des_ede_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) -#define NID_des_ede3_ecb NID_des_ede3 #define des_ede3_cfb_cipher des_ede_cfb_cipher #define des_ede3_ofb_cipher des_ede_ofb_cipher #define des_ede3_cbc_cipher des_ede_cbc_cipher #define des_ede3_ecb_cipher des_ede_ecb_cipher -BLOCK_CIPHER_defs(des_ede3, des_ede, NID_des_ede3, 8, 24, 8, +BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, 0, des_ede3_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, @@ -131,34 +150,43 @@ BLOCK_CIPHER_defs(des_ede3, des_ede, NID_des_ede3, 8, 24, 8, static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - des_cblock *deskey = (des_cblock *)key; + DES_cblock *deskey = (DES_cblock *)key; - des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1); - des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2); - memcpy( (char *)ctx->c.des_ede.ks3, - (char *)ctx->c.des_ede.ks1, - sizeof(ctx->c.des_ede.ks1)); + DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); + DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); + memcpy(&data(ctx)->ks3,&data(ctx)->ks1, + sizeof(data(ctx)->ks1)); return 1; } static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - des_cblock *deskey = (des_cblock *)key; + DES_cblock *deskey = (DES_cblock *)key; +#ifdef KSSL_DEBUG + { + int i; + printf("des_ede3_init_key(ctx=%lx)\n", ctx); + printf("\tKEY= "); + for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n"); + printf("\t IV= "); + for(i=0;i<8;i++) printf("%02X",iv[i]); printf("\n"); + } +#endif /* KSSL_DEBUG */ - des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1); - des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2); - des_set_key_unchecked(&deskey[2],ctx->c.des_ede.ks3); + DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); + DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); + DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3); return 1; } -EVP_CIPHER *EVP_des_ede(void) +const EVP_CIPHER *EVP_des_ede(void) { return &des_ede_ecb; } -EVP_CIPHER *EVP_des_ede3(void) +const EVP_CIPHER *EVP_des_ede3(void) { return &des_ede3_ecb; } diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c index 8d3c88deb7..ed838d3e62 100644 --- a/src/lib/libcrypto/evp/e_idea.c +++ b/src/lib/libcrypto/evp/e_idea.c @@ -56,13 +56,14 @@ * [including the GNU Public Licence.] */ -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA #include #include "cryptlib.h" #include #include #include "evp_locl.h" +#include static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv,int enc); @@ -75,17 +76,22 @@ static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { BLOCK_CIPHER_ecb_loop() - idea_ecb_encrypt(in + i, out + i, &ctx->c.idea_ks); + idea_ecb_encrypt(in + i, out + i, ctx->cipher_data); return 1; } /* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */ -BLOCK_CIPHER_func_cbc(idea, idea, idea_ks) -BLOCK_CIPHER_func_ofb(idea, idea, idea_ks) -BLOCK_CIPHER_func_cfb(idea, idea, idea_ks) +typedef struct + { + IDEA_KEY_SCHEDULE ks; + } EVP_IDEA_KEY; + +BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks) +BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks) +BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks) -BLOCK_CIPHER_defs(idea, idea_ks, NID_idea, 8, 16, 8, +BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, 0, idea_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) @@ -96,13 +102,13 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) enc = 1; else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) enc = 1; } - if (enc) idea_set_encrypt_key(key,&(ctx->c.idea_ks)); + if (enc) idea_set_encrypt_key(key,ctx->cipher_data); else { IDEA_KEY_SCHEDULE tmp; idea_set_encrypt_key(key,&tmp); - idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks)); + idea_set_decrypt_key(&tmp,ctx->cipher_data); memset((unsigned char *)&tmp,0, sizeof(IDEA_KEY_SCHEDULE)); } diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c index e4e7ca7606..2420d7e5af 100644 --- a/src/lib/libcrypto/evp/e_null.c +++ b/src/lib/libcrypto/evp/e_null.c @@ -58,52 +58,44 @@ #include #include "cryptlib.h" -#include "evp.h" -#include "objects.h" +#include +#include -#ifndef NOPROTO -static void null_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, - unsigned char *iv,int enc); -static void null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - unsigned char *in, unsigned int inl); -#else -static void null_init_key(); -static void null_cipher(); -#endif - -static EVP_CIPHER n_cipher= +static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv,int enc); +static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, unsigned int inl); +static const EVP_CIPHER n_cipher= { NID_undef, 1,0,0, + 0, null_init_key, null_cipher, NULL, 0, NULL, NULL, + NULL }; -EVP_CIPHER *EVP_enc_null() +const EVP_CIPHER *EVP_enc_null(void) { return(&n_cipher); } -static void null_init_key(ctx,key,iv,enc) -EVP_CIPHER_CTX *ctx; -unsigned char *key; -unsigned char *iv; -int enc; +static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) { - memset(&(ctx->c),0,sizeof(ctx->c)); + /* memset(&(ctx->c),0,sizeof(ctx->c));*/ + return 1; } -static void null_cipher(ctx,out,in,inl) -EVP_CIPHER_CTX *ctx; -unsigned char *out; -unsigned char *in; -unsigned int inl; +static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, unsigned int inl) { if (in != out) memcpy((char *)out,(char *)in,(int)inl); + return 1; } diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c index 3955c3ef84..4685198e2e 100644 --- a/src/lib/libcrypto/evp/e_rc2.c +++ b/src/lib/libcrypto/evp/e_rc2.c @@ -56,13 +56,14 @@ * [including the GNU Public Licence.] */ -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 #include #include "cryptlib.h" #include #include #include "evp_locl.h" +#include static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv,int enc); @@ -72,9 +73,17 @@ static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); -IMPLEMENT_BLOCK_CIPHER(rc2, rc2.ks, RC2, rc2, NID_rc2, +typedef struct + { + int key_bits; /* effective key bits */ + RC2_KEY ks; /* key schedule */ + } EVP_RC2_KEY; + +#define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data) + +IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2, 8, - EVP_RC2_KEY_SIZE, 8, + RC2_KEY_LENGTH, 8, 64, EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, rc2_init_key, NULL, rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, @@ -84,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(rc2, rc2.ks, RC2, rc2, NID_rc2, #define RC2_64_MAGIC 0x78 #define RC2_128_MAGIC 0x3a -static EVP_CIPHER r2_64_cbc_cipher= +static const EVP_CIPHER r2_64_cbc_cipher= { NID_rc2_64_cbc, 8,8 /* 64 bit */,8, @@ -92,15 +101,14 @@ static EVP_CIPHER r2_64_cbc_cipher= rc2_init_key, rc2_cbc_cipher, NULL, - sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+ - sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2)), + sizeof(EVP_RC2_KEY), rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, rc2_ctrl, NULL }; -static EVP_CIPHER r2_40_cbc_cipher= +static const EVP_CIPHER r2_40_cbc_cipher= { NID_rc2_40_cbc, 8,5 /* 40 bit */,8, @@ -108,20 +116,19 @@ static EVP_CIPHER r2_40_cbc_cipher= rc2_init_key, rc2_cbc_cipher, NULL, - sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+ - sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2)), + sizeof(EVP_RC2_KEY), rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, rc2_ctrl, NULL }; -EVP_CIPHER *EVP_rc2_64_cbc(void) +const EVP_CIPHER *EVP_rc2_64_cbc(void) { return(&r2_64_cbc_cipher); } -EVP_CIPHER *EVP_rc2_40_cbc(void) +const EVP_CIPHER *EVP_rc2_40_cbc(void) { return(&r2_40_cbc_cipher); } @@ -129,8 +136,8 @@ EVP_CIPHER *EVP_rc2_40_cbc(void) static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - RC2_set_key(&(ctx->c.rc2.ks),EVP_CIPHER_CTX_key_length(ctx), - key,ctx->c.rc2.key_bits); + RC2_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), + key,data(ctx)->key_bits); return 1; } @@ -173,7 +180,7 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) key_bits =rc2_magic_to_meth((int)num); if (!key_bits) return(-1); - if(i > 0) EVP_CipherInit(c, NULL, NULL, iv, -1); + if(i > 0) EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1); EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); EVP_CIPHER_CTX_set_key_length(c, key_bits / 8); } @@ -196,26 +203,26 @@ static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { - switch(type) { - - case EVP_CTRL_INIT: - c->c.rc2.key_bits = EVP_CIPHER_CTX_key_length(c) * 8; - return 1; + switch(type) + { + case EVP_CTRL_INIT: + data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8; + return 1; - case EVP_CTRL_GET_RC2_KEY_BITS: - *(int *)ptr = c->c.rc2.key_bits; - return 1; + case EVP_CTRL_GET_RC2_KEY_BITS: + *(int *)ptr = data(c)->key_bits; + return 1; - - case EVP_CTRL_SET_RC2_KEY_BITS: - if(arg > 0) { - c->c.rc2.key_bits = arg; - return 1; + case EVP_CTRL_SET_RC2_KEY_BITS: + if(arg > 0) + { + data(c)->key_bits = arg; + return 1; } - return 0; + return 0; - default: - return -1; + default: + return -1; } } diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c index 7e9790a94c..4064cc5fa0 100644 --- a/src/lib/libcrypto/evp/e_rc4.c +++ b/src/lib/libcrypto/evp/e_rc4.c @@ -56,72 +56,81 @@ * [including the GNU Public Licence.] */ -#ifndef NO_RC4 +#ifndef OPENSSL_NO_RC4 #include #include "cryptlib.h" -#include "evp.h" -#include "objects.h" +#include +#include +#include -#ifndef NOPROTO -static void rc4_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, - unsigned char *iv,int enc); -static void rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - unsigned char *in, unsigned int inl); -#else -static void rc4_init_key(); -static void rc4_cipher(); -#endif +/* FIXME: surely this is available elsewhere? */ +#define EVP_RC4_KEY_SIZE 16 + +typedef struct + { + /* FIXME: what is the key for? */ + unsigned char key[EVP_RC4_KEY_SIZE]; + RC4_KEY ks; /* working key */ + } EVP_RC4_KEY; + +#define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data) -static EVP_CIPHER r4_cipher= +static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv,int enc); +static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, unsigned int inl); +static const EVP_CIPHER r4_cipher= { NID_rc4, 1,EVP_RC4_KEY_SIZE,0, + EVP_CIPH_VARIABLE_LENGTH, rc4_init_key, rc4_cipher, NULL, - sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+ - sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc4)), + sizeof(EVP_RC4_KEY), NULL, NULL, + NULL }; -static EVP_CIPHER r4_40_cipher= +static const EVP_CIPHER r4_40_cipher= { NID_rc4_40, 1,5 /* 40 bit */,0, + EVP_CIPH_VARIABLE_LENGTH, rc4_init_key, rc4_cipher, + NULL, + sizeof(EVP_RC4_KEY), + NULL, + NULL, + NULL }; -EVP_CIPHER *EVP_rc4() +const EVP_CIPHER *EVP_rc4(void) { return(&r4_cipher); } -EVP_CIPHER *EVP_rc4_40() +const EVP_CIPHER *EVP_rc4_40(void) { return(&r4_40_cipher); } -static void rc4_init_key(ctx,key,iv,enc) -EVP_CIPHER_CTX *ctx; -unsigned char *key; -unsigned char *iv; -int enc; +static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) { - if (key != NULL) - memcpy(&(ctx->c.rc4.key[0]),key,EVP_CIPHER_CTX_key_length(ctx)); - RC4_set_key(&(ctx->c.rc4.ks),EVP_CIPHER_CTX_key_length(ctx), - ctx->c.rc4.key); + memcpy(&data(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx)); + RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), + data(ctx)->key); + return 1; } -static void rc4_cipher(ctx,out,in,inl) -EVP_CIPHER_CTX *ctx; -unsigned char *out; -unsigned char *in; -unsigned int inl; +static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, unsigned int inl) { - RC4(&(ctx->c.rc4.ks),inl,in,out); + RC4(&data(ctx)->ks,inl,in,out); + return 1; } #endif diff --git a/src/lib/libcrypto/evp/e_xcbc_d.c b/src/lib/libcrypto/evp/e_xcbc_d.c index 0d7fda0c47..a6f849e93d 100644 --- a/src/lib/libcrypto/evp/e_xcbc_d.c +++ b/src/lib/libcrypto/evp/e_xcbc_d.c @@ -56,67 +56,67 @@ * [including the GNU Public Licence.] */ +#ifndef OPENSSL_NO_DES #include #include "cryptlib.h" -#include "evp.h" -#include "objects.h" +#include +#include +#include -#ifndef NOPROTO -static void desx_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, - unsigned char *iv,int enc); -static void desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - unsigned char *in, unsigned int inl); -#else -static void desx_cbc_init_key(); -static void desx_cbc_cipher(); -#endif +static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv,int enc); +static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, unsigned int inl); + + +typedef struct + { + DES_key_schedule ks;/* key schedule */ + DES_cblock inw; + DES_cblock outw; + } DESX_CBC_KEY; + +#define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data) -static EVP_CIPHER d_xcbc_cipher= +static const EVP_CIPHER d_xcbc_cipher= { NID_desx_cbc, 8,24,8, + EVP_CIPH_CBC_MODE, desx_cbc_init_key, desx_cbc_cipher, NULL, - sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+ - sizeof((((EVP_CIPHER_CTX *)NULL)->c.desx_cbc)), + sizeof(DESX_CBC_KEY), EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, + NULL }; -EVP_CIPHER *EVP_desx_cbc() +const EVP_CIPHER *EVP_desx_cbc(void) { return(&d_xcbc_cipher); } -static void desx_cbc_init_key(ctx,key,iv,enc) -EVP_CIPHER_CTX *ctx; -unsigned char *key; -unsigned char *iv; -int enc; +static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) { - if (iv != NULL) - memcpy(&(ctx->oiv[0]),iv,8); - memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8); - if (key != NULL) - { - des_set_key((des_cblock *)key,ctx->c.desx_cbc.ks); - memcpy(&(ctx->c.desx_cbc.inw[0]),&(key[8]),8); - memcpy(&(ctx->c.desx_cbc.outw[0]),&(key[16]),8); - } + DES_cblock *deskey = (DES_cblock *)key; + + DES_set_key_unchecked(deskey,&data(ctx)->ks); + memcpy(&data(ctx)->inw[0],&key[8],8); + memcpy(&data(ctx)->outw[0],&key[16],8); + + return 1; } -static void desx_cbc_cipher(ctx,out,in,inl) -EVP_CIPHER_CTX *ctx; -unsigned char *out; -unsigned char *in; -unsigned int inl; +static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, unsigned int inl) { - des_xcbc_encrypt( - (des_cblock *)in,(des_cblock *)out, - (long)inl, ctx->c.desx_cbc.ks, - (des_cblock *)&(ctx->iv[0]), - (des_cblock *)&(ctx->c.desx_cbc.inw[0]), - (des_cblock *)&(ctx->c.desx_cbc.outw[0]), - ctx->encrypt); + DES_xcbc_encrypt(in,out,inl,&data(ctx)->ks, + (DES_cblock *)&(ctx->iv[0]), + &data(ctx)->inw, + &data(ctx)->outw, + ctx->encrypt); + return 1; } +#endif diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c index 14d47c1eed..12c6379df1 100644 --- a/src/lib/libcrypto/evp/encode.c +++ b/src/lib/libcrypto/evp/encode.c @@ -58,10 +58,21 @@ #include #include "cryptlib.h" -#include "evp.h" +#include +#ifndef CHARSET_EBCDIC #define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) #define conv_ascii2bin(a) (data_ascii2bin[(a)&0x7f]) +#else +/* We assume that PEM encoded files are EBCDIC files + * (i.e., printable text files). Convert them here while decoding. + * When encoding, output is EBCDIC (text) format again. + * (No need for conversion in the conv_bin2ascii macro, as