From ed3760bf4be4a96a89233fb8f8b84a0d44725862 Mon Sep 17 00:00:00 2001 From: cvs2svn Date: Sun, 2 Aug 2015 21:54:22 +0000 Subject: This commit was manufactured by cvs2git to create tag 'OPENBSD_5_8_BASE'. --- src/lib/libcrypto/evp/bio_b64.c | 567 ---------- src/lib/libcrypto/evp/bio_enc.c | 427 -------- src/lib/libcrypto/evp/bio_md.c | 277 ----- src/lib/libcrypto/evp/c_all.c | 299 ------ src/lib/libcrypto/evp/digest.c | 405 ------- src/lib/libcrypto/evp/e_aes.c | 1548 --------------------------- src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c | 601 ----------- src/lib/libcrypto/evp/e_bf.c | 91 -- src/lib/libcrypto/evp/e_camellia.c | 124 --- src/lib/libcrypto/evp/e_cast.c | 92 -- src/lib/libcrypto/evp/e_chacha.c | 69 -- src/lib/libcrypto/evp/e_chacha20poly1305.c | 231 ---- src/lib/libcrypto/evp/e_des.c | 231 ---- src/lib/libcrypto/evp/e_des3.c | 297 ----- src/lib/libcrypto/evp/e_gost2814789.c | 229 ---- src/lib/libcrypto/evp/e_idea.c | 124 --- src/lib/libcrypto/evp/e_null.c | 105 -- src/lib/libcrypto/evp/e_old.c | 159 --- src/lib/libcrypto/evp/e_rc2.c | 254 ----- src/lib/libcrypto/evp/e_rc4.c | 140 --- src/lib/libcrypto/evp/e_rc4_hmac_md5.c | 309 ------ src/lib/libcrypto/evp/e_xcbc_d.c | 137 --- src/lib/libcrypto/evp/encode.c | 417 -------- src/lib/libcrypto/evp/evp.h | 1495 -------------------------- src/lib/libcrypto/evp/evp_aead.c | 144 --- src/lib/libcrypto/evp/evp_enc.c | 668 ------------ src/lib/libcrypto/evp/evp_err.c | 261 ----- src/lib/libcrypto/evp/evp_key.c | 206 ---- src/lib/libcrypto/evp/evp_lib.c | 348 ------ src/lib/libcrypto/evp/evp_locl.h | 366 ------- src/lib/libcrypto/evp/evp_pbe.c | 295 ----- src/lib/libcrypto/evp/evp_pkey.c | 240 ----- src/lib/libcrypto/evp/m_dss.c | 117 -- src/lib/libcrypto/evp/m_dss1.c | 117 -- src/lib/libcrypto/evp/m_ecdsa.c | 166 --- src/lib/libcrypto/evp/m_gost2814789.c | 110 -- src/lib/libcrypto/evp/m_gostr341194.c | 97 -- src/lib/libcrypto/evp/m_md4.c | 118 -- src/lib/libcrypto/evp/m_md5.c | 118 -- src/lib/libcrypto/evp/m_null.c | 106 -- src/lib/libcrypto/evp/m_ripemd.c | 118 -- src/lib/libcrypto/evp/m_sha1.c | 281 ----- src/lib/libcrypto/evp/m_sigver.c | 193 ---- src/lib/libcrypto/evp/m_streebog.c | 131 --- src/lib/libcrypto/evp/m_wp.c | 56 - src/lib/libcrypto/evp/names.c | 228 ---- src/lib/libcrypto/evp/p5_crpt.c | 158 --- src/lib/libcrypto/evp/p5_crpt2.c | 308 ------ src/lib/libcrypto/evp/p_dec.c | 92 -- src/lib/libcrypto/evp/p_enc.c | 89 -- src/lib/libcrypto/evp/p_lib.c | 483 --------- src/lib/libcrypto/evp/p_open.c | 127 --- src/lib/libcrypto/evp/p_seal.c | 124 --- src/lib/libcrypto/evp/p_sign.c | 123 --- src/lib/libcrypto/evp/p_verify.c | 119 -- src/lib/libcrypto/evp/pmeth_fn.c | 362 ------- src/lib/libcrypto/evp/pmeth_gn.c | 227 ---- src/lib/libcrypto/evp/pmeth_lib.c | 618 ----------- 58 files changed, 15942 deletions(-) delete mode 100644 src/lib/libcrypto/evp/bio_b64.c delete mode 100644 src/lib/libcrypto/evp/bio_enc.c delete mode 100644 src/lib/libcrypto/evp/bio_md.c delete mode 100644 src/lib/libcrypto/evp/c_all.c delete mode 100644 src/lib/libcrypto/evp/digest.c delete mode 100644 src/lib/libcrypto/evp/e_aes.c delete mode 100644 src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c delete mode 100644 src/lib/libcrypto/evp/e_bf.c delete mode 100644 src/lib/libcrypto/evp/e_camellia.c delete mode 100644 src/lib/libcrypto/evp/e_cast.c delete mode 100644 src/lib/libcrypto/evp/e_chacha.c delete mode 100644 src/lib/libcrypto/evp/e_chacha20poly1305.c delete mode 100644 src/lib/libcrypto/evp/e_des.c delete mode 100644 src/lib/libcrypto/evp/e_des3.c delete mode 100644 src/lib/libcrypto/evp/e_gost2814789.c delete mode 100644 src/lib/libcrypto/evp/e_idea.c delete mode 100644 src/lib/libcrypto/evp/e_null.c delete mode 100644 src/lib/libcrypto/evp/e_old.c delete mode 100644 src/lib/libcrypto/evp/e_rc2.c delete mode 100644 src/lib/libcrypto/evp/e_rc4.c delete mode 100644 src/lib/libcrypto/evp/e_rc4_hmac_md5.c delete mode 100644 src/lib/libcrypto/evp/e_xcbc_d.c delete mode 100644 src/lib/libcrypto/evp/encode.c delete mode 100644 src/lib/libcrypto/evp/evp.h delete mode 100644 src/lib/libcrypto/evp/evp_aead.c delete mode 100644 src/lib/libcrypto/evp/evp_enc.c delete mode 100644 src/lib/libcrypto/evp/evp_err.c delete mode 100644 src/lib/libcrypto/evp/evp_key.c delete mode 100644 src/lib/libcrypto/evp/evp_lib.c delete mode 100644 src/lib/libcrypto/evp/evp_locl.h delete mode 100644 src/lib/libcrypto/evp/evp_pbe.c delete mode 100644 src/lib/libcrypto/evp/evp_pkey.c delete mode 100644 src/lib/libcrypto/evp/m_dss.c delete mode 100644 src/lib/libcrypto/evp/m_dss1.c delete mode 100644 src/lib/libcrypto/evp/m_ecdsa.c delete mode 100644 src/lib/libcrypto/evp/m_gost2814789.c delete mode 100644 src/lib/libcrypto/evp/m_gostr341194.c delete mode 100644 src/lib/libcrypto/evp/m_md4.c delete mode 100644 src/lib/libcrypto/evp/m_md5.c delete mode 100644 src/lib/libcrypto/evp/m_null.c delete mode 100644 src/lib/libcrypto/evp/m_ripemd.c delete mode 100644 src/lib/libcrypto/evp/m_sha1.c delete mode 100644 src/lib/libcrypto/evp/m_sigver.c delete mode 100644 src/lib/libcrypto/evp/m_streebog.c delete mode 100644 src/lib/libcrypto/evp/m_wp.c delete mode 100644 src/lib/libcrypto/evp/names.c delete mode 100644 src/lib/libcrypto/evp/p5_crpt.c delete mode 100644 src/lib/libcrypto/evp/p5_crpt2.c delete mode 100644 src/lib/libcrypto/evp/p_dec.c delete mode 100644 src/lib/libcrypto/evp/p_enc.c delete mode 100644 src/lib/libcrypto/evp/p_lib.c delete mode 100644 src/lib/libcrypto/evp/p_open.c delete mode 100644 src/lib/libcrypto/evp/p_seal.c delete mode 100644 src/lib/libcrypto/evp/p_sign.c delete mode 100644 src/lib/libcrypto/evp/p_verify.c delete mode 100644 src/lib/libcrypto/evp/pmeth_fn.c delete mode 100644 src/lib/libcrypto/evp/pmeth_gn.c delete mode 100644 src/lib/libcrypto/evp/pmeth_lib.c (limited to 'src/lib/libcrypto/evp') diff --git a/src/lib/libcrypto/evp/bio_b64.c b/src/lib/libcrypto/evp/bio_b64.c deleted file mode 100644 index b54e8793ec..0000000000 --- a/src/lib/libcrypto/evp/bio_b64.c +++ /dev/null @@ -1,567 +0,0 @@ -/* $OpenBSD: bio_b64.c,v 1.20 2015/02/07 13:19:15 doug Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#include -#include - -static int b64_write(BIO *h, const char *buf, int num); -static int b64_read(BIO *h, char *buf, int size); -static int b64_puts(BIO *h, const char *str); -/*static int b64_gets(BIO *h, char *str, int size); */ -static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int b64_new(BIO *h); -static int b64_free(BIO *data); -static long b64_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); -#define B64_BLOCK_SIZE 1024 -#define B64_BLOCK_SIZE2 768 -#define B64_NONE 0 -#define B64_ENCODE 1 -#define B64_DECODE 2 - -typedef struct b64_struct { - /*BIO *bio; moved to the BIO structure */ - int buf_len; - int buf_off; - int tmp_len; /* used to find the start when decoding */ - int tmp_nl; /* If true, scan until '\n' */ - int encode; - int start; /* have we started decoding yet? */ - int cont; /* <= 0 when finished */ - EVP_ENCODE_CTX base64; - char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE) + 10]; - char tmp[B64_BLOCK_SIZE]; -} BIO_B64_CTX; - -static BIO_METHOD methods_b64 = { - .type = BIO_TYPE_BASE64, - .name = "base64 encoding", - .bwrite = b64_write, - .bread = b64_read, - .bputs = b64_puts, - .ctrl = b64_ctrl, - .create = b64_new, - .destroy = b64_free, - .callback_ctrl = b64_callback_ctrl -}; - -BIO_METHOD * -BIO_f_base64(void) -{ - return (&methods_b64); -} - -static int -b64_new(BIO *bi) -{ - BIO_B64_CTX *ctx; - - ctx = malloc(sizeof(BIO_B64_CTX)); - if (ctx == NULL) - return (0); - - ctx->buf_len = 0; - ctx->tmp_len = 0; - ctx->tmp_nl = 0; - ctx->buf_off = 0; - ctx->cont = 1; - ctx->start = 1; - ctx->encode = 0; - - bi->init = 1; - bi->ptr = (char *)ctx; - bi->flags = 0; - bi->num = 0; - return (1); -} - -static int -b64_free(BIO *a) -{ - if (a == NULL) - return (0); - free(a->ptr); - a->ptr = NULL; - a->init = 0; - a->flags = 0; - return (1); -} - -static int -b64_read(BIO *b, char *out, int outl) -{ - int ret = 0, i, ii, j, k, x, n, num, ret_code = 0; - BIO_B64_CTX *ctx; - unsigned char *p, *q; - - if (out == NULL) - return (0); - ctx = (BIO_B64_CTX *)b->ptr; - - if ((ctx == NULL) || (b->next_bio == NULL)) - return (0); - - BIO_clear_retry_flags(b); - - if (ctx->encode != B64_DECODE) { - ctx->encode = B64_DECODE; - ctx->buf_len = 0; - ctx->buf_off = 0; - ctx->tmp_len = 0; - EVP_DecodeInit(&(ctx->base64)); - } - - /* First check if there are bytes decoded/encoded */ - if (ctx->buf_len > 0) { - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - i = ctx->buf_len - ctx->buf_off; - if (i > outl) - i = outl; - OPENSSL_assert(ctx->buf_off + i < (int)sizeof(ctx->buf)); - memcpy(out, &(ctx->buf[ctx->buf_off]), i); - ret = i; - out += i; - outl -= i; - ctx->buf_off += i; - if (ctx->buf_len == ctx->buf_off) { - ctx->buf_len = 0; - ctx->buf_off = 0; - } - } - - /* At this point, we have room of outl bytes and an empty - * buffer, so we should read in some more. */ - - ret_code = 0; - while (outl > 0) { - if (ctx->cont <= 0) - break; - - i = BIO_read(b->next_bio, &(ctx->tmp[ctx->tmp_len]), - B64_BLOCK_SIZE - ctx->tmp_len); - - if (i <= 0) { - ret_code = i; - - /* Should we continue next time we are called? */ - if (!BIO_should_retry(b->next_bio)) { - ctx->cont = i; - /* If buffer empty break */ - if (ctx->tmp_len == 0) - break; - /* Fall through and process what we have */ - else - i = 0; - } - /* else we retry and add more data to buffer */ - else - break; - } - i += ctx->tmp_len; - ctx->tmp_len = i; - - /* We need to scan, a line at a time until we - * have a valid line if we are starting. */ - if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)) { - /* ctx->start=1; */ - ctx->tmp_len = 0; - } else if (ctx->start) { - q = p =(unsigned char *)ctx->tmp; - num = 0; - for (j = 0; j < i; j++) { - if (*(q++) != '\n') - continue; - - /* due to a previous very long line, - * we need to keep on scanning for a '\n' - * before we even start looking for - * base64 encoded stuff. */ - if (ctx->tmp_nl) { - p = q; - ctx->tmp_nl = 0; - continue; - } - - k = EVP_DecodeUpdate(&(ctx->base64), - (unsigned char *)ctx->buf, - &num, p, q - p); - if ((k <= 0) && (num == 0) && (ctx->start)) - EVP_DecodeInit(&ctx->base64); - else { - if (p != (unsigned char *) - &(ctx->tmp[0])) { - i -= (p - (unsigned char *) - &(ctx->tmp[0])); - for (x = 0; x < i; x++) - ctx->tmp[x] = p[x]; - } - EVP_DecodeInit(&ctx->base64); - ctx->start = 0; - break; - } - p = q; - } - - /* we fell off the end without starting */ - if ((j == i) && (num == 0)) { - /* Is this is one long chunk?, if so, keep on - * reading until a new line. */ - if (p == (unsigned char *)&(ctx->tmp[0])) { - /* Check buffer full */ - if (i == B64_BLOCK_SIZE) { - ctx->tmp_nl = 1; - ctx->tmp_len = 0; - } - } - else if (p != q) /* finished on a '\n' */ - { - n = q - p; - for (ii = 0; ii < n; ii++) - ctx->tmp[ii] = p[ii]; - ctx->tmp_len = n; - } - /* else finished on a '\n' */ - continue; - } else { - ctx->tmp_len = 0; - } - } else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) { - /* If buffer isn't full and we can retry then - * restart to read in more data. - */ - continue; - } - - if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { - int z, jj; - - jj = i & ~3; /* process per 4 */ - z = EVP_DecodeBlock((unsigned char *)ctx->buf, - (unsigned char *)ctx->tmp, jj); - if (jj > 2) { - if (ctx->tmp[jj-1] == '=') { - z--; - if (ctx->tmp[jj-2] == '=') - z--; - } - } - /* z is now number of output bytes and jj is the - * number consumed */ - if (jj != i) { - memmove(ctx->tmp, &ctx->tmp[jj], i - jj); - ctx->tmp_len = i - jj; - } - ctx->buf_len = 0; - if (z > 0) { - ctx->buf_len = z; - } - i = z; - } else { - i = EVP_DecodeUpdate(&(ctx->base64), - (unsigned char *)ctx->buf, &ctx->buf_len, - (unsigned char *)ctx->tmp, i); - ctx->tmp_len = 0; - } - ctx->buf_off = 0; - if (i < 0) { - ret_code = 0; - ctx->buf_len = 0; - break; - } - - if (ctx->buf_len <= outl) - i = ctx->buf_len; - else - i = outl; - - memcpy(out, ctx->buf, i); - ret += i; - ctx->buf_off = i; - if (ctx->buf_off == ctx->buf_len) { - ctx->buf_len = 0; - ctx->buf_off = 0; - } - outl -= i; - out += i; - } - /* BIO_clear_retry_flags(b); */ - BIO_copy_next_retry(b); - return ((ret == 0) ? ret_code : ret); -} - -static int -b64_write(BIO *b, const char *in, int inl) -{ - int ret = 0; - int n; - int i; - BIO_B64_CTX *ctx; - - ctx = (BIO_B64_CTX *)b->ptr; - BIO_clear_retry_flags(b); - - if (ctx->encode != B64_ENCODE) { - ctx->encode = B64_ENCODE; - ctx->buf_len = 0; - ctx->buf_off = 0; - ctx->tmp_len = 0; - EVP_EncodeInit(&(ctx->base64)); - } - - OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - n = ctx->buf_len - ctx->buf_off; - while (n > 0) { - i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); - if (i <= 0) { - BIO_copy_next_retry(b); - return (i); - } - OPENSSL_assert(i <= n); - ctx->buf_off += i; - OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - n -= i; - } - /* at this point all pending data has been written */ - ctx->buf_off = 0; - ctx->buf_len = 0; - - if ((in == NULL) || (inl <= 0)) - return (0); - - while (inl > 0) { - n = (inl > B64_BLOCK_SIZE) ? B64_BLOCK_SIZE : inl; - - if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { - if (ctx->tmp_len > 0) { - OPENSSL_assert(ctx->tmp_len <= 3); - n = 3 - ctx->tmp_len; - /* There's a theoretical possibility for this */ - if (n > inl) - n = inl; - memcpy(&(ctx->tmp[ctx->tmp_len]), in, n); - ctx->tmp_len += n; - ret += n; - if (ctx->tmp_len < 3) - break; - ctx->buf_len = EVP_EncodeBlock( - (unsigned char *)ctx->buf, - (unsigned char *)ctx->tmp, ctx->tmp_len); - OPENSSL_assert(ctx->buf_len <= - (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - /* Since we're now done using the temporary - buffer, the length should be 0'd */ - ctx->tmp_len = 0; - } else { - if (n < 3) { - memcpy(ctx->tmp, in, n); - ctx->tmp_len = n; - ret += n; - break; - } - n -= n % 3; - ctx->buf_len = EVP_EncodeBlock( - (unsigned char *)ctx->buf, - (const unsigned char *)in, n); - OPENSSL_assert(ctx->buf_len <= - (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - ret += n; - } - } else { - EVP_EncodeUpdate(&(ctx->base64), - (unsigned char *)ctx->buf, &ctx->buf_len, - (unsigned char *)in, n); - OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - ret += n; - } - inl -= n; - in += n; - - ctx->buf_off = 0; - n = ctx->buf_len; - while (n > 0) { - i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); - if (i <= 0) { - BIO_copy_next_retry(b); - return ((ret == 0) ? i : ret); - } - OPENSSL_assert(i <= n); - n -= i; - ctx->buf_off += i; - OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - } - ctx->buf_len = 0; - ctx->buf_off = 0; - } - return (ret); -} - -static long -b64_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - BIO_B64_CTX *ctx; - long ret = 1; - int i; - - ctx = (BIO_B64_CTX *)b->ptr; - - switch (cmd) { - case BIO_CTRL_RESET: - ctx->cont = 1; - ctx->start = 1; - ctx->encode = B64_NONE; - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_EOF: /* More to read */ - if (ctx->cont <= 0) - ret = 1; - else - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_WPENDING: /* More to write in buffer */ - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - ret = ctx->buf_len - ctx->buf_off; - if ((ret == 0) && (ctx->encode != B64_NONE) && - (ctx->base64.num != 0)) - ret = 1; - else if (ret <= 0) - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_PENDING: /* More to read in buffer */ - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - ret = ctx->buf_len - ctx->buf_off; - if (ret <= 0) - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_FLUSH: - /* do a final write */ -again: - while (ctx->buf_len != ctx->buf_off) { - i = b64_write(b, NULL, 0); - if (i < 0) - return i; - } - if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { - if (ctx->tmp_len != 0) { - ctx->buf_len = EVP_EncodeBlock( - (unsigned char *)ctx->buf, - (unsigned char *)ctx->tmp, - ctx->tmp_len); - ctx->buf_off = 0; - ctx->tmp_len = 0; - goto again; - } - } else if (ctx->encode != B64_NONE && ctx->base64.num != 0) { - ctx->buf_off = 0; - EVP_EncodeFinal(&(ctx->base64), - (unsigned char *)ctx->buf, - &(ctx->buf_len)); - /* push out the bytes */ - goto again; - } - /* Finally flush the underlying BIO */ - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - BIO_copy_next_retry(b); - break; - - case BIO_CTRL_DUP: - break; - case BIO_CTRL_INFO: - case BIO_CTRL_GET: - case BIO_CTRL_SET: - default: - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - } - return (ret); -} - -static long -b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) -{ - long ret = 1; - - if (b->next_bio == NULL) - return (0); - switch (cmd) { - default: - ret = BIO_callback_ctrl(b->next_bio, cmd, fp); - break; - } - return (ret); -} - -static int -b64_puts(BIO *b, const char *str) -{ - return b64_write(b, str, strlen(str)); -} diff --git a/src/lib/libcrypto/evp/bio_enc.c b/src/lib/libcrypto/evp/bio_enc.c deleted file mode 100644 index e367faa967..0000000000 --- a/src/lib/libcrypto/evp/bio_enc.c +++ /dev/null @@ -1,427 +0,0 @@ -/* $OpenBSD: bio_enc.c,v 1.18 2014/07/11 08:44:48 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#include -#include - -static int enc_write(BIO *h, const char *buf, int num); -static int enc_read(BIO *h, char *buf, int size); -/*static int enc_puts(BIO *h, const char *str); */ -/*static int enc_gets(BIO *h, char *str, int size); */ -static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int enc_new(BIO *h); -static int enc_free(BIO *data); -static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps); -#define ENC_BLOCK_SIZE (1024*4) -#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2) - -typedef struct enc_struct { - int buf_len; - int buf_off; - int cont; /* <= 0 when finished */ - int finished; - int ok; /* bad decrypt */ - EVP_CIPHER_CTX cipher; - /* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate - * can return up to a block more data than is presented to it - */ - char buf[ENC_BLOCK_SIZE + BUF_OFFSET + 2]; -} BIO_ENC_CTX; - -static BIO_METHOD methods_enc = { - .type = BIO_TYPE_CIPHER, - .name = "cipher", - .bwrite = enc_write, - .bread = enc_read, - .ctrl = enc_ctrl, - .create = enc_new, - .destroy = enc_free, - .callback_ctrl = enc_callback_ctrl -}; - -BIO_METHOD * -BIO_f_cipher(void) -{ - return (&methods_enc); -} - -static int -enc_new(BIO *bi) -{ - BIO_ENC_CTX *ctx; - - ctx = malloc(sizeof(BIO_ENC_CTX)); - if (ctx == NULL) - return (0); - EVP_CIPHER_CTX_init(&ctx->cipher); - - ctx->buf_len = 0; - ctx->buf_off = 0; - ctx->cont = 1; - ctx->finished = 0; - ctx->ok = 1; - - bi->init = 0; - bi->ptr = (char *)ctx; - bi->flags = 0; - return (1); -} - -static int -enc_free(BIO *a) -{ - BIO_ENC_CTX *b; - - if (a == NULL) - return (0); - b = (BIO_ENC_CTX *)a->ptr; - EVP_CIPHER_CTX_cleanup(&(b->cipher)); - OPENSSL_cleanse(a->ptr, sizeof(BIO_ENC_CTX)); - free(a->ptr); - a->ptr = NULL; - a->init = 0; - a->flags = 0; - return (1); -} - -static int -enc_read(BIO *b, char *out, int outl) -{ - int ret = 0, i; - BIO_ENC_CTX *ctx; - - if (out == NULL) - return (0); - ctx = (BIO_ENC_CTX *)b->ptr; - - if ((ctx == NULL) || (b->next_bio == NULL)) - return (0); - - /* First check if there are bytes decoded/encoded */ - if (ctx->buf_len > 0) { - i = ctx->buf_len - ctx->buf_off; - if (i > outl) - i = outl; - memcpy(out, &(ctx->buf[ctx->buf_off]), i); - ret = i; - out += i; - outl -= i; - ctx->buf_off += i; - if (ctx->buf_len == ctx->buf_off) { - ctx->buf_len = 0; - ctx->buf_off = 0; - } - } - - /* At this point, we have room of outl bytes and an empty - * buffer, so we should read in some more. */ - - while (outl > 0) { - if (ctx->cont <= 0) - break; - - /* read in at IV offset, read the EVP_Cipher - * documentation about why */ - i = BIO_read(b->next_bio, &(ctx->buf[BUF_OFFSET]), ENC_BLOCK_SIZE); - - if (i <= 0) { - /* Should be continue next time we are called? */ - if (!BIO_should_retry(b->next_bio)) { - ctx->cont = i; - i = EVP_CipherFinal_ex(&(ctx->cipher), - (unsigned char *)ctx->buf, - &(ctx->buf_len)); - ctx->ok = i; - ctx->buf_off = 0; - } else { - ret = (ret == 0) ? i : ret; - break; - } - } else { - EVP_CipherUpdate(&(ctx->cipher), - (unsigned char *)ctx->buf, &ctx->buf_len, - (unsigned char *)&(ctx->buf[BUF_OFFSET]), i); - ctx->cont = 1; - /* Note: it is possible for EVP_CipherUpdate to - * decrypt zero bytes because this is or looks like - * the final block: if this happens we should retry - * and either read more data or decrypt the final - * block - */ - if (ctx->buf_len == 0) - continue; - } - - if (ctx->buf_len <= outl) - i = ctx->buf_len; - else - i = outl; - if (i <= 0) - break; - memcpy(out, ctx->buf, i); - ret += i; - ctx->buf_off = i; - outl -= i; - out += i; - } - - BIO_clear_retry_flags(b); - BIO_copy_next_retry(b); - return ((ret == 0) ? ctx->cont : ret); -} - -static int -enc_write(BIO *b, const char *in, int inl) -{ - int ret = 0, n, i; - BIO_ENC_CTX *ctx; - - ctx = (BIO_ENC_CTX *)b->ptr; - ret = inl; - - BIO_clear_retry_flags(b); - n = ctx->buf_len - ctx->buf_off; - while (n > 0) { - i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); - if (i <= 0) { - BIO_copy_next_retry(b); - return (i); - } - ctx->buf_off += i; - n -= i; - } - /* at this point all pending data has been written */ - - if ((in == NULL) || (inl <= 0)) - return (0); - - ctx->buf_off = 0; - while (inl > 0) { - n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl; - EVP_CipherUpdate(&(ctx->cipher), - (unsigned char *)ctx->buf, &ctx->buf_len, - (unsigned char *)in, n); - inl -= n; - in += n; - - ctx->buf_off = 0; - n = ctx->buf_len; - while (n > 0) { - i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); - if (i <= 0) { - BIO_copy_next_retry(b); - return (ret == inl) ? i : ret - inl; - } - n -= i; - ctx->buf_off += i; - } - ctx->buf_len = 0; - ctx->buf_off = 0; - } - BIO_copy_next_retry(b); - return (ret); -} - -static long -enc_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - BIO *dbio; - BIO_ENC_CTX *ctx, *dctx; - long ret = 1; - int i; - EVP_CIPHER_CTX **c_ctx; - - ctx = (BIO_ENC_CTX *)b->ptr; - - switch (cmd) { - case BIO_CTRL_RESET: - ctx->ok = 1; - ctx->finished = 0; - EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL, - ctx->cipher.encrypt); - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_EOF: /* More to read */ - if (ctx->cont <= 0) - ret = 1; - else - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_WPENDING: - ret = ctx->buf_len - ctx->buf_off; - if (ret <= 0) - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_PENDING: /* More to read in buffer */ - ret = ctx->buf_len - ctx->buf_off; - if (ret <= 0) - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_FLUSH: - /* do a final write */ -again: - while (ctx->buf_len != ctx->buf_off) { - i = enc_write(b, NULL, 0); - if (i < 0) - return i; - } - - if (!ctx->finished) { - ctx->finished = 1; - ctx->buf_off = 0; - ret = EVP_CipherFinal_ex(&(ctx->cipher), - (unsigned char *)ctx->buf, - &(ctx->buf_len)); - ctx->ok = (int)ret; - if (ret <= 0) - break; - - /* push out the bytes */ - goto again; - } - - /* Finally flush the underlying BIO */ - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_C_GET_CIPHER_STATUS: - ret = (long)ctx->ok; - break; - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - BIO_copy_next_retry(b); - break; - case BIO_C_GET_CIPHER_CTX: - c_ctx = (EVP_CIPHER_CTX **)ptr; - (*c_ctx) = &(ctx->cipher); - b->init = 1; - break; - case BIO_CTRL_DUP: - dbio = (BIO *)ptr; - dctx = (BIO_ENC_CTX *)dbio->ptr; - EVP_CIPHER_CTX_init(&dctx->cipher); - ret = EVP_CIPHER_CTX_copy(&dctx->cipher, &ctx->cipher); - if (ret) - dbio->init = 1; - break; - default: - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - } - return (ret); -} - -static long -enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) -{ - long ret = 1; - - if (b->next_bio == NULL) - return (0); - switch (cmd) { - default: - ret = BIO_callback_ctrl(b->next_bio, cmd, fp); - break; - } - return (ret); -} - -/* -void BIO_set_cipher_ctx(b,c) -BIO *b; -EVP_CIPHER_ctx *c; - { - if (b == NULL) return; - - if ((b->callback != NULL) && - (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0)) - return; - - b->init=1; - ctx=(BIO_ENC_CTX *)b->ptr; - memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX)); - - if (b->callback != NULL) - b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L); - } -*/ - -void -BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, - const unsigned char *i, int e) -{ - BIO_ENC_CTX *ctx; - - if (b == NULL) - return; - - if ((b->callback != NULL) && - (b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 0L) <= 0)) - return; - - b->init = 1; - ctx = (BIO_ENC_CTX *)b->ptr; - EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e); - - if (b->callback != NULL) - b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L); -} diff --git a/src/lib/libcrypto/evp/bio_md.c b/src/lib/libcrypto/evp/bio_md.c deleted file mode 100644 index b1973746a7..0000000000 --- a/src/lib/libcrypto/evp/bio_md.c +++ /dev/null @@ -1,277 +0,0 @@ -/* $OpenBSD: bio_md.c,v 1.14 2014/07/11 08:44:48 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include - -#include -#include - -/* BIO_put and BIO_get both add to the digest, - * BIO_gets returns the digest */ - -static int md_write(BIO *h, char const *buf, int num); -static int md_read(BIO *h, char *buf, int size); -/*static int md_puts(BIO *h, const char *str); */ -static int md_gets(BIO *h, char *str, int size); -static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int md_new(BIO *h); -static int md_free(BIO *data); -static long md_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); - -static BIO_METHOD methods_md = { - .type = BIO_TYPE_MD, - .name = "message digest", - .bwrite = md_write, - .bread = md_read, - .bgets = md_gets, - .ctrl = md_ctrl, - .create = md_new, - .destroy = md_free, - .callback_ctrl = md_callback_ctrl -}; - -BIO_METHOD * -BIO_f_md(void) -{ - return (&methods_md); -} - -static int -md_new(BIO *bi) -{ - EVP_MD_CTX *ctx; - - ctx = EVP_MD_CTX_create(); - if (ctx == NULL) - return (0); - - bi->init = 0; - bi->ptr = (char *)ctx; - bi->flags = 0; - return (1); -} - -static int -md_free(BIO *a) -{ - if (a == NULL) - return (0); - EVP_MD_CTX_destroy(a->ptr); - a->ptr = NULL; - a->init = 0; - a->flags = 0; - return (1); -} - -static int -md_read(BIO *b, char *out, int outl) -{ - int ret = 0; - EVP_MD_CTX *ctx; - - if (out == NULL) - return (0); - ctx = b->ptr; - - if ((ctx == NULL) || (b->next_bio == NULL)) - return (0); - - ret = BIO_read(b->next_bio, out, outl); - if (b->init) { - if (ret > 0) { - if (EVP_DigestUpdate(ctx, (unsigned char *)out, - (unsigned int)ret) <= 0) - return (-1); - } - } - BIO_clear_retry_flags(b); - BIO_copy_next_retry(b); - return (ret); -} - -static int -md_write(BIO *b, const char *in, int inl) -{ - int ret = 0; - EVP_MD_CTX *ctx; - - if ((in == NULL) || (inl <= 0)) - return (0); - ctx = b->ptr; - - if ((ctx != NULL) && (b->next_bio != NULL)) - ret = BIO_write(b->next_bio, in, inl); - if (b->init) { - if (ret > 0) { - if (!EVP_DigestUpdate(ctx, (const unsigned char *)in, - (unsigned int)ret)) { - BIO_clear_retry_flags(b); - return 0; - } - } - } - if (b->next_bio != NULL) { - BIO_clear_retry_flags(b); - BIO_copy_next_retry(b); - } - return (ret); -} - -static long -md_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - EVP_MD_CTX *ctx, *dctx, **pctx; - const EVP_MD **ppmd; - EVP_MD *md; - long ret = 1; - BIO *dbio; - - ctx = b->ptr; - - switch (cmd) { - case BIO_CTRL_RESET: - if (b->init) - ret = EVP_DigestInit_ex(ctx, ctx->digest, NULL); - else - ret = 0; - if (ret > 0) - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_C_GET_MD: - if (b->init) { - ppmd = ptr; - *ppmd = ctx->digest; - } else - ret = 0; - break; - case BIO_C_GET_MD_CTX: - pctx = ptr; - *pctx = ctx; - b->init = 1; - break; - case BIO_C_SET_MD_CTX: - if (b->init) - b->ptr = ptr; - else - ret = 0; - break; - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - BIO_copy_next_retry(b); - break; - - case BIO_C_SET_MD: - md = ptr; - ret = EVP_DigestInit_ex(ctx, md, NULL); - if (ret > 0) - b->init = 1; - break; - case BIO_CTRL_DUP: - dbio = ptr; - dctx = dbio->ptr; - if (!EVP_MD_CTX_copy_ex(dctx, ctx)) - return 0; - b->init = 1; - break; - default: - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - } - return (ret); -} - -static long -md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) -{ - long ret = 1; - - if (b->next_bio == NULL) - return (0); - switch (cmd) { - default: - ret = BIO_callback_ctrl(b->next_bio, cmd, fp); - break; - } - return (ret); -} - -static int -md_gets(BIO *bp, char *buf, int size) -{ - EVP_MD_CTX *ctx; - unsigned int ret; - - ctx = bp->ptr; - if (size < ctx->digest->md_size) - return (0); - if (EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret) <= 0) - return -1; - - return ((int)ret); -} - -/* -static int md_puts(bp,str) -BIO *bp; -char *str; - { - return(-1); - } -*/ diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c deleted file mode 100644 index 5f9df3a7ad..0000000000 --- a/src/lib/libcrypto/evp/c_all.c +++ /dev/null @@ -1,299 +0,0 @@ -/* $OpenBSD: c_all.c,v 1.17 2015/06/20 01:07:24 doug Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#include -#include -#include - -#include "cryptlib.h" - -void -OpenSSL_add_all_ciphers(void) -{ -#ifndef OPENSSL_NO_DES - EVP_add_cipher(EVP_des_cfb()); - EVP_add_cipher(EVP_des_cfb1()); - EVP_add_cipher(EVP_des_cfb8()); - EVP_add_cipher(EVP_des_ede_cfb()); - EVP_add_cipher(EVP_des_ede3_cfb()); - EVP_add_cipher(EVP_des_ede3_cfb1()); - EVP_add_cipher(EVP_des_ede3_cfb8()); - - EVP_add_cipher(EVP_des_ofb()); - EVP_add_cipher(EVP_des_ede_ofb()); - EVP_add_cipher(EVP_des_ede3_ofb()); - - EVP_add_cipher(EVP_desx_cbc()); - EVP_add_cipher_alias(SN_desx_cbc, "DESX"); - EVP_add_cipher_alias(SN_desx_cbc, "desx"); - - EVP_add_cipher(EVP_des_cbc()); - EVP_add_cipher_alias(SN_des_cbc, "DES"); - EVP_add_cipher_alias(SN_des_cbc, "des"); - EVP_add_cipher(EVP_des_ede_cbc()); - EVP_add_cipher(EVP_des_ede3_cbc()); - EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3"); - EVP_add_cipher_alias(SN_des_ede3_cbc, "des3"); - - EVP_add_cipher(EVP_des_ecb()); - EVP_add_cipher(EVP_des_ede()); - EVP_add_cipher(EVP_des_ede3()); -#endif - -#ifndef OPENSSL_NO_RC4 - EVP_add_cipher(EVP_rc4()); - EVP_add_cipher(EVP_rc4_40()); -#ifndef OPENSSL_NO_MD5 - EVP_add_cipher(EVP_rc4_hmac_md5()); -#endif -#endif - -#ifndef OPENSSL_NO_IDEA - EVP_add_cipher(EVP_idea_ecb()); - EVP_add_cipher(EVP_idea_cfb()); - EVP_add_cipher(EVP_idea_ofb()); - EVP_add_cipher(EVP_idea_cbc()); - EVP_add_cipher_alias(SN_idea_cbc, "IDEA"); - EVP_add_cipher_alias(SN_idea_cbc, "idea"); -#endif - -#ifndef OPENSSL_NO_RC2 - EVP_add_cipher(EVP_rc2_ecb()); - EVP_add_cipher(EVP_rc2_cfb()); - EVP_add_cipher(EVP_rc2_ofb()); - EVP_add_cipher(EVP_rc2_cbc()); - EVP_add_cipher(EVP_rc2_40_cbc()); - EVP_add_cipher(EVP_rc2_64_cbc()); - EVP_add_cipher_alias(SN_rc2_cbc, "RC2"); - EVP_add_cipher_alias(SN_rc2_cbc, "rc2"); -#endif - -#ifndef OPENSSL_NO_BF - EVP_add_cipher(EVP_bf_ecb()); - EVP_add_cipher(EVP_bf_cfb()); - EVP_add_cipher(EVP_bf_ofb()); - EVP_add_cipher(EVP_bf_cbc()); - EVP_add_cipher_alias(SN_bf_cbc, "BF"); - EVP_add_cipher_alias(SN_bf_cbc, "bf"); - EVP_add_cipher_alias(SN_bf_cbc, "blowfish"); -#endif - -#ifndef OPENSSL_NO_CAST - EVP_add_cipher(EVP_cast5_ecb()); - EVP_add_cipher(EVP_cast5_cfb()); - EVP_add_cipher(EVP_cast5_ofb()); - EVP_add_cipher(EVP_cast5_cbc()); - EVP_add_cipher_alias(SN_cast5_cbc, "CAST"); - EVP_add_cipher_alias(SN_cast5_cbc, "cast"); - EVP_add_cipher_alias(SN_cast5_cbc, "CAST-cbc"); - EVP_add_cipher_alias(SN_cast5_cbc, "cast-cbc"); -#endif - -#ifndef OPENSSL_NO_AES - EVP_add_cipher(EVP_aes_128_ecb()); - EVP_add_cipher(EVP_aes_128_cbc()); - EVP_add_cipher(EVP_aes_128_cfb()); - EVP_add_cipher(EVP_aes_128_cfb1()); - EVP_add_cipher(EVP_aes_128_cfb8()); - EVP_add_cipher(EVP_aes_128_ofb()); - EVP_add_cipher(EVP_aes_128_ctr()); - EVP_add_cipher(EVP_aes_128_gcm()); - EVP_add_cipher(EVP_aes_128_xts()); - EVP_add_cipher_alias(SN_aes_128_cbc, "AES128"); - EVP_add_cipher_alias(SN_aes_128_cbc, "aes128"); - EVP_add_cipher(EVP_aes_192_ecb()); - EVP_add_cipher(EVP_aes_192_cbc()); - EVP_add_cipher(EVP_aes_192_cfb()); - EVP_add_cipher(EVP_aes_192_cfb1()); - EVP_add_cipher(EVP_aes_192_cfb8()); - EVP_add_cipher(EVP_aes_192_ofb()); - EVP_add_cipher(EVP_aes_192_ctr()); - EVP_add_cipher(EVP_aes_192_gcm()); - EVP_add_cipher_alias(SN_aes_192_cbc, "AES192"); - EVP_add_cipher_alias(SN_aes_192_cbc, "aes192"); - EVP_add_cipher(EVP_aes_256_ecb()); - EVP_add_cipher(EVP_aes_256_cbc()); - EVP_add_cipher(EVP_aes_256_cfb()); - EVP_add_cipher(EVP_aes_256_cfb1()); - EVP_add_cipher(EVP_aes_256_cfb8()); - EVP_add_cipher(EVP_aes_256_ofb()); - EVP_add_cipher(EVP_aes_256_ctr()); - EVP_add_cipher(EVP_aes_256_gcm()); - EVP_add_cipher(EVP_aes_256_xts()); - EVP_add_cipher_alias(SN_aes_256_cbc, "AES256"); - EVP_add_cipher_alias(SN_aes_256_cbc, "aes256"); -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) - EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); - EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); -#endif -#endif - -#ifndef OPENSSL_NO_CAMELLIA - EVP_add_cipher(EVP_camellia_128_ecb()); - EVP_add_cipher(EVP_camellia_128_cbc()); - EVP_add_cipher(EVP_camellia_128_cfb()); - EVP_add_cipher(EVP_camellia_128_cfb1()); - EVP_add_cipher(EVP_camellia_128_cfb8()); - EVP_add_cipher(EVP_camellia_128_ofb()); - EVP_add_cipher_alias(SN_camellia_128_cbc, "CAMELLIA128"); - EVP_add_cipher_alias(SN_camellia_128_cbc, "camellia128"); - EVP_add_cipher(EVP_camellia_192_ecb()); - EVP_add_cipher(EVP_camellia_192_cbc()); - EVP_add_cipher(EVP_camellia_192_cfb()); - EVP_add_cipher(EVP_camellia_192_cfb1()); - EVP_add_cipher(EVP_camellia_192_cfb8()); - EVP_add_cipher(EVP_camellia_192_ofb()); - EVP_add_cipher_alias(SN_camellia_192_cbc, "CAMELLIA192"); - EVP_add_cipher_alias(SN_camellia_192_cbc, "camellia192"); - EVP_add_cipher(EVP_camellia_256_ecb()); - EVP_add_cipher(EVP_camellia_256_cbc()); - EVP_add_cipher(EVP_camellia_256_cfb()); - EVP_add_cipher(EVP_camellia_256_cfb1()); - EVP_add_cipher(EVP_camellia_256_cfb8()); - EVP_add_cipher(EVP_camellia_256_ofb()); - EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256"); - EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256"); -#endif - -#ifndef OPENSSL_NO_CHACHA - EVP_add_cipher(EVP_chacha20()); -#endif - -#ifndef OPENSSL_NO_GOST - EVP_add_cipher(EVP_gost2814789_ecb()); - EVP_add_cipher(EVP_gost2814789_cfb64()); - EVP_add_cipher(EVP_gost2814789_cnt()); -#endif -} - -void -OpenSSL_add_all_digests(void) -{ -#ifndef OPENSSL_NO_MD4 - EVP_add_digest(EVP_md4()); -#endif - -#ifndef OPENSSL_NO_MD5 - EVP_add_digest(EVP_md5()); - EVP_add_digest_alias(SN_md5, "ssl2-md5"); - EVP_add_digest_alias(SN_md5, "ssl3-md5"); -#endif - -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) - EVP_add_digest(EVP_sha()); -#ifndef OPENSSL_NO_DSA - EVP_add_digest(EVP_dss()); -#endif -#endif -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) - EVP_add_digest(EVP_sha1()); - EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); - EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); -#ifndef OPENSSL_NO_DSA - EVP_add_digest(EVP_dss1()); - EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); - EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); - EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); -#endif -#ifndef OPENSSL_NO_ECDSA - EVP_add_digest(EVP_ecdsa()); -#endif -#endif - -#ifndef OPENSSL_NO_GOST - EVP_add_digest(EVP_gostr341194()); - EVP_add_digest(EVP_gost2814789imit()); - EVP_add_digest(EVP_streebog256()); - EVP_add_digest(EVP_streebog512()); -#endif -#ifndef OPENSSL_NO_RIPEMD - EVP_add_digest(EVP_ripemd160()); - EVP_add_digest_alias(SN_ripemd160, "ripemd"); - EVP_add_digest_alias(SN_ripemd160, "rmd160"); -#endif -#ifndef OPENSSL_NO_SHA256 - EVP_add_digest(EVP_sha224()); - EVP_add_digest(EVP_sha256()); -#endif -#ifndef OPENSSL_NO_SHA512 - EVP_add_digest(EVP_sha384()); - EVP_add_digest(EVP_sha512()); -#endif -#ifndef OPENSSL_NO_WHIRLPOOL - EVP_add_digest(EVP_whirlpool()); -#endif -} - -void -OPENSSL_add_all_algorithms_noconf(void) -{ - OPENSSL_cpuid_setup(); - OpenSSL_add_all_ciphers(); - OpenSSL_add_all_digests(); -} - -void -OPENSSL_add_all_algorithms_conf(void) -{ - OPENSSL_add_all_algorithms_noconf(); - OPENSSL_config(NULL); -} diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c deleted file mode 100644 index 6d8ed9b499..0000000000 --- a/src/lib/libcrypto/evp/digest.c +++ /dev/null @@ -1,405 +0,0 @@ -/* $OpenBSD: digest.c,v 1.26 2015/02/11 03:19:37 doug Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include - -#include - -#include -#include -#include - -#ifndef OPENSSL_NO_ENGINE -#include -#endif - -void -EVP_MD_CTX_init(EVP_MD_CTX *ctx) -{ - memset(ctx, 0, sizeof *ctx); -} - -EVP_MD_CTX * -EVP_MD_CTX_create(void) -{ - return calloc(1, sizeof(EVP_MD_CTX)); -} - -int -EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) -{ - EVP_MD_CTX_init(ctx); - return EVP_DigestInit_ex(ctx, type, NULL); -} - -int -EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) -{ - EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); - -#ifndef OPENSSL_NO_ENGINE - /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts - * so this context may already have an ENGINE! Try to avoid releasing - * the previous handle, re-querying for an ENGINE, and having a - * reinitialisation, when it may all be unecessary. */ - if (ctx->engine && ctx->digest && (!type || - (type && (type->type == ctx->digest->type)))) - goto skip_to_init; - if (type) { - /* Ensure an ENGINE left lying around from last time is cleared - * (the previous check attempted to avoid this if the same - * ENGINE and EVP_MD could be used). */ - if (ctx->engine) - ENGINE_finish(ctx->engine); - if (impl) { - if (!ENGINE_init(impl)) { - EVPerr(EVP_F_EVP_DIGESTINIT_EX, - EVP_R_INITIALIZATION_ERROR); - return 0; - } - } else - /* Ask if an ENGINE is reserved for this job */ - impl = ENGINE_get_digest_engine(type->type); - if (impl) { - /* There's an ENGINE for this job ... (apparently) */ - const EVP_MD *d = ENGINE_get_digest(impl, type->type); - if (!d) { - /* Same comment from evp_enc.c */ - EVPerr(EVP_F_EVP_DIGESTINIT_EX, - EVP_R_INITIALIZATION_ERROR); - ENGINE_finish(impl); - return 0; - } - /* We'll use the ENGINE's private digest definition */ - type = d; - /* Store the ENGINE functional reference so we know - * 'type' came from an ENGINE and we need to release - * it when done. */ - ctx->engine = impl; - } else - ctx->engine = NULL; - } else if (!ctx->digest) { - EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_NO_DIGEST_SET); - return 0; - } -#endif - if (ctx->digest != type) { - if (ctx->digest && ctx->digest->ctx_size && ctx->md_data && - !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { - explicit_bzero(ctx->md_data, ctx->digest->ctx_size); - free(ctx->md_data); - ctx->md_data = NULL; - } - ctx->digest = type; - if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { - ctx->update = type->update; - ctx->md_data = malloc(type->ctx_size); - if (ctx->md_data == NULL) { - EVP_PKEY_CTX_free(ctx->pctx); - ctx->pctx = NULL; - EVPerr(EVP_F_EVP_DIGESTINIT_EX, - ERR_R_MALLOC_FAILURE); - return 0; - } - } - } -#ifndef OPENSSL_NO_ENGINE -skip_to_init: -#endif - if (ctx->pctx) { - int r; - r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_DIGESTINIT, 0, ctx); - if (r <= 0 && (r != -2)) - return 0; - } - if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) - return 1; - return ctx->digest->init(ctx); -} - -int -EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return ctx->update(ctx, data, count); -} - -/* The caller can assume that this removes any secret data from the context */ -int -EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) -{ - int ret; - - ret = EVP_DigestFinal_ex(ctx, md, size); - EVP_MD_CTX_cleanup(ctx); - return ret; -} - -/* The caller can assume that this removes any secret data from the context */ -int -EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) -{ - int ret; - - if ((size_t)ctx->digest->md_size > EVP_MAX_MD_SIZE) { - EVPerr(EVP_F_EVP_DIGESTFINAL_EX, EVP_R_TOO_LARGE); - return 0; - } - ret = ctx->digest->final(ctx, md); - if (size != NULL) - *size = ctx->digest->md_size; - if (ctx->digest->cleanup) { - ctx->digest->cleanup(ctx); - EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); - } - memset(ctx->md_data, 0, ctx->digest->ctx_size); - return ret; -} - -int -EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) -{ - EVP_MD_CTX_init(out); - return EVP_MD_CTX_copy_ex(out, in); -} - -int -EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) -{ - unsigned char *tmp_buf; - - if ((in == NULL) || (in->digest == NULL)) { - EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_INPUT_NOT_INITIALIZED); - return 0; - } -#ifndef OPENSSL_NO_ENGINE - /* Make sure it's safe to copy a digest context using an ENGINE */ - if (in->engine && !ENGINE_init(in->engine)) { - EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB); - return 0; - } -#endif - - if (out->digest == in->digest) { - tmp_buf = out->md_data; - EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE); - } else - tmp_buf = NULL; - EVP_MD_CTX_cleanup(out); - memcpy(out, in, sizeof *out); - - if (in->md_data && out->digest->ctx_size) { - if (tmp_buf) - out->md_data = tmp_buf; - else { - out->md_data = malloc(out->digest->ctx_size); - if (!out->md_data) { - EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, - ERR_R_MALLOC_FAILURE); - return 0; - } - } - memcpy(out->md_data, in->md_data, out->digest->ctx_size); - } - - out->update = in->update; - - if (in->pctx) { - out->pctx = EVP_PKEY_CTX_dup(in->pctx); - if (!out->pctx) { - EVP_MD_CTX_cleanup(out); - return 0; - } - } - - if (out->digest->copy) - return out->digest->copy(out, in); - - return 1; -} - -int -EVP_Digest(const void *data, size_t count, - unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) -{ - EVP_MD_CTX ctx; - int ret; - - EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT); - ret = EVP_DigestInit_ex(&ctx, type, impl) && - EVP_DigestUpdate(&ctx, data, count) && - EVP_DigestFinal_ex(&ctx, md, size); - EVP_MD_CTX_cleanup(&ctx); - - return ret; -} - -void -EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) -{ - if (ctx) { - EVP_MD_CTX_cleanup(ctx); - free(ctx); - } -} - -/* This call frees resources associated with the context */ -int -EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) -{ - /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final, - * because sometimes only copies of the context are ever finalised. - */ - if (ctx->digest && ctx->digest->cleanup && - !