From 6b62d1fdd8a4fd35acfcc0c4bb1bf8b757fa8cda Mon Sep 17 00:00:00 2001 From: djm <> Date: Sat, 6 Sep 2008 12:17:54 +0000 Subject: resolve conflicts --- src/lib/libcrypto/evp/bio_b64.c | 2 +- src/lib/libcrypto/evp/bio_enc.c | 4 +- src/lib/libcrypto/evp/bio_md.c | 11 +- src/lib/libcrypto/evp/bio_ok.c | 60 +++--- src/lib/libcrypto/evp/c_all.c | 6 + src/lib/libcrypto/evp/c_allc.c | 37 ++++ src/lib/libcrypto/evp/c_alld.c | 5 +- src/lib/libcrypto/evp/digest.c | 61 +----- src/lib/libcrypto/evp/e_aes.c | 22 +- src/lib/libcrypto/evp/e_bf.c | 2 +- src/lib/libcrypto/evp/e_cast.c | 4 +- src/lib/libcrypto/evp/e_des.c | 36 +++- src/lib/libcrypto/evp/e_des3.c | 61 +++++- src/lib/libcrypto/evp/e_idea.c | 4 +- src/lib/libcrypto/evp/e_null.c | 5 +- src/lib/libcrypto/evp/e_rc2.c | 12 +- src/lib/libcrypto/evp/e_rc4.c | 8 +- src/lib/libcrypto/evp/e_rc5.c | 5 +- src/lib/libcrypto/evp/e_xcbc_d.c | 5 +- src/lib/libcrypto/evp/encode.c | 10 +- src/lib/libcrypto/evp/evp.h | 257 +++++++++++++++--------- src/lib/libcrypto/evp/evp_enc.c | 127 +++++------- src/lib/libcrypto/evp/evp_err.c | 39 ++-- src/lib/libcrypto/evp/evp_key.c | 2 +- src/lib/libcrypto/evp/evp_lib.c | 125 +++++++++++- src/lib/libcrypto/evp/evp_locl.h | 24 +-- src/lib/libcrypto/evp/evp_pbe.c | 5 +- src/lib/libcrypto/evp/evp_pkey.c | 398 +++++++++++++++++++++++++++++++++---- src/lib/libcrypto/evp/evp_test.c | 61 ++++-- src/lib/libcrypto/evp/evptests.txt | 245 +++++++++++++---------- src/lib/libcrypto/evp/m_dss.c | 8 +- src/lib/libcrypto/evp/m_dss1.c | 18 +- src/lib/libcrypto/evp/m_md2.c | 10 +- src/lib/libcrypto/evp/m_md4.c | 10 +- src/lib/libcrypto/evp/m_md5.c | 10 +- src/lib/libcrypto/evp/m_mdc2.c | 8 +- src/lib/libcrypto/evp/m_null.c | 2 +- src/lib/libcrypto/evp/m_ripemd.c | 9 +- src/lib/libcrypto/evp/m_sha.c | 13 +- src/lib/libcrypto/evp/m_sha1.c | 46 ++--- src/lib/libcrypto/evp/names.c | 11 +- src/lib/libcrypto/evp/p5_crpt.c | 14 +- src/lib/libcrypto/evp/p5_crpt2.c | 21 +- src/lib/libcrypto/evp/p_dec.c | 2 +- src/lib/libcrypto/evp/p_enc.c | 2 +- src/lib/libcrypto/evp/p_lib.c | 177 ++++++++++++++++- src/lib/libcrypto/evp/p_open.c | 10 +- src/lib/libcrypto/evp/p_seal.c | 2 +- src/lib/libcrypto/evp/p_verify.c | 2 +- 49 files changed, 1407 insertions(+), 611 deletions(-) (limited to 'src/lib/libcrypto/evp') diff --git a/src/lib/libcrypto/evp/bio_b64.c b/src/lib/libcrypto/evp/bio_b64.c index 33349c2f98..fa5cbc7eb1 100644 --- a/src/lib/libcrypto/evp/bio_b64.c +++ b/src/lib/libcrypto/evp/bio_b64.c @@ -165,7 +165,7 @@ static int b64_read(BIO *b, char *out, int outl) { i=ctx->buf_len-ctx->buf_off; if (i > outl) i=outl; - OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf); + OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf)); memcpy(out,&(ctx->buf[ctx->buf_off]),i); ret=i; out+=i; diff --git a/src/lib/libcrypto/evp/bio_enc.c b/src/lib/libcrypto/evp/bio_enc.c index b8cda1a9f0..f6ac94c6e1 100644 --- a/src/lib/libcrypto/evp/bio_enc.c +++ b/src/lib/libcrypto/evp/bio_enc.c @@ -405,8 +405,8 @@ EVP_CIPHER_ctx *c; } */ -void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, unsigned char *k, - unsigned char *i, int e) +void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, + const unsigned char *i, int e) { BIO_ENC_CTX *ctx; diff --git a/src/lib/libcrypto/evp/bio_md.c b/src/lib/libcrypto/evp/bio_md.c index f4aa41ac4b..d648ac6da6 100644 --- a/src/lib/libcrypto/evp/bio_md.c +++ b/src/lib/libcrypto/evp/bio_md.c @@ -153,7 +153,7 @@ static int md_write(BIO *b, const char *in, int inl) { if (ret > 0) { - EVP_DigestUpdate(ctx,(unsigned char *)in, + EVP_DigestUpdate(ctx,(const unsigned char *)in, (unsigned int)ret); } } @@ -192,8 +192,13 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) ret=0; break; case BIO_C_GET_MD_CTX: - pctx=ptr; - *pctx=ctx; + if (b->init) + { + pctx=ptr; + *pctx=ctx; + } + else + ret=0; break; case BIO_C_SET_MD_CTX: if (b->init) diff --git a/src/lib/libcrypto/evp/bio_ok.c b/src/lib/libcrypto/evp/bio_ok.c index 4e3f10141b..98bc1ab409 100644 --- a/src/lib/libcrypto/evp/bio_ok.c +++ b/src/lib/libcrypto/evp/bio_ok.c @@ -119,6 +119,7 @@ #include #include +#include #include "cryptlib.h" #include #include @@ -141,22 +142,12 @@ static void block_in(BIO* b); #define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE) #define WELLKNOWN "The quick brown fox jumped over the lazy dog's back." -#ifndef L_ENDIAN -#define swapem(x) \ - ((unsigned long int)((((unsigned long int)(x) & 0x000000ffU) << 24) | \ - (((unsigned long int)(x) & 0x0000ff00U) << 8) | \ - (((unsigned long int)(x) & 0x00ff0000U) >> 8) | \ - (((unsigned long int)(x) & 0xff000000U) >> 24))) -#else -#define swapem(x) (x) -#endif - typedef struct ok_struct { - int buf_len; - int buf_off; - int buf_len_save; - int buf_off_save; + size_t buf_len; + size_t buf_off; + size_t buf_len_save; + size_t buf_off_save; int cont; /* <= 0 when finished */ int finished; EVP_MD_CTX md; @@ -295,6 +286,8 @@ static int ok_write(BIO *b, const char *in, int inl) int ret=0,n,i; BIO_OK_CTX *ctx; + if (inl <= 0) return inl; + ctx=(BIO_OK_CTX *)b->ptr; ret=inl; @@ -330,7 +323,7 @@ static int ok_write(BIO *b, const char *in, int inl) if ((in == NULL) || (inl <= 0)) return(0); n= (inl+ ctx->buf_len > OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) ? - OK_BLOCK_SIZE+ OK_BLOCK_BLOCK- ctx->buf_len : inl; + (int)(OK_BLOCK_SIZE+OK_BLOCK_BLOCK-ctx->buf_len) : inl; memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),(unsigned char *)in,n); ctx->buf_len+= n; @@ -448,16 +441,18 @@ static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) return(ret); } -static void longswap(void *_ptr, int len) -{ -#ifndef L_ENDIAN - int i; - char *ptr=_ptr; +static void longswap(void *_ptr, size_t len) +{ const union { long one; char little; } is_endian = {1}; - for(i= 0;i < len;i+= 4){ - *((unsigned long *)&(ptr[i]))= swapem(*((unsigned long *)&(ptr[i]))); + if (is_endian.little) { + size_t i; + unsigned char *p=_ptr,c; + + for(i= 0;i < len;i+= 4) { + c=p[0],p[0]=p[3],p[3]=c; + c=p[1],p[1]=p[2],p[2]=c; + } } -#endif } static void sig_out(BIO* b) @@ -496,7 +491,7 @@ static void sig_in(BIO* b) ctx=b->ptr; md=&ctx->md; - if(ctx->buf_len- ctx->buf_off < 2* md->digest->md_size) return; + if((int)(ctx->buf_len-ctx->buf_off) < 2*md->digest->md_size) return; EVP_DigestInit_ex(md, md->digest, NULL); memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size); @@ -533,9 +528,10 @@ static void block_out(BIO* b) md=&ctx->md; tl= ctx->buf_len- OK_BLOCK_BLOCK; - tl= swapem(tl); - memcpy(ctx->buf, &tl, OK_BLOCK_BLOCK); - tl= swapem(tl); + ctx->buf[0]=(unsigned char)(tl>>24); + ctx->buf[1]=(unsigned char)(tl>>16); + ctx->buf[2]=(unsigned char)(tl>>8); + ctx->buf[3]=(unsigned char)(tl); EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); ctx->buf_len+= md->digest->md_size; @@ -546,14 +542,18 @@ static void block_in(BIO* b) { BIO_OK_CTX *ctx; EVP_MD_CTX *md; - long tl= 0; + unsigned long tl= 0; unsigned char tmp[EVP_MAX_MD_SIZE]; ctx=b->ptr; md=&ctx->md; - memcpy(&tl, ctx->buf, OK_BLOCK_BLOCK); - tl= swapem(tl); + assert(sizeof(tl)>=OK_BLOCK_BLOCK); /* always true */ + tl =ctx->buf[0]; tl<<=8; + tl|=ctx->buf[1]; tl<<=8; + tl|=ctx->buf[2]; tl<<=8; + tl|=ctx->buf[3]; + if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return; EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c index fa60a73ead..a5da52e62d 100644 --- a/src/lib/libcrypto/evp/c_all.c +++ b/src/lib/libcrypto/evp/c_all.c @@ -74,6 +74,12 @@ void OpenSSL_add_all_algorithms(void) void OPENSSL_add_all_algorithms_noconf(void) { + /* + * For the moment OPENSSL_cpuid_setup does something + * only on IA-32, but we reserve the option for all + * platforms... + */ + OPENSSL_cpuid_setup(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); #ifndef OPENSSL_NO_ENGINE diff --git a/src/lib/libcrypto/evp/c_allc.c b/src/lib/libcrypto/evp/c_allc.c index fc96812365..7054d8125d 100644 --- a/src/lib/libcrypto/evp/c_allc.c +++ b/src/lib/libcrypto/evp/c_allc.c @@ -107,6 +107,15 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher_alias(SN_idea_cbc,"idea"); #endif +#ifndef OPENSSL_NO_SEED + EVP_add_cipher(EVP_seed_ecb()); + EVP_add_cipher(EVP_seed_cfb()); + EVP_add_cipher(EVP_seed_ofb()); + EVP_add_cipher(EVP_seed_cbc()); + EVP_add_cipher_alias(SN_seed_cbc,"SEED"); + EVP_add_cipher_alias(SN_seed_cbc,"seed"); +#endif + #ifndef OPENSSL_NO_RC2 EVP_add_cipher(EVP_rc2_ecb()); EVP_add_cipher(EVP_rc2_cfb()); @@ -183,6 +192,34 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher_alias(SN_aes_256_cbc,"AES256"); EVP_add_cipher_alias(SN_aes_256_cbc,"aes256"); #endif + +#ifndef OPENSSL_NO_CAMELLIA + EVP_add_cipher(EVP_camellia_128_ecb()); + EVP_add_cipher(EVP_camellia_128_cbc()); + EVP_add_cipher(EVP_camellia_128_cfb()); + EVP_add_cipher(EVP_camellia_128_cfb1()); + EVP_add_cipher(EVP_camellia_128_cfb8()); + EVP_add_cipher(EVP_camellia_128_ofb()); + EVP_add_cipher_alias(SN_camellia_128_cbc,"CAMELLIA128"); + EVP_add_cipher_alias(SN_camellia_128_cbc,"camellia128"); + EVP_add_cipher(EVP_camellia_192_ecb()); + EVP_add_cipher(EVP_camellia_192_cbc()); + EVP_add_cipher(EVP_camellia_192_cfb()); + EVP_add_cipher(EVP_camellia_192_cfb1()); + EVP_add_cipher(EVP_camellia_192_cfb8()); + EVP_add_cipher(EVP_camellia_192_ofb()); + EVP_add_cipher_alias(SN_camellia_192_cbc,"CAMELLIA192"); + EVP_add_cipher_alias(SN_camellia_192_cbc,"camellia192"); + EVP_add_cipher(EVP_camellia_256_ecb()); + EVP_add_cipher(EVP_camellia_256_cbc()); + EVP_add_cipher(EVP_camellia_256_cfb()); + EVP_add_cipher(EVP_camellia_256_cfb1()); + EVP_add_cipher(EVP_camellia_256_cfb8()); + EVP_add_cipher(EVP_camellia_256_ofb()); + EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256"); + EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256"); +#endif + PKCS12_PBE_add(); PKCS5_PBE_add(); } diff --git a/src/lib/libcrypto/evp/c_alld.c b/src/lib/libcrypto/evp/c_alld.c index 929ea56a3e..d270b0ee03 100644 --- a/src/lib/libcrypto/evp/c_alld.c +++ b/src/lib/libcrypto/evp/c_alld.c @@ -91,6 +91,9 @@ void OpenSSL_add_all_digests(void) EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); #endif +#ifndef OPENSSL_NO_ECDSA + EVP_add_digest(EVP_ecdsa()); +#endif #endif #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) EVP_add_digest(EVP_mdc2()); @@ -100,7 +103,6 @@ void OpenSSL_add_all_digests(void) EVP_add_digest_alias(SN_ripemd160,"ripemd"); EVP_add_digest_alias(SN_ripemd160,"rmd160"); #endif -#ifdef OPENSSL_FIPS #ifndef OPENSSL_NO_SHA256 EVP_add_digest(EVP_sha224()); EVP_add_digest(EVP_sha256()); @@ -108,6 +110,5 @@ void OpenSSL_add_all_digests(void) #ifndef OPENSSL_NO_SHA512 EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); -#endif #endif } diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c index f21c63842c..762e6d3450 100644 --- a/src/lib/libcrypto/evp/digest.c +++ b/src/lib/libcrypto/evp/digest.c @@ -137,39 +137,6 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) return EVP_DigestInit_ex(ctx, type, NULL); } -#ifdef OPENSSL_FIPS - -/* The purpose of these is to trap programs that attempt to use non FIPS - * algorithms in FIPS mode and ignore the errors. - */ - -static int bad_init(EVP_MD_CTX *ctx) - { FIPS_ERROR_IGNORED("Digest init"); return 0;} - -static int bad_update(EVP_MD_CTX *ctx,const void *data,unsigned long count) - { FIPS_ERROR_IGNORED("Digest update"); return 0;} - -static int bad_final(EVP_MD_CTX *ctx,unsigned char *md) - { FIPS_ERROR_IGNORED("Digest Final"); return 0;} - -static const EVP_MD bad_md = - { - 0, - 0, - 0, - 0, - bad_init, - bad_update, - bad_final, - NULL, - NULL, - NULL, - 0, - {0,0,0,0}, - }; - -#endif - int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); @@ -192,7 +159,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { if (!ENGINE_init(impl)) { - EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); return 0; } } @@ -206,7 +173,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) if(!d) { /* Same comment from evp_enc.c */ - EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); return 0; } /* We'll use the ENGINE's private digest definition */ @@ -222,24 +189,12 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) else if(!ctx->digest) { - EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET); + EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET); return 0; } #endif if (ctx->digest != type) { -#ifdef OPENSSL_FIPS - if (FIPS_mode()) - { - if (!