diff options
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/evp')
65 files changed, 4617 insertions, 5996 deletions
diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c index 538b5202..32a884a7 100644 --- a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c +++ b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c @@ -1,66 +1,18 @@ -/* crypto/evp/bio_b64.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> #include <errno.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/buffer.h> #include <openssl/evp.h> +#include "internal/bio.h" static int b64_write(BIO *h, const char *buf, int num); static int b64_read(BIO *h, char *buf, int size); @@ -89,12 +41,12 @@ typedef struct b64_struct { int encode; int start; /* have we started decoding yet? */ int cont; /* <= 0 when finished */ - EVP_ENCODE_CTX base64; + EVP_ENCODE_CTX *base64; char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE) + 10]; char tmp[B64_BLOCK_SIZE]; } BIO_B64_CTX; -static BIO_METHOD methods_b64 = { +static const BIO_METHOD methods_b64 = { BIO_TYPE_BASE64, "base64 encoding", b64_write, b64_read, @@ -106,43 +58,50 @@ static BIO_METHOD methods_b64 = { b64_callback_ctrl, }; -BIO_METHOD *BIO_f_base64(void) + +const BIO_METHOD *BIO_f_base64(void) { - return (&methods_b64); + return &methods_b64; } static int b64_new(BIO *bi) { BIO_B64_CTX *ctx; - ctx = (BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX)); + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx == NULL) - return (0); + return 0; - ctx->buf_len = 0; - ctx->tmp_len = 0; - ctx->tmp_nl = 0; - ctx->buf_off = 0; ctx->cont = 1; ctx->start = 1; - ctx->encode = 0; + ctx->base64 = EVP_ENCODE_CTX_new(); + if (ctx->base64 == NULL) { + OPENSSL_free(ctx); + return 0; + } + + BIO_set_data(bi, ctx); + BIO_set_init(bi, 1); - bi->init = 1; - bi->ptr = (char *)ctx; - bi->flags = 0; - bi->num = 0; - return (1); + return 1; } static int b64_free(BIO *a) { + BIO_B64_CTX *ctx; if (a == NULL) - return (0); - OPENSSL_free(a->ptr); - a->ptr = NULL; - a->init = 0; - a->flags = 0; - return (1); + return 0; + + ctx = BIO_get_data(a); + if (ctx == NULL) + return 0; + + EVP_ENCODE_CTX_free(ctx->base64); + OPENSSL_free(ctx); + BIO_set_data(a, NULL); + BIO_set_init(a, 0); + + return 1; } static int b64_read(BIO *b, char *out, int outl) @@ -150,13 +109,15 @@ static int b64_read(BIO *b, char *out, int outl) int ret = 0, i, ii, j, k, x, n, num, ret_code = 0; BIO_B64_CTX *ctx; unsigned char *p, *q; + BIO *next; if (out == NULL) return (0); - ctx = (BIO_B64_CTX *)b->ptr; + ctx = (BIO_B64_CTX *)BIO_get_data(b); - if ((ctx == NULL) || (b->next_bio == NULL)) - return (0); + next = BIO_next(b); + if ((ctx == NULL) || (next == NULL)) + return 0; BIO_clear_retry_flags(b); @@ -165,7 +126,7 @@ static int b64_read(BIO *b, char *out, int outl) ctx->buf_len = 0; ctx->buf_off = 0; ctx->tmp_len = 0; - EVP_DecodeInit(&(ctx->base64)); + EVP_DecodeInit(ctx->base64); } /* First check if there are bytes decoded/encoded */ @@ -196,14 +157,14 @@ static int b64_read(BIO *b, char *out, int outl) if (ctx->cont <= 0) break; - i = BIO_read(b->next_bio, &(ctx->tmp[ctx->tmp_len]), + i = BIO_read(next, &(ctx->tmp[ctx->tmp_len]), B64_BLOCK_SIZE - ctx->tmp_len); if (i <= 0) { ret_code = i; /* Should we continue next time we are called? */ - if (!BIO_should_retry(b->next_bio)) { + if (!BIO_should_retry(next)) { ctx->cont = i; /* If buffer empty break */ if (ctx->tmp_len == 0) @@ -244,11 +205,11 @@ static int b64_read(BIO *b, char *out, int outl) continue; } - k = EVP_DecodeUpdate(&(ctx->base64), + k = EVP_DecodeUpdate(ctx->base64, (unsigned char *)ctx->buf, &num, p, q - p); if ((k <= 0) && (num == 0) && (ctx->start)) - EVP_DecodeInit(&ctx->base64); + EVP_DecodeInit(ctx->base64); else { if (p != (unsigned char *) &(ctx->tmp[0])) { @@ -257,7 +218,7 @@ static int b64_read(BIO *b, char *out, int outl) for (x = 0; x < i; x++) ctx->tmp[x] = p[x]; } - EVP_DecodeInit(&ctx->base64); + EVP_DecodeInit(ctx->base64); ctx->start = 0; break; } @@ -298,11 +259,7 @@ static int b64_read(BIO *b, char *out, int outl) if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { int z, jj; -#if 0 - jj = (i >> 2) << 2; -#else jj = i & ~3; /* process per 4 */ -#endif z = EVP_DecodeBlock((unsigned char *)ctx->buf, (unsigned char *)ctx->tmp, jj); if (jj > 2) { @@ -325,7 +282,7 @@ static int b64_read(BIO *b, char *out, int outl) } i = z; } else { - i = EVP_DecodeUpdate(&(ctx->base64), + i = EVP_DecodeUpdate(ctx->base64, (unsigned char *)ctx->buf, &ctx->buf_len, (unsigned char *)ctx->tmp, i); ctx->tmp_len = 0; @@ -363,8 +320,13 @@ static int b64_write(BIO *b, const char *in, int inl) int n; int i; BIO_B64_CTX *ctx; + BIO *next; + + ctx = (BIO_B64_CTX *)BIO_get_data(b); + next = BIO_next(b); + if ((ctx == NULL) || (next == NULL)) + return 0; - ctx = (BIO_B64_CTX *)b->ptr; BIO_clear_retry_flags(b); if (ctx->encode != B64_ENCODE) { @@ -372,7 +334,7 @@ static int b64_write(BIO *b, const char *in, int inl) ctx->buf_len = 0; ctx->buf_off = 0; ctx->tmp_len = 0; - EVP_EncodeInit(&(ctx->base64)); + EVP_EncodeInit(ctx->base64); } OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf)); @@ -380,7 +342,7 @@ static int b64_write(BIO *b, const char *in, int inl) OPENSSL_assert(ctx->buf_len >= ctx->buf_off); n = ctx->buf_len - ctx->buf_off; while (n > 0) { - i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); + i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); if (i <= 0) { BIO_copy_next_retry(b); return (i); @@ -441,9 +403,10 @@ static int b64_write(BIO *b, const char *in, int inl) ret += n; } } else { - EVP_EncodeUpdate(&(ctx->base64), - (unsigned char *)ctx->buf, &ctx->buf_len, - (unsigned char *)in, n); + if (!EVP_EncodeUpdate(ctx->base64, + (unsigned char *)ctx->buf, &ctx->buf_len, + (unsigned char *)in, n)) + return ((ret == 0) ? -1 : ret); OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); OPENSSL_assert(ctx->buf_len >= ctx->buf_off); ret += n; @@ -454,7 +417,7 @@ static int b64_write(BIO *b, const char *in, int inl) ctx->buf_off = 0; n = ctx->buf_len; while (n > 0) { - i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); + i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); if (i <= 0) { BIO_copy_next_retry(b); return ((ret == 0) ? i : ret); @@ -476,36 +439,40 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) BIO_B64_CTX *ctx; long ret = 1; int i; + BIO *next; - ctx = (BIO_B64_CTX *)b->ptr; + ctx = (BIO_B64_CTX *)BIO_get_data(b); + next = BIO_next(b); + if ((ctx == NULL) || (next == NULL)) + return 0; switch (cmd) { case BIO_CTRL_RESET: ctx->cont = 1; ctx->start = 1; ctx->encode = B64_NONE; - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; case BIO_CTRL_EOF: /* More to read */ if (ctx->cont <= 0) ret = 1; else - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; case BIO_CTRL_WPENDING: /* More to write in buffer */ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); ret = ctx->buf_len - ctx->buf_off; if ((ret == 0) && (ctx->encode != B64_NONE) - && (ctx->base64.num != 0)) + && (EVP_ENCODE_CTX_num(ctx->base64) != 0)) ret = 1; else if (ret <= 0) - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; case BIO_CTRL_PENDING: /* More to read in buffer */ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); ret = ctx->buf_len - ctx->buf_off; if (ret <= 0) - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; case BIO_CTRL_FLUSH: /* do a final write */ @@ -524,20 +491,21 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) ctx->tmp_len = 0; goto again; } - } else if (ctx->encode != B64_NONE && ctx->base64.num != 0) { + } else if (ctx->encode != B64_NONE + && EVP_ENCODE_CTX_num(ctx->base64) != 