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) - ctx->digest->cleanup(ctx); - if (ctx->digest && ctx->digest->ctx_size && ctx->md_data && - !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { - explicit_bzero(ctx->md_data, ctx->digest->ctx_size); - free(ctx->md_data); - } - EVP_PKEY_CTX_free(ctx->pctx); -#ifndef OPENSSL_NO_ENGINE - if (ctx->engine) - /* The EVP_MD we used belongs to an ENGINE, release the - * functional reference we held for this reason. */ - ENGINE_finish(ctx->engine); -#endif - memset(ctx, 0, sizeof *ctx); - - return 1; -} - -int -EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr) -{ - int ret; - - if (!ctx->digest) { - EVPerr(EVP_F_EVP_MD_CTX_CTRL, EVP_R_NO_CIPHER_SET); - return 0; - } - - if (!ctx->digest->md_ctrl) { - EVPerr(EVP_F_EVP_MD_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); - return 0; - } - - ret = ctx->digest->md_ctrl(ctx, type, arg, ptr); - if (ret == -1) { - EVPerr(EVP_F_EVP_MD_CTX_CTRL, - EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); - return 0; - } - return ret; -} diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c deleted file mode 100644 index 0a9455a5d2..0000000000 --- a/src/lib/libcrypto/evp/e_aes.c +++ /dev/null @@ -1,1548 +0,0 @@ -/* $OpenBSD: e_aes.c,v 1.28 2015/06/20 12:01:14 jsing Exp $ */ -/* ==================================================================== - * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - */ - -#include -#include - -#include - -#ifndef OPENSSL_NO_AES -#include -#include -#include - -#include "evp_locl.h" -#include "modes_lcl.h" - -typedef struct { - AES_KEY ks; - block128_f block; - union { - cbc128_f cbc; - ctr128_f ctr; - } stream; -} EVP_AES_KEY; - -typedef struct { - AES_KEY ks; /* AES key schedule to use */ - int key_set; /* Set if key initialised */ - int iv_set; /* Set if an iv is set */ - GCM128_CONTEXT gcm; - unsigned char *iv; /* Temporary IV store */ - int ivlen; /* IV length */ - int taglen; - int iv_gen; /* It is OK to generate IVs */ - int tls_aad_len; /* TLS AAD length */ - ctr128_f ctr; -} EVP_AES_GCM_CTX; - -typedef struct { - AES_KEY ks1, ks2; /* AES key schedules to use */ - XTS128_CONTEXT xts; - void (*stream)(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16]); -} EVP_AES_XTS_CTX; - -typedef struct { - AES_KEY ks; /* AES key schedule to use */ - int key_set; /* Set if key initialised */ - int iv_set; /* Set if an iv is set */ - int tag_set; /* Set if tag is valid */ - int len_set; /* Set if message length set */ - int L, M; /* L and M parameters from RFC3610 */ - CCM128_CONTEXT ccm; - ccm128_f str; -} EVP_AES_CCM_CTX; - -#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) - -#ifdef VPAES_ASM -int vpaes_set_encrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); -int vpaes_set_decrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); - -void vpaes_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -void vpaes_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); - -void vpaes_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, unsigned char *ivec, int enc); -#endif -#ifdef BSAES_ASM -void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, unsigned char ivec[16], int enc); -void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, const unsigned char ivec[16]); -void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out, - size_t len, const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16]); -void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out, - size_t len, const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16]); -#endif -#ifdef AES_CTR_ASM -void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - const unsigned char ivec[AES_BLOCK_SIZE]); -#endif -#ifdef AES_XTS_ASM -void AES_xts_encrypt(const char *inp, char *out, size_t len, - const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]); -void AES_xts_decrypt(const char *inp, char *out, size_t len, - const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]); -#endif - -#if defined(AES_ASM) && !defined(I386_ONLY) && ( \ - ((defined(__i386) || defined(__i386__) || \ - defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) || \ - defined(__INTEL__) ) - -extern unsigned int OPENSSL_ia32cap_P[2]; - -#ifdef VPAES_ASM -#define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) -#endif -#ifdef BSAES_ASM -#define BSAES_CAPABLE VPAES_CAPABLE -#endif -/* - * AES-NI section - */ -#define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) - -int aesni_set_encrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); -int aesni_set_decrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); - -void aesni_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -void aesni_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); - -void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, int enc); -void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, unsigned char *ivec, int enc); - -void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, - size_t blocks, const void *key, const unsigned char *ivec); - -void aesni_xts_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16]); - -void aesni_xts_decrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16]); - -void aesni_ccm64_encrypt_blocks (const unsigned char *in, unsigned char *out, - size_t blocks, const void *key, const unsigned char ivec[16], - unsigned char cmac[16]); - -void aesni_ccm64_decrypt_blocks (const unsigned char *in, unsigned char *out, - size_t blocks, const void *key, const unsigned char ivec[16], - unsigned char cmac[16]); - -static int -aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - int ret, mode; - EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; - - mode = ctx->cipher->flags & EVP_CIPH_MODE; - if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && - !enc) { - ret = aesni_set_decrypt_key(key, ctx->key_len * 8, - ctx->cipher_data); - dat->block = (block128_f)aesni_decrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f)aesni_cbc_encrypt : NULL; - } else { - ret = aesni_set_encrypt_key(key, ctx->key_len * 8, - ctx->cipher_data); - dat->block = (block128_f)aesni_encrypt; - if (mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f)aesni_cbc_encrypt; - else if (mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f)aesni_ctr32_encrypt_blocks; - else - dat->stream.cbc = NULL; - } - - if (ret < 0) { - EVPerr(EVP_F_AESNI_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED); - return 0; - } - - return 1; -} - -static int -aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - aesni_cbc_encrypt(in, out, len, ctx->cipher_data, ctx->iv, - ctx->encrypt); - - return 1; -} - -static int -aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - size_t bl = ctx->cipher->block_size; - - if (len < bl) - return 1; - - aesni_ecb_encrypt(in, out, len, ctx->cipher_data, ctx->encrypt); - - return 1; -} - -#define aesni_ofb_cipher aes_ofb_cipher -static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -#define aesni_cfb_cipher aes_cfb_cipher -static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -#define aesni_cfb8_cipher aes_cfb8_cipher -static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -#define aesni_cfb1_cipher aes_cfb1_cipher -static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -#define aesni_ctr_cipher aes_ctr_cipher -static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -static int -aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_AES_GCM_CTX *gctx = ctx->cipher_data; - - if (!iv && !key) - return 1; - if (key) { - aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks); - CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, - (block128_f)aesni_encrypt); - gctx->ctr = (ctr128_f)aesni_ctr32_encrypt_blocks; - /* If we have an iv can set it directly, otherwise use - * saved IV. - */ - if (iv == NULL && gctx->iv_set) - iv = gctx->iv; - if (iv) { - CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); - gctx->iv_set = 1; - } - gctx->key_set = 1; - } else { - /* If key set use IV, otherwise copy */ - if (gctx->key_set) - CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); - else - memcpy(gctx->iv, iv, gctx->ivlen); - gctx->iv_set = 1; - gctx->iv_gen = 0; - } - return 1; -} - -#define aesni_gcm_cipher aes_gcm_cipher -static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -static int -aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_AES_XTS_CTX *xctx = ctx->cipher_data; - - if (!iv && !key) - return 1; - - if (key) { - /* key_len is two AES keys */ - if (enc) { - aesni_set_encrypt_key(key, ctx->key_len * 4, - &xctx->ks1); - xctx->xts.block1 = (block128_f)aesni_encrypt; - xctx->stream = aesni_xts_encrypt; - } else { - aesni_set_decrypt_key(key, ctx->key_len * 4, - &xctx->ks1); - xctx->xts.block1 = (block128_f)aesni_decrypt; - xctx->stream = aesni_xts_decrypt; - } - - aesni_set_encrypt_key(key + ctx->key_len / 2, - ctx->key_len * 4, &xctx->ks2); - xctx->xts.block2 = (block128_f)aesni_encrypt; - - xctx->xts.key1 = &xctx->ks1; - } - - if (iv) { - xctx->xts.key2 = &xctx->ks2; - memcpy(ctx->iv, iv, 16); - } - - return 1; -} - -#define aesni_xts_cipher aes_xts_cipher -static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -static int -aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_AES_CCM_CTX *cctx = ctx->cipher_data; - - if (!iv && !key) - return 1; - if (key) { - aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); - CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f)aesni_encrypt); - cctx->str = enc ? (ccm128_f)aesni_ccm64_encrypt_blocks : - (ccm128_f)aesni_ccm64_decrypt_blocks; - cctx->key_set = 1; - } - if (iv) { - memcpy(ctx->iv, iv, 15 - cctx->L); - cctx->iv_set = 1; - } - return 1; -} - -#define aesni_ccm_cipher aes_ccm_cipher -static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -#define BLOCK_CIPHER_generic(n,keylen,blocksize,ivlen,nmode,mode,MODE,fl) \ -static const EVP_CIPHER aesni_##keylen##_##mode = { \ - .nid = n##_##keylen##_##nmode, \ - .block_size = blocksize, \ - .key_len = keylen / 8, \ - .iv_len = ivlen, \ - .flags = fl | EVP_CIPH_##MODE##_MODE, \ - .init = aesni_init_key, \ - .do_cipher = aesni_##mode##_cipher, \ - .ctx_size = sizeof(EVP_AES_KEY) \ -}; \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - .nid = n##_##keylen##_##nmode, \ - .block_size = blocksize, \ - .key_len = keylen / 8, \ - .iv_len = ivlen, \ - .flags = fl | EVP_CIPH_##MODE##_MODE, \ - .init = aes_init_key, \ - .do_cipher = aes_##mode##_cipher, \ - .ctx_size = sizeof(EVP_AES_KEY) \ -}; \ -const EVP_CIPHER * \ -EVP_aes_##keylen##_##mode(void) \ -{ \ - return AESNI_CAPABLE ? \ - &aesni_##keylen##_##mode : &aes_##keylen##_##mode; \ -} - -#define BLOCK_CIPHER_custom(n,keylen,blocksize,ivlen,mode,MODE,fl) \ -static const EVP_CIPHER aesni_##keylen##_##mode = { \ - .nid = n##_##keylen##_##mode, \ - .block_size = blocksize, \ - .key_len = \ - (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * \ - keylen / 8, \ - .iv_len = ivlen, \ - .flags = fl | EVP_CIPH_##MODE##_MODE, \ - .init = aesni_##mode##_init_key, \ - .do_cipher = aesni_##mode##_cipher, \ - .cleanup = aes_##mode##_cleanup, \ - .ctx_size = sizeof(EVP_AES_##MODE##_CTX), \ - .ctrl = aes_##mode##_ctrl \ -}; \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - .nid = n##_##keylen##_##mode, \ - .block_size = blocksize, \ - .key_len = \ - (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * \ - keylen / 8, \ - .iv_len = ivlen, \ - .flags = fl | EVP_CIPH_##MODE##_MODE, \ - .init = aes_##mode##_init_key, \ - .do_cipher = aes_##mode##_cipher, \ - .cleanup = aes_##mode##_cleanup, \ - .ctx_size = sizeof(EVP_AES_##MODE##_CTX), \ - .ctrl = aes_##mode##_ctrl \ -}; \ -const EVP_CIPHER * \ -EVP_aes_##keylen##_##mode(void) \ -{ \ - return AESNI_CAPABLE ? \ - &aesni_##keylen##_##mode : &aes_##keylen##_##mode; \ -} - -#else - -#define BLOCK_CIPHER_generic(n,keylen,blocksize,ivlen,nmode,mode,MODE,fl) \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - .nid = n##_##keylen##_##nmode, \ - .block_size = blocksize, \ - .key_len = keylen / 8, \ - .iv_len = ivlen, \ - .flags = fl | EVP_CIPH_##MODE##_MODE, \ - .init = aes_init_key, \ - .do_cipher = aes_##mode##_cipher, \ - .ctx_size = sizeof(EVP_AES_KEY) \ -}; \ -const EVP_CIPHER * \ -EVP_aes_##keylen##_##mode(void) \ -{ \ - return &aes_##keylen##_##mode; \ -} - -#define BLOCK_CIPHER_custom(n,keylen,blocksize,ivlen,mode,MODE,fl) \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - .nid = n##_##keylen##_##mode, \ - .block_size = blocksize, \ - .key_len = \ - (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * \ - keylen / 8, \ - .iv_len = ivlen, \ - .flags = fl | EVP_CIPH_##MODE##_MODE, \ - .init = aes_##mode##_init_key, \ - .do_cipher = aes_##mode##_cipher, \ - .cleanup = aes_##mode##_cleanup, \ - .ctx_size = sizeof(EVP_AES_##MODE##_CTX), \ - .ctrl = aes_##mode##_ctrl \ -}; \ -const EVP_CIPHER * \ -EVP_aes_##keylen##_##mode(void) \ -{ \ - return &aes_##keylen##_##mode; \ -} - -#endif - -#define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ - BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags) - -static int -aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - int ret, mode; - EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; - - mode = ctx->cipher->flags & EVP_CIPH_MODE; - if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && - !enc) -#ifdef BSAES_CAPABLE - if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) { - ret = AES_set_decrypt_key(key, ctx->key_len * 8, - &dat->ks); - dat->block = (block128_f)AES_decrypt; - dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt; - } else -#endif -#ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { - ret = vpaes_set_decrypt_key(key, ctx->key_len * 8, - &dat->ks); - dat->block = (block128_f)vpaes_decrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f)vpaes_cbc_encrypt : NULL; - } else -#endif - { - ret = AES_set_decrypt_key(key, ctx->key_len * 8, - &dat->ks); - dat->block = (block128_f)AES_decrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f)AES_cbc_encrypt : NULL; - } else -#ifdef BSAES_CAPABLE - if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) { - ret = AES_set_encrypt_key(key, ctx->key_len * 8, - &dat->ks); - dat->block = (block128_f)AES_encrypt; - dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks; - } else -#endif -#ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { - ret = vpaes_set_encrypt_key(key, ctx->key_len * 8, - &dat->ks); - dat->block = (block128_f)vpaes_encrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f)vpaes_cbc_encrypt : NULL; - } else -#endif - { - ret = AES_set_encrypt_key(key, ctx->key_len * 8, - &dat->ks); - dat->block = (block128_f)AES_encrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f)AES_cbc_encrypt : NULL; -#ifdef AES_CTR_ASM - if (mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt; -#endif - } - - if (ret < 0) { - EVPerr(EVP_F_AES_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED); - return 0; - } - - return 1; -} - -static int -aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; - - if (dat->stream.cbc) - (*dat->stream.cbc)(in, out, len, &dat->ks, ctx->iv, - ctx->encrypt); - else if (ctx->encrypt) - CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, - dat->block); - else - CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, - dat->block); - - return 1; -} - -static int -aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - size_t bl = ctx->cipher->block_size; - size_t i; - EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; - - if (len < bl) - return 1; - - for (i = 0, len -= bl; i <= len; i += bl) - (*dat->block)(in + i, out + i, &dat->ks); - - return 1; -} - -static int -aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; - - CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num, - dat->block); - return 1; -} - -static int -aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; - - CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num, - ctx->encrypt, dat->block); - return 1; -} - -static int -aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; - - CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num, - ctx->encrypt, dat->block); - return 1; -} - -static int -aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; - - if (ctx->flags&EVP_CIPH_FLAG_LENGTH_BITS) { - CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, ctx->iv, - &ctx->num, ctx->encrypt, dat->block); - return 1; - } - - while (len >= MAXBITCHUNK) { - CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK*8, &dat->ks, - ctx->iv, &ctx->num, ctx->encrypt, dat->block); - len -= MAXBITCHUNK; - } - if (len) - CRYPTO_cfb128_1_encrypt(in, out, len*8, &dat->ks, - ctx->iv, &ctx->num, ctx->encrypt, dat->block); - - return 1; -} - -static int aes_ctr_cipher (EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - unsigned int num = ctx->num; - EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; - - if (dat->stream.ctr) - CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, - ctx->iv, ctx->buf, &num, dat->stream.ctr); - else - CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, - ctx->iv, ctx->buf, &num, dat->block); - ctx->num = (size_t)num; - return 1; -} - -BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS) -BLOCK_CIPHER_generic_pack(NID_aes, 192, EVP_CIPH_FLAG_FIPS) -BLOCK_CIPHER_generic_pack(NID_aes, 256, EVP_CIPH_FLAG_FIPS) - -static int -aes_gcm_cleanup(EVP_CIPHER_CTX *c) -{ - EVP_AES_GCM_CTX *gctx = c->cipher_data; - - if (gctx->iv != c->iv) - free(gctx->iv); - OPENSSL_cleanse(gctx, sizeof(*gctx)); - return 1; -} - -/* increment counter (64-bit int) by 1 */ -static void -ctr64_inc(unsigned char *counter) -{ - int n = 8; - unsigned char c; - - do { - --n; - c = counter[n]; - ++c; - counter[n] = c; - if (c) - return; - } while (n); -} - -static int -aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -{ - EVP_AES_GCM_CTX *gctx = c->cipher_data; - - switch (type) { - case EVP_CTRL_INIT: - gctx->key_set = 0; - gctx->iv_set = 0; - gctx->ivlen = c->cipher->iv_len; - gctx->iv = c->iv; - gctx->taglen = -1; - gctx->iv_gen = 0; - gctx->tls_aad_len = -1; - return 1; - - case EVP_CTRL_GCM_SET_IVLEN: - if (arg <= 0) - return 0; - /* Allocate memory for IV if needed */ - if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { - if (gctx->iv != c->iv) - free(gctx->iv); - gctx->iv = malloc(arg); - if (!gctx->iv) - return 0; - } - gctx->ivlen = arg; - return 1; - - case EVP_CTRL_GCM_SET_TAG: - if (arg <= 0 || arg > 16 || c->encrypt) - return 0; - memcpy(c->buf, ptr, arg); - gctx->taglen = arg; - return 1; - - case EVP_CTRL_GCM_GET_TAG: - if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0) - return 0; - memcpy(ptr, c->buf, arg); - return 1; - - case EVP_CTRL_GCM_SET_IV_FIXED: - /* Special case: -1 length restores whole IV */ - if (arg == -1) { - memcpy(gctx->iv, ptr, gctx->ivlen); - gctx->iv_gen = 1; - return 1; - } - /* Fixed field must be at least 4 bytes and invocation field - * at least 8. - */ - if ((arg < 4) || (gctx->ivlen - arg) < 8) - return 0; - if (arg) - memcpy(gctx->iv, ptr, arg); - if (c->encrypt) - arc4random_buf(gctx->iv + arg, gctx->ivlen - arg); - gctx->iv_gen = 1; - return 1; - - case EVP_CTRL_GCM_IV_GEN: - if (gctx->iv_gen == 0 || gctx->key_set == 0) - return 0; - CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen); - if (arg <= 0 || arg > gctx->ivlen) - arg = gctx->ivlen; - memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg); - /* Invocation field will be at least 8 bytes in size and - * so no need to check wrap around or increment more than - * last 8 bytes. - */ - ctr64_inc(gctx->iv + gctx->ivlen - 8); - gctx->iv_set = 1; - return 1; - - case EVP_CTRL_GCM_SET_IV_INV: - if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt) - return 0; - memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); - CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen); - gctx->iv_set = 1; - return 1; - - case EVP_CTRL_AEAD_TLS1_AAD: - /* Save the AAD for later use */ - if (arg != 13) - return 0; - memcpy(c->buf, ptr, arg); - gctx->tls_aad_len = arg; - { - unsigned int len = c->buf[arg - 2] << 8 | - c->buf[arg - 1]; - - /* Correct length for explicit IV */ - len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; - - /* If decrypting correct for tag too */ - if (!c->encrypt) - len -= EVP_GCM_TLS_TAG_LEN; - c->buf[arg - 2] = len >> 8; - c->buf[arg - 1] = len & 0xff; - } - /* Extra padding: tag appended to record */ - return EVP_GCM_TLS_TAG_LEN; - - case EVP_CTRL_COPY: - { - EVP_CIPHER_CTX *out = ptr; - EVP_AES_GCM_CTX *gctx_out = out->cipher_data; - - if (gctx->gcm.key) { - if (gctx->gcm.key != &gctx->ks) - return 0; - gctx_out->gcm.key = &gctx_out->ks; - } - if (gctx->iv == c->iv) - gctx_out->iv = out->iv; - else { - gctx_out->iv = malloc(gctx->ivlen); - if (!gctx_out->iv) - return 0; - memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); - } - return 1; - } - - default: - return -1; - - } -} - -static ctr128_f -aes_gcm_set_key(AES_KEY *aes_key, GCM128_CONTEXT *gcm_ctx, - const unsigned char *key, size_t key_len) -{ -#ifdef BSAES_CAPABLE - if (BSAES_CAPABLE) { - AES_set_encrypt_key(key, key_len * 8, aes_key); - CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt); - return (ctr128_f)bsaes_ctr32_encrypt_blocks; - } else -#endif -#ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { - vpaes_set_encrypt_key(key, key_len * 8, aes_key); - CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)vpaes_encrypt); - return NULL; - } else -#endif - (void)0; /* terminate potentially open 'else' */ - - AES_set_encrypt_key(key, key_len * 8, aes_key); - CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt); -#ifdef AES_CTR_ASM - return (ctr128_f)AES_ctr32_encrypt; -#else - return NULL; -#endif -} - -static int -aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_AES_GCM_CTX *gctx = ctx->cipher_data; - - if (!iv && !key) - return 1; - if (key) { - gctx->ctr = aes_gcm_set_key(&gctx->ks, &gctx->gcm, - key, ctx->key_len); - - /* If we have an iv can set it directly, otherwise use - * saved IV. - */ - if (iv == NULL && gctx->iv_set) - iv = gctx->iv; - if (iv) { - CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); - gctx->iv_set = 1; - } - gctx->key_set = 1; - } else { - /* If key set use IV, otherwise copy */ - if (gctx->key_set) - CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); - else - memcpy(gctx->iv, iv, gctx->ivlen); - gctx->iv_set = 1; - gctx->iv_gen = 0; - } - return 1; -} - -/* Handle TLS GCM packet format. This consists of the last portion of the IV - * followed by the payload and finally the tag. On encrypt generate IV, - * encrypt payload and write the tag. On verify retrieve IV, decrypt payload - * and verify tag. - */ - -static int -aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_GCM_CTX *gctx = ctx->cipher_data; - int rv = -1; - - /* Encrypt/decrypt must be performed in place */ - if (out != in || - len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN)) - return -1; - - /* Set IV from start of buffer or generate IV and write to start - * of buffer. - */ - if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? - EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, - EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) - goto err; - - /* Use saved AAD */ - if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len)) - goto err; - - /* Fix buffer and length to point to payload */ - in += EVP_GCM_TLS_EXPLICIT_IV_LEN; - out += EVP_GCM_TLS_EXPLICIT_IV_LEN; - len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; - if (ctx->encrypt) { - /* Encrypt payload */ - if (gctx->ctr) { - if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, in, out, - len, gctx->ctr)) - goto err; - } else { - if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len)) - goto err; - } - out += len; - - /* Finally write tag */ - CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN); - rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; - } else { - /* Decrypt */ - if (gctx->ctr) { - if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, in, out, - len, gctx->ctr)) - goto err; - } else { - if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len)) - goto err; - } - /* Retrieve tag */ - CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN); - - /* If tag mismatch wipe buffer */ - if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { - OPENSSL_cleanse(out, len); - goto err; - } - rv = len; - } - -err: - gctx->iv_set = 0; - gctx->tls_aad_len = -1; - return rv; -} - -static int -aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_GCM_CTX *gctx = ctx->cipher_data; - - /* If not set up, return error */ - if (!gctx->key_set) - return -1; - - if (gctx->tls_aad_len >= 0) - return aes_gcm_tls_cipher(ctx, out, in, len); - - if (!gctx->iv_set) - return -1; - - if (in) { - if (out == NULL) { - if (CRYPTO_gcm128_aad(&gctx->gcm, in, len)) - return -1; - } else if (ctx->encrypt) { - if (gctx->ctr) { - if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, - in, out, len, gctx->ctr)) - return -1; - } else { - if (CRYPTO_gcm128_encrypt(&gctx->gcm, - in, out, len)) - return -1; - } - } else { - if (gctx->ctr) { - if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, - in, out, len, gctx->ctr)) - return -1; - } else { - if (CRYPTO_gcm128_decrypt(&gctx->gcm, - in, out, len)) - return -1; - } - } - return len; - } else { - if (!ctx->encrypt) { - if (gctx->taglen < 0) - return -1; - if (CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, - gctx->taglen) != 0) - return -1; - gctx->iv_set = 0; - return 0; - } - CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16); - gctx->taglen = 16; - - /* Don't reuse the IV */ - gctx->iv_set = 0; - return 0; - } - -} - -#define CUSTOM_FLAGS \ - ( EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV | \ - EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | \ - EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY ) - -BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, - EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) -BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM, - EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) -BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM, - EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) - -static int -aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -{ - EVP_AES_XTS_CTX *xctx = c->cipher_data; - - switch (type) { - case EVP_CTRL_INIT: - /* - * key1 and key2 are used as an indicator both key and IV - * are set - */ - xctx->xts.key1 = NULL; - xctx->xts.key2 = NULL; - return 1; - - case EVP_CTRL_COPY: - { - EVP_CIPHER_CTX *out = ptr; - EVP_AES_XTS_CTX *xctx_out = out->cipher_data; - - if (xctx->xts.key1) { - if (xctx->xts.key1 != &xctx->ks1) - return 0; - xctx_out->xts.key1 = &xctx_out->ks1; - } - if (xctx->xts.key2) { - if (xctx->xts.key2 != &xctx->ks2) - return 0; - xctx_out->xts.key2 = &xctx_out->ks2; - } - return 1; - } - } - return -1; -} - -static int -aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_AES_XTS_CTX *xctx = ctx->cipher_data; - - if (!iv && !key) - return 1; - - if (key) do { -#ifdef AES_XTS_ASM - xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt; -#else - xctx->stream = NULL; -#endif - /* key_len is two AES keys */ -#ifdef BSAES_CAPABLE - if (BSAES_CAPABLE) - xctx->stream = enc ? bsaes_xts_encrypt : - bsaes_xts_decrypt; - else -#endif -#ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { - if (enc) { - vpaes_set_encrypt_key(key, ctx->key_len * 4, - &xctx->ks1); - xctx->xts.block1 = (block128_f)vpaes_encrypt; - } else { - vpaes_set_decrypt_key(key, ctx->key_len * 4, - &xctx->ks1); - xctx->xts.block1 = (block128_f)vpaes_decrypt; - } - - vpaes_set_encrypt_key(key + ctx->key_len / 2, - ctx->key_len * 4, &xctx->ks2); - xctx->xts.block2 = (block128_f)vpaes_encrypt; - - xctx->xts.key1 = &xctx->ks1; - break; - } else -#endif - (void)0; /* terminate potentially open 'else' */ - - if (enc) { - AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); - xctx->xts.block1 = (block128_f)AES_encrypt; - } else { - AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1); - xctx->xts.block1 = (block128_f)AES_decrypt; - } - - AES_set_encrypt_key(key + ctx->key_len / 2, - ctx->key_len * 4, &xctx->ks2); - xctx->xts.block2 = (block128_f)AES_encrypt; - - xctx->xts.key1 = &xctx->ks1; - } while (0); - - if (iv) { - xctx->xts.key2 = &xctx->ks2; - memcpy(ctx->iv, iv, 16); - } - - return 1; -} - -static int -aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_XTS_CTX *xctx = ctx->cipher_data; - - if (!xctx->xts.key1 || !xctx->xts.key2) - return 0; - if (!out || !in || len < AES_BLOCK_SIZE) - return 0; - - if (xctx->stream) - (*xctx->stream)(in, out, len, xctx->xts.key1, xctx->xts.key2, - ctx->iv); - else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len, - ctx->encrypt)) - return 0; - return 1; -} - -#define aes_xts_cleanup NULL - -#define XTS_FLAGS \ - ( EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV | \ - EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY ) - -BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, EVP_CIPH_FLAG_FIPS|XTS_FLAGS) -BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, EVP_CIPH_FLAG_FIPS|XTS_FLAGS) - -static int -aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -{ - EVP_AES_CCM_CTX *cctx = c->cipher_data; - - switch (type) { - case EVP_CTRL_INIT: - cctx->key_set = 0; - cctx->iv_set = 0; - cctx->L = 8; - cctx->M = 12; - cctx->tag_set = 0; - cctx->len_set = 0; - return 1; - - case EVP_CTRL_CCM_SET_IVLEN: - arg = 15 - arg; - - case EVP_CTRL_CCM_SET_L: - if (arg < 2 || arg > 8) - return 0; - cctx->L = arg; - return 1; - - case EVP_CTRL_CCM_SET_TAG: - if ((arg & 1) || arg < 4 || arg > 16) - return 0; - if ((c->encrypt && ptr) || (!c->encrypt && !ptr)) - return 0; - if (ptr) { - cctx->tag_set = 1; - memcpy(c->buf, ptr, arg); - } - cctx->M = arg; - return 1; - - case EVP_CTRL_CCM_GET_TAG: - if (!c->encrypt || !cctx->tag_set) - return 0; - if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg)) - return 0; - cctx->tag_set = 0; - cctx->iv_set = 0; - cctx->len_set = 0; - return 1; - - case EVP_CTRL_COPY: - { - EVP_CIPHER_CTX *out = ptr; - EVP_AES_CCM_CTX *cctx_out = out->cipher_data; - - if (cctx->ccm.key) { - if (cctx->ccm.key != &cctx->ks) - return 0; - cctx_out->ccm.key = &cctx_out->ks; - } - return 1; - } - - default: - return -1; - } -} - -static int -aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_AES_CCM_CTX *cctx = ctx->cipher_data; - - if (!iv && !key) - return 1; - if (key) do { -#ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { - vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks); - CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f)vpaes_encrypt); - cctx->str = NULL; - cctx->key_set = 1; - break; - } -#endif - AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); - CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f)AES_encrypt); - cctx->str = NULL; - cctx->key_set = 1; - } while (0); - if (iv) { - memcpy(ctx->iv, iv, 15 - cctx->L); - cctx->iv_set = 1; - } - return 1; -} - -static int -aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_CCM_CTX *cctx = ctx->cipher_data; - CCM128_CONTEXT *ccm = &cctx->ccm; - - /* If not set up, return error */ - if (!cctx->iv_set && !cctx->key_set) - return -1; - if (!ctx->encrypt && !cctx->tag_set) - return -1; - - if (!out) { - if (!in) { - if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, - len)) - return -1; - cctx->len_set = 1; - return len; - } - /* If have AAD need message length */ - if (!cctx->len_set && len) - return -1; - CRYPTO_ccm128_aad(ccm, in, len); - return len; - } - /* EVP_*Final() doesn't return any data */ - if (!in) - return 0; - /* If not set length yet do it */ - if (!cctx->len_set) { - if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) - return -1; - cctx->len_set = 1; - } - if (ctx->encrypt) { - if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, - cctx->str) : CRYPTO_ccm128_encrypt(ccm, in, out, len)) - return -1; - cctx->tag_set = 1; - return len; - } else { - int rv = -1; - if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, - cctx->str) : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { - unsigned char tag[16]; - if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { - if (!memcmp(tag, ctx->buf, cctx->M)) - rv = len; - } - } - if (rv == -1) - OPENSSL_cleanse(out, len); - cctx->iv_set = 0; - cctx->tag_set = 0; - cctx->len_set = 0; - return rv; - } - -} - -#define aes_ccm_cleanup NULL - -BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, - EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) -BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM, - EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) -BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM, - EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) - -#define EVP_AEAD_AES_GCM_TAG_LEN 16 - -struct aead_aes_gcm_ctx { - union { - double align; - AES_KEY ks; - } ks; - GCM128_CONTEXT gcm; - ctr128_f ctr; - unsigned char tag_len; -}; - -static int -aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const unsigned char *key, size_t key_len, - size_t tag_len) -{ - struct aead_aes_gcm_ctx *gcm_ctx; - const size_t key_bits = key_len * 8; - - /* EVP_AEAD_CTX_init should catch this. */ - if (key_bits != 128 && key_bits != 256) { - EVPerr(EVP_F_AEAD_AES_GCM_INIT, EVP_R_BAD_KEY_LENGTH); - return 0; - } - - if (tag_len == EVP_AEAD_DEFAULT_TAG_LENGTH) - tag_len = EVP_AEAD_AES_GCM_TAG_LEN; - - if (tag_len > EVP_AEAD_AES_GCM_TAG_LEN) { - EVPerr(EVP_F_AEAD_AES_GCM_INIT, EVP_R_TAG_TOO_LARGE); - return 0; - } - - gcm_ctx = malloc(sizeof(struct aead_aes_gcm_ctx)); - if (gcm_ctx == NULL) - return 0; - -#ifdef AESNI_CAPABLE - if (AESNI_CAPABLE) { - aesni_set_encrypt_key(key, key_bits, &gcm_ctx->ks.ks); - CRYPTO_gcm128_init(&gcm_ctx->gcm, &gcm_ctx->ks.ks, - (block128_f)aesni_encrypt); - gcm_ctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks; - } else -#endif - { - gcm_ctx->ctr = aes_gcm_set_key(&gcm_ctx->ks.ks, &gcm_ctx->gcm, - key, key_len); - } - gcm_ctx->tag_len = tag_len; - ctx->aead_state = gcm_ctx; - - return 1; -} - -static void -aead_aes_gcm_cleanup(EVP_AEAD_CTX *ctx) -{ - struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state; - - OPENSSL_cleanse(gcm_ctx, sizeof(*gcm_ctx)); - free(gcm_ctx); -} - -static int -aead_aes_gcm_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len, - size_t max_out_len, const unsigned char *nonce, size_t nonce_len, - const unsigned char *in, size_t in_len, const unsigned char *ad, - size_t ad_len) -{ - const struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state; - GCM128_CONTEXT gcm; - size_t bulk = 0; - - if (max_out_len < in_len + gcm_ctx->tag_len) { - EVPerr(EVP_F_AEAD_AES_GCM_SEAL, EVP_R_BUFFER_TOO_SMALL); - return 0; - } - - memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm)); - CRYPTO_gcm128_setiv(&gcm, nonce, nonce_len); - - if (ad_len > 0 && CRYPTO_gcm128_aad(&gcm, ad, ad_len)) - return 0; - - if (gcm_ctx->ctr) { - if (CRYPTO_gcm128_encrypt_ctr32(&gcm, in + bulk, out + bulk, - in_len - bulk, gcm_ctx->ctr)) - return 0; - } else { - if (CRYPTO_gcm128_encrypt(&gcm, in + bulk, out + bulk, - in_len - bulk)) - return 0; - } - - CRYPTO_gcm128_tag(&gcm, out + in_len, gcm_ctx->tag_len); - *out_len = in_len + gcm_ctx->tag_len; - - return 1; -} - -static int -aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len, - size_t max_out_len, const unsigned char *nonce, size_t nonce_len, - const unsigned char *in, size_t in_len, const unsigned char *ad, - size_t ad_len) -{ - const struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state; - unsigned char tag[EVP_AEAD_AES_GCM_TAG_LEN]; - GCM128_CONTEXT gcm; - size_t plaintext_len; - size_t bulk = 0; - - if (in_len < gcm_ctx->tag_len) { - EVPerr(EVP_F_AEAD_AES_GCM_OPEN, EVP_R_BAD_DECRYPT); - return 0; - } - - plaintext_len = in_len - gcm_ctx->tag_len; - - if (max_out_len < plaintext_len) { - EVPerr(EVP_F_AEAD_AES_GCM_OPEN, EVP_R_BUFFER_TOO_SMALL); - return 0; - } - - memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm)); - CRYPTO_gcm128_setiv(&gcm, nonce, nonce_len); - - if (CRYPTO_gcm128_aad(&gcm, ad, ad_len)) - return 0; - - if (gcm_ctx->ctr) { - if (CRYPTO_gcm128_decrypt_ctr32(&gcm, in + bulk, out + bulk, - in_len - bulk - gcm_ctx->tag_len, gcm_ctx->ctr)) - return 0; - } else { - if (CRYPTO_gcm128_decrypt(&gcm, in + bulk, out + bulk, - in_len - bulk - gcm_ctx->tag_len)) - return 0; - } - - CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len); - if (timingsafe_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) { - EVPerr(EVP_F_AEAD_AES_GCM_OPEN, EVP_R_BAD_DECRYPT); - return 0; - } - - *out_len = plaintext_len; - - return 1; -} - -static const EVP_AEAD aead_aes_128_gcm = { - .key_len = 16, - .nonce_len = 12, - .overhead = EVP_AEAD_AES_GCM_TAG_LEN, - .max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN, - - .init = aead_aes_gcm_init, - .cleanup = aead_aes_gcm_cleanup, - .seal = aead_aes_gcm_seal, - .open = aead_aes_gcm_open, -}; - -static const EVP_AEAD aead_aes_256_gcm = { - .key_len = 32, - .nonce_len = 12, - .overhead = EVP_AEAD_AES_GCM_TAG_LEN, - .max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN, - - .init = aead_aes_gcm_init, - .cleanup = aead_aes_gcm_cleanup, - .seal = aead_aes_gcm_seal, - .open = aead_aes_gcm_open, -}; - -const EVP_AEAD * -EVP_aead_aes_128_gcm(void) -{ - return &aead_aes_128_gcm; -} - -const EVP_AEAD * -EVP_aead_aes_256_gcm(void) -{ - return &aead_aes_256_gcm; -} - -#endif diff --git a/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c b/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c deleted file mode 100644 index 7c23face34..0000000000 --- a/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c +++ /dev/null @@ -1,601 +0,0 @@ -/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.8 2014/07/12 20:37:07 miod Exp $ */ -/* ==================================================================== - * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include - -#include - -#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA1) - -#include -#include -#include -#include -#include "evp_locl.h" - -#ifndef EVP_CIPH_FLAG_AEAD_CIPHER -#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 -#define EVP_CTRL_AEAD_TLS1_AAD 0x16 -#define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 -#endif - -#define TLS1_1_VERSION 0x0302 - -typedef struct { - AES_KEY ks; - SHA_CTX head, tail, md; - size_t payload_length; /* AAD length in decrypt case */ - union { - unsigned int tls_ver; - unsigned char tls_aad[16]; /* 13 used */ - } aux; -} EVP_AES_HMAC_SHA1; - -#define NO_PAYLOAD_LENGTH ((size_t)-1) - -#if defined(AES_ASM) && ( \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) || \ - defined(__INTEL__) ) - -#if defined(__GNUC__) && __GNUC__>=2 -# define BSWAP(x) ({ unsigned int r=(x); asm ("bswapl %0":"=r"(r):"0"(r)); r; }) -#endif - -extern unsigned int OPENSSL_ia32cap_P[2]; -#define AESNI_CAPABLE (1<<(57-32)) - -int aesni_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key); -int aesni_set_decrypt_key(const unsigned char *userKey, int bits, AES_KEY *key); - -void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, unsigned char *ivec, int enc); - -void aesni_cbc_sha1_enc (const void *inp, void *out, size_t blocks, - const AES_KEY *key, unsigned char iv[16], SHA_CTX *ctx, const void *in0); - -#define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data) - -static int -aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *inkey, - const unsigned char *iv, int enc) -{ - EVP_AES_HMAC_SHA1 *key = data(ctx); - int ret; - - if (enc) - ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks); - else - ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks); - - SHA1_Init(&key->head); /* handy when benchmarking */ - key->tail = key->head; - key->md = key->head; - - key->payload_length = NO_PAYLOAD_LENGTH; - - return ret < 0 ? 