the + * underlying textstring data_bin2ascii[] is already EBCDIC) + */ +#define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) +#define conv_ascii2bin(a) (data_ascii2bin[os_toascii[a]&0x7f]) +#endif /* 64 char lines * pad input with 0 @@ -110,20 +121,15 @@ static unsigned char data_ascii2bin[128]={ 0x31,0x32,0x33,0xFF,0xFF,0xFF,0xFF,0xFF, }; -void EVP_EncodeInit(ctx) -EVP_ENCODE_CTX *ctx; +void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) { ctx->length=48; ctx->num=0; ctx->line_num=0; } -void EVP_EncodeUpdate(ctx,out,outl,in,inl) -EVP_ENCODE_CTX *ctx; -unsigned char *out; -int *outl; -unsigned char *in; -int inl; +void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + unsigned char *in, int inl) { int i,j; unsigned int total=0; @@ -165,10 +171,7 @@ int inl; *outl=total; } -void EVP_EncodeFinal(ctx,out,outl) -EVP_ENCODE_CTX *ctx; -unsigned char *out; -int *outl; +void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) { unsigned int ret=0; @@ -182,9 +185,7 @@ int *outl; *outl=ret; } -int EVP_EncodeBlock(t,f,dlen) -unsigned char *t,*f; -int dlen; +int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen) { int i,ret=0; unsigned long l; @@ -218,8 +219,7 @@ int dlen; return(ret); } -void EVP_DecodeInit(ctx) -EVP_ENCODE_CTX *ctx; +void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) { ctx->length=30; ctx->num=0; @@ -231,12 +231,8 @@ EVP_ENCODE_CTX *ctx; * 0 for last line * 1 for full line */ -int EVP_DecodeUpdate(ctx,out,outl,in,inl) -EVP_ENCODE_CTX *ctx; -unsigned char *out; -int *outl; -unsigned char *in; -int inl; +int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + unsigned char *in, int inl) { int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl; unsigned char *d; @@ -281,6 +277,13 @@ int inl; eof++; } + if (v == B64_CR) + { + ln = 0; + if (exp_nl) + continue; + } + /* eoln */ if (v == B64_EOLN) { @@ -296,7 +299,17 @@ int inl; /* If we are at the end of input and it looks like a * line, process it. */ if (((i+1) == inl) && (((n&3) == 0) || eof)) + { v=B64_EOF; + /* In case things were given us in really small + records (so two '=' were given in separate + updates), eof may contain the incorrect number + of ending bytes to skip, so let's redo the count */ + eof = 0; + if (d[n-1] == '=') eof++; + if (d[n-2] == '=') eof++; + /* There will never be more than two '=' */ + } if ((v == B64_EOF) || (n >= 64)) { @@ -341,9 +354,7 @@ end: return(rv); } -int EVP_DecodeBlock(t,f,n) -unsigned char *t,*f; -int n; +int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n) { int i,ret=0,a,b,c,d; unsigned long l; @@ -383,10 +394,7 @@ int n; return(ret); } -int EVP_DecodeFinal(ctx,out,outl) -EVP_ENCODE_CTX *ctx; -unsigned char *out; -int *outl; +int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) { int i; @@ -404,9 +412,7 @@ int *outl; } #ifdef undef -int EVP_DecodeValid(buf,len) -unsigned char *buf; -int len; +int EVP_DecodeValid(unsigned char *buf, int len) { int i,num=0,bad=0; diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index b39fad93a4..fb16de6852 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h @@ -59,75 +59,39 @@ #ifndef HEADER_ENVELOPE_H #define HEADER_ENVELOPE_H -#ifdef __cplusplus -extern "C" { +#ifdef OPENSSL_ALGORITHM_DEFINES +# include +#else +# define OPENSSL_ALGORITHM_DEFINES +# include +# undef OPENSSL_ALGORITHM_DEFINES #endif -#ifndef NO_MD2 -#include "md2.h" -#endif -#ifndef NO_MD5 -#include "md5.h" -#endif -#if !defined(NO_SHA) || !defined(NO_SHA1) -#include "sha.h" -#endif -#ifndef NO_RIPEMD -#include "ripemd.h" -#endif -#ifndef NO_DES -#include "des.h" -#endif -#ifndef NO_RC4 -#include "rc4.h" -#endif -#ifndef NO_RC2 -#include "rc2.h" -#endif -#ifndef NO_RC5 -#include "rc5.h" -#endif -#ifndef NO_BLOWFISH -#include "blowfish.h" -#endif -#ifndef NO_CAST -#include "cast.h" -#endif -#ifndef NO_IDEA -#include "idea.h" -#endif -#ifndef NO_MDC2 -#include "mdc2.h" +#include + +#include + +#ifndef OPENSSL_NO_BIO +#include #endif +/* #define EVP_RC2_KEY_SIZE 16 #define EVP_RC4_KEY_SIZE 16 #define EVP_BLOWFISH_KEY_SIZE 16 #define EVP_CAST5_KEY_SIZE 16 #define EVP_RC5_32_12_16_KEY_SIZE 16 +*/ #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ -#define EVP_MAX_KEY_LENGTH 24 -#define EVP_MAX_IV_LENGTH 8 - -#ifndef NO_RSA -#include "rsa.h" -#else -#define RSA long -#endif - -#ifndef NO_DSA -#include "dsa.h" -#else -#define DSA long -#endif +#define EVP_MAX_KEY_LENGTH 32 +#define EVP_MAX_IV_LENGTH 16 +#define EVP_MAX_BLOCK_LENGTH 32 -#ifndef NO_DH -#include "dh.h" -#else -#define DH long -#endif +#define PKCS5_SALT_LEN 8 +/* Default PKCS#5 iteration count */ +#define PKCS5_DEFAULT_ITER 2048 -#include "objects.h" +#include #define EVP_PK_RSA 0x0001 #define EVP_PK_DSA 0x0002 @@ -149,27 +113,33 @@ extern "C" { #define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 #define EVP_PKEY_DH NID_dhKeyAgreement +#ifdef __cplusplus +extern "C" { +#endif + /* Type needs to be a bit field * Sub-type needs to be for variations on the method, as in, can it do - * arbitary encryption.... */ -typedef struct evp_pkey_st + * arbitrary encryption.... */ +struct evp_pkey_st { int type; int save_type; int references; union { char *ptr; +#ifndef OPENSSL_NO_RSA struct rsa_st *rsa; /* RSA */ +#endif +#ifndef OPENSSL_NO_DSA struct dsa_st *dsa; /* DSA */ +#endif +#ifndef OPENSSL_NO_DH struct dh_st *dh; /* DH */ +#endif } pkey; int save_parameters; -#ifdef HEADER_STACK_H - STACK /* X509_ATTRIBUTE */ *attributes; /* [ 0 ] */ -#else - char /* X509_ATTRIBUTE */ *attributes; /* [ 0 ] */ -#endif - } EVP_PKEY; + STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ + } /* EVP_PKEY */; #define EVP_PKEY_MO_SIGN 0x0001 #define EVP_PKEY_MO_VERIFY 0x0002 @@ -183,7 +153,7 @@ typedef struct evp_pkey_st * This is required because for various smart-card perform the digest and * signing/verification on-board. To handle this case, the specific * EVP_MD and EVP_PKEY_METHODs need to be closely associated. - * When a PKEY is created, it will have a EVP_PKEY_METHOD ossociated with it. + * When a PKEY is created, it will have a EVP_PKEY_METHOD associated with it. * This can either be software or a token to provide the required low level * routines. */ @@ -194,28 +164,28 @@ typedef struct evp_pkey_md_st EVP_PKEY_METHOD *pkey; } EVP_PKEY_MD; -#define EVP_rsa_md2() +#define EVP_rsa_md2() \ EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\ EVP_rsa_pkcs1(),EVP_md2()) -#define EVP_rsa_md5() +#define EVP_rsa_md5() \ EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\ EVP_rsa_pkcs1(),EVP_md5()) -#define EVP_rsa_sha0() +#define EVP_rsa_sha0() \ EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\ EVP_rsa_pkcs1(),EVP_sha()) -#define EVP_rsa_sha1() +#define EVP_rsa_sha1() \ EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\ EVP_rsa_pkcs1(),EVP_sha1()) -#define EVP_rsa_ripemd160() +#define EVP_rsa_ripemd160() \ EVP_PKEY_MD_add(NID_ripemd160WithRSA,\ EVP_rsa_pkcs1(),EVP_ripemd160()) -#define EVP_rsa_mdc2() +#define EVP_rsa_mdc2() \ EVP_PKEY_MD_add(NID_mdc2WithRSA,\ EVP_rsa_octet_string(),EVP_mdc2()) -#define EVP_dsa_sha() +#define EVP_dsa_sha() \ EVP_PKEY_MD_add(NID_dsaWithSHA,\ - EVP_dsa(),EVP_mdc2()) -#define EVP_dsa_sha1() + EVP_dsa(),EVP_sha()) +#define EVP_dsa_sha1() \ EVP_PKEY_MD_add(NID_dsaWithSHA1,\ EVP_dsa(),EVP_sha1()) @@ -230,7 +200,6 @@ typedef struct evp_pkey_method_st int (*sign)(); int (*verify)(); struct { - int int (*set)(); /* get and/or set the underlying type */ int (*get)(); int (*encrypt)(); @@ -245,25 +214,32 @@ typedef struct evp_pkey_method_st #endif #ifndef EVP_MD -typedef struct env_md_st +struct env_md_st { int type; int pkey_type; int md_size; - void (*init)(); - void (*update)(); - void (*final)(); - + unsigned long flags; + int (*init)(EVP_MD_CTX *ctx); + int (*update)(EVP_MD_CTX *ctx,const void *data,unsigned long count); + int (*final)(EVP_MD_CTX *ctx,unsigned char *md); + int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from); + int (*cleanup)(EVP_MD_CTX *ctx); + + /* FIXME: prototype these some day */ int (*sign)(); int (*verify)(); int required_pkey_type[5]; /*EVP_PKEY_xxx */ int block_size; - int ctx_size; /* how big does the ctx need to be */ - } EVP_MD; + int ctx_size; /* how big does the ctx->md_data need to be */ + } /* EVP_MD */; + +#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single + * block */ #define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA #define EVP_PKEY_DSA_method DSA_sign,DSA_verify, \ {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ EVP_PKEY_DSA4,0} @@ -271,7 +247,7 @@ typedef struct env_md_st #define EVP_PKEY_DSA_method EVP_PKEY_NULL_method #endif -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA #define EVP_PKEY_RSA_method RSA_sign,RSA_verify, \ {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} #define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ @@ -285,103 +261,98 @@ typedef struct env_md_st #endif /* !EVP_MD */ -typedef struct env_md_ctx_st +struct env_md_ctx_st { - EVP_MD *digest; - union { - unsigned char base[4]; -#ifndef NO_MD2 - MD2_CTX md2; -#endif -#ifndef NO_MD5 - MD5_CTX md5; -#endif -#ifndef NO_MD5 - RIPEMD160_CTX ripemd160; -#endif -#if !defined(NO_SHA) || !defined(NO_SHA1) - SHA_CTX sha; -#endif -#ifndef NO_MDC2 - MDC2_CTX mdc2; -#endif - } md; - } EVP_MD_CTX; + const EVP_MD *digest; + ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ + unsigned long flags; + void *md_data; + } /* EVP_MD_CTX */; + +/* values for EVP_MD_CTX flags */ -typedef struct evp_cipher_st +#define EVP_MD_CTX_FLAG_ONESHOT 0x0001 /* digest update will be called + * once only */ +#define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been + * cleaned */ + +struct evp_cipher_st { int nid; int block_size; - int key_len; + int key_len; /* Default value for variable length ciphers */ int iv_len; - void (*init)(); /* init for encryption */ - void (*do_cipher)(); /* encrypt data */ - void (*cleanup)(); /* used by cipher method */ - int ctx_size; /* how big the ctx needs to be */ - /* int set_asn1_parameters(EVP_CIPHER_CTX,ASN1_TYPE *); */ - int (*set_asn1_parameters)(); /* Populate a ASN1_TYPE with parameters */ - /* int get_asn1_parameters(EVP_CIPHER_CTX,ASN1_TYPE *); */ - int (*get_asn1_parameters)(); /* Get parameters from a ASN1_TYPE */ - } EVP_CIPHER; + unsigned long flags; /* Various flags */ + int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); /* init key */ + int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */ + int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */ + int ctx_size; /* how big ctx->cipher_data needs to be */ + int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */ + int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */ + int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */ + void *app_data; /* Application data */ + } /* EVP_CIPHER */; + +/* Values for cipher flags */ + +/* Modes for ciphers */ + +#define EVP_CIPH_STREAM_CIPHER 0x0 +#define EVP_CIPH_ECB_MODE 0x1 +#define EVP_CIPH_CBC_MODE 0x2 +#define EVP_CIPH_CFB_MODE 0x3 +#define EVP_CIPH_OFB_MODE 0x4 +#define EVP_CIPH_MODE 0x7 +/* Set if variable length cipher */ +#define EVP_CIPH_VARIABLE_LENGTH 0x8 +/* Set if the iv handling should be done by the cipher itself */ +#define EVP_CIPH_CUSTOM_IV 0x10 +/* Set if the cipher's init() function should be called if key is NULL */ +#define EVP_CIPH_ALWAYS_CALL_INIT 0x20 +/* Call ctrl() to init cipher parameters */ +#define EVP_CIPH_CTRL_INIT 0x40 +/* Don't use standard key length function */ +#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 +/* Don't use standard block padding */ +#define EVP_CIPH_NO_PADDING 0x100 + +/* ctrl() values */ + +#define EVP_CTRL_INIT 0x0 +#define EVP_CTRL_SET_KEY_LENGTH 0x1 +#define EVP_CTRL_GET_RC2_KEY_BITS 0x2 +#define EVP_CTRL_SET_RC2_KEY_BITS 0x3 +#define EVP_CTRL_GET_RC5_ROUNDS 0x4 +#define EVP_CTRL_SET_RC5_ROUNDS 0x5 typedef struct evp_cipher_info_st { - EVP_CIPHER *cipher; + const EVP_CIPHER *cipher; unsigned char iv[EVP_MAX_IV_LENGTH]; } EVP_CIPHER_INFO; -typedef struct evp_cipher_ctx_st +struct evp_cipher_ctx_st { - EVP_CIPHER *cipher; + const EVP_CIPHER *cipher; + ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */ int encrypt; /* encrypt or decrypt */ int buf_len; /* number we have left */ unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ - unsigned char buf[EVP_MAX_IV_LENGTH]; /* saved partial block */ + unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */ int num; /* used by cfb/ofb mode */ - char *app_data; /* aplication stuff */ - union { -#ifndef NO_RC4 - struct - { - unsigned char key[EVP_RC4_KEY_SIZE]; - RC4_KEY ks; /* working key */ - } rc4; -#endif -#ifndef NO_DES - des_key_schedule des_ks;/* key schedule */ - struct - { - des_key_schedule ks;/* key schedule */ - C_Block inw; - C_Block outw; - } desx_cbc; - struct - { - des_key_schedule ks1;/* key schedule */ - des_key_schedule ks2;/* key schedule (for ede) */ - des_key_schedule ks3;/* key schedule (for ede3) */ - } des_ede; -#endif -#ifndef NO_IDEA - IDEA_KEY_SCHEDULE idea_ks;/* key schedule */ -#endif -#ifndef NO_RC2 - RC2_KEY rc2_ks;/* key schedule */ -#endif -#ifndef NO_RC5 - RC5_32_KEY rc5_ks;/* key schedule */ -#endif -#ifndef NO_BLOWFISH - BF_KEY bf_ks;/* key schedule */ -#endif -#ifndef NO_CAST - CAST_KEY cast_ks;/* key schedule */ -#endif - } c; - } EVP_CIPHER_CTX; + void *app_data; /* application stuff */ + int key_len; /* May change for variable length cipher */ + unsigned long flags; /* Various flags */ + void *cipher_data; /* per EVP data */ + int final_used; + int block_mask; + unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */ + } /* EVP_CIPHER_CTX */; typedef struct evp_Encode_Ctx_st { @@ -396,12 +367,25 @@ typedef struct evp_Encode_Ctx_st int expect_nl; } EVP_ENCODE_CTX; +/* Password based encryption function */ +typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); + +#ifndef OPENSSL_NO_RSA #define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ (char *)(rsa)) +#endif + +#ifndef OPENSSL_NO_DSA #define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ (char *)(dsa)) +#endif + +#ifndef OPENSSL_NO_DH #define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ (char *)(dh)) +#endif /* Add some extra combinations */ #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) @@ -410,77 +394,124 @@ typedef struct evp_Encode_Ctx_st #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) #define EVP_MD_type(e) ((e)->type) +#define EVP_MD_nid(e) EVP_MD_type(e) +#define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) #define EVP_MD_pkey_type(e) ((e)->pkey_type) #define EVP_MD_size(e) ((e)->md_size) #define EVP_MD_block_size(e) ((e)->block_size) +#define EVP_MD_CTX_md(e) ((e)->digest) #define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest) #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) -#define EVP_MD_CTX_type(e) ((e)->digest) +#define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) #define EVP_CIPHER_nid(e) ((e)->nid) +#define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) #define