0) { ctx->buf_off = 0; - EVP_EncodeFinal(&(ctx->base64), + EVP_EncodeFinal(ctx->base64, (unsigned char *)ctx->buf, &(ctx->buf_len)); /* push out the bytes */ goto again; } /* Finally flush the underlying BIO */ - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; case BIO_C_DO_STATE_MACHINE: BIO_clear_retry_flags(b); - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); BIO_copy_next_retry(b); break; @@ -547,21 +515,22 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_GET: case BIO_CTRL_SET: default: - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; } - return (ret); + return ret; } static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) { long ret = 1; + BIO *next = BIO_next(b); - if (b->next_bio == NULL) - return (0); + if (next == NULL) + return 0; switch (cmd) { default: - ret = BIO_callback_ctrl(b->next_bio, cmd, fp); + ret = BIO_callback_ctrl(next, cmd, fp); break; } return (ret); diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_enc.c b/Cryptlib/OpenSSL/crypto/evp/bio_enc.c index 0806f233..5a3beef9 100644 --- a/Cryptlib/OpenSSL/crypto/evp/bio_enc.c +++ b/Cryptlib/OpenSSL/crypto/evp/bio_enc.c @@ -1,66 +1,18 @@ -/* crypto/evp/bio_enc.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> #include <errno.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/buffer.h> #include <openssl/evp.h> +#include "internal/bio.h" static int enc_write(BIO *h, const char *buf, int num); static int enc_read(BIO *h, char *buf, int size); @@ -75,7 +27,8 @@ static int enc_new(BIO *h); static int enc_free(BIO *data); static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps); #define ENC_BLOCK_SIZE (1024*4) -#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2) +#define ENC_MIN_CHUNK (256) +#define BUF_OFFSET (ENC_MIN_CHUNK + EVP_MAX_BLOCK_LENGTH) typedef struct enc_struct { int buf_len; @@ -83,15 +36,16 @@ typedef struct enc_struct { int cont; /* <= 0 when finished */ int finished; int ok; /* bad decrypt */ - EVP_CIPHER_CTX cipher; + EVP_CIPHER_CTX *cipher; + unsigned char *read_start, *read_end; /* * buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return * up to a block more data than is presented to it */ - char buf[ENC_BLOCK_SIZE + BUF_OFFSET + 2]; + unsigned char buf[BUF_OFFSET + ENC_BLOCK_SIZE]; } BIO_ENC_CTX; -static BIO_METHOD methods_enc = { +static const BIO_METHOD methods_enc = { BIO_TYPE_CIPHER, "cipher", enc_write, enc_read, @@ -103,7 +57,7 @@ static BIO_METHOD methods_enc = { enc_callback_ctrl, }; -BIO_METHOD *BIO_f_cipher(void) +const BIO_METHOD *BIO_f_cipher(void) { return (&methods_enc); } @@ -112,21 +66,22 @@ static int enc_new(BIO *bi) { BIO_ENC_CTX *ctx; - ctx = (BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX)); + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx == NULL) - return (0); - EVP_CIPHER_CTX_init(&ctx->cipher); + return 0; - ctx->buf_len = 0; - ctx->buf_off = 0; + ctx->cipher = EVP_CIPHER_CTX_new(); + if (ctx->cipher == NULL) { + OPENSSL_free(ctx); + return 0; + } ctx->cont = 1; - ctx->finished = 0; ctx->ok = 1; + ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]); + BIO_set_data(bi, ctx); + BIO_set_init(bi, 1); - bi->init = 0; - bi->ptr = (char *)ctx; - bi->flags = 0; - return (1); + return 1; } static int enc_free(BIO *a) @@ -134,28 +89,33 @@ static int enc_free(BIO *a) BIO_ENC_CTX *b; if (a == NULL) - return (0); - b = (BIO_ENC_CTX *)a->ptr; - EVP_CIPHER_CTX_cleanup(&(b->cipher)); - OPENSSL_cleanse(a->ptr, sizeof(BIO_ENC_CTX)); - OPENSSL_free(a->ptr); - a->ptr = NULL; - a->init = 0; - a->flags = 0; - return (1); + return 0; + + b = BIO_get_data(a); + if (b == NULL) + return 0; + + EVP_CIPHER_CTX_free(b->cipher); + OPENSSL_clear_free(b, sizeof(BIO_ENC_CTX)); + BIO_set_data(a, NULL); + BIO_set_init(a, 0); + + return 1; } static int enc_read(BIO *b, char *out, int outl) { - int ret = 0, i; + int ret = 0, i, blocksize; BIO_ENC_CTX *ctx; + BIO *next; if (out == NULL) return (0); - ctx = (BIO_ENC_CTX *)b->ptr; + ctx = BIO_get_data(b); - if ((ctx == NULL) || (b->next_bio == NULL)) - return (0); + next = BIO_next(b); + if ((ctx == NULL) || (next == NULL)) + return 0; /* First check if there are bytes decoded/encoded */ if (ctx->buf_len > 0) { @@ -173,6 +133,10 @@ static int enc_read(BIO *b, char *out, int outl) } } + blocksize = EVP_CIPHER_CTX_block_size(ctx->cipher); + if (blocksize == 1) + blocksize = 0; + /* * At this point, we have room of outl bytes and an empty buffer, so we * should read in some more. @@ -182,18 +146,21 @@ static int enc_read(BIO *b, char *out, int outl) if (ctx->cont <= 0) break; - /* - * read in at IV offset, read the EVP_Cipher documentation about why - */ - i = BIO_read(b->next_bio, &(ctx->buf[BUF_OFFSET]), ENC_BLOCK_SIZE); + if (ctx->read_start == ctx->read_end) { /* time to read more data */ + ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]); + i = BIO_read(next, ctx->read_start, ENC_BLOCK_SIZE); + if (i > 0) + ctx->read_end += i; + } else { + i = ctx->read_end - ctx->read_start; + } if (i <= 0) { /* Should be continue next time we are called? */ - if (!BIO_should_retry(b->next_bio)) { + if (!BIO_should_retry(next)) { ctx->cont = i; - i = EVP_CipherFinal_ex(&(ctx->cipher), - (unsigned char *)ctx->buf, - &(ctx->buf_len)); + i = EVP_CipherFinal_ex(ctx->cipher, + ctx->buf, &(ctx->buf_len)); ctx->ok = i; ctx->buf_off = 0; } else { @@ -201,14 +168,40 @@ static int enc_read(BIO *b, char *out, int outl) break; } } else { - if (!EVP_CipherUpdate(&ctx->cipher, - (unsigned char *)ctx->buf, &ctx->buf_len, - (unsigned char *)&(ctx->buf[BUF_OFFSET]), - i)) { + if (outl > ENC_MIN_CHUNK) { + /* + * Depending on flags block cipher decrypt can write + * one extra block and then back off, i.e. output buffer + * has to accommodate extra block... + */ + int j = outl - blocksize, buf_len; + + if (!EVP_CipherUpdate(ctx->cipher, + (unsigned char *)out, &buf_len, + ctx->read_start, i > j ? j : i)) { + BIO_clear_retry_flags(b); + return 0; + } + ret += buf_len; + out += buf_len; + outl -= buf_len; + + if ((i -= j) <= 0) { + ctx->read_start = ctx->read_end; + continue; + } + ctx->read_start += j; + } + if (i > ENC_MIN_CHUNK) + i = ENC_MIN_CHUNK; + if (!EVP_CipherUpdate(ctx->cipher, + ctx->buf, &ctx->buf_len, + ctx->read_start, i)) { BIO_clear_retry_flags(b); ctx->ok = 0; return 0; } + ctx->read_start += i; ctx->cont = 1; /* * Note: it is possible for EVP_CipherUpdate to decrypt zero @@ -242,14 +235,19 @@ static int enc_write(BIO *b, const char *in, int inl) { int ret = 0, n, i; BIO_ENC_CTX *ctx; + BIO *next; + + ctx = BIO_get_data(b); + next = BIO_next(b); + if ((ctx == NULL) || (next == NULL)) + return 0; - ctx = (BIO_ENC_CTX *)b->ptr; ret = inl; BIO_clear_retry_flags(b); n = ctx->buf_len - ctx->buf_off; while (n > 0) { - i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); + i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); if (i <= 0) { BIO_copy_next_retry(b); return (i); @@ -265,9 +263,9 @@ static int enc_write(BIO *b, const char *in, int inl) ctx->buf_off = 0; while (inl > 0) { n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl; - if (!EVP_CipherUpdate(&ctx->cipher, - (unsigned char *)ctx->buf, &ctx->buf_len, - (unsigned char *)in, n)) { + if (!EVP_CipherUpdate(ctx->cipher, + ctx->buf, &ctx->buf_len, + (const unsigned char *)in, n)) { BIO_clear_retry_flags(b); ctx->ok = 0; return 0; @@ -278,7 +276,7 @@ static int enc_write(BIO *b, const char *in, int inl) ctx->buf_off = 0; n = ctx->buf_len; while (n > 0) { - i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); + i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); if (i <= 0) { BIO_copy_next_retry(b); return (ret == inl) ? i : ret - inl; @@ -300,32 +298,37 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) long ret = 1; int i; EVP_CIPHER_CTX **c_ctx; + BIO *next; - ctx = (BIO_ENC_CTX *)b->ptr; + ctx = BIO_get_data(b); + next = BIO_next(b); + if (ctx == NULL) + return 0; switch (cmd) { case BIO_CTRL_RESET: ctx->ok = 1; ctx->finished = 0; - EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL, - ctx->cipher.encrypt); - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + if (!EVP_CipherInit_ex(ctx->cipher, NULL, NULL, NULL, NULL, + EVP_CIPHER_CTX_encrypting(ctx->cipher))) + return 0; + ret = BIO_ctrl(next, cmd, num, ptr); break; case BIO_CTRL_EOF: /* More to read */ if (ctx->cont <= 0) ret = 1; else - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; case BIO_CTRL_WPENDING: ret = ctx->buf_len - ctx->buf_off; if (ret <= 0) - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; case BIO_CTRL_PENDING: /* More to read in buffer */ ret = ctx->buf_len - ctx->buf_off; if (ret <= 0) - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; case BIO_CTRL_FLUSH: /* do a final write */ @@ -339,7 +342,7 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) if (!ctx->finished) { ctx->finished = 1; ctx->buf_off = 0; - ret = EVP_CipherFinal_ex(&(ctx->cipher), + ret = EVP_CipherFinal_ex(ctx->cipher, (unsigned char *)ctx->buf, &(ctx->buf_len)); ctx->ok = (int)ret; @@ -351,31 +354,33 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) } /* Finally flush the underlying BIO */ - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; case BIO_C_GET_CIPHER_STATUS: ret = (long)ctx->ok; break; case BIO_C_DO_STATE_MACHINE: BIO_clear_retry_flags(b); - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); BIO_copy_next_retry(b); break; case BIO_C_GET_CIPHER_CTX: c_ctx = (EVP_CIPHER_CTX **)ptr; - (*c_ctx) = &(ctx->cipher); - b->init = 1; + *c_ctx = ctx->cipher; + BIO_set_init(b, 1); break; case BIO_CTRL_DUP: dbio = (BIO *)ptr; - dctx = (BIO_ENC_CTX *)dbio->ptr; - EVP_CIPHER_CTX_init(&dctx->cipher); - ret = EVP_CIPHER_CTX_copy(&dctx->cipher, &ctx->cipher); + dctx = BIO_get_data(dbio); + dctx->cipher = EVP_CIPHER_CTX_new(); + if (dctx->cipher == NULL) + return 0; + ret = EVP_CIPHER_CTX_copy(dctx->cipher, ctx->cipher); if (ret) - dbio->init = 1; + BIO_set_init(dbio, 1); break; default: - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; } return (ret); @@ -384,12 +389,13 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) { long ret = 1; + BIO *next = BIO_next(b); - if (b->next_bio == NULL) + if (next == NULL) return (0); switch (cmd) { default: - ret = BIO_callback_ctrl(b->next_bio, cmd, fp); + ret = BIO_callback_ctrl(next, cmd, fp); break; } return (ret); @@ -415,23 +421,29 @@ EVP_CIPHER_ctx *c; } */ -void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, - const unsigned char *i, int e) +int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, + const unsigned char *i, int e) { BIO_ENC_CTX *ctx; + long (*callback) (struct bio_st *, int, const char *, int, long, long); - if (b == NULL) - return; + ctx = BIO_get_data(b); + if (ctx == NULL) + return 0; + + callback = BIO_get_callback(b); + + if ((callback != NULL) && + (callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, + 0L) <= 0)) + return 0; - if ((b->callback != NULL) && - (b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 0L) <= - 0)) - return; + BIO_set_init(b, 1); - b->init = 1; - ctx = (BIO_ENC_CTX *)b->ptr; - EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e); + if (!EVP_CipherInit_ex(ctx->cipher, c, NULL, k, i, e)) + return 0; - if (b->callback != NULL) - b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L); + if (callback != NULL) + return callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L); + return 1; } diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_md.c b/Cryptlib/OpenSSL/crypto/evp/bio_md.c index f0b0c0c0..cd968ec2 100644 --- a/Cryptlib/OpenSSL/crypto/evp/bio_md.c +++ b/Cryptlib/OpenSSL/crypto/evp/bio_md.c @@ -1,66 +1,20 @@ -/* crypto/evp/bio_md.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> #include <errno.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/buffer.h> #include <openssl/evp.h> +#include "internal/evp_int.h" +#include "evp_locl.h" +#include "internal/bio.h" /* * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest @@ -77,7 +31,7 @@ static int md_new(BIO *h); static int md_free(BIO *data); static long md_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); -static BIO_METHOD methods_md = { +static const BIO_METHOD methods_md = { BIO_TYPE_MD, "message digest", md_write, md_read, @@ -89,7 +43,7 @@ static BIO_METHOD methods_md = { md_callback_ctrl, }; -BIO_METHOD *BIO_f_md(void) +const BIO_METHOD *BIO_f_md(void) { return (&methods_md); } @@ -98,41 +52,44 @@ static int md_new(BIO *bi) { EVP_MD_CTX *ctx; - ctx = EVP_MD_CTX_create(); + ctx = EVP_MD_CTX_new(); if (ctx == NULL) return (0); - bi->init = 0; - bi->ptr = (char *)ctx; - bi->flags = 0; - return (1); + BIO_set_init(bi, 1); + BIO_set_data(bi, ctx); + + return 1; } static int md_free(BIO *a) { if (a == NULL) return (0); - EVP_MD_CTX_destroy(a->ptr); - a->ptr = NULL; - a->init = 0; - a->flags = 0; - return (1); + EVP_MD_CTX_free(BIO_get_data(a)); + BIO_set_data(a, NULL); + BIO_set_init(a, 0); + + return 1; } static int md_read(BIO *b, char *out, int outl) { int ret = 0; EVP_MD_CTX *ctx; + BIO *next; if (out == NULL) return (0); - ctx = b->ptr; - if ((ctx == NULL) || (b->next_bio == NULL)) + ctx = BIO_get_data(b); + next = BIO_next(b); + + if ((ctx == NULL) || (next == NULL)) return (0); - ret = BIO_read(b->next_bio, out, outl); - if (b->init) { + ret = BIO_read(next, out, outl); + if (BIO_get_init(b)) { if (ret > 0) { if (EVP_DigestUpdate(ctx, (unsigned char *)out, (unsigned int)ret) <= 0) @@ -148,14 +105,17 @@ static int md_write(BIO *b, const char *in, int inl) { int ret = 0; EVP_MD_CTX *ctx; + BIO *next; if ((in == NULL) || (inl <= 0)) - return (0); - ctx = b->ptr; + return 0; + + ctx = BIO_get_data(b); + next = BIO_next(b); + if ((ctx != NULL) && (next != NULL)) + ret = BIO_write(next, in, inl); - if ((ctx != NULL) && (b->next_bio != NULL)) - ret = BIO_write(b->next_bio, in, inl); - if (b->init) { + if (BIO_get_init(b)) { if (ret > 0) { if (!EVP_DigestUpdate(ctx, (const unsigned char *)in, (unsigned int)ret)) { @@ -164,11 +124,11 @@ static int md_write(BIO *b, const char *in, int inl) } } } - if (b->next_bio != NULL) { + if (next != NULL) { BIO_clear_retry_flags(b); BIO_copy_next_retry(b); } - return (ret); + return ret; } static long md_ctrl(BIO *b, int cmd, long num, void *ptr) @@ -177,21 +137,23 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) const EVP_MD **ppmd; EVP_MD *md; long ret = 1; - BIO *dbio; + BIO *dbio, *next; + - ctx = b->ptr; + ctx = BIO_get_data(b); + next = BIO_next(b); switch (cmd) { case BIO_CTRL_RESET: - if (b->init) + if (BIO_get_init(b)) ret = EVP_DigestInit_ex(ctx, ctx->digest, NULL); else ret = 0; if (ret > 0) - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; case BIO_C_GET_MD: - if (b->init) { + if (BIO_get_init(b)) { ppmd = ptr; *ppmd = ctx->digest; } else @@ -200,17 +162,17 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_C_GET_MD_CTX: pctx = ptr; *pctx = ctx; - b->init = 1; + BIO_set_init(b, 1); break; case BIO_C_SET_MD_CTX: - if (b->init) - b->ptr = ptr; + if (BIO_get_init(b)) + BIO_set_data(b, ptr); else ret = 0; break; case BIO_C_DO_STATE_MACHINE: BIO_clear_retry_flags(b); - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); BIO_copy_next_retry(b); break; @@ -218,17 +180,17 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) md = ptr; ret = EVP_DigestInit_ex(ctx, md, NULL); if (ret > 0) - b->init = 1; + BIO_set_init(b, 1); break; case BIO_CTRL_DUP: dbio = ptr; - dctx = dbio->ptr; + dctx = BIO_get_data(dbio); if (!EVP_MD_CTX_copy_ex(dctx, ctx)) return 0; - b->init = 1; + BIO_set_init(b, 1); break; default: - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; } return (ret); @@ -237,12 +199,16 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) static long md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) { long ret = 1; + BIO *next; + + next = BIO_next(b); + + if (next == NULL) + return 0; - if (b->next_bio == NULL) - return (0); switch (cmd) { default: - ret = BIO_callback_ctrl(b->next_bio, cmd, fp); + ret = BIO_callback_ctrl(next, cmd, fp); break; } return (ret); @@ -253,20 +219,13 @@ static int md_gets(BIO *bp, char *buf, int size) EVP_MD_CTX *ctx; unsigned int ret; - ctx = bp->ptr; + ctx = BIO_get_data(bp); + if (size < ctx->digest->md_size) - return (0); + return 0; + if (EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret) <= 0) return -1; return ((int)ret); } - -/*- -static int md_puts(bp,str) -BIO *bp; -char *str; - { - return(-1); - } -*/ diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_ok.c b/Cryptlib/OpenSSL/crypto/evp/bio_ok.c index 16e151f1..7974b963 100644 --- a/Cryptlib/OpenSSL/crypto/evp/bio_ok.c +++ b/Cryptlib/OpenSSL/crypto/evp/bio_ok.c @@ -1,59 +1,10 @@ -/* crypto/evp/bio_ok.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ /*- @@ -120,11 +71,12 @@ #include <stdio.h> #include <errno.h> #include <assert.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/buffer.h> -#include <openssl/bio.h> +#include "internal/bio.h" #include <openssl/evp.h> #include <openssl/rand.h> +#include "internal/evp_int.h" static int ok_write(BIO *h, const char *buf, int num); static int ok_read(BIO *h, char *buf, int size); @@ -133,10 +85,10 @@ static int ok_new(BIO *h); static int ok_free(BIO *data); static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); -static int sig_out(BIO *b); -static int sig_in(BIO *b); -static int block_out(BIO *b); -static int block_in(BIO *b); +static __owur int sig_out(BIO *b); +static __owur int sig_in(BIO *b); +static __owur int block_out(BIO *b); +static __owur int block_in(BIO *b); #define OK_BLOCK_SIZE (1024*4) #define OK_BLOCK_BLOCK 4 #define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE) @@ -149,13 +101,13 @@ typedef struct ok_struct { size_t buf_off_save; int cont; /* <= 0 when finished */ int finished; - EVP_MD_CTX md; + EVP_MD_CTX *md; int blockout; /* output block is ready */ int sigio; /* must process signature */ unsigned char buf[IOBS]; } BIO_OK_CTX; -static BIO_METHOD methods_ok = { +static const BIO_METHOD methods_ok = { BIO_TYPE_CIPHER, "reliable", ok_write, ok_read, @@ -167,7 +119,7 @@ static BIO_METHOD methods_ok = { ok_callback_ctrl, }; -BIO_METHOD *BIO_f_reliable(void) +const BIO_METHOD *BIO_f_reliable(void) { return (&methods_ok); } @@ -176,51 +128,54 @@ static int ok_new(BIO *bi) { BIO_OK_CTX *ctx; - ctx = (BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX)); + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx == NULL) - return (0); + return 0; - ctx->buf_len = 0; - ctx->buf_off = 0; - ctx->buf_len_save = 0; - ctx->buf_off_save = 0; ctx->cont = 1; - ctx->finished = 0; - ctx->blockout = 0; ctx->sigio = 1; + ctx->md = EVP_MD_CTX_new(); + if (ctx->md == NULL) { + OPENSSL_free(ctx); + return 0; + } + BIO_set_init(bi, 0); + BIO_set_data(bi, ctx); - EVP_MD_CTX_init(&ctx->md); - - bi->init = 0; - bi->ptr = (char *)ctx; - bi->flags = 0; - return (1); + return 1; } static int ok_free(BIO *a) { + BIO_OK_CTX *ctx; + if (a == NULL) - return (0); - EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md); - OPENSSL_cleanse(a->ptr, sizeof(BIO_OK_CTX)); - OPENSSL_free(a->ptr); - a->ptr = NULL; - a->init = 0; - a->flags = 0; - return (1); + return 0; + + ctx = BIO_get_data(a); + + EVP_MD_CTX_free(ctx->md); + OPENSSL_clear_free(ctx, sizeof(BIO_OK_CTX)); + BIO_set_data(a, NULL); + BIO_set_init(a, 0); + + return 1; } static int ok_read(BIO *b, char *out, int outl) { int ret = 0, i, n; BIO_OK_CTX *ctx; + BIO *next; if (out == NULL) - return (0); - ctx = (BIO_OK_CTX *)b->ptr; + return 0; - if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) - return (0); + ctx = BIO_get_data(b); + next = BIO_next(b); + + if ((ctx == NULL) || (next == NULL) || (BIO_get_init(b) == 0)) + return 0; while (outl > 0) { @@ -259,7 +214,7 @@ static int ok_read(BIO *b, char *out, int outl) /* no clean bytes in buffer -- fill it */ n = IOBS - ctx->buf_len; - i = BIO_read(b->next_bio, &(ctx->buf[ctx->buf_len]), n); + i = BIO_read(next, &(ctx->buf[ctx->buf_len]), n); if (i <= 0) break; /* nothing new */ @@ -290,21 +245,23 @@ static int ok_read(BIO *b, char *out, int outl) BIO_clear_retry_flags(b); BIO_copy_next_retry(b); - return (ret); + return ret; } static int ok_write(BIO *b, const char *in, int inl) { int ret = 0, n, i; BIO_OK_CTX *ctx; + BIO *next; if (inl <= 0) return inl; - ctx = (BIO_OK_CTX *)b->ptr; + ctx = BIO_get_data(b); + next = BIO_next(b); ret = inl; - if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) + if ((ctx == NULL) || (next == NULL) || (BIO_get_init(b) == 0)) return (0); if (ctx->sigio && !sig_out(b)) @@ -314,7 +271,7 @@ static int ok_write(BIO *b, const char *in, int inl) BIO_clear_retry_flags(b); n = ctx->buf_len - ctx->buf_off; while (ctx->blockout && n > 0) { - i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); + i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); if (i <= 0) { BIO_copy_next_retry(b); if (!BIO_should_retry(b)) @@ -338,8 +295,7 @@ static int ok_write(BIO *b, const char *in, int inl) n = (inl + ctx->buf_len > OK_BLOCK_SIZE + OK_BLOCK_BLOCK) ? (int)(OK_BLOCK_SIZE + OK_BLOCK_BLOCK - ctx->buf_len) : inl; - memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])), - (unsigned char *)in, n); + memcpy(&ctx->buf[ctx->buf_len], in, n); ctx->buf_len += n; inl -= n; in += n; @@ -364,8 +320,10 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) const EVP_MD **ppmd; long ret = 1; int i; + BIO *next; - ctx = b->ptr; + ctx = BIO_get_data(b); + next = BIO_next(b); switch (cmd) { case BIO_CTRL_RESET: @@ -377,19 +335,19 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) ctx->finished = 0; ctx->blockout = 0; ctx->sigio = 1; - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; case BIO_CTRL_EOF: /* More to read */ if (ctx->cont <= 0) ret = 1; else - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; case BIO_CTRL_PENDING: /* More to read in buffer */ case BIO_CTRL_WPENDING: /* More to read in buffer */ ret = ctx->blockout ? ctx->buf_len - ctx->buf_off : 0; if (ret <= 0) - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; case BIO_CTRL_FLUSH: /* do a final write */ @@ -410,11 +368,11 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) ctx->cont = (int)ret; /* Finally flush the underlying BIO */ - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; case BIO_C_DO_STATE_MACHINE: BIO_clear_retry_flags(b); - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); BIO_copy_next_retry(b); break; case BIO_CTRL_INFO: @@ -422,36 +380,41 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_C_SET_MD: md = ptr; - if (!EVP_DigestInit_ex(&ctx->md, md, NULL)) + if (!EVP_DigestInit_ex(ctx->md, md, NULL)) return 0; - b->init = 1; + BIO_set_init(b, 1); break; case BIO_C_GET_MD: - if (b->init) { + if (BIO_get_init(b)) { ppmd = ptr; - *ppmd = ctx->md.digest; + *ppmd = EVP_MD_CTX_md(ctx->md); } else ret = 0; break; default: - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; } - return (ret); + return