0 : 1; -} - -#define STITCHED_CALL - -#if !defined(STITCHED_CALL) -#define aes_off 0 -#endif - -void sha1_block_data_order (void *c, const void *p, size_t len); - -static void -sha1_update(SHA_CTX *c, const void *data, size_t len) -{ - const unsigned char *ptr = data; - size_t res; - - if ((res = c->num)) { - res = SHA_CBLOCK - res; - if (len < res) - res = len; - SHA1_Update(c, ptr, res); - ptr += res; - len -= res; - } - - res = len % SHA_CBLOCK; - len -= res; - - if (len) { - sha1_block_data_order(c, ptr, len / SHA_CBLOCK); - - ptr += len; - c->Nh += len >> 29; - c->Nl += len <<= 3; - if (c->Nl < (unsigned int)len) - c->Nh++; - } - - if (res) - SHA1_Update(c, ptr, res); -} - -#ifdef SHA1_Update -#undef SHA1_Update -#endif -#define SHA1_Update sha1_update - -static int -aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_HMAC_SHA1 *key = data(ctx); - unsigned int l; - size_t plen = key->payload_length, - iv = 0, /* explicit IV in TLS 1.1 and later */ - sha_off = 0; -#if defined(STITCHED_CALL) - size_t aes_off = 0, blocks; - - sha_off = SHA_CBLOCK - key->md.num; -#endif - - key->payload_length = NO_PAYLOAD_LENGTH; - - if (len % AES_BLOCK_SIZE) - return 0; - - if (ctx->encrypt) { - if (plen == NO_PAYLOAD_LENGTH) - plen = len; - else if (len != ((plen + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE) & - -AES_BLOCK_SIZE)) - return 0; - else if (key->aux.tls_ver >= TLS1_1_VERSION) - iv = AES_BLOCK_SIZE; - -#if defined(STITCHED_CALL) - if (plen > (sha_off + iv) && - (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) { - SHA1_Update(&key->md, in + iv, sha_off); - - aesni_cbc_sha1_enc(in, out, blocks, &key->ks, - ctx->iv, &key->md, in + iv + sha_off); - blocks *= SHA_CBLOCK; - aes_off += blocks; - sha_off += blocks; - key->md.Nh += blocks >> 29; - key->md.Nl += blocks <<= 3; - if (key->md.Nl < (unsigned int)blocks) - key->md.Nh++; - } else { - sha_off = 0; - } -#endif - sha_off += iv; - SHA1_Update(&key->md, in + sha_off, plen - sha_off); - - if (plen != len) { /* "TLS" mode of operation */ - if (in != out) - memcpy(out + aes_off, in + aes_off, - plen - aes_off); - - /* calculate HMAC and append it to payload */ - SHA1_Final(out + plen, &key->md); - key->md = key->tail; - SHA1_Update(&key->md, out + plen, SHA_DIGEST_LENGTH); - SHA1_Final(out + plen, &key->md); - - /* pad the payload|hmac */ - plen += SHA_DIGEST_LENGTH; - for (l = len - plen - 1; plen < len; plen++) - out[plen] = l; - - /* encrypt HMAC|padding at once */ - aesni_cbc_encrypt(out + aes_off, out + aes_off, - len - aes_off, &key->ks, ctx->iv, 1); - } else { - aesni_cbc_encrypt(in + aes_off, out + aes_off, - len - aes_off, &key->ks, ctx->iv, 1); - } - } else { - union { - unsigned int u[SHA_DIGEST_LENGTH/sizeof(unsigned int)]; - unsigned char c[32 + SHA_DIGEST_LENGTH]; - } mac, *pmac; - - /* arrange cache line alignment */ - pmac = (void *)(((size_t)mac.c + 31) & ((size_t)0 - 32)); - - /* decrypt HMAC|padding at once */ - aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0); - - if (plen) { /* "TLS" mode of operation */ - size_t inp_len, mask, j, i; - unsigned int res, maxpad, pad, bitlen; - int ret = 1; - union { - unsigned int u[SHA_LBLOCK]; - unsigned char c[SHA_CBLOCK]; - } - *data = (void *)key->md.data; - - if ((key->aux.tls_aad[plen - 4] << 8 | - key->aux.tls_aad[plen - 3]) >= TLS1_1_VERSION) - iv = AES_BLOCK_SIZE; - - if (len < (iv + SHA_DIGEST_LENGTH + 1)) - return 0; - - /* omit explicit iv */ - out += iv; - len -= iv; - - /* figure out payload length */ - pad = out[len - 1]; - maxpad = len - (SHA_DIGEST_LENGTH + 1); - maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); - maxpad &= 255; - - inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); - mask = (0 - ((inp_len - len) >> - (sizeof(inp_len) * 8 - 1))); - inp_len &= mask; - ret &= (int)mask; - - key->aux.tls_aad[plen - 2] = inp_len >> 8; - key->aux.tls_aad[plen - 1] = inp_len; - - /* calculate HMAC */ - key->md = key->head; - SHA1_Update(&key->md, key->aux.tls_aad, plen); - -#if 1 - len -= SHA_DIGEST_LENGTH; /* amend mac */ - if (len >= (256 + SHA_CBLOCK)) { - j = (len - (256 + SHA_CBLOCK)) & - (0 - SHA_CBLOCK); - j += SHA_CBLOCK - key->md.num; - SHA1_Update(&key->md, out, j); - out += j; - len -= j; - inp_len -= j; - } - - /* but pretend as if we hashed padded payload */ - bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */ -#ifdef BSWAP - bitlen = BSWAP(bitlen); -#else - mac.c[0] = 0; - mac.c[1] = (unsigned char)(bitlen >> 16); - mac.c[2] = (unsigned char)(bitlen >> 8); - mac.c[3] = (unsigned char)bitlen; - bitlen = mac.u[0]; -#endif - - pmac->u[0] = 0; - pmac->u[1] = 0; - pmac->u[2] = 0; - pmac->u[3] = 0; - pmac->u[4] = 0; - - for (res = key->md.num, j = 0; j < len; j++) { - size_t c = out[j]; - mask = (j - inp_len) >> (sizeof(j) * 8 - 8); - c &= mask; - c |= 0x80 & ~mask & - ~((inp_len - j) >> (sizeof(j) * 8 - 8)); - data->c[res++] = (unsigned char)c; - - if (res != SHA_CBLOCK) - continue; - - /* j is not incremented yet */ - mask = 0 - ((inp_len + 7 - j) >> - (sizeof(j) * 8 - 1)); - data->u[SHA_LBLOCK - 1] |= bitlen&mask; - sha1_block_data_order(&key->md, data, 1); - mask &= 0 - ((j - inp_len - 72) >> - (sizeof(j) * 8 - 1)); - pmac->u[0] |= key->md.h0 & mask; - pmac->u[1] |= key->md.h1 & mask; - pmac->u[2] |= key->md.h2 & mask; - pmac->u[3] |= key->md.h3 & mask; - pmac->u[4] |= key->md.h4 & mask; - res = 0; - } - - for (i = res; i < SHA_CBLOCK; i++, j++) - data->c[i] = 0; - - if (res > SHA_CBLOCK - 8) { - mask = 0 - ((inp_len + 8 - j) >> - (sizeof(j) * 8 - 1)); - data->u[SHA_LBLOCK - 1] |= bitlen & mask; - sha1_block_data_order(&key->md, data, 1); - mask &= 0 - ((j - inp_len - 73) >> - (sizeof(j) * 8 - 1)); - pmac->u[0] |= key->md.h0 & mask; - pmac->u[1] |= key->md.h1 & mask; - pmac->u[2] |= key->md.h2 & mask; - pmac->u[3] |= key->md.h3 & mask; - pmac->u[4] |= key->md.h4 & mask; - - memset(data, 0, SHA_CBLOCK); - j += 64; - } - data->u[SHA_LBLOCK - 1] = bitlen; - sha1_block_data_order(&key->md, data, 1); - mask = 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1)); - pmac->u[0] |= key->md.h0 & mask; - pmac->u[1] |= key->md.h1 & mask; - pmac->u[2] |= key->md.h2 & mask; - pmac->u[3] |= key->md.h3 & mask; - pmac->u[4] |= key->md.h4 & mask; - -#ifdef BSWAP - pmac->u[0] = BSWAP(pmac->u[0]); - pmac->u[1] = BSWAP(pmac->u[1]); - pmac->u[2] = BSWAP(pmac->u[2]); - pmac->u[3] = BSWAP(pmac->u[3]); - pmac->u[4] = BSWAP(pmac->u[4]); -#else - for (i = 0; i < 5; i++) { - res = pmac->u[i]; - pmac->c[4 * i + 0] = (unsigned char)(res >> 24); - pmac->c[4 * i + 1] = (unsigned char)(res >> 16); - pmac->c[4 * i + 2] = (unsigned char)(res >> 8); - pmac->c[4 * i + 3] = (unsigned char)res; - } -#endif - len += SHA_DIGEST_LENGTH; -#else - SHA1_Update(&key->md, out, inp_len); - res = key->md.num; - SHA1_Final(pmac->c, &key->md); - - { - unsigned int inp_blocks, pad_blocks; - - /* but pretend as if we hashed padded payload */ - inp_blocks = 1 + ((SHA_CBLOCK - 9 - res) >> - (sizeof(res) * 8 - 1)); - res += (unsigned int)(len - inp_len); - pad_blocks = res / SHA_CBLOCK; - res %= SHA_CBLOCK; - pad_blocks += 1 + ((SHA_CBLOCK - 9 - res) >> - (sizeof(res) * 8 - 1)); - for (; inp_blocks < pad_blocks; inp_blocks++) - sha1_block_data_order(&key->md, - data, 1); - } -#endif - key->md = key->tail; - SHA1_Update(&key->md, pmac->c, SHA_DIGEST_LENGTH); - SHA1_Final(pmac->c, &key->md); - - /* verify HMAC */ - out += inp_len; - len -= inp_len; -#if 1 - { - unsigned char *p = - out + len - 1 - maxpad - SHA_DIGEST_LENGTH; - size_t off = out - p; - unsigned int c, cmask; - - maxpad += SHA_DIGEST_LENGTH; - for (res = 0, i = 0, j = 0; j < maxpad; j++) { - c = p[j]; - cmask = ((int)(j - off - - SHA_DIGEST_LENGTH)) >> - (sizeof(int) * 8 - 1); - res |= (c ^ pad) & ~cmask; /* ... and padding */ - cmask &= ((int)(off - 1 - j)) >> - (sizeof(int) * 8 - 1); - res |= (c ^ pmac->c[i]) & cmask; - i += 1 & cmask; - } - maxpad -= SHA_DIGEST_LENGTH; - - res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); - ret &= (int)~res; - } -#else - for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++) - res |= out[i] ^ pmac->c[i]; - res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); - ret &= (int)~res; - - /* verify padding */ - pad = (pad & ~res) | (maxpad & res); - out = out + len - 1 - pad; - for (res = 0, i = 0; i < pad; i++) - res |= out[i] ^ pad; - - res = (0 - res) >> (sizeof(res) * 8 - 1); - ret &= (int)~res; -#endif - return ret; - } else { - SHA1_Update(&key->md, out, len); - } - } - - return 1; -} - -static int -aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) -{ - EVP_AES_HMAC_SHA1 *key = data(ctx); - - switch (type) { - case EVP_CTRL_AEAD_SET_MAC_KEY: - { - unsigned int i; - unsigned char hmac_key[64]; - - memset(hmac_key, 0, sizeof(hmac_key)); - - if (arg > (int)sizeof(hmac_key)) { - SHA1_Init(&key->head); - SHA1_Update(&key->head, ptr, arg); - SHA1_Final(hmac_key, &key->head); - } else { - memcpy(hmac_key, ptr, arg); - } - - for (i = 0; i < sizeof(hmac_key); i++) - hmac_key[i] ^= 0x36; /* ipad */ - SHA1_Init(&key->head); - SHA1_Update(&key->head, hmac_key, sizeof(hmac_key)); - - for (i = 0; i < sizeof(hmac_key); i++) - hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */ - SHA1_Init(&key->tail); - SHA1_Update(&key->tail, hmac_key, sizeof(hmac_key)); - - OPENSSL_cleanse(hmac_key, sizeof(hmac_key)); - - return 1; - } - case EVP_CTRL_AEAD_TLS1_AAD: - { - unsigned char *p = ptr; - unsigned int len = p[arg - 2] << 8 | p[arg - 1]; - - if (ctx->encrypt) { - key->payload_length = len; - if ((key->aux.tls_ver = p[arg - 4] << 8 | - p[arg - 3]) >= TLS1_1_VERSION) { - len -= AES_BLOCK_SIZE; - p[arg - 2] = len >> 8; - p[arg - 1] = len; - } - key->md = key->head; - SHA1_Update(&key->md, p, arg); - - return (int)(((len + SHA_DIGEST_LENGTH + - AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) - len); - } else { - if (arg > 13) - arg = 13; - memcpy(key->aux.tls_aad, ptr, arg); - key->payload_length = arg; - - return SHA_DIGEST_LENGTH; - } - } - default: - return -1; - } -} - -static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = { -#ifdef NID_aes_128_cbc_hmac_sha1 - .nid = NID_aes_128_cbc_hmac_sha1, -#else - .nid = NID_undef, -#endif - .block_size = 16, - .key_len = 16, - .iv_len = 16, - .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | - EVP_CIPH_FLAG_AEAD_CIPHER, - .init = aesni_cbc_hmac_sha1_init_key, - .do_cipher = aesni_cbc_hmac_sha1_cipher, - .ctx_size = sizeof(EVP_AES_HMAC_SHA1), - .ctrl = aesni_cbc_hmac_sha1_ctrl -}; - -static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = { -#ifdef NID_aes_256_cbc_hmac_sha1 - .nid = NID_aes_256_cbc_hmac_sha1, -#else - .nid = NID_undef, -#endif - .block_size = 16, - .key_len = 32, - .iv_len = 16, - .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | - EVP_CIPH_FLAG_AEAD_CIPHER, - .init = aesni_cbc_hmac_sha1_init_key, - .do_cipher = aesni_cbc_hmac_sha1_cipher, - .ctx_size = sizeof(EVP_AES_HMAC_SHA1), - .ctrl = aesni_cbc_hmac_sha1_ctrl -}; - -const EVP_CIPHER * -EVP_aes_128_cbc_hmac_sha1(void) -{ - return OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ? - &aesni_128_cbc_hmac_sha1_cipher : NULL; -} - -const EVP_CIPHER * -EVP_aes_256_cbc_hmac_sha1(void) -{ - return OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ? - &aesni_256_cbc_hmac_sha1_cipher : NULL; -} -#else -const EVP_CIPHER * -EVP_aes_128_cbc_hmac_sha1(void) -{ - return NULL; -} - -const EVP_CIPHER * -EVP_aes_256_cbc_hmac_sha1(void) -{ - return NULL; -} -#endif -#endif diff --git a/src/lib/libcrypto/evp/e_bf.c b/src/lib/libcrypto/evp/e_bf.c deleted file mode 100644 index 615c9bd771..0000000000 --- a/src/lib/libcrypto/evp/e_bf.c +++ /dev/null @@ -1,91 +0,0 @@ -/* $OpenBSD: e_bf.c,v 1.8 2014/07/11 08:44:48 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#ifndef OPENSSL_NO_BF - -#include -#include -#include - -#include "evp_locl.h" - -static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - -typedef struct { - BF_KEY ks; -} EVP_BF_KEY; - -#define data(ctx) EVP_C_DATA(EVP_BF_KEY,ctx) - -IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64, - EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) - -static int -bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - BF_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key); - return 1; -} -#endif diff --git a/src/lib/libcrypto/evp/e_camellia.c b/src/lib/libcrypto/evp/e_camellia.c deleted file mode 100644 index e3424cfe94..0000000000 --- a/src/lib/libcrypto/evp/e_camellia.c +++ /dev/null @@ -1,124 +0,0 @@ -/* $OpenBSD: e_camellia.c,v 1.7 2015/02/10 09:50:12 miod Exp $ */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include - -#include - -#ifndef OPENSSL_NO_CAMELLIA -#include -#include -#include -#include "evp_locl.h" - -static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - -/* Camellia subkey Structure */ -typedef struct { - CAMELLIA_KEY ks; -} EVP_CAMELLIA_KEY; - -/* Attribute operation for Camellia */ -#define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY,ctx) - -IMPLEMENT_BLOCK_CIPHER(camellia_128, ks, Camellia, EVP_CAMELLIA_KEY, - NID_camellia_128, 16, 16, 16, 128, - 0, camellia_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) -IMPLEMENT_BLOCK_CIPHER(camellia_192, ks, Camellia, EVP_CAMELLIA_KEY, - NID_camellia_192, 16, 24, 16, 128, - 0, camellia_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) -IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY, - NID_camellia_256, 16, 32, 16, 128, - 0, camellia_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) - -#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16) - -IMPLEMENT_CAMELLIA_CFBR(128, 1) -IMPLEMENT_CAMELLIA_CFBR(192, 1) -IMPLEMENT_CAMELLIA_CFBR(256, 1) - -IMPLEMENT_CAMELLIA_CFBR(128, 8) -IMPLEMENT_CAMELLIA_CFBR(192, 8) -IMPLEMENT_CAMELLIA_CFBR(256, 8) - - -/* The subkey for Camellia is generated. */ -static int -camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - int ret; - - ret = Camellia_set_key(key, ctx->key_len * 8, ctx->cipher_data); - - if (ret < 0) { - EVPerr(EVP_F_CAMELLIA_INIT_KEY, - EVP_R_CAMELLIA_KEY_SETUP_FAILED); - return 0; - } - - return 1; -} -#endif diff --git a/src/lib/libcrypto/evp/e_cast.c b/src/lib/libcrypto/evp/e_cast.c deleted file mode 100644 index 707daa9656..0000000000 --- a/src/lib/libcrypto/evp/e_cast.c +++ /dev/null @@ -1,92 +0,0 @@ -/* $OpenBSD: e_cast.c,v 1.7 2014/07/11 08:44:48 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#ifndef OPENSSL_NO_CAST - -#include -#include -#include - -#include "evp_locl.h" - -static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - -typedef struct { - CAST_KEY ks; -} EVP_CAST_KEY; - -#define data(ctx) EVP_C_DATA(EVP_CAST_KEY,ctx) - -IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, - NID_cast5, 8, CAST_KEY_LENGTH, 8, 64, - EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) - -static int -cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - CAST_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key); - return 1; -} -#endif diff --git a/src/lib/libcrypto/evp/e_chacha.c b/src/lib/libcrypto/evp/e_chacha.c deleted file mode 100644 index b63f586bba..0000000000 --- a/src/lib/libcrypto/evp/e_chacha.c +++ /dev/null @@ -1,69 +0,0 @@ -/* $OpenBSD: e_chacha.c,v 1.5 2014/08/04 04:16:11 miod Exp $ */ -/* - * Copyright (c) 2014 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#ifndef OPENSSL_NO_CHACHA - -#include -#include -#include - -#include "evp_locl.h" - -static int chacha_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); -static int chacha_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - -static const EVP_CIPHER chacha20_cipher = { - .nid = NID_chacha20, - .block_size = 1, - .key_len = 32, - .iv_len = 8, - .flags = EVP_CIPH_STREAM_CIPHER, - .init = chacha_init, - .do_cipher = chacha_cipher, - .ctx_size = sizeof(ChaCha_ctx) -}; - -const EVP_CIPHER * -EVP_chacha20(void) -{ - return (&chacha20_cipher); -} - -static int -chacha_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - ChaCha_set_key((ChaCha_ctx *)ctx->cipher_data, key, - EVP_CIPHER_CTX_key_length(ctx) * 8); - if (iv != NULL) - ChaCha_set_iv((ChaCha_ctx *)ctx->cipher_data, iv, NULL); - return 1; -} - -static int -chacha_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, - size_t len) -{ - ChaCha((ChaCha_ctx *)ctx->cipher_data, out, in, len); - return 1; -} - -#endif diff --git a/src/lib/libcrypto/evp/e_chacha20poly1305.c b/src/lib/libcrypto/evp/e_chacha20poly1305.c deleted file mode 100644 index c003b0ba7f..0000000000 --- a/src/lib/libcrypto/evp/e_chacha20poly1305.c +++ /dev/null @@ -1,231 +0,0 @@ -/* $OpenBSD: e_chacha20poly1305.c,v 1.9 2015/06/20 12:01:14 jsing Exp $ */ -/* - * Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include - -#include - -#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) - -#include -#include -#include -#include - -#include "evp_locl.h" - -#define POLY1305_TAG_LEN 16 -#define CHACHA20_NONCE_LEN 8 - -struct aead_chacha20_poly1305_ctx { - unsigned char key[32]; - unsigned char tag_len; -}; - -static int -aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const unsigned char *key, - size_t key_len, size_t tag_len) -{ - struct aead_chacha20_poly1305_ctx *c20_ctx; - - if (tag_len == 0) - tag_len = POLY1305_TAG_LEN; - - if (tag_len > POLY1305_TAG_LEN) { - EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_INIT, EVP_R_TOO_LARGE); - return 0; - } - - /* Internal error - EVP_AEAD_CTX_init should catch this. */ - if (key_len != sizeof(c20_ctx->key)) - return 0; - - c20_ctx = malloc(sizeof(struct aead_chacha20_poly1305_ctx)); - if (c20_ctx == NULL) - return 0; - - memcpy(&c20_ctx->key[0], key, key_len); - c20_ctx->tag_len = tag_len; - ctx->aead_state = c20_ctx; - - return 1; -} - -static void -aead_chacha20_poly1305_cleanup(EVP_AEAD_CTX *ctx) -{ - struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state; - - OPENSSL_cleanse(c20_ctx->key, sizeof(c20_ctx->key)); - free(c20_ctx); -} - -static void -poly1305_update_with_length(poly1305_state *poly1305, - const unsigned char *data, size_t data_len) -{ - size_t j = data_len; - unsigned char length_bytes[8]; - unsigned i; - - for (i = 0; i < sizeof(length_bytes); i++) { - length_bytes[i] = j; - j >>= 8; - } - - CRYPTO_poly1305_update(poly1305, data, data_len); - CRYPTO_poly1305_update(poly1305, length_bytes, sizeof(length_bytes)); -} - -static int -aead_chacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, - size_t *out_len, size_t max_out_len, const unsigned char *nonce, - size_t nonce_len, const unsigned char *in, size_t in_len, - const unsigned char *ad, size_t ad_len) -{ - const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state; - unsigned char poly1305_key[32]; - poly1305_state poly1305; - const uint64_t in_len_64 = in_len; - - /* The underlying ChaCha implementation may not overflow the block - * counter into the second counter word. Therefore we disallow - * individual operations that work on more than 2TB at a time. - * in_len_64 is needed because, on 32-bit platforms, size_t is only - * 32-bits and this produces a warning because it's always false. - * Casting to uint64_t inside the conditional is not sufficient to stop - * the warning. */ - if (in_len_64 >= (1ULL << 32) * 64 - 64) { - EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_SEAL, EVP_R_TOO_LARGE); - return 0; - } - - if (max_out_len < in_len + c20_ctx->tag_len) { - EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_SEAL, - EVP_R_BUFFER_TOO_SMALL); - return 0; - } - - if (nonce_len != CHACHA20_NONCE_LEN) { - EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_SEAL, EVP_R_IV_TOO_LARGE); - return 0; - } - - memset(poly1305_key, 0, sizeof(poly1305_key)); - CRYPTO_chacha_20(poly1305_key, poly1305_key, sizeof(poly1305_key), - c20_ctx->key, nonce, 0); - - CRYPTO_poly1305_init(&poly1305, poly1305_key); - poly1305_update_with_length(&poly1305, ad, ad_len); - CRYPTO_chacha_20(out, in, in_len, c20_ctx->key, nonce, 1); - poly1305_update_with_length(&poly1305, out, in_len); - - if (c20_ctx->tag_len != POLY1305_TAG_LEN) { - unsigned char tag[POLY1305_TAG_LEN]; - CRYPTO_poly1305_finish(&poly1305, tag); - memcpy(out + in_len, tag, c20_ctx->tag_len); - *out_len = in_len + c20_ctx->tag_len; - return 1; - } - - CRYPTO_poly1305_finish(&poly1305, out + in_len); - *out_len = in_len + POLY1305_TAG_LEN; - return 1; -} - -static int -aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out, - size_t *out_len, size_t max_out_len, const unsigned char *nonce, - size_t nonce_len, const unsigned char *in, size_t in_len, - const unsigned char *ad, size_t ad_len) -{ - const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state; - unsigned char mac[POLY1305_TAG_LEN]; - unsigned char poly1305_key[32]; - poly1305_state poly1305; - const uint64_t in_len_64 = in_len; - size_t plaintext_len; - - if (in_len < c20_ctx->tag_len) { - EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT); - return 0; - } - - /* The underlying ChaCha implementation may not overflow the block - * counter into the second counter word. Therefore we disallow - * individual operations that work on more than 2TB at a time. - * in_len_64 is needed because, on 32-bit platforms, size_t is only - * 32-bits and this produces a warning because it's always false. - * Casting to uint64_t inside the conditional is not sufficient to stop - * the warning. */ - if (in_len_64 >= (1ULL << 32) * 64 - 64) { - EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_TOO_LARGE); - return 0; - } - - if (nonce_len != CHACHA20_NONCE_LEN) { - EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_IV_TOO_LARGE); - return 0; - } - - plaintext_len = in_len - c20_ctx->tag_len; - - if (max_out_len < plaintext_len) { - EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, - EVP_R_BUFFER_TOO_SMALL); - return 0; - } - - memset(poly1305_key, 0, sizeof(poly1305_key)); - CRYPTO_chacha_20(poly1305_key, poly1305_key, sizeof(poly1305_key), - c20_ctx->key, nonce, 0); - - CRYPTO_poly1305_init(&poly1305, poly1305_key); - poly1305_update_with_length(&poly1305, ad, ad_len); - poly1305_update_with_length(&poly1305, in, plaintext_len); - CRYPTO_poly1305_finish(&poly1305, mac); - - if (timingsafe_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) { - EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT); - return 0; - } - - CRYPTO_chacha_20(out, in, plaintext_len, c20_ctx->key, nonce, 1); - *out_len = plaintext_len; - return 1; -} - -static const EVP_AEAD aead_chacha20_poly1305 = { - .key_len = 32, - .nonce_len = CHACHA20_NONCE_LEN, - .overhead = POLY1305_TAG_LEN, - .max_tag_len = POLY1305_TAG_LEN, - - .init = aead_chacha20_poly1305_init, - .cleanup = aead_chacha20_poly1305_cleanup, - .seal = aead_chacha20_poly1305_seal, - .open = aead_chacha20_poly1305_open, -}; - -const EVP_AEAD * -EVP_aead_chacha20_poly1305() -{ - return &aead_chacha20_poly1305; -} - -#endif /* !OPENSSL_NO_CHACHA && !OPENSSL_NO_POLY1305 */ diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c deleted file mode 100644 index aac6ddf318..0000000000 --- a/src/lib/libcrypto/evp/e_des.c +++ /dev/null @@ -1,231 +0,0 @@ -/* $OpenBSD: e_des.c,v 1.13 2014/10/18 17:20:40 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#ifndef OPENSSL_NO_DES - -#include -#include -#include - -#include "evp_locl.h" - -static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); - -/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */ - -static int -des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - BLOCK_CIPHER_ecb_loop() - DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), - ctx->cipher_data, ctx->encrypt); - return 1; -} - -static int -des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - while (inl >= EVP_MAXCHUNK) { - DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, - (DES_cblock *)ctx->iv, &ctx->num); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - if (inl) - DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, - (DES_cblock *)ctx->iv, &ctx->num); - return 1; -} - -static int -des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - while (inl >= EVP_MAXCHUNK) { - DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, - (DES_cblock *)ctx->iv, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - if (inl) - DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data, - (DES_cblock *)ctx->iv, ctx->encrypt); - return 1; -} - -static int -des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - while (inl >= EVP_MAXCHUNK) { - DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, - (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - if (inl) - DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, - (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); - return 1; -} - -/* Although we have a CFB-r implementation for DES, it doesn't pack the right - way, so wrap it here */ -static int -des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - size_t n, chunk = EVP_MAXCHUNK/8; - unsigned char c[1], d[1]; - - if (inl < chunk) - chunk = inl; - - while (inl && inl >= chunk) { - for (n = 0; n < chunk*8; ++n) { - c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; - DES_cfb_encrypt(c, d, 1, 1, ctx->cipher_data, - (DES_cblock *)ctx->iv, ctx->encrypt); - out[n / 8] = (out[n / 8] & - ~(0x80 >> (unsigned int)(n % 8))) | - ((d[0] & 0x80) >> (unsigned int)(n % 8)); - } - inl -= chunk; - in += chunk; - out += chunk; - if (inl < chunk) - chunk = inl; - } - - return 1; -} - -static int -des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - while (inl >= EVP_MAXCHUNK) { - DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, - ctx->cipher_data, (DES_cblock *)ctx->iv, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - if (inl) - DES_cfb_encrypt(in, out, 8, (long)inl, ctx->cipher_data, - (DES_cblock *)ctx->iv, ctx->encrypt); - return 1; -} - -BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, - EVP_CIPH_RAND_KEY, des_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - des_ctrl) - -BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 1, - EVP_CIPH_RAND_KEY, des_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, des_ctrl) - -BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 8, - EVP_CIPH_RAND_KEY, des_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, des_ctrl) - -static int -des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - DES_cblock *deskey = (DES_cblock *)key; - -#ifdef EVP_CHECK_DES_KEY - if (DES_set_key_checked(deskey, ctx->cipher_data) != 0) - return 0; -#else - DES_set_key_unchecked(deskey, ctx->cipher_data); -#endif - return 1; -} - -static int -des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -{ - switch (type) { - case EVP_CTRL_RAND_KEY: - if (DES_random_key((DES_cblock *)ptr) == 0) - return 0; - return 1; - - default: - return -1; - } -} - -#endif diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c deleted file mode 100644 index d0793b6436..0000000000 --- a/src/lib/libcrypto/evp/e_des3.c +++ /dev/null @@ -1,297 +0,0 @@ -/* $OpenBSD: e_des3.c,v 1.18 2014/10/18 17:20:40 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include - -#include - -#ifndef OPENSSL_NO_DES - -#include -#include -#include - -#include "evp_locl.h" - -static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - -static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - -static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); - -typedef struct { - DES_key_schedule ks1;/* key schedule */ - DES_key_schedule ks2;/* key schedule (for ede) */ - DES_key_schedule ks3;/* key schedule (for ede3) */ -} DES_EDE_KEY; - -#define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data) - -/* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */ - -static int -des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - BLOCK_CIPHER_ecb_loop() - DES_ecb3_encrypt((const_DES_cblock *)(in + i), (DES_cblock *)(out + i), - &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ctx->encrypt); - return 1; -} - -static int -des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - while (inl >= EVP_MAXCHUNK) { - DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, - &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, - (DES_cblock *)ctx->iv, &ctx->num); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - if (inl) - DES_ede3_ofb64_encrypt(in, out, (long)inl, - &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, - (DES_cblock *)ctx->iv, &ctx->num); - - return 1; -} - -static int -des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - while (inl >= EVP_MAXCHUNK) { - DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, - &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, - (DES_cblock *)ctx->iv, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - if (inl) - DES_ede3_cbc_encrypt(in, out, (long)inl, - &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, - (DES_cblock *)ctx->iv, ctx->encrypt); - return 1; -} - -static int -des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - while (inl >= EVP_MAXCHUNK) { - DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, - &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, - (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - if (inl) - DES_ede3_cfb64_encrypt(in, out, (long)inl, - &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, - (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); - return 1; -} - -/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right - way, so wrap it here */ -static int -des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - size_t n; - unsigned char c[1], d[1]; - - for (n = 0; n < inl; ++n) { - c[0] = (in[n/8]&(1 << (7 - n % 8))) ? 0x80 : 0; - DES_ede3_cfb_encrypt(c, d, 1, 1, - &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, - (DES_cblock *)ctx->iv, ctx->encrypt); - out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) | - ((d[0] & 0x80) >> (unsigned int)(n % 8)); - } - - return 1; -} - -static int -des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - while (inl >= EVP_MAXCHUNK) { - DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, - &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, - (DES_cblock *)ctx->iv, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - if (inl) - DES_ede3_cfb_encrypt(in, out, 8, (long)inl, - &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, - (DES_cblock *)ctx->iv, ctx->encrypt); - return 1; -} - -BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, - EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - des3_ctrl) - -#define des_ede3_cfb64_cipher des_ede_cfb64_cipher -#define des_ede3_ofb_cipher des_ede_ofb_cipher -#define des_ede3_cbc_cipher des_ede_cbc_cipher -#define des_ede3_ecb_cipher des_ede_ecb_cipher - -BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, - EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - des3_ctrl) - -BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1, - EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - des3_ctrl) - -BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8, - EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - des3_ctrl) - -static int -des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - DES_cblock *deskey = (DES_cblock *)key; - -#ifdef EVP_CHECK_DES_KEY - if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1) - !! DES_set_key_checked(&deskey[1], &data(ctx)->ks2)) - return 0; -#else - DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1); - DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2); -#endif - memcpy(&data(ctx)->ks3, &data(ctx)->ks1, - sizeof(data(ctx)->ks1)); - return 1; -} - -static int -des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - DES_cblock *deskey = (DES_cblock *)key; - - -#ifdef EVP_CHECK_DES_KEY - if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1) || - DES_set_key_checked(&deskey[1], &data(ctx)->ks2) || - DES_set_key_checked(&deskey[2], &data(ctx)->ks3)) - return 0; -#else - DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1); - DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2); - DES_set_key_unchecked(&deskey[2], &data(ctx)->ks3); -#endif - return 1; -} - -static int -des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -{ - DES_cblock *deskey = ptr; - - switch (type) { - case EVP_CTRL_RAND_KEY: - if (DES_random_key(deskey) == 0) - return 0; - if (c->key_len >= 16 && DES_random_key(deskey + 1) == 0) - return 0; - if (c->key_len >= 24 && DES_random_key(deskey + 2) == 0) - return 0; - return 1; - - default: - return -1; - } -} - -const EVP_CIPHER * -EVP_des_ede(void) -{ - return &des_ede_ecb; -} - -const EVP_CIPHER * -EVP_des_ede3(void) -{ - return &des_ede3_ecb; -} -#endif diff --git a/src/lib/libcrypto/evp/e_gost2814789.c b/src/lib/libcrypto/evp/e_gost2814789.c deleted file mode 100644 index e2235a64b5..0000000000 --- a/src/lib/libcrypto/evp/e_gost2814789.c +++ /dev/null @@ -1,229 +0,0 @@ -/* $OpenBSD: e_gost2814789.c,v 1.3 2014/11/18 05:30:07 miod Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include -#include -#include "evp_locl.h" - -typedef struct { - GOST2814789_KEY ks; - int param_nid; -} EVP_GOST2814789_CTX; - -static int -gost2814789_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) -{ - EVP_GOST2814789_CTX *c = ctx->cipher_data; - - switch (type) { - case EVP_CTRL_PBE_PRF_NID: - if (ptr != NULL) { - *((int *)ptr) = NID_id_HMACGostR3411_94; - return 1; - } else { - return 0; - } - case EVP_CTRL_INIT: - /* Default value to have any s-box set at all */ - c->param_nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet; - return Gost2814789_set_sbox(&c->ks, c->param_nid); - case EVP_CTRL_GOST_SET_SBOX: - return Gost2814789_set_sbox(&c->ks, arg); - default: - return -1; - } -} - -static int -gost2814789_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_GOST2814789_CTX *c = ctx->cipher_data; - - return Gost2814789_set_key(&c->ks, key, ctx->key_len * 8); -} - -int -gost2814789_set_asn1_params(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) -{ - int len = 0; - unsigned char *buf = NULL; - unsigned char *p = NULL; - EVP_GOST2814789_CTX *c = ctx->cipher_data; - ASN1_OCTET_STRING *os = NULL; - GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new(); - - if (gcp == NULL) { - GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, - ERR_R_MALLOC_FAILURE); - return 0; - } - if (ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len) == 0) { - GOST_CIPHER_PARAMS_free(gcp); - GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_ASN1_LIB); - return 0; - } - ASN1_OBJECT_free(gcp->enc_param_set); - gcp->enc_param_set = OBJ_nid2obj(c->param_nid); - - len = i2d_GOST_CIPHER_PARAMS(gcp, NULL); - p = buf = malloc(len); - if (buf == NULL) { - GOST_CIPHER_PARAMS_free(gcp); - GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, - ERR_R_MALLOC_FAILURE); - return 0; - } - i2d_GOST_CIPHER_PARAMS(gcp, &p); - GOST_CIPHER_PARAMS_free(gcp); - - os = ASN1_OCTET_STRING_new(); - if (os == NULL) { - free(buf); - GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, - ERR_R_MALLOC_FAILURE); - return 0; - } - if (ASN1_OCTET_STRING_set(os, buf, len) == 0) { - ASN1_OCTET_STRING_free(os); - free(buf); - GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_ASN1_LIB); - return 0; - } - free(buf); - - ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os); - return 1; -} - -int -gost2814789_get_asn1_params(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) -{ - int ret = -1; - int len; - GOST_CIPHER_PARAMS *gcp = NULL; - EVP_GOST2814789_CTX *c = ctx->cipher_data; - unsigned char *p; - - if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE) - return ret; - - p = params->value.sequence->data; - - gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p, - params->value.sequence->length); - - len = gcp->iv->length; - if (len != ctx->cipher->iv_len) { - GOST_CIPHER_PARAMS_free(gcp); - GOSTerr(GOST_F_GOST89_GET_ASN1_PARAMETERS, - GOST_R_INVALID_IV_LENGTH); - return -1; - } - - if (!Gost2814789_set_sbox(&c->ks, OBJ_obj2nid(gcp->enc_param_set))) { - GOST_CIPHER_PARAMS_free(gcp); - return -1; - } - c->param_nid = OBJ_obj2nid(gcp->enc_param_set); - - memcpy(ctx->oiv, gcp->iv->data, len); - memcpy(ctx->iv, gcp->iv->data, len); - - GOST_CIPHER_PARAMS_free(gcp); - - return 1; -} - -BLOCK_CIPHER_func_ecb(gost2814789, Gost2814789, EVP_GOST2814789_CTX, ks) -BLOCK_CIPHER_func_cfb(gost2814789, Gost2814789, 64, EVP_GOST2814789_CTX, ks) - -static int -gost2814789_cnt_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - EVP_GOST2814789_CTX *c = ctx->cipher_data; - - while (inl >= EVP_MAXCHUNK) { - Gost2814789_cnt_encrypt(in, out, (long)EVP_MAXCHUNK, &c->ks, - ctx->iv, ctx->buf, &ctx->num); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - - if (inl) - Gost2814789_cnt_encrypt(in, out, inl, &c->ks, ctx->iv, ctx->buf, - &ctx->num); - return 1; -} - -/* gost89 is CFB-64 */ -#define NID_gost89_cfb64 NID_id_Gost28147_89 - -BLOCK_CIPHER_def_ecb(gost2814789, EVP_GOST2814789_CTX, NID_gost89, 8, 32, - EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT, - gost2814789_init_key, NULL, gost2814789_set_asn1_params, - gost2814789_get_asn1_params, gost2814789_ctl) -BLOCK_CIPHER_def_cfb(gost2814789, EVP_GOST2814789_CTX, NID_gost89, 32, 8, 64, - EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT, - gost2814789_init_key, NULL, gost2814789_set_asn1_params, - gost2814789_get_asn1_params, gost2814789_ctl) -BLOCK_CIPHER_def1(gost2814789, cnt, cnt, OFB, EVP_GOST2814789_CTX, NID_gost89, - 1, 32, 8, EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT, - gost2814789_init_key, NULL, gost2814789_set_asn1_params, - gost2814789_get_asn1_params, gost2814789_ctl) -#endif diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c deleted file mode 100644 index 3ba4dbcdb9..0000000000 --- a/src/lib/libcrypto/evp/e_idea.c +++ /dev/null @@ -1,124 +0,0 @@ -/* $OpenBSD: e_idea.