EVP_CIPHER_block_size(e) ((e)->block_size) #define EVP_CIPHER_key_length(e) ((e)->key_len) #define EVP_CIPHER_iv_length(e) ((e)->iv_len) +#define EVP_CIPHER_flags(e) ((e)->flags) +#define EVP_CIPHER_mode(e) (((e)->flags) & EVP_CIPH_MODE) #define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) #define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) #define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) -#define EVP_CIPHER_CTX_key_length(e) ((e)->cipher->key_len) +#define EVP_CIPHER_CTX_key_length(e) ((e)->key_len) #define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) +#define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) +#define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) +#define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE) #define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) #define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) +#define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) #define EVP_SignInit(a,b) EVP_DigestInit(a,b) #define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +#define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) #define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) #define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) #define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) #define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) -#define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md) +#ifdef CONST_STRICT +void BIO_set_md(BIO *,const EVP_MD *md); +#else +# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md) +#endif #define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) #define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) #define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) +#define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) #define EVP_Cipher(c,o,i,l) (c)->cipher->do_cipher((c),(o),(i),(l)) -#ifndef NOPROTO - -void EVP_DigestInit(EVP_MD_CTX *ctx, EVP_MD *type); -void EVP_DigestUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt); -void EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); - -int EVP_read_pw_string(char *buf,int length,char *prompt,int verify); +#define EVP_add_cipher_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) +#define EVP_add_digest_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) +#define EVP_delete_cipher_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); +#define EVP_delete_digest_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); + +void EVP_MD_CTX_init(EVP_MD_CTX *ctx); +int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); +EVP_MD_CTX *EVP_MD_CTX_create(void); +void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); +int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); +#define EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) +#define EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) +#define EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) +int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, + unsigned int cnt); +int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); +int EVP_Digest(void *data, unsigned int count, + unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); + +int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); +int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); + +int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); void EVP_set_pw_prompt(char *prompt); char * EVP_get_pw_prompt(void); -int EVP_BytesToKey(EVP_CIPHER *type,EVP_MD *md,unsigned char *salt, - unsigned char *data, int datal, int count, - unsigned char *key,unsigned char *iv); - -EVP_CIPHER *EVP_get_cipherbyname(char *name); - -void EVP_EncryptInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); -void EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); -void EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); - -void EVP_DecryptInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); -void EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); +int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, + const unsigned char *salt, const unsigned char *data, + int datal, int count, unsigned char *key,unsigned char *iv); + +int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, const unsigned char *iv); +int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, const unsigned char *iv); +int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); - -void EVP_CipherInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type, unsigned char *key, - unsigned char *iv,int enc); -void EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); +int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); + +int EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, + const unsigned char *key,const unsigned char *iv, + int enc); +int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key,const unsigned char *iv, + int enc); +int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, EVP_PKEY *pkey); @@ -488,100 +519,171 @@ int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey); -int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek, +int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *ek, int ekl,unsigned char *iv,EVP_PKEY *priv); int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek, +int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); -void EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); +int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out, int *outl,unsigned char *in,int inl); void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); -int EVP_EncodeBlock(unsigned char *t, unsigned char *f, int n); +int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, unsigned char *in, int inl); int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); -int EVP_DecodeBlock(unsigned char *t, unsigned - char *f, int n); - -void ERR_load_EVP_strings(void ); +int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); -void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); +int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); +int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); +int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); +int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); -#ifdef HEADER_BIO_H +#ifndef OPENSSL_NO_BIO BIO_METHOD *BIO_f_md(void); BIO_METHOD *BIO_f_base64(void); BIO_METHOD *BIO_f_cipher(void); -void BIO_set_cipher(BIO *b,EVP_CIPHER *c,unsigned char *k, +BIO_METHOD *BIO_f_reliable(void); +void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k, unsigned char *i, int enc); #endif -EVP_MD *EVP_md_null(void); -EVP_MD *EVP_md2(void); -EVP_MD *EVP_md5(void); -EVP_MD *EVP_sha(void); -EVP_MD *EVP_sha1(void); -EVP_MD *EVP_dss(void); -EVP_MD *EVP_dss1(void); -EVP_MD *EVP_mdc2(void); -EVP_MD *EVP_ripemd160(void); - -EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ -EVP_CIPHER *EVP_des_ecb(void); -EVP_CIPHER *EVP_des_ede(void); -EVP_CIPHER *EVP_des_ede3(void); -EVP_CIPHER *EVP_des_cfb(void); -EVP_CIPHER *EVP_des_ede_cfb(void); -EVP_CIPHER *EVP_des_ede3_cfb(void); -EVP_CIPHER *EVP_des_ofb(void); -EVP_CIPHER *EVP_des_ede_ofb(void); -EVP_CIPHER *EVP_des_ede3_ofb(void); -EVP_CIPHER *EVP_des_cbc(void); -EVP_CIPHER *EVP_des_ede_cbc(void); -EVP_CIPHER *EVP_des_ede3_cbc(void); -EVP_CIPHER *EVP_desx_cbc(void); -EVP_CIPHER *EVP_rc4(void); -EVP_CIPHER *EVP_rc4_40(void); -EVP_CIPHER *EVP_idea_ecb(void); -EVP_CIPHER *EVP_idea_cfb(void); -EVP_CIPHER *EVP_idea_ofb(void); -EVP_CIPHER *EVP_idea_cbc(void); -EVP_CIPHER *EVP_rc2_ecb(void); -EVP_CIPHER *EVP_rc2_cbc(void); -EVP_CIPHER *EVP_rc2_40_cbc(void); -EVP_CIPHER *EVP_rc2_cfb(void); -EVP_CIPHER *EVP_rc2_ofb(void); -EVP_CIPHER *EVP_bf_ecb(void); -EVP_CIPHER *EVP_bf_cbc(void); -EVP_CIPHER *EVP_bf_cfb(void); -EVP_CIPHER *EVP_bf_ofb(void); -EVP_CIPHER *EVP_cast5_ecb(void); -EVP_CIPHER *EVP_cast5_cbc(void); -EVP_CIPHER *EVP_cast5_cfb(void); -EVP_CIPHER *EVP_cast5_ofb(void); -EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); -EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); -EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); -EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); - -void SSLeay_add_all_algorithms(void); -void SSLeay_add_all_ciphers(void); -void SSLeay_add_all_digests(void); - -int EVP_add_cipher(EVP_CIPHER *cipher); -int EVP_add_digest(EVP_MD *digest); -int EVP_add_alias(char *name,char *alias); -int EVP_delete_alias(char *name); - -EVP_CIPHER *EVP_get_cipherbyname(char *name); -EVP_MD *EVP_get_digestbyname(char *name); +const EVP_MD *EVP_md_null(void); +#ifndef OPENSSL_NO_MD2 +const EVP_MD *EVP_md2(void); +#endif +#ifndef OPENSSL_NO_MD4 +const EVP_MD *EVP_md4(void); +#endif +#ifndef OPENSSL_NO_MD5 +const EVP_MD *EVP_md5(void); +#endif +#ifndef OPENSSL_NO_SHA +const EVP_MD *EVP_sha(void); +const EVP_MD *EVP_sha1(void); +const EVP_MD *EVP_dss(void); +const EVP_MD *EVP_dss1(void); +#endif +#ifndef OPENSSL_NO_MDC2 +const EVP_MD *EVP_mdc2(void); +#endif +#ifndef OPENSSL_NO_RIPEMD +const EVP_MD *EVP_ripemd160(void); +#endif +const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ +#ifndef OPENSSL_NO_DES +const EVP_CIPHER *EVP_des_ecb(void); +const EVP_CIPHER *EVP_des_ede(void); +const EVP_CIPHER *EVP_des_ede3(void); +const EVP_CIPHER *EVP_des_cfb(void); +const EVP_CIPHER *EVP_des_ede_cfb(void); +const EVP_CIPHER *EVP_des_ede3_cfb(void); +const EVP_CIPHER *EVP_des_ofb(void); +const EVP_CIPHER *EVP_des_ede_ofb(void); +const EVP_CIPHER *EVP_des_ede3_ofb(void); +const EVP_CIPHER *EVP_des_cbc(void); +const EVP_CIPHER *EVP_des_ede_cbc(void); +const EVP_CIPHER *EVP_des_ede3_cbc(void); +const EVP_CIPHER *EVP_desx_cbc(void); +/* This should now be supported through the dev_crypto ENGINE. But also, why are + * rc4 and md5 declarations made here inside a "NO_DES" precompiler branch? */ +#if 0 +# ifdef OPENSSL_OPENBSD_DEV_CRYPTO +const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void); +const EVP_CIPHER *EVP_dev_crypto_rc4(void); +const EVP_MD *EVP_dev_crypto_md5(void); +# endif +#endif +#endif +#ifndef OPENSSL_NO_RC4 +const EVP_CIPHER *EVP_rc4(void); +const EVP_CIPHER *EVP_rc4_40(void); +#endif +#ifndef OPENSSL_NO_IDEA +const EVP_CIPHER *EVP_idea_ecb(void); +const EVP_CIPHER *EVP_idea_cfb(void); +const EVP_CIPHER *EVP_idea_ofb(void); +const EVP_CIPHER *EVP_idea_cbc(void); +#endif +#ifndef OPENSSL_NO_RC2 +const EVP_CIPHER *EVP_rc2_ecb(void); +const EVP_CIPHER *EVP_rc2_cbc(void); +const EVP_CIPHER *EVP_rc2_40_cbc(void); +const EVP_CIPHER *EVP_rc2_64_cbc(void); +const EVP_CIPHER *EVP_rc2_cfb(void); +const EVP_CIPHER *EVP_rc2_ofb(void); +#endif +#ifndef OPENSSL_NO_BF +const EVP_CIPHER *EVP_bf_ecb(void); +const EVP_CIPHER *EVP_bf_cbc(void); +const EVP_CIPHER *EVP_bf_cfb(void); +const EVP_CIPHER *EVP_bf_ofb(void); +#endif +#ifndef OPENSSL_NO_CAST +const EVP_CIPHER *EVP_cast5_ecb(void); +const EVP_CIPHER *EVP_cast5_cbc(void); +const EVP_CIPHER *EVP_cast5_cfb(void); +const EVP_CIPHER *EVP_cast5_ofb(void); +#endif +#ifndef OPENSSL_NO_RC5 +const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); +const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); +const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); +const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); +#endif +#ifndef OPENSSL_NO_AES +const EVP_CIPHER *EVP_aes_128_ecb(void); +const EVP_CIPHER *EVP_aes_128_cbc(void); +const EVP_CIPHER *EVP_aes_128_cfb(void); +const EVP_CIPHER *EVP_aes_128_ofb(void); +#if 0 +const EVP_CIPHER *EVP_aes_128_ctr(void); +#endif +const EVP_CIPHER *EVP_aes_192_ecb(void); +const EVP_CIPHER *EVP_aes_192_cbc(void); +const EVP_CIPHER *EVP_aes_192_cfb(void); +const EVP_CIPHER *EVP_aes_192_ofb(void); +#if 0 +const EVP_CIPHER *EVP_aes_192_ctr(void); +#endif +const EVP_CIPHER *EVP_aes_256_ecb(void); +const EVP_CIPHER *EVP_aes_256_cbc(void); +const EVP_CIPHER *EVP_aes_256_cfb(void); +const EVP_CIPHER *EVP_aes_256_ofb(void); +#if 0 +const EVP_CIPHER *EVP_aes_256_ctr(void); +#endif +#endif + +void OPENSSL_add_all_algorithms_noconf(void); +void OPENSSL_add_all_algorithms_conf(void); + +#ifdef OPENSSL_LOAD_CONF +#define OpenSSL_add_all_algorithms() \ + OPENSSL_add_all_algorithms_conf() +#else +#define OpenSSL_add_all_algorithms() \ + OPENSSL_add_all_algorithms_noconf() +#endif + +void OpenSSL_add_all_ciphers(void); +void OpenSSL_add_all_digests(void); +#define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() +#define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers() +#define SSLeay_add_all_digests() OpenSSL_add_all_digests() + +int EVP_add_cipher(const EVP_CIPHER *cipher); +int EVP_add_digest(const EVP_MD *digest); + +const EVP_CIPHER *EVP_get_cipherbyname(const char *name); +const EVP_MD *EVP_get_digestbyname(const char *name); void EVP_cleanup(void); int EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key, @@ -592,6 +694,24 @@ int EVP_PKEY_type(int type); int EVP_PKEY_bits(EVP_PKEY *pkey); int EVP_PKEY_size(EVP_PKEY *pkey); int EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key); + +#ifndef OPENSSL_NO_RSA +struct rsa_st; +int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,struct rsa_st *key); +struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +#endif +#ifndef OPENSSL_NO_DSA +struct dsa_st; +int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,struct dsa_st *key); +struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +#endif +#ifndef OPENSSL_NO_DH +struct dh_st; +int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key); +struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +#endif + + EVP_PKEY * EVP_PKEY_new(void); void EVP_PKEY_free(EVP_PKEY *pkey); EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp, @@ -600,6 +720,8 @@ int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp, long length); +EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp, + long length); int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from); @@ -607,6 +729,8 @@ int EVP_PKEY_missing_parameters(EVP_PKEY *pkey); int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b); +int EVP_CIPHER_type(const EVP_CIPHER *ctx); + /* calls methods */ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); @@ -615,179 +739,106 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); -#else - -void EVP_DigestInit(); -void EVP_DigestUpdate(); -void EVP_DigestFinal(); - -int EVP_read_pw_string(); -void EVP_set_pw_prompt(); -char * EVP_get_pw_prompt(); - -int EVP_BytesToKey(); - -EVP_CIPHER *EVP_get_cipherbyname(); - -void EVP_EncryptInit(); -void EVP_EncryptUpdate(); -void EVP_EncryptFinal(); - -void EVP_DecryptInit(); -void EVP_DecryptUpdate(); -int EVP_DecryptFinal(); - -void EVP_CipherInit(); -void EVP_CipherUpdate(); -int EVP_CipherFinal(); - -int EVP_SignFinal(); - -int EVP_VerifyFinal(); - -int EVP_OpenInit(); -int EVP_OpenFinal(); - -int EVP_SealInit(); -void EVP_SealFinal(); - -void EVP_EncodeInit(); -void EVP_EncodeUpdate(); -void EVP_EncodeFinal(); -int EVP_EncodeBlock(); - -void EVP_DecodeInit(); -int EVP_DecodeUpdate(); -int