(type->flags & EVP_MD_FLAG_FIPS) - && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) - { - EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS); - ctx->digest = &bad_md; - return 0; - } - } -#endif if (ctx->digest && ctx->digest->ctx_size) OPENSSL_free(ctx->md_data); ctx->digest=type; @@ -253,9 +208,9 @@ skip_to_init: } int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, - unsigned int count) + size_t count) { - return ctx->digest->update(ctx,data,(unsigned long)count); + return ctx->digest->update(ctx,data,count); } /* The caller can assume that this removes any secret data from the context */ @@ -296,14 +251,14 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) unsigned char *tmp_buf; if ((in == NULL) || (in->digest == NULL)) { - EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); + EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,EVP_R_INPUT_NOT_INITIALIZED); return 0; } #ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a digest context using an ENGINE */ if (in->engine && !ENGINE_init(in->engine)) { - EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB); + EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB); return 0; } #endif @@ -330,7 +285,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) return 1; } -int EVP_Digest(void *data, unsigned int count, +int EVP_Digest(const void *data, size_t count, unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) { EVP_MD_CTX ctx; diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c index 7b67984fa1..bd6c0a3a62 100644 --- a/src/lib/libcrypto/evp/e_aes.c +++ b/src/lib/libcrypto/evp/e_aes.c @@ -48,10 +48,12 @@ * */ +#include #ifndef OPENSSL_NO_AES #include #include #include +#include #include #include "evp_locl.h" @@ -67,32 +69,32 @@ typedef struct IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, NID_aes_128, 16, 16, 16, 128, - EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, + 0, aes_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, NID_aes_192, 16, 24, 16, 128, - EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, + 0, aes_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, NID_aes_256, 16, 32, 16, 128, - EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, + 0, aes_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) -#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags) +#define IMPLEMENT_AES_CFBR(ksize,cbits) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16) -IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS) -IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS) -IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS) +IMPLEMENT_AES_CFBR(128,1) +IMPLEMENT_AES_CFBR(192,1) +IMPLEMENT_AES_CFBR(256,1) -IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS) -IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS) -IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS) +IMPLEMENT_AES_CFBR(128,8) +IMPLEMENT_AES_CFBR(192,8) +IMPLEMENT_AES_CFBR(256,8) static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) diff --git a/src/lib/libcrypto/evp/e_bf.c b/src/lib/libcrypto/evp/e_bf.c index e74337567b..cc224e5363 100644 --- a/src/lib/libcrypto/evp/e_bf.c +++ b/src/lib/libcrypto/evp/e_bf.c @@ -56,9 +56,9 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_BF #include #include "cryptlib.h" +#ifndef OPENSSL_NO_BF #include #include "evp_locl.h" #include diff --git a/src/lib/libcrypto/evp/e_cast.c b/src/lib/libcrypto/evp/e_cast.c index 3400fef187..d77bcd9298 100644 --- a/src/lib/libcrypto/evp/e_cast.c +++ b/src/lib/libcrypto/evp/e_cast.c @@ -56,10 +56,10 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_CAST - #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_CAST #include #include #include "evp_locl.h" diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c index 46e2899825..856323648c 100644 --- a/src/lib/libcrypto/evp/e_des.c +++ b/src/lib/libcrypto/evp/e_des.c @@ -63,9 +63,11 @@ #include #include "evp_locl.h" #include +#include static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); +static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); /* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */ @@ -127,28 +129,48 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, - EVP_CIPH_FLAG_FIPS, des_init_key, NULL, + EVP_CIPH_RAND_KEY, des_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, - NULL) + des_ctrl) BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, - EVP_CIPH_FLAG_FIPS,des_init_key,NULL, + EVP_CIPH_RAND_KEY, des_init_key,NULL, EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv,NULL) + EVP_CIPHER_get_asn1_iv,des_ctrl) BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, - EVP_CIPH_FLAG_FIPS,des_init_key,NULL, + EVP_CIPH_RAND_KEY,des_init_key,NULL, EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv,NULL) + EVP_CIPHER_get_asn1_iv,des_ctrl) static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { DES_cblock *deskey = (DES_cblock *)key; - +#ifdef EVP_CHECK_DES_KEY + if(DES_set_key_checked(deskey,ctx->cipher_data) != 0) + return 0; +#else DES_set_key_unchecked(deskey,ctx->cipher_data); +#endif return 1; } +static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + { + + switch(type) + { + case EVP_CTRL_RAND_KEY: + if (RAND_bytes(ptr, 8) <= 0) + return 0; + DES_set_odd_parity((DES_cblock *)ptr); + return 1; + + default: + return -1; + } + } + #endif diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c index 677322bf02..ac148efab2 100644 --- a/src/lib/libcrypto/evp/e_des3.c +++ b/src/lib/libcrypto/evp/e_des3.c @@ -63,6 +63,7 @@ #include #include "evp_locl.h" #include +#include static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv,int enc); @@ -70,6 +71,8 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv,int enc); +static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); + typedef struct { DES_key_schedule ks1;/* key schedule */ @@ -85,7 +88,8 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { BLOCK_CIPHER_ecb_loop() - DES_ecb3_encrypt(in + i,out + i, + DES_ecb3_encrypt((const_DES_cblock *)(in + i), + (DES_cblock *)(out + i), &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ctx->encrypt); @@ -160,10 +164,10 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, - EVP_CIPH_FLAG_FIPS, des_ede_init_key, NULL, + EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, - NULL) + des3_ctrl) #define des_ede3_cfb64_cipher des_ede_cfb64_cipher #define des_ede3_ofb_cipher des_ede_ofb_cipher @@ -171,28 +175,35 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, #define des_ede3_ecb_cipher des_ede_ecb_cipher BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, - EVP_CIPH_FLAG_FIPS, des_ede3_init_key, NULL, + EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, - NULL) + des3_ctrl) BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, - EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL, + EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv,NULL) + EVP_CIPHER_get_asn1_iv, + des3_ctrl) BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, - EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL, + EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv,NULL) + EVP_CIPHER_get_asn1_iv, + des3_ctrl) static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { DES_cblock *deskey = (DES_cblock *)key; - +#ifdef EVP_CHECK_DES_KEY + if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1) + !! DES_set_key_checked(&deskey[1],&data(ctx)->ks2)) + return 0; +#else DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); +#endif memcpy(&data(ctx)->ks3,&data(ctx)->ks1, sizeof(data(ctx)->ks1)); return 1; @@ -213,13 +224,41 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, } #endif /* KSSL_DEBUG */ +#ifdef EVP_CHECK_DES_KEY + if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1) + || DES_set_key_checked(&deskey[1],&data(ctx)->ks2) + || DES_set_key_checked(&deskey[2],&data(ctx)->ks3)) + return 0; +#else DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3); - +#endif return 1; } +static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + { + + DES_cblock *deskey = ptr; + + switch(type) + { + case EVP_CTRL_RAND_KEY: + if (RAND_bytes(ptr, c->key_len) <= 0) + return 0; + DES_set_odd_parity(deskey); + if (c->key_len >= 16) + DES_set_odd_parity(deskey + 1); + if (c->key_len >= 24) + DES_set_odd_parity(deskey + 2); + return 1; + + default: + return -1; + } + } + const EVP_CIPHER *EVP_des_ede(void) { return &des_ede_ecb; diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c index b9efa75ae7..48c33a774a 100644 --- a/src/lib/libcrypto/evp/e_idea.c +++ b/src/lib/libcrypto/evp/e_idea.c @@ -56,10 +56,10 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_IDEA - #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_IDEA #include #include #include "evp_locl.h" diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c index a84b0f14b1..5205259f18 100644 --- a/src/lib/libcrypto/evp/e_null.c +++ b/src/lib/libcrypto/evp/e_null.c @@ -69,13 +69,14 @@ static const EVP_CIPHER n_cipher= { NID_undef, 1,0,0, - EVP_CIPH_FLAG_FIPS, + 0, null_init_key, null_cipher, NULL, 0, NULL, NULL, + NULL, NULL }; @@ -95,7 +96,7 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { if (in != out) - memcpy((char *)out,(char *)in,(int)inl); + memcpy((char *)out,(const char *)in,(size_t)inl); return 1; } diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c index d42cbfd17e..d37726ffae 100644 --- a/src/lib/libcrypto/evp/e_rc2.c +++ b/src/lib/libcrypto/evp/e_rc2.c @@ -56,10 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RC2 - #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_RC2 + #include #include #include "evp_locl.h" @@ -167,16 +168,17 @@ static int rc2_magic_to_meth(int i) static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { long num=0; - int i=0,l; + int i=0; int key_bits; + unsigned int l; unsigned char iv[EVP_MAX_IV_LENGTH]; if (type != NULL) { l=EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(l <= sizeof iv); + OPENSSL_assert(l <= sizeof(iv)); i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l); - if (i != l) + if (i != (int)l) return(-1); key_bits =rc2_magic_to_meth((int)num); if (!key_bits) diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c index 8aa70585b9..67af850bea 100644 --- a/src/lib/libcrypto/evp/e_rc4.c +++ b/src/lib/libcrypto/evp/e_rc4.c @@ -56,13 +56,13 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RC4 - #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_RC4 + #include #include -#include "evp_locl.h" #include /* FIXME: surely this is available elsewhere? */ @@ -90,6 +90,7 @@ static const EVP_CIPHER r4_cipher= sizeof(EVP_RC4_KEY), NULL, NULL, + NULL, NULL }; @@ -104,6 +105,7 @@ static const EVP_CIPHER r4_40_cipher= sizeof(EVP_RC4_KEY), NULL, NULL, + NULL, NULL }; diff --git a/src/lib/libcrypto/evp/e_rc5.c b/src/lib/libcrypto/evp/e_rc5.c index 3c7713b181..19a10c6402 100644 --- a/src/lib/libcrypto/evp/e_rc5.c +++ b/src/lib/libcrypto/evp/e_rc5.c @@ -56,10 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RC5 - #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_RC5 + #include #include #include "evp_locl.h" diff --git a/src/lib/libcrypto/evp/e_xcbc_d.c b/src/lib/libcrypto/evp/e_xcbc_d.c index a6f849e93d..8832da2433 100644 --- a/src/lib/libcrypto/evp/e_xcbc_d.c +++ b/src/lib/libcrypto/evp/e_xcbc_d.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_DES #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_DES + #include #include #include @@ -89,6 +91,7 @@ static const EVP_CIPHER d_xcbc_cipher= sizeof(DESX_CBC_KEY), EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, + NULL, NULL }; diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c index 33e540087d..5921f0d710 100644 --- a/src/lib/libcrypto/evp/encode.c +++ b/src/lib/libcrypto/evp/encode.c @@ -129,14 +129,14 @@ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) } void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - unsigned char *in, int inl) + const unsigned char *in, int inl) { int i,j; unsigned int total=0; *outl=0; if (inl == 0) return; - OPENSSL_assert(ctx->length <= sizeof ctx->enc_data); + OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); if ((ctx->num+inl) < ctx->length) { memcpy(&(ctx->enc_data[ctx->num]),in,inl); @@ -233,7 +233,7 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) * 1 for full line */ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - unsigned char *in, int inl) + const unsigned char *in, int inl) { int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl; unsigned char *d; @@ -259,7 +259,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, /* only save the good data :-) */ if (!B64_NOT_BASE64(v)) { - OPENSSL_assert(n < sizeof ctx->enc_data); + OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); d[n++]=tmp; ln++; } @@ -323,8 +323,8 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, if (n > 0) { v=EVP_DecodeBlock(out,d,n); - if (v < 0) { rv=0; goto end; } n=0; + if (v < 0) { rv=0; goto end; } ret+=(v-eof); } else diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index f29e0ba8f0..c19d764c15 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h @@ -75,10 +75,6 @@ #include #endif -#ifdef OPENSSL_FIPS -#include -#endif - /* #define EVP_RC2_KEY_SIZE 16 #define EVP_RC4_KEY_SIZE 16 @@ -86,7 +82,7 @@ #define EVP_CAST5_KEY_SIZE 16 #define EVP_RC5_32_12_16_KEY_SIZE 16 */ -#define EVP_MAX_MD_SIZE 64 /* longest known SHA512 */ +#define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */ #define EVP_MAX_KEY_LENGTH 32 #define EVP_MAX_IV_LENGTH 16 #define EVP_MAX_BLOCK_LENGTH 32 @@ -100,11 +96,13 @@ #define EVP_PK_RSA 0x0001 #define EVP_PK_DSA 0x0002 #define EVP_PK_DH 0x0004 +#define EVP_PK_EC 0x0008 #define EVP_PKT_SIGN 0x0010 #define EVP_PKT_ENC 0x0020 #define EVP_PKT_EXCH 0x0040 #define EVP_PKS_RSA 0x0100 #define EVP_PKS_DSA 0x0200 +#define EVP_PKS_EC 0x0400 #define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ #define EVP_PKEY_NONE NID_undef @@ -116,6 +114,7 @@ #define EVP_PKEY_DSA3 NID_dsaWithSHA1 #define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 #define EVP_PKEY_DH NID_dhKeyAgreement +#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey #ifdef __cplusplus extern "C" { @@ -139,6 +138,9 @@ struct evp_pkey_st #endif #ifndef OPENSSL_NO_DH struct dh_st *dh; /* DH */ +#endif +#ifndef OPENSSL_NO_EC + struct ec_key_st *ec; /* ECC */ #endif } pkey; int save_parameters; @@ -225,39 +227,58 @@ struct env_md_st int md_size; unsigned long flags; int (*init)(EVP_MD_CTX *ctx); - int (*update)(EVP_MD_CTX *ctx,const void *data,unsigned long count); + int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count); int (*final)(EVP_MD_CTX *ctx,unsigned char *md); int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from); int (*cleanup)(EVP_MD_CTX *ctx); /* FIXME: prototype these some day */ - int (*sign)(); - int (*verify)(); + int (*sign)(int type, const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, void *key); + int (*verify)(int type, const unsigned char *m, unsigned int m_length, + const unsigned char *sigbuf, unsigned int siglen, + void *key); int required_pkey_type[5]; /*EVP_PKEY_xxx */ int block_size; int ctx_size; /* how big does the ctx->md_data need to be */ } /* EVP_MD */; +typedef int evp_sign_method(int type,const unsigned char *m, + unsigned int m_length,unsigned char *sigret, + unsigned int *siglen, void *key); +typedef int evp_verify_method(int type,const unsigned char *m, + unsigned int m_length,const unsigned char *sigbuf, + unsigned int siglen, void *key); + #define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single * block */ -#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */ #define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} #ifndef OPENSSL_NO_DSA -#define EVP_PKEY_DSA_method DSA_sign,DSA_verify, \ +#define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \ + (evp_verify_method *)DSA_verify, \ {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ EVP_PKEY_DSA4,0} #else #define EVP_PKEY_DSA_method EVP_PKEY_NULL_method #endif +#ifndef OPENSSL_NO_ECDSA +#define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ + (evp_verify_method *)ECDSA_verify, \ + {EVP_PKEY_EC,0,0,0} +#else +#define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method +#endif + #ifndef OPENSSL_NO_RSA -#define EVP_PKEY_RSA_method RSA_sign,RSA_verify, \ +#define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \ + (evp_verify_method *)RSA_verify, \ {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} #define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ - RSA_sign_ASN1_OCTET_STRING, \ - RSA_verify_ASN1_OCTET_STRING, \ + (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \ + (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \ {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} #else #define EVP_PKEY_RSA_method EVP_PKEY_NULL_method @@ -283,9 +304,6 @@ struct env_md_ctx_st #define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data * in EVP_MD_CTX_cleanup */ -#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest - * in FIPS mode */ - struct evp_cipher_st { int nid; @@ -327,10 +345,8 @@ struct evp_cipher_st #define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 /* Don't use standard block padding */ #define EVP_CIPH_NO_PADDING 0x100 -/* Note if suitable for use in FIPS mode */ -#define EVP_CIPH_FLAG_FIPS 0x400 -/* Allow non FIPS cipher in FIPS mode */ -#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 +/* cipher handles random key generation */ +#define EVP_CIPH_RAND_KEY 0x200 /* ctrl() values */ @@ -341,6 +357,7 @@ struct evp_cipher_st #define EVP_CTRL_GET_RC5_ROUNDS 0x4 #define EVP_CTRL_SET_RC5_ROUNDS 0x5 #define EVP_CTRL_SET_ACSS_MODE 0x6 +#define EVP_CTRL_RAND_KEY 0x7 typedef struct evp_cipher_info_st { @@ -402,45 +419,47 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, (char *)(dh)) #endif +#ifndef OPENSSL_NO_EC +#define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ + (char *)(eckey)) +#endif + /* Add some extra combinations */ #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) -#define EVP_MD_type(e) ((e)->type) +int EVP_MD_type(const EVP_MD *md); #define EVP_MD_nid(e) EVP_MD_type(e) #define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) -#define EVP_MD_pkey_type(e) ((e)->pkey_type) -#define EVP_MD_size(e) ((e)->md_size) -#define EVP_MD_block_size(e) ((e)->block_size) +int EVP_MD_pkey_type(const EVP_MD *md); +int EVP_MD_size(const EVP_MD *md); +int EVP_MD_block_size(const EVP_MD *md); -#define EVP_MD_CTX_md(e) ((e)->digest) -#define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest) -#define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) -#define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) +const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +#define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) +#define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) +#define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) -#define EVP_CIPHER_nid(e) ((e)->nid) +int EVP_CIPHER_nid(const EVP_CIPHER *cipher); #define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) -#define EVP_CIPHER_block_size(e) ((e)->block_size) -#define EVP_CIPHER_key_length(e) ((e)->key_len) -#define EVP_CIPHER_iv_length(e) ((e)->iv_len) -#define EVP_CIPHER_flags(e) ((e)->flags) -#define EVP_CIPHER_mode(e) (((e)->flags) & EVP_CIPH_MODE) - -#define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) -#define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) -#define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) -#define EVP_CIPHER_CTX_key_length(e) ((e)->key_len) -#define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) -#define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) -#define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) +int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); +int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); +int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); +unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); +#define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) + +const EVP_CIPHER * EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) -#define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) -#define EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) -#define EVP_CIPHER_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) -#define EVP_CIPHER_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) -#define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE) +unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); +#define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) #define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) #define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) @@ -465,7 +484,10 @@ void BIO_set_md(BIO *,const EVP_MD *md); #define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) #define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) -#define EVP_Cipher(c,o,i,l) (c)->cipher->do_cipher((c),(o),(i),(l)) +int EVP_Cipher(EVP_CIPHER_CTX *c, + unsigned char *out, + const unsigned char *in, + unsigned int inl); #define EVP_add_cipher_alias(n,alias) \ OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) @@ -481,14 +503,14 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); EVP_MD_CTX *EVP_MD_CTX_create(void); void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); -#define EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) -#define EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) -#define EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) +void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); +void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); +int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags); int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, - unsigned int cnt); + size_t cnt); int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); -int EVP_Digest(void *data, unsigned int count, +int EVP_Digest(const void *data, size_t count, unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); @@ -496,7 +518,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); -void EVP_set_pw_prompt(char *prompt); +void EVP_set_pw_prompt(const char *prompt); char * EVP_get_pw_prompt(void); int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, @@ -535,43 +557,48 @@ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, EVP_PKEY *pkey); -int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, +int EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey); -int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *ek, - int ekl,unsigned char *iv,EVP_PKEY *priv); +int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, + const unsigned char *ek, int ekl, const unsigned char *iv, + EVP_PKEY *priv); int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, - int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); +int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char **ek, int *ekl, unsigned char *iv, + EVP_PKEY **pubk, int npubk); int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); -void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out, - int *outl,unsigned char *in,int inl); +void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, + const unsigned char *in,int inl); void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, - unsigned char *in, int inl); + const unsigned char *in, int inl); int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a); int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); #ifndef OPENSSL_NO_BIO BIO_METHOD *BIO_f_md(void); BIO_METHOD *BIO_f_base64(void); BIO_METHOD *BIO_f_cipher(void); BIO_METHOD *BIO_f_reliable(void); -void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k, - unsigned char *i, int enc); +void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,const unsigned char *k, + const unsigned char *i, int enc); #endif const EVP_MD *EVP_md_null(void); @@ -589,7 +616,8 @@ const EVP_MD *EVP_sha(void); const EVP_MD *EVP_sha1(void); const EVP_MD *EVP_dss(void); const EVP_MD *EVP_dss1(void); -#ifdef OPENSSL_FIPS +const EVP_MD *EVP_ecdsa(void); +#endif #ifndef OPENSSL_NO_SHA256 const EVP_MD *EVP_sha224(void); const EVP_MD *EVP_sha256(void); @@ -598,8 +626,6 @@ const EVP_MD *EVP_sha256(void); const EVP_MD *EVP_sha384(void); const EVP_MD *EVP_sha512(void); #endif -#endif -#endif #ifndef OPENSSL_NO_MDC2 const EVP_MD *EVP_mdc2(void); #endif @@ -720,6 +746,37 @@ const EVP_CIPHER *EVP_aes_256_ctr(void); #ifndef OPENSSL_NO_ACSS const EVP_CIPHER *EVP_acss(void); #endif +#ifndef OPENSSL_NO_CAMELLIA +const EVP_CIPHER *EVP_camellia_128_ecb(void); +const EVP_CIPHER *EVP_camellia_128_cbc(void); +const EVP_CIPHER *EVP_camellia_128_cfb1(void); +const EVP_CIPHER *EVP_camellia_128_cfb8(void); +const EVP_CIPHER *EVP_camellia_128_cfb128(void); +# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 +const EVP_CIPHER *EVP_camellia_128_ofb(void); +const EVP_CIPHER *EVP_camellia_192_ecb(void); +const EVP_CIPHER *EVP_camellia_192_cbc(void); +const EVP_CIPHER *EVP_camellia_192_cfb1(void); +const EVP_CIPHER *EVP_camellia_192_cfb8(void); +const EVP_CIPHER *EVP_camellia_192_cfb128(void); +# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 +const EVP_CIPHER *EVP_camellia_192_ofb(void); +const EVP_CIPHER *EVP_camellia_256_ecb(void); +const EVP_CIPHER *EVP_camellia_256_cbc(void); +const EVP_CIPHER *EVP_camellia_256_cfb1(void); +const EVP_CIPHER *EVP_camellia_256_cfb8(void); +const EVP_CIPHER *EVP_camellia_256_cfb128(void); +# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 +const EVP_CIPHER *EVP_camellia_256_ofb(void); +#endif + +#ifndef OPENSSL_NO_SEED +const EVP_CIPHER *EVP_seed_ecb(void); +const EVP_CIPHER *EVP_seed_cbc(void); +const EVP_CIPHER *EVP_seed_cfb128(void); +# define EVP_seed_cfb EVP_seed_cfb128 +const EVP_CIPHER *EVP_seed_ofb(void); +#endif void OPENSSL_add_all_algorithms_noconf(void); void OPENSSL_add_all_algorithms_conf(void); @@ -745,10 +802,12 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name); const EVP_MD *EVP_get_digestbyname(const char *name); void EVP_cleanup(void); -int EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key, - int enc_key_len,EVP_PKEY *private_key); +int EVP_PKEY_decrypt(unsigned char *dec_key, + const unsigned char *enc_key,int enc_key_len, + EVP_PKEY *private_key); int EVP_PKEY_encrypt(unsigned char *enc_key, - unsigned char *key,int key_len,EVP_PKEY *pub_key); + const unsigned char *key,int key_len, + EVP_PKEY *pub_key); int EVP_PKEY_type(int type); int EVP_PKEY_bits(EVP_PKEY *pkey); int EVP_PKEY_size(EVP_PKEY *pkey); @@ -769,24 +828,31 @@ struct dh_st; int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key); struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); #endif - +#ifndef OPENSSL_NO_EC +struct ec_key_st; +int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,struct ec_key_st *key); +struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +#endif EVP_PKEY * EVP_PKEY_new(void); void EVP_PKEY_free(EVP_PKEY *pkey); -EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp, + +EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp, long length); int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); -EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp, +EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, const unsigned char **pp, long length); -EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp, +EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, long length); int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); -int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from); -int EVP_PKEY_missing_parameters(EVP_PKEY *pkey); +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); -int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b); +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); int EVP_CIPHER_type(const EVP_CIPHER *ctx); @@ -803,7 +869,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, + const unsigned char *salt, int saltlen, int iter, int keylen, unsigned char *out); int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, @@ -826,30 +892,32 @@ void ERR_load_EVP_strings(void); /* Error codes for the EVP functions. */ /* Function codes. */ -#define EVP_F_AES_INIT_KEY 129 +#define EVP_F_AES_INIT_KEY 133 +#define EVP_F_CAMELLIA_INIT_KEY 159 #define EVP_F_D2I_PKEY 100 -#define EVP_F_EVP_ADD_CIPHER 130 -#define EVP_F_EVP_ADD_DIGEST 131 -#define EVP_F_EVP_CIPHERINIT 123 +#define EVP_F_DSAPKEY2PKCS8 134 +#define EVP_F_DSA_PKEY2PKCS8 135 +#define EVP_F_ECDSA_PKEY2PKCS8 129 +#define EVP_F_ECKEY_PKEY2PKCS8 132 +#define EVP_F_EVP_CIPHERINIT_EX 123 #define EVP_F_EVP_CIPHER_CTX_CTRL 124 #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 -#define EVP_F_EVP_DECRYPTFINAL 101 -#define EVP_F_EVP_DIGESTINIT 128 -#define EVP_F_EVP_ENCRYPTFINAL 127 -#define EVP_F_EVP_GET_CIPHERBYNAME 132 -#define EVP_F_EVP_GET_DIGESTBYNAME 133 -#define EVP_F_EVP_MD_CTX_COPY 110 +#define EVP_F_EVP_DECRYPTFINAL_EX 101 +#define EVP_F_EVP_DIGESTINIT_EX 128 +#define EVP_F_EVP_ENCRYPTFINAL_EX 127 +#define EVP_F_EVP_MD_CTX_COPY_EX 110 #define EVP_F_EVP_OPENINIT 102 #define EVP_F_EVP_PBE_ALG_ADD 115 #define EVP_F_EVP_PBE_CIPHERINIT 116 #define EVP_F_EVP_PKCS82PKEY 111 -#define EVP_F_EVP_PKCS8_SET_BROKEN 112 -#define EVP_F_EVP_PKEY2PKCS8 113 +#define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 #define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 #define EVP_F_EVP_PKEY_DECRYPT 104 #define EVP_F_EVP_PKEY_ENCRYPT 105 #define EVP_F_EVP_PKEY_GET1_DH 119 #define EVP_F_EVP_PKEY_GET1_DSA 120 +#define EVP_F_EVP_PKEY_GET1_ECDSA 130 +#define EVP_F_EVP_PKEY_GET1_EC_KEY 131 #define EVP_F_EVP_PKEY_GET1_RSA 121 #define EVP_F_EVP_PKEY_NEW 106 #define EVP_F_EVP_RIJNDAEL 126 @@ -857,28 +925,32 @@ void ERR_load_EVP_strings(void); #define EVP_F_EVP_VERIFYFINAL 108 #define EVP_F_PKCS5_PBE_KEYIVGEN 117 #define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 +#define EVP_F_PKCS8_SET_BROKEN 112 #define EVP_F_RC2_MAGIC_TO_METH 109 #define EVP_F_RC5_CTRL 125 /* Reason codes. */ -#define EVP_R_AES_KEY_SETUP_FAILED 140 +#define EVP_R_AES_KEY_SETUP_FAILED 143 +#define EVP_R_ASN1_LIB 140 #define EVP_R_BAD_BLOCK_LENGTH 136 #define EVP_R_BAD_DECRYPT 100 #define EVP_R_BAD_KEY_LENGTH 137 #define EVP_R_BN_DECODE_ERROR 112 #define