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#ifndef OPENSSL_NO_IDEA - -#include -#include -#include - -#include "evp_locl.h" - -static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - -/* NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a special - * case - */ - -static int -idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - BLOCK_CIPHER_ecb_loop() - idea_ecb_encrypt(in + i, out + i, ctx->cipher_data); - return 1; -} - -/* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */ - -typedef struct { - IDEA_KEY_SCHEDULE ks; -} EVP_IDEA_KEY; - -BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks) -BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks) -BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks) - -BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, - 0, idea_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) - -static int -idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - if (!enc) { - if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) - enc = 1; - else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) - enc = 1; - } - if (enc) - idea_set_encrypt_key(key, ctx->cipher_data); - else { - IDEA_KEY_SCHEDULE tmp; - - idea_set_encrypt_key(key, &tmp); - idea_set_decrypt_key(&tmp, ctx->cipher_data); - OPENSSL_cleanse((unsigned char *)&tmp, - sizeof(IDEA_KEY_SCHEDULE)); - } - return 1; -} - -#endif diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c deleted file mode 100644 index 65374cc3f5..0000000000 --- a/src/lib/libcrypto/evp/e_null.c +++ /dev/null @@ -1,105 +0,0 @@ -/* $OpenBSD: e_null.c,v 1.14 2014/07/11 08:44:48 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include - -#include -#include - -static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); - -static const EVP_CIPHER n_cipher = { - NID_undef, - 1, 0, 0, - 0, - null_init_key, - null_cipher, - NULL, - 0, - NULL, - NULL, - NULL, - NULL -}; - -const EVP_CIPHER * -EVP_enc_null(void) -{ - return (&n_cipher); -} - -static int -null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - /* memset(&(ctx->c),0,sizeof(ctx->c));*/ - return 1; -} - -static int -null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - if (in != out) - memcpy((char *)out, (const char *)in, inl); - return 1; -} diff --git a/src/lib/libcrypto/evp/e_old.c b/src/lib/libcrypto/evp/e_old.c deleted file mode 100644 index 71166654b0..0000000000 --- a/src/lib/libcrypto/evp/e_old.c +++ /dev/null @@ -1,159 +0,0 @@ -/* $OpenBSD: e_old.c,v 1.8 2015/02/10 11:45:09 jsing Exp $ */ -/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL - * project 2004. - */ -/* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include - -#ifndef OPENSSL_NO_DEPRECATED - -#include - -/* Define some deprecated functions, so older programs - don't crash and burn too quickly. On Windows and VMS, - these will never be used, since functions and variables - in shared libraries are selected by entry point location, - not by name. */ - -#ifndef OPENSSL_NO_BF -#undef EVP_bf_cfb -const EVP_CIPHER *EVP_bf_cfb(void); -const EVP_CIPHER * -EVP_bf_cfb(void) -{ - return EVP_bf_cfb64(); -} -#endif - -#ifndef OPENSSL_NO_DES -#undef EVP_des_cfb -const EVP_CIPHER *EVP_des_cfb(void); -const EVP_CIPHER * -EVP_des_cfb(void) -{ - return EVP_des_cfb64(); -} -#undef EVP_des_ede3_cfb -const EVP_CIPHER *EVP_des_ede3_cfb(void); -const EVP_CIPHER * -EVP_des_ede3_cfb(void) -{ - return EVP_des_ede3_cfb64(); -} -#undef EVP_des_ede_cfb -const EVP_CIPHER *EVP_des_ede_cfb(void); -const EVP_CIPHER * -EVP_des_ede_cfb(void) -{ - return EVP_des_ede_cfb64(); -} -#endif - -#ifndef OPENSSL_NO_IDEA -#undef EVP_idea_cfb -const EVP_CIPHER *EVP_idea_cfb(void); -const EVP_CIPHER * -EVP_idea_cfb(void) -{ - return EVP_idea_cfb64(); -} -#endif - -#ifndef OPENSSL_NO_RC2 -#undef EVP_rc2_cfb -const EVP_CIPHER *EVP_rc2_cfb(void); -const EVP_CIPHER * -EVP_rc2_cfb(void) -{ - return EVP_rc2_cfb64(); -} -#endif - -#ifndef OPENSSL_NO_CAST -#undef EVP_cast5_cfb -const EVP_CIPHER *EVP_cast5_cfb(void); -const EVP_CIPHER * -EVP_cast5_cfb(void) -{ - return EVP_cast5_cfb64(); -} -#endif - -#ifndef OPENSSL_NO_AES -#undef EVP_aes_128_cfb -const EVP_CIPHER *EVP_aes_128_cfb(void); -const EVP_CIPHER * -EVP_aes_128_cfb(void) -{ - return EVP_aes_128_cfb128(); -} -#undef EVP_aes_192_cfb -const EVP_CIPHER *EVP_aes_192_cfb(void); -const EVP_CIPHER * -EVP_aes_192_cfb(void) -{ - return EVP_aes_192_cfb128(); -} -#undef EVP_aes_256_cfb -const EVP_CIPHER *EVP_aes_256_cfb(void); -const EVP_CIPHER * -EVP_aes_256_cfb(void) -{ - return EVP_aes_256_cfb128(); -} -#endif - -#endif diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c deleted file mode 100644 index 9052195ac2..0000000000 --- a/src/lib/libcrypto/evp/e_rc2.c +++ /dev/null @@ -1,254 +0,0 @@ -/* $OpenBSD: e_rc2.c,v 1.11 2015/02/10 09:52:35 miod Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#ifndef OPENSSL_NO_RC2 - -#include -#include -#include -#include - -#include "evp_locl.h" - -static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx); -static int rc2_magic_to_meth(int i); -static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); -static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); -static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); - -typedef struct { - int key_bits; /* effective key bits */ - RC2_KEY ks; /* key schedule */ -} EVP_RC2_KEY; - -#define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data) - -IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2, - 8, - RC2_KEY_LENGTH, 8, 64, - EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, - rc2_init_key, NULL, - rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, - rc2_ctrl) - -#define RC2_40_MAGIC 0xa0 -#define RC2_64_MAGIC 0x78 -#define RC2_128_MAGIC 0x3a - -static const EVP_CIPHER r2_64_cbc_cipher = { - NID_rc2_64_cbc, - 8, 8 /* 64 bit */, 8, - EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, - rc2_init_key, - rc2_cbc_cipher, - NULL, - sizeof(EVP_RC2_KEY), - rc2_set_asn1_type_and_iv, - rc2_get_asn1_type_and_iv, - rc2_ctrl, - NULL -}; - -static const EVP_CIPHER r2_40_cbc_cipher = { - NID_rc2_40_cbc, - 8, 5 /* 40 bit */, 8, - EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, - rc2_init_key, - rc2_cbc_cipher, - NULL, - sizeof(EVP_RC2_KEY), - rc2_set_asn1_type_and_iv, - rc2_get_asn1_type_and_iv, - rc2_ctrl, - NULL -}; - -const EVP_CIPHER * -EVP_rc2_64_cbc(void) -{ - return (&r2_64_cbc_cipher); -} - -const EVP_CIPHER * -EVP_rc2_40_cbc(void) -{ - return (&r2_40_cbc_cipher); -} - -static int -rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), - key, data(ctx)->key_bits); - return 1; -} - -static int -rc2_meth_to_magic(EVP_CIPHER_CTX *e) -{ - int i; - - EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i); - if (i == 128) - return (RC2_128_MAGIC); - else if (i == 64) - return (RC2_64_MAGIC); - else if (i == 40) - return (RC2_40_MAGIC); - else - return (0); -} - -static int -rc2_magic_to_meth(int i) -{ - if (i == RC2_128_MAGIC) - return 128; - else if (i == RC2_64_MAGIC) - return 64; - else if (i == RC2_40_MAGIC) - return 40; - else { - EVPerr(EVP_F_RC2_MAGIC_TO_METH, EVP_R_UNSUPPORTED_KEY_SIZE); - return (0); - } -} - -static int -rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -{ - long num = 0; - int i = 0; - int key_bits; - unsigned int l; - unsigned char iv[EVP_MAX_IV_LENGTH]; - - if (type != NULL) { - l = EVP_CIPHER_CTX_iv_length(c); - if (l > sizeof(iv)) { - EVPerr(EVP_F_RC2_GET_ASN1_TYPE_AND_IV, - EVP_R_IV_TOO_LARGE); - return -1; - } - i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l); - if (i != (int)l) - return (-1); - key_bits = rc2_magic_to_meth((int)num); - if (!key_bits) - return (-1); - if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1)) - return -1; - EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, - key_bits, NULL); - EVP_CIPHER_CTX_set_key_length(c, key_bits / 8); - } - return (i); -} - -static int -rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -{ - long num; - int i = 0, j; - - if (type != NULL) { - num = rc2_meth_to_magic(c); - j = EVP_CIPHER_CTX_iv_length(c); - i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j); - } - return (i); -} - -static int -rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -{ - switch (type) { - case EVP_CTRL_INIT: - data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8; - return 1; - - case EVP_CTRL_GET_RC2_KEY_BITS: - *(int *)ptr = data(c)->key_bits; - return 1; - - case EVP_CTRL_SET_RC2_KEY_BITS: - if (arg > 0) { - data(c)->key_bits = arg; - return 1; - } - return 0; - -#ifdef PBE_PRF_TEST - case EVP_CTRL_PBE_PRF_NID: - *(int *)ptr = NID_hmacWithMD5; - return 1; -#endif - - default: - return -1; - } -} - -#endif diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c deleted file mode 100644 index e77a293141..0000000000 --- a/src/lib/libcrypto/evp/e_rc4.c +++ /dev/null @@ -1,140 +0,0 @@ -/* $OpenBSD: e_rc4.c,v 1.14 2014/07/11 08:44:48 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#ifndef OPENSSL_NO_RC4 - -#include -#include -#include - -#include "evp_locl.h" - -/* FIXME: surely this is available elsewhere? */ -#define EVP_RC4_KEY_SIZE 16 - -typedef struct { - RC4_KEY ks; /* working key */ -} EVP_RC4_KEY; - -#define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data) - -static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); - -static const EVP_CIPHER r4_cipher = { - NID_rc4, - 1, EVP_RC4_KEY_SIZE, 0, - EVP_CIPH_VARIABLE_LENGTH, - rc4_init_key, - rc4_cipher, - NULL, - sizeof(EVP_RC4_KEY), - NULL, - NULL, - NULL, - NULL -}; - -static const EVP_CIPHER r4_40_cipher = { - NID_rc4_40, - 1, 5 /* 40 bit */, 0, - EVP_CIPH_VARIABLE_LENGTH, - rc4_init_key, - rc4_cipher, - NULL, - sizeof(EVP_RC4_KEY), - NULL, - NULL, - NULL, - NULL -}; - -const EVP_CIPHER * -EVP_rc4(void) -{ - return (&r4_cipher); -} - -const EVP_CIPHER * -EVP_rc4_40(void) -{ - return (&r4_40_cipher); -} - -static int -rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - RC4_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key); - return 1; -} - -static int -rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - RC4(&data(ctx)->ks, inl, in, out); - return 1; -} -#endif diff --git a/src/lib/libcrypto/evp/e_rc4_hmac_md5.c b/src/lib/libcrypto/evp/e_rc4_hmac_md5.c deleted file mode 100644 index 1f085af403..0000000000 --- a/src/lib/libcrypto/evp/e_rc4_hmac_md5.c +++ /dev/null @@ -1,309 +0,0 @@ -/* $OpenBSD: e_rc4_hmac_md5.c,v 1.5 2014/08/11 13:29:43 bcook Exp $ */ -/* ==================================================================== - * Copyright (c) 2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include - -#include - -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5) - -#include -#include -#include -#include - -#ifndef EVP_CIPH_FLAG_AEAD_CIPHER -#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 -#define EVP_CTRL_AEAD_TLS1_AAD 0x16 -#define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 -#endif - -/* FIXME: surely this is available elsewhere? */ -#define EVP_RC4_KEY_SIZE 16 - -typedef struct { - RC4_KEY ks; - MD5_CTX head, tail, md; - size_t payload_length; -} EVP_RC4_HMAC_MD5; - -#define NO_PAYLOAD_LENGTH ((size_t)-1) - -void rc4_md5_enc (RC4_KEY *key, const void *in0, void *out, - MD5_CTX *ctx, const void *inp, size_t blocks); - -#define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data) - -static int -rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *inkey, - const unsigned char *iv, int enc) -{ - EVP_RC4_HMAC_MD5 *key = data(ctx); - - RC4_set_key(&key->ks, EVP_CIPHER_CTX_key_length(ctx), inkey); - - MD5_Init(&key->head); /* handy when benchmarking */ - key->tail = key->head; - key->md = key->head; - - key->payload_length = NO_PAYLOAD_LENGTH; - - return 1; -} - -#if !defined(OPENSSL_NO_ASM) && defined(RC4_MD5_ASM) && ( \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) || \ - defined(__INTEL__) ) && \ - !(defined(__APPLE__) && defined(__MACH__)) -#define STITCHED_CALL -#endif - -#if !defined(STITCHED_CALL) -#define rc4_off 0 -#define md5_off 0 -#endif - -static int -rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_RC4_HMAC_MD5 *key = data(ctx); -#if defined(STITCHED_CALL) - size_t rc4_off = 32-1-(key->ks.x&(32-1)), /* 32 is $MOD from rc4_md5-x86_64.pl */ - md5_off = MD5_CBLOCK - key->md.num, - blocks; - unsigned int l; - extern unsigned int OPENSSL_ia32cap_P[]; -#endif - size_t plen = key->payload_length; - - if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH)) - return 0; - - if (ctx->encrypt) { - if (plen == NO_PAYLOAD_LENGTH) - plen = len; -#if defined(STITCHED_CALL) - /* cipher has to "fall behind" */ - if (rc4_off > md5_off) - md5_off += MD5_CBLOCK; - - if (plen > md5_off && - (blocks = (plen - md5_off) / MD5_CBLOCK) && - (OPENSSL_ia32cap_P[0]&(1 << 20)) == 0) { - MD5_Update(&key->md, in, md5_off); - RC4(&key->ks, rc4_off, in, out); - - rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off, - &key->md, in + md5_off, blocks); - blocks *= MD5_CBLOCK; - rc4_off += blocks; - md5_off += blocks; - key->md.Nh += blocks >> 29; - key->md.Nl += blocks <<= 3; - if (key->md.Nl < (unsigned int)blocks) - key->md.Nh++; - } else { - rc4_off = 0; - md5_off = 0; - } -#endif - MD5_Update(&key->md, in + md5_off, plen - md5_off); - - if (plen!=len) { /* "TLS" mode of operation */ - if (in != out) - memcpy(out + rc4_off, in + rc4_off, - plen - rc4_off); - - /* calculate HMAC and append it to payload */ - MD5_Final(out + plen, &key->md); - key->md = key->tail; - MD5_Update(&key->md, out + plen, MD5_DIGEST_LENGTH); - MD5_Final(out + plen, &key->md); - - /* encrypt HMAC at once */ - RC4(&key->ks, len - rc4_off, out + rc4_off, - out + rc4_off); - } else { - RC4(&key->ks, len - rc4_off, in + rc4_off, - out + rc4_off); - } - } else { - unsigned char mac[MD5_DIGEST_LENGTH]; -#if defined(STITCHED_CALL) - /* digest has to "fall behind" */ - if (md5_off > rc4_off) - rc4_off += 2*MD5_CBLOCK; - else - rc4_off += MD5_CBLOCK; - - if (len > rc4_off && (blocks = (len - rc4_off) / MD5_CBLOCK) && - (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) { - RC4(&key->ks, rc4_off, in, out); - MD5_Update(&key->md, out, md5_off); - - rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off, - &key->md, out + md5_off, blocks); - blocks *= MD5_CBLOCK; - rc4_off += blocks; - md5_off += blocks; - l = (key->md.Nl + (blocks << 3)) & 0xffffffffU; - if (l < key->md.Nl) - key->md.Nh++; - key->md.Nl = l; - key->md.Nh += blocks >> 29; - } else { - md5_off = 0; - rc4_off = 0; - } -#endif - /* decrypt HMAC at once */ - RC4(&key->ks, len - rc4_off, in + rc4_off, out + rc4_off); - if (plen!=NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ - MD5_Update(&key->md, out + md5_off, plen - md5_off); - - /* calculate HMAC and verify it */ - MD5_Final(mac, &key->md); - key->md = key->tail; - MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH); - MD5_Final(mac, &key->md); - - if (memcmp(out + plen, mac, MD5_DIGEST_LENGTH)) - return 0; - } else { - MD5_Update(&key->md, out + md5_off, len - md5_off); - } - } - - key->payload_length = NO_PAYLOAD_LENGTH; - - return 1; -} - -static int -rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) -{ - EVP_RC4_HMAC_MD5 *key = data(ctx); - - switch (type) { - case EVP_CTRL_AEAD_SET_MAC_KEY: - { - unsigned int i; - unsigned char hmac_key[64]; - - memset (hmac_key, 0, sizeof(hmac_key)); - - if (arg > (int)sizeof(hmac_key)) { - MD5_Init(&key->head); - MD5_Update(&key->head, ptr, arg); - MD5_Final(hmac_key, &key->head); - } else { - memcpy(hmac_key, ptr, arg); - } - - for (i = 0; i < sizeof(hmac_key); i++) - hmac_key[i] ^= 0x36; /* ipad */ - MD5_Init(&key->head); - MD5_Update(&key->head, hmac_key, sizeof(hmac_key)); - - for (i = 0; i < sizeof(hmac_key); i++) - hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */ - MD5_Init(&key->tail); - MD5_Update(&key->tail, hmac_key, sizeof(hmac_key)); - - return 1; - } - case EVP_CTRL_AEAD_TLS1_AAD: - { - unsigned char *p = ptr; - unsigned int len = p[arg - 2] << 8 | p[arg - 1]; - - if (!ctx->encrypt) { - len -= MD5_DIGEST_LENGTH; - p[arg - 2] = len >> 8; - p[arg - 1] = len; - } - key->payload_length = len; - key->md = key->head; - MD5_Update(&key->md, p, arg); - - return MD5_DIGEST_LENGTH; - } - default: - return -1; - } -} - -static EVP_CIPHER r4_hmac_md5_cipher = { -#ifdef NID_rc4_hmac_md5 - NID_rc4_hmac_md5, -#else - NID_undef, -#endif - 1, EVP_RC4_KEY_SIZE, 0, - EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH|EVP_CIPH_FLAG_AEAD_CIPHER, - rc4_hmac_md5_init_key, - rc4_hmac_md5_cipher, - NULL, - sizeof(EVP_RC4_HMAC_MD5), - NULL, - NULL, - rc4_hmac_md5_ctrl, - NULL -}; - -const EVP_CIPHER * -EVP_rc4_hmac_md5(void) -{ - return (&r4_hmac_md5_cipher); -} -#endif diff --git a/src/lib/libcrypto/evp/e_xcbc_d.c b/src/lib/libcrypto/evp/e_xcbc_d.c deleted file mode 100644 index 2aae0a9151..0000000000 --- a/src/lib/libcrypto/evp/e_xcbc_d.c +++ /dev/null @@ -1,137 +0,0 @@ -/* $OpenBSD: e_xcbc_d.c,v 1.12 2014/07/11 08:44:48 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include - -#include - -#ifndef OPENSSL_NO_DES - -#include -#include -#include - -#include "evp_locl.h" - -static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); - - -typedef struct { - DES_key_schedule ks;/* key schedule */ - DES_cblock inw; - DES_cblock outw; -} DESX_CBC_KEY; - -#define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data) - -static const EVP_CIPHER d_xcbc_cipher = { - NID_desx_cbc, - 8, 24, 8, - EVP_CIPH_CBC_MODE, - desx_cbc_init_key, - desx_cbc_cipher, - NULL, - sizeof(DESX_CBC_KEY), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL, - NULL -}; - -const EVP_CIPHER * -EVP_desx_cbc(void) -{ - return (&d_xcbc_cipher); -} - -static int -desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - DES_cblock *deskey = (DES_cblock *)key; - - DES_set_key_unchecked(deskey, &data(ctx)->ks); - memcpy(&data(ctx)->inw[0], &key[8], 8); - memcpy(&data(ctx)->outw[0], &key[16], 8); - - return 1; -} - -static int -desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - while (inl >= EVP_MAXCHUNK) { - DES_xcbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks, - (DES_cblock *)&(ctx->iv[0]), &data(ctx)->inw, - &data(ctx)->outw, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - if (inl) - DES_xcbc_encrypt(in, out, (long)inl, &data(ctx)->ks, - (DES_cblock *)&(ctx->iv[0]), &data(ctx)->inw, - &data(ctx)->outw, ctx->encrypt); - return 1; -} -#endif diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c deleted file mode 100644 index 725667bfff..0000000000 --- a/src/lib/libcrypto/evp/encode.c +++ /dev/null @@ -1,417 +0,0 @@ -/* $OpenBSD: encode.c,v 1.20 2015/02/07 13:19:15 doug Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include - -#include - -#define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) -#define conv_ascii2bin(a) (data_ascii2bin[(a)&0x7f]) - -/* 64 char lines - * pad input with 0 - * left over chars are set to = - * 1 byte => xx== - * 2 bytes => xxx= - * 3 bytes => xxxx - */ -#define BIN_PER_LINE (64/4*3) -#define CHUNKS_PER_LINE (64/4) -#define CHAR_PER_LINE (64+1) - -static const unsigned char data_bin2ascii[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ\ -abcdefghijklmnopqrstuvwxyz0123456789+/"; - -/* 0xF0 is a EOLN - * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing). - * 0xF2 is EOF - * 0xE0 is ignore at start of line. - * 0xFF is error - */ - -#define B64_EOLN 0xF0 -#define B64_CR 0xF1 -#define B64_EOF 0xF2 -#define B64_WS 0xE0 -#define B64_ERROR 0xFF -#define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3) - -static const unsigned char data_ascii2bin[128] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F, - 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, - 0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF, - 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, - 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, - 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, - 0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, - 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, - 0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -}; - -void -EVP_EncodeInit(EVP_ENCODE_CTX *ctx) -{ - ctx->length = 48; - ctx->num = 0; - ctx->line_num = 0; -} - -void -EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) -{ - int i, j; - unsigned int total = 0; - - *outl = 0; - if (inl == 0) - return; - OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); - if ((ctx->num + inl) < ctx->length) { - memcpy(&(ctx->enc_data[ctx->num]), in, inl); - ctx->num += inl; - return; - } - if (ctx->num != 0) { - i = ctx->length - ctx->num; - memcpy(&(ctx->enc_data[ctx->num]), in, i); - in += i; - inl -= i; - j = EVP_EncodeBlock(out, ctx->enc_data, ctx->length); - ctx->num = 0; - out += j; - *(out++) = '\n'; - *out = '\0'; - total = j + 1; - } - while (inl >= ctx->length) { - j = EVP_EncodeBlock(out, in, ctx->length); - in += ctx->length; - inl -= ctx->length; - out += j; - *(out++) = '\n'; - *out = '\0'; - total += j + 1; - } - if (inl != 0) - memcpy(&(ctx->enc_data[0]), in, inl); - ctx->num = inl; - *outl = total; -} - -void -EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) -{ - unsigned int ret = 0; - - if (ctx->num != 0) { - ret = EVP_EncodeBlock(out, ctx->enc_data, ctx->num); - out[ret++] = '\n'; - out[ret] = '\0'; - ctx->num = 0; - } - *outl = ret; -} - -int -EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen) -{ - int i, ret = 0; - unsigned long l; - - for (i = dlen; i > 0; i -= 3) { - if (i >= 3) { - l = (((unsigned long)f[0]) << 16L) | - (((unsigned long)f[1]) << 8L) | f[2]; - *(t++) = conv_bin2ascii(l >> 18L); - *(t++) = conv_bin2ascii(l >> 12L); - *(t++) = conv_bin2ascii(l >> 6L); - *(t++) = conv_bin2ascii(l ); - } else { - l = ((unsigned long)f[0]) << 16L; - if (i == 2) - l |= ((unsigned long)f[1] << 8L); - - *(t++) = conv_bin2ascii(l >> 18L); - *(t++) = conv_bin2ascii(l >> 12L); - *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L); - *(t++) = '='; - } - ret += 4; - f += 3; - } - - *t = '\0'; - return (ret); -} - -void -EVP_DecodeInit(EVP_ENCODE_CTX *ctx) -{ - ctx->length = 30; - ctx->num = 0; - ctx->line_num = 0; - ctx->expect_nl = 0; -} - -/* -1 for error - * 0 for last line - * 1 for full line - */ -int -EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) -{ - int seof = -1, eof = 0, rv = -1, ret = 0, i, v, tmp, n, ln, exp_nl; - unsigned char *d; - - n = ctx->num; - d = ctx->enc_data; - ln = ctx->line_num; - exp_nl = ctx->expect_nl; - - /* last line of input. */ - if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF))) { - rv = 0; - goto end; - } - - /* We parse the input data */ - for (i = 0; i < inl; i++) { - /* If the current line is > 80 characters, scream alot */ - if (ln >= 80) { - rv = -1; - goto end; - } - - /* Get char and put it into the buffer */ - tmp= *(in++); - v = conv_ascii2bin(tmp); - /* only save the good data :-) */ - if (!B64_NOT_BASE64(v)) { - OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); - d[n++] = tmp; - ln++; - } else if (v == B64_ERROR) { - rv = -1; - goto end; - } - - /* There should not be base64 data after padding. */ - if (eof && tmp != '=' && tmp != '\r' && tmp != '\n' && - v != B64_EOF) { - rv = -1; - goto end; - } - - /* have we seen a '=' which is 'definitely' the last - * input line. seof will point to the character that - * holds it. and eof will hold how many characters to - * chop off. */ - if (tmp == '=') { - if (seof == -1) - seof = n; - eof++; - } - - /* There should be no more than two padding markers. */ - if (eof > 2) { - rv = -1; - goto end; - } - - if (v == B64_CR) { - ln = 0; - if (exp_nl) - continue; - } - - /* eoln */ - if (v == B64_EOLN) { - ln = 0; - if (exp_nl) { - exp_nl = 0; - continue; - } - } - exp_nl = 0; - - /* If we are at the end of input and it looks like a - * line, process it. */ - if (((i + 1) == inl) && (((n&3) == 0) || eof)) { - v = B64_EOF; - /* In case things were given us in really small - records (so two '=' were given in separate - updates), eof may contain the incorrect number - of ending bytes to skip, so let's redo the count */ - eof = 0; - if (d[n-1] == '=') - eof++; - if (d[n-2] == '=') - eof++; - /* There will never be more than two '=' */ - } - - if ((v == B64_EOF && (n&3) == 0) || (n >= 64)) { - /* This is needed to work correctly on 64 byte input - * lines. We process the line and then need to - * accept the '\n' */ - if ((v != B64_EOF) && (n >= 64)) - exp_nl = 1; - if (n > 0) { - v = EVP_DecodeBlock(out, d, n); - n = 0; - if (v < 0) { - rv = 0; - goto end; - } - ret += (v - eof); - } else { - eof = 1; - v = 0; - } - - /* This is the case where we have had a short - * but valid input line */ - if ((v < ctx->length) && eof) { - rv = 0; - goto end; - } else - ctx->length = v; - - if (seof >= 0) { - rv = 0; - goto end; - } - out += v; - } - } - rv = 1; - -end: - *outl = ret; - ctx->num = n; - ctx->line_num = ln; - ctx->expect_nl = exp_nl; - return (rv); -} - -int -EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n) -{ - int i, ret = 0, a, b, c, d; - unsigned long l; - - /* trim white space from the start of the line. */ - while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) { - f++; - n--; - } - - /* strip off stuff at the end of the line - * ascii2bin values B64_WS, B64_EOLN, B64_EOLN and B64_EOF */ - while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1])))) - n--; - - if (n % 4 != 0) - return (-1); - - for (i = 0; i < n; i += 4) { - a = conv_ascii2bin(*(f++)); - b = conv_ascii2bin(*(f++)); - c = conv_ascii2bin(*(f++)); - d = conv_ascii2bin(*(f++)); - if ((a & 0x80) || (b & 0x80) || - (c & 0x80) || (d & 0x80)) - return (-1); - l = ((((unsigned long)a) << 18L) | - (((unsigned long)b) << 12L) | - (((unsigned long)c) << 6L) | - (((unsigned long)d))); - *(t++) = (unsigned char)(l >> 16L) & 0xff; - *(t++) = (unsigned char)(l >> 8L) & 0xff; - *(t++) = (unsigned char)(l) & 0xff; - ret += 3; - } - return (ret); -} - -int -EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) -{ - int i; - - *outl = 0; - if (ctx->num != 0) { - i = EVP_DecodeBlock(out, ctx->enc_data, ctx->num); - if (i < 0) - return (-1); - ctx->num = 0; - *outl = i; - return (1); - } else - return (1); -} diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h deleted file mode 100644 index 57f8753ced..0000000000 --- a/src/lib/libcrypto/evp/evp.h +++ /dev/null @@ -1,1495 +0,0 @@ -/* $OpenBSD: evp.h,v 1.45 2015/06/20 01:07:24 doug Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_ENVELOPE_H -#define HEADER_ENVELOPE_H - -#include - -#include - -#ifndef OPENSSL_NO_BIO -#include -#endif - -/* -#define EVP_RC2_KEY_SIZE 16 -#define EVP_RC4_KEY_SIZE 16 -#define EVP_BLOWFISH_KEY_SIZE 16 -#define EVP_CAST5_KEY_SIZE 16 -#define EVP_RC5_32_12_16_KEY_SIZE 16 -*/ -#define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */ -#define EVP_MAX_KEY_LENGTH 64 -#define EVP_MAX_IV_LENGTH 16 -#define EVP_MAX_BLOCK_LENGTH 32 - -#define PKCS5_SALT_LEN 8 -/* Default PKCS#5 iteration count */ -#define PKCS5_DEFAULT_ITER 2048 - -#include - -#define EVP_PK_RSA 0x0001 -#define EVP_PK_DSA 0x0002 -#define EVP_PK_DH 0x0004 -#define EVP_PK_EC 0x0008 -#define EVP_PKT_SIGN 0x0010 -#define EVP_PKT_ENC 0x0020 -#define EVP_PKT_EXCH 0x0040 -#define EVP_PKS_RSA 0x0100 -#define EVP_PKS_DSA 0x0200 -#define EVP_PKS_EC 0x0400 -#define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ - -#define EVP_PKEY_NONE NID_undef -#define EVP_PKEY_RSA NID_rsaEncryption -#define EVP_PKEY_RSA2 NID_rsa -#define EVP_PKEY_DSA NID_dsa -#define EVP_PKEY_DSA1 NID_dsa_2 -#define EVP_PKEY_DSA2 NID_dsaWithSHA -#define EVP_PKEY_DSA3 NID_dsaWithSHA1 -#define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 -#define EVP_PKEY_DH NID_dhKeyAgreement -#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey -#define EVP_PKEY_GOSTR01 NID_id_GostR3410_2001 -#define EVP_PKEY_GOSTIMIT NID_id_Gost28147_89_MAC -#define EVP_PKEY_HMAC NID_hmac -#define EVP_PKEY_CMAC NID_cmac -#define EVP_PKEY_GOSTR12_256 NID_id_tc26_gost3410_2012_256 -#define EVP_PKEY_GOSTR12_512 NID_id_tc26_gost3410_2012_512 - -#ifdef __cplusplus -extern "C" { -#endif - -/* Type needs to be a bit field - * Sub-type needs to be for variations on the method, as in, can it do - * arbitrary encryption.... */ -struct evp_pkey_st { - int type; - int save_type; - int references; - const EVP_PKEY_ASN1_METHOD *ameth; - ENGINE *engine; - union { - char *ptr; -#ifndef OPENSSL_NO_RSA - struct rsa_st *rsa; /* RSA */ -#endif -#ifndef OPENSSL_NO_DSA - struct dsa_st *dsa; /* DSA */ -#endif -#ifndef OPENSSL_NO_DH - struct dh_st *dh; /* DH */ -#endif -#ifndef OPENSSL_NO_EC - struct ec_key_st *ec; /* ECC */ -#endif -#ifndef OPENSSL_NO_GOST - struct gost_key_st *gost; /* GOST */ -#endif - } pkey; - int save_parameters; - STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ -} /* EVP_PKEY */; - -#define EVP_PKEY_MO_SIGN 0x0001 -#define EVP_PKEY_MO_VERIFY 0x0002 -#define EVP_PKEY_MO_ENCRYPT 0x0004 -#define EVP_PKEY_MO_DECRYPT 0x0008 - -typedef int evp_sign_method(int type, const unsigned char *m, - unsigned int m_length, unsigned char *sigret, unsigned int *siglen, - void *key); -typedef int evp_verify_method(int type, const unsigned char *m, - unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, - void *key); - -#ifndef EVP_MD -struct env_md_st { - int type; - int pkey_type; - int md_size; - unsigned long flags; - int (*init)(EVP_MD_CTX *ctx); - int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); - int (*final)(EVP_MD_CTX *ctx, unsigned char *md); - int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from); - int (*cleanup)(EVP_MD_CTX *ctx); - - evp_sign_method *sign; - evp_verify_method *verify; - int required_pkey_type[5]; /*EVP_PKEY_xxx */ - int block_size; - int ctx_size; /* how big does the ctx->md_data need to be */ - /* control function */ - int (*md_ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); -} /* EVP_MD */; - -#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single - * block */ - -#define EVP_MD_FLAG_PKEY_DIGEST 0x0002 /* digest is a "clone" digest used - * which is a copy of an existing - * one for a specific public key type. - * EVP_dss1() etc */ - -/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */ - -#define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004 - -/* DigestAlgorithmIdentifier flags... */ - -#define EVP_MD_FLAG_DIGALGID_MASK 0x0018 - -/* NULL or absent parameter accepted. Use NULL */ - -#define EVP_MD_FLAG_DIGALGID_NULL 0x0000 - -/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */ - -#define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008 - -/* Custom handling via ctrl */ - -#define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 - -#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */ - -/* Digest ctrls */ - -#define EVP_MD_CTRL_DIGALGID 0x1 -#define EVP_MD_CTRL_MICALG 0x2 -#define EVP_MD_CTRL_SET_KEY 0x3 -#define EVP_MD_CTRL_GOST_SET_SBOX 0x4 - -/* Minimum Algorithm specific ctrl value */ - -#define EVP_MD_CTRL_ALG_CTRL 0x1000 - -#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} - -#ifndef OPENSSL_NO_DSA -#define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \ - (evp_verify_method *)DSA_verify, \ - {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ - EVP_PKEY_DSA4,0} -#else -#define EVP_PKEY_DSA_method EVP_PKEY_NULL_method -#endif - -#ifndef OPENSSL_NO_ECDSA -#define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ - (evp_verify_method *)ECDSA_verify, \ - {EVP_PKEY_EC,0,0,0} -#else -#define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method -#endif - -#ifndef OPENSSL_NO_RSA -#define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \ - (evp_verify_method *)RSA_verify, \ - {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} -#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ - (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \ - (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \ - {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} -#else -#define EVP_PKEY_RSA_method EVP_PKEY_NULL_method -#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method -#endif - -#endif /* !EVP_MD */ - -struct env_md_ctx_st { - const EVP_MD *digest; - ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ - unsigned long flags; - void *md_data; - /* Public key context for sign/verify */ - EVP_PKEY_CTX *pctx; - /* Update function: usually copied from EVP_MD */ - int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); -} /* EVP_MD_CTX */; - -/* values for EVP_MD_CTX flags */ - -#define EVP_MD_CTX_FLAG_ONESHOT 0x0001 /* digest update will be called - * once only */ -#define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been - * cleaned */ -#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data - * in EVP_MD_CTX_cleanup */ -/* FIPS and pad options are ignored in 1.0.0, definitions are here - * so we don't accidentally reuse the values for other purposes. - */ - -#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest - * in FIPS mode */ - -/* The following PAD options are also currently ignored in 1.0.0, digest - * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*() - * instead. - */ -#define EVP_MD_CTX_FLAG_PAD_MASK 0xF0 /* RSA mode to use */ -#define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */ -#define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */ -#define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */ - -#define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */ - -struct evp_cipher_st { - int nid; - int block_size; - int key_len; /* Default value for variable length ciphers */ - int iv_len; - unsigned long flags; /* Various flags */ - int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); /* init key */ - int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl);/* encrypt/decrypt data */ - int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */ - int ctx_size; /* how big ctx->cipher_data needs to be */ - int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */ - int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */ - int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */ - void *app_data; /* Application data */ -} /* EVP_CIPHER */; - -/* Values for cipher flags */ - -/* Modes for ciphers */ - -#define EVP_CIPH_STREAM_CIPHER 0x0 -#define EVP_CIPH_ECB_MODE 0x1 -#define EVP_CIPH_CBC_MODE 0x2 -#define EVP_CIPH_CFB_MODE 0x3 -#define EVP_CIPH_OFB_MODE 0x4 -#define EVP_CIPH_CTR_MODE 0x5 -#define EVP_CIPH_GCM_MODE 0x6 -#define EVP_CIPH_CCM_MODE 0x7 -#define EVP_CIPH_XTS_MODE 0x10001 -#define EVP_CIPH_MODE 0xF0007 -/* Set if variable length cipher */ -#define EVP_CIPH_VARIABLE_LENGTH 0x8 -/* Set if the iv handling should be done by the cipher itself */ -#define EVP_CIPH_CUSTOM_IV 0x10 -/* Set if the cipher's init() function should be called if key is NULL */ -#define EVP_CIPH_ALWAYS_CALL_INIT 0x20 -/* Call ctrl() to init cipher parameters */ -#define EVP_CIPH_CTRL_INIT 0x40 -/* Don't use standard key length function */ -#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 -/* Don't use standard block padding */ -#define EVP_CIPH_NO_PADDING 0x100 -/* cipher handles random key generation */ -#define EVP_CIPH_RAND_KEY 0x200 -/* cipher has its own additional copying logic */ -#define EVP_CIPH_CUSTOM_COPY 0x400 -/* Allow use default ASN1 get/set iv */ -#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 -/* Buffer length in bits not bytes: CFB1 mode only */ -#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 -/* Note if suitable for use in FIPS mode */ -#define EVP_CIPH_FLAG_FIPS 0x4000 -/* Allow non FIPS cipher in FIPS mode */ -#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000 -/* Cipher handles any and all padding logic as well - * as finalisation. - */ -#define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 -#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 - -/* ctrl() values */ - -#define EVP_CTRL_INIT 0x0 -#define EVP_CTRL_SET_KEY_LENGTH 0x1 -#define EVP_CTRL_GET_RC2_KEY_BITS 0x2 -#define EVP_CTRL_SET_RC2_KEY_BITS 0x3 -#define EVP_CTRL_GET_RC5_ROUNDS 0x4 -#define EVP_CTRL_SET_RC5_ROUNDS 0x5 -#define EVP_CTRL_RAND_KEY 0x6 -#define EVP_CTRL_PBE_PRF_NID 0x7 -#define EVP_CTRL_COPY 0x8 -#define EVP_CTRL_GCM_SET_IVLEN 0x9 -#define EVP_CTRL_GCM_GET_TAG 0x10 -#define EVP_CTRL_GCM_SET_TAG 0x11 -#define EVP_CTRL_GCM_SET_IV_FIXED 0x12 -#define EVP_CTRL_GCM_IV_GEN 0x13 -#define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN -#define EVP_CTRL_CCM_GET_TAG EVP_CTRL_GCM_GET_TAG -#define EVP_CTRL_CCM_SET_TAG EVP_CTRL_GCM_SET_TAG -#define EVP_CTRL_CCM_SET_L 0x14 -#define EVP_CTRL_CCM_SET_MSGLEN 0x15 -/* AEAD cipher deduces payload length and returns number of bytes - * required to store MAC and eventual padding. Subsequent call to - * EVP_Cipher even appends/verifies MAC. - */ -#define EVP_CTRL_AEAD_TLS1_AAD 0x16 -/* Used by composite AEAD ciphers, no-op in GCM, CCM... */ -#define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 -/* Set the GCM invocation field, decrypt only */ -#define EVP_CTRL_GCM_SET_IV_INV 0x18 -/* Set the S-BOX NID for GOST ciphers */ -#define EVP_CTRL_GOST_SET_SBOX 0x19 - -/* GCM TLS constants */ -/* Length of fixed part of IV derived from PRF */ -#define EVP_GCM_TLS_FIXED_IV_LEN 4 -/* Length of explicit part of IV part of TLS records */ -#define EVP_GCM_TLS_EXPLICIT_IV_LEN 8 -/* Length of tag for TLS */ -#define EVP_GCM_TLS_TAG_LEN 16 - -typedef struct evp_cipher_info_st { - const EVP_CIPHER *cipher; - unsigned char iv[EVP_MAX_IV_LENGTH]; -} EVP_CIPHER_INFO; - -struct evp_cipher_ctx_st { - const EVP_CIPHER *cipher; - ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */ - int encrypt; /* encrypt or decrypt */ - int buf_len; /* number we have left */ - - unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ - unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ - unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */ - int num; /* used by cfb/ofb/ctr mode */ - - void *app_data; /* application stuff */ - int key_len; /* May change for variable length cipher */ - unsigned long flags; /* Various flags */ - void *cipher_data; /* per EVP data */ - int final_used; - int block_mask; - unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */ -} /* EVP_CIPHER_CTX */; - -typedef struct evp_Encode_Ctx_st { - int num; /* number saved in a partial encode/decode */ - int length; /* The length is either the output line length - * (in input bytes) or the shortest input line - * length that is ok. Once decoding begins, - * the length is adjusted up each time a longer - * line is decoded */ - unsigned char enc_data[80]; /* data to encode */ - int line_num; /* number read on current line */ - int expect_nl; -} EVP_ENCODE_CTX; - -/* Password based encryption function */ -typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); - -#ifndef OPENSSL_NO_RSA -#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ - (char *)(rsa)) -#endif - -#ifndef OPENSSL_NO_DSA -#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ - (char *)(dsa)) -#endif - -#ifndef OPENSSL_NO_DH -#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ - (char *)(dh)) -#endif - -#ifndef OPENSSL_NO_EC -#define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ - (char *)(eckey)) -#endif - -#ifndef OPENSSL_NO_GOST -#define EVP_PKEY_assign_GOST(pkey,gostkey) EVP_PKEY_assign((pkey),EVP_PKEY_GOSTR01,\ - (char *)(gostkey)) -#endif - -/* Add some extra combinations */ -#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) -#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) -#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) -#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) - -int EVP_MD_type(const EVP_MD *md); -#define EVP_MD_nid(e) EVP_MD_type(e) -#define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) -int EVP_MD_pkey_type(const EVP_MD *md); -int EVP_MD_size(const EVP_MD *md); -int EVP_MD_block_size(const EVP_MD *md); -unsigned long EVP_MD_flags(const EVP_MD *md); - -const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); -#define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) -#define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) -#define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) - -int EVP_CIPHER_nid(const EVP_CIPHER *cipher); -#define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) -int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); -int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); -int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); -unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); -#define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) - -const EVP_CIPHER * EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); -int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); -int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); -int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); -int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); -int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); -void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); -void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); -#define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) -unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); -#define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) - -#define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) -#define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) - -#define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) -#define EVP_SignInit(a,b) EVP_DigestInit(a,b) -#define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) -#define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) -#define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) -#define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) -#define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) -#define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) -#define EVP_DigestSignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) -#define EVP_DigestVerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) - -#define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md) -#define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) -#define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) -#define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp) -#define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) -#define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) - -int EVP_Cipher(EVP_CIPHER_CTX *c, unsigned char *out, const unsigned char *in, - unsigned int inl); - -#define EVP_add_cipher_alias(n,alias) \ - OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) -#define EVP_add_digest_alias(n,alias) \ - OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) -#define EVP_delete_cipher_alias(alias) \ - OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); -#define EVP_delete_digest_alias(alias) \ - OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); - -void EVP_MD_CTX_init(EVP_MD_CTX *ctx); -int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); -EVP_MD_CTX *EVP_MD_CTX_create(void); -void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); -int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); -void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); -void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); -int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr); -int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); -int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); -int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); -int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); -int EVP_Digest(const void *data, size_t count, unsigned char *md, - unsigned int *size, const EVP_MD *type, ENGINE *impl); - -int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); -int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); -int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); - -int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); -int EVP_read_pw_string_min(char *buf, int minlen, int maxlen, - const char *prompt, int verify); -void EVP_set_pw_prompt(const char *prompt); -char *EVP_get_pw_prompt(void); - -int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, - const unsigned char *salt, const unsigned char *data, int datal, int count, - unsigned char *key, unsigned char *iv); - -void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); -void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); -int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); - -int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv); -int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - ENGINE *impl, const unsigned char *key, const unsigned char *iv); -int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl); -int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); - -int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv); -int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - ENGINE *impl, const unsigned char *key, const unsigned char *iv); -int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl); -int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); - -int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv, int enc); -int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); -int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl); -int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); - -int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, - EVP_PKEY *pkey); - -int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, - unsigned int siglen, EVP_PKEY *pkey); - -int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); -int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen); - -int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); -int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen); - -int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - const unsigned char *ek, int ekl, const unsigned char *iv, EVP_PKEY *priv); -int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); - -int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, - int npubk); -int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); - -void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); -void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl); -void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); -int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); - -void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); -int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl); -int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); -int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); - -void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); -int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); -EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); -void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a); -int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); -int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); -int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); -int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); - -#ifndef OPENSSL_NO_BIO -BIO_METHOD *BIO_f_md(void); -BIO_METHOD *BIO_f_base64(void); -BIO_METHOD *BIO_f_cipher(void); -void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, - const unsigned char *i, int enc); -#endif - -const EVP_MD *EVP_md_null(void); -#ifndef OPENSSL_NO_MD4 -const EVP_MD *EVP_md4(void); -#endif -#ifndef OPENSSL_NO_MD5 -const EVP_MD *EVP_md5(void); -#endif -#ifndef OPENSSL_NO_SHA -const EVP_MD *EVP_sha(void); -const EVP_MD *EVP_sha1(void); -const EVP_MD *EVP_dss(void); -const EVP_MD *EVP_dss1(void); -const EVP_MD *EVP_ecdsa(void); -#endif -#ifndef OPENSSL_NO_SHA256 -const EVP_MD *EVP_sha224(void); -const EVP_MD *EVP_sha256(void); -#endif -#ifndef OPENSSL_NO_SHA512 -const EVP_MD *EVP_sha384(void); -const EVP_MD *EVP_sha512(void); -#endif -#ifndef OPENSSL_NO_RIPEMD -const EVP_MD *EVP_ripemd160(void); -#endif -#ifndef OPENSSL_NO_WHIRLPOOL -const EVP_MD *EVP_whirlpool(void); -#endif -#ifndef OPENSSL_NO_GOST -const EVP_MD *EVP_gostr341194(void); -const EVP_MD *EVP_gost2814789imit(void); -const EVP_MD *EVP_streebog256(void); -const EVP_MD *EVP_streebog512(void); -#endif -const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ -#ifndef OPENSSL_NO_DES -const EVP_CIPHER *EVP_des_ecb(void); -const EVP_CIPHER *EVP_des_ede(void); -const EVP_CIPHER *EVP_des_ede3(void); -const EVP_CIPHER *EVP_des_ede_ecb(void); -const EVP_CIPHER *EVP_des_ede3_ecb(void); -const EVP_CIPHER *EVP_des_cfb64(void); -# define EVP_des_cfb EVP_des_cfb64 -const EVP_CIPHER *EVP_des_cfb1(void); -const EVP_CIPHER *EVP_des_cfb8(void); -const EVP_CIPHER *EVP_des_ede_cfb64(void); -# define EVP_des_ede_cfb EVP_des_ede_cfb64 -const EVP_CIPHER *EVP_des_ede3_cfb64(void); -# define EVP_des_ede3_cfb EVP_des_ede3_cfb64 -const EVP_CIPHER *EVP_des_ede3_cfb1(void); -const EVP_CIPHER *EVP_des_ede3_cfb8(void); -const EVP_CIPHER *EVP_des_ofb(void); -const EVP_CIPHER *EVP_des_ede_ofb(void); -const EVP_CIPHER *EVP_des_ede3_ofb(void); -const EVP_CIPHER *EVP_des_cbc(void); -const EVP_CIPHER *EVP_des_ede_cbc(void); -const EVP_CIPHER *EVP_des_ede3_cbc(void); -const EVP_CIPHER *EVP_desx_cbc(void); -#endif -#ifndef OPENSSL_NO_RC4 -const EVP_CIPHER *EVP_rc4(void); -const EVP_CIPHER *EVP_rc4_40(void); -#ifndef OPENSSL_NO_MD5 -const EVP_CIPHER *EVP_rc4_hmac_md5(void); -#endif -#endif -#ifndef OPENSSL_NO_IDEA -const EVP_CIPHER *EVP_idea_ecb(void); -const EVP_CIPHER *EVP_idea_cfb64(void); -# define EVP_idea_cfb EVP_idea_cfb64 -const EVP_CIPHER *EVP_idea_ofb(void); -const EVP_CIPHER *EVP_idea_cbc(void); -#endif -#ifndef OPENSSL_NO_RC2 -const EVP_CIPHER *EVP_rc2_ecb(void); -const EVP_CIPHER *EVP_rc2_cbc(void); -const EVP_CIPHER *EVP_rc2_40_cbc(void); -const EVP_CIPHER *EVP_rc2_64_cbc(void); -const EVP_CIPHER *EVP_rc2_cfb64(void); -# define EVP_rc2_cfb EVP_rc2_cfb64 -const EVP_CIPHER *EVP_rc2_ofb(void); -#endif -#ifndef OPENSSL_NO_BF -const EVP_CIPHER *EVP_bf_ecb(void); -const EVP_CIPHER *EVP_bf_cbc(void); -const EVP_CIPHER *EVP_bf_cfb64(void); -# define EVP_bf_cfb EVP_bf_cfb64 -const EVP_CIPHER *EVP_bf_ofb(void); -#endif -#ifndef OPENSSL_NO_CAST -const EVP_CIPHER *EVP_cast5_ecb(void); -const EVP_CIPHER *EVP_cast5_cbc(void); -const EVP_CIPHER *EVP_cast5_cfb64(void); -# define EVP_cast5_cfb EVP_cast5_cfb64 -const EVP_CIPHER *EVP_cast5_ofb(void); -#endif -#ifndef OPENSSL_NO_AES -const EVP_CIPHER *EVP_aes_128_ecb(void); -const EVP_CIPHER *EVP_aes_128_cbc(void); -const EVP_CIPHER *EVP_aes_128_cfb1(void); -const EVP_CIPHER *EVP_aes_128_cfb8(void); -const EVP_CIPHER *EVP_aes_128_cfb128(void); -# define EVP_aes_128_cfb EVP_aes_128_cfb128 -const EVP_CIPHER *EVP_aes_128_ofb(void); -const EVP_CIPHER *EVP_aes_128_ctr(void); -const EVP_CIPHER *EVP_aes_128_ccm(void); -const EVP_CIPHER *EVP_aes_128_gcm(void); -const EVP_CIPHER *EVP_aes_128_xts(void); -const EVP_CIPHER *EVP_aes_192_ecb(void); -const EVP_CIPHER *EVP_aes_192_cbc(void); -const EVP_CIPHER *EVP_aes_192_cfb1(void); -const EVP_CIPHER *EVP_aes_192_cfb8(void); -const EVP_CIPHER *EVP_aes_192_cfb128(void); -# define EVP_aes_192_cfb EVP_aes_192_cfb128 -const EVP_CIPHER *EVP_aes_192_ofb(void); -const EVP_CIPHER *EVP_aes_192_ctr(void); -const EVP_CIPHER *EVP_aes_192_ccm(void); -const EVP_CIPHER *EVP_aes_192_gcm(void); -const EVP_CIPHER *EVP_aes_256_ecb(void); -const EVP_CIPHER *EVP_aes_256_cbc(void); -const EVP_CIPHER *EVP_aes_256_cfb1(void); -const EVP_CIPHER *EVP_aes_256_cfb8(void); -const EVP_CIPHER *EVP_aes_256_cfb128(void); -# define EVP_aes_256_cfb EVP_aes_256_cfb128 -const EVP_CIPHER *EVP_aes_256_ofb(void); -const EVP_CIPHER *EVP_aes_256_ctr(void); -const EVP_CIPHER *EVP_aes_256_ccm(void); -const EVP_CIPHER *EVP_aes_256_gcm(void); -const EVP_CIPHER *EVP_aes_256_xts(void); -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) -const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); -const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); -#endif -#endif -#ifndef OPENSSL_NO_CAMELLIA -const EVP_CIPHER *EVP_camellia_128_ecb(void); -const EVP_CIPHER *EVP_camellia_128_cbc(void); -const EVP_CIPHER *EVP_camellia_128_cfb1(void); -const EVP_CIPHER *EVP_camellia_128_cfb8(void); -const EVP_CIPHER *EVP_camellia_128_cfb128(void); -# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 -const EVP_CIPHER *EVP_camellia_128_ofb(void); -const EVP_CIPHER *EVP_camellia_192_ecb(void); -const EVP_CIPHER *EVP_camellia_192_cbc(void); -const EVP_CIPHER *EVP_camellia_192_cfb1(void); -const EVP_CIPHER *EVP_camellia_192_cfb8(void); -const EVP_CIPHER *EVP_camellia_192_cfb128(void); -# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 -const EVP_CIPHER *EVP_camellia_192_ofb(void); -const EVP_CIPHER *EVP_camellia_256_ecb(void); -const EVP_CIPHER *EVP_camellia_256_cbc(void); -const EVP_CIPHER *EVP_camellia_256_cfb1(void); -const EVP_CIPHER *EVP_camellia_256_cfb8(void); -const EVP_CIPHER *EVP_camellia_256_cfb128(void); -# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 -const EVP_CIPHER *EVP_camellia_256_ofb(void); -#endif - -#ifndef OPENSSL_NO_CHACHA -const EVP_CIPHER *EVP_chacha20(void); -#endif - -#ifndef OPENSSL_NO_GOST -const EVP_CIPHER *EVP_gost2814789_ecb(void); -const EVP_CIPHER *EVP_gost2814789_cfb64(void); -const EVP_CIPHER *EVP_gost2814789_cnt(void); -#endif - -void OPENSSL_add_all_algorithms_noconf(void); -void OPENSSL_add_all_algorithms_conf(void); - -#ifdef OPENSSL_LOAD_CONF -#define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_conf() -#else -#define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_noconf() -#endif - -void OpenSSL_add_all_ciphers(void); -void OpenSSL_add_all_digests(void); - -#define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() -#define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers() -#define SSLeay_add_all_digests() OpenSSL_add_all_digests() - -int EVP_add_cipher(const EVP_CIPHER *cipher); -int EVP_add_digest(const EVP_MD *digest); - -const EVP_CIPHER *EVP_get_cipherbyname(const char *name); -const EVP_MD *EVP_get_digestbyname(const char *name); -void EVP_cleanup(void); - -void EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph, const char *from, - const char *to, void *x), void *arg); -void EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph, - const char *from, const char *to, void *x), void *arg); - -void EVP_MD_do_all(void (*fn)(const EVP_MD *ciph, const char *from, - const char *to, void *x), void *arg); -void EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *ciph, const char *from, - const char *to, void *x), void *arg); - -int EVP_PKEY_decrypt_old(unsigned char *dec_key, const unsigned char *enc_key, - int enc_key_len, EVP_PKEY *private_key); -int EVP_PKEY_encrypt_old(unsigned char *enc_key, const unsigned char *key, - int key_len, EVP_PKEY *pub_key); -int EVP_PKEY_type(int type); -int EVP_PKEY_id(const EVP_PKEY *pkey); -int EVP_PKEY_base_id(const EVP_PKEY *pkey); -int EVP_PKEY_bits(EVP_PKEY *pkey); -int EVP_PKEY_size(EVP_PKEY *pkey); -int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); -int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); -int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); -void *EVP_PKEY_get0(EVP_PKEY *pkey); - -#ifndef OPENSSL_NO_RSA -struct rsa_st; -int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); -struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); -#endif -#ifndef OPENSSL_NO_DSA -struct dsa_st; -int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key); -struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); -#endif -#ifndef OPENSSL_NO_DH -struct dh_st; -int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key); -struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); -#endif -#ifndef OPENSSL_NO_EC -struct ec_key_st; -int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); -struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); -#endif -#ifndef OPENSSL_NO_GOST -struct gost_key_st; -#endif - -EVP_PKEY *EVP_PKEY_new(void); -void EVP_PKEY_free(EVP_PKEY *pkey); - -EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, - long length); -int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); - -EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, - long length); -EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, - long length); -int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); - -int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); -int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); -int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode); -int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); - -int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); - -int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx); -int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx); -int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx); - -int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); - -int EVP_CIPHER_type(const EVP_CIPHER *ctx); - -/* calls methods */ -int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); -int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - -/* These are used by EVP_CIPHER methods */ -int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); -int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - -/* PKCS5 password based encryption */ -int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); -int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, - const unsigned char *salt, int saltlen, int iter, int keylen, - unsigned char *out); -int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, - int saltlen, int iter, const EVP_MD *digest, int keylen, - unsigned char *out); -int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, - int en_de); - -void PKCS5_PBE_add(void); - -int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); - -/* PBE type */ - -/* Can appear as the outermost AlgorithmIdentifier */ -#define EVP_PBE_TYPE_OUTER 0x0 -/* Is an PRF type OID */ -#define EVP_PBE_TYPE_PRF 0x1 - -int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid, - EVP_PBE_KEYGEN *keygen); -int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, - EVP_PBE_KEYGEN *keygen); -int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, - EVP_PBE_KEYGEN **pkeygen); -void EVP_PBE_cleanup(void); - -#define ASN1_PKEY_ALIAS 0x1 -#define ASN1_PKEY_DYNAMIC 0x2 -#define ASN1_PKEY_SIGPARAM_NULL 0x4 - -#define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1 -#define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2 -#define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3 -#define ASN1_PKEY_CTRL_CMS_SIGN 0x5 -#define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 - -int EVP_PKEY_asn1_get_count(void); -const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); -const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); -const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, - const char *str, int len); -int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); -int EVP_PKEY_asn1_add_alias(int to, int from); -int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, int *ppkey_flags, - const char **pinfo, const char **ppem_str, - const EVP_PKEY_ASN1_METHOD *ameth); - -const EVP_PKEY_ASN1_METHOD* EVP_PKEY_get0_asn1(EVP_PKEY *pkey); -EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags, const char *pem_str, - const char *info); -void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, - const EVP_PKEY_ASN1_METHOD *src); -void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); -void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, - int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub), - int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk), - int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b), - int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx), - int (*pkey_size)(const EVP_PKEY *pk), - int (*pkey_bits)(const EVP_PKEY *pk)); -void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, - int (*priv_decode)(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf), - int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk), - int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx)); -void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, - int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder, int derlen), - int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder), - int (*param_missing)(const EVP_PKEY *pk), - int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from), - int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b), - int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx)); - -void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, - void (*pkey_free)(EVP_PKEY *pkey)); -void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2)); - -#define EVP_PKEY_OP_UNDEFINED 0 -#define EVP_PKEY_OP_PARAMGEN (1<<1) -#define EVP_PKEY_OP_KEYGEN (1<<2) -#define EVP_PKEY_OP_SIGN (1<<3) -#define EVP_PKEY_OP_VERIFY (1<<4) -#define EVP_PKEY_OP_VERIFYRECOVER (1<<5) -#define EVP_PKEY_OP_SIGNCTX (1<<6) -#define EVP_PKEY_OP_VERIFYCTX (1<<7) -#define EVP_PKEY_OP_ENCRYPT (1<<8) -#define EVP_PKEY_OP_DECRYPT (1<<9) -#define EVP_PKEY_OP_DERIVE (1<<10) - -#define EVP_PKEY_OP_TYPE_SIG \ - (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \ - | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) - -#define EVP_PKEY_OP_TYPE_CRYPT \ - (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) - -#define EVP_PKEY_OP_TYPE_NOGEN \ - (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE) - -#define EVP_PKEY_OP_TYPE_GEN \ - (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) - -#define EVP_PKEY_CTX_set_signature_md(ctx, md) \ - EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ - EVP_PKEY_CTRL_MD, 0, (void *)md) - -#define EVP_PKEY_CTRL_MD 1 -#define EVP_PKEY_CTRL_PEER_KEY 2 - -#define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3 -#define EVP_PKEY_CTRL_PKCS7_DECRYPT 4 - -#define EVP_PKEY_CTRL_PKCS7_SIGN 5 - -#define EVP_PKEY_CTRL_SET_MAC_KEY 6 - -#define EVP_PKEY_CTRL_DIGESTINIT 7 - -/* Used by GOST key encryption in TLS */ -#define EVP_PKEY_CTRL_SET_IV 8 - -#define EVP_PKEY_CTRL_CMS_ENCRYPT 9 -#define EVP_PKEY_CTRL_CMS_DECRYPT 10 -#define EVP_PKEY_CTRL_CMS_SIGN 11 - -#define EVP_PKEY_CTRL_CIPHER 12 - -#define EVP_PKEY_ALG_CTRL 0x1000 - - -#define EVP_PKEY_FLAG_AUTOARGLEN 2 -/* Method handles all operations: don't assume any digest related - * defaults. - */ -#define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 - -const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); -EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags); -void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, - const EVP_PKEY_METHOD *meth); -void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); -void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); -int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); - -EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); -EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); -EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); -void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); - -int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, - int p1, void *p2); -int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, - const char *value); - -int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); -void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); - -EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, - int keylen); - -void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); -void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx); -EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx); - -EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); - -void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); -void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); - -int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); -int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen); -int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); -int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen); -int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); -int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, unsigned char *rout, - size_t *routlen, const unsigned char *sig, size_t siglen); -int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); -int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); -int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); -int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); - -int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); -int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); -int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); - -typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); - -int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); -int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); -int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); -int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); - -void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); -EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); - -int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); - -void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, - int (*init)(EVP_PKEY_CTX *ctx)); - -void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, - int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)); - -void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, - void (*cleanup)(EVP_PKEY_CTX *ctx)); - -void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, - int (*paramgen_init)(EVP_PKEY_CTX *ctx), - int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); - -void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, - int (*keygen_init)(EVP_PKEY_CTX *ctx), - int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); - -void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, - int (*sign_init)(EVP_PKEY_CTX *ctx), - int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen)); - -void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, - int (*verify_init)(EVP_PKEY_CTX *ctx), - int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen)); - -void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, - int (*verify_recover_init)(EVP_PKEY_CTX *ctx), - int (*verify_recover)(EVP_PKEY_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, size_t tbslen)); - -void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, - int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), - int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - EVP_MD_CTX *mctx)); - -void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, - int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), - int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, - EVP_MD_CTX *mctx)); - -void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, - int (*encrypt_init)(EVP_PKEY_CTX *ctx), - int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen)); - -void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, - int (*decrypt_init)(EVP_PKEY_CTX *ctx), - int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen)); - -void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, - int (*derive_init)(EVP_PKEY_CTX *ctx), - int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)); - -void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, - int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2), - int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value)); - -/* Authenticated Encryption with Additional Data. - * - * AEAD couples confidentiality and integrity in a single primtive. AEAD - * algorithms take a key and then can seal and open individual messages. Each - * message has a unique, per-message nonce and, optionally, additional data - * which is authenticated but not included in the output. */ - -struct evp_aead_st; -typedef struct evp_aead_st EVP_AEAD; - -#ifndef OPENSSL_NO_AES -/* EVP_aes_128_gcm is AES-128 in Galois Counter Mode. */ -const EVP_AEAD *EVP_aead_aes_128_gcm(void); -/* EVP_aes_256_gcm is AES-256 in Galois Counter Mode. */ -const EVP_AEAD *EVP_aead_aes_256_gcm(void); -#endif - -#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) -/* EVP_aead_chacha20_poly1305 is ChaCha20 with a Poly1305 authenticator. */ -const EVP_AEAD *EVP_aead_chacha20_poly1305(void); -#endif - -/* EVP_AEAD_key_length returns the length of the keys used. */ -size_t EVP_AEAD_key_length(const EVP_AEAD *aead); - -/* EVP_AEAD_nonce_length returns the length of the per-message nonce. */ -size_t EVP_AEAD_nonce_length(const EVP_AEAD *aead); - -/* EVP_AEAD_max_overhead returns the maximum number of additional bytes added - * by the act of sealing data with the AEAD. */ -size_t EVP_AEAD_max_overhead(const EVP_AEAD *aead); - -/* EVP_AEAD_max_tag_len returns the maximum tag length when using this AEAD. - * This * is the largest value that can be passed as a tag length to - * EVP_AEAD_CTX_init. */ -size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead); - -/* An EVP_AEAD_CTX represents an AEAD algorithm configured with a specific key - * and message-independent IV. */ -typedef struct evp_aead_ctx_st { - const EVP_AEAD *aead; - /* aead_state is an opaque pointer to the AEAD specific state. */ - void *aead_state; -} EVP_AEAD_CTX; - -/* EVP_AEAD_MAX_TAG_LENGTH is the maximum tag length used by any AEAD - * defined in this header. */ -#define EVP_AEAD_MAX_TAG_LENGTH 16 - -/* EVP_AEAD_DEFAULT_TAG_LENGTH is a magic value that can be passed to - * EVP_AEAD_CTX_init to indicate that the default tag length for an AEAD - * should be used. */ -#define EVP_AEAD_DEFAULT_TAG_LENGTH 0 - -/* EVP_AEAD_init initializes the context for the given AEAD algorithm. - * The implementation argument may be NULL to choose the default implementation. - * Authentication tags may be truncated by passing a tag length. A tag length - * of zero indicates the default tag length should be used. */ -int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, - const unsigned char *key, size_t key_len, size_t tag_len, ENGINE *impl); - -/* EVP_AEAD_CTX_cleanup frees any data allocated for this context. */ -void EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx); - -/* EVP_AEAD_CTX_seal encrypts and authenticates the input and authenticates - * any additional data (AD), the result being written as output. One is - * returned on success, otherwise zero. - * - * This function may be called (with the same EVP_AEAD_CTX) concurrently with - * itself or EVP_AEAD_CTX_open. - * - * At most max_out_len bytes are written as output and, in order to ensure - * success, this value should be the length of the input plus the result of - * EVP_AEAD_overhead. On successful return, out_len is set to the actual - * number of bytes written. - * - * The length of the nonce is must be equal to the result of - * EVP_AEAD_nonce_length for this AEAD. - * - * EVP_AEAD_CTX_seal never results in a partial output. If max_out_len is - * insufficient, zero will be returned and out_len will be set to zero. - * - * If the input and output are aliased then out must be <= in. */ -int EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, - size_t *out_len, size_t max_out_len, const unsigned char *nonce, - size_t nonce_len, const unsigned char *in, size_t in_len, - const unsigned char *ad, size_t ad_len); - -/* EVP_AEAD_CTX_open authenticates the input and additional data, decrypting - * the input and writing it as output. One is returned on success, otherwise - * zero. - * - * This function may be called (with the same EVP_AEAD_CTX) concurrently with - * itself or EVP_AEAD_CTX_seal. - * - * At most the number of input bytes are written as output. In order to ensure - * success, max_out_len should be at least the same as the input length. On - * successful return out_len is set to the actual number of bytes written. - * - * The length of nonce must be equal to the result of EVP_AEAD_nonce_length - * for this AEAD. - * - * EVP_AEAD_CTX_open never results in a partial output. If max_out_len is - * insufficient, zero will be returned and out_len will be set to zero. - * - * If the input and output are aliased then out must be <= in. */ -int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, unsigned char *out, - size_t *out_len, size_t max_out_len, const unsigned char *nonce, - size_t nonce_len, const unsigned char *in, size_t in_len, - const unsigned char *ad, size_t ad_len); - -void EVP_add_alg_module(void); - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -void ERR_load_EVP_strings(void); - -/* Error codes for the EVP functions. */ - -/* Function codes. */ -#define EVP_F_AEAD_AES_GCM_INIT 187 -#define EVP_F_AEAD_AES_GCM_OPEN 188 -#define EVP_F_AEAD_AES_GCM_SEAL 189 -#define EVP_F_AEAD_CHACHA20_POLY1305_INIT 192 -#define EVP_F_AEAD_CHACHA20_POLY1305_OPEN 193 -#define EVP_F_AEAD_CHACHA20_POLY1305_SEAL 194 -#define EVP_F_AEAD_CTX_OPEN 185 -#define EVP_F_AEAD_CTX_SEAL 186 -#define EVP_F_AESNI_INIT_KEY 165 -#define EVP_F_AESNI_XTS_CIPHER 176 -#define EVP_F_AES_INIT_KEY 133 -#define EVP_F_AES_XTS 172 -#define EVP_F_AES_XTS_CIPHER 175 -#define EVP_F_ALG_MODULE_INIT 177 -#define EVP_F_CAMELLIA_INIT_KEY 159 -#define EVP_F_CMAC_INIT 173 -#define EVP_F_D2I_PKEY 100 -#define EVP_F_DO_SIGVER_INIT 161 -#define EVP_F_DSAPKEY2PKCS8 134 -#define EVP_F_DSA_PKEY2PKCS8 135 -#define EVP_F_ECDSA_PKEY2PKCS8 129 -#define EVP_F_ECKEY_PKEY2PKCS8 132 -#define EVP_F_EVP_AEAD_CTX_INIT 180 -#define EVP_F_EVP_AEAD_CTX_OPEN 190 -#define EVP_F_EVP_AEAD_CTX_SEAL 191 -#define EVP_F_EVP_BYTESTOKEY 200 -#define EVP_F_EVP_CIPHERINIT_EX 123 -#define EVP_F_EVP_CIPHER_CTX_COPY 163 -#define EVP_F_EVP_CIPHER_CTX_CTRL 124 -#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 -#define EVP_F_EVP_CIPHER_GET_ASN1_IV 201 -#define EVP_F_EVP_CIPHER_SET_ASN1_IV 202 -#define EVP_F_EVP_DECRYPTFINAL_EX 101 -#define EVP_F_EVP_DECRYPTUPDATE 199 -#define EVP_F_EVP_DIGESTFINAL_EX 196 -#define EVP_F_EVP_DIGESTINIT_EX 128 -#define EVP_F_EVP_ENCRYPTFINAL_EX 127 -#define EVP_F_EVP_ENCRYPTUPDATE 198 -#define EVP_F_EVP_MD_CTX_COPY_EX 110 -#define EVP_F_EVP_MD_CTX_CTRL 195 -#define EVP_F_EVP_MD_SIZE 162 -#define EVP_F_EVP_OPENINIT 102 -#define EVP_F_EVP_PBE_ALG_ADD 115 -#define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 -#define EVP_F_EVP_PBE_CIPHERINIT 116 -#define EVP_F_EVP_PKCS82PKEY 111 -#define EVP_F_EVP_PKCS82PKEY_BROKEN 136 -#define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 -#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 -#define EVP_F_EVP_PKEY_CTX_CTRL 137 -#define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 -#define EVP_F_EVP_PKEY_CTX_DUP 156 -#define EVP_F_EVP_PKEY_DECRYPT 104 -#define EVP_F_EVP_PKEY_DECRYPT_INIT 138 -#define EVP_F_EVP_PKEY_DECRYPT_OLD 151 -#define EVP_F_EVP_PKEY_DERIVE 153 -#define EVP_F_EVP_PKEY_DERIVE_INIT 154 -#define EVP_F_EVP_PKEY_DERIVE_SET_PEER 155 -#define EVP_F_EVP_PKEY_ENCRYPT 105 -#define EVP_F_EVP_PKEY_ENCRYPT_INIT 139 -#define EVP_F_EVP_PKEY_ENCRYPT_OLD 152 -#define EVP_F_EVP_PKEY_GET1_DH 119 -#define EVP_F_EVP_PKEY_GET1_DSA 120 -#define EVP_F_EVP_PKEY_GET1_ECDSA 130 -#define EVP_F_EVP_PKEY_GET1_EC_KEY 131 -#define EVP_F_EVP_PKEY_GET1_RSA 121 -#define EVP_F_EVP_PKEY_KEYGEN 146 -#define EVP_F_EVP_PKEY_KEYGEN_INIT 147 -#define EVP_F_EVP_PKEY_NEW 106 -#define EVP_F_EVP_PKEY_PARAMGEN 148 -#define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 -#define EVP_F_EVP_PKEY_SIGN 140 -#define EVP_F_EVP_PKEY_SIGN_INIT 141 -#define EVP_F_EVP_PKEY_VERIFY 142 -#define EVP_F_EVP_PKEY_VERIFY_INIT 143 -#define EVP_F_EVP_PKEY_VERIFY_RECOVER 144 -#define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145 -#define EVP_F_EVP_RIJNDAEL 126 -#define EVP_F_EVP_SIGNFINAL 107 -#define EVP_F_EVP_VERIFYFINAL 108 -#define EVP_F_FIPS_CIPHERINIT 166 -#define EVP_F_FIPS_CIPHER_CTX_COPY 170 -#define EVP_F_FIPS_CIPHER_CTX_CTRL 167 -#define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH 171 -#define EVP_F_FIPS_DIGESTINIT 168 -#define EVP_F_FIPS_MD_CTX_COPY 169 -#define EVP_F_HMAC_INIT_EX 174 -#define EVP_F_INT_CTX_NEW 157 -#define EVP_F_PKCS5_PBE_KEYIVGEN 117 -#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 -#define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 -#define EVP_F_PKCS8_SET_BROKEN 112 -#define EVP_F_PKEY_SET_TYPE 158 -#define EVP_F_RC2_GET_ASN1_TYPE_AND_IV 197 -#define EVP_F_RC2_MAGIC_TO_METH 109 -#define EVP_F_RC5_CTRL 125 - -/* Reason codes. */ -#define EVP_R_AES_IV_SETUP_FAILED 162 -#define EVP_R_AES_KEY_SETUP_FAILED 143 -#define EVP_R_ASN1_LIB 140 -#define EVP_R_BAD_BLOCK_LENGTH 136 -#define EVP_R_BAD_DECRYPT 100 -#define EVP_R_BAD_KEY_LENGTH 137 -#define EVP_R_BN_DECODE_ERROR 112 -#define EVP_R_BN_PUBKEY_ERROR 113 -#define EVP_R_BUFFER_TOO_SMALL 155 -#define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 -#define EVP_R_CIPHER_PARAMETER_ERROR 122 -#define EVP_R_COMMAND_NOT_SUPPORTED 147 -#define EVP_R_CTRL_NOT_IMPLEMENTED 132 -#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 -#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 -#define EVP_R_DECODE_ERROR 114 -#define EVP_R_DIFFERENT_KEY_TYPES 101 -#define EVP_R_DIFFERENT_PARAMETERS 153 -#define EVP_R_DISABLED_FOR_FIPS 163 -#define EVP_R_ENCODE_ERROR 115 -#define EVP_R_ERROR_LOADING_SECTION 165 -#define EVP_R_ERROR_SETTING_FIPS_MODE 166 -#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 -#define EVP_R_EXPECTING_AN_RSA_KEY 127 -#define EVP_R_EXPECTING_A_DH_KEY 128 -#define EVP_R_EXPECTING_A_DSA_KEY 129 -#define EVP_R_EXPECTING_A_ECDSA_KEY 141 -#define EVP_R_EXPECTING_A_EC_KEY 142 -#define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 -#define EVP_R_INITIALIZATION_ERROR 134 -#define EVP_R_INPUT_NOT_INITIALIZED 111 -#define EVP_R_INVALID_DIGEST 152 -#define EVP_R_INVALID_FIPS_MODE 168 -#define EVP_R_INVALID_KEY_LENGTH 130 -#define EVP_R_INVALID_OPERATION 148 -#define EVP_R_IV_TOO_LARGE 102 -#define EVP_R_KEYGEN_FAILURE 120 -#define EVP_R_MESSAGE_DIGEST_IS_NULL 159 -#define EVP_R_METHOD_NOT_SUPPORTED 144 -#define EVP_R_MISSING_PARAMETERS 103 -#define EVP_R_NO_CIPHER_SET 131 -#define EVP_R_NO_DEFAULT_DIGEST 158 -#define EVP_R_NO_DIGEST_SET 139 -#define EVP_R_NO_DSA_PARAMETERS 116 -#define EVP_R_NO_KEY_SET 154 -#define EVP_R_NO_OPERATION_SET 149 -#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 -#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 -#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 -#define EVP_R_OPERATON_NOT_INITIALIZED 151 -#define EVP_R_OUTPUT_ALIASES_INPUT 172 -#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 -#define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 -#define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 -#define EVP_R_PUBLIC_KEY_NOT_RSA 106 -#define EVP_R_TAG_TOO_LARGE 171 -#define EVP_R_TOO_LARGE 164 -#define EVP_R_UNKNOWN_CIPHER 160 -#define EVP_R_UNKNOWN_DIGEST 161 -#define EVP_R_UNKNOWN_OPTION 169 -#define EVP_R_UNKNOWN_PBE_ALGORITHM 121 -#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 -#define EVP_R_UNSUPPORTED_ALGORITHM 156 -#define EVP_R_UNSUPPORTED_CIPHER 107 -#define EVP_R_UNSUPPORTED_KEYLENGTH 123 -#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 -#define EVP_R_UNSUPPORTED_KEY_SIZE 108 -#define EVP_R_UNSUPPORTED_PRF 125 -#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 -#define EVP_R_UNSUPPORTED_SALT_TYPE 126 -#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 -#define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/src/lib/libcrypto/evp/evp_aead.c b/src/lib/libcrypto/evp/evp_aead.c deleted file mode 100644 index 197b7f515f..0000000000 --- a/src/lib/libcrypto/evp/evp_aead.c +++ /dev/null @@ -1,144 +0,0 @@ -/* $OpenBSD: evp_aead.c,v 1.5 2014/06/21 15:30:36 jsing Exp $ */ -/* - * Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include - -#include -#include - -#include "evp_locl.h" - -size_t -EVP_AEAD_key_length(const EVP_AEAD *aead) -{ - return aead->key_len; -} - -size_t -EVP_AEAD_nonce_length(const EVP_AEAD *aead) -{ - return aead->nonce_len; -} - -size_t -EVP_AEAD_max_overhead(const EVP_AEAD *aead) -{ - return aead->overhead; -} - -size_t -EVP_AEAD_max_tag_len(const EVP_AEAD *aead) -{ - return aead->max_tag_len; -} - -int -EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, - const unsigned char *key, size_t key_len, size_t tag_len, ENGINE *impl) -{ - ctx->aead = aead; - if (key_len != aead->key_len) { - EVPerr(EVP_F_EVP_AEAD_CTX_INIT, EVP_R_UNSUPPORTED_KEY_SIZE); - return 0; - } - return aead->init(ctx, key, key_len, tag_len); -} - -void -EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx) -{ - if (ctx->aead == NULL) - return; - ctx->aead->cleanup(ctx); - ctx->aead = NULL; -} - -/* check_alias returns 0 if out points within the buffer determined by in - * and in_len and 1 otherwise. - * - * When processing, there's only an issue if out points within in[:in_len] - * and isn't equal to in. If that's the case then writing the output will - * stomp input that hasn't been read yet. - * - * This function checks for that case. */ -static int -check_alias(const unsigned char *in, size_t in_len, const unsigned char *out) -{ - if (out <= in) - return 1; - if (in + in_len <= out) - return 1; - return 0; -} - -int -EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len, - size_t max_out_len, const unsigned char *nonce, size_t nonce_len, - const unsigned char *in, size_t in_len, const unsigned char *ad, - size_t ad_len) -{ - size_t possible_out_len = in_len + ctx->aead->overhead; - - /* Overflow. */ - if (possible_out_len < in_len) { - EVPerr(EVP_F_AEAD_CTX_SEAL, EVP_R_TOO_LARGE); - goto error; - } - - if (!check_alias(in, in_len, out)) { - EVPerr(EVP_F_AEAD_CTX_SEAL, EVP_R_OUTPUT_ALIASES_INPUT); - goto error; - } - - if (ctx->aead->seal(ctx, out, out_len, max_out_len, nonce, nonce_len, - in, in_len, ad, ad_len)) { - return 1; - } - -error: - /* In the event of an error, clear the output buffer so that a caller - * that doesn't check the return value doesn't send raw data. */ - memset(out, 0, max_out_len); - *out_len = 0; - return 0; -} - -int -EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len, - size_t max_out_len, const unsigned char *nonce, size_t nonce_len, - const unsigned char *in, size_t in_len, const unsigned char *ad, - size_t ad_len) -{ - if (!check_alias(in, in_len, out)) { - EVPerr(EVP_F_AEAD_CTX_OPEN, EVP_R_OUTPUT_ALIASES_INPUT); - goto error; - } - - if (ctx->aead->open(ctx, out, out_len, max_out_len, nonce, nonce_len, - in, in_len, ad, ad_len)) { - return 1; - } - -error: - /* In the event of an error, clear the output buffer so that a caller - * that doesn't check the return value doesn't try and process bad - * data. */ - memset(out, 0, max_out_len); - *out_len = 0; - return 0; -} diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c deleted file mode 100644 index 42ccfceec9..0000000000 --- a/src/lib/libcrypto/evp/evp_enc.c +++ /dev/null @@ -1,668 +0,0 @@ -/* $OpenBSD: evp_enc.c,v 1.26 2015/02/10 09:52:35 miod Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#include - -#include -#include - -#ifndef OPENSSL_NO_ENGINE -#include -#endif - -#include "evp_locl.h" - -#define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl) - -void -EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) -{ - memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); -} - -EVP_CIPHER_CTX * -EVP_CIPHER_CTX_new(void) -{ - return calloc(1, sizeof(EVP_CIPHER_CTX)); -} - -int -EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv, int enc) -{ - if (cipher) - EVP_CIPHER_CTX_init(ctx); - return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc); -} - -int -EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, - const unsigned char *key, const unsigned char *iv, int enc) -{ - if (enc == -1) - enc = ctx->encrypt; - else { - if (enc) - enc = 1; - ctx->encrypt = enc; - } -#ifndef OPENSSL_NO_ENGINE - /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts - * so this context may already have an ENGINE! Try to avoid releasing - * the previous handle, re-querying for an ENGINE, and having a - * reinitialisation, when it may all be unecessary. */ - if (ctx->engine && ctx->cipher && - (!cipher || (cipher && (cipher->nid == ctx->cipher->nid)))) - goto skip_to_init; -#endif - if (cipher) { - /* Ensure a context left lying around from last time is cleared - * (the previous check attempted to avoid this if the same - * ENGINE and EVP_CIPHER could be used). */ - if (ctx->cipher) { - unsigned long flags = ctx->flags; - EVP_CIPHER_CTX_cleanup(ctx); - /* Restore encrypt and flags */ - ctx->encrypt = enc; - ctx->flags = flags; - } -#ifndef OPENSSL_NO_ENGINE - if (impl) { - if (!ENGINE_init(impl)) { - EVPerr(EVP_F_EVP_CIPHERINIT_EX, - EVP_R_INITIALIZATION_ERROR); - return 0; - } - } else - /* Ask if an ENGINE is reserved for this job */ - impl = ENGINE_get_cipher_engine(cipher->nid); - if (impl) { - /* There's an ENGINE for this job ... (apparently) */ - const EVP_CIPHER *c = - ENGINE_get_cipher(impl, cipher->nid); - if (!c) { - EVPerr(EVP_F_EVP_CIPHERINIT_EX, - EVP_R_INITIALIZATION_ERROR); - return 0; - } - /* We'll use the ENGINE's private cipher definition */ - cipher = c; - /* Store the ENGINE functional reference so we know - * 'cipher' came from an ENGINE and we need to release - * it when done. */ - ctx->engine = impl; - } else - ctx->engine = NULL; -#endif - - ctx->cipher = cipher; - if (ctx->cipher->ctx_size) { - ctx->cipher_data = malloc(ctx->cipher->ctx_size); - if (!ctx->cipher_data) { - EVPerr(EVP_F_EVP_CIPHERINIT_EX, - ERR_R_MALLOC_FAILURE); - return 0; - } - } else { - ctx->cipher_data = NULL; - } - ctx->key_len = cipher->key_len; - ctx->flags = 0; - if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { - EVPerr(EVP_F_EVP_CIPHERINIT_EX, - EVP_R_INITIALIZATION_ERROR); - return 0; - } - } - } else if (!ctx->cipher) { - EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET); - return 0; - } -#ifndef OPENSSL_NO_ENGINE -skip_to_init: -#endif - /* we assume block size is a power of 2 in *cryptUpdate */ - if (ctx->cipher->block_size != 1 && - ctx->cipher->block_size != 8 && - ctx->cipher->block_size != 16) { - EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_BAD_BLOCK_LENGTH); - return 