EVP_DecodeFinal(); -int EVP_DecodeBlock(); - -void ERR_load_EVP_strings(); - -void EVP_CIPHER_CTX_init(); -void EVP_CIPHER_CTX_cleanup(); - -#ifdef HEADER_BIO_H -BIO_METHOD *BIO_f_md(); -BIO_METHOD *BIO_f_base64(); -BIO_METHOD *BIO_f_cipher(); -void BIO_set_cipher(); -#endif - -EVP_MD *EVP_md_null(); -EVP_MD *EVP_md2(); -EVP_MD *EVP_md5(); -EVP_MD *EVP_sha(); -EVP_MD *EVP_sha1(); -EVP_MD *EVP_dss(); -EVP_MD *EVP_dss1(); -EVP_MD *EVP_mdc2(); - -EVP_CIPHER *EVP_enc_null(); -EVP_CIPHER *EVP_des_ecb(); -EVP_CIPHER *EVP_des_ede(); -EVP_CIPHER *EVP_des_ede3(); -EVP_CIPHER *EVP_des_cfb(); -EVP_CIPHER *EVP_des_ede_cfb(); -EVP_CIPHER *EVP_des_ede3_cfb(); -EVP_CIPHER *EVP_des_ofb(); -EVP_CIPHER *EVP_des_ede_ofb(); -EVP_CIPHER *EVP_des_ede3_ofb(); -EVP_CIPHER *EVP_des_cbc(); -EVP_CIPHER *EVP_des_ede_cbc(); -EVP_CIPHER *EVP_des_ede3_cbc(); -EVP_CIPHER *EVP_desx_cbc(); -EVP_CIPHER *EVP_rc4(); -EVP_CIPHER *EVP_rc4_40(); -EVP_CIPHER *EVP_idea_ecb(); -EVP_CIPHER *EVP_idea_cfb(); -EVP_CIPHER *EVP_idea_ofb(); -EVP_CIPHER *EVP_idea_cbc(); -EVP_CIPHER *EVP_rc2_ecb(); -EVP_CIPHER *EVP_rc2_cbc(); -EVP_CIPHER *EVP_rc2_40_cbc(); -EVP_CIPHER *EVP_rc2_cfb(); -EVP_CIPHER *EVP_rc2_ofb(); -EVP_CIPHER *EVP_bf_ecb(); -EVP_CIPHER *EVP_bf_cbc(); -EVP_CIPHER *EVP_bf_cfb(); -EVP_CIPHER *EVP_bf_ofb(); -EVP_CIPHER *EVP_cast5_ecb(); -EVP_CIPHER *EVP_cast5_cbc(); -EVP_CIPHER *EVP_cast5_cfb(); -EVP_CIPHER *EVP_cast5_ofb(); -EVP_CIPHER *EVP_rc5_32_12_16_cbc(); -EVP_CIPHER *EVP_rc5_32_12_16_ecb(); -EVP_CIPHER *EVP_rc5_32_12_16_cfb(); -EVP_CIPHER *EVP_rc5_32_12_16_ofb(); - -void SSLeay_add_all_algorithms(); -void SSLeay_add_all_ciphers(); -void SSLeay_add_all_digests(); - -int EVP_add_cipher(); -int EVP_add_digest(); -int EVP_add_alias(); -int EVP_delete_alias(); - -EVP_CIPHER *EVP_get_cipherbyname(); -EVP_MD *EVP_get_digestbyname(); -void EVP_cleanup(); - -int EVP_PKEY_decrypt(); -int EVP_PKEY_encrypt(); -int EVP_PKEY_type(); -int EVP_PKEY_bits(); -int EVP_PKEY_size(); -int EVP_PKEY_assign(); -EVP_PKEY * EVP_PKEY_new(); -void EVP_PKEY_free(); -EVP_PKEY * d2i_PublicKey(); -int i2d_PublicKey(); - -EVP_PKEY * d2i_PrivateKey(); -int i2d_PrivateKey(); - -int EVP_PKEY_copy_parameters(); -int EVP_PKEY_missing_parameters(); -int EVP_PKEY_save_parameters(); -int EVP_PKEY_cmp_parameters(); - -int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); -int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - -int EVP_CIPHER_set_asn1_iv(); -int EVP_CIPHER_get_asn1_iv(); - -#endif +/* PKCS5 password based encryption */ +int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, + int en_de); +int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + int keylen, unsigned char *out); +int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, + int en_de); + +void PKCS5_PBE_add(void); + +int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); +int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, + EVP_PBE_KEYGEN *keygen); +void EVP_PBE_cleanup(void); /* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_EVP_strings(void); + /* Error codes for the EVP functions. */ /* Function codes. */ #define EVP_F_D2I_PKEY 100 +#define EVP_F_EVP_CIPHERINIT 123 +#define EVP_F_EVP_CIPHER_CTX_CTRL 124 +#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 #define EVP_F_EVP_DECRYPTFINAL 101 +#define EVP_F_EVP_DIGESTINIT 128 +#define EVP_F_EVP_ENCRYPTFINAL 127 +#define EVP_F_EVP_MD_CTX_COPY 110 #define EVP_F_EVP_OPENINIT 102 +#define EVP_F_EVP_PBE_ALG_ADD 115 +#define EVP_F_EVP_PBE_CIPHERINIT 116 +#define EVP_F_EVP_PKCS82PKEY 111 +#define EVP_F_EVP_PKCS8_SET_BROKEN 112 +#define EVP_F_EVP_PKEY2PKCS8 113 #define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 #define EVP_F_EVP_PKEY_DECRYPT 104 #define EVP_F_EVP_PKEY_ENCRYPT 105 +#define EVP_F_EVP_PKEY_GET1_DH 119 +#define EVP_F_EVP_PKEY_GET1_DSA 120 +#define EVP_F_EVP_PKEY_GET1_RSA 121 #define EVP_F_EVP_PKEY_NEW 106 +#define EVP_F_EVP_RIJNDAEL 126 #define EVP_F_EVP_SIGNFINAL 107 #define EVP_F_EVP_VERIFYFINAL 108 +#define EVP_F_PKCS5_PBE_KEYIVGEN 117 +#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 +#define EVP_F_RC2_MAGIC_TO_METH 109 +#define EVP_F_RC5_CTRL 125 /* Reason codes. */ +#define EVP_R_BAD_BLOCK_LENGTH 136 #define EVP_R_BAD_DECRYPT 100 +#define EVP_R_BAD_KEY_LENGTH 137 +#define EVP_R_BN_DECODE_ERROR 112 +#define EVP_R_BN_PUBKEY_ERROR 113 +#define EVP_R_CIPHER_PARAMETER_ERROR 122 +#define EVP_R_CTRL_NOT_IMPLEMENTED 132 +#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 +#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 +#define EVP_R_DECODE_ERROR 114 #define EVP_R_DIFFERENT_KEY_TYPES 101 +#define EVP_R_ENCODE_ERROR 115 +#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 +#define EVP_R_EXPECTING_AN_RSA_KEY 127 +#define EVP_R_EXPECTING_A_DH_KEY 128 +#define EVP_R_EXPECTING_A_DSA_KEY 129 +#define EVP_R_INITIALIZATION_ERROR 134 +#define EVP_R_INPUT_NOT_INITIALIZED 111 +#define EVP_R_INVALID_KEY_LENGTH 130 #define EVP_R_IV_TOO_LARGE 102 -#define EVP_R_MISSING_PARMATERS 103 +#define EVP_R_KEYGEN_FAILURE 120 +#define EVP_R_MISSING_PARAMETERS 103 +#define EVP_R_NO_CIPHER_SET 131 +#define EVP_R_NO_DIGEST_SET 139 +#define EVP_R_NO_DSA_PARAMETERS 116 #define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 +#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 #define EVP_R_PUBLIC_KEY_NOT_RSA 106 +#define EVP_R_UNKNOWN_PBE_ALGORITHM 121 +#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 #define EVP_R_UNSUPPORTED_CIPHER 107 -#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 108 -#define EVP_R_WRONG_PUBLIC_KEY_TYPE 109 - +#define EVP_R_UNSUPPORTED_KEYLENGTH 123 +#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 +#define EVP_R_UNSUPPORTED_KEY_SIZE 108 +#define EVP_R_UNSUPPORTED_PRF 125 +#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 +#define EVP_R_UNSUPPORTED_SALT_TYPE 126 +#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 +#define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 + #ifdef __cplusplus } #endif #endif - diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index 93cc3a9464..32a1c7a2e9 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c @@ -58,218 +58,369 @@ #include #include "cryptlib.h" -#include "evp.h" +#include +#include +#include +#include "evp_locl.h" -char *EVP_version="EVP part of SSLeay 0.9.0b 29-Jun-1998"; +#include -void EVP_CIPHER_CTX_init(ctx) -EVP_CIPHER_CTX *ctx; +const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT; + +void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) { memset(ctx,0,sizeof(EVP_CIPHER_CTX)); /* ctx->cipher=NULL; */ } -void EVP_CipherInit(ctx,data,key,iv,enc) -EVP_CIPHER_CTX *ctx; -EVP_CIPHER *data; -unsigned char *key; -unsigned char *iv; -int enc; + +int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, int enc) { - if (enc) - EVP_EncryptInit(ctx,data,key,iv); - else - EVP_DecryptInit(ctx,data,key,iv); + if (cipher) + EVP_CIPHER_CTX_init(ctx); + return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); } -void EVP_CipherUpdate(ctx,out,outl,in,inl) -EVP_CIPHER_CTX *ctx; -unsigned char *out; -int *outl; -unsigned char *in; -int inl; +int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, const unsigned char *iv, int enc) + { + if (enc == -1) + enc = ctx->encrypt; + else + { + if (enc) + enc = 1; + ctx->encrypt = enc; + } + /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts + * so this context may already have an ENGINE! Try to avoid releasing + * the previous handle, re-querying for an ENGINE, and having a + * reinitialisation, when it may all be unecessary. */ + if (ctx->engine && ctx->cipher && (!cipher || + (cipher && (cipher->nid == ctx->cipher->nid)))) + goto skip_to_init; + if (cipher) + { + /* Ensure a context left lying around from last time is cleared + * (the previous check attempted to avoid this if the same + * ENGINE and EVP_CIPHER could be used). */ + EVP_CIPHER_CTX_cleanup(ctx); + + /* Restore encrypt field: it is zeroed by cleanup */ + ctx->encrypt = enc; + if(impl) + { + if (!ENGINE_init(impl)) + { + EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); + return 0; + } + } + else + /* Ask if an ENGINE is reserved for this job */ + impl = ENGINE_get_cipher_engine(cipher->nid); + if(impl) + { + /* There's an ENGINE for this job ... (apparently) */ + const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid); + if(!c) + { + /* One positive side-effect of US's export + * control history, is that we should at least + * be able to avoid using US mispellings of + * "initialisation"? */ + EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); + return 0; + } + /* We'll use the ENGINE's private cipher definition */ + cipher = c; + /* Store the ENGINE functional reference so we know + * 'cipher' came from an ENGINE and we need to release + * it when done. */ + ctx->engine = impl; + } + else + ctx->engine = NULL; + + ctx->cipher=cipher; + ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); + ctx->key_len = cipher->key_len; + ctx->flags = 0; + if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) + { + if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) + { + EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); + return 0; + } + } + } + else if(!ctx->cipher) + { + EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET); + return 0; + } +skip_to_init: + /* we assume block size is a power of 2 in *cryptUpdate */ + assert(ctx->cipher->block_size == 1 + || ctx->cipher->block_size == 8 + || ctx->cipher->block_size == 16); + + if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { + switch(EVP_CIPHER_CTX_mode(ctx)) { + + case EVP_CIPH_STREAM_CIPHER: + case EVP_CIPH_ECB_MODE: + break; + + case EVP_CIPH_CFB_MODE: + case EVP_CIPH_OFB_MODE: + + ctx->num = 0; + + case EVP_CIPH_CBC_MODE: + + if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); + memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); + break; + + default: + return 0; + break; + } + } + + if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { + if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; + } + ctx->buf_len=0; + ctx->final_used=0; + ctx->block_mask=ctx->cipher->block_size-1; + return 1; + } + +int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl) { if (ctx->encrypt) - EVP_EncryptUpdate(ctx,out,outl,in,inl); - else EVP_DecryptUpdate(ctx,out,outl,in,inl); + return EVP_EncryptUpdate(ctx,out,outl,in,inl); + else return EVP_DecryptUpdate(ctx,out,outl,in,inl); } -int EVP_CipherFinal(ctx,out,outl) -EVP_CIPHER_CTX *ctx; -unsigned char *out; -int *outl; +int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { if (ctx->encrypt) - { - EVP_EncryptFinal(ctx,out,outl); - return(1); - } - else return(EVP_DecryptFinal(ctx,out,outl)); + return EVP_EncryptFinal_ex(ctx,out,outl); + else return EVP_DecryptFinal_ex(ctx,out,outl); } -void EVP_EncryptInit(ctx,cipher,key,iv) -EVP_CIPHER_CTX *ctx; -EVP_CIPHER *cipher; -unsigned char *key; -unsigned char *iv; +int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - if (cipher != NULL) - ctx->cipher=cipher; - ctx->cipher->init(ctx,key,iv,1); - ctx->encrypt=1; - ctx->buf_len=0; + if (ctx->encrypt) + return EVP_EncryptFinal(ctx,out,outl); + else return EVP_DecryptFinal(ctx,out,outl); } -void EVP_DecryptInit(ctx,cipher,key,iv) -EVP_CIPHER_CTX *ctx; -EVP_CIPHER *cipher; -unsigned char *key; -unsigned char *iv; +int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv) { - if (cipher != NULL) - ctx->cipher=cipher; - ctx->cipher->init(ctx,key,iv,0); - ctx->encrypt=0; - ctx->buf_len=0; + return EVP_CipherInit(ctx, cipher, key, iv, 1); + } + +int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, const unsigned char *iv) + { + return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1); + } + +int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv) + { + return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0); } +int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, const unsigned char *iv) + { + return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); + } -void EVP_EncryptUpdate(ctx,out,outl,in,inl) -EVP_CIPHER_CTX *ctx; -unsigned char *out; -int *outl; -unsigned char *in; -int inl; +int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl) { int i,j,bl; + if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) + { + if(ctx->cipher->do_cipher(ctx,out,in,inl)) + { + *outl=inl; + return 1; + } + else + { + *outl=0; + return 0; + } + } i=ctx->buf_len; bl=ctx->cipher->block_size; - *outl=0; - if ((inl == 0) && (i != bl)) return; if (i != 0) { if (i+inl < bl) { memcpy(&(ctx->buf[i]),in,inl); ctx->buf_len+=inl; - return; + *outl=0; + return 1; } else { j=bl-i; - if (j != 0) memcpy(&(ctx->buf[i]),in,j); - ctx->cipher->do_cipher(ctx,out,ctx->buf,bl); + memcpy(&(ctx->buf[i]),in,j); + if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0; inl-=j; in+=j; out+=bl; - *outl+=bl; + *outl=bl; } } - i=inl%bl; /* how much is left */ + else + *outl = 0; + i=inl&(bl-1); inl-=i; if (inl > 0) { - ctx->cipher->do_cipher(ctx,out,in,inl); + if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0; *outl+=inl; } if (i != 0) memcpy(ctx->buf,&(in[inl]),i); ctx->buf_len=i; + return 1; } -void EVP_EncryptFinal(ctx,out,outl) -EVP_CIPHER_CTX *ctx; -unsigned char *out; -int *outl; +int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - int i,n,b,bl; + int ret; + ret = EVP_EncryptFinal_ex(ctx, out, outl); + return ret; + } + +int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + { + int i,n,b,bl,ret; b=ctx->cipher->block_size; if (b == 1) { *outl=0; - return; + return 1; } bl=ctx->buf_len; + if (ctx->flags & EVP_CIPH_NO_PADDING) + { + if(bl) + { + EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); + return 0; + } + *outl = 0; + return 1; + } + n=b-bl; for (i=bl; ibuf[i]=n; - ctx->cipher->do_cipher(ctx,out,ctx->buf,b); - *outl=b; + ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b); + + + if(ret) + *outl=b; + + return ret; } -void EVP_DecryptUpdate(ctx,out,outl,in,inl) -EVP_CIPHER_CTX *ctx; -unsigned char *out; -int *outl; -unsigned char *in; -int inl; +int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl) { - int b,bl,n; - int keep_last=0; + int b, fix_len; - *outl=0; - if (inl == 0) return; + if (inl == 0) + { + *outl=0; + return 1; + } + + if (ctx->flags & EVP_CIPH_NO_PADDING) + return EVP_EncryptUpdate(ctx, out, outl, in, inl); b=ctx->cipher->block_size; - if (b > 1) + + if(ctx->final_used) { - /* Is the input a multiple of the block size? */ - bl=ctx->buf_len; - n=inl+bl; - if (n%b == 0) - { - if (inl < b) /* must be 'just one' buff */ - { - memcpy(&(ctx->buf[bl]),in,inl); - ctx->buf_len=b; - *outl=0; - return; - } - keep_last=1; - inl-=b; /* don't do the last block */ - } + memcpy(out,ctx->final,b); + out+=b; + fix_len = 1; } - EVP_EncryptUpdate(ctx,out,outl,in,inl); + else + fix_len = 0; + + + if(!EVP_EncryptUpdate(ctx,out,outl,in,inl)) + return 0; /* if we have 'decrypted' a multiple of block size, make sure * we have a copy of this last block */ - if (keep_last) + if (b > 1 && !ctx->buf_len) { - memcpy(&(ctx->buf[0]),&(in[inl]),b); -#ifdef