EVP_R_BN_PUBKEY_ERROR 113 +#define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 #define EVP_R_CIPHER_PARAMETER_ERROR 122 #define EVP_R_CTRL_NOT_IMPLEMENTED 132 #define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 #define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 #define EVP_R_DECODE_ERROR 114 #define EVP_R_DIFFERENT_KEY_TYPES 101 -#define EVP_R_DISABLED_FOR_FIPS 141 #define EVP_R_ENCODE_ERROR 115 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 #define EVP_R_EXPECTING_AN_RSA_KEY 127 #define EVP_R_EXPECTING_A_DH_KEY 128 #define EVP_R_EXPECTING_A_DSA_KEY 129 +#define EVP_R_EXPECTING_A_ECDSA_KEY 141 +#define EVP_R_EXPECTING_A_EC_KEY 142 #define EVP_R_INITIALIZATION_ERROR 134 #define EVP_R_INPUT_NOT_INITIALIZED 111 #define EVP_R_INVALID_KEY_LENGTH 130 @@ -903,6 +975,7 @@ void ERR_load_EVP_strings(void); #define EVP_R_UNSUPPORTED_SALT_TYPE 126 #define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 #define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 +#define EVP_R_SEED_KEY_SETUP_FAILED 162 #ifdef __cplusplus } diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index f549eeb437..a1904993bf 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c @@ -60,12 +60,13 @@ #include "cryptlib.h" #include #include +#include #ifndef OPENSSL_NO_ENGINE #include #endif #include "evp_locl.h" -const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT; +const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) { @@ -73,6 +74,13 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) /* ctx->cipher=NULL; */ } +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) + { + EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx); + if (ctx) + EVP_CIPHER_CTX_init(ctx); + return ctx; + } int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, int enc) @@ -82,48 +90,6 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); } -#ifdef OPENSSL_FIPS - -/* The purpose of these is to trap programs that attempt to use non FIPS - * algorithms in FIPS mode and ignore the errors. - */ - -int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { FIPS_ERROR_IGNORED("Cipher init"); return 0;} - -int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) - { FIPS_ERROR_IGNORED("Cipher update"); return 0;} - -/* NB: no cleanup because it is allowed after failed init */ - -int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) - { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;} -int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) - { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;} -int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) - { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;} - -static const EVP_CIPHER bad_cipher = - { - 0, - 0, - 0, - 0, - 0, - bad_init, - bad_do_cipher, - NULL, - 0, - bad_set_asn1, - bad_get_asn1, - bad_ctrl, - NULL - }; - -#endif - int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc) { @@ -158,7 +124,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp { if (!ENGINE_init(impl)) { - EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; } } @@ -175,7 +141,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp * control history, is that we should at least * be able to avoid using US mispellings of * "initialisation"? */ - EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; } /* We'll use the ENGINE's private cipher definition */ @@ -188,13 +154,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp else ctx->engine = NULL; #endif + ctx->cipher=cipher; if (ctx->cipher->ctx_size) { ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); if (!ctx->cipher_data) { - EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); return 0; } } @@ -208,14 +175,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp { if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { - EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; } } } else if(!ctx->cipher) { - EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET); + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET); return 0; } #ifndef OPENSSL_NO_ENGINE @@ -240,7 +207,8 @@ skip_to_init: case EVP_CIPH_CBC_MODE: - OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv); + OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= + (int)sizeof(ctx->iv)); if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); break; @@ -251,24 +219,6 @@ skip_to_init: } } -#ifdef OPENSSL_FIPS - /* After 'key' is set no further parameters changes are permissible. - * So only check for non FIPS enabling at this point. - */ - if (key && FIPS_mode()) - { - if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS) - & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) - { - EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS); - ERR_add_error_data(2, "cipher=", - EVP_CIPHER_name(ctx->cipher)); - ctx->cipher = &bad_cipher; - return 0; - } - } -#endif - if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; } @@ -345,7 +295,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } i=ctx->buf_len; bl=ctx->cipher->block_size; - OPENSSL_assert(bl <= sizeof ctx->buf); + OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); if (i != 0) { if (i+inl < bl) @@ -391,7 +341,8 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - int i,n,b,bl,ret; + int n,ret; + unsigned int i, b, bl; b=ctx->cipher->block_size; OPENSSL_assert(b <= sizeof ctx->buf); @@ -405,7 +356,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { if(bl) { - EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); + EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); return 0; } *outl = 0; @@ -427,7 +378,8 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int b, fix_len; + int fix_len; + unsigned int b; if (inl == 0) { @@ -480,8 +432,8 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - int i,b; - int n; + int i,n; + unsigned int b; *outl=0; b=ctx->cipher->block_size; @@ -489,7 +441,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { if(ctx->buf_len) { - EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); return 0; } *outl = 0; @@ -499,21 +451,21 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { if (ctx->buf_len || !ctx->final_used) { - EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH); + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH); return(0); } OPENSSL_assert(b <= sizeof ctx->final); n=ctx->final[b-1]; - if (n > b) + if (n == 0 || n > (int)b) { - EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); return(0); } for (i=0; ifinal[--b] != n) { - EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); return(0); } } @@ -527,6 +479,15 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) return(1); } +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) + { + if (ctx) + { + EVP_CIPHER_CTX_cleanup(ctx); + OPENSSL_free(ctx); + } + } + int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) { if (c->cipher != NULL) @@ -590,3 +551,13 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) } return ret; } + +int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) + { + if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) + return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); + if (RAND_bytes(key, ctx->key_len) <= 0) + return 0; + return 1; + } + diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c index 77eee070d3..e8c9e8de9c 100644 --- a/src/lib/libcrypto/evp/evp_err.c +++ b/src/lib/libcrypto/evp/evp_err.c @@ -71,29 +71,31 @@ static ERR_STRING_DATA EVP_str_functs[]= { {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, +{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, -{ERR_FUNC(EVP_F_EVP_ADD_CIPHER), "EVP_add_cipher"}, -{ERR_FUNC(EVP_F_EVP_ADD_DIGEST), "EVP_add_digest"}, -{ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"}, +{ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, +{ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"}, +{ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"}, +{ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"}, +{ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"}, -{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL), "EVP_DecryptFinal"}, -{ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"}, -{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL), "EVP_EncryptFinal"}, -{ERR_FUNC(EVP_F_EVP_GET_CIPHERBYNAME), "EVP_get_cipherbyname"}, -{ERR_FUNC(EVP_F_EVP_GET_DIGESTBYNAME), "EVP_get_digestbyname"}, -{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY), "EVP_MD_CTX_copy"}, +{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, +{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, +{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, +{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, -{ERR_FUNC(EVP_F_EVP_PKCS8_SET_BROKEN), "EVP_PKCS8_SET_BROKEN"}, -{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8), "EVP_PKEY2PKCS8"}, +{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"}, {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"}, {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"}, {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"}, +{ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"}, +{ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"}, {ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"}, {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, {ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, @@ -101,6 +103,7 @@ static ERR_STRING_DATA EVP_str_functs[]= {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, +{ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"}, {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, {ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, {0,NULL} @@ -109,23 +112,26 @@ static ERR_STRING_DATA EVP_str_functs[]= static ERR_STRING_DATA EVP_str_reasons[]= { {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"}, +{ERR_REASON(EVP_R_ASN1_LIB) ,"asn1 lib"}, {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"}, {ERR_REASON(EVP_R_BAD_DECRYPT) ,"bad decrypt"}, {ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"}, {ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"}, {ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"}, +{ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),"camellia key setup failed"}, {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"}, {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"}, {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"}, {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"}, {ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, -{ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"}, {ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"}, {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"}, +{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"}, +{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) ,"expecting a ec key"}, {ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"}, {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"}, {ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"}, @@ -157,15 +163,12 @@ static ERR_STRING_DATA EVP_str_reasons[]= void ERR_load_EVP_strings(void) { - static int init=1; +#ifndef OPENSSL_NO_ERR - if (init) + if (ERR_func_error_string(EVP_str_functs[0].error) == NULL) { - init=0; -#ifndef OPENSSL_NO_ERR ERR_load_strings(0,EVP_str_functs); ERR_load_strings(0,EVP_str_reasons); -#endif - } +#endif } diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c index f8650d5df6..361ea69ab6 100644 --- a/src/lib/libcrypto/evp/evp_key.c +++ b/src/lib/libcrypto/evp/evp_key.c @@ -66,7 +66,7 @@ /* should be init to zeros. */ static char prompt_string[80]; -void EVP_set_pw_prompt(char *prompt) +void EVP_set_pw_prompt(const char *prompt) { if (prompt == NULL) prompt_string[0]='\0'; diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c index a63ba19317..edb28ef38e 100644 --- a/src/lib/libcrypto/evp/evp_lib.c +++ b/src/lib/libcrypto/evp/evp_lib.c @@ -68,7 +68,7 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->set_asn1_parameters != NULL) ret=c->cipher->set_asn1_parameters(c,type); else - return -1; + ret=-1; return(ret); } @@ -79,20 +79,21 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->get_asn1_parameters != NULL) ret=c->cipher->get_asn1_parameters(c,type); else - return -1; + ret=-1; return(ret); } int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { - int i=0,l; + int i=0; + unsigned int l; if (type != NULL) { l=EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(l <= sizeof c->iv); + OPENSSL_assert(l <= sizeof(c->iv)); i=ASN1_TYPE_get_octetstring(type,c->oiv,l); - if (i != l) + if (i != (int)l) return(-1); else if (i > 0) memcpy(c->iv,c->oiv,l); @@ -102,12 +103,13 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { - int i=0,j; + int i=0; + unsigned int j; if (type != NULL) { j=EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(j <= sizeof c->iv); + OPENSSL_assert(j <= sizeof(c->iv)); i=ASN1_TYPE_set_octetstring(type,c->oiv,j); } return(i); @@ -166,3 +168,112 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx) } } +int EVP_CIPHER_block_size(const EVP_CIPHER *e) + { + return e->block_size; + } + +int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) + { + return ctx->cipher->block_size; + } + +int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) + { + return ctx->cipher->do_cipher(ctx,out,in,inl); + } + +const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) + { + return ctx->cipher; + } + +unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) + { + return cipher->flags; + } + +unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) + { + return ctx->cipher->flags; + } + +void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) + { + return ctx->app_data; + } + +void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) + { + ctx->app_data = data; + } + +int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) + { + return cipher->iv_len; + } + +int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) + { + return ctx->cipher->iv_len; + } + +int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) + { + return cipher->key_len; + } + +int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) + { + return ctx->key_len; + } + +int EVP_CIPHER_nid(const EVP_CIPHER *cipher) + { + return cipher->nid; + } + +int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) + { + return ctx->cipher->nid; + } + +int EVP_MD_block_size(const EVP_MD *md) + { + return md->block_size; + } + +int EVP_MD_type(const EVP_MD *md) + { + return md->type; + } + +int EVP_MD_pkey_type(const EVP_MD *md) + { + return md->pkey_type; + } + +int EVP_MD_size(const EVP_MD *md) + { + return md->md_size; + } + +const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx) + { + return ctx->digest; + } + +void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags) + { + ctx->flags |= flags; + } + +void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags) + { + ctx->flags &= ~flags; + } + +int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags) + { + return (ctx->flags & flags); + } diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h index f8c5343620..073b0adcff 100644 --- a/src/lib/libcrypto/evp/evp_locl.h +++ b/src/lib/libcrypto/evp/evp_locl.h @@ -65,7 +65,7 @@ bl = ctx->cipher->block_size;\ if(inl < bl) return 1;\ inl -= bl; \ - for(i=0; i <= inl; i+=bl) \ + for(i=0; i <= inl; i+=bl) #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ @@ -92,7 +92,7 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ {\ - cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ + cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ return 1;\ } @@ -226,27 +226,11 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } #define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) -#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,flags) \ +#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \ BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ - flags, cipher##_init_key, NULL, \ + 0, cipher##_init_key, NULL, \ EVP_CIPHER_set_asn1_iv, \ EVP_CIPHER_get_asn1_iv, \ NULL) - -#ifdef OPENSSL_FIPS -#define RC2_set_key private_RC2_set_key -#define RC4_set_key private_RC4_set_key -#define CAST_set_key private_CAST_set_key -#define RC5_32_set_key private_RC5_32_set_key -#define BF_set_key private_BF_set_key -#define idea_set_encrypt_key private_idea_set_encrypt_key - -#define MD5_Init private_MD5_Init -#define MD4_Init private_MD4_Init -#define MD2_Init private_MD2_Init -#define MDC2_Init private_MDC2_Init -#define SHA_Init private_SHA_Init - -#endif diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c index 91e545a141..c26d2de0f3 100644 --- a/src/lib/libcrypto/evp/evp_pbe.c +++ b/src/lib/libcrypto/evp/evp_pbe.c @@ -74,7 +74,7 @@ const EVP_MD *md; EVP_PBE_KEYGEN *keygen; } EVP_PBE_CTL; -int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, +int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) { @@ -106,7 +106,8 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, static int pbe_cmp(const char * const *a, const char * const *b) { - EVP_PBE_CTL **pbe1 = (EVP_PBE_CTL **) a, **pbe2 = (EVP_PBE_CTL **)b; + const EVP_PBE_CTL * const *pbe1 = (const EVP_PBE_CTL * const *) a, + * const *pbe2 = (const EVP_PBE_CTL * const *)b; return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); } diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c index 47a69932a5..0147f3e02a 100644 --- a/src/lib/libcrypto/evp/evp_pkey.c +++ b/src/lib/libcrypto/evp/evp_pkey.c @@ -3,7 +3,7 @@ * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -61,14 +61,24 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif +#include #ifndef OPENSSL_NO_DSA static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); #endif +#ifndef OPENSSL_NO_EC +static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); +#endif /* Extract a private key from a PKCS8 structure */ -EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) +EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) { EVP_PKEY *pkey = NULL; #ifndef OPENSSL_NO_RSA @@ -76,16 +86,24 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) #endif #ifndef OPENSSL_NO_DSA DSA *dsa = NULL; + ASN1_TYPE *t1, *t2; ASN1_INTEGER *privkey; - ASN1_TYPE *t1, *t2, *param = NULL; STACK_OF(ASN1_TYPE) *ndsa = NULL; +#endif +#ifndef OPENSSL_NO_EC + EC_KEY *eckey = NULL; + const unsigned char *p_tmp; +#endif +#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) + ASN1_TYPE *param = NULL; BN_CTX *ctx = NULL; int plen; #endif X509_ALGOR *a; - unsigned char *p; + const unsigned char *p; const unsigned char *cp; int pkeylen; + int nid; char obj_tmp[80]; if(p8->pkey->type == V_ASN1_OCTET_STRING) { @@ -102,7 +120,8 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) return NULL; } a = p8->pkeyalg; - switch (OBJ_obj2nid(a->algorithm)) + nid = OBJ_obj2nid(a->algorithm); + switch(nid) { #ifndef OPENSSL_NO_RSA case NID_rsaEncryption: @@ -207,6 +226,112 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) EVP_PKEY_free(pkey); return NULL; break; +#endif +#ifndef OPENSSL_NO_EC + case NID_X9_62_id_ecPublicKey: + p_tmp = p; + /* extract the ec parameters */ + param = p8->pkeyalg->parameter; + + if (!param || ((param->type != V_ASN1_SEQUENCE) && + (param->type != V_ASN1_OBJECT))) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); + goto ecerr; + } + + if (param->type == V_ASN1_SEQUENCE) + { + cp = p = param->value.sequence->data; + plen = param->value.sequence->length; + + if (!(eckey = d2i_ECParameters(NULL, &cp, plen))) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, + EVP_R_DECODE_ERROR); + goto ecerr; + } + } + else + { + EC_GROUP *group; + cp = p = param->value.object->data; + plen = param->value.object->length; + + /* type == V_ASN1_OBJECT => the parameters are given + * by an asn1 OID + */ + if ((eckey = EC_KEY_new()) == NULL) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, + ERR_R_MALLOC_FAILURE); + goto ecerr; + } + group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object)); + if (group == NULL) + goto ecerr; + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); + if (EC_KEY_set_group(eckey, group) == 0) + goto ecerr; + EC_GROUP_free(group); + } + + /* We have parameters now set private key */ + if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen)) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); + goto ecerr; + } + + /* calculate public key (if necessary) */ + if (EC_KEY_get0_public_key(eckey) == NULL) + { + const BIGNUM *priv_key; + const EC_GROUP *group; + EC_POINT *pub_key; + /* the public key was not included in the SEC1 private + * key => calculate the public key */ + group = EC_KEY_get0_group(eckey); + pub_key = EC_POINT_new(group); + if (pub_key == NULL) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } + if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) + { + EC_POINT_free(pub_key); + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } + priv_key = EC_KEY_get0_private_key(eckey); + if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) + { + EC_POINT_free(pub_key); + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } + if (EC_KEY_set_public_key(eckey, pub_key) == 0) + { + EC_POINT_free(pub_key); + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } + EC_POINT_free(pub_key); + } + + EVP_PKEY_assign_EC_KEY(pkey, eckey); + if (ctx) + BN_CTX_free(ctx); + break; +ecerr: + if (ctx) + BN_CTX_free(ctx); + if (eckey) + EC_KEY_free(eckey); + if (pkey) + EVP_PKEY_free(pkey); + return NULL; #endif default: EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); @@ -231,17 +356,17 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) PKCS8_PRIV_KEY_INFO *p8; if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); return NULL; } p8->broken = broken; if (!ASN1_INTEGER_set(p8->version, 0)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); PKCS8_PRIV_KEY_INFO_free (p8); return NULL; } if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); PKCS8_PRIV_KEY_INFO_free (p8); return NULL; } @@ -254,9 +379,9 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); p8->pkeyalg->parameter->type = V_ASN1_NULL; - if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey, + if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey, &p8->pkey->value.octet_string)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); PKCS8_PRIV_KEY_INFO_free (p8); return NULL; } @@ -271,13 +396,22 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) break; #endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + if (!eckey_pkey2pkcs8(p8, pkey)) + { + PKCS8_PRIV_KEY_INFO_free(p8); + return(NULL); + } + break; +#endif default: - EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); + EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); PKCS8_PRIV_KEY_INFO_free (p8); return NULL; } RAND_add(p8->pkey->value.octet_string->data, - p8->pkey->value.octet_string->length, 0); + p8->pkey->value.octet_string->length, 0.0); return p8; } @@ -297,10 +431,8 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) break; default: - EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); + EVPerr(EVP_F_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); return NULL; - break; - } } @@ -317,24 +449,24 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); len = i2d_DSAparams (pkey->pkey.dsa, NULL); if (!(p = OPENSSL_malloc(len))) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); goto err; } q = p; i2d_DSAparams (pkey->pkey.dsa, &q); if (!(params = ASN1_STRING_new())) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); goto err; } if (!ASN1_STRING_set(params, p, len)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); goto err; } OPENSSL_free(p); p = NULL; /* Get private key into integer */ if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); + EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR); goto err; } @@ -343,9 +475,9 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) case PKCS8_OK: case PKCS8_NO_OCTET: - if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER, + if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER, &p8->pkey->value.octet_string)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); goto err; } @@ -363,39 +495,39 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) params = NULL; p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; if (!(ndsa = sk_ASN1_TYPE_new_null())) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); goto err; } if (!(ttmp = ASN1_TYPE_new())) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); goto err; } if (!(ttmp->value.integer = BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); + EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR); goto err; } ttmp->type = V_ASN1_INTEGER; if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); goto err; } if (!(ttmp = ASN1_TYPE_new())) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); goto err; } ttmp->value.integer = prkey; prkey = NULL; ttmp->type = V_ASN1_INTEGER; if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); goto err; } ttmp = NULL; if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); goto err; } @@ -403,7 +535,7 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) &p8->pkey->value.octet_string->data, &p8->pkey->value.octet_string->length)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); goto err; } sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); @@ -413,36 +545,36 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) p8->pkeyalg->parameter->type = V_ASN1_NULL; if (!(ndsa = sk_ASN1_TYPE_new_null())) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); goto err; } if (!(ttmp = ASN1_TYPE_new())) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); goto err; } ttmp->value.sequence = params; params = NULL; ttmp->type = V_ASN1_SEQUENCE; if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); goto err; } if (!(ttmp = ASN1_TYPE_new())) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); goto err; } ttmp->value.integer = prkey; prkey = NULL; ttmp->type = V_ASN1_INTEGER; if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); goto err; } ttmp = NULL; if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); goto err; } @@ -450,7 +582,7 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) &p8->pkey->value.octet_string->data, &p8->pkey->value.octet_string->length)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); goto err; } sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); @@ -466,3 +598,197 @@ err: return 0; } #endif + +#ifndef OPENSSL_NO_EC +static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) +{ + EC_KEY *ec_key; + const EC_GROUP *group; + unsigned char *p, *pp; + int nid, i, ret = 0; + unsigned int tmp_flags, old_flags; + + ec_key = pkey->pkey.ec; + if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) + { + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS); + return 0; + } + + /* set the ec parameters OID */ + if (p8->pkeyalg->algorithm) + ASN1_OBJECT_free(p8->pkeyalg->algorithm); + + p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey); + + /* set the ec parameters */ + + if (p8->pkeyalg->parameter) + { + ASN1_TYPE_free(p8->pkeyalg->parameter); + p8->pkeyalg->parameter = NULL; + } + + if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL) + { + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); + return 0; + } + + if (EC_GROUP_get_asn1_flag(group) + && (nid = EC_GROUP_get_curve_name(group))) + { + /* we have a 'named curve' => just set the OID */ + p8->pkeyalg->parameter->type = V_ASN1_OBJECT; + p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid); + } + else /* explicit parameters */ + { + if ((i = i2d_ECParameters(ec_key, NULL)) == 0) + { + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); + return 0; + } + if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL) + { + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); + return 0; + } + pp = p; + if (!i2d_ECParameters(ec_key, &pp)) + { + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); + OPENSSL_free(p); + return 0; + } + p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; + if ((p8->pkeyalg->parameter->value.sequence + = ASN1_STRING_new()) == NULL) + { + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB); + OPENSSL_free(p); + return 0; + } + ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i); + OPENSSL_free(p); + } + + /* set the private key */ + + /* do not include the parameters in the SEC1 private key + * see PKCS#11 12.11 */ + old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec); + tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; + EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags); + i = i2d_ECPrivateKey(pkey->pkey.ec, NULL); + if (!i) + { + EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); + return 0; + } + p = (unsigned char *) OPENSSL_malloc(i); + if (!p) + { + EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); + return 0; + } + pp = p; + if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp)) + { + EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); + OPENSSL_free(p); + return 0; + } + /* restore old encoding flags */ + EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); + + switch(p8->broken) { + + case PKCS8_OK: + p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); + if (!p8->pkey->value.octet_string || + !