0; - } - - if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { - switch (EVP_CIPHER_CTX_mode(ctx)) { - - case EVP_CIPH_STREAM_CIPHER: - case EVP_CIPH_ECB_MODE: - break; - - case EVP_CIPH_CFB_MODE: - case EVP_CIPH_OFB_MODE: - - ctx->num = 0; - /* fall-through */ - - case EVP_CIPH_CBC_MODE: - - if ((size_t)EVP_CIPHER_CTX_iv_length(ctx) > - sizeof(ctx->iv)) { - EVPerr(EVP_F_EVP_CIPHERINIT_EX, - EVP_R_IV_TOO_LARGE); - return 0; - } - if (iv) - memcpy(ctx->oiv, iv, - EVP_CIPHER_CTX_iv_length(ctx)); - memcpy(ctx->iv, ctx->oiv, - EVP_CIPHER_CTX_iv_length(ctx)); - break; - - case EVP_CIPH_CTR_MODE: - ctx->num = 0; - /* Don't reuse IV for CTR mode */ - if (iv) - memcpy(ctx->iv, iv, - EVP_CIPHER_CTX_iv_length(ctx)); - break; - - default: - return 0; - break; - } - } - - if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { - if (!ctx->cipher->init(ctx, key, iv, enc)) - return 0; - } - ctx->buf_len = 0; - ctx->final_used = 0; - ctx->block_mask = ctx->cipher->block_size - 1; - return 1; -} - -int -EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) -{ - if (ctx->encrypt) - return EVP_EncryptUpdate(ctx, out, outl, in, inl); - else - return EVP_DecryptUpdate(ctx, out, outl, in, inl); -} - -int -EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - if (ctx->encrypt) - return EVP_EncryptFinal_ex(ctx, out, outl); - else - return EVP_DecryptFinal_ex(ctx, out, outl); -} - -int -EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - if (ctx->encrypt) - return EVP_EncryptFinal(ctx, out, outl); - else - return EVP_DecryptFinal(ctx, out, outl); -} - -int -EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv) -{ - return EVP_CipherInit(ctx, cipher, key, iv, 1); -} - -int -EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, - const unsigned char *key, const unsigned char *iv) -{ - return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1); -} - -int -EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv) -{ - return EVP_CipherInit(ctx, cipher, key, iv, 0); -} - -int -EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, - const unsigned char *key, const unsigned char *iv) -{ - return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); -} - -int -EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) -{ - int i, j, bl; - - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - i = M_do_cipher(ctx, out, in, inl); - if (i < 0) - return 0; - else - *outl = i; - return 1; - } - - if (inl <= 0) { - *outl = 0; - return inl == 0; - } - - if (ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) { - if (M_do_cipher(ctx, out, in, inl)) { - *outl = inl; - return 1; - } else { - *outl = 0; - return 0; - } - } - i = ctx->buf_len; - bl = ctx->cipher->block_size; - if ((size_t)bl > sizeof(ctx->buf)) { - EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_BAD_BLOCK_LENGTH); - *outl = 0; - return 0; - } - if (i != 0) { - if (i + inl < bl) { - memcpy(&(ctx->buf[i]), in, inl); - ctx->buf_len += inl; - *outl = 0; - return 1; - } else { - j = bl - i; - memcpy(&(ctx->buf[i]), in, j); - if (!M_do_cipher(ctx, out, ctx->buf, bl)) - return 0; - inl -= j; - in += j; - out += bl; - *outl = bl; - } - } else - *outl = 0; - i = inl&(bl - 1); - inl -= i; - if (inl > 0) { - if (!M_do_cipher(ctx, out, in, inl)) - return 0; - *outl += inl; - } - - if (i != 0) - memcpy(ctx->buf, &(in[inl]), i); - ctx->buf_len = i; - return 1; -} - -int -EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - int ret; - - ret = EVP_EncryptFinal_ex(ctx, out, outl); - return ret; -} - -int -EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - int n, ret; - unsigned int i, b, bl; - - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - ret = M_do_cipher(ctx, out, NULL, 0); - if (ret < 0) - return 0; - else - *outl = ret; - return 1; - } - - b = ctx->cipher->block_size; - if (b > sizeof ctx->buf) { - EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_BAD_BLOCK_LENGTH); - return 0; - } - if (b == 1) { - *outl = 0; - return 1; - } - bl = ctx->buf_len; - if (ctx->flags & EVP_CIPH_NO_PADDING) { - if (bl) { - EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, - EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); - return 0; - } - *outl = 0; - return 1; - } - - n = b - bl; - for (i = bl; i < b; i++) - ctx->buf[i] = n; - ret = M_do_cipher(ctx, out, ctx->buf, b); - - - if (ret) - *outl = b; - - return ret; -} - -int -EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) -{ - int fix_len; - unsigned int b; - - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - fix_len = M_do_cipher(ctx, out, in, inl); - if (fix_len < 0) { - *outl = 0; - return 0; - } else - *outl = fix_len; - return 1; - } - - if (inl <= 0) { - *outl = 0; - return inl == 0; - } - - if (ctx->flags & EVP_CIPH_NO_PADDING) - return EVP_EncryptUpdate(ctx, out, outl, in, inl); - - b = ctx->cipher->block_size; - if (b > sizeof ctx->final) { - EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_BAD_BLOCK_LENGTH); - return 0; - } - - if (ctx->final_used) { - memcpy(out, ctx->final, b); - out += b; - fix_len = 1; - } else - fix_len = 0; - - - if (!EVP_EncryptUpdate(ctx, out, outl, in, inl)) - return 0; - - /* if we have 'decrypted' a multiple of block size, make sure - * we have a copy of this last block */ - if (b > 1 && !ctx->buf_len) { - *outl -= b; - ctx->final_used = 1; - memcpy(ctx->final, &out[*outl], b); - } else - ctx->final_used = 0; - - if (fix_len) - *outl += b; - - return 1; -} - -int -EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - int ret; - - ret = EVP_DecryptFinal_ex(ctx, out, outl); - return ret; -} - -int -EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - int i, n; - unsigned int b; - *outl = 0; - - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - i = M_do_cipher(ctx, out, NULL, 0); - if (i < 0) - return 0; - else - *outl = i; - return 1; - } - - b = ctx->cipher->block_size; - if (ctx->flags & EVP_CIPH_NO_PADDING) { - if (ctx->buf_len) { - EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, - EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); - return 0; - } - *outl = 0; - return 1; - } - if (b > 1) { - if (ctx->buf_len || !ctx->final_used) { - EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, - EVP_R_WRONG_FINAL_BLOCK_LENGTH); - return (0); - } - if (b > sizeof ctx->final) { - EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, - EVP_R_BAD_BLOCK_LENGTH); - return 0; - } - n = ctx->final[b - 1]; - if (n == 0 || n > (int)b) { - EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT); - return (0); - } - for (i = 0; i < n; i++) { - if (ctx->final[--b] != n) { - EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, - EVP_R_BAD_DECRYPT); - return (0); - } - } - n = ctx->cipher->block_size - n; - for (i = 0; i < n; i++) - out[i] = ctx->final[i]; - *outl = n; - } else - *outl = 0; - return (1); -} - -void -EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) -{ - if (ctx) { - EVP_CIPHER_CTX_cleanup(ctx); - free(ctx); - } -} - -int -EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) -{ - if (c->cipher != NULL) { - if (c->cipher->cleanup && !c->cipher->cleanup(c)) - return 0; - /* Cleanse cipher context data */ - if (c->cipher_data) - OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); - } - free(c->cipher_data); -#ifndef OPENSSL_NO_ENGINE - if (c->engine) - /* The EVP_CIPHER we used belongs to an ENGINE, release the - * functional reference we held for this reason. */ - ENGINE_finish(c->engine); -#endif - memset(c, 0, sizeof(EVP_CIPHER_CTX)); - return 1; -} - -int -EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) -{ - if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) - return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, - keylen, NULL); - if (c->key_len == keylen) - return 1; - if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) { - c->key_len = keylen; - return 1; - } - EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH); - return 0; -} - -int -EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) -{ - if (pad) - ctx->flags &= ~EVP_CIPH_NO_PADDING; - else - ctx->flags |= EVP_CIPH_NO_PADDING; - return 1; -} - -int -EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) -{ - int ret; - - if (!ctx->cipher) { - EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); - return 0; - } - - if (!ctx->cipher->ctrl) { - EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); - return 0; - } - - ret = ctx->cipher->ctrl(ctx, type, arg, ptr); - if (ret == -1) { - EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, - EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); - return 0; - } - return ret; -} - -int -EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) -{ - if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) - return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); - arc4random_buf(key, ctx->key_len); - return 1; -} - -int -EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) -{ - if ((in == NULL) || (in->cipher == NULL)) { - EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INPUT_NOT_INITIALIZED); - return 0; - } -#ifndef OPENSSL_NO_ENGINE - /* Make sure it's safe to copy a cipher context using an ENGINE */ - if (in->engine && !ENGINE_init(in->engine)) { - EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB); - return 0; - } -#endif - - EVP_CIPHER_CTX_cleanup(out); - memcpy(out, in, sizeof *out); - - if (in->cipher_data && in->cipher->ctx_size) { - out->cipher_data = malloc(in->cipher->ctx_size); - if (!out->cipher_data) { - EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size); - } - - if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) - return in->cipher->ctrl((EVP_CIPHER_CTX *)in, - EVP_CTRL_COPY, 0, out); - return 1; -} diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c deleted file mode 100644 index dadd5365a0..0000000000 --- a/src/lib/libcrypto/evp/evp_err.c +++ /dev/null @@ -1,261 +0,0 @@ -/* $OpenBSD: evp_err.c,v 1.21 2015/02/15 14:35:30 miod Exp $ */ -/* ==================================================================== - * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include - -#include - -#include -#include - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0) -#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason) - -static ERR_STRING_DATA EVP_str_functs[] = { - {ERR_FUNC(EVP_F_AEAD_AES_GCM_INIT), "AEAD_AES_GCM_INIT"}, - {ERR_FUNC(EVP_F_AEAD_AES_GCM_OPEN), "AEAD_AES_GCM_OPEN"}, - {ERR_FUNC(EVP_F_AEAD_AES_GCM_SEAL), "AEAD_AES_GCM_SEAL"}, - {ERR_FUNC(EVP_F_AEAD_CHACHA20_POLY1305_INIT), "AEAD_CHACHA20_POLY1305_INIT"}, - {ERR_FUNC(EVP_F_AEAD_CHACHA20_POLY1305_OPEN), "AEAD_CHACHA20_POLY1305_OPEN"}, - {ERR_FUNC(EVP_F_AEAD_CHACHA20_POLY1305_SEAL), "AEAD_CHACHA20_POLY1305_SEAL"}, - {ERR_FUNC(EVP_F_AEAD_CTX_OPEN), "AEAD_CTX_OPEN"}, - {ERR_FUNC(EVP_F_AEAD_CTX_SEAL), "AEAD_CTX_SEAL"}, - {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"}, - {ERR_FUNC(EVP_F_AESNI_XTS_CIPHER), "AESNI_XTS_CIPHER"}, - {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, - {ERR_FUNC(EVP_F_AES_XTS), "AES_XTS"}, - {ERR_FUNC(EVP_F_AES_XTS_CIPHER), "AES_XTS_CIPHER"}, - {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"}, - {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, - {ERR_FUNC(EVP_F_CMAC_INIT), "CMAC_INIT"}, - {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, - {ERR_FUNC(EVP_F_DO_SIGVER_INIT), "DO_SIGVER_INIT"}, - {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, - {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"}, - {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"}, - {ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"}, - {ERR_FUNC(EVP_F_EVP_AEAD_CTX_INIT), "EVP_AEAD_CTX_init"}, - {ERR_FUNC(EVP_F_EVP_AEAD_CTX_OPEN), "EVP_AEAD_CTX_open"}, - {ERR_FUNC(EVP_F_EVP_AEAD_CTX_SEAL), "EVP_AEAD_CTX_seal"}, - {ERR_FUNC(EVP_F_EVP_BYTESTOKEY), "EVP_BytesToKey"}, - {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, - {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_COPY), "EVP_CIPHER_CTX_copy"}, - {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, - {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"}, - {ERR_FUNC(EVP_F_EVP_CIPHER_GET_ASN1_IV), "EVP_CIPHER_get_asn1_iv"}, - {ERR_FUNC(EVP_F_EVP_CIPHER_SET_ASN1_IV), "EVP_CIPHER_set_asn1_iv"}, - {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, - {ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"}, - {ERR_FUNC(EVP_F_EVP_DIGESTFINAL_EX), "EVP_DigestFinal_ex"}, - {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, - {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, - {ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"}, - {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, - {ERR_FUNC(EVP_F_EVP_MD_CTX_CTRL), "EVP_MD_CTX_ctrl"}, - {ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"}, - {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, - {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, - {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"}, - {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, - {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, - {ERR_FUNC(EVP_F_EVP_PKCS82PKEY_BROKEN), "EVP_PKCS82PKEY_BROKEN"}, - {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"}, - {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, - {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL), "EVP_PKEY_CTX_ctrl"}, - {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL_STR), "EVP_PKEY_CTX_ctrl_str"}, - {ERR_FUNC(EVP_F_EVP_PKEY_CTX_DUP), "EVP_PKEY_CTX_dup"}, - {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"}, - {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_INIT), "EVP_PKEY_decrypt_init"}, - {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_OLD), "EVP_PKEY_decrypt_old"}, - {ERR_FUNC(EVP_F_EVP_PKEY_DERIVE), "EVP_PKEY_derive"}, - {ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_INIT), "EVP_PKEY_derive_init"}, - {ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_SET_PEER), "EVP_PKEY_derive_set_peer"}, - {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, - {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT), "EVP_PKEY_encrypt_init"}, - {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"}, - {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"}, - {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"}, - {ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"}, - {ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"}, - {ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"}, - {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"}, - {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"}, - {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, - {ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN), "EVP_PKEY_paramgen"}, - {ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN_INIT), "EVP_PKEY_paramgen_init"}, - {ERR_FUNC(EVP_F_EVP_PKEY_SIGN), "EVP_PKEY_sign"}, - {ERR_FUNC(EVP_F_EVP_PKEY_SIGN_INIT), "EVP_PKEY_sign_init"}, - {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY), "EVP_PKEY_verify"}, - {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_INIT), "EVP_PKEY_verify_init"}, - {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER), "EVP_PKEY_verify_recover"}, - {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT), "EVP_PKEY_verify_recover_init"}, - {ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, - {ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"}, - {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, - {ERR_FUNC(EVP_F_FIPS_CIPHERINIT), "FIPS_CIPHERINIT"}, - {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_COPY), "FIPS_CIPHER_CTX_COPY"}, - {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_CTRL), "FIPS_CIPHER_CTX_CTRL"}, - {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH), "FIPS_CIPHER_CTX_SET_KEY_LENGTH"}, - {ERR_FUNC(EVP_F_FIPS_DIGESTINIT), "FIPS_DIGESTINIT"}, - {ERR_FUNC(EVP_F_FIPS_MD_CTX_COPY), "FIPS_MD_CTX_COPY"}, - {ERR_FUNC(EVP_F_HMAC_INIT_EX), "HMAC_Init_ex"}, - {ERR_FUNC(EVP_F_INT_CTX_NEW), "INT_CTX_NEW"}, - {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, - {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, - {ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN), "PKCS5_V2_PBKDF2_KEYIVGEN"}, - {ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"}, - {ERR_FUNC(EVP_F_PKEY_SET_TYPE), "PKEY_SET_TYPE"}, - {ERR_FUNC(EVP_F_RC2_GET_ASN1_TYPE_AND_IV), "RC2_GET_ASN1_TYPE_AND_IV"}, - {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, - {ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, - {0, NULL} -}; - -static ERR_STRING_DATA EVP_str_reasons[] = { - {ERR_REASON(EVP_R_AES_IV_SETUP_FAILED) , "aes iv setup failed"}, - {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) , "aes key setup failed"}, - {ERR_REASON(EVP_R_ASN1_LIB) , "asn1 lib"}, - {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) , "bad block length"}, - {ERR_REASON(EVP_R_BAD_DECRYPT) , "bad decrypt"}, - {ERR_REASON(EVP_R_BAD_KEY_LENGTH) , "bad key length"}, - {ERR_REASON(EVP_R_BN_DECODE_ERROR) , "bn decode error"}, - {ERR_REASON(EVP_R_BN_PUBKEY_ERROR) , "bn pubkey error"}, - {ERR_REASON(EVP_R_BUFFER_TOO_SMALL) , "buffer too small"}, - {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED), "camellia key setup failed"}, - {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"}, - {ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED) , "command not supported"}, - {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) , "ctrl not implemented"}, - {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED), "ctrl operation not implemented"}, - {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH), "data not multiple of block length"}, - {ERR_REASON(EVP_R_DECODE_ERROR) , "decode error"}, - {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) , "different key types"}, - {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS) , "different parameters"}, - {ERR_REASON(EVP_R_DISABLED_FOR_FIPS) , "disabled for fips"}, - {ERR_REASON(EVP_R_ENCODE_ERROR) , "encode error"}, - {ERR_REASON(EVP_R_ERROR_LOADING_SECTION) , "error loading section"}, - {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"}, - {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR), "evp pbe cipherinit error"}, - {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) , "expecting an rsa key"}, - {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) , "expecting a dh key"}, - {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) , "expecting a dsa key"}, - {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) , "expecting a ecdsa key"}, - {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) , "expecting a ec key"}, - {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, - {ERR_REASON(EVP_R_INITIALIZATION_ERROR) , "initialization error"}, - {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) , "input not initialized"}, - {ERR_REASON(EVP_R_INVALID_DIGEST) , "invalid digest"}, - {ERR_REASON(EVP_R_INVALID_FIPS_MODE) , "invalid fips mode"}, - {ERR_REASON(EVP_R_INVALID_KEY_LENGTH) , "invalid key length"}, - {ERR_REASON(EVP_R_INVALID_OPERATION) , "invalid operation"}, - {ERR_REASON(EVP_R_IV_TOO_LARGE) , "iv too large"}, - {ERR_REASON(EVP_R_KEYGEN_FAILURE) , "keygen failure"}, - {ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL), "message digest is null"}, - {ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED) , "method not supported"}, - {ERR_REASON(EVP_R_MISSING_PARAMETERS) , "missing parameters"}, - {ERR_REASON(EVP_R_NO_CIPHER_SET) , "no cipher set"}, - {ERR_REASON(EVP_R_NO_DEFAULT_DIGEST) , "no default digest"}, - {ERR_REASON(EVP_R_NO_DIGEST_SET) , "no digest set"}, - {ERR_REASON(EVP_R_NO_DSA_PARAMETERS) , "no dsa parameters"}, - {ERR_REASON(EVP_R_NO_KEY_SET) , "no key set"}, - {ERR_REASON(EVP_R_NO_OPERATION_SET) , "no operation set"}, - {ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED), "no sign function configured"}, - {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED), "no verify function configured"}, - {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, - {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, - {ERR_REASON(EVP_R_OUTPUT_ALIASES_INPUT) , "output aliases input"}, - {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), "pkcs8 unknown broken type"}, - {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"}, - {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, - {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) , "public key not rsa"}, - {ERR_REASON(EVP_R_TAG_TOO_LARGE) , "tag too large"}, - {ERR_REASON(EVP_R_TOO_LARGE) , "too large"}, - {ERR_REASON(EVP_R_UNKNOWN_CIPHER) , "unknown cipher"}, - {ERR_REASON(EVP_R_UNKNOWN_DIGEST) , "unknown digest"}, - {ERR_REASON(EVP_R_UNKNOWN_OPTION) , "unknown option"}, - {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) , "unknown pbe algorithm"}, - {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS), "unsuported number of rounds"}, - {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM) , "unsupported algorithm"}, - {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) , "unsupported cipher"}, - {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) , "unsupported keylength"}, - {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION), "unsupported key derivation function"}, - {ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE) , "unsupported key size"}, - {ERR_REASON(EVP_R_UNSUPPORTED_PRF) , "unsupported prf"}, - {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM), "unsupported private key algorithm"}, - {ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE) , "unsupported salt type"}, - {ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"}, - {ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) , "wrong public key type"}, - {0, NULL} -}; - -#endif - -void -ERR_load_EVP_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(EVP_str_functs[0].error) == NULL) { - ERR_load_strings(0, EVP_str_functs); - ERR_load_strings(0, EVP_str_reasons); - } -#endif -} diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c deleted file mode 100644 index 0678536ccb..0000000000 --- a/src/lib/libcrypto/evp/evp_key.c +++ /dev/null @@ -1,206 +0,0 @@ -/* $OpenBSD: evp_key.c,v 1.22 2015/02/10 09:55:39 miod Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include - -#include -#include -#include -#include -#include - -/* should be init to zeros. */ -static char prompt_string[80]; - -void -EVP_set_pw_prompt(const char *prompt) -{ - if (prompt == NULL) - prompt_string[0] = '\0'; - else { - strlcpy(prompt_string, prompt, sizeof(prompt_string)); - } -} - -char * -EVP_get_pw_prompt(void) -{ - if (prompt_string[0] == '\0') - return (NULL); - else - return (prompt_string); -} - -int -EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) -{ - return EVP_read_pw_string_min(buf, 0, len, prompt, verify); -} - -int -EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, - int verify) -{ - int ret; - char buff[BUFSIZ]; - UI *ui; - - if ((prompt == NULL) && (prompt_string[0] != '\0')) - prompt = prompt_string; - ui = UI_new(); - if (ui == NULL) - return -1; - if (UI_add_input_string(ui, prompt, 0, buf, min, - (len >= BUFSIZ) ? BUFSIZ - 1 : len) < 0) - return -1; - if (verify) { - if (UI_add_verify_string(ui, prompt, 0, buff, min, - (len >= BUFSIZ) ? BUFSIZ - 1 : len, buf) < 0) - return -1; - } - ret = UI_process(ui); - UI_free(ui); - OPENSSL_cleanse(buff, BUFSIZ); - return ret; -} - -int -EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, - const unsigned char *salt, const unsigned char *data, int datal, - int count, unsigned char *key, unsigned char *iv) -{ - EVP_MD_CTX c; - unsigned char md_buf[EVP_MAX_MD_SIZE]; - int niv, nkey, addmd = 0; - unsigned int mds = 0, i; - int rv = 0; - - nkey = type->key_len; - niv = type->iv_len; - - if ((size_t)nkey > EVP_MAX_KEY_LENGTH) { - EVPerr(EVP_F_EVP_BYTESTOKEY, EVP_R_BAD_KEY_LENGTH); - return 0; - } - if ((size_t)niv > EVP_MAX_IV_LENGTH) { - EVPerr(EVP_F_EVP_BYTESTOKEY, EVP_R_IV_TOO_LARGE); - return 0; - } - - if (data == NULL) - return (nkey); - - EVP_MD_CTX_init(&c); - for (;;) { - if (!EVP_DigestInit_ex(&c, md, NULL)) - goto err; - if (addmd++) - if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds)) - goto err; - if (!EVP_DigestUpdate(&c, data, datal)) - goto err; - if (salt != NULL) - if (!EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN)) - goto err; - if (!EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds)) - goto err; - - for (i = 1; i < (unsigned int)count; i++) { - if (!EVP_DigestInit_ex(&c, md, NULL)) - goto err; - if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds)) - goto err; - if (!EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds)) - goto err; - } - i = 0; - if (nkey) { - for (;;) { - if (nkey == 0) - break; - if (i == mds) - break; - if (key != NULL) - *(key++) = md_buf[i]; - nkey--; - i++; - } - } - if (niv && (i != mds)) { - for (;;) { - if (niv == 0) - break; - if (i == mds) - break; - if (iv != NULL) - *(iv++) = md_buf[i]; - niv--; - i++; - } - } - if ((nkey == 0) && (niv == 0)) - break; - } - rv = type->key_len; - -err: - EVP_MD_CTX_cleanup(&c); - OPENSSL_cleanse(md_buf, sizeof md_buf); - return rv; -} diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c deleted file mode 100644 index 491c8d6f67..0000000000 --- a/src/lib/libcrypto/evp/evp_lib.c +++ /dev/null @@ -1,348 +0,0 @@ -/* $OpenBSD: evp_lib.c,v 1.14 2015/02/10 09:52:35 miod Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include - -#include -#include -#include - -int -EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -{ - int ret; - - if (c->cipher->set_asn1_parameters != NULL) - ret = c->cipher->set_asn1_parameters(c, type); - else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) - ret = EVP_CIPHER_set_asn1_iv(c, type); - else - ret = -1; - return (ret); -} - -int -EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -{ - int ret; - - if (c->cipher->get_asn1_parameters != NULL) - ret = c->cipher->get_asn1_parameters(c, type); - else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) - ret = EVP_CIPHER_get_asn1_iv(c, type); - else - ret = -1; - return (ret); -} - -int -EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -{ - int i = 0; - unsigned int l; - - if (type != NULL) { - l = EVP_CIPHER_CTX_iv_length(c); - if (l > sizeof(c->iv)) { - EVPerr(EVP_F_EVP_CIPHER_GET_ASN1_IV, - EVP_R_IV_TOO_LARGE); - return 0; - } - i = ASN1_TYPE_get_octetstring(type, c->oiv, l); - if (i != (int)l) - return (-1); - else if (i > 0) - memcpy(c->iv, c->oiv, l); - } - return (i); -} - -int -EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -{ - int i = 0; - unsigned int j; - - if (type != NULL) { - j = EVP_CIPHER_CTX_iv_length(c); - if (j > sizeof(c->iv)) { - EVPerr(EVP_F_EVP_CIPHER_SET_ASN1_IV, - EVP_R_IV_TOO_LARGE); - return 0; - } - i = ASN1_TYPE_set_octetstring(type, c->oiv, j); - } - return (i); -} - -/* Convert the various cipher NIDs and dummies to a proper OID NID */ -int -EVP_CIPHER_type(const EVP_CIPHER *ctx) -{ - int nid; - ASN1_OBJECT *otmp; - nid = EVP_CIPHER_nid(ctx); - - switch (nid) { - case NID_rc2_cbc: - case NID_rc2_64_cbc: - case NID_rc2_40_cbc: - return NID_rc2_cbc; - - case NID_rc4: - case NID_rc4_40: - return NID_rc4; - - case NID_aes_128_cfb128: - case NID_aes_128_cfb8: - case NID_aes_128_cfb1: - return NID_aes_128_cfb128; - - case NID_aes_192_cfb128: - case NID_aes_192_cfb8: - case NID_aes_192_cfb1: - return NID_aes_192_cfb128; - - case NID_aes_256_cfb128: - case NID_aes_256_cfb8: - case NID_aes_256_cfb1: - return NID_aes_256_cfb128; - - case NID_des_cfb64: - case NID_des_cfb8: - case NID_des_cfb1: - return NID_des_cfb64; - - case NID_des_ede3_cfb64: - case NID_des_ede3_cfb8: - case NID_des_ede3_cfb1: - return NID_des_cfb64; - - default: - /* Check it has an OID and it is valid */ - otmp = OBJ_nid2obj(nid); - if (!otmp || !otmp->data) - nid = NID_undef; - ASN1_OBJECT_free(otmp); - return nid; - } -} - -int -EVP_CIPHER_block_size(const EVP_CIPHER *e) -{ - return e->block_size; -} - -int -EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) -{ - return ctx->cipher->block_size; -} - -int -EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, - unsigned int inl) -{ - return ctx->cipher->do_cipher(ctx, out, in, inl); -} - -const EVP_CIPHER * -EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) -{ - return ctx->cipher; -} - -unsigned long -EVP_CIPHER_flags(const EVP_CIPHER *cipher) -{ - return cipher->flags; -} - -unsigned long -EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) -{ - return ctx->cipher->flags; -} - -void * -EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) -{ - return ctx->app_data; -} - -void -EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) -{ - ctx->app_data = data; -} - -int -EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) -{ - return cipher->iv_len; -} - -int -EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) -{ - return ctx->cipher->iv_len; -} - -int -EVP_CIPHER_key_length(const EVP_CIPHER *cipher) -{ - return cipher->key_len; -} - -int -EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) -{ - return ctx->key_len; -} - -int -EVP_CIPHER_nid(const EVP_CIPHER *cipher) -{ - return cipher->nid; -} - -int -EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) -{ - return ctx->cipher->nid; -} - -int -EVP_MD_block_size(const EVP_MD *md) -{ - return md->block_size; -} - -int -EVP_MD_type(const EVP_MD *md) -{ - return md->type; -} - -int -EVP_MD_pkey_type(const EVP_MD *md) -{ - return md->pkey_type; -} - -int -EVP_MD_size(const EVP_MD *md) -{ - if (!md) { - EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL); - return -1; - } - return md->md_size; -} - -unsigned long -EVP_MD_flags(const EVP_MD *md) -{ - return md->flags; -} - -const EVP_MD * -EVP_MD_CTX_md(const EVP_MD_CTX *ctx) -{ - if (!ctx) - return NULL; - return ctx->digest; -} - -void -EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags) -{ - ctx->flags |= flags; -} - -void -EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags) -{ - ctx->flags &= ~flags; -} - -int -EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags) -{ - return (ctx->flags & flags); -} - -void -EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags) -{ - ctx->flags |= flags; -} - -void -EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags) -{ - ctx->flags &= ~flags; -} - -int -EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags) -{ - return (ctx->flags & flags); -} diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h deleted file mode 100644 index 80071ec1ab..0000000000 --- a/src/lib/libcrypto/evp/evp_locl.h +++ /dev/null @@ -1,366 +0,0 @@ -/* $OpenBSD: evp_locl.h,v 1.13 2014/06/12 15:49:29 deraadt Exp $ */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* Macros to code block cipher wrappers */ - -/* Wrapper functions for each cipher mode */ - -#define BLOCK_CIPHER_ecb_loop() \ - size_t i, bl; \ - bl = ctx->cipher->block_size;\ - if(inl < bl) return 1;\ - inl -= bl; \ - for(i=0; i <= inl; i+=bl) - -#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ -static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -{\ - BLOCK_CIPHER_ecb_loop() \ - cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\ - return 1;\ -} - -#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2)) - -#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ -static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -{\ - while(inl>=EVP_MAXCHUNK)\ - {\ - cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ - inl-=EVP_MAXCHUNK;\ - in +=EVP_MAXCHUNK;\ - out+=EVP_MAXCHUNK;\ - }\ - if (inl)\ - cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ - return 1;\ -} - -#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ -static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -{\ - while(inl>=EVP_MAXCHUNK) \ - {\ - cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ - inl-=EVP_MAXCHUNK;\ - in +=EVP_MAXCHUNK;\ - out+=EVP_MAXCHUNK;\ - }\ - if (inl)\ - cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ - return 1;\ -} - -#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ -static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -{\ - size_t chunk=EVP_MAXCHUNK;\ - if (cbits==1) chunk>>=3;\ - if (inl=chunk)\ - {\ - cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ - inl-=chunk;\ - in +=chunk;\ - out+=chunk;\ - if(inlc))+\ - sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ - set_asn1, get_asn1,\ - ctrl, \ - NULL \ -};\ -const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ -static const EVP_CIPHER cname##_cfb = {\ - nid##_cfb64, 1, key_len, iv_len, \ - flags | EVP_CIPH_CFB_MODE,\ - init_key,\ - cname##_cfb_cipher,\ - cleanup,\ - sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ - sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ - set_asn1, get_asn1,\ - ctrl,\ - NULL \ -};\ -const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ -static const EVP_CIPHER cname##_ofb = {\ - nid##_ofb64, 1, key_len, iv_len, \ - flags | EVP_CIPH_OFB_MODE,\ - init_key,\ - cname##_ofb_cipher,\ - cleanup,\ - sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ - sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ - set_asn1, get_asn1,\ - ctrl,\ - NULL \ -};\ -const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ -static const EVP_CIPHER cname##_ecb = {\ - nid##_ecb, block_size, key_len, iv_len, \ - flags | EVP_CIPH_ECB_MODE,\ - init_key,\ - cname##_ecb_cipher,\ - cleanup,\ - sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ - sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ - set_asn1, get_asn1,\ - ctrl,\ - NULL \ -};\ -const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } -*/ - -#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ - block_size, key_len, iv_len, cbits, \ - flags, init_key, \ - cleanup, set_asn1, get_asn1, ctrl) \ - BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ - BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ - cbits, flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) - -#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) - -#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \ - BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ - BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ - NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ - 0, cipher##_init_key, NULL, \ - EVP_CIPHER_set_asn1_iv, \ - EVP_CIPHER_get_asn1_iv, \ - NULL) - - struct evp_pkey_ctx_st { - /* Method associated with this operation */ - const EVP_PKEY_METHOD *pmeth; - /* Engine that implements this method or NULL if builtin */ - ENGINE *engine; - /* Key: may be NULL */ - EVP_PKEY *pkey; - /* Peer key for key agreement, may be NULL */ - EVP_PKEY *peerkey; - /* Actual operation */ - int operation; - /* Algorithm specific data */ - void *data; - /* Application specific data */ - void *app_data; - /* Keygen callback */ - EVP_PKEY_gen_cb *pkey_gencb; - /* implementation specific keygen data */ - int *keygen_info; - int keygen_info_count; -} /* EVP_PKEY_CTX */; - -#define EVP_PKEY_FLAG_DYNAMIC 1 - -struct evp_pkey_method_st { - int pkey_id; - int flags; - - int (*init)(EVP_PKEY_CTX *ctx); - int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); - void (*cleanup)(EVP_PKEY_CTX *ctx); - - int (*paramgen_init)(EVP_PKEY_CTX *ctx); - int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); - - int (*keygen_init)(EVP_PKEY_CTX *ctx); - int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); - - int (*sign_init)(EVP_PKEY_CTX *ctx); - int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen); - - int (*verify_init)(EVP_PKEY_CTX *ctx); - int (*verify)(EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen); - - int (*verify_recover_init)(EVP_PKEY_CTX *ctx); - int (*verify_recover)(EVP_PKEY_CTX *ctx, - unsigned char *rout, size_t *routlen, - const unsigned char *sig, size_t siglen); - - int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); - int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - EVP_MD_CTX *mctx); - - int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); - int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig, - int siglen, EVP_MD_CTX *mctx); - - int (*encrypt_init)(EVP_PKEY_CTX *ctx); - int (*encrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); - - int (*decrypt_init)(EVP_PKEY_CTX *ctx); - int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); - - int (*derive_init)(EVP_PKEY_CTX *ctx); - int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); - - int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); - int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value); -} /* EVP_PKEY_METHOD */; - -void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); - -int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de); - -/* EVP_AEAD represents a specific AEAD algorithm. */ -struct evp_aead_st { - unsigned char key_len; - unsigned char nonce_len; - unsigned char overhead; - unsigned char max_tag_len; - - int (*init)(struct evp_aead_ctx_st*, const unsigned char *key, - size_t key_len, size_t tag_len); - void (*cleanup)(struct evp_aead_ctx_st*); - - int (*seal)(const struct evp_aead_ctx_st *ctx, unsigned char *out, - size_t *out_len, size_t max_out_len, const unsigned char *nonce, - size_t nonce_len, const unsigned char *in, size_t in_len, - const unsigned char *ad, size_t ad_len); - - int (*open)(const struct evp_aead_ctx_st *ctx, unsigned char *out, - size_t *out_len, size_t max_out_len, const unsigned char *nonce, - size_t nonce_len, const unsigned char *in, size_t in_len, - const unsigned char *ad, size_t ad_len); -}; diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c deleted file mode 100644 index 0787e2dc94..0000000000 --- a/src/lib/libcrypto/evp/evp_pbe.c +++ /dev/null @@ -1,295 +0,0 @@ -/* $OpenBSD: evp_pbe.c,v 1.23 2015/02/08 22:20:18 miod Exp $ */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include - -#include - -#include -#include -#include -#include - -#include "evp_locl.h" - -/* Password based encryption (PBE) functions */ - -DECLARE_STACK_OF(EVP_PBE_CTL) -static STACK_OF(EVP_PBE_CTL) *pbe_algs; - -/* Setup a cipher context from a PBE algorithm */ - -typedef struct { - int pbe_type; - int pbe_nid; - int cipher_nid; - int md_nid; - EVP_PBE_KEYGEN *keygen; -} EVP_PBE_CTL; - -static const EVP_PBE_CTL builtin_pbe[] = { - {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC, NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen}, - {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC, NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen}, - {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC, NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen}, - -#ifndef OPENSSL_NO_HMAC - {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen}, -#endif - - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4, NID_rc4, NID_sha1, PKCS12_PBE_keyivgen}, - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4, NID_rc4_40, NID_sha1, PKCS12_PBE_keyivgen}, - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NID_des_ede3_cbc, NID_sha1, PKCS12_PBE_keyivgen}, - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And2_Key_TripleDES_CBC, NID_des_ede_cbc, NID_sha1, PKCS12_PBE_keyivgen}, - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC2_CBC, NID_rc2_cbc, NID_sha1, PKCS12_PBE_keyivgen}, - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC, NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen}, - -#ifndef OPENSSL_NO_HMAC - {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen}, -#endif - {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC, NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen}, - {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC, NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen}, - {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndDES_CBC, NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen}, - - - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0}, - {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0}, -}; - -int -EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) -{ - const EVP_CIPHER *cipher; - const EVP_MD *md; - int cipher_nid, md_nid; - EVP_PBE_KEYGEN *keygen; - - if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj), - &cipher_nid, &md_nid, &keygen)) { - char obj_tmp[80]; - EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM); - if (!pbe_obj) - strlcpy(obj_tmp, "NULL", sizeof obj_tmp); - else - i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); - ERR_asprintf_error_data("TYPE=%s", obj_tmp); - return 0; - } - - if (!pass) - passlen = 0; - else if (passlen == -1) - passlen = strlen(pass); - - if (cipher_nid == -1) - cipher = NULL; - else { - cipher = EVP_get_cipherbynid(cipher_nid); - if (!cipher) { - EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_CIPHER); - return 0; - } - } - - if (md_nid == -1) - md = NULL; - else { - md = EVP_get_digestbynid(md_nid); - if (!md) { - EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_DIGEST); - return 0; - } - } - - if (!keygen(ctx, pass, passlen, param, cipher, md, en_de)) { - EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_KEYGEN_FAILURE); - return 0; - } - return 1; -} - -DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2); - -static int -pbe2_cmp(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2) -{ - int ret = pbe1->pbe_type - pbe2->pbe_type; - - if (ret) - return ret; - else - return pbe1->pbe_nid - pbe2->pbe_nid; -} - -IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2); - -static int -pbe_cmp(const EVP_PBE_CTL * const *a, const EVP_PBE_CTL * const *b) -{ - int ret = (*a)->pbe_type - (*b)->pbe_type; - - if (ret) - return ret; - else - return (*a)->pbe_nid - (*b)->pbe_nid; -} - -/* Add a PBE algorithm */ - -int -EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid, - EVP_PBE_KEYGEN *keygen) -{ - EVP_PBE_CTL *pbe_tmp; - - if (pbe_algs == NULL) { - pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp); - if (pbe_algs == NULL) { - EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, - ERR_R_MALLOC_FAILURE); - return 0; - } - } - pbe_tmp = malloc(sizeof(EVP_PBE_CTL)); - if (pbe_tmp == NULL) { - EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE); - return 0; - } - pbe_tmp->pbe_type = pbe_type; - pbe_tmp->pbe_nid = pbe_nid; - pbe_tmp->cipher_nid = cipher_nid; - pbe_tmp->md_nid = md_nid; - pbe_tmp->keygen = keygen; - - if (sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp) == 0) { - free(pbe_tmp); - EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE); - return 0; - } - return 1; -} - -int -EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, - EVP_PBE_KEYGEN *keygen) -{ - int cipher_nid, md_nid; - - if (cipher) - cipher_nid = EVP_CIPHER_nid(cipher); - else - cipher_nid = -1; - if (md) - md_nid = EVP_MD_type(md); - else - md_nid = -1; - - return EVP_PBE_alg_add_type(EVP_PBE_TYPE_OUTER, nid, - cipher_nid, md_nid, keygen); -} - -int -EVP_PBE_find(int type, int pbe_nid, - int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen) -{ - EVP_PBE_CTL *pbetmp = NULL, pbelu; - int i; - if (pbe_nid == NID_undef) - return 0; - - pbelu.pbe_type = type; - pbelu.pbe_nid = pbe_nid; - - if (pbe_algs) { - i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu); - if (i != -1) - pbetmp = sk_EVP_PBE_CTL_value (pbe_algs, i); - } - if (pbetmp == NULL) { - pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, - sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL)); - } - if (pbetmp == NULL) - return 0; - if (pcnid) - *pcnid = pbetmp->cipher_nid; - if (pmnid) - *pmnid = pbetmp->md_nid; - if (pkeygen) - *pkeygen = pbetmp->keygen; - return 1; -} - -static void -free_evp_pbe_ctl(EVP_PBE_CTL *pbe) -{ - free(pbe); -} - -void -EVP_PBE_cleanup(void) -{ - sk_EVP_PBE_CTL_pop_free(pbe_algs, free_evp_pbe_ctl); - pbe_algs = NULL; -} diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c deleted file mode 100644 index 689ff596ce..0000000000 --- a/src/lib/libcrypto/evp/evp_pkey.c +++ /dev/null @@ -1,240 +0,0 @@ -/* $OpenBSD: evp_pkey.c,v 1.18 2014/10/18 17:20:40 jsing Exp $ */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include - -#include -#include - -#include "asn1_locl.h" - -/* Extract a private key from a PKCS8 structure */ - -EVP_PKEY * -EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) -{ - EVP_PKEY *pkey = NULL; - ASN1_OBJECT *algoid; - char obj_tmp[80]; - - if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8)) - return NULL; - - if (!