ret; } static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) { long ret = 1; + BIO *next; + + next = BIO_next(b); + + if (next == NULL) + return 0; - if (b->next_bio == NULL) - return (0); switch (cmd) { default: - ret = BIO_callback_ctrl(b->next_bio, cmd, fp); + ret = BIO_callback_ctrl(next, cmd, fp); break; } - return (ret); + + return ret; } static void longswap(void *_ptr, size_t len) @@ -478,30 +441,36 @@ static int sig_out(BIO *b) { BIO_OK_CTX *ctx; EVP_MD_CTX *md; + const EVP_MD *digest; + int md_size; + void *md_data; - ctx = b->ptr; - md = &ctx->md; + ctx = BIO_get_data(b); + md = ctx->md; + digest = EVP_MD_CTX_md(md); + md_size = EVP_MD_size(digest); + md_data = EVP_MD_CTX_md_data(md); - if (ctx->buf_len + 2 * md->digest->md_size > OK_BLOCK_SIZE) + if (ctx->buf_len + 2 * md_size > OK_BLOCK_SIZE) return 1; - if (!EVP_DigestInit_ex(md, md->digest, NULL)) + if (!EVP_DigestInit_ex(md, digest, NULL)) goto berr; /* * FIXME: there's absolutely no guarantee this makes any sense at all, * particularly now EVP_MD_CTX has been restructured. */ - if (RAND_bytes(md->md_data, md->digest->md_size) <= 0) + if (RAND_bytes(md_data, md_size) <= 0) goto berr; - memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size); - longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size); - ctx->buf_len += md->digest->md_size; + memcpy(&(ctx->buf[ctx->buf_len]), md_data, md_size); + longswap(&(ctx->buf[ctx->buf_len]), md_size); + ctx->buf_len += md_size; if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN))) goto berr; if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL)) goto berr; - ctx->buf_len += md->digest->md_size; + ctx->buf_len += md_size; ctx->blockout = 1; ctx->sigio = 0; return 1; @@ -516,25 +485,31 @@ static int sig_in(BIO *b) EVP_MD_CTX *md; unsigned char tmp[EVP_MAX_MD_SIZE]; int ret = 0; + const EVP_MD *digest; + int md_size; + void *md_data; - ctx = b->ptr; - md = &ctx->md; + ctx = BIO_get_data(b); + md = ctx->md; + digest = EVP_MD_CTX_md(md); + md_size = EVP_MD_size(digest); + md_data = EVP_MD_CTX_md_data(md); - if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md->digest->md_size) + if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md_size) return 1; - if (!EVP_DigestInit_ex(md, md->digest, NULL)) + if (!EVP_DigestInit_ex(md, digest, NULL)) goto berr; - memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size); - longswap(md->md_data, md->digest->md_size); - ctx->buf_off += md->digest->md_size; + memcpy(md_data, &(ctx->buf[ctx->buf_off]), md_size); + longswap(md_data, md_size); + ctx->buf_off += md_size; if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN))) goto berr; if (!EVP_DigestFinal_ex(md, tmp, NULL)) goto berr; - ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0; - ctx->buf_off += md->digest->md_size; + ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md_size) == 0; + ctx->buf_off += md_size; if (ret == 1) { ctx->sigio = 0; if (ctx->buf_len != ctx->buf_off) { @@ -557,9 +532,13 @@ static int block_out(BIO *b) BIO_OK_CTX *ctx; EVP_MD_CTX *md; unsigned long tl; + const EVP_MD *digest; + int md_size; - ctx = b->ptr; - md = &ctx->md; + ctx = BIO_get_data(b); + md = ctx->md; + digest = EVP_MD_CTX_md(md); + md_size = EVP_MD_size(digest); tl = ctx->buf_len - OK_BLOCK_BLOCK; ctx->buf[0] = (unsigned char)(tl >> 24); @@ -571,7 +550,7 @@ static int block_out(BIO *b) goto berr; if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL)) goto berr; - ctx->buf_len += md->digest->md_size; + ctx->buf_len += md_size; ctx->blockout = 1; return 1; berr: @@ -585,9 +564,11 @@ static int block_in(BIO *b) EVP_MD_CTX *md; unsigned long tl = 0; unsigned char tmp[EVP_MAX_MD_SIZE]; + int md_size; - ctx = b->ptr; - md = &ctx->md; + ctx = BIO_get_data(b); + md = ctx->md; + md_size = EVP_MD_size(EVP_MD_CTX_md(md)); assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */ tl = ctx->buf[0]; @@ -598,7 +579,7 @@ static int block_in(BIO *b) tl <<= 8; tl |= ctx->buf[3]; - if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md->digest->md_size) + if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md_size) return 1; if (!EVP_DigestUpdate(md, @@ -606,10 +587,9 @@ static int block_in(BIO *b) goto berr; if (!EVP_DigestFinal_ex(md, tmp, NULL)) goto berr; - if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == - 0) { + if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md_size) == 0) { /* there might be parts from next block lurking around ! */ - ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md->digest->md_size; + ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md_size; ctx->buf_len_save = ctx->buf_len; ctx->buf_off = OK_BLOCK_BLOCK; ctx->buf_len = tl + OK_BLOCK_BLOCK; diff --git a/Cryptlib/OpenSSL/crypto/evp/c_all.c b/Cryptlib/OpenSSL/crypto/evp/c_all.c deleted file mode 100644 index 719e34d2..00000000 --- a/Cryptlib/OpenSSL/crypto/evp/c_all.c +++ /dev/null @@ -1,85 +0,0 @@ -/* crypto/evp/c_all.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "cryptlib.h" -#include <openssl/evp.h> -#ifndef OPENSSL_NO_ENGINE -# include <openssl/engine.h> -#endif - -#if 0 -# undef OpenSSL_add_all_algorithms - -void OpenSSL_add_all_algorithms(void) -{ - OPENSSL_add_all_algorithms_noconf(); -} -#endif - -void OPENSSL_add_all_algorithms_noconf(void) -{ - /* - * For the moment OPENSSL_cpuid_setup does something - * only on IA-32, but we reserve the option for all - * platforms... - */ - OPENSSL_cpuid_setup(); - OpenSSL_add_all_ciphers(); - OpenSSL_add_all_digests(); -} diff --git a/Cryptlib/OpenSSL/crypto/evp/c_allc.c b/Cryptlib/OpenSSL/crypto/evp/c_allc.c index 280e5840..6ed31edb 100644 --- a/Cryptlib/OpenSSL/crypto/evp/c_allc.c +++ b/Cryptlib/OpenSSL/crypto/evp/c_allc.c @@ -1,68 +1,20 @@ -/* crypto/evp/c_allc.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/evp.h> +#include <internal/evp_int.h> #include <openssl/pkcs12.h> #include <openssl/objects.h> -void OpenSSL_add_all_ciphers(void) +void openssl_add_all_ciphers_int(void) { #ifndef OPENSSL_NO_DES @@ -92,8 +44,13 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_des_ecb()); EVP_add_cipher(EVP_des_ede()); + EVP_add_cipher_alias(SN_des_ede_ecb, "DES-EDE-ECB"); + EVP_add_cipher_alias(SN_des_ede_ecb, "des-ede-ecb"); EVP_add_cipher(EVP_des_ede3()); + EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB"); + EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb"); EVP_add_cipher(EVP_des_ede3_wrap()); + EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap"); #endif #ifndef OPENSSL_NO_RC4 @@ -131,6 +88,9 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_rc2_64_cbc()); EVP_add_cipher_alias(SN_rc2_cbc, "RC2"); EVP_add_cipher_alias(SN_rc2_cbc, "rc2"); + EVP_add_cipher_alias(SN_rc2_cbc, "rc2-128"); + EVP_add_cipher_alias(SN_rc2_64_cbc, "rc2-64"); + EVP_add_cipher_alias(SN_rc2_40_cbc, "rc2-40"); #endif #ifndef OPENSSL_NO_BF @@ -163,7 +123,6 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher_alias(SN_rc5_cbc, "RC5"); #endif -#ifndef OPENSSL_NO_AES EVP_add_cipher(EVP_aes_128_ecb()); EVP_add_cipher(EVP_aes_128_cbc()); EVP_add_cipher(EVP_aes_128_cfb()); @@ -172,9 +131,14 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_aes_128_ofb()); EVP_add_cipher(EVP_aes_128_ctr()); EVP_add_cipher(EVP_aes_128_gcm()); +#ifndef OPENSSL_NO_OCB + EVP_add_cipher(EVP_aes_128_ocb()); +#endif EVP_add_cipher(EVP_aes_128_xts()); EVP_add_cipher(EVP_aes_128_ccm()); EVP_add_cipher(EVP_aes_128_wrap()); + EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap"); + EVP_add_cipher(EVP_aes_128_wrap_pad()); EVP_add_cipher_alias(SN_aes_128_cbc, "AES128"); EVP_add_cipher_alias(SN_aes_128_cbc, "aes128"); EVP_add_cipher(EVP_aes_192_ecb()); @@ -185,8 +149,13 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_aes_192_ofb()); EVP_add_cipher(EVP_aes_192_ctr()); EVP_add_cipher(EVP_aes_192_gcm()); +#ifndef OPENSSL_NO_OCB + EVP_add_cipher(EVP_aes_192_ocb()); +#endif EVP_add_cipher(EVP_aes_192_ccm()); EVP_add_cipher(EVP_aes_192_wrap()); + EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap"); + EVP_add_cipher(EVP_aes_192_wrap_pad()); EVP_add_cipher_alias(SN_aes_192_cbc, "AES192"); EVP_add_cipher_alias(SN_aes_192_cbc, "aes192"); EVP_add_cipher(EVP_aes_256_ecb()); @@ -197,20 +166,20 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_aes_256_ofb()); EVP_add_cipher(EVP_aes_256_ctr()); EVP_add_cipher(EVP_aes_256_gcm()); +#ifndef OPENSSL_NO_OCB + EVP_add_cipher(EVP_aes_256_ocb()); +#endif EVP_add_cipher(EVP_aes_256_xts()); EVP_add_cipher(EVP_aes_256_ccm()); EVP_add_cipher(EVP_aes_256_wrap()); + EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap"); + EVP_add_cipher(EVP_aes_256_wrap_pad()); EVP_add_cipher_alias(SN_aes_256_cbc, "AES256"); EVP_add_cipher_alias(SN_aes_256_cbc, "aes256"); -# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); -# endif -# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); -# endif -#endif #ifndef OPENSSL_NO_CAMELLIA EVP_add_cipher(EVP_camellia_128_ecb()); @@ -237,5 +206,15 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_camellia_256_ofb()); EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256"); EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256"); + EVP_add_cipher(EVP_camellia_128_ctr()); + EVP_add_cipher(EVP_camellia_192_ctr()); + EVP_add_cipher(EVP_camellia_256_ctr()); +#endif + +#ifndef OPENSSL_NO_CHACHA + EVP_add_cipher(EVP_chacha20()); +# ifndef OPENSSL_NO_POLY1305 + EVP_add_cipher(EVP_chacha20_poly1305()); +# endif #endif } diff --git a/Cryptlib/OpenSSL/crypto/evp/c_alld.c b/Cryptlib/OpenSSL/crypto/evp/c_alld.c index fdbe3ee0..ec79734e 100644 --- a/Cryptlib/OpenSSL/crypto/evp/c_alld.c +++ b/Cryptlib/OpenSSL/crypto/evp/c_alld.c @@ -1,114 +1,49 @@ -/* crypto/evp/c_alld.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/evp.h> +#include <internal/evp_int.h> #include <openssl/pkcs12.h> #include <openssl/objects.h> -void OpenSSL_add_all_digests(void) +void openssl_add_all_digests_int(void) { #ifndef OPENSSL_NO_MD4 EVP_add_digest(EVP_md4()); #endif #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); - EVP_add_digest_alias(SN_md5, "ssl2-md5"); EVP_add_digest_alias(SN_md5, "ssl3-md5"); + EVP_add_digest(EVP_md5_sha1()); #endif -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) - EVP_add_digest(EVP_sha()); -# ifndef OPENSSL_NO_DSA - EVP_add_digest(EVP_dss()); -# endif -#endif -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); -# ifndef OPENSSL_NO_DSA - EVP_add_digest(EVP_dss1()); - EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); - EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); - EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); -# endif -# ifndef OPENSSL_NO_ECDSA - EVP_add_digest(EVP_ecdsa()); -# endif -#endif #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) EVP_add_digest(EVP_mdc2()); #endif -#ifndef OPENSSL_NO_RIPEMD +#ifndef OPENSSL_NO_RMD160 EVP_add_digest(EVP_ripemd160()); EVP_add_digest_alias(SN_ripemd160, "ripemd"); EVP_add_digest_alias(SN_ripemd160, "rmd160"); #endif -#ifndef OPENSSL_NO_SHA256 EVP_add_digest(EVP_sha224()); EVP_add_digest(EVP_sha256()); -#endif -#ifndef OPENSSL_NO_SHA512 EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); -#endif #ifndef OPENSSL_NO_WHIRLPOOL EVP_add_digest(EVP_whirlpool()); #endif +#ifndef OPENSSL_NO_BLAKE2 + EVP_add_digest(EVP_blake2b512()); + EVP_add_digest(EVP_blake2s256()); +#endif } diff --git a/Cryptlib/OpenSSL/crypto/evp/cmeth_lib.c b/Cryptlib/OpenSSL/crypto/evp/cmeth_lib.c new file mode 100644 index 00000000..e2295c4d --- /dev/null +++ b/Cryptlib/OpenSSL/crypto/evp/cmeth_lib.c @@ -0,0 +1,151 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <string.h> + +#include <openssl/evp.h> +#include "internal/evp_int.h" +#include "evp_locl.h" + +EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len) +{ + EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER)); + + if (cipher != NULL) { + cipher->nid = cipher_type; + cipher->block_size = block_size; + cipher->key_len = key_len; + } + return cipher; +} + +EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher) +{ + EVP_CIPHER *to = EVP_CIPHER_meth_new(cipher->nid, cipher->block_size, + cipher->key_len); + + if (to != NULL) + memcpy(to, cipher, sizeof(*to)); + return to; +} + +void EVP_CIPHER_meth_free(EVP_CIPHER *cipher) +{ + OPENSSL_free(cipher); +} + +int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len) +{ + cipher->iv_len = iv_len; + return 1; +} + +int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags) +{ + cipher->flags = flags; + return 1; +} + +int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size) +{ + cipher->ctx_size = ctx_size; + return 1; +} + +int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, + int (*init) (EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc)) +{ + cipher->init = init; + return 1; +} + +int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, + int (*do_cipher) (EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl)) +{ + cipher->do_cipher = do_cipher; + return 1; +} + +int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, + int (*cleanup) (EVP_CIPHER_CTX *)) +{ + cipher->cleanup = cleanup; + return 1; +} + +int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, + int (*set_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)) +{ + cipher->set_asn1_parameters = set_asn1_parameters; + return 1; +} + +int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, + int (*get_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)) +{ + cipher->get_asn1_parameters = get_asn1_parameters; + return 1; +} + +int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, + int (*ctrl) (EVP_CIPHER_CTX *, int type, + int arg, void *ptr)) +{ + cipher->ctrl = ctrl; + return 1; +} + + +int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc) +{ + return cipher->init; +} +int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl) +{ + return cipher->do_cipher; +} + +int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *) +{ + return cipher->cleanup; +} + +int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *) +{ + return cipher->set_asn1_parameters; +} + +int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *) +{ + return cipher->get_asn1_parameters; +} + +int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + int type, int arg, + void *ptr) +{ + return cipher->ctrl; +} + diff --git a/Cryptlib/OpenSSL/crypto/evp/digest.c b/Cryptlib/OpenSSL/crypto/evp/digest.c index 4db17962..65eff7c8 100644 --- a/Cryptlib/OpenSSL/crypto/evp/digest.c +++ b/Cryptlib/OpenSSL/crypto/evp/digest.c @@ -1,173 +1,75 @@ -/* crypto/evp/digest.