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string, + (const void *)p, i)) + + { + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); + } + else + ret = 1; + break; + case PKCS8_NO_OCTET: /* RSA specific */ + case PKCS8_NS_DB: /* DSA specific */ + case PKCS8_EMBEDDED_PARAM: /* DSA specific */ + default: + EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR); + } + OPENSSL_cleanse(p, (size_t)i); + OPENSSL_free(p); + return ret; +} +#endif + +/* EVP_PKEY attribute functions */ + +int EVP_PKEY_get_attr_count(const EVP_PKEY *key) +{ + return X509at_get_attr_count(key->attributes); +} + +int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, + int lastpos) +{ + return X509at_get_attr_by_NID(key->attributes, nid, lastpos); +} + +int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, + int lastpos) +{ + return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos); +} + +X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc) +{ + return X509at_get_attr(key->attributes, loc); +} + +X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc) +{ + return X509at_delete_attr(key->attributes, loc); +} + +int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr) +{ + if(X509at_add1_attr(&key->attributes, attr)) return 1; + return 0; +} + +int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len) +{ + if(X509at_add1_attr_by_OBJ(&key->attributes, obj, + type, bytes, len)) return 1; + return 0; +} + +int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, + int nid, int type, + const unsigned char *bytes, int len) +{ + if(X509at_add1_attr_by_NID(&key->attributes, nid, + type, bytes, len)) return 1; + return 0; +} + +int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, + const char *attrname, int type, + const unsigned char *bytes, int len) +{ + if(X509at_add1_attr_by_txt(&key->attributes, attrname, + type, bytes, len)) return 1; + return 0; +} diff --git a/src/lib/libcrypto/evp/evp_test.c b/src/lib/libcrypto/evp/evp_test.c index a624cfd248..bb6f02c2e9 100644 --- a/src/lib/libcrypto/evp/evp_test.c +++ b/src/lib/libcrypto/evp/evp_test.c @@ -52,6 +52,7 @@ #include "../e_os.h" +#include #include #ifndef OPENSSL_NO_ENGINE #include @@ -136,7 +137,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, const unsigned char *iv,int in, const unsigned char *plaintext,int pn, const unsigned char *ciphertext,int cn, - int encdec,int multiplier) + int encdec) { EVP_CIPHER_CTX ctx; unsigned char out[4096]; @@ -167,7 +168,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, } EVP_CIPHER_CTX_set_padding(&ctx,0); - if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn*multiplier)) + if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn)) { fprintf(stderr,"Encrypt failed\n"); ERR_print_errors_fp(stderr); @@ -180,7 +181,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, test1_exit(7); } - if(outl+outl2 != cn*multiplier) + if(outl+outl2 != cn) { fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n", outl+outl2,cn); @@ -206,7 +207,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, } EVP_CIPHER_CTX_set_padding(&ctx,0); - if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn*multiplier)) + if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn)) { fprintf(stderr,"Decrypt failed\n"); ERR_print_errors_fp(stderr); @@ -219,7 +220,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, test1_exit(7); } - if(outl+outl2 != cn*multiplier) + if(outl+outl2 != cn) { fprintf(stderr,"Plaintext length mismatch got %d expected %d\n", outl+outl2,cn); @@ -244,7 +245,7 @@ static int test_cipher(const char *cipher,const unsigned char *key,int kn, const unsigned char *iv,int in, const unsigned char *plaintext,int pn, const unsigned char *ciphertext,int cn, - int encdec,int multiplier) + int encdec) { const EVP_CIPHER *c; @@ -252,7 +253,7 @@ static int test_cipher(const char *cipher,const unsigned char *key,int kn, if(!c) return 0; - test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec,multiplier); + test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec); return 1; } @@ -368,7 +369,6 @@ int main(int argc,char **argv) unsigned char *iv,*key,*plaintext,*ciphertext; int encdec; int kn,in,pn,cn; - int multiplier=1; if(!fgets((char *)line,sizeof line,f)) break; @@ -393,17 +393,44 @@ int main(int argc,char **argv) pn=convert(plaintext); cn=convert(ciphertext); - if(strchr(cipher,'*')) - { - p=cipher; - sstrsep(&p,"*"); - multiplier=atoi(sstrsep(&p,"*")); - } - - if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec, - multiplier) + if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec) && !test_digest(cipher,plaintext,pn,ciphertext,cn)) { +#ifdef OPENSSL_NO_AES + if (strstr(cipher, "AES") == cipher) + { + fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); + continue; + } +#endif +#ifdef OPENSSL_NO_DES + if (strstr(cipher, "DES") == cipher) + { + fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); + continue; + } +#endif +#ifdef OPENSSL_NO_RC4 + if (strstr(cipher, "RC4") == cipher) + { + fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); + continue; + } +#endif +#ifdef OPENSSL_NO_CAMELLIA + if (strstr(cipher, "CAMELLIA") == cipher) + { + fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); + continue; + } +#endif +#ifdef OPENSSL_NO_SEED + if (strstr(cipher, "SEED") == cipher) + { + fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); + continue; + } +#endif fprintf(stderr,"Can't find %s\n",cipher); EXIT(3); } diff --git a/src/lib/libcrypto/evp/evptests.txt b/src/lib/libcrypto/evp/evptests.txt index dfe91a5bc0..beb12144b6 100644 --- a/src/lib/libcrypto/evp/evptests.txt +++ b/src/lib/libcrypto/evp/evptests.txt @@ -92,102 +92,7 @@ AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000 AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461 AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B - -# CFB1-AES128.Encrypt - -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:00:00:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00020406080a0c0e10121416181a1c1e:80:80:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0004080c1014181c2024282c3034383d:80:80:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0008101820283038404850586068707b:00:00:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00102030405060708090a0b0c0d0e0f6:80:80:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0020406080a0c0e10121416181a1c1ed:00:00:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:004080c1014181c2024282c3034383da:80:00:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:008101820283038404850586068707b4:80:00:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f68:80:80:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:020406080a0c0e10121416181a1c1ed1:80:00:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:04080c1014181c2024282c3034383da2:00:80:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:08101820283038404850586068707b45:00:80:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:102030405060708090a0b0c0d0e0f68b:00:00:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:20406080a0c0e10121416181a1c1ed16:00:00:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:4080c1014181c2024282c3034383da2c:00:80:1 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:8101820283038404850586068707b459:80:80:1 -# all of the above packed into one... -# in: 0110 1011 1100 0001 = 6bc1 -# out: 0110 1000 1011 0011 = 68b3 -AES-128-CFB1*8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1:68b3:1 - -# CFB1-AES128.Decrypt -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:00:00:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00020406080a0c0e10121416181a1c1e:80:80:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0004080c1014181c2024282c3034383d:80:80:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0008101820283038404850586068707b:00:00:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00102030405060708090a0b0c0d0e0f6:80:80:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0020406080a0c0e10121416181a1c1ed:00:00:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:004080c1014181c2024282c3034383da:80:00:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:008101820283038404850586068707b4:80:00:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f68:80:80:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:020406080a0c0e10121416181a1c1ed1:80:00:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:04080c1014181c2024282c3034383da2:00:80:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:08101820283038404850586068707b45:00:80:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:102030405060708090a0b0c0d0e0f68b:00:00:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:20406080a0c0e10121416181a1c1ed16:00:00:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:4080c1014181c2024282c3034383da2c:00:80:0 -AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:8101820283038404850586068707b459:80:80:0 -# all of the above packed into one... -# in: 0110 1000 1011 0011 = 68b3 -# out: 0110 1011 1100 0001 = 6bc1 -AES-128-CFB1*8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1:68b3:0 - -# TODO: CFB1-AES192 and 256 - -# CFB8-AES128.Encrypt - -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6b:3b:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f3b:c1:79:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:02030405060708090a0b0c0d0e0f3b79:be:42:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:030405060708090a0b0c0d0e0f3b7942:e2:4c:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0405060708090a0b0c0d0e0f3b79424c:2e:9c:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:05060708090a0b0c0d0e0f3b79424c9c:40:0d:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:060708090a0b0c0d0e0f3b79424c9c0d:9f:d4:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0708090a0b0c0d0e0f3b79424c9c0dd4:96:36:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:08090a0b0c0d0e0f3b79424c9c0dd436:e9:ba:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:090a0b0c0d0e0f3b79424c9c0dd436ba:3d:ce:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0a0b0c0d0e0f3b79424c9c0dd436bace:7e:9e:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0b0c0d0e0f3b79424c9c0dd436bace9e:11:0e:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0c0d0e0f3b79424c9c0dd436bace9e0e:73:d4:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0d0e0f3b79424c9c0dd436bace9e0ed4:93:58:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0e0f3b79424c9c0dd436bace9e0ed458:17:6a:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0f3b79424c9c0dd436bace9e0ed4586a:2a:4f:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:3b79424c9c0dd436bace9e0ed4586a4f:ae:32:1 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:79424c9c0dd436bace9e0ed4586a4f32:2d:b9:1 -# all of the above packed into one -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1bee22e409f96e93d7e117393172aae2d:3b79424c9c0dd436bace9e0ed4586a4f32b9:1 - -# CFB8-AES128.Decrypt - -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6b:3b:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f3b:c1:79:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:02030405060708090a0b0c0d0e0f3b79:be:42:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:030405060708090a0b0c0d0e0f3b7942:e2:4c:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0405060708090a0b0c0d0e0f3b79424c:2e:9c:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:05060708090a0b0c0d0e0f3b79424c9c:40:0d:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:060708090a0b0c0d0e0f3b79424c9c0d:9f:d4:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0708090a0b0c0d0e0f3b79424c9c0dd4:96:36:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:08090a0b0c0d0e0f3b79424c9c0dd436:e9:ba:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:090a0b0c0d0e0f3b79424c9c0dd436ba:3d:ce:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0a0b0c0d0e0f3b79424c9c0dd436bace:7e:9e:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0b0c0d0e0f3b79424c9c0dd436bace9e:11:0e:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0c0d0e0f3b79424c9c0dd436bace9e0e:73:d4:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0d0e0f3b79424c9c0dd436bace9e0ed4:93:58:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0e0f3b79424c9c0dd436bace9e0ed458:17:6a:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0f3b79424c9c0dd436bace9e0ed4586a:2a:4f:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:3b79424c9c0dd436bace9e0ed4586a4f:ae:32:0 -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:79424c9c0dd436bace9e0ed4586a4f32:2d:b9:0 -# all of the above packed into one -AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1bee22e409f96e93d7e117393172aae2d:3b79424c9c0dd436bace9e0ed4586a4f32b9:0 - -# TODO: 192 and 256 bit keys - +# We don't support CFB{1,8}-AESxxx.