(pkey = EVP_PKEY_new())) { - EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid))) { - EVPerr(EVP_F_EVP_PKCS82PKEY, - EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); - i2t_ASN1_OBJECT(obj_tmp, 80, algoid); - ERR_asprintf_error_data("TYPE=%s", obj_tmp); - goto error; - } - - if (pkey->ameth->priv_decode) { - if (!pkey->ameth->priv_decode(pkey, p8)) { - EVPerr(EVP_F_EVP_PKCS82PKEY, - EVP_R_PRIVATE_KEY_DECODE_ERROR); - goto error; - } - } else { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_METHOD_NOT_SUPPORTED); - goto error; - } - - return pkey; - -error: - EVP_PKEY_free(pkey); - return NULL; -} - -PKCS8_PRIV_KEY_INFO * -EVP_PKEY2PKCS8(EVP_PKEY *pkey) -{ - return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK); -} - -/* Turn a private key into a PKCS8 structure */ - -PKCS8_PRIV_KEY_INFO * -EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) -{ - PKCS8_PRIV_KEY_INFO *p8; - - if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { - EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE); - return NULL; - } - p8->broken = broken; - - if (pkey->ameth) { - if (pkey->ameth->priv_encode) { - if (!pkey->ameth->priv_encode(p8, pkey)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, - EVP_R_PRIVATE_KEY_ENCODE_ERROR); - goto error; - } - } else { - EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, - EVP_R_METHOD_NOT_SUPPORTED); - goto error; - } - } else { - EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, - EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); - goto error; - } - return p8; - -error: - PKCS8_PRIV_KEY_INFO_free(p8); - return NULL; -} - -PKCS8_PRIV_KEY_INFO * -PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) -{ - switch (broken) { - case PKCS8_OK: - p8->broken = PKCS8_OK; - return p8; - break; - - case PKCS8_NO_OCTET: - p8->broken = PKCS8_NO_OCTET; - p8->pkey->type = V_ASN1_SEQUENCE; - return p8; - break; - - default: - EVPerr(EVP_F_PKCS8_SET_BROKEN, EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); - return NULL; - } -} - -/* EVP_PKEY attribute functions */ - -int -EVP_PKEY_get_attr_count(const EVP_PKEY *key) -{ - return X509at_get_attr_count(key->attributes); -} - -int -EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos) -{ - return X509at_get_attr_by_NID(key->attributes, nid, lastpos); -} - -int -EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, int lastpos) -{ - return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos); -} - -X509_ATTRIBUTE * -EVP_PKEY_get_attr(const EVP_PKEY *key, int loc) -{ - return X509at_get_attr(key->attributes, loc); -} - -X509_ATTRIBUTE * -EVP_PKEY_delete_attr(EVP_PKEY *key, int loc) -{ - return X509at_delete_attr(key->attributes, loc); -} - -int -EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr) -{ - if (X509at_add1_attr(&key->attributes, attr)) - return 1; - return 0; -} - -int -EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len) -{ - if (X509at_add1_attr_by_OBJ(&key->attributes, obj, type, bytes, len)) - return 1; - return 0; -} - -int -EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, int nid, int type, - const unsigned char *bytes, int len) -{ - if (X509at_add1_attr_by_NID(&key->attributes, nid, type, bytes, len)) - return 1; - return 0; -} - -int -EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, const char *attrname, int type, - const unsigned char *bytes, int len) -{ - if (X509at_add1_attr_by_txt(&key->attributes, attrname, type, - bytes, len)) - return 1; - return 0; -} diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c deleted file mode 100644 index d23c9b4e71..0000000000 --- a/src/lib/libcrypto/evp/m_dss.c +++ /dev/null @@ -1,117 +0,0 @@ -/* $OpenBSD: m_dss.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#include -#include -#include - -#ifndef OPENSSL_NO_DSA -#include -#endif - -#ifndef OPENSSL_NO_SHA - -static int -init(EVP_MD_CTX *ctx) -{ - return SHA1_Init(ctx->md_data); -} - -static int -update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA1_Update(ctx->md_data, data, count); -} - -static int -final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA1_Final(md, ctx->md_data); -} - -static const EVP_MD dsa_md = { - .type = NID_dsaWithSHA, - .pkey_type = NID_dsaWithSHA, - .md_size = SHA_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_DIGEST, - .init = init, - .update = update, - .final = final, - .copy = NULL, - .cleanup = NULL, -#ifndef OPENSSL_NO_DSA - .sign = (evp_sign_method *)DSA_sign, - .verify = (evp_verify_method *)DSA_verify, - .required_pkey_type = { - EVP_PKEY_DSA, EVP_PKEY_DSA2, EVP_PKEY_DSA3, EVP_PKEY_DSA4, 0, - }, -#endif - .block_size = SHA_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX), -}; - -const EVP_MD * -EVP_dss(void) -{ - return (&dsa_md); -} -#endif diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c deleted file mode 100644 index a906c11b69..0000000000 --- a/src/lib/libcrypto/evp/m_dss1.c +++ /dev/null @@ -1,117 +0,0 @@ -/* $OpenBSD: m_dss1.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#ifndef OPENSSL_NO_SHA - -#include -#include -#include - -#ifndef OPENSSL_NO_DSA -#include -#endif - -static int -init(EVP_MD_CTX *ctx) -{ - return SHA1_Init(ctx->md_data); -} - -static int -update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA1_Update(ctx->md_data, data, count); -} - -static int -final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA1_Final(md, ctx->md_data); -} - -static const EVP_MD dss1_md = { - .type = NID_dsa, - .pkey_type = NID_dsaWithSHA1, - .md_size = SHA_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_DIGEST, - .init = init, - .update = update, - .final = final, - .copy = NULL, - .cleanup = NULL, -#ifndef OPENSSL_NO_DSA - .sign = (evp_sign_method *)DSA_sign, - .verify = (evp_verify_method *)DSA_verify, - .required_pkey_type = { - EVP_PKEY_DSA, EVP_PKEY_DSA2, EVP_PKEY_DSA3, EVP_PKEY_DSA4, 0, - }, -#endif - .block_size = SHA_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX), -}; - -const EVP_MD * -EVP_dss1(void) -{ - return (&dss1_md); -} -#endif diff --git a/src/lib/libcrypto/evp/m_ecdsa.c b/src/lib/libcrypto/evp/m_ecdsa.c deleted file mode 100644 index b9af6423b5..0000000000 --- a/src/lib/libcrypto/evp/m_ecdsa.c +++ /dev/null @@ -1,166 +0,0 @@ -/* $OpenBSD: m_ecdsa.c,v 1.8 2014/07/11 08:44:48 jsing Exp $ */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#include -#include -#include - -#ifndef OPENSSL_NO_SHA - -static int -init(EVP_MD_CTX *ctx) -{ - return SHA1_Init(ctx->md_data); -} - -static int -update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA1_Update(ctx->md_data, data, count); -} - -static int -final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA1_Final(md, ctx->md_data); -} - -static const EVP_MD ecdsa_md = { - .type = NID_ecdsa_with_SHA1, - .pkey_type = NID_ecdsa_with_SHA1, - .md_size = SHA_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_DIGEST, - .init = init, - .update = update, - .final = final, - .copy = NULL, - .cleanup = NULL, -#ifndef OPENSSL_NO_ECDSA - .sign = (evp_sign_method *)ECDSA_sign, - .verify = (evp_verify_method *)ECDSA_verify, - .required_pkey_type = { - EVP_PKEY_EC, 0, 0, 0, - }, -#endif - .block_size = SHA_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX), -}; - -const EVP_MD * -EVP_ecdsa(void) -{ - return (&ecdsa_md); -} -#endif diff --git a/src/lib/libcrypto/evp/m_gost2814789.c b/src/lib/libcrypto/evp/m_gost2814789.c deleted file mode 100644 index 279af872e0..0000000000 --- a/src/lib/libcrypto/evp/m_gost2814789.c +++ /dev/null @@ -1,110 +0,0 @@ -/* $OpenBSD: m_gost2814789.c,v 1.2 2014/11/09 23:06:50 miod Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ -#include - -#ifndef OPENSSL_NO_GOST - -#include -#include -#include - -static int -gost2814789_init(EVP_MD_CTX *ctx) -{ - return GOST2814789IMIT_Init(ctx->md_data, - NID_id_Gost28147_89_CryptoPro_A_ParamSet); -} - -static int -gost2814789_update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return GOST2814789IMIT_Update(ctx->md_data, data, count); -} - -static int -gost2814789_final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return GOST2814789IMIT_Final(md, ctx->md_data); -} - -static int -gost2814789_md_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) -{ - GOST2814789IMIT_CTX *gctx = ctx->md_data; - - switch (cmd) { - case EVP_MD_CTRL_SET_KEY: - return Gost2814789_set_key(&gctx->cipher, p2, p1); - case EVP_MD_CTRL_GOST_SET_SBOX: - return Gost2814789_set_sbox(&gctx->cipher, p1); - } - return -2; -} - -static const EVP_MD gost2814789imit_md = { - .type = NID_id_Gost28147_89_MAC, - .pkey_type = NID_undef, - .md_size = GOST2814789IMIT_LENGTH, - .flags = 0, - .init = gost2814789_init, - .update = gost2814789_update, - .final = gost2814789_final, - .block_size = GOST2814789IMIT_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(GOST2814789IMIT_CTX), - .md_ctrl = gost2814789_md_ctrl, -}; - -const EVP_MD * -EVP_gost2814789imit(void) -{ - return (&gost2814789imit_md); -} -#endif diff --git a/src/lib/libcrypto/evp/m_gostr341194.c b/src/lib/libcrypto/evp/m_gostr341194.c deleted file mode 100644 index 66d9b4f303..0000000000 --- a/src/lib/libcrypto/evp/m_gostr341194.c +++ /dev/null @@ -1,97 +0,0 @@ -/* $OpenBSD: m_gostr341194.c,v 1.2 2014/11/09 23:06:50 miod Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ -#include - -#include - -#ifndef OPENSSL_NO_GOST - -#include -#include -#include - -static int -gostr341194_init(EVP_MD_CTX *ctx) -{ - return GOSTR341194_Init(ctx->md_data, - NID_id_GostR3411_94_CryptoProParamSet); -} - -static int -gostr341194_update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return GOSTR341194_Update(ctx->md_data, data, count); -} - -static int -gostr341194_final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return GOSTR341194_Final(md, ctx->md_data); -} - -static const EVP_MD gostr341194_md = { - .type = NID_id_GostR3411_94, - .pkey_type = NID_undef, - .md_size = GOSTR341194_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, - .init = gostr341194_init, - .update = gostr341194_update, - .final = gostr341194_final, - .block_size = GOSTR341194_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(GOSTR341194_CTX), -}; - -const EVP_MD * -EVP_gostr341194(void) -{ - return (&gostr341194_md); -} -#endif diff --git a/src/lib/libcrypto/evp/m_md4.c b/src/lib/libcrypto/evp/m_md4.c deleted file mode 100644 index e08980b1ed..0000000000 --- a/src/lib/libcrypto/evp/m_md4.c +++ /dev/null @@ -1,118 +0,0 @@ -/* $OpenBSD: m_md4.c,v 1.14 2014/07/13 09:30:02 miod Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#ifndef OPENSSL_NO_MD4 - -#include -#include -#include -#include - -#ifndef OPENSSL_NO_RSA -#include -#endif - -static int -init(EVP_MD_CTX *ctx) -{ - return MD4_Init(ctx->md_data); -} - -static int -update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return MD4_Update(ctx->md_data, data, count); -} - -static int -final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return MD4_Final(md, ctx->md_data); -} - -static const EVP_MD md4_md = { - .type = NID_md4, - .pkey_type = NID_md4WithRSAEncryption, - .md_size = MD4_DIGEST_LENGTH, - .flags = 0, - .init = init, - .update = update, - .final = final, - .copy = NULL, - .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif - .block_size = MD4_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(MD4_CTX), -}; - -const EVP_MD * -EVP_md4(void) -{ - return (&md4_md); -} -#endif diff --git a/src/lib/libcrypto/evp/m_md5.c b/src/lib/libcrypto/evp/m_md5.c deleted file mode 100644 index 36cff7ab51..0000000000 --- a/src/lib/libcrypto/evp/m_md5.c +++ /dev/null @@ -1,118 +0,0 @@ -/* $OpenBSD: m_md5.c,v 1.15 2014/07/13 09:30:02 miod Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#ifndef OPENSSL_NO_MD5 - -#include -#include -#include -#include - -#ifndef OPENSSL_NO_RSA -#include -#endif - -static int -init(EVP_MD_CTX *ctx) -{ - return MD5_Init(ctx->md_data); -} - -static int -update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return MD5_Update(ctx->md_data, data, count); -} - -static int -final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return MD5_Final(md, ctx->md_data); -} - -static const EVP_MD md5_md = { - .type = NID_md5, - .pkey_type = NID_md5WithRSAEncryption, - .md_size = MD5_DIGEST_LENGTH, - .flags = 0, - .init = init, - .update = update, - .final = final, - .copy = NULL, - .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif - .block_size = MD5_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(MD5_CTX), -}; - -const EVP_MD * -EVP_md5(void) -{ - return (&md5_md); -} -#endif diff --git a/src/lib/libcrypto/evp/m_null.c b/src/lib/libcrypto/evp/m_null.c deleted file mode 100644 index 897be3cee9..0000000000 --- a/src/lib/libcrypto/evp/m_null.c +++ /dev/null @@ -1,106 +0,0 @@ -/* $OpenBSD: m_null.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include -#include -#include - -static int -init(EVP_MD_CTX *ctx) -{ - return 1; -} - -static int -update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return 1; -} - -static int -final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return 1; -} - -static const EVP_MD null_md = { - .type = NID_undef, - .pkey_type = NID_undef, - .md_size = 0, - .flags = 0, - .init = init, - .update = update, - .final = final, - .copy = NULL, - .cleanup = NULL, - .sign = NULL, - .verify = NULL, - .required_pkey_type = { - 0, 0, 0, 0, - }, - .block_size = 0, - .ctx_size = sizeof(EVP_MD *), -}; - -const EVP_MD * -EVP_md_null(void) -{ - return (&null_md); -} diff --git a/src/lib/libcrypto/evp/m_ripemd.c b/src/lib/libcrypto/evp/m_ripemd.c deleted file mode 100644 index be7f1393b0..0000000000 --- a/src/lib/libcrypto/evp/m_ripemd.c +++ /dev/null @@ -1,118 +0,0 @@ -/* $OpenBSD: m_ripemd.c,v 1.12 2014/07/13 09:30:02 miod Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#ifndef OPENSSL_NO_RIPEMD - -#include -#include -#include -#include - -#ifndef OPENSSL_NO_RSA -#include -#endif - -static int -init(EVP_MD_CTX *ctx) -{ - return RIPEMD160_Init(ctx->md_data); -} - -static int -update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return RIPEMD160_Update(ctx->md_data, data, count); -} - -static int -final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return RIPEMD160_Final(md, ctx->md_data); -} - -static const EVP_MD ripemd160_md = { - .type = NID_ripemd160, - .pkey_type = NID_ripemd160WithRSA, - .md_size = RIPEMD160_DIGEST_LENGTH, - .flags = 0, - .init = init, - .update = update, - .final = final, - .copy = NULL, - .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif - .block_size = RIPEMD160_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(RIPEMD160_CTX), -}; - -const EVP_MD * -EVP_ripemd160(void) -{ - return (&ripemd160_md); -} -#endif diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c deleted file mode 100644 index 13d5b030d2..0000000000 --- a/src/lib/libcrypto/evp/m_sha1.c +++ /dev/null @@ -1,281 +0,0 @@ -/* $OpenBSD: m_sha1.c,v 1.17 2014/07/11 08:44:48 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#ifndef OPENSSL_NO_SHA - -#include -#include -#include - -#ifndef OPENSSL_NO_RSA -#include -#endif - -static int -init(EVP_MD_CTX *ctx) -{ - return SHA1_Init(ctx->md_data); -} - -static int -update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA1_Update(ctx->md_data, data, count); -} - -static int -final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA1_Final(md, ctx->md_data); -} - -static const EVP_MD sha1_md = { - .type = NID_sha1, - .pkey_type = NID_sha1WithRSAEncryption, - .md_size = SHA_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, - .init = init, - .update = update, - .final = final, - .copy = NULL, - .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif - .block_size = SHA_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX), -}; - -const EVP_MD * -EVP_sha1(void) -{ - return (&sha1_md); -} -#endif - -#ifndef OPENSSL_NO_SHA256 -static int -init224(EVP_MD_CTX *ctx) -{ - return SHA224_Init(ctx->md_data); -} - -static int -init256(EVP_MD_CTX *ctx) -{ - return SHA256_Init(ctx->md_data); -} -/* - * Even though there're separate SHA224_[Update|Final], we call - * SHA256 functions even in SHA224 context. This is what happens - * there anyway, so we can spare few CPU cycles:-) - */ -static int -update256(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA256_Update(ctx->md_data, data, count); -} - -static int -final256(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA256_Final(md, ctx->md_data); -} - -static const EVP_MD sha224_md = { - .type = NID_sha224, - .pkey_type = NID_sha224WithRSAEncryption, - .md_size = SHA224_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, - .init = init224, - .update = update256, - .final = final256, - .copy = NULL, - .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif - .block_size = SHA256_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(SHA256_CTX), -}; - -const EVP_MD * -EVP_sha224(void) -{ - return (&sha224_md); -} - -static const EVP_MD sha256_md = { - .type = NID_sha256, - .pkey_type = NID_sha256WithRSAEncryption, - .md_size = SHA256_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, - .init = init256, - .update = update256, - .final = final256, - .copy = NULL, - .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif - .block_size = SHA256_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(SHA256_CTX), -}; - -const EVP_MD * -EVP_sha256(void) -{ - return (&sha256_md); -} -#endif /* ifndef OPENSSL_NO_SHA256 */ - -#ifndef OPENSSL_NO_SHA512 -static int -init384(EVP_MD_CTX *ctx) -{ - return SHA384_Init(ctx->md_data); -} - -static int -init512(EVP_MD_CTX *ctx) -{ - return SHA512_Init(ctx->md_data); -} -/* See comment in SHA224/256 section */ -static int -update512(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA512_Update(ctx->md_data, data, count); -} - -static int -final512(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA512_Final(md, ctx->md_data); -} - -static const EVP_MD sha384_md = { - .type = NID_sha384, - .pkey_type = NID_sha384WithRSAEncryption, - .md_size = SHA384_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, - .init = init384, - .update = update512, - .final = final512, - .copy = NULL, - .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif - .block_size = SHA512_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(SHA512_CTX), -}; - -const EVP_MD * -EVP_sha384(void) -{ - return (&sha384_md); -} - -static const EVP_MD sha512_md = { - .type = NID_sha512, - .pkey_type = NID_sha512WithRSAEncryption, - .md_size = SHA512_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, - .init = init512, - .update = update512, - .final = final512, - .copy = NULL, - .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif - .block_size = SHA512_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(SHA512_CTX), -}; - -const EVP_MD * -EVP_sha512(void) -{ - return (&sha512_md); -} -#endif /* ifndef OPENSSL_NO_SHA512 */ diff --git a/src/lib/libcrypto/evp/m_sigver.c b/src/lib/libcrypto/evp/m_sigver.c deleted file mode 100644 index cc0927325b..0000000000 --- a/src/lib/libcrypto/evp/m_sigver.c +++ /dev/null @@ -1,193 +0,0 @@ -/* $OpenBSD: m_sigver.c,v 1.4 2014/07/11 08:44:48 jsing Exp $ */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2006. - */ -/* ==================================================================== - * Copyright (c) 2006,2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include - -#include -#include -#include -#include - -#include "evp_locl.h" - -static int -do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, - ENGINE *e, EVP_PKEY *pkey, int ver) -{ - if (ctx->pctx == NULL) - ctx->pctx = EVP_PKEY_CTX_new(pkey, e); - if (ctx->pctx == NULL) - return 0; - - if (type == NULL) { - int def_nid; - if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0) - type = EVP_get_digestbynid(def_nid); - } - - if (type == NULL) { - EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST); - return 0; - } - - if (ver) { - if (ctx->pctx->pmeth->verifyctx_init) { - if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, - ctx) <=0) - return 0; - ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX; - } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) - return 0; - } else { - if (ctx->pctx->pmeth->signctx_init) { - if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0) - return 0; - ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX; - } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) - return 0; - } - if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0) - return 0; - if (pctx) - *pctx = ctx->pctx; - if (!EVP_DigestInit_ex(ctx, type, e)) - return 0; - return 1; -} - -int -EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, - ENGINE *e, EVP_PKEY *pkey) -{ - return do_sigver_init(ctx, pctx, type, e, pkey, 0); -} - -int -EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, - ENGINE *e, EVP_PKEY *pkey) -{ - return do_sigver_init(ctx, pctx, type, e, pkey, 1); -} - -int -EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) -{ - int sctx, r = 0; - - if (ctx->pctx->pmeth->signctx) - sctx = 1; - else - sctx = 0; - if (sigret) { - EVP_MD_CTX tmp_ctx; - unsigned char md[EVP_MAX_MD_SIZE]; - unsigned int mdlen; - EVP_MD_CTX_init(&tmp_ctx); - if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) - return 0; - if (sctx) - r = tmp_ctx.pctx->pmeth->signctx(tmp_ctx.pctx, - sigret, siglen, &tmp_ctx); - else - r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); - EVP_MD_CTX_cleanup(&tmp_ctx); - if (sctx || !r) - return r; - if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0) - return 0; - } else { - if (sctx) { - if (ctx->pctx->pmeth->signctx(ctx->pctx, sigret, - siglen, ctx) <= 0) - return 0; - } else { - int s = EVP_MD_size(ctx->digest); - if (s < 0 || EVP_PKEY_sign(ctx->pctx, sigret, siglen, - NULL, s) <= 0) - return 0; - } - } - return 1; -} - -int -EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen) -{ - EVP_MD_CTX tmp_ctx; - unsigned char md[EVP_MAX_MD_SIZE]; - int r; - unsigned int mdlen; - int vctx; - - if (ctx->pctx->pmeth->verifyctx) - vctx = 1; - else - vctx = 0; - EVP_MD_CTX_init(&tmp_ctx); - if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) - return -1; - if (vctx) { - r = tmp_ctx.pctx->pmeth->verifyctx(tmp_ctx.pctx, sig, - siglen, &tmp_ctx); - } else - r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); - EVP_MD_CTX_cleanup(&tmp_ctx); - if (vctx || !r) - return r; - return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen); -} diff --git a/src/lib/libcrypto/evp/m_streebog.c b/src/lib/libcrypto/evp/m_streebog.c deleted file mode 100644 index 882c7852bb..0000000000 --- a/src/lib/libcrypto/evp/m_streebog.c +++ /dev/null @@ -1,131 +0,0 @@ -/* $OpenBSD: m_streebog.c,v 1.2 2014/11/09 23:06:50 miod Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#ifndef OPENSSL_NO_GOST - -#include -#include -#include - -static int -streebog_init256(EVP_MD_CTX *ctx) -{ - return STREEBOG256_Init(ctx->md_data); -} - -static int -streebog_update256(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return STREEBOG256_Update(ctx->md_data, data, count); -} - -static int -streebog_final256(EVP_MD_CTX *ctx, unsigned char *md) -{ - return STREEBOG256_Final(md, ctx->md_data); -} - -static int -streebog_init512(EVP_MD_CTX *ctx) -{ - return STREEBOG512_Init(ctx->md_data); -} - -static int -streebog_update512(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return STREEBOG512_Update(ctx->md_data, data, count); -} - -static int -streebog_final512(EVP_MD_CTX *ctx, unsigned char *md) -{ - return STREEBOG512_Final(md, ctx->md_data); -} - -static const EVP_MD streebog256_md = { - .type = NID_id_tc26_gost3411_2012_256, - .pkey_type = NID_undef, - .md_size = STREEBOG256_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, - .init = streebog_init256, - .update = streebog_update256, - .final = streebog_final256, - .block_size = STREEBOG_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(STREEBOG_CTX), -}; - -static const EVP_MD streebog512_md = { - .type = NID_id_tc26_gost3411_2012_512, - .pkey_type = NID_undef, - .md_size = STREEBOG512_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, - .init = streebog_init512, - .update = streebog_update512, - .final = streebog_final512, - .block_size = STREEBOG_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(STREEBOG_CTX), -}; - -const EVP_MD * -EVP_streebog256(void) -{ - return (&streebog256_md); -} - -const EVP_MD * -EVP_streebog512(void) -{ - return (&streebog512_md); -} -#endif diff --git a/src/lib/libcrypto/evp/m_wp.c b/src/lib/libcrypto/evp/m_wp.c deleted file mode 100644 index 3f543ac0af..0000000000 --- a/src/lib/libcrypto/evp/m_wp.c +++ /dev/null @@ -1,56 +0,0 @@ -/* $OpenBSD: m_wp.c,v 1.8 2014/07/13 09:30:02 miod Exp $ */ - -#include - -#include - -#ifndef OPENSSL_NO_WHIRLPOOL - -#include -#include -#include -#include - -static int -init(EVP_MD_CTX *ctx) -{ - return WHIRLPOOL_Init(ctx->md_data); -} - -static int -update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return WHIRLPOOL_Update(ctx->md_data, data, count); -} - -static int -final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return WHIRLPOOL_Final(md, ctx->md_data); -} - -static const EVP_MD whirlpool_md = { - .type = NID_whirlpool, - .pkey_type = 0, - .md_size = WHIRLPOOL_DIGEST_LENGTH, - .flags = 0, - .init = init, - .update = update, - .final = final, - .copy = NULL, - .cleanup = NULL, - .sign = NULL, - .verify = NULL, - .required_pkey_type = { - 0, 0, 0, 0, - }, - .block_size = WHIRLPOOL_BBLOCK / 8, - .ctx_size = sizeof(EVP_MD *) + sizeof(WHIRLPOOL_CTX), -}; - -const EVP_MD * -EVP_whirlpool(void) -{ - return (&whirlpool_md); -} -#endif diff --git a/src/lib/libcrypto/evp/names.c b/src/lib/libcrypto/evp/names.c deleted file mode 100644 index 33d7dc8084..0000000000 --- a/src/lib/libcrypto/evp/names.c +++ /dev/null @@ -1,228 +0,0 @@ -/* $OpenBSD: names.c,v 1.12 2014/07/11 08:44:48 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include -#include -#include - -int -EVP_add_cipher(const EVP_CIPHER *c) -{ - int r; - - if (c == NULL) - return 0; - - OPENSSL_init(); - - r = OBJ_NAME_add(OBJ_nid2sn(c->nid), OBJ_NAME_TYPE_CIPHER_METH, - (const char *)c); - if (r == 0) - return (0); - check_defer(c->nid); - r = OBJ_NAME_add(OBJ_nid2ln(c->nid), OBJ_NAME_TYPE_CIPHER_METH, - (const char *)c); - return (r); -} - -int -EVP_add_digest(const EVP_MD *md) -{ - int r; - const char *name; - - OPENSSL_init(); - - name = OBJ_nid2sn(md->type); - r = OBJ_NAME_add(name, OBJ_NAME_TYPE_MD_METH, (const char *)md); - if (r == 0) - return (0); - check_defer(md->type); - r = OBJ_NAME_add(OBJ_nid2ln(md->type), OBJ_NAME_TYPE_MD_METH, - (const char *)md); - if (r == 0) - return (0); - - if (md->pkey_type && md->type != md->pkey_type) { - r = OBJ_NAME_add(OBJ_nid2sn(md->pkey_type), - OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS, name); - if (r == 0) - return (0); - check_defer(md->pkey_type); - r = OBJ_NAME_add(OBJ_nid2ln(md->pkey_type), - OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS, name); - } - return (r); -} - -const EVP_CIPHER * -EVP_get_cipherbyname(const char *name) -{ - const EVP_CIPHER *cp; - - cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH); - return (cp); -} - -const EVP_MD * -EVP_get_digestbyname(const char *name) -{ - const EVP_MD *cp; - - cp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); - return (cp); -} - -void -EVP_cleanup(void) -{ - OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH); - OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH); - /* The above calls will only clean out the contents of the name - hash table, but not the hash table itself. The following line - does that part. -- Richard Levitte */ - OBJ_NAME_cleanup(-1); - - EVP_PBE_cleanup(); - if (obj_cleanup_defer == 2) { - obj_cleanup_defer = 0; - OBJ_cleanup(); - } - OBJ_sigid_free(); -} - -struct doall_cipher { - void *arg; - void (*fn)(const EVP_CIPHER *ciph, const char *from, const char *to, - void *arg); -}; - -static void -do_all_cipher_fn(const OBJ_NAME *nm, void *arg) -{ - struct doall_cipher *dc = arg; - - if (nm->alias) - dc->fn(NULL, nm->name, nm->data, dc->arg); - else - dc->fn((const EVP_CIPHER *)nm->data, nm->name, NULL, dc->arg); -} - -void -EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph, const char *from, - const char *to, void *x), void *arg) -{ - struct doall_cipher dc; - - dc.fn = fn; - dc.arg = arg; - OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc); -} - -void -EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph, const char *from, - const char *to, void *x), void *arg) -{ - struct doall_cipher dc; - - dc.fn = fn; - dc.arg = arg; - OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, - do_all_cipher_fn, &dc); -} - -struct doall_md { - void *arg; - void (*fn)(const EVP_MD *ciph, const char *from, const char *to, - void *arg); -}; - -static void -do_all_md_fn(const OBJ_NAME *nm, void *arg) -{ - struct doall_md *dc = arg; - - if (nm->alias) - dc->fn(NULL, nm->name, nm->data, dc->arg); - else - dc->fn((const EVP_MD *)nm->data, nm->name, NULL, dc->arg); -} - -void -EVP_MD_do_all(void (*fn)(const EVP_MD *md, const char *from, const char *to, - void *x), void *arg) -{ - struct doall_md dc; - - dc.fn = fn; - dc.arg = arg; - OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc); -} - -void -EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *md, - const char *from, const char *to, void *x), void *arg) -{ - struct doall_md dc; - - dc.fn = fn; - dc.arg = arg; - OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc); -} diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c deleted file mode 100644 index 112a69114c..0000000000 --- a/src/lib/libcrypto/evp/p5_crpt.c +++ /dev/null @@ -1,158 +0,0 @@ -/* $OpenBSD: p5_crpt.c,v 1.15 2015/02/10 09:52:35 miod Exp $ */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include - -#include -#include -#include - -/* Doesn't do anything now: Builtin PBE algorithms in static table. - */ - -void -PKCS5_PBE_add(void) -{ -} - -int -PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) -{ - EVP_MD_CTX ctx; - unsigned char md_tmp[EVP_MAX_MD_SIZE]; - unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; - int i; - PBEPARAM *pbe; - int saltlen, iter; - unsigned char *salt; - const unsigned char *pbuf; - int mdsize; - int rv = 0; - - /* Extract useful info from parameter */ - if (param == NULL || param->type != V_ASN1_SEQUENCE || - param->value.sequence == NULL) { - EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); - return 0; - } - - mdsize = EVP_MD_size(md); - if (mdsize < 0) - return 0; - - pbuf = param->value.sequence->data; - if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { - EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); - return 0; - } - - if (!pbe->iter) - iter = 1; - else - iter = ASN1_INTEGER_get (pbe->iter); - salt = pbe->salt->data; - saltlen = pbe->salt->length; - - if (!pass) - passlen = 0; - else if (passlen == -1) - passlen = strlen(pass); - - EVP_MD_CTX_init(&ctx); - - if (!EVP_DigestInit_ex(&ctx, md, NULL)) - goto err; - if (!EVP_DigestUpdate(&ctx, pass, passlen)) - goto err; - if (!EVP_DigestUpdate(&ctx, salt, saltlen)) - goto err; - if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) - goto err; - for (i = 1; i < iter; i++) { - if (!EVP_DigestInit_ex(&ctx, md, NULL)) - goto err; - if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize)) - goto err; - if (!EVP_DigestFinal_ex (&ctx, md_tmp, NULL)) - goto err; - } - if ((size_t)EVP_CIPHER_key_length(cipher) > sizeof(md_tmp)) { - EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_BAD_KEY_LENGTH); - goto err; - } - memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); - if ((size_t)EVP_CIPHER_iv_length(cipher) > 16) { - EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_IV_TOO_LARGE); - goto err; - } - memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), - EVP_CIPHER_iv_length(cipher)); - if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de)) - goto err; - OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); - OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); - OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); - rv = 1; -err: - EVP_MD_CTX_cleanup(&ctx); - PBEPARAM_free(pbe); - return rv; -} diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c deleted file mode 100644 index afafb9551f..0000000000 --- a/src/lib/libcrypto/evp/p5_crpt2.c +++ /dev/null @@ -1,308 +0,0 @@ -/* $OpenBSD: p5_crpt2.c,v 1.20 2015/02/14 15:49:51 miod Exp $ */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include - -#include - -#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) - -#include -#include -#include -#include - -#include "evp_locl.h" - -/* This is an implementation of PKCS#5 v2.0 password based encryption key - * derivation function PBKDF2. - * SHA1 version verified against test vectors posted by Peter Gutmann - * to the PKCS-TNG mailing list. - */ - -int -PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, - int saltlen, int iter, const EVP_MD *digest, int keylen, unsigned char *out) -{ - unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; - int cplen, j, k, tkeylen, mdlen; - unsigned long i = 1; - HMAC_CTX hctx_tpl, hctx; - - mdlen = EVP_MD_size(digest); - if (mdlen < 0) - return 0; - - HMAC_CTX_init(&hctx_tpl); - p = out; - tkeylen = keylen; - if (!pass) - passlen = 0; - else if (passlen == -1) - passlen = strlen(pass); - if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) { - HMAC_CTX_cleanup(&hctx_tpl); - return 0; - } - while (tkeylen) { - if (tkeylen > mdlen) - cplen = mdlen; - else - cplen = tkeylen; - /* We are unlikely to ever use more than 256 blocks (5120 bits!) - * but just in case... - */ - itmp[0] = (unsigned char)((i >> 24) & 0xff); - itmp[1] = (unsigned char)((i >> 16) & 0xff); - itmp[2] = (unsigned char)((i >> 8) & 0xff); - itmp[3] = (unsigned char)(i & 0xff); - if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { - HMAC_CTX_cleanup(&hctx_tpl); - return 0; - } - if (!HMAC_Update(&hctx, salt, saltlen) || - !HMAC_Update(&hctx, itmp, 4) || - !HMAC_Final(&hctx, digtmp, NULL)) { - HMAC_CTX_cleanup(&hctx_tpl); - HMAC_CTX_cleanup(&hctx); - return 0; - } - HMAC_CTX_cleanup(&hctx); - memcpy(p, digtmp, cplen); - for (j = 1; j < iter; j++) { - if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { - HMAC_CTX_cleanup(&hctx_tpl); - return 0; - } - if (!HMAC_Update(&hctx, digtmp, mdlen) || - !HMAC_Final(&hctx, digtmp, NULL)) { - HMAC_CTX_cleanup(&hctx_tpl); - HMAC_CTX_cleanup(&hctx); - return 0; - } - HMAC_CTX_cleanup(&hctx); - for (k = 0; k < cplen; k++) - p[k] ^= digtmp[k]; - } - tkeylen -= cplen; - i++; - p += cplen; - } - HMAC_CTX_cleanup(&hctx_tpl); - return 1; -} - -int -PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, const unsigned char *salt, - int saltlen, int iter, int keylen, unsigned char *out) -{ - return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, - EVP_sha1(), keylen, out); -} - -/* Now the key derivation function itself. This is a bit evil because - * it has to check the ASN1 parameters are valid: and there are quite a - * few of them... - */ - -int -PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) -{ - const unsigned char *pbuf; - int plen; - PBE2PARAM *pbe2 = NULL; - const EVP_CIPHER *cipher; - - int rv = 0; - - if (param == NULL || param->type != V_ASN1_SEQUENCE || - param->value.sequence == NULL) { - EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); - goto err; - } - - pbuf = param->value.sequence->data; - plen = param->value.sequence->length; - if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { - EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); - goto err; - } - - /* See if we recognise the key derivation function */ - - if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) { - EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, - EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); - goto err; - } - - /* lets see if we recognise the encryption algorithm. - */ - - cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm); - - if (!cipher) { - EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, - EVP_R_UNSUPPORTED_CIPHER); - goto err; - } - - /* Fixup cipher based on AlgorithmIdentifier */ - if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de)) - goto err; - if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { - EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, - EVP_R_CIPHER_PARAMETER_ERROR); - goto err; - } - rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen, - pbe2->keyfunc->parameter, c, md, en_de); - -err: - PBE2PARAM_free(pbe2); - return rv; -} - -int -PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) -{ - unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; - const unsigned char *pbuf; - int saltlen, iter, plen; - int rv = 0; - unsigned int keylen = 0; - int prf_nid, hmac_md_nid; - PBKDF2PARAM *kdf = NULL; - const EVP_MD *prfmd; - - if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { - EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_NO_CIPHER_SET); - return 0; - } - keylen = EVP_CIPHER_CTX_key_length(ctx); - if (keylen > sizeof key) { - EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_BAD_KEY_LENGTH); - return 0; - } - - /* Decode parameter */ - - if (!param || (param->type != V_ASN1_SEQUENCE)) { - EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); - return 0; - } - - pbuf = param->value.sequence->data; - plen = param->value.sequence->length; - - if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { - EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); - return 0; - } - - /* Now check the parameters of the kdf */ - - if (kdf->keylength && - (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ - EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, - EVP_R_UNSUPPORTED_KEYLENGTH); - goto err; - } - - if (kdf->prf) - prf_nid = OBJ_obj2nid(kdf->prf->algorithm); - else - prf_nid = NID_hmacWithSHA1; - - if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) { - EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); - goto err; - } - - prfmd = EVP_get_digestbynid(hmac_md_nid); - if (prfmd == NULL) { - EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); - goto err; - } - - if (kdf->salt->type != V_ASN1_OCTET_STRING) { - EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, - EVP_R_UNSUPPORTED_SALT_TYPE); - goto err; - } - - /* it seems that its all OK */ - salt = kdf->salt->value.octet_string->data; - saltlen = kdf->salt->value.octet_string->length; - iter = ASN1_INTEGER_get(kdf->iter); - if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd, - keylen, key)) - goto err; - rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); - -err: - OPENSSL_cleanse(key, keylen); - PBKDF2PARAM_free(kdf); - return rv; -} - -#endif diff --git a/src/lib/libcrypto/evp/p_dec.c b/src/lib/libcrypto/evp/p_dec.c deleted file mode 100644 index 2244ae8c62..0000000000 --- a/src/lib/libcrypto/evp/p_dec.c +++ /dev/null @@ -1,92 +0,0 @@ -/* $OpenBSD: p_dec.c,v 1.10 2014/10/18 17:20:40 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#include -#include -#include -#include - -#ifndef OPENSSL_NO_RSA -#include -#endif - -int -EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, - EVP_PKEY *priv) -{ - int ret = -1; - -#ifndef OPENSSL_NO_RSA - if (priv->type != EVP_PKEY_RSA) { -#endif - EVPerr(EVP_F_EVP_PKEY_DECRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA); -#ifndef OPENSSL_NO_RSA - goto err; - } - - ret = RSA_private_decrypt(ekl, ek, key, priv->pkey.rsa, - RSA_PKCS1_PADDING); - -err: -#endif - return (ret); -} diff --git a/src/lib/libcrypto/evp/p_enc.c b/src/lib/libcrypto/evp/p_enc.c deleted file mode 100644 index 63d2649f6e..0000000000 --- a/src/lib/libcrypto/evp/p_enc.c +++ /dev/null @@ -1,89 +0,0 @@ -/* $OpenBSD: p_enc.c,v 1.10 2014/10/18 17:20:40 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#include -#include -#include -#include - -#ifndef OPENSSL_NO_RSA -#include -#endif - -int -EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, int key_len, - EVP_PKEY *pubk) -{ - int ret = 0; - -#ifndef OPENSSL_NO_RSA - if (pubk->type != EVP_PKEY_RSA) { -#endif - EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA); -#ifndef OPENSSL_NO_RSA - goto err; - } - ret = RSA_public_encrypt(key_len, key, ek, pubk->pkey.rsa, RSA_PKCS1_PADDING); -err: -#endif - return (ret); -} diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c deleted file mode 100644 index e172c34894..0000000000 --- a/src/lib/libcrypto/evp/p_lib.c +++ /dev/null @@ -1,483 +0,0 @@ -/* $OpenBSD: p_lib.c,v 1.16 2014/07/12 22:26:01 miod Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#include -#include -#include -#include -#include - -#ifndef OPENSSL_NO_DH -#include -#endif -#ifndef OPENSSL_NO_DSA -#include -#endif -#ifndef OPENSSL_NO_RSA -#include -#endif - -#ifndef OPENSSL_NO_ENGINE -#include -#endif - -#include "asn1_locl.h" - -static void EVP_PKEY_free_it(EVP_PKEY *x); - -int -EVP_PKEY_bits(EVP_PKEY *pkey) -{ - if (pkey && pkey->ameth && pkey->ameth->pkey_bits) - return pkey->ameth->pkey_bits(pkey); - return 0; -} - -int -EVP_PKEY_size(EVP_PKEY *pkey) -{ - if (pkey && pkey->ameth && pkey->ameth->pkey_size) - return pkey->ameth->pkey_size(pkey); - return 0; -} - -int -EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) -{ -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) { - int ret = pkey->save_parameters; - - if (mode >= 0) - pkey->save_parameters = mode; - return (ret); - } -#endif -#ifndef OPENSSL_NO_EC - if (pkey->type == EVP_PKEY_EC) { - int ret = pkey->save_parameters; - - if (mode >= 0) - pkey->save_parameters = mode; - return (ret); - } -#endif - return (0); -} - -int -EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) -{ - if (to->type != from->type) { - EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, - EVP_R_DIFFERENT_KEY_TYPES); - goto err; - } - - if (EVP_PKEY_missing_parameters(from)) { - EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, - EVP_R_MISSING_PARAMETERS); - goto err; - } - if (from->ameth && from->ameth->param_copy) - return from->ameth->param_copy(to, from); - -err: - return 0; -} - -int -EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) -{ - if (pkey->ameth && pkey->ameth->param_missing) - return pkey->ameth->param_missing(pkey); - return 0; -} - -int -EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) -{ - if (a->type != b->type) - return -1; - if (a->ameth && a->ameth->param_cmp) - return a->ameth->param_cmp(a, b); - return -2; -} - -int -EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) -{ - if (a->type != b->type) - return -1; - - if (a->ameth) { - int ret; - /* Compare parameters if the algorithm has them */ - if (a->ameth->param_cmp) { - ret = a->ameth->param_cmp(a, b); - if (ret <= 0) - return ret; - } - - if (a->ameth->pub_cmp) - return a->ameth->pub_cmp(a, b); - } - - return -2; -} - -EVP_PKEY * -EVP_PKEY_new(void) -{ - EVP_PKEY *ret; - - ret = malloc(sizeof(EVP_PKEY)); - if (ret == NULL) { - EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE); - return (NULL); - } - ret->type = EVP_PKEY_NONE; - ret->save_type = EVP_PKEY_NONE; - ret->references = 1; - ret->ameth = NULL; - ret->engine = NULL; - ret->pkey.ptr = NULL; - ret->attributes = NULL; - ret->save_parameters = 1; - return (ret); -} - -/* Setup a public key ASN1 method and ENGINE from a NID or a string. - * If pkey is NULL just return 1 or 0 if the algorithm exists. - */ - -static int -pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len) -{ - const EVP_PKEY_ASN1_METHOD *ameth; - ENGINE *e = NULL; - if (pkey) { - if (pkey->pkey.ptr) - EVP_PKEY_free_it(pkey); - /* If key type matches and a method exists then this - * lookup has succeeded once so just indicate success. - */ - if ((type == pkey->save_type) && pkey->ameth) - return 1; -#ifndef OPENSSL_NO_ENGINE - /* If we have an ENGINE release it */ - if (pkey->engine) { - ENGINE_finish(pkey->engine); - pkey->engine = NULL; - } -#endif - } - if (str) - ameth = EVP_PKEY_asn1_find_str(&e, str, len); - else - ameth = EVP_PKEY_asn1_find(&e, type); -#ifndef OPENSSL_NO_ENGINE - if (!pkey && e) - ENGINE_finish(e); -#endif - if (!ameth) { - EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM); - return 0; - } - if (pkey) { - pkey->ameth = ameth; - pkey->engine = e; - - pkey->type = pkey->ameth->pkey_id; - pkey->save_type = type; - } - return 1; -} - -int -EVP_PKEY_set_type(EVP_PKEY *pkey, int type) -{ - return pkey_set_type(pkey, type, NULL, -1); -} - -int -EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len) -{ - return pkey_set_type(pkey, EVP_PKEY_NONE, str, len); -} - -int -EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) -{ - if (!EVP_PKEY_set_type(pkey, type)) - return 0; - pkey->pkey.ptr = key; - return (key != NULL); -} - -void * -EVP_PKEY_get0(EVP_PKEY *pkey) -{ - return pkey->pkey.ptr; -} - -#ifndef OPENSSL_NO_RSA -int -EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) -{ - int ret = EVP_PKEY_assign_RSA(pkey, key); - if (ret) - RSA_up_ref(key); - return ret; -} - -RSA * -EVP_PKEY_get1_RSA(EVP_PKEY *pkey) -{ - if (pkey->type != EVP_PKEY_RSA) { - EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY); - return NULL; - } - RSA_up_ref(pkey->pkey.rsa); - return pkey->pkey.rsa; -} -#endif - -#ifndef OPENSSL_NO_DSA -int -EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key) -{ - int ret = EVP_PKEY_assign_DSA(pkey, key); - if (ret) - DSA_up_ref(key); - return ret; -} - -DSA * -EVP_PKEY_get1_DSA(EVP_PKEY *pkey) -{ - if (pkey->type != EVP_PKEY_DSA) { - EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY); - return NULL; - } - DSA_up_ref(pkey->pkey.dsa); - return pkey->pkey.dsa; -} -#endif - -#ifndef OPENSSL_NO_EC - -int -EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) -{ - int ret = EVP_PKEY_assign_EC_KEY(pkey, key); - if (ret) - EC_KEY_up_ref(key); - return ret; -} - -EC_KEY * -EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) -{ - if (pkey->type != EVP_PKEY_EC) { - EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); - return NULL; - } - EC_KEY_up_ref(pkey->pkey.ec); - return pkey->pkey.ec; -} -#endif - - -#ifndef OPENSSL_NO_DH - -int -EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) -{ - int ret = EVP_PKEY_assign_DH(pkey, key); - if (ret) - DH_up_ref(key); - return ret; -} - -DH * -EVP_PKEY_get1_DH(EVP_PKEY *pkey) -{ - if (pkey->type != EVP_PKEY_DH) { - EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY); - return NULL; - } - DH_up_ref(pkey->pkey.dh); - return pkey->pkey.dh; -} -#endif - -int -EVP_PKEY_type(int type) -{ - int ret; - const EVP_PKEY_ASN1_METHOD *ameth; - ENGINE *e; - ameth = EVP_PKEY_asn1_find(&e, type); - if (ameth) - ret = ameth->pkey_id; - else - ret = NID_undef; -#ifndef OPENSSL_NO_ENGINE - if (e) - ENGINE_finish(e); -#endif - return ret; -} - -int -EVP_PKEY_id(const EVP_PKEY *pkey) -{ - return pkey->type; -} - -int -EVP_PKEY_base_id(const EVP_PKEY *pkey) -{ - return EVP_PKEY_type(pkey->type); -} - -void -EVP_PKEY_free(EVP_PKEY *x) -{ - int i; - - if (x == NULL) - return; - - i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_EVP_PKEY); - if (i > 0) - return; - - EVP_PKEY_free_it(x); - if (x->attributes) - sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); - free(x); -} - -static void -EVP_PKEY_free_it(EVP_PKEY *x) -{ - if (x->ameth && x->ameth->pkey_free) { - x->ameth->pkey_free(x); - x->pkey.ptr = NULL; - } -#ifndef OPENSSL_NO_ENGINE - if (x->engine) { - ENGINE_finish(x->engine); - x->engine = NULL; - } -#endif -} - -static int -unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent, const char *kstr) -{ - BIO_indent(out, indent, 128); - BIO_printf(out, "%s algorithm \"%s\" unsupported\n", - kstr, OBJ_nid2ln(pkey->type)); - return 1; -} - -int -EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx) -{ - if (pkey->ameth && pkey->ameth->pub_print) - return pkey->ameth->pub_print(out, pkey, indent, pctx); - - return unsup_alg(out, pkey, indent, "Public Key"); -} - -int -EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx) -{ - if (pkey->ameth && pkey->ameth->priv_print) - return pkey->ameth->priv_print(out, pkey, indent, pctx); - - return unsup_alg(out, pkey, indent, "Private Key"); -} - -int -EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx) -{ - if (pkey->ameth && pkey->ameth->param_print) - return pkey->ameth->param_print(out, pkey, indent, pctx); - return unsup_alg(out, pkey, indent, "Parameters"); -} - -int -EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid) -{ - if (!pkey->ameth || !pkey->ameth->pkey_ctrl) - return -2; - return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, - 0, pnid); -} - diff --git a/src/lib/libcrypto/evp/p_open.c b/src/lib/libcrypto/evp/p_open.c deleted file mode 100644 index aca83e74f6..0000000000 --- a/src/lib/libcrypto/evp/p_open.c +++ /dev/null @@ -1,127 +0,0 @@ -/* $OpenBSD: p_open.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#ifndef OPENSSL_NO_RSA - -#include -#include -#include -#include -#include - -int -EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - const unsigned char *ek, int ekl, const unsigned char *iv, EVP_PKEY *priv) -{ - unsigned char *key = NULL; - int i, size = 0, ret = 0; - - if (type) { - EVP_CIPHER_CTX_init(ctx); - if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL)) - return 0; - } - - if (!priv) - return 1; - - if (priv->type != EVP_PKEY_RSA) { - EVPerr(EVP_F_EVP_OPENINIT, EVP_R_PUBLIC_KEY_NOT_RSA); - goto err; - } - - size = RSA_size(priv->pkey.rsa); - key = malloc(size + 2); - if (key == NULL) { - /* ERROR */ - EVPerr(EVP_F_EVP_OPENINIT, ERR_R_MALLOC_FAILURE); - goto err; - } - - i = EVP_PKEY_decrypt_old(key, ek, ekl, priv); - if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) { - /* ERROR */ - goto err; - } - if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) - goto err; - - ret = 1; - -err: - if (key != NULL) - OPENSSL_cleanse(key, size); - free(key); - return (ret); -} - -int -EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - int i; - - i = EVP_DecryptFinal_ex(ctx, out, outl); - if (i) - i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL); - return (i); -} -#endif diff --git a/src/lib/libcrypto/evp/p_seal.c b/src/lib/libcrypto/evp/p_seal.c deleted file mode 100644 index 8b9740fbcd..0000000000 --- a/src/lib/libcrypto/evp/p_seal.c +++ /dev/null @@ -1,124 +0,0 @@ -/* $OpenBSD: p_seal.c,v 1.14 2014/10/22 13:02:04 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include - -#include - -#include -#include -#include - -#ifndef OPENSSL_NO_RSA -#include -#endif - -int -EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, - int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk) -{ - unsigned char key[EVP_MAX_KEY_LENGTH]; - int i; - - if (type) { - EVP_CIPHER_CTX_init(ctx); - if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL)) - return 0; - } - if ((npubk <= 0) || !pubk) - return 1; - if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) - return 0; - if (EVP_CIPHER_CTX_iv_length(ctx)) - arc4random_buf(iv, EVP_CIPHER_CTX_iv_length(ctx)); - - if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) - return 0; - - for (i = 0; i < npubk; i++) { - ekl[i] = EVP_PKEY_encrypt_old(ek[i], key, - EVP_CIPHER_CTX_key_length(ctx), pubk[i]); - if (ekl[i] <= 0) - return (-1); - } - return (npubk); -} - -/* MACRO -void EVP_SealUpdate(ctx,out,outl,in,inl) -EVP_CIPHER_CTX *ctx; -unsigned char *out; -int *outl; -unsigned char *in; -int inl; - { - EVP_EncryptUpdate(ctx,out,outl,in,inl); - } -*/ - -int -EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - int i; - - i = EVP_EncryptFinal_ex(ctx, out, outl); - if (i) - i = EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL); - return i; -} diff --git a/src/lib/libcrypto/evp/p_sign.c b/src/lib/libcrypto/evp/p_sign.c deleted file mode 100644 index 4058d47f07..0000000000 --- a/src/lib/libcrypto/evp/p_sign.c +++ /dev/null @@ -1,123 +0,0 @@ -/* $OpenBSD: p_sign.c,v 1.13 2015/02/07 13:19:15 doug Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include -#include -#include -#include - -int -EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, - EVP_PKEY *pkey) -{ - unsigned char m[EVP_MAX_MD_SIZE]; - unsigned int m_len; - int i = 0, ok = 0, v; - EVP_MD_CTX tmp_ctx; - EVP_PKEY_CTX *pkctx = NULL; - - *siglen = 0; - EVP_MD_CTX_init(&tmp_ctx); - if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) - goto err; - if (!EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len)) - goto err; - EVP_MD_CTX_cleanup(&tmp_ctx); - - if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { - size_t sltmp = (size_t)EVP_PKEY_size(pkey); - i = 0; - pkctx = EVP_PKEY_CTX_new(pkey, NULL); - if (!pkctx) - goto err; - if (EVP_PKEY_sign_init(pkctx) <= 0) - goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) - goto err; - if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) - goto err; - *siglen = sltmp; - i = 1; -err: - EVP_PKEY_CTX_free(pkctx); - return i; - } - - for (i = 0; i < 4; i++) { - v = ctx->digest->required_pkey_type[i]; - if (v == 0) - break; - if (pkey->type == v) { - ok = 1; - break; - } - } - if (!ok) { - EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE); - return (0); - } - - if (ctx->digest->sign == NULL) { - EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_NO_SIGN_FUNCTION_CONFIGURED); - return (0); - } - return(ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen, - pkey->pkey.ptr)); -} diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c deleted file mode 100644 index e653fcf6a5..0000000000 --- a/src/lib/libcrypto/evp/p_verify.c +++ /dev/null @@ -1,119 +0,0 @@ -/* $OpenBSD: p_verify.c,v 1.12 2014/07/11 08:44:48 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include -#include -#include -#include - -int -EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, - unsigned int siglen, EVP_PKEY *pkey) -{ - unsigned char m[EVP_MAX_MD_SIZE]; - unsigned int m_len; - int i = 0, ok = 0, v; - EVP_MD_CTX tmp_ctx; - EVP_PKEY_CTX *pkctx = NULL; - - EVP_MD_CTX_init(&tmp_ctx); - if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) - goto err; - if (!EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len)) - goto err; - EVP_MD_CTX_cleanup(&tmp_ctx); - - if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { - i = -1; - pkctx = EVP_PKEY_CTX_new(pkey, NULL); - if (!pkctx) - goto err; - if (EVP_PKEY_verify_init(pkctx) <= 0) - goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) - goto err; - i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); -err: - EVP_PKEY_CTX_free(pkctx); - return i; - } - - for (i = 0; i < 4; i++) { - v = ctx->digest->required_pkey_type[i]; - if (v == 0) - break; - if (pkey->type == v) { - ok = 1; - break; - } - } - if (!ok) { - EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE); - return (-1); - } - if (ctx->digest->verify == NULL) { - EVPerr(EVP_F_EVP_VERIFYFINAL, - EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); - return (0); - } - - return(ctx->digest->verify(ctx->digest->type, m, m_len, - sigbuf, siglen, pkey->pkey.ptr)); -} diff --git a/src/lib/libcrypto/evp/pmeth_fn.c b/src/lib/libcrypto/evp/pmeth_fn.c deleted file mode 100644 index 4cf18a0be1..0000000000 --- a/src/lib/libcrypto/evp/pmeth_fn.c +++ /dev/null @@ -1,362 +0,0 @@ -/* $OpenBSD: pmeth_fn.c,v 1.5 2014/07/12 16:03:37 miod Exp $ */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2006. - */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include - -#include -#include -#include - -#include "evp_locl.h" - -#define M_check_autoarg(ctx, arg, arglen, err) \ - if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \ - { \ - size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \ - if (!arg) \ - { \ - *arglen = pksize; \ - return 1; \ - } \ - else if (*arglen < pksize) \ - { \ - EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/\ - return 0; \ - } \ - } - -int -EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx) -{ - int ret; - - if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) { - EVPerr(EVP_F_EVP_PKEY_SIGN_INIT, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - ctx->operation = EVP_PKEY_OP_SIGN; - if (!ctx->pmeth->sign_init) - return 1; - ret = ctx->pmeth->sign_init(ctx); - if (ret <= 0) - ctx->operation = EVP_PKEY_OP_UNDEFINED; - return ret; -} - -int -EVP_PKEY_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen) -{ - if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) { - EVPerr(EVP_F_EVP_PKEY_SIGN, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - if (ctx->operation != EVP_PKEY_OP_SIGN) { - EVPerr(EVP_F_EVP_PKEY_SIGN, EVP_R_OPERATON_NOT_INITIALIZED); - return -1; - } - M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN) - return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen); -} - -int -EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx) -{ - int ret; - - if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) { - EVPerr(EVP_F_EVP_PKEY_VERIFY_INIT, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - ctx->operation = EVP_PKEY_OP_VERIFY; - if (!ctx->pmeth->verify_init) - return 1; - ret = ctx->pmeth->verify_init(ctx); - if (ret <= 0) - ctx->operation = EVP_PKEY_OP_UNDEFINED; - return ret; -} - -int -EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen) -{ - if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) { - EVPerr(EVP_F_EVP_PKEY_VERIFY, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - if (ctx->operation != EVP_PKEY_OP_VERIFY) { - EVPerr(EVP_F_EVP_PKEY_VERIFY, EVP_R_OPERATON_NOT_INITIALIZED); - return -1; - } - return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen); -} - -int -EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx) -{ - int ret; - - if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) { - EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - ctx->operation = EVP_PKEY_OP_VERIFYRECOVER; - if (!ctx->pmeth->verify_recover_init) - return 1; - ret = ctx->pmeth->verify_recover_init(ctx); - if (ret <= 0) - ctx->operation = EVP_PKEY_OP_UNDEFINED; - return ret; -} - -int -EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, unsigned char *rout, size_t *routlen, - const unsigned char *sig, size_t siglen) -{ - if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) { - EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) { - EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER, - EVP_R_OPERATON_NOT_INITIALIZED); - return -1; - } - M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER) - return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen); -} - -int -EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx) -{ - int ret; - - if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) { - EVPerr(EVP_F_EVP_PKEY_ENCRYPT_INIT, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - ctx->operation = EVP_PKEY_OP_ENCRYPT; - if (!ctx->pmeth->encrypt_init) - return 1; - ret = ctx->pmeth->encrypt_init(ctx); - if (ret <= 0) - ctx->operation = EVP_PKEY_OP_UNDEFINED; - return ret; -} - -int -EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen) -{ - if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) { - EVPerr(EVP_F_EVP_PKEY_ENCRYPT, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - if (ctx->operation != EVP_PKEY_OP_ENCRYPT) { - EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_OPERATON_NOT_INITIALIZED); - return -1; - } - M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT) - return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen); -} - -int -EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx) -{ - int ret; - - if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) { - EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - ctx->operation = EVP_PKEY_OP_DECRYPT; - if (!ctx->pmeth->decrypt_init) - return 1; - ret = ctx->pmeth->decrypt_init(ctx); - if (ret <= 0) - ctx->operation = EVP_PKEY_OP_UNDEFINED; - return ret; -} - -int -EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen) -{ - if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) { - EVPerr(EVP_F_EVP_PKEY_DECRYPT, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - if (ctx->operation != EVP_PKEY_OP_DECRYPT) { - EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_OPERATON_NOT_INITIALIZED); - return -1; - } - M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT) - return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen); -} - -int -EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) -{ - int ret; - - if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) { - EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - ctx->operation = EVP_PKEY_OP_DERIVE; - if (!ctx->pmeth->derive_init) - return 1; - ret = ctx->pmeth->derive_init(ctx); - if (ret <= 0) - ctx->operation = EVP_PKEY_OP_UNDEFINED; - return ret; -} - -int -EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) -{ - int ret; - - if (!ctx || !ctx->pmeth || !(ctx->pmeth->derive || - ctx->pmeth->encrypt || ctx->pmeth->decrypt) || - !ctx->pmeth->ctrl) { - EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - if (ctx->operation != EVP_PKEY_OP_DERIVE && - ctx->operation != EVP_PKEY_OP_ENCRYPT && - ctx->operation != EVP_PKEY_OP_DECRYPT) { - EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, - EVP_R_OPERATON_NOT_INITIALIZED); - return -1; - } - - ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer); - - if (ret <= 0) - return ret; - - if (ret == 2) - return 1; - - if (!ctx->pkey) { - EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET); - return -1; - } - - if (ctx->pkey->type != peer->type) { - EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, - EVP_R_DIFFERENT_KEY_TYPES); - return -1; - } - - /* ran@cryptocom.ru: For clarity. The error is if parameters in peer are - * present (!missing) but don't match. EVP_PKEY_cmp_parameters may return - * 1 (match), 0 (don't match) and -2 (comparison is not defined). -1 - * (different key types) is impossible here because it is checked earlier. - * -2 is OK for us here, as well as 1, so we can check for 0 only. */ - if (!EVP_PKEY_missing_parameters(peer) && - !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) { - EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, - EVP_R_DIFFERENT_PARAMETERS); - return -1; - } - - EVP_PKEY_free(ctx->peerkey); - ctx->peerkey = peer; - - ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer); - - if (ret <= 0) { - ctx->peerkey = NULL; - return ret; - } - - CRYPTO_add(&peer->references, 1, CRYPTO_LOCK_EVP_PKEY); - return 1; -} - -int -EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen) -{ - if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) { - EVPerr(EVP_F_EVP_PKEY_DERIVE, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - if (ctx->operation != EVP_PKEY_OP_DERIVE) { - EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED); - return -1; - } - M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE) - return ctx->pmeth->derive(ctx, key, pkeylen); -} diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c deleted file mode 100644 index 29f533625a..0000000000 --- a/src/lib/libcrypto/evp/pmeth_gn.c +++ /dev/null @@ -1,227 +0,0 @@ -/* $OpenBSD: pmeth_gn.c,v 1.5 2014/07/12 16:03:37 miod Exp $ */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2006. - */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include - -#include -#include -#include -#include - -#include "evp_locl.h" - -int -EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx) -{ - int ret; - - if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) { - EVPerr(EVP_F_EVP_PKEY_PARAMGEN_INIT, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - ctx->operation = EVP_PKEY_OP_PARAMGEN; - if (!ctx->pmeth->paramgen_init) - return 1; - ret = ctx->pmeth->paramgen_init(ctx); - if (ret <= 0) - ctx->operation = EVP_PKEY_OP_UNDEFINED; - return ret; -} - -int -EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) -{ - int ret; - - if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) { - EVPerr(EVP_F_EVP_PKEY_PARAMGEN, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - - if (ctx->operation != EVP_PKEY_OP_PARAMGEN) { - EVPerr(EVP_F_EVP_PKEY_PARAMGEN, EVP_R_OPERATON_NOT_INITIALIZED); - return -1; - } - - if (!ppkey) - return -1; - - if (!*ppkey) - *ppkey = EVP_PKEY_new(); - - ret = ctx->pmeth->paramgen(ctx, *ppkey); - if (ret <= 0) { - EVP_PKEY_free(*ppkey); - *ppkey = NULL; - } - return ret; -} - -int -EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx) -{ - int ret; - - if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) { - EVPerr(EVP_F_EVP_PKEY_KEYGEN_INIT, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - ctx->operation = EVP_PKEY_OP_KEYGEN; - if (!ctx->pmeth->keygen_init) - return 1; - ret = ctx->pmeth->keygen_init(ctx); - if (ret <= 0) - ctx->operation = EVP_PKEY_OP_UNDEFINED; - return ret; -} - -int -EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) -{ - int ret; - - if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) { - EVPerr(EVP_F_EVP_PKEY_KEYGEN, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - if (ctx->operation != EVP_PKEY_OP_KEYGEN) { - EVPerr(EVP_F_EVP_PKEY_KEYGEN, EVP_R_OPERATON_NOT_INITIALIZED); - return -1; - } - - if (!ppkey) - return -1; - - if (!*ppkey) - *ppkey = EVP_PKEY_new(); - - ret = ctx->pmeth->keygen(ctx, *ppkey); - if (ret <= 0) { - EVP_PKEY_free(*ppkey); - *ppkey = NULL; - } - return ret; -} - -void -EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb) -{ - ctx->pkey_gencb = cb; -} - -EVP_PKEY_gen_cb * -EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx) -{ - return ctx->pkey_gencb; -} - -/* "translation callback" to call EVP_PKEY_CTX callbacks using BN_GENCB - * style callbacks. - */ - -static int -trans_cb(int a, int b, BN_GENCB *gcb) -{ - EVP_PKEY_CTX *ctx = gcb->arg; - ctx->keygen_info[0] = a; - ctx->keygen_info[1] = b; - return ctx->pkey_gencb(ctx); -} - -void -evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx) -{ - BN_GENCB_set(cb, trans_cb, ctx) -} - -int -EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx) -{ - if (idx == -1) - return ctx->keygen_info_count; - if (idx < 0 || idx > ctx->keygen_info_count) - return 0; - return ctx->keygen_info[idx]; -} - -EVP_PKEY * -EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, int keylen) -{ - EVP_PKEY_CTX *mac_ctx = NULL; - EVP_PKEY *mac_key = NULL; - - mac_ctx = EVP_PKEY_CTX_new_id(type, e); - if (!mac_ctx) - return NULL; - if (EVP_PKEY_keygen_init(mac_ctx) <= 0) - goto merr; - if (EVP_PKEY_CTX_ctrl(mac_ctx, -1, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_SET_MAC_KEY, keylen, (void *)key) <= 0) - goto merr; - if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0) - goto merr; - -merr: - EVP_PKEY_CTX_free(mac_ctx); - return mac_key; -} diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c deleted file mode 100644 index c93fa99cc6..0000000000 --- a/src/lib/libcrypto/evp/pmeth_lib.c +++ /dev/null @@ -1,618 +0,0 @@ -/* $OpenBSD: pmeth_lib.c,v 1.11 2015/02/11 03:19:37 doug Exp $ */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2006. - */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include - -#include - -#include -#include -#include - -#ifndef OPENSSL_NO_ENGINE -#include -#endif - -#include "asn1_locl.h" -#include "evp_locl.h" - -typedef int sk_cmp_fn_type(const char * const *a, const char * const *b); - -DECLARE_STACK_OF(EVP_PKEY_METHOD) -STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; - -extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth; -extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth; -extern const EVP_PKEY_METHOD gostimit_pkey_meth, gostr01_pkey_meth; - -static const EVP_PKEY_METHOD *standard_methods[] = { -#ifndef OPENSSL_NO_RSA - &rsa_pkey_meth, -#endif -#ifndef OPENSSL_NO_DH - &dh_pkey_meth, -#endif -#ifndef OPENSSL_NO_DSA - &dsa_pkey_meth, -#endif -#ifndef OPENSSL_NO_EC - &ec_pkey_meth, -#endif -#ifndef OPENSSL_NO_GOST - &gostr01_pkey_meth, - &gostimit_pkey_meth, -#endif - &hmac_pkey_meth, - &cmac_pkey_meth, -}; - -DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *, - pmeth); - -static int -pmeth_cmp(const EVP_PKEY_METHOD * const *a, const EVP_PKEY_METHOD * const *b) -{ - return ((*a)->pkey_id - (*b)->pkey_id); -} - -IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *, - pmeth); - -const EVP_PKEY_METHOD * -EVP_PKEY_meth_find(int type) -{ - EVP_PKEY_METHOD tmp; - const EVP_PKEY_METHOD *t = &tmp, **ret; - - tmp.pkey_id = type; - if (app_pkey_methods) { - int idx; - idx = sk_EVP_PKEY_METHOD_find(app_pkey_methods, &tmp); - if (idx >= 0) - return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx); - } - ret = OBJ_bsearch_pmeth(&t, standard_methods, - sizeof(standard_methods)/sizeof(EVP_PKEY_METHOD *)); - if (!ret || !*ret) - return NULL; - return *ret; -} - -static EVP_PKEY_CTX * -int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) -{ - EVP_PKEY_CTX *ret; - const EVP_PKEY_METHOD *pmeth; - - if (id == -1) { - if (!pkey || !pkey->ameth) - return NULL; - id = pkey->ameth->pkey_id; - } -#ifndef OPENSSL_NO_ENGINE - if (pkey && pkey->engine) - e = pkey->engine; - /* Try to find an ENGINE which implements this method */ - if (e) { - if (!ENGINE_init(e)) { - EVPerr(EVP_F_INT_CTX_NEW, ERR_R_ENGINE_LIB); - return NULL; - } - } else - e = ENGINE_get_pkey_meth_engine(id); - - /* If an ENGINE handled this method look it up. Othewise - * use internal tables. - */ - - if (e) - pmeth = ENGINE_get_pkey_meth(e, id); - else -#endif - pmeth = EVP_PKEY_meth_find(id); - - if (pmeth == NULL) { - EVPerr(EVP_F_INT_CTX_NEW, EVP_R_UNSUPPORTED_ALGORITHM); - return NULL; - } - - ret = malloc(sizeof(EVP_PKEY_CTX)); - if (!ret) { -#ifndef OPENSSL_NO_ENGINE - if (e) - ENGINE_finish(e); -#endif - EVPerr(EVP_F_INT_CTX_NEW, ERR_R_MALLOC_FAILURE); - return NULL; - } - ret->engine = e; - ret->pmeth = pmeth; - ret->operation = EVP_PKEY_OP_UNDEFINED; - ret->pkey = pkey; - ret->peerkey = NULL; - ret->pkey_gencb = 0; - if (pkey) - CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); - ret->data = NULL; - - if (pmeth->init) { - if (pmeth->init(ret) <= 0) { - EVP_PKEY_CTX_free(ret); - return NULL; - } - } - - return ret; -} - -EVP_PKEY_METHOD* -EVP_PKEY_meth_new(int id, int flags) -{ - EVP_PKEY_METHOD *pmeth; - - pmeth = calloc(1, sizeof(EVP_PKEY_METHOD)); - if (!pmeth) - return NULL; - - pmeth->pkey_id = id; - pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; - - pmeth->init = 0; - pmeth->copy = 0; - pmeth->cleanup = 0; - pmeth->paramgen_init = 0; - pmeth->paramgen = 0; - pmeth->keygen_init = 0; - pmeth->keygen = 0; - pmeth->sign_init = 0; - pmeth->sign = 0; - pmeth->verify_init = 0; - pmeth->verify = 0; - pmeth->verify_recover_init = 0; - pmeth->verify_recover = 0; - pmeth->signctx_init = 0; - pmeth->signctx = 0; - pmeth->verifyctx_init = 0; - pmeth->verifyctx = 0; - pmeth->encrypt_init = 0; - pmeth->encrypt = 0; - pmeth->decrypt_init = 0; - pmeth->decrypt = 0; - pmeth->derive_init = 0; - pmeth->derive = 0; - pmeth->ctrl = 0; - pmeth->ctrl_str = 0; - - return pmeth; -} - -void -EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, const EVP_PKEY_METHOD *meth) -{ - if (ppkey_id) - *ppkey_id = meth->pkey_id; - if (pflags) - *pflags = meth->flags; -} - -void -EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src) -{ - dst->init = src->init; - dst->copy = src->copy; - dst->cleanup = src->cleanup; - - dst->paramgen_init = src->paramgen_init; - dst->paramgen = src->paramgen; - - dst->keygen_init = src->keygen_init; - dst->keygen = src->keygen; - - dst->sign_init = src->sign_init; - dst->sign = src->sign; - - dst->verify_init = src->verify_init; - dst->verify = src->verify; - - dst->verify_recover_init = src->verify_recover_init; - dst->verify_recover = src->verify_recover; - - dst->signctx_init = src->signctx_init; - dst->signctx = src->signctx; - - dst->verifyctx_init = src->verifyctx_init; - dst->verifyctx = src->verifyctx; - - dst->encrypt_init = src->encrypt_init; - dst->encrypt = src->encrypt; - - dst->decrypt_init = src->decrypt_init; - dst->decrypt = src->decrypt; - - dst->derive_init = src->derive_init; - dst->derive = src->derive; - - dst->ctrl = src->ctrl; - dst->ctrl_str = src->ctrl_str; -} - -void -EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth) -{ - if (pmeth && (pmeth->flags & EVP_PKEY_FLAG_DYNAMIC)) - free(pmeth); -} - -EVP_PKEY_CTX * -EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e) -{ - return int_ctx_new(pkey, e, -1); -} - -EVP_PKEY_CTX * -EVP_PKEY_CTX_new_id(int id, ENGINE *e) -{ - return int_ctx_new(NULL, e, id); -} - -EVP_PKEY_CTX * -EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) -{ - EVP_PKEY_CTX *rctx; - - if (!pctx->pmeth || !pctx->pmeth->copy) - return NULL; -#ifndef OPENSSL_NO_ENGINE - /* Make sure it's safe to copy a pkey context using an ENGINE */ - if (pctx->engine && !ENGINE_init(pctx->engine)) { - EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_ENGINE_LIB); - return 0; - } -#endif - rctx = malloc(sizeof(EVP_PKEY_CTX)); - if (!rctx) - return NULL; - - rctx->pmeth = pctx->pmeth; -#ifndef OPENSSL_NO_ENGINE - rctx->engine = pctx->engine; -#endif - - if (pctx->pkey) - CRYPTO_add(&pctx->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); - - rctx->pkey = pctx->pkey; - - if (pctx->peerkey) - CRYPTO_add(&pctx->peerkey->references, 1, CRYPTO_LOCK_EVP_PKEY); - - rctx->peerkey = pctx->peerkey; - - rctx->data = NULL; - rctx->app_data = NULL; - rctx->operation = pctx->operation; - - if (pctx->pmeth->copy(rctx, pctx) > 0) - return rctx; - - EVP_PKEY_CTX_free(rctx); - return NULL; -} - -int -EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth) -{ - if (app_pkey_methods == NULL) { - app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp); - if (!app_pkey_methods) - return 0; - } - if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) - return 0; - sk_EVP_PKEY_METHOD_sort(app_pkey_methods); - return 1; -} - -void -EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) -{ - if (ctx == NULL) - return; - if (ctx->pmeth && ctx->pmeth->cleanup) - ctx->pmeth->cleanup(ctx); - EVP_PKEY_free(ctx->pkey); - EVP_PKEY_free(ctx->peerkey); -#ifndef OPENSSL_NO_ENGINE - if (ctx->engine) - /* The EVP_PKEY_CTX we used belongs to an ENGINE, release the - * functional reference we held for this reason. */ - ENGINE_finish(ctx->engine); -#endif - free(ctx); -} - -int -EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, - int p1, void *p2) -{ - int ret; - - if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) { - EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED); - return -2; - } - if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype)) - return -1; - - if (ctx->operation == EVP_PKEY_OP_UNDEFINED) { - EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_NO_OPERATION_SET); - return -1; - } - - if ((optype != -1) && !(ctx->operation & optype)) { - EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_INVALID_OPERATION); - return -1; - } - - ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2); - - if (ret == -2) - EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED); - - return ret; - -} - -int -EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *name, const char *value) -{ - if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) { - EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, - EVP_R_COMMAND_NOT_SUPPORTED); - return -2; - } - if (!strcmp(name, "digest")) { - const EVP_MD *md; - if (!value || !(md = EVP_get_digestbyname(value))) { - EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, - EVP_R_INVALID_DIGEST); - return 0; - } - return EVP_PKEY_CTX_set_signature_md(ctx, md); - } - return ctx->pmeth->ctrl_str(ctx, name, value); -} - -int -EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx) -{ - return ctx->operation; -} - -void -EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen) -{ - ctx->keygen_info = dat; - ctx->keygen_info_count = datlen; -} - -void -EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data) -{ - ctx->data = data; -} - -void * -EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx) -{ - return ctx->data; -} - -EVP_PKEY * -EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx) -{ - return ctx->pkey; -} - -EVP_PKEY * -EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx) -{ - return ctx->peerkey; -} - -void -EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data) -{ - ctx->app_data = data; -} - -void * -EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx) -{ - return ctx->app_data; -} - -void -EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, - int (*init)(EVP_PKEY_CTX *ctx)) -{ - pmeth->init = init; -} - -void -EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, - int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)) -{ - pmeth->copy = copy; -} - -void -EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, - void (*cleanup)(EVP_PKEY_CTX *ctx)) -{ - pmeth->cleanup = cleanup; -} - -void -EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, - int (*paramgen_init)(EVP_PKEY_CTX *ctx), - int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)) -{ - pmeth->paramgen_init = paramgen_init; - pmeth->paramgen = paramgen; -} - -void -EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, - int (*keygen_init)(EVP_PKEY_CTX *ctx), - int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)) -{ - pmeth->keygen_init = keygen_init; - pmeth->keygen = keygen; -} - -void -EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, - int (*sign_init)(EVP_PKEY_CTX *ctx), - int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen)) -{ - pmeth->sign_init = sign_init; - pmeth->sign = sign; -} - -void -EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, - int (*verify_init)(EVP_PKEY_CTX *ctx), - int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen)) -{ - pmeth->verify_init = verify_init; - pmeth->verify = verify; -} - -void -EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, - int (*verify_recover_init)(EVP_PKEY_CTX *ctx), - int (*verify_recover)(EVP_PKEY_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen)) -{ - pmeth->verify_recover_init = verify_recover_init; - pmeth->verify_recover = verify_recover; -} - -void -EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, - int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), - int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - EVP_MD_CTX *mctx)) -{ - pmeth->signctx_init = signctx_init; - pmeth->signctx = signctx; -} - -void -EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, - int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), - int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, - EVP_MD_CTX *mctx)) -{ - pmeth->verifyctx_init = verifyctx_init; - pmeth->verifyctx = verifyctx; -} - -void -EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, - int (*encrypt_init)(EVP_PKEY_CTX *ctx), - int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen)) -{ - pmeth->encrypt_init = encrypt_init; - pmeth->encrypt = encryptfn; -} - -void -EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, - int (*decrypt_init)(EVP_PKEY_CTX *ctx), - int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen)) -{ - pmeth->decrypt_init = decrypt_init; - pmeth->decrypt = decrypt; -} - -void -EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, - int (*derive_init)(EVP_PKEY_CTX *ctx), - int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)) -{ - pmeth->derive_init = derive_init; - pmeth->derive = derive; -} - -void -EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, - int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2), - int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value)) -{ - pmeth->ctrl = ctrl; - pmeth->ctrl_str = ctrl_str; -} -- cgit v1.2.3-55-g6feb