DEBUG - if (ctx->buf_len != 0) - { - abort(); - } -#endif - ctx->buf_len=b; + *outl-=b; + ctx->final_used=1; + memcpy(ctx->final,&out[*outl],b); } + else + ctx->final_used = 0; + + if (fix_len) + *outl += b; + + return 1; } -int EVP_DecryptFinal(ctx,out,outl) -EVP_CIPHER_CTX *ctx; -unsigned char *out; -int *outl; +int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + { + int ret; + ret = EVP_DecryptFinal_ex(ctx, out, outl); + return ret; + } + +int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { int i,b; int n; *outl=0; b=ctx->cipher->block_size; + if (ctx->flags & EVP_CIPH_NO_PADDING) + { + if(ctx->buf_len) + { + EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); + return 0; + } + *outl = 0; + return 1; + } if (b > 1) { - if (ctx->buf_len != b) + if (ctx->buf_len || !ctx->final_used) { EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH); return(0); } - EVP_EncryptUpdate(ctx,ctx->buf,&n,ctx->buf,0); - if (n != b) - return(0); - n=ctx->buf[b-1]; + n=ctx->final[b-1]; if (n > b) { EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); @@ -277,7 +428,7 @@ int *outl; } for (i=0; ibuf[--b] != n) + if (ctx->final[--b] != n) { EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); return(0); @@ -285,7 +436,7 @@ int *outl; } n=ctx->cipher->block_size-n; for (i=0; ibuf[i]; + out[i]=ctx->final[i]; *outl=n; } else @@ -293,11 +444,64 @@ int *outl; return(1); } -void EVP_CIPHER_CTX_cleanup(c) -EVP_CIPHER_CTX *c; +int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) { - if ((c->cipher != NULL) && (c->cipher->cleanup != NULL)) - c->cipher->cleanup(c); + if (c->cipher != NULL) + { + if(c->cipher->cleanup && !c->cipher->cleanup(c)) + return 0; + /* Zero cipher context data */ + if (c->cipher_data) + memset(c->cipher_data, 0, c->cipher->ctx_size); + } + if (c->cipher_data) + OPENSSL_free(c->cipher_data); + if (c->engine) + /* The EVP_CIPHER we used belongs to an ENGINE, release the + * functional reference we held for this reason. */ + ENGINE_finish(c->engine); memset(c,0,sizeof(EVP_CIPHER_CTX)); + return 1; + } + +int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) + { + if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) + return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL); + if(c->key_len == keylen) return 1; + if((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) + { + c->key_len = keylen; + return 1; + } + EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH); + return 0; + } + +int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) + { + if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING; + else ctx->flags |= EVP_CIPH_NO_PADDING; + return 1; + } + +int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) +{ + int ret; + if(!ctx->cipher) { + EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); + return 0; } + if(!ctx->cipher->ctrl) { + EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); + return 0; + } + + ret = ctx->cipher->ctrl(ctx, type, arg, ptr); + if(ret == -1) { + EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); + return 0; + } + return ret; +} diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c index 2b0a0ab93f..3a23d21c21 100644 --- a/src/lib/libcrypto/evp/evp_err.c +++ b/src/lib/libcrypto/evp/evp_err.c @@ -1,105 +1,157 @@ -/* lib/evp/evp_err.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* crypto/evp/evp_err.c */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + #include -#include "err.h" -#include "evp.h" +#include +#include /* BEGIN ERROR CODES */ -#ifndef NO_ERR +#ifndef OPENSSL_NO_ERR static ERR_STRING_DATA EVP_str_functs[]= { {ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"}, +{ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0), "EVP_CipherInit"}, +{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0), "EVP_CIPHER_CTX_ctrl"}, +{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0), "EVP_CIPHER_CTX_set_key_length"}, {ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"}, +{ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0), "EVP_DigestInit"}, +{ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0), "EVP_EncryptFinal"}, +{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"}, {ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"}, +{ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0), "EVP_PBE_alg_add"}, +{ERR_PACK(0,EVP_F_EVP_PBE_CIPHERINIT,0), "EVP_PBE_CipherInit"}, +{ERR_PACK(0,EVP_F_EVP_PKCS82PKEY,0), "EVP_PKCS82PKEY"}, +{ERR_PACK(0,EVP_F_EVP_PKCS8_SET_BROKEN,0), "EVP_PKCS8_SET_BROKEN"}, +{ERR_PACK(0,EVP_F_EVP_PKEY2PKCS8,0), "EVP_PKEY2PKCS8"}, {ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0), "EVP_PKEY_copy_parameters"}, {ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0), "EVP_PKEY_decrypt"}, {ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0), "EVP_PKEY_encrypt"}, +{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DH,0), "EVP_PKEY_get1_DH"}, +{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DSA,0), "EVP_PKEY_get1_DSA"}, +{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_RSA,0), "EVP_PKEY_get1_RSA"}, {ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0), "EVP_PKEY_new"}, +{ERR_PACK(0,EVP_F_EVP_RIJNDAEL,0), "EVP_RIJNDAEL"}, {ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0), "EVP_SignFinal"}, {ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0), "EVP_VerifyFinal"}, -{0,NULL}, +{ERR_PACK(0,EVP_F_PKCS5_PBE_KEYIVGEN,0), "PKCS5_PBE_keyivgen"}, +{ERR_PACK(0,EVP_F_PKCS5_V2_PBE_KEYIVGEN,0), "PKCS5_v2_PBE_keyivgen"}, +{ERR_PACK(0,EVP_F_RC2_MAGIC_TO_METH,0), "RC2_MAGIC_TO_METH"}, +{ERR_PACK(0,EVP_F_RC5_CTRL,0), "RC5_CTRL"}, +{0,NULL} }; static ERR_STRING_DATA EVP_str_reasons[]= { +{EVP_R_BAD_BLOCK_LENGTH ,"bad block length"}, {EVP_R_BAD_DECRYPT ,"bad decrypt"}, +{EVP_R_BAD_KEY_LENGTH ,"bad key length"}, +{EVP_R_BN_DECODE_ERROR ,"bn decode error"}, +{EVP_R_BN_PUBKEY_ERROR ,"bn pubkey error"}, +{EVP_R_CIPHER_PARAMETER_ERROR ,"cipher parameter error"}, +{EVP_R_CTRL_NOT_IMPLEMENTED ,"ctrl not implemented"}, +{EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED ,"ctrl operation not implemented"}, +{EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"}, +{EVP_R_DECODE_ERROR ,"decode error"}, {EVP_R_DIFFERENT_KEY_TYPES ,"different key types"}, +{EVP_R_ENCODE_ERROR ,"encode error"}, +{EVP_R_EVP_PBE_CIPHERINIT_ERROR ,"evp pbe cipherinit error"}, +{EVP_R_EXPECTING_AN_RSA_KEY ,"expecting an rsa key"}, +{EVP_R_EXPECTING_A_DH_KEY ,"expecting a dh key"}, +{EVP_R_EXPECTING_A_DSA_KEY ,"expecting a dsa key"}, +{EVP_R_INITIALIZATION_ERROR ,"initialization error"}, +{EVP_R_INPUT_NOT_INITIALIZED ,"input not initialized"}, +{EVP_R_INVALID_KEY_LENGTH ,"invalid key length"}, {EVP_R_IV_TOO_LARGE ,"iv too large"}, -{EVP_R_MISSING_PARMATERS ,"missing parmaters"}, +{EVP_R_KEYGEN_FAILURE ,"keygen failure"}, +{EVP_R_MISSING_PARAMETERS ,"missing parameters"}, +{EVP_R_NO_CIPHER_SET ,"no cipher set"}, +{EVP_R_NO_DIGEST_SET ,"no digest set"}, +{EVP_R_NO_DSA_PARAMETERS ,"no dsa parameters"}, {EVP_R_NO_SIGN_FUNCTION_CONFIGURED ,"no sign function configured"}, {EVP_R_NO_VERIFY_FUNCTION_CONFIGURED ,"no verify function configured"}, +{EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE ,"pkcs8 unknown broken type"}, {EVP_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"}, +{EVP_R_UNKNOWN_PBE_ALGORITHM ,"unknown pbe algorithm"}, +{EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS ,"unsuported number of rounds"}, {EVP_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, +{EVP_R_UNSUPPORTED_KEYLENGTH ,"unsupported keylength"}, +{EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION,"unsupported key derivation function"}, +{EVP_R_UNSUPPORTED_KEY_SIZE ,"unsupported key size"}, +{EVP_R_UNSUPPORTED_PRF ,"unsupported prf"}, +{EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM ,"unsupported private key algorithm"}, +{EVP_R_UNSUPPORTED_SALT_TYPE ,"unsupported salt type"}, {EVP_R_WRONG_FINAL_BLOCK_LENGTH ,"wrong final block length"}, {EVP_R_WRONG_PUBLIC_KEY_TYPE ,"wrong public key type"}, -{0,NULL}, +{0,NULL} }; #endif -void ERR_load_EVP_strings() +void ERR_load_EVP_strings(void) { static int init=1; - if (init); - {; + if (init) + { init=0; -#ifndef NO_ERR +#ifndef OPENSSL_NO_ERR ERR_load_strings(ERR_LIB_EVP,EVP_str_functs); ERR_load_strings(ERR_LIB_EVP,EVP_str_reasons); #endif diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c index dafa686f64..4271393069 100644 --- a/src/lib/libcrypto/evp/evp_key.c +++ b/src/lib/libcrypto/evp/evp_key.c @@ -58,23 +58,26 @@ #include #include "cryptlib.h" -#include "x509.h" -#include "objects.h" -#include "evp.h" +#include +#include +#include +#include /* should be init to zeros. */ static char prompt_string[80]; -void EVP_set_pw_prompt(prompt) -char *prompt; +void EVP_set_pw_prompt(char *prompt) { if (prompt == NULL) prompt_string[0]='\0'; else + { strncpy(prompt_string,prompt,79); + prompt_string[79]='\0'; + } } -char *EVP_get_pw_prompt() +char *EVP_get_pw_prompt(void) { if (prompt_string[0] == '\0') return(NULL); @@ -82,30 +85,31 @@ char *EVP_get_pw_prompt() return(prompt_string); } -#ifdef NO_DES -int des_read_pw_string(char *buf,int len,char *prompt,int verify); -#endif - -int EVP_read_pw_string(buf,len,prompt,verify) -char *buf; -int len; -char *prompt; -int verify; +/* For historical reasons, the standard function for reading passwords is + * in the DES library -- if someone ever wants to disable DES, + * this function will fail */ +int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) { + int ret; + char buff[BUFSIZ]; + UI *ui; + if ((prompt == NULL) && (prompt_string[0] != '\0')) prompt=prompt_string; - return(des_read_pw_string(buf,len,prompt,verify)); + ui = UI_new(); + UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len); + if (verify) + UI_add_verify_string(ui,prompt,0, + buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf); + ret = UI_process(ui); + UI_free(ui); + memset(buff,0,BUFSIZ); + return ret; } -int EVP_BytesToKey(type,md,salt,data,datal,count,key,iv) -EVP_CIPHER *type; -EVP_MD *md; -unsigned char *salt; -unsigned char *data; -int datal; -int count; -unsigned char *key; -unsigned char *iv; +int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + const unsigned char *salt, const unsigned char *data, int datal, + int count, unsigned char *key, unsigned char *iv) { EVP_MD_CTX c; unsigned char md_buf[EVP_MAX_MD_SIZE]; @@ -117,21 +121,22 @@ unsigned char *iv; if (data == NULL) return(nkey); + EVP_MD_CTX_init(&c); for (;;) { - EVP_DigestInit(&c,md); + EVP_DigestInit_ex(&c,md, NULL); if (addmd++) EVP_DigestUpdate(&c,&(md_buf[0]),mds); EVP_DigestUpdate(&c,data,datal); if (salt != NULL) - EVP_DigestUpdate(&c,salt,8); - EVP_DigestFinal(&c,&(md_buf[0]),&mds); + EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN); + EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds); for (i=1; i<(unsigned int)count; i++) { - EVP_DigestInit(&c,md); + EVP_DigestInit_ex(&c,md, NULL); EVP_DigestUpdate(&c,&(md_buf[0]),mds); - EVP_DigestFinal(&c,&(md_buf[0]),&mds); + EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds); } i=0; if (nkey) @@ -160,7 +165,7 @@ unsigned char *iv; } if ((nkey == 0) && (niv == 0)) break; } - memset(&c,0,sizeof(c)); + EVP_MD_CTX_cleanup(&c); memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE); return(type->key_len); } diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c index 69784eb555..a431945ef5 100644 --- a/src/lib/libcrypto/evp/evp_lib.c +++ b/src/lib/libcrypto/evp/evp_lib.c @@ -58,12 +58,10 @@ #include #include "cryptlib.h" -#include "evp.h" -#include "objects.h" +#include +#include -int EVP_CIPHER_param_to_asn1(c,type) -EVP_CIPHER_CTX *c; -ASN1_TYPE *type; +int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { int ret; @@ -74,9 +72,7 @@ ASN1_TYPE *type; return(ret); } -int EVP_CIPHER_asn1_to_param(c,type) -EVP_CIPHER_CTX *c; -ASN1_TYPE *type; +int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { int ret; @@ -87,9 +83,7 @@ ASN1_TYPE *type; return(ret); } -int EVP_CIPHER_get_asn1_iv(c,type) -EVP_CIPHER_CTX *c; -ASN1_TYPE *type; +int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { int i=0,l; @@ -97,14 +91,15 @@ ASN1_TYPE *type; { l=EVP_CIPHER_CTX_iv_length(c); i=ASN1_TYPE_get_octetstring(type,c->oiv,l); - memcpy(c->iv,c->oiv,l); + if (i != l) + return(-1); + else if (i > 0) + memcpy(c->iv,c->oiv,l); } return(i); } -int EVP_CIPHER_set_asn1_iv(c,type) -EVP_CIPHER_CTX *c; -ASN1_TYPE *type; +int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { int i=0,j; @@ -115,3 +110,33 @@ ASN1_TYPE *type; } return(i); } + +/* Convert the various cipher NIDs and dummies to a proper OID NID */ +int EVP_CIPHER_type(const EVP_CIPHER *ctx) +{ + int nid; + ASN1_OBJECT *otmp; + nid = EVP_CIPHER_nid(ctx); + + switch(nid) { + + case NID_rc2_cbc: + case NID_rc2_64_cbc: + case NID_rc2_40_cbc: + + return NID_rc2_cbc; + + case NID_rc4: + case NID_rc4_40: + + return NID_rc4; + + default: + /* Check it has an OID and it is valid */ + otmp = OBJ_nid2obj(nid); + if(!otmp || !otmp->data) nid = NID_undef; + ASN1_OBJECT_free(otmp); + return nid; + } +} + diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h index ce49d5b7d8..7b088b4848 100644 --- a/src/lib/libcrypto/evp/evp_locl.h +++ b/src/lib/libcrypto/evp/evp_locl.h @@ -61,50 +61,107 @@ /* Wrapper functions for each cipher mode */ #define BLOCK_CIPHER_ecb_loop() \ - unsigned int i; \ - if(inl < 8) return 1;\ - inl -= 8; \ - for(i=0; i <= inl; i+=8) \ + unsigned int i, bl; \ + bl = ctx->cipher->block_size;\ + if(inl < bl) return 1;\ + inl -= bl; \ + for(i=0; i <= inl; i+=bl) \ -#define BLOCK_CIPHER_func_ecb(cname, cprefix, kname) \ +#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ {\ BLOCK_CIPHER_ecb_loop() \ - cprefix##_ecb_encrypt(in + i, out + i, &ctx->c.kname, ctx->encrypt);\ + cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\ return 1;\ } -#define BLOCK_CIPHER_func_ofb(cname, cprefix, kname) \ +#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ {\ - cprefix##_ofb64_encrypt(in, out, (long)inl, &ctx->c.kname, ctx->iv, &ctx->num);\ + cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ return 1;\ } -#define BLOCK_CIPHER_func_cbc(cname, cprefix, kname) \ +#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ {\ - cprefix##_cbc_encrypt(in, out, (long)inl, &ctx->c.kname, ctx->iv, ctx->encrypt);\ + cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ return 1;\ } -#define BLOCK_CIPHER_func_cfb(cname, cprefix, kname) \ +#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ static int cname##_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ {\ - cprefix##_cfb64_encrypt(in, out, (long)inl, &ctx->c.kname, ctx->iv, &ctx->num, ctx->encrypt);\ + cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ return 1;\ } -#define BLOCK_CIPHER_all_funcs(cname, cprefix, kname) \ - BLOCK_CIPHER_func_cbc(cname, cprefix, kname) \ - BLOCK_CIPHER_func_cfb(cname, cprefix, kname) \ - BLOCK_CIPHER_func_ecb(cname, cprefix, kname) \ - BLOCK_CIPHER_func_ofb(cname, cprefix, kname) +#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ + BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ + BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ + BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ + BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) +#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \ + key_len, iv_len, flags, init_key, cleanup, \ + set_asn1, get_asn1, ctrl) \ +static const EVP_CIPHER cname##_##mode = { \ + nid##_##nmode, block_size, key_len, iv_len, \ + flags | EVP_CIPH_##MODE##_MODE, \ + init_key, \ + cname##_##mode##_cipher, \ + cleanup, \ + sizeof(kstruct), \ + set_asn1, get_asn1,\ + ctrl, \ + NULL \ +}; \ +const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; } + +#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \ + iv_len, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) \ +BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ + iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) + +#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, \ + iv_len, cbits, flags, init_key, cleanup, \ + set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def1(cname, cfb##cbits, cfb, CFB, kstruct, nid, block_size, \ + key_len, iv_len, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) + +#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, \ + iv_len, cbits, flags, init_key, cleanup, \ + set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, block_size, \ + key_len, iv_len, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) + +#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \ + iv_len, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) \ +BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ + iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) + +#define BLOCK_CIPHER_defs(cname, kstruct, \ + nid, block_size, key_len, iv_len, cbits, flags, \ + init_key, cleanup, set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ + init_key, cleanup, set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, iv_len, cbits, \ + flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, iv_len, cbits, \ + flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ + init_key, cleanup, set_asn1, get_asn1, ctrl) + + +/* #define BLOCK_CIPHER_defs(cname, kstruct, \ nid, block_size, key_len, iv_len, flags,\ init_key, cleanup, set_asn1, get_asn1, ctrl)\ -static EVP_CIPHER cname##_cbc = {\ +static const EVP_CIPHER cname##_cbc = {\ nid##_cbc, block_size, key_len, iv_len, \ flags | EVP_CIPH_CBC_MODE,\ init_key,\ @@ -116,8 +173,8 @@ static EVP_CIPHER cname##_cbc = {\ ctrl, \ NULL \ };\ -EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ -static EVP_CIPHER cname##_cfb = {\ +const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ +static const EVP_CIPHER cname##_cfb = {\ nid##_cfb64, 1, key_len, iv_len, \ flags | EVP_CIPH_CFB_MODE,\ init_key,\ @@ -129,8 +186,8 @@ static EVP_CIPHER cname##_cfb = {\ ctrl,\ NULL \ };\ -EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ -static EVP_CIPHER cname##_ofb = {\ +const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ +static const EVP_CIPHER cname##_ofb = {\ nid##_ofb64, 1, key_len, iv_len, \ flags | EVP_CIPH_OFB_MODE,\ init_key,\ @@ -142,8 +199,8 @@ static EVP_CIPHER cname##_ofb = {\ ctrl,\ NULL \ };\ -EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ -static EVP_CIPHER cname##_ecb = {\ +const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ +static const EVP_CIPHER cname##_ecb = {\ nid##_ecb, block_size, key_len, iv_len, \ flags | EVP_CIPH_ECB_MODE,\ init_key,\ @@ -155,14 +212,16 @@ static EVP_CIPHER cname##_ecb = {\ ctrl,\ NULL \ };\ -EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } - - +const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } +*/ -#define IMPLEMENT_BLOCK_CIPHER(cname, kname, cprefix, kstruct, \ - nid, block_size, key_len, iv_len, flags, \ - init_key, cleanup, set_asn1, get_asn1, ctrl) \ - BLOCK_CIPHER_all_funcs(cname, cprefix, kname) \ - BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, flags,\ - init_key, cleanup, set_asn1, get_asn1, ctrl) +#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ + block_size, key_len, iv_len, cbits, \ + flags, init_key, \ + cleanup, set_asn1, get_asn1, ctrl) \ + BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ + BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ + cbits, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) +#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c index 353c3ad667..06afb9d152 100644 --- a/src/lib/libcrypto/evp/evp_pbe.c +++ b/src/lib/libcrypto/evp/evp_pbe.c @@ -69,8 +69,8 @@ static STACK *pbe_algs; typedef struct { int pbe_nid; -EVP_CIPHER *cipher; -EVP_MD *md; +const EVP_CIPHER *cipher; +const EVP_MD *md; EVP_PBE_KEYGEN *keygen; } EVP_PBE_CTL; @@ -92,7 +92,8 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, ERR_add_error_data(2, "TYPE=", obj_tmp); return 0; } - if (passlen == -1) passlen = strlen(pass); + if(!pass) passlen = 0; + else if (passlen == -1) passlen = strlen(pass); pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i); i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher, pbetmp->md, en_de); @@ -103,19 +104,20 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, return 1; } -static int pbe_cmp (EVP_PBE_CTL **pbe1, EVP_PBE_CTL **pbe2) +static int pbe_cmp(const char * const *a, const char * const *b) { + EVP_PBE_CTL **pbe1 = (EVP_PBE_CTL **) a, **pbe2 = (EVP_PBE_CTL **)b; return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); } /* Add a PBE algorithm */ -int EVP_PBE_alg_add (int nid, EVP_CIPHER *cipher, EVP_MD *md, +int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, EVP_PBE_KEYGEN *keygen) { EVP_PBE_CTL *pbe_tmp; - if (!pbe_algs) pbe_algs = sk_new (pbe_cmp); - if (!(pbe_tmp = (EVP_PBE_CTL*) Malloc (sizeof(EVP_PBE_CTL)))) { + if (!pbe_algs) pbe_algs = sk_new(pbe_cmp); + if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) { EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE); return 0; } @@ -129,6 +131,6 @@ int EVP_PBE_alg_add (int nid, EVP_CIPHER *cipher, EVP_MD *md, void EVP_PBE_cleanup(void) { - sk_pop_free(pbe_algs, FreeFunc); + sk_pop_free(pbe_algs, OPENSSL_freeFunc); pbe_algs = NULL; } diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c index 421e452db1..34b5b1d21c 100644 --- a/src/lib/libcrypto/evp/evp_pkey.c +++ b/src/lib/libcrypto/evp/evp_pkey.c @@ -62,41 +62,40 @@ #include #include +#ifndef OPENSSL_NO_DSA +static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); +#endif + /* Extract a private key from a PKCS8 structure */ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) { - EVP_PKEY *pkey; -#ifndef NO_RSA - RSA *rsa; + EVP_PKEY *pkey = NULL; +#ifndef OPENSSL_NO_RSA + RSA *rsa = NULL; #endif -#ifndef NO_DSA - DSA *dsa; - ASN1_INTEGER *dsapriv; - STACK *ndsa; - BN_CTX *ctx; +#ifndef OPENSSL_NO_DSA + DSA *dsa = NULL; + ASN1_INTEGER *privkey; + ASN1_TYPE *t1, *t2, *param = NULL; + STACK_OF(ASN1_TYPE) *ndsa = NULL; + BN_CTX *ctx = NULL; int plen; #endif X509_ALGOR *a; unsigned char *p; + const unsigned char *cp; int pkeylen; char obj_tmp[80]; - switch (p8->broken) { - case PKCS8_OK: + if(p8->pkey->type == V_ASN1_OCTET_STRING) { + p8->broken = PKCS8_OK; p = p8->pkey->value.octet_string->data; pkeylen = p8->pkey->value.octet_string->length; - break; - - case PKCS8_NO_OCTET: + } else { + p8->broken = PKCS8_NO_OCTET; p = p8->pkey->value.sequence->data; pkeylen = p8->pkey->value.sequence->length; - break; - - default: - EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); - return NULL; - break; } if (!(pkey = EVP_PKEY_new())) { EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); @@ -105,81 +104,108 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) a = p8->pkeyalg; switch (OBJ_obj2nid(a->algorithm)) { -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA case NID_rsaEncryption: - if (!(rsa = d2i_RSAPrivateKey (NULL, &p, pkeylen))) { + cp = p; + if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); return NULL; } EVP_PKEY_assign_RSA (pkey, rsa); break; #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA case NID_dsa: /* PKCS#8 DSA is weird: you just get a private key integer * and parameters in the AlgorithmIdentifier the pubkey must * be recalculated. */ - /* Check for broken Netscape Database DSA PKCS#8, UGH! */ + /* Check for broken DSA PKCS#8, UGH! */ if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) { - if(!(ndsa = ASN1_seq_unpack(p, pkeylen, - (char *(*)())d2i_ASN1_INTEGER, - ASN1_STRING_free))) { + if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, + d2i_ASN1_TYPE, + ASN1_TYPE_free))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - return NULL; + goto dsaerr; } - if(sk_num(ndsa) != 2 ) { + if(sk_ASN1_TYPE_num(ndsa) != 2 ) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - sk_pop_free(ndsa, ASN1_STRING_free); - return NULL; + goto dsaerr; } - dsapriv = (ASN1_INTEGER *) sk_pop(ndsa); - sk_pop_free(ndsa, ASN1_STRING_free); - } else if (!(dsapriv=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) { + /* Handle Two broken types: + * SEQUENCE {parameters, priv_key} + * SEQUENCE {pub_key, priv_key} + */ + + t1 = sk_ASN1_TYPE_value(ndsa, 0); + t2 = sk_ASN1_TYPE_value(ndsa, 1); + if(t1->type == V_ASN1_SEQUENCE) { + p8->broken = PKCS8_EMBEDDED_PARAM; + param = t1; + } else if(a->parameter->type == V_ASN1_SEQUENCE) { + p8->broken = PKCS8_NS_DB; + param = a->parameter; + } else { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - return NULL; + goto dsaerr; + } + + if(t2->type != V_ASN1_INTEGER) { + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); + goto dsaerr; + } + privkey = t2->value.integer; + } else { + if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) { + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); + goto dsaerr; + } + param = p8->pkeyalg->parameter; } - /* Retrieve parameters */ - if (a->parameter->type != V_ASN1_SEQUENCE) { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_NO_DSA_PARAMETERS); - return NULL; + if (!param || (param->type != V_ASN1_SEQUENCE)) { + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); + goto dsaerr; } - p = a->parameter->value.sequence->data; - plen = a->parameter->value.sequence->length; - if (!(dsa = d2i_DSAparams (NULL, &p, plen))) { + cp = p = param->value.sequence->data; + plen = param->value.sequence->length; + if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - return NULL; + goto dsaerr; } /* We have parameters now set private key */ - if (!(dsa->priv_key = ASN1_INTEGER_to_BN(dsapriv, NULL))) { + if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR); - DSA_free (dsa); - return NULL; + goto dsaerr; } /* Calculate public key (ouch!) */ if (!(dsa->pub_key = BN_new())) { EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); - DSA_free (dsa); - return NULL; + goto dsaerr; } if (!(ctx = BN_CTX_new())) { EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); - DSA_free (dsa); - return NULL; + goto dsaerr; } if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR); - BN_CTX_free (ctx); - DSA_free (dsa); - return NULL; + goto dsaerr; } - EVP_PKEY_assign_DSA (pkey, dsa); + EVP_PKEY_assign_DSA(pkey, dsa); BN_CTX_free (ctx); + if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); + else ASN1_INTEGER_free(privkey); + break; + dsaerr: + BN_CTX_free (ctx); + sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); + DSA_free(dsa); + EVP_PKEY_free(pkey); + return NULL; break; #endif default: @@ -193,30 +219,35 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) return pkey; } +PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) +{ + return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK); +} + /* Turn a private key into a PKCS8 structure */ -PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) +PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) { PKCS8_PRIV_KEY_INFO *p8; -#ifndef NO_DSA - ASN1_INTEGER *dpkey; - unsigned char *p, *q; - int len; -#endif + if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); return NULL; } + p8->broken = broken; ASN1_INTEGER_set (p8->version, 0); if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); PKCS8_PRIV_KEY_INFO_free (p8); return NULL; } + p8->pkey->type = V_ASN1_OCTET_STRING; switch (EVP_PKEY_type(pkey->type)) { -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA case EVP_PKEY_RSA: + if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE; + p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); p8->pkeyalg->parameter->type = V_ASN1_NULL; if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey, @@ -227,38 +258,13 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) } break; #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA case EVP_PKEY_DSA: - p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); - - /* get paramaters and place in AlgorithmIdentifier */ - len = i2d_DSAparams (pkey->pkey.dsa, NULL); - if (!(p = Malloc(len))) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - PKCS8_PRIV_KEY_INFO_free (p8); - return NULL; - } - q = p; - i2d_DSAparams (pkey->pkey.dsa, &q); - p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; - p8->pkeyalg->parameter->value.sequence = ASN1_STRING_new(); - ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, len); - Free(p); - /* Get private key into an integer and pack */ - if (!(dpkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); + if(!dsa_pkey2pkcs8(p8, pkey)) { PKCS8_PRIV_KEY_INFO_free (p8); return NULL; } - - if (!ASN1_pack_string((char *)dpkey, i2d_ASN1_INTEGER, - &p8->pkey->value.octet_string)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - ASN1_INTEGER_free (dpkey); - PKCS8_PRIV_KEY_INFO_free (p8); - return NULL; - } - ASN1_INTEGER_free (dpkey); + break; #endif default: @@ -266,9 +272,8 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) PKCS8_PRIV_KEY_INFO_free (p8); return NULL; } - p8->pkey->type = V_ASN1_OCTET_STRING; - RAND_seed (p8->pkey->value.octet_string->data, - p8->pkey->value.octet_string->length); + RAND_add(p8->pkey->value.octet_string->data, + p8->pkey->value.octet_string->length, 0); return p8; } @@ -295,4 +300,113 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) } } +#ifndef OPENSSL_NO_DSA +static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) +{ + ASN1_STRING *params; + ASN1_INTEGER *prkey; + ASN1_TYPE *ttmp; + STACK_OF(ASN1_TYPE) *ndsa; + unsigned char *p, *q; + int len; + + p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); + len = i2d_DSAparams (pkey->pkey.dsa, NULL); + if (!(p = OPENSSL_malloc(len))) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + PKCS8_PRIV_KEY_INFO_free (p8); + return 0; + } + q = p; + i2d_DSAparams (pkey->pkey.dsa, &q); + params = ASN1_STRING_new(); + ASN1_STRING_set(params, p, len); + OPENSSL_free(p); + /* Get private key into integer */ + if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); + return 0; + } + + switch(p8->broken) { + + case PKCS8_OK: + case PKCS8_NO_OCTET: + + if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER, + &p8->pkey->value.octet_string)) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + M_ASN1_INTEGER_free (prkey); + return 0; + } + + M_ASN1_INTEGER_free (prkey); + p8->pkeyalg->parameter->value.sequence = params; + p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; + + break; + + case PKCS8_NS_DB: + + p8->pkeyalg->parameter->value.sequence = params; + p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; + ndsa = sk_ASN1_TYPE_new_null(); + ttmp = ASN1_TYPE_new(); + if (!