{En,De}crypt # For all CFB128 encrypts and decrypts, the transformed sequence is # AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec # CFB128-AES128.Encrypt @@ -269,16 +174,6 @@ DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363 # DES EDE3 CBC tests (from destest) DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 -# DES CFB1 from FIPS 81 -# plaintext: 0100 1110 0110 1111 0111 0111 = 4e6f77 -# ciphertext: 1100 1101 0001 1110 1100 1001 = cd1ec9 - -DES-CFB1*8:0123456789abcdef:1234567890abcdef:4e6f77:cd1ec9 - -# DES CFB8 from FIPS 81 - -DES-CFB8:0123456789abcdef:1234567890abcdef:4e6f7720697320746865:f31fda07011462ee187f - # RC4 tests (from rc4test) RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596 RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879 @@ -286,3 +181,141 @@ RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858 RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61 + + +# Camellia tests from RFC3713 +# For all ECB encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec +CAMELLIA-128-ECB:0123456789abcdeffedcba9876543210::0123456789abcdeffedcba9876543210:67673138549669730857065648eabe43 +CAMELLIA-192-ECB:0123456789abcdeffedcba98765432100011223344556677::0123456789abcdeffedcba9876543210:b4993401b3e996f84ee5cee7d79b09b9 +CAMELLIA-256-ECB:0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff::0123456789abcdeffedcba9876543210:9acc237dff16d76c20ef7c919e3a7509 + +# ECB-CAMELLIA128.Encrypt +CAMELLIA-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:77CF412067AF8270613529149919546F:1 +CAMELLIA-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:B22F3C36B72D31329EEE8ADDC2906C68:1 +CAMELLIA-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:2EDF1F3418D53B88841FC8985FB1ECF2:1 + +# ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt +CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:432FC5DCD628115B7C388D770B270C96 +CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:0BE1F14023782A22E8384C5ABB7FAB2B +CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:A0A1ABCD1893AB6FE0FE5B65DF5F8636 +CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:E61925E0D5DFAA9BB29F815B3076E51A + +# ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt +CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:CCCC6C4E138B45848514D48D0D3439D3 +CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:5713C62C14B2EC0F8393B6AFD6F5785A +CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:B40ED2B60EB54D09D030CF511FEEF366 +CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:909DBD95799096748CB27357E73E1D26 + +# ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt +CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:BEFD219B112FA00098919CD101C9CCFA +CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:C91D3A8F1AEA08A9386CF4B66C0169EA +CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:A623D711DC5F25A51BB8A80D56397D28 +CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:7960109FB6DC42947FCFE59EA3C5EB6B + +# For all CBC encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec +# CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt +CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:1607CF494B36BBF00DAEB0B503C831AB +CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:1607CF494B36BBF00DAEB0B503C831AB:AE2D8A571E03AC9C9EB76FAC45AF8E51:A2F2CF671629EF7840C5A5DFB5074887 +CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:A2F2CF671629EF7840C5A5DFB5074887:30C81C46A35CE411E5FBC1191A0A52EF:0F06165008CF8B8B5A63586362543E54 +CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:36A84CDAFD5F9A85ADA0F0A993D6D577:F69F2445DF4F9B17AD2B417BE66C3710:74C64268CDB8B8FAF5B34E8AF3732980 + +# CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt +CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:2A4830AB5AC4A1A2405955FD2195CF93 +CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2A4830AB5AC4A1A2405955FD2195CF93:AE2D8A571E03AC9C9EB76FAC45AF8E51:5D5A869BD14CE54264F892A6DD2EC3D5 +CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:5D5A869BD14CE54264F892A6DD2EC3D5:30C81C46A35CE411E5FBC1191A0A52EF:37D359C3349836D884E310ADDF68C449 +CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:37D359C3349836D884E310ADDF68C449:F69F2445DF4F9B17AD2B417BE66C3710:01FAAA930B4AB9916E9668E1428C6B08 + +# CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt +CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:E6CFA35FC02B134A4D2C0B6737AC3EDA +CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E6CFA35FC02B134A4D2C0B6737AC3EDA:AE2D8A571E03AC9C9EB76FAC45AF8E51:36CBEB73BD504B4070B1B7DE2B21EB50 +CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:36CBEB73BD504B4070B1B7DE2B21EB50:30C81C46A35CE411E5FBC1191A0A52EF:E31A6055297D96CA3330CDF1B1860A83 +CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E31A6055297D96CA3330CDF1B1860A83:F69F2445DF4F9B17AD2B417BE66C3710:5D563F6D1CCCF236051C0C5C1C58F28F + +# We don't support CFB{1,8}-CAMELLIAxxx.{En,De}crypt +# For all CFB128 encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec +# CFB128-CAMELLIA128.Encrypt +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1 +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:1 +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:1 +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:1 + +# CFB128-CAMELLIA128.Decrypt +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0 +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:0 +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:0 +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:0 + +# CFB128-CAMELLIA192.Encrypt +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1 +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:1 +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:1 +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:1 + +# CFB128-CAMELLIA192.Decrypt +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0 +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:0 +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:0 +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:0 + +# CFB128-CAMELLIA256.Encrypt +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1 +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:1 +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:1 +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:1 + +# CFB128-CAMELLIA256.Decrypt +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0 +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:0 +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:0 +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:0 + +# For all OFB encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec +# OFB-CAMELLIA128.Encrypt +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1 +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:1 +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:1 +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:1 + +# OFB-CAMELLIA128.Decrypt +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0 +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:0 +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:0 +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:0 + +# OFB-CAMELLIA192.Encrypt +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1 +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:1 +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:1 +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:1 + +# OFB-CAMELLIA192.Decrypt +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0 +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:0 +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:0 +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:0 + +# OFB-CAMELLIA256.Encrypt +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1 +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:1 +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:1 +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:1 + +# OFB-CAMELLIA256.Decrypt +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0 +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:0 +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:0 +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:0 + +# SEED test vectors from RFC4269 +SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:0 +SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:0 +SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:0 +SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:0 +SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:1 +SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1 +SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1 +SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:1 diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c index d393eb3400..a948c77fa4 100644 --- a/src/lib/libcrypto/evp/m_dss.c +++ b/src/lib/libcrypto/evp/m_dss.c @@ -61,12 +61,16 @@ #include #include #include +#ifndef OPENSSL_NO_DSA +#include +#endif #ifndef OPENSSL_NO_SHA + static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return SHA1_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) @@ -77,7 +81,7 @@ static const EVP_MD dsa_md= NID_dsaWithSHA, NID_dsaWithSHA, SHA_DIGEST_LENGTH, - EVP_MD_FLAG_FIPS, + 0, init, update, final, diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c index 23b90d0538..c12e13972b 100644 --- a/src/lib/libcrypto/evp/m_dss1.c +++ b/src/lib/libcrypto/evp/m_dss1.c @@ -56,25 +56,23 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SHA #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_SHA + #include #include #include +#ifndef OPENSSL_NO_DSA +#include +#endif static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) -#ifndef OPENSSL_FIPS +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return SHA1_Update(ctx->md_data,data,count); } -#else - { - OPENSSL_assert(sizeof(count)<=sizeof(size_t)); - return SHA1_Update(ctx->md_data,data,count); - } -#endif static int final(EVP_MD_CTX *ctx,unsigned char *md) { return SHA1_Final(md,ctx->md_data); } @@ -84,7 +82,7 @@ static const EVP_MD dss1_md= NID_dsa, NID_dsaWithSHA1, SHA_DIGEST_LENGTH, - EVP_MD_FLAG_FIPS, + 0, init, update, final, diff --git a/src/lib/libcrypto/evp/m_md2.c b/src/lib/libcrypto/evp/m_md2.c index 0df48e5199..5ce849f161 100644 --- a/src/lib/libcrypto/evp/m_md2.c +++ b/src/lib/libcrypto/evp/m_md2.c @@ -56,19 +56,23 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MD2 #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_MD2 + #include -#include "evp_locl.h" #include #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif static int init(EVP_MD_CTX *ctx) { return MD2_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return MD2_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/src/lib/libcrypto/evp/m_md4.c b/src/lib/libcrypto/evp/m_md4.c index 0605e4b707..1e0b7c5b42 100644 --- a/src/lib/libcrypto/evp/m_md4.c +++ b/src/lib/libcrypto/evp/m_md4.c @@ -56,19 +56,23 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MD4 #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_MD4 + #include -#include "evp_locl.h" #include #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif static int init(EVP_MD_CTX *ctx) { return MD4_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return MD4_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/src/lib/libcrypto/evp/m_md5.c b/src/lib/libcrypto/evp/m_md5.c index 752615d473..63c142119e 100644 --- a/src/lib/libcrypto/evp/m_md5.c +++ b/src/lib/libcrypto/evp/m_md5.c @@ -56,19 +56,23 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MD5 #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_MD5 + #include -#include "evp_locl.h" #include #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif static int init(EVP_MD_CTX *ctx) { return MD5_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return MD5_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/src/lib/libcrypto/evp/m_mdc2.c b/src/lib/libcrypto/evp/m_mdc2.c index 62de1336b8..36c4e9b134 100644 --- a/src/lib/libcrypto/evp/m_mdc2.c +++ b/src/lib/libcrypto/evp/m_mdc2.c @@ -56,19 +56,21 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MDC2 #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_MDC2 + #include -#include "evp_locl.h" #include #include #include +#include static int init(EVP_MD_CTX *ctx) { return MDC2_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return MDC2_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/src/lib/libcrypto/evp/m_null.c b/src/lib/libcrypto/evp/m_null.c index f6f0a1d2c0..cb0721699d 100644 --- a/src/lib/libcrypto/evp/m_null.c +++ b/src/lib/libcrypto/evp/m_null.c @@ -65,7 +65,7 @@ static int init(EVP_MD_CTX *ctx) { return 1; } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return 1; } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/src/lib/libcrypto/evp/m_ripemd.c b/src/lib/libcrypto/evp/m_ripemd.c index 64725528dc..a1d60ee78d 100644 --- a/src/lib/libcrypto/evp/m_ripemd.c +++ b/src/lib/libcrypto/evp/m_ripemd.c @@ -56,18 +56,23 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RIPEMD #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_RIPEMD + #include #include #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif static int init(EVP_MD_CTX *ctx) { return RIPEMD160_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return RIPEMD160_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/src/lib/libcrypto/evp/m_sha.c b/src/lib/libcrypto/evp/m_sha.c index ed54909b16..acccc8f92d 100644 --- a/src/lib/libcrypto/evp/m_sha.c +++ b/src/lib/libcrypto/evp/m_sha.c @@ -56,21 +56,22 @@ * [including the GNU Public Licence.] */ -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) #include #include "cryptlib.h" -/* Including sha.h prior evp.h masks FIPS SHA declarations, but that's - * exactly what we want to achieve here... */ -#include + +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) + #include -#include "evp_locl.h" #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif static int init(EVP_MD_CTX *ctx) { return SHA_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return SHA_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c index 60da93873c..4679b1c463 100644 --- a/src/lib/libcrypto/evp/m_sha1.c +++ b/src/lib/libcrypto/evp/m_sha1.c @@ -56,25 +56,23 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SHA #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_SHA + #include #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) -#ifndef OPENSSL_FIPS +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return SHA1_Update(ctx->md_data,data,count); } -#else - { - OPENSSL_assert(sizeof(count)<=sizeof(size_t)); - return SHA1_Update(ctx->md_data,data,count); - } -#endif static int final(EVP_MD_CTX *ctx,unsigned char *md) { return