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/objects.h> #include <openssl/evp.h> +#include <openssl/engine.h> +#include "internal/evp_int.h" +#include "evp_locl.h" + +/* This call frees resources associated with the context */ +int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) +{ + if (ctx == NULL) + return 1; + + /* + * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because + * sometimes only copies of the context are ever finalised. + */ + if (ctx->digest && ctx->digest->cleanup + && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) + ctx->digest->cleanup(ctx); + if (ctx->digest && ctx->digest->ctx_size && ctx->md_data + && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { + OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); + } + EVP_PKEY_CTX_free(ctx->pctx); #ifndef OPENSSL_NO_ENGINE -# include <openssl/engine.h> + ENGINE_finish(ctx->engine); #endif + OPENSSL_cleanse(ctx, sizeof(*ctx)); -#ifdef OPENSSL_FIPS -# include <openssl/fips.h> -# include "evp_locl.h" -#endif + return 1; +} -void EVP_MD_CTX_init(EVP_MD_CTX *ctx) +EVP_MD_CTX *EVP_MD_CTX_new(void) { - memset(ctx, '\0', sizeof *ctx); + return OPENSSL_zalloc(sizeof(EVP_MD_CTX)); } -EVP_MD_CTX *EVP_MD_CTX_create(void) +void EVP_MD_CTX_free(EVP_MD_CTX *ctx) { - EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof *ctx); - - if (ctx) - EVP_MD_CTX_init(ctx); - - return ctx; + EVP_MD_CTX_reset(ctx); + OPENSSL_free(ctx); } int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) { - EVP_MD_CTX_init(ctx); + EVP_MD_CTX_reset(ctx); return EVP_DigestInit_ex(ctx, type, NULL); } int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); -#ifdef OPENSSL_FIPS - /* If FIPS mode switch to approved implementation if possible */ - if (FIPS_mode()) { - const EVP_MD *fipsmd; - if (type) { - fipsmd = evp_get_fips_md(type); - if (fipsmd) - type = fipsmd; - } - } -#endif #ifndef OPENSSL_NO_ENGINE /* * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so * this context may already have an ENGINE! Try to avoid releasing the * previous handle, re-querying for an ENGINE, and having a - * reinitialisation, when it may all be unecessary. + * reinitialisation, when it may all be unnecessary. */ - if (ctx->engine && ctx->digest && (!type || - (type - && (type->type == - ctx->digest->type)))) + if (ctx->engine && ctx->digest && + (type == NULL || (type->type == ctx->digest->type))) goto skip_to_init; if (type) { /* @@ -175,21 +77,21 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) * previous check attempted to avoid this if the same ENGINE and * EVP_MD could be used). */ - if (ctx->engine) - ENGINE_finish(ctx->engine); - if (impl) { + ENGINE_finish(ctx->engine); + if (impl != NULL) { if (!ENGINE_init(impl)) { EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; } - } else + } else { /* Ask if an ENGINE is reserved for this job */ impl = ENGINE_get_digest_engine(type->type); - if (impl) { + } + if (impl != NULL) { /* There's an ENGINE for this job ... (apparently) */ const EVP_MD *d = ENGINE_get_digest(impl, type->type); - if (!d) { - /* Same comment from evp_enc.c */ + + if (d == NULL) { EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR); ENGINE_finish(impl); return 0; @@ -213,13 +115,13 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) #endif if (ctx->digest != type) { if (ctx->digest && ctx->digest->ctx_size) { - OPENSSL_free(ctx->md_data); + OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); ctx->md_data = NULL; } ctx->digest = type; if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { ctx->update = type->update; - ctx->md_data = OPENSSL_malloc(type->ctx_size); + ctx->md_data = OPENSSL_zalloc(type->ctx_size); if (ctx->md_data == NULL) { EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE); return 0; @@ -238,24 +140,11 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) } if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) return 1; -#ifdef OPENSSL_FIPS - if (FIPS_mode()) { - if (FIPS_digestinit(ctx, type)) - return 1; - OPENSSL_free(ctx->md_data); - ctx->md_data = NULL; - return 0; - } -#endif return ctx->digest->init(ctx); } int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) { -#ifdef OPENSSL_FIPS - if (FIPS_mode()) - return FIPS_digestupdate(ctx, data, count); -#endif return ctx->update(ctx, data, count); } @@ -264,7 +153,7 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { int ret; ret = EVP_DigestFinal_ex(ctx, md, size); - EVP_MD_CTX_cleanup(ctx); + EVP_MD_CTX_reset(ctx); return ret; } @@ -272,10 +161,6 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { int ret; -#ifdef OPENSSL_FIPS - if (FIPS_mode()) - return FIPS_digestfinal(ctx, md, size); -#endif OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); @@ -291,7 +176,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) { - EVP_MD_CTX_init(out); + EVP_MD_CTX_reset(out); return EVP_MD_CTX_copy_ex(out, in); } @@ -315,15 +200,22 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE); } else tmp_buf = NULL; - EVP_MD_CTX_cleanup(out); - memcpy(out, in, sizeof *out); + EVP_MD_CTX_reset(out); + memcpy(out, in, sizeof(*out)); + + /* Null these variables, since they are getting fixed up + * properly below. Anything else may cause a memleak and/or + * double free if any of the memory allocations below fail + */ + out->md_data = NULL; + out->pctx = NULL; if (in->md_data && out->digest->ctx_size) { if (tmp_buf) out->md_data = tmp_buf; else { out->md_data = OPENSSL_malloc(out->digest->ctx_size); - if (!out->md_data) { + if (out->md_data == NULL) { EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_MALLOC_FAILURE); return 0; } @@ -336,7 +228,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) if (in->pctx) { out->pctx = EVP_PKEY_CTX_dup(in->pctx); if (!out->pctx) { - EVP_MD_CTX_cleanup(out); + EVP_MD_CTX_reset(out); return 0; } } @@ -351,58 +243,27 @@ int EVP_Digest(const void *data, size_t count, unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_new(); int ret; - EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT); - ret = EVP_DigestInit_ex(&ctx, type, impl) - && EVP_DigestUpdate(&ctx, data, count) - && EVP_DigestFinal_ex(&ctx, md, size); - EVP_MD_CTX_cleanup(&ctx); + if (ctx == NULL) + return 0; + EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT); + ret = EVP_DigestInit_ex(ctx, type, impl) + && EVP_DigestUpdate(ctx, data, count) + && EVP_DigestFinal_ex(ctx, md, size); + EVP_MD_CTX_free(ctx); return ret; } -void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) +int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) { - if (ctx) { - EVP_MD_CTX_cleanup(ctx); - OPENSSL_free(ctx); - } -} - -/* This call frees resources associated with the context */ -int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) -{ -#ifndef OPENSSL_FIPS - /* - * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because - * sometimes only copies of the context are ever finalised. - */ - if (ctx->digest && ctx->digest->cleanup - && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) - ctx->digest->cleanup(ctx); - if (ctx->digest && ctx->digest->ctx_size && ctx->md_data - && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { - OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size); - OPENSSL_free(ctx->md_data); + if (ctx->digest && ctx->digest->md_ctrl) { + int ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2); + if (ret <= 0) + return 0; + return 1; } -#endif - if (ctx->pctx) - EVP_PKEY_CTX_free(ctx->pctx); -#ifndef OPENSSL_NO_ENGINE - if (ctx->engine) - /* - * The EVP_MD we used belongs to an ENGINE, release the functional - * reference we held for this reason. - */ - ENGINE_finish(ctx->engine); -#endif -#ifdef OPENSSL_FIPS - FIPS_md_ctx_cleanup(ctx); -#endif - memset(ctx, '\0', sizeof *ctx); - - return 1; + return 0; } diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes.c b/Cryptlib/OpenSSL/crypto/evp/e_aes.c index 7c62d327..17822f20 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_aes.