(ttmp->value.integer = BN_to_ASN1_INTEGER (pkey->pkey.dsa->pub_key, NULL))) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); + PKCS8_PRIV_KEY_INFO_free(p8); + return 0; + } + ttmp->type = V_ASN1_INTEGER; + sk_ASN1_TYPE_push(ndsa, ttmp); + + ttmp = ASN1_TYPE_new(); + ttmp->value.integer = prkey; + ttmp->type = V_ASN1_INTEGER; + sk_ASN1_TYPE_push(ndsa, ttmp); + + p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); + + if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, + &p8->pkey->value.octet_string->data, + &p8->pkey->value.octet_string->length)) { + + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); + M_ASN1_INTEGER_free(prkey); + return 0; + } + sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); + break; + case PKCS8_EMBEDDED_PARAM: + + p8->pkeyalg->parameter->type = V_ASN1_NULL; + ndsa = sk_ASN1_TYPE_new_null(); + ttmp = ASN1_TYPE_new(); + ttmp->value.sequence = params; + ttmp->type = V_ASN1_SEQUENCE; + sk_ASN1_TYPE_push(ndsa, ttmp); + + ttmp = ASN1_TYPE_new(); + ttmp->value.integer = prkey; + ttmp->type = V_ASN1_INTEGER; + sk_ASN1_TYPE_push(ndsa, ttmp); + + p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); + + if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, + &p8->pkey->value.octet_string->data, + &p8->pkey->value.octet_string->length)) { + + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); + M_ASN1_INTEGER_free (prkey); + return 0; + } + sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); + break; + } + return 1; +} +#endif diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c index 3549b1699c..beb8d7fc5c 100644 --- a/src/lib/libcrypto/evp/m_dss.c +++ b/src/lib/libcrypto/evp/m_dss.c @@ -58,25 +58,38 @@ #include #include "cryptlib.h" -#include "evp.h" -#include "objects.h" -#include "x509.h" +#include +#include +#include -static EVP_MD dsa_md= +#ifndef OPENSSL_NO_SHA +static int init(EVP_MD_CTX *ctx) + { return SHA1_Init(ctx->md_data); } + +static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) + { return SHA1_Update(ctx->md_data,data,count); } + +static int final(EVP_MD_CTX *ctx,unsigned char *md) + { return SHA1_Final(md,ctx->md_data); } + +static const EVP_MD dsa_md= { NID_dsaWithSHA, NID_dsaWithSHA, SHA_DIGEST_LENGTH, - SHA1_Init, - SHA1_Update, - SHA1_Final, + 0, + init, + update, + final, + NULL, + NULL, EVP_PKEY_DSA_method, SHA_CBLOCK, sizeof(EVP_MD *)+sizeof(SHA_CTX), }; -EVP_MD *EVP_dss() +const EVP_MD *EVP_dss(void) { return(&dsa_md); } - +#endif diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c index ff256b7b20..f5668ebda0 100644 --- a/src/lib/libcrypto/evp/m_dss1.c +++ b/src/lib/libcrypto/evp/m_dss1.c @@ -56,26 +56,40 @@ * [including the GNU Public Licence.] */ +#ifndef OPENSSL_NO_SHA #include #include "cryptlib.h" -#include "evp.h" -#include "objects.h" -#include "x509.h" +#include +#include +#include -static EVP_MD dss1_md= +static int init(EVP_MD_CTX *ctx) + { return SHA1_Init(ctx->md_data); } + +static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) + { return SHA1_Update(ctx->md_data,data,count); } + +static int final(EVP_MD_CTX *ctx,unsigned char *md) + { return SHA1_Final(md,ctx->md_data); } + +static const EVP_MD dss1_md= { NID_dsa, NID_dsaWithSHA1, SHA_DIGEST_LENGTH, - SHA1_Init, - SHA1_Update, - SHA1_Final, + 0, + init, + update, + final, + NULL, + NULL, EVP_PKEY_DSA_method, SHA_CBLOCK, sizeof(EVP_MD *)+sizeof(SHA_CTX), }; -EVP_MD *EVP_dss1() +const EVP_MD *EVP_dss1(void) { return(&dss1_md); } +#endif diff --git a/src/lib/libcrypto/evp/m_md4.c b/src/lib/libcrypto/evp/m_md4.c index 6a24ceb86d..e19b663754 100644 --- a/src/lib/libcrypto/evp/m_md4.c +++ b/src/lib/libcrypto/evp/m_md4.c @@ -56,27 +56,40 @@ * [including the GNU Public Licence.] */ -#ifndef NO_MD4 +#ifndef OPENSSL_NO_MD4 #include #include "cryptlib.h" #include #include #include +#include -static EVP_MD md4_md= +static int init(EVP_MD_CTX *ctx) + { return MD4_Init(ctx->md_data); } + +static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) + { return MD4_Update(ctx->md_data,data,count); } + +static int final(EVP_MD_CTX *ctx,unsigned char *md) + { return MD4_Final(md,ctx->md_data); } + +static const EVP_MD md4_md= { NID_md4, - 0, + NID_md4WithRSAEncryption, MD4_DIGEST_LENGTH, - MD4_Init, - MD4_Update, - MD4_Final, + 0, + init, + update, + final, + NULL, + NULL, EVP_PKEY_RSA_method, MD4_CBLOCK, sizeof(EVP_MD *)+sizeof(MD4_CTX), }; -EVP_MD *EVP_md4(void) +const EVP_MD *EVP_md4(void) { return(&md4_md); } diff --git a/src/lib/libcrypto/evp/m_md5.c b/src/lib/libcrypto/evp/m_md5.c index d65db9aa1d..b00a03e048 100644 --- a/src/lib/libcrypto/evp/m_md5.c +++ b/src/lib/libcrypto/evp/m_md5.c @@ -56,26 +56,41 @@ * [including the GNU Public Licence.] */ +#ifndef OPENSSL_NO_MD5 #include #include "cryptlib.h" -#include "evp.h" -#include "objects.h" -#include "x509.h" +#include +#include +#include +#include -static EVP_MD md5_md= +static int init(EVP_MD_CTX *ctx) + { return MD5_Init(ctx->md_data); } + +static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) + { return MD5_Update(ctx->md_data,data,count); } + +static int final(EVP_MD_CTX *ctx,unsigned char *md) + { return MD5_Final(md,ctx->md_data); } + +static const EVP_MD md5_md= { NID_md5, NID_md5WithRSAEncryption, MD5_DIGEST_LENGTH, - MD5_Init, - MD5_Update, - MD5_Final, + 0, + init, + update, + final, + NULL, + NULL, EVP_PKEY_RSA_method, MD5_CBLOCK, sizeof(EVP_MD *)+sizeof(MD5_CTX), }; -EVP_MD *EVP_md5() +const EVP_MD *EVP_md5(void) { return(&md5_md); } +#endif diff --git a/src/lib/libcrypto/evp/m_null.c b/src/lib/libcrypto/evp/m_null.c index 6d80560df2..f6f0a1d2c0 100644 --- a/src/lib/libcrypto/evp/m_null.c +++ b/src/lib/libcrypto/evp/m_null.c @@ -58,29 +58,36 @@ #include #include "cryptlib.h" -#include "evp.h" -#include "objects.h" -#include "x509.h" +#include +#include +#include -static void function() - { - } +static int init(EVP_MD_CTX *ctx) + { return 1; } + +static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) + { return 1; } -static EVP_MD null_md= +static int final(EVP_MD_CTX *ctx,unsigned char *md) + { return 1; } + +static const EVP_MD null_md= { NID_undef, NID_undef, 0, - function, - function, - function, - + 0, + init, + update, + final, + NULL, + NULL, EVP_PKEY_NULL_method, 0, sizeof(EVP_MD *), }; -EVP_MD *EVP_md_null() +const EVP_MD *EVP_md_null(void) { return(&null_md); } diff --git a/src/lib/libcrypto/evp/m_ripemd.c b/src/lib/libcrypto/evp/m_ripemd.c index 04c5d8897b..64725528dc 100644 --- a/src/lib/libcrypto/evp/m_ripemd.c +++ b/src/lib/libcrypto/evp/m_ripemd.c @@ -56,26 +56,41 @@ * [including the GNU Public Licence.] */ +#ifndef OPENSSL_NO_RIPEMD #include #include "cryptlib.h" -#include "evp.h" -#include "objects.h" -#include "x509.h" +#include +#include +#include +#include -static EVP_MD ripemd160_md= +static int init(EVP_MD_CTX *ctx) + { return RIPEMD160_Init(ctx->md_data); } + +static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) + { return RIPEMD160_Update(ctx->md_data,data,count); } + +static int final(EVP_MD_CTX *ctx,unsigned char *md) + { return RIPEMD160_Final(md,ctx->md_data); } + +static const EVP_MD ripemd160_md= { NID_ripemd160, NID_ripemd160WithRSA, RIPEMD160_DIGEST_LENGTH, - RIPEMD160_Init, - RIPEMD160_Update, - RIPEMD160_Final, + 0, + init, + update, + final, + NULL, + NULL, EVP_PKEY_RSA_method, RIPEMD160_CBLOCK, sizeof(EVP_MD *)+sizeof(RIPEMD160_CTX), }; -EVP_MD *EVP_ripemd160() +const EVP_MD *EVP_ripemd160(void) { return(&ripemd160_md); } +#endif diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c index 87135a9cf2..d6be3502f0 100644 --- a/src/lib/libcrypto/evp/m_sha1.c +++ b/src/lib/libcrypto/evp/m_sha1.c @@ -56,26 +56,40 @@ * [including the GNU Public Licence.] */ +#ifndef OPENSSL_NO_SHA #include #include "cryptlib.h" -#include "evp.h" -#include "objects.h" -#include "x509.h" +#include +#include +#include -static EVP_MD sha1_md= +static int init(EVP_MD_CTX *ctx) + { return SHA1_Init(ctx->md_data); } + +static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) + { return SHA1_Update(ctx->md_data,data,count); } + +static int final(EVP_MD_CTX *ctx,unsigned char *md) + { return SHA1_Final(md,ctx->md_data); } + +static const EVP_MD sha1_md= { NID_sha1, NID_sha1WithRSAEncryption, SHA_DIGEST_LENGTH, - SHA1_Init, - SHA1_Update, - SHA1_Final, + 0, + init, + update, + final, + NULL, + NULL, EVP_PKEY_RSA_method, SHA_CBLOCK, sizeof(EVP_MD *)+sizeof(SHA_CTX), }; -EVP_MD *EVP_sha1() +const EVP_MD *EVP_sha1(void) { return(&sha1_md); } +#endif diff --git a/src/lib/libcrypto/evp/names.c b/src/lib/libcrypto/evp/names.c index e0774da20d..eb9f4329cd 100644 --- a/src/lib/libcrypto/evp/names.c +++ b/src/lib/libcrypto/evp/names.c @@ -58,228 +58,66 @@ #include #include "cryptlib.h" -#include "evp.h" -#include "objects.h" +#include +#include +#include -typedef struct aliases_st { - char *alias; - /* This must be the last field becaue I will allocate things - * so they go off the end of it */ - char name[4]; - } ALIASES; - -static STACK /* ALIASES */ *aliases=NULL; -static STACK /* EVP_CIPHERS */ *ciphers=NULL; -static STACK /* EVP_MD */ *digests=NULL; - -static int cipher_nid_cmp(a,b) -EVP_CIPHER **a,**b; - { return((*a)->nid - (*b)->nid); } - -static int digest_type_cmp(a,b) -EVP_MD **a,**b; - { return((*a)->pkey_type - (*b)->pkey_type); } - -int EVP_add_cipher(c) -EVP_CIPHER *c; - { - int i; - - if (ciphers == NULL) - { - ciphers=sk_new(cipher_nid_cmp); - if (ciphers == NULL) return(0); - } - if ((i=sk_find(ciphers,(char *)c)) >= 0) - { - if (sk_value(ciphers,i) == (char *)c) - return(1); - sk_delete(ciphers,i); - } - return(sk_push(ciphers,(char *)c)); - } - -int EVP_add_digest(md) -EVP_MD *md; +int EVP_add_cipher(const EVP_CIPHER *c) { - int i; - char *n; + int r; - if (digests == NULL) - { - digests=sk_new(digest_type_cmp); - if (digests == NULL) return(0); - } - if ((i=sk_find(digests,(char *)md)) >= 0) - { - if (sk_value(digests,i) == (char *)md) - return(1); - sk_delete(digests,i); - } - if (md->type != md->pkey_type) - { - n=OBJ_nid2sn(md->pkey_type); - EVP_add_alias(n,OBJ_nid2sn(md->type)); - EVP_add_alias(n,OBJ_nid2ln(md->type)); - } - sk_push(digests,(char *)md); - return(1); - } - -static int alias_cmp(a,b) -ALIASES **a,**b; - { - return(strcmp((*a)->alias,(*b)->alias)); + r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c); + if (r == 0) return(0); + r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c); + return(r); } -int EVP_add_alias(name,aname) -char *name; -char *aname; +int EVP_add_digest(const EVP_MD *md) { - int l1,l2,i; - ALIASES *a; - char *p; + int r; + const char *name; - if ((name == NULL) || (aname == NULL)) return(0); - l1=strlen(name)+1; - l2=strlen(aname)+1; - i=sizeof(ALIASES)+l1+l2; - if ((a=(ALIASES *)Malloc(i)) == NULL) - return(0); - strcpy(a->name,name); - p= &(a->name[l1]); - strcpy(p,aname); - a->alias=p; + name=OBJ_nid2sn(md->type); + r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(char *)md); + if (r == 0) return(0); + r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(char *)md); + if (r == 0) return(0); - if (aliases == NULL) - { - aliases=sk_new(alias_cmp); - if (aliases == NULL) goto err; - } - - if ((i=sk_find(aliases,(char *)a)) >= 0) + if (md->type != md->pkey_type) { - Free(sk_delete(aliases,i)); + r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type), + OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name); + if (r == 0) return(0); + r=OBJ_NAME_add(OBJ_nid2ln(md->pkey_type), + OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name); } - if (!sk_push(aliases,(char *)a)) goto err; - return(1); -err: - return(0); + return(r); } -int EVP_delete_alias(name) -char *name; +const EVP_CIPHER *EVP_get_cipherbyname(const char *name) { - ALIASES a; - int i; + const EVP_CIPHER *cp; - if (aliases != NULL) - { - a.alias=name; - if ((i=sk_find(aliases,(char *)&a)) >= 0) - { - Free(sk_delete(aliases,i)); - return(1); - } - } - return(0); + cp=(const EVP_CIPHER *)OBJ_NAME_get(name,OBJ_NAME_TYPE_CIPHER_METH); + return(cp); } -EVP_CIPHER *EVP_get_cipherbyname(name) -char *name; +const EVP_MD *EVP_get_digestbyname(const char *name) { - int nid,num=6,i; - EVP_CIPHER c,*cp; - ALIASES a,*ap; - - if (ciphers == NULL) return(NULL); - for (;;) - { - if (num-- <= 0) return(NULL); - if (aliases != NULL) - { - a.alias=name; - i=sk_find(aliases,(char *)&a); - if (i >= 0) - { - ap=(ALIASES *)sk_value(aliases,i); - name=ap->name; - continue; - } - } + const EVP_MD *cp; - nid=OBJ_txt2nid(name); - if (nid == NID_undef) return(NULL); - c.nid=nid; - i=sk_find(ciphers,(char *)&c); - if (i >= 0) - { - cp=(EVP_CIPHER *)sk_value(ciphers,i); - return(cp); - } - else - return(NULL); - } + cp=(const EVP_MD *)OBJ_NAME_get(name,OBJ_NAME_TYPE_MD_METH); + return(cp); } -EVP_MD *EVP_get_digestbyname(name) -char *name; +void EVP_cleanup(void) { - int nid,num=6,i; - EVP_MD c,*cp; - ALIASES a,*ap; - - if (digests == NULL) return(NULL); - - for (;;) - { - if (num-- <= 0) return(NULL); - - if (aliases != NULL) - { - a.alias=name; - i=sk_find(aliases,(char *)&a); - if (i >= 0) - { - ap=(ALIASES *)sk_value(aliases,i); - name=ap->name; - continue; - } - } - - nid=OBJ_txt2nid(name); - if (nid == NID_undef) return(NULL); - c.pkey_type=nid; - i=sk_find(digests,(char *)&c); - if (i >= 0) - { - cp=(EVP_MD *)sk_value(digests,i); - return(cp); - } - else - return(NULL); - } - } - -void EVP_cleanup() - { - int i; - - if (aliases != NULL) - { - for (i=0; isalt->data; saltlen = pbe->salt->length; - EVP_DigestInit (&ctx, md); - EVP_DigestUpdate (&ctx, pass, passlen); - EVP_DigestUpdate (&ctx, salt, saltlen); + if(!pass) passlen = 0; + else if(passlen == -1) passlen = strlen(pass); + + EVP_MD_CTX_init(&ctx); + EVP_DigestInit_ex(&ctx, md, NULL); + EVP_DigestUpdate(&ctx, pass, passlen); + EVP_DigestUpdate(&ctx, salt, saltlen); PBEPARAM_free(pbe); - EVP_DigestFinal (&ctx, md_tmp, NULL); + EVP_DigestFinal_ex(&ctx, md_tmp, NULL); for (i = 1; i < iter; i++) { - EVP_DigestInit(&ctx, md); + EVP_DigestInit_ex(&ctx, md, NULL); EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md)); - EVP_DigestFinal (&ctx, md_tmp, NULL); + EVP_DigestFinal_ex (&ctx, md_tmp, NULL); } - memcpy (key, md_tmp, EVP_CIPHER_key_length(cipher)); - memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), + EVP_MD_CTX_cleanup(&ctx); + memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); + memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), EVP_CIPHER_iv_length(cipher)); - EVP_CipherInit(cctx, cipher, key, iv, en_de); + EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de); memset(md_tmp, 