SHA1_Final(md,ctx->md_data); } @@ -84,7 +82,7 @@ static const EVP_MD sha1_md= NID_sha1, NID_sha1WithRSAEncryption, SHA_DIGEST_LENGTH, - EVP_MD_FLAG_FIPS, + 0, init, update, final, @@ -101,7 +99,6 @@ const EVP_MD *EVP_sha1(void) } #endif -#ifdef OPENSSL_FIPS #ifndef OPENSSL_NO_SHA256 static int init224(EVP_MD_CTX *ctx) { return SHA224_Init(ctx->md_data); } @@ -112,11 +109,8 @@ static int init256(EVP_MD_CTX *ctx) * SHA256 functions even in SHA224 context. This is what happens * there anyway, so we can spare few CPU cycles:-) */ -static int update256(EVP_MD_CTX *ctx,const void *data,unsigned long count) - { - OPENSSL_assert(sizeof(count)<=sizeof(size_t)); - return SHA256_Update(ctx->md_data,data,count); - } +static int update256(EVP_MD_CTX *ctx,const void *data,size_t count) + { return SHA256_Update(ctx->md_data,data,count); } static int final256(EVP_MD_CTX *ctx,unsigned char *md) { return SHA256_Final(md,ctx->md_data); } @@ -125,7 +119,7 @@ static const EVP_MD sha224_md= NID_sha224, NID_sha224WithRSAEncryption, SHA224_DIGEST_LENGTH, - EVP_MD_FLAG_FIPS, + 0, init224, update256, final256, @@ -144,7 +138,7 @@ static const EVP_MD sha256_md= NID_sha256, NID_sha256WithRSAEncryption, SHA256_DIGEST_LENGTH, - EVP_MD_FLAG_FIPS, + 0, init256, update256, final256, @@ -157,7 +151,7 @@ static const EVP_MD sha256_md= const EVP_MD *EVP_sha256(void) { return(&sha256_md); } -#endif /* ifndef OPENSSL_NO_SHA256 */ +#endif /* ifndef OPENSSL_NO_SHA256 */ #ifndef OPENSSL_NO_SHA512 static int init384(EVP_MD_CTX *ctx) @@ -165,11 +159,8 @@ static int init384(EVP_MD_CTX *ctx) static int init512(EVP_MD_CTX *ctx) { return SHA512_Init(ctx->md_data); } /* See comment in SHA224/256 section */ -static int update512(EVP_MD_CTX *ctx,const void *data,unsigned long count) - { - OPENSSL_assert(sizeof(count)<=sizeof(size_t)); - return SHA512_Update(ctx->md_data,data,count); - } +static int update512(EVP_MD_CTX *ctx,const void *data,size_t count) + { return SHA512_Update(ctx->md_data,data,count); } static int final512(EVP_MD_CTX *ctx,unsigned char *md) { return SHA512_Final(md,ctx->md_data); } @@ -178,7 +169,7 @@ static const EVP_MD sha384_md= NID_sha384, NID_sha384WithRSAEncryption, SHA384_DIGEST_LENGTH, - EVP_MD_FLAG_FIPS, + 0, init384, update512, final512, @@ -197,7 +188,7 @@ static const EVP_MD sha512_md= NID_sha512, NID_sha512WithRSAEncryption, SHA512_DIGEST_LENGTH, - EVP_MD_FLAG_FIPS, + 0, init512, update512, final512, @@ -210,5 +201,4 @@ static const EVP_MD sha512_md= const EVP_MD *EVP_sha512(void) { return(&sha512_md); } -#endif /* ifndef OPENSSL_NO_SHA512 */ -#endif /* ifdef OPENSSL_FIPS */ +#endif /* ifndef OPENSSL_NO_SHA512 */ diff --git a/src/lib/libcrypto/evp/names.c b/src/lib/libcrypto/evp/names.c index 7712453046..88c1e780dd 100644 --- a/src/lib/libcrypto/evp/names.c +++ b/src/lib/libcrypto/evp/names.c @@ -61,17 +61,14 @@ #include #include #include -#ifdef OPENSSL_FIPS -#include -#endif int EVP_add_cipher(const EVP_CIPHER *c) { int r; - r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c); + r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); if (r == 0) return(0); - r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c); + r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); return(r); } @@ -81,9 +78,9 @@ int EVP_add_digest(const EVP_MD *md) const char *name; name=OBJ_nid2sn(md->type); - r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(char *)md); + r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); if (r == 0) return(0); - r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(char *)md); + r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md); if (r == 0) return(0); if (md->type != md->pkey_type) diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c index a1874e83b2..48d50014a0 100644 --- a/src/lib/libcrypto/evp/p5_crpt.c +++ b/src/lib/libcrypto/evp/p5_crpt.c @@ -110,12 +110,18 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, int i; PBEPARAM *pbe; int saltlen, iter; - unsigned char *salt, *pbuf; + unsigned char *salt; + const unsigned char *pbuf; /* Extract useful info from parameter */ + if (param == NULL || param->type != V_ASN1_SEQUENCE || + param->value.sequence == NULL) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); + return 0; + } + pbuf = param->value.sequence->data; - if (!param || (param->type != V_ASN1_SEQUENCE) || - !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) { + if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); return 0; } @@ -140,7 +146,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, EVP_DigestFinal_ex (&ctx, md_tmp, NULL); } EVP_MD_CTX_cleanup(&ctx); - OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp); + OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c index 1d5fabc4b2..c969d5a206 100644 --- a/src/lib/libcrypto/evp/p5_crpt2.c +++ b/src/lib/libcrypto/evp/p5_crpt2.c @@ -55,10 +55,10 @@ * Hudson (tjh@cryptsoft.com). * */ -#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) #include #include #include "cryptlib.h" +#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) #include #include #include @@ -77,7 +77,7 @@ */ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, + const unsigned char *salt, int saltlen, int iter, int keylen, unsigned char *out) { unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; @@ -148,16 +148,23 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) { - unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH]; - int saltlen, keylen, iter, plen; + unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; + const unsigned char *pbuf; + int saltlen, iter, plen; + unsigned int keylen; PBE2PARAM *pbe2 = NULL; const EVP_CIPHER *cipher; PBKDF2PARAM *kdf = NULL; + if (param == NULL || param->type != V_ASN1_SEQUENCE || + param->value.sequence == NULL) { + EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); + return 0; + } + pbuf = param->value.sequence->data; plen = param->value.sequence->length; - if(!param || (param->type != V_ASN1_SEQUENCE) || - !(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { + if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); return 0; } @@ -213,7 +220,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, /* Now check the parameters of the kdf */ - if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != keylen)){ + if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_KEYLENGTH); goto err; diff --git a/src/lib/libcrypto/evp/p_dec.c b/src/lib/libcrypto/evp/p_dec.c index 8af620400e..f64901f653 100644 --- a/src/lib/libcrypto/evp/p_dec.c +++ b/src/lib/libcrypto/evp/p_dec.c @@ -66,7 +66,7 @@ #include #include -int EVP_PKEY_decrypt(unsigned char *key, unsigned char *ek, int ekl, +int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl, EVP_PKEY *priv) { int ret= -1; diff --git a/src/lib/libcrypto/evp/p_enc.c b/src/lib/libcrypto/evp/p_enc.c index 656883b996..c2dfdc52ad 100644 --- a/src/lib/libcrypto/evp/p_enc.c +++ b/src/lib/libcrypto/evp/p_enc.c @@ -66,7 +66,7 @@ #include #include -int EVP_PKEY_encrypt(unsigned char *ek, unsigned char *key, int key_len, +int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len, EVP_PKEY *pubk) { int ret=0; diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c index 215b94292a..22155ecf62 100644 --- a/src/lib/libcrypto/evp/p_lib.c +++ b/src/lib/libcrypto/evp/p_lib.c @@ -58,23 +58,59 @@ #include #include "cryptlib.h" +#include +#include #include #include #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif +#ifndef OPENSSL_NO_DH +#include +#endif static void EVP_PKEY_free_it(EVP_PKEY *x); int EVP_PKEY_bits(EVP_PKEY *pkey) { + if (0) + return 0; #ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA) + else if (pkey->type == EVP_PKEY_RSA) return(BN_num_bits(pkey->pkey.rsa->n)); - else #endif #ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) + else if (pkey->type == EVP_PKEY_DSA) return(BN_num_bits(pkey->pkey.dsa->p)); +#endif +#ifndef OPENSSL_NO_EC + else if (pkey->type == EVP_PKEY_EC) + { + BIGNUM *order = BN_new(); + const EC_GROUP *group; + int ret; + + if (!order) + { + ERR_clear_error(); + return 0; + } + group = EC_KEY_get0_group(pkey->pkey.ec); + if (!EC_GROUP_get_order(group, order, NULL)) + { + ERR_clear_error(); + return 0; + } + + ret = BN_num_bits(order); + BN_free(order); + return ret; + } #endif return(0); } @@ -92,6 +128,11 @@ int EVP_PKEY_size(EVP_PKEY *pkey) if (pkey->type == EVP_PKEY_DSA) return(DSA_size(pkey->pkey.dsa)); #endif +#ifndef OPENSSL_NO_ECDSA + if (pkey->type == EVP_PKEY_EC) + return(ECDSA_size(pkey->pkey.ec)); +#endif + return(0); } @@ -106,11 +147,21 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) pkey->save_parameters=mode; return(ret); } +#endif +#ifndef OPENSSL_NO_EC + if (pkey->type == EVP_PKEY_EC) + { + int ret = pkey->save_parameters; + + if (mode >= 0) + pkey->save_parameters = mode; + return(ret); + } #endif return(0); } -int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from) +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) { if (to->type != from->type) { @@ -140,13 +191,24 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from) if (to->pkey.dsa->g != NULL) BN_free(to->pkey.dsa->g); to->pkey.dsa->g=a; } +#endif +#ifndef OPENSSL_NO_EC + if (to->type == EVP_PKEY_EC) + { + EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec)); + if (group == NULL) + goto err; + if (EC_KEY_set_group(to->pkey.ec, group) == 0) + goto err; + EC_GROUP_free(group); + } #endif return(1); err: return(0); } -int EVP_PKEY_missing_parameters(EVP_PKEY *pkey) +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) { #ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) @@ -158,10 +220,18 @@ int EVP_PKEY_missing_parameters(EVP_PKEY *pkey) return(1); } #endif +#ifndef OPENSSL_NO_EC + if (pkey->type == EVP_PKEY_EC) + { + if (EC_KEY_get0_group(pkey->pkey.ec) == NULL) + return(1); + } +#endif + return(0); } -int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b) +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) { #ifndef OPENSSL_NO_DSA if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) @@ -173,10 +243,73 @@ int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b) else return(1); } +#endif +#ifndef OPENSSL_NO_EC + if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC) + { + const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), + *group_b = EC_KEY_get0_group(b->pkey.ec); + if (EC_GROUP_cmp(group_a, group_b, NULL)) + return 0; + else + return 1; + } #endif return(-1); } +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) + { + if (a->type != b->type) + return -1; + + if (EVP_PKEY_cmp_parameters(a, b) == 0) + return 0; + + switch (a->type) + { +#ifndef OPENSSL_NO_RSA + case EVP_PKEY_RSA: + if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0 + || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0) + return 0; + break; +#endif +#ifndef OPENSSL_NO_DSA + case EVP_PKEY_DSA: + if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0) + return 0; + break; +#endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + { + int r; + const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec); + const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), + *pb = EC_KEY_get0_public_key(b->pkey.ec); + r = EC_POINT_cmp(group, pa, pb, NULL); + if (r != 0) + { + if (r == 1) + return 0; + else + return -2; + } + } + break; +#endif +#ifndef OPENSSL_NO_DH + case EVP_PKEY_DH: + return -2; +#endif + default: + return -2; + } + + return 1; + } + EVP_PKEY *EVP_PKEY_new(void) { EVP_PKEY *ret; @@ -246,6 +379,29 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) } #endif +#ifndef OPENSSL_NO_EC + +int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) +{ + int ret = EVP_PKEY_assign_EC_KEY(pkey,key); + if (ret) + EC_KEY_up_ref(key); + return ret; +} + +EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_EC) + { + EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); + return NULL; + } + EC_KEY_up_ref(pkey->pkey.ec); + return pkey->pkey.ec; +} +#endif + + #ifndef OPENSSL_NO_DH int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) @@ -282,6 +438,8 @@ int EVP_PKEY_type(int type) return(EVP_PKEY_DSA); case EVP_PKEY_DH: return(EVP_PKEY_DH); + case EVP_PKEY_EC: + return(EVP_PKEY_EC); default: return(NID_undef); } @@ -306,6 +464,8 @@ void EVP_PKEY_free(EVP_PKEY *x) } #endif EVP_PKEY_free_it(x); + if (x->attributes) + sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); OPENSSL_free(x); } @@ -327,6 +487,11 @@ static void EVP_PKEY_free_it(EVP_PKEY *x) DSA_free(x->pkey.dsa); break; #endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + EC_KEY_free(x->pkey.ec); + break; +#endif #ifndef OPENSSL_NO_DH case EVP_PKEY_DH: DH_free(x->pkey.dh); diff --git a/src/lib/libcrypto/evp/p_open.c b/src/lib/libcrypto/evp/p_open.c index 5a933d1cda..9935206d0f 100644 --- a/src/lib/libcrypto/evp/p_open.c +++ b/src/lib/libcrypto/evp/p_open.c @@ -56,15 +56,19 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RSA #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_RSA + #include #include #include +#include -int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek, - int ekl, unsigned char *iv, EVP_PKEY *priv) +int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + const unsigned char *ek, int ekl, const unsigned char *iv, + EVP_PKEY *priv) { unsigned char *key=NULL; int i,size=0,ret=0; diff --git a/src/lib/libcrypto/evp/p_seal.c b/src/lib/libcrypto/evp/p_seal.c index 37e547fe72..8cc8fcb0bd 100644 --- a/src/lib/libcrypto/evp/p_seal.c +++ b/src/lib/libcrypto/evp/p_seal.c @@ -78,7 +78,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek } if ((npubk <= 0) || !pubk) return 1; - if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0) + if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) return 0; if (EVP_CIPHER_CTX_iv_length(ctx)) RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx)); diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c index d854d743a5..21a40a375e 100644 --- a/src/lib/libcrypto/evp/p_verify.c +++ b/src/lib/libcrypto/evp/p_verify.c @@ -62,7 +62,7 @@ #include #include -int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, +int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey) { unsigned char m[EVP_MAX_MD_SIZE]; -- cgit v1.2.3-55-g6feb