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_aes.c @@ -1,67 +1,23 @@ -/* ==================================================================== - * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== +/* + * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <openssl/opensslconf.h> -#ifndef OPENSSL_NO_AES #include <openssl/crypto.h> -# include <openssl/evp.h> -# include <openssl/err.h> -# include <string.h> -# include <assert.h> -# include <openssl/aes.h> -# include "evp_locl.h" -# include "modes_lcl.h" -# include <openssl/rand.h> - -# undef EVP_CIPH_FLAG_FIPS -# define EVP_CIPH_FLAG_FIPS 0 +#include <openssl/evp.h> +#include <openssl/err.h> +#include <string.h> +#include <assert.h> +#include <openssl/aes.h> +#include "internal/evp_int.h" +#include "modes_lcl.h" +#include <openssl/rand.h> +#include "evp_locl.h" typedef struct { union { @@ -113,13 +69,38 @@ typedef struct { int tag_set; /* Set if tag is valid */ int len_set; /* Set if message length set */ int L, M; /* L and M parameters from RFC3610 */ + int tls_aad_len; /* TLS AAD length */ CCM128_CONTEXT ccm; ccm128_f str; } EVP_AES_CCM_CTX; -# define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) +#ifndef OPENSSL_NO_OCB +typedef struct { + union { + double align; + AES_KEY ks; + } ksenc; /* AES key schedule to use for encryption */ + union { + double align; + AES_KEY ks; + } ksdec; /* AES key schedule to use for decryption */ + int key_set; /* Set if key initialised */ + int iv_set; /* Set if an iv is set */ + OCB128_CONTEXT ocb; + unsigned char *iv; /* Temporary IV store */ + unsigned char tag[16]; + unsigned char data_buf[16]; /* Store partial data blocks */ + unsigned char aad_buf[16]; /* Store partial AAD blocks */ + int data_buf_len; + int aad_buf_len; + int ivlen; /* IV length */ + int taglen; +} EVP_AES_OCB_CTX; +#endif -# ifdef VPAES_ASM +#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) + +#ifdef VPAES_ASM int vpaes_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key); int vpaes_set_decrypt_key(const unsigned char *userKey, int bits, @@ -134,8 +115,8 @@ void vpaes_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key, unsigned char *ivec, int enc); -# endif -# ifdef BSAES_ASM +#endif +#ifdef BSAES_ASM void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key, unsigned char ivec[16], int enc); @@ -148,54 +129,55 @@ void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out, void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]); -# endif -# ifdef AES_CTR_ASM +#endif +#ifdef AES_CTR_ASM void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, size_t blocks, const AES_KEY *key, const unsigned char ivec[AES_BLOCK_SIZE]); -# endif -# ifdef AES_XTS_ASM -void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len, +#endif +#ifdef AES_XTS_ASM +void AES_xts_encrypt(const char *inp, char *out, size_t len, const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]); -void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, +void AES_xts_decrypt(const char *inp, char *out, size_t len, const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]); -# endif +#endif -# if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC)) -# include "ppc_arch.h" -# ifdef VPAES_ASM -# define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC) -# endif -# define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207) -# define HWAES_set_encrypt_key aes_p8_set_encrypt_key -# define HWAES_set_decrypt_key aes_p8_set_decrypt_key -# define HWAES_encrypt aes_p8_encrypt -# define HWAES_decrypt aes_p8_decrypt -# define HWAES_cbc_encrypt aes_p8_cbc_encrypt -# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks +#if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC)) +# include "ppc_arch.h" +# ifdef VPAES_ASM +# define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC) # endif +# define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207) +# define HWAES_set_encrypt_key aes_p8_set_encrypt_key +# define HWAES_set_decrypt_key aes_p8_set_decrypt_key +# define HWAES_encrypt aes_p8_encrypt +# define HWAES_decrypt aes_p8_decrypt +# define HWAES_cbc_encrypt aes_p8_cbc_encrypt +# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks +# define HWAES_xts_encrypt aes_p8_xts_encrypt +# define HWAES_xts_decrypt aes_p8_xts_decrypt +#endif -# if defined(AES_ASM) && !defined(I386_ONLY) && ( \ +#if defined(AES_ASM) && !defined(I386_ONLY) && ( \ ((defined(__i386) || defined(__i386__) || \ defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) || \ - defined(__INTEL__) ) + defined(_M_AMD64) || defined(_M_X64) ) extern unsigned int OPENSSL_ia32cap_P[]; -# ifdef VPAES_ASM -# define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) -# endif -# ifdef BSAES_ASM -# define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) -# endif +# ifdef VPAES_ASM +# define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) +# endif +# ifdef BSAES_ASM +# define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) +# endif /* * AES-NI section */ -# define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) +# define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) int aesni_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key); @@ -246,41 +228,43 @@ void aesni_ccm64_decrypt_blocks(const unsigned char *in, const unsigned char ivec[16], unsigned char cmac[16]); -# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) +# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) size_t aesni_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, unsigned char ivec[16], u64 *Xi); -# define AES_gcm_encrypt aesni_gcm_encrypt +# define AES_gcm_encrypt aesni_gcm_encrypt size_t aesni_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, unsigned char ivec[16], u64 *Xi); -# define AES_gcm_decrypt aesni_gcm_decrypt +# define AES_gcm_decrypt aesni_gcm_decrypt void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in, size_t len); -# define AES_GCM_ASM(gctx) (gctx->ctr==aesni_ctr32_encrypt_blocks && \ +# define AES_GCM_ASM(gctx) (gctx->ctr==aesni_ctr32_encrypt_blocks && \ gctx->gcm.ghash==gcm_ghash_avx) -# define AES_GCM_ASM2(gctx) (gctx->gcm.block==(block128_f)aesni_encrypt && \ +# define AES_GCM_ASM2(gctx) (gctx->gcm.block==(block128_f)aesni_encrypt && \ gctx->gcm.ghash==gcm_ghash_avx) -# undef AES_GCM_ASM2 /* minor size optimization */ -# endif +# undef AES_GCM_ASM2 /* minor size optimization */ +# endif static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { int ret, mode; - EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; + EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); - mode = ctx->cipher->flags & EVP_CIPH_MODE; + mode = EVP_CIPHER_CTX_mode(ctx); if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) { - ret = aesni_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); + ret = aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &dat->ks.ks); dat->block = (block128_f) aesni_decrypt; dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f) aesni_cbc_encrypt : NULL; } else { - ret = aesni_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); + ret = aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &dat->ks.ks); dat->block = (block128_f) aesni_encrypt; if (mode == EVP_CIPH_CBC_MODE) dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt; @@ -301,7 +285,9 @@ static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - aesni_cbc_encrypt(in, out, len, ctx->cipher_data, ctx->iv, ctx->encrypt); + aesni_cbc_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks, + EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_encrypting(ctx)); return 1; } @@ -309,44 +295,46 @@ static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - size_t bl = ctx->cipher->block_size; + size_t bl = EVP_CIPHER_CTX_block_size(ctx); if (len < bl) return 1; - aesni_ecb_encrypt(in, out, len, ctx->cipher_data, ctx->encrypt); + aesni_ecb_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks, + EVP_CIPHER_CTX_encrypting(ctx)); return 1; } -# define aesni_ofb_cipher aes_ofb_cipher +# define aesni_