0, EVP_MAX_MD_SIZE); memset(key, 0, EVP_MAX_KEY_LENGTH); memset(iv, 0, EVP_MAX_IV_LENGTH); diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c index 27a2c518be..7881860b53 100644 --- a/src/lib/libcrypto/evp/p5_crpt2.c +++ b/src/lib/libcrypto/evp/p5_crpt2.c @@ -55,7 +55,7 @@ * Hudson (tjh@cryptsoft.com). * */ -#if !defined(NO_HMAC) && !defined(NO_SHA) +#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) #include #include #include @@ -84,9 +84,12 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, int cplen, j, k, tkeylen; unsigned long i = 1; HMAC_CTX hctx; + + HMAC_CTX_init(&hctx); p = out; tkeylen = keylen; - if(passlen == -1) passlen = strlen(pass); + if(!pass) passlen = 0; + else if(passlen == -1) passlen = strlen(pass); while(tkeylen) { if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH; else cplen = tkeylen; @@ -97,7 +100,7 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, itmp[1] = (unsigned char)((i >> 16) & 0xff); itmp[2] = (unsigned char)((i >> 8) & 0xff); itmp[3] = (unsigned char)(i & 0xff); - HMAC_Init(&hctx, pass, passlen, EVP_sha1()); + HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL); HMAC_Update(&hctx, salt, saltlen); HMAC_Update(&hctx, itmp, 4); HMAC_Final(&hctx, digtmp, NULL); @@ -111,7 +114,7 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, i++; p+= cplen; } - HMAC_cleanup(&hctx); + HMAC_CTX_cleanup(&hctx); #ifdef DEBUG_PKCS5V2 fprintf(stderr, "Password:\n"); h__dump (pass, passlen); @@ -142,7 +145,7 @@ main() */ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER *c, EVP_MD *md, + ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) { unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH]; @@ -180,7 +183,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, } /* Fixup cipher based on AlgorithmIdentifier */ - EVP_CipherInit(ctx, cipher, NULL, NULL, en_de); + EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de); if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_CIPHER_PARAMETER_ERROR); @@ -226,7 +229,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, saltlen = kdf->salt->value.octet_string->length; iter = ASN1_INTEGER_get(kdf->iter); PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key); - EVP_CipherInit(ctx, NULL, key, NULL, en_de); + EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); memset(key, 0, keylen); PBKDF2PARAM_free(kdf); return 1; diff --git a/src/lib/libcrypto/evp/p_dec.c b/src/lib/libcrypto/evp/p_dec.c index e845ce70c7..8af620400e 100644 --- a/src/lib/libcrypto/evp/p_dec.c +++ b/src/lib/libcrypto/evp/p_dec.c @@ -58,27 +58,30 @@ #include #include "cryptlib.h" -#include "rand.h" -#include "rsa.h" -#include "evp.h" -#include "objects.h" -#include "x509.h" +#include +#ifndef OPENSSL_NO_RSA +#include +#endif +#include +#include +#include -int EVP_PKEY_decrypt(key,ek,ekl,priv) -unsigned char *key; -unsigned char *ek; -int ekl; -EVP_PKEY *priv; +int EVP_PKEY_decrypt(unsigned char *key, unsigned char *ek, int ekl, + EVP_PKEY *priv) { int ret= -1; +#ifndef OPENSSL_NO_RSA if (priv->type != EVP_PKEY_RSA) { +#endif EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA); +#ifndef OPENSSL_NO_RSA goto err; } ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING); err: +#endif return(ret); } diff --git a/src/lib/libcrypto/evp/p_enc.c b/src/lib/libcrypto/evp/p_enc.c index a26bfad02a..656883b996 100644 --- a/src/lib/libcrypto/evp/p_enc.c +++ b/src/lib/libcrypto/evp/p_enc.c @@ -58,26 +58,29 @@ #include #include "cryptlib.h" -#include "rand.h" -#include "rsa.h" -#include "evp.h" -#include "objects.h" -#include "x509.h" +#include +#ifndef OPENSSL_NO_RSA +#include +#endif +#include +#include +#include -int EVP_PKEY_encrypt(ek,key,key_len,pubk) -unsigned char *ek; -unsigned char *key; -int key_len; -EVP_PKEY *pubk; +int EVP_PKEY_encrypt(unsigned char *ek, unsigned char *key, int key_len, + EVP_PKEY *pubk) { int ret=0; +#ifndef OPENSSL_NO_RSA if (pubk->type != EVP_PKEY_RSA) { +#endif EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA); +#ifndef OPENSSL_NO_RSA goto err; } ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING); err: +#endif return(ret); } diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c index 395351b373..215b94292a 100644 --- a/src/lib/libcrypto/evp/p_lib.c +++ b/src/lib/libcrypto/evp/p_lib.c @@ -58,58 +58,49 @@ #include #include "cryptlib.h" -#include "objects.h" -#include "evp.h" -#include "asn1_mac.h" -#include "x509.h" +#include +#include +#include +#include -/* EVPerr(EVP_F_D2I_PKEY,EVP_R_UNSUPPORTED_CIPHER); */ -/* EVPerr(EVP_F_D2I_PKEY,EVP_R_IV_TOO_LARGE); */ - -#ifndef NOPROTO static void EVP_PKEY_free_it(EVP_PKEY *x); -#else -static void EVP_PKEY_free_it(); -#endif -int EVP_PKEY_bits(pkey) -EVP_PKEY *pkey; +int EVP_PKEY_bits(EVP_PKEY *pkey) { -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) return(BN_num_bits(pkey->pkey.rsa->n)); else #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) return(BN_num_bits(pkey->pkey.dsa->p)); #endif return(0); } -int EVP_PKEY_size(pkey) -EVP_PKEY *pkey; +int EVP_PKEY_size(EVP_PKEY *pkey) { -#ifndef NO_RSA + if (pkey == NULL) + return(0); +#ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) return(RSA_size(pkey->pkey.rsa)); else #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) return(DSA_size(pkey->pkey.dsa)); #endif return(0); } -int EVP_PKEY_save_parameters(pkey,mode) -EVP_PKEY *pkey; -int mode; +int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) { -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) { - int ret=pkey->save_parameters=mode; + int ret=pkey->save_parameters; if (mode >= 0) pkey->save_parameters=mode; @@ -119,8 +110,7 @@ int mode; return(0); } -int EVP_PKEY_copy_parameters(to,from) -EVP_PKEY *to,*from; +int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from) { if (to->type != from->type) { @@ -130,10 +120,10 @@ EVP_PKEY *to,*from; if (EVP_PKEY_missing_parameters(from)) { - EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARMATERS); + EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS); goto err; } -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (to->type == EVP_PKEY_DSA) { BIGNUM *a; @@ -156,10 +146,9 @@ err: return(0); } -int EVP_PKEY_missing_parameters(pkey) -EVP_PKEY *pkey; +int EVP_PKEY_missing_parameters(EVP_PKEY *pkey) { -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) { DSA *dsa; @@ -172,10 +161,9 @@ EVP_PKEY *pkey; return(0); } -int EVP_PKEY_cmp_parameters(a,b) -EVP_PKEY *a,*b; +int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b) { -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) { if ( BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) || @@ -189,11 +177,11 @@ EVP_PKEY *a,*b; return(-1); } -EVP_PKEY *EVP_PKEY_new() +EVP_PKEY *EVP_PKEY_new(void) { EVP_PKEY *ret; - ret=(EVP_PKEY *)Malloc(sizeof(EVP_PKEY)); + ret=(EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY)); if (ret == NULL) { EVPerr(EVP_F_EVP_PKEY_NEW,ERR_R_MALLOC_FAILURE); @@ -207,10 +195,7 @@ EVP_PKEY *EVP_PKEY_new() return(ret); } -int EVP_PKEY_assign(pkey,type,key) -EVP_PKEY *pkey; -int type; -char *key; +int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key) { if (pkey == NULL) return(0); if (pkey->pkey.ptr != NULL) @@ -218,11 +203,71 @@ char *key; pkey->type=EVP_PKEY_type(type); pkey->save_type=type; pkey->pkey.ptr=key; - return(1); + return(key != NULL); + } + +#ifndef OPENSSL_NO_RSA +int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) +{ + int ret = EVP_PKEY_assign_RSA(pkey, key); + if(ret) + RSA_up_ref(key); + return ret; +} + +RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) + { + if(pkey->type != EVP_PKEY_RSA) { + EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY); + return NULL; } + RSA_up_ref(pkey->pkey.rsa); + return pkey->pkey.rsa; +} +#endif + +#ifndef OPENSSL_NO_DSA +int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key) +{ + int ret = EVP_PKEY_assign_DSA(pkey, key); + if(ret) + DSA_up_ref(key); + return ret; +} + +DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) + { + if(pkey->type != EVP_PKEY_DSA) { + EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY); + return NULL; + } + DSA_up_ref(pkey->pkey.dsa); + return pkey->pkey.dsa; +} +#endif + +#ifndef OPENSSL_NO_DH + +int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) +{ + int ret = EVP_PKEY_assign_DH(pkey, key); + if(ret) + DH_up_ref(key); + return ret; +} + +DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) + { + if(pkey->type != EVP_PKEY_DH) { + EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY); + return NULL; + } + DH_up_ref(pkey->pkey.dh); + return pkey->pkey.dh; +} +#endif -int EVP_PKEY_type(type) -int type; +int EVP_PKEY_type(int type) { switch (type) { @@ -242,8 +287,7 @@ int type; } } -void EVP_PKEY_free(x) -EVP_PKEY *x; +void EVP_PKEY_free(EVP_PKEY *x) { int i; @@ -262,21 +306,20 @@ EVP_PKEY *x; } #endif EVP_PKEY_free_it(x); - Free((char *)x); + OPENSSL_free(x); } -static void EVP_PKEY_free_it(x) -EVP_PKEY *x; +static void EVP_PKEY_free_it(EVP_PKEY *x) { switch (x->type) { -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA case EVP_PKEY_RSA: case EVP_PKEY_RSA2: RSA_free(x->pkey.rsa); break; #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA case EVP_PKEY_DSA: case EVP_PKEY_DSA2: case EVP_PKEY_DSA3: @@ -284,7 +327,7 @@ EVP_PKEY *x; DSA_free(x->pkey.dsa); break; #endif -#ifndef NO_DH +#ifndef OPENSSL_NO_DH case EVP_PKEY_DH: DH_free(x->pkey.dh); break; diff --git a/src/lib/libcrypto/evp/p_open.c b/src/lib/libcrypto/evp/p_open.c index 28a8e02252..6976f2a867 100644 --- a/src/lib/libcrypto/evp/p_open.c +++ b/src/lib/libcrypto/evp/p_open.c @@ -56,64 +56,68 @@ * [including the GNU Public Licence.] */ +#ifndef OPENSSL_NO_RSA #include #include "cryptlib.h" -#include "evp.h" -#include "objects.h" -#include "x509.h" +#include +#include +#include -int EVP_OpenInit(ctx,type,ek,ekl,iv,priv) -EVP_CIPHER_CTX *ctx; -EVP_CIPHER *type; -unsigned char *ek; -int ekl; -unsigned char *iv; -EVP_PKEY *priv; +int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek, + int ekl, unsigned char *iv, EVP_PKEY *priv) { unsigned char *key=NULL; int i,size=0,ret=0; - + + if(type) { + EVP_CIPHER_CTX_init(ctx); + if(!EVP_DecryptInit_ex(ctx,type,NULL, NULL,NULL)) return 0; + } + + if(!priv) return 1; + if (priv->type != EVP_PKEY_RSA) { EVPerr(EVP_F_EVP_OPENINIT,EVP_R_PUBLIC_KEY_NOT_RSA); - ret= -1; goto err; } size=RSA_size(priv->pkey.rsa); - key=(unsigned char *)Malloc(size+2); + key=(unsigned char *)OPENSSL_malloc(size+2); if (key == NULL) { /* ERROR */ EVPerr(EVP_F_EVP_OPENINIT,ERR_R_MALLOC_FAILURE); - ret= -1; goto err; } i=EVP_PKEY_decrypt(key,ek,ekl,priv); - if (i != type->key_len) + if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) { /* ERROR */ goto err; } + if(!EVP_DecryptInit_ex(ctx,NULL,NULL,key,iv)) goto err; - EVP_CIPHER_CTX_init(ctx); - EVP_DecryptInit(ctx,type,key,iv); ret=1; err: if (key != NULL) memset(key,0,size); - Free(key); + OPENSSL_free(key); return(ret); } -int EVP_OpenFinal(ctx,out,outl) -EVP_CIPHER_CTX *ctx; -unsigned char *out; -int *outl; +int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { int i; - i=EVP_DecryptFinal(ctx,out,outl); - EVP_DecryptInit(ctx,NULL,NULL,NULL); + i=EVP_DecryptFinal_ex(ctx,out,outl); + EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL); return(i); } +#else /* !OPENSSL_NO_RSA */ + +# ifdef PEDANTIC +static void *dummy=&dummy; +# endif + +#endif diff --git a/src/lib/libcrypto/evp/p_seal.c b/src/lib/libcrypto/evp/p_seal.c index 09a408de35..37e547fe72 100644 --- a/src/lib/libcrypto/evp/p_seal.c +++ b/src/lib/libcrypto/evp/p_seal.c @@ -58,35 +58,36 @@ #include #include "cryptlib.h" -#include "rand.h" -#include "rsa.h" -#include "evp.h" -#include "objects.h" -#include "x509.h" +#include +#ifndef OPENSSL_NO_RSA +#include +#endif +#include +#include +#include -int EVP_SealInit(ctx,type,ek,ekl,iv,pubk,npubk) -EVP_CIPHER_CTX *ctx; -EVP_CIPHER *type; -unsigned char **ek; -int *ekl; -unsigned char *iv; -EVP_PKEY **pubk; -int npubk; +int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, + int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk) { unsigned char key[EVP_MAX_KEY_LENGTH]; int i; - if (npubk <= 0) return(0); - RAND_bytes(key,EVP_MAX_KEY_LENGTH); - if (type->iv_len > 0) - RAND_bytes(iv,type->iv_len); + if(type) { + EVP_CIPHER_CTX_init(ctx); + if(!EVP_EncryptInit_ex(ctx,type,NULL,NULL,NULL)) return 0; + } + if ((npubk <= 0) || !pubk) + return 1; + if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0) + return 0; + if (EVP_CIPHER_CTX_iv_length(ctx)) + RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx)); - EVP_CIPHER_CTX_init(ctx); - EVP_EncryptInit(ctx,type,key,iv); + if(!EVP_EncryptInit_ex(ctx,NULL,NULL,key,iv)) return 0; for (i=0; i #include "cryptlib.h" -#include "evp.h" -#include "objects.h" -#include "x509.h" +#include +#include +#include #ifdef undef -void EVP_SignInit(ctx,type) -EVP_MD_CTX *ctx; -EVP_MD *type; +void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) { - EVP_DigestInit(ctx,type); + EVP_DigestInit_ex(ctx,type); } -void EVP_SignUpdate(ctx,data,count) -EVP_MD_CTX *ctx; -unsigned char *data; -unsigned int count; +void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, + unsigned int count) { EVP_DigestUpdate(ctx,data,count); } #endif -int EVP_SignFinal(ctx,sigret,siglen,pkey) -EVP_MD_CTX *ctx; -unsigned char *sigret; -unsigned int *siglen; -EVP_PKEY *pkey; +int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, + EVP_PKEY *pkey) { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; @@ -91,8 +84,10 @@ EVP_PKEY *pkey; MS_STATIC EVP_MD_CTX tmp_ctx; *siglen=0; - memcpy(&tmp_ctx,ctx,sizeof(EVP_MD_CTX)); - EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len); + EVP_MD_CTX_init(&tmp_ctx); + EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); + EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); + EVP_MD_CTX_cleanup(&tmp_ctx); for (i=0; i<4; i++) { v=ctx->digest->required_pkey_type[i]; diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c index 8d727d8f02..d854d743a5 100644 --- a/src/lib/libcrypto/evp/p_verify.c +++ b/src/lib/libcrypto/evp/p_verify.c @@ -58,15 +58,12 @@ #include #include "cryptlib.h" -#include "evp.h" -#include "objects.h" -#include "x509.h" +#include +#include +#include -int EVP_VerifyFinal(ctx,sigbuf,siglen,pkey) -EVP_MD_CTX *ctx; -unsigned char *sigbuf; -unsigned int siglen; -EVP_PKEY *pkey; +int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, + unsigned int siglen, EVP_PKEY *pkey) { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; @@ -88,8 +85,10 @@ EVP_PKEY *pkey; EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE); return(-1); } - memcpy(&tmp_ctx,ctx,sizeof(EVP_MD_CTX)); - EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len); + EVP_MD_CTX_init(&tmp_ctx); + EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); + EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); + EVP_MD_CTX_cleanup(&tmp_ctx); if (ctx->digest->verify == NULL) { EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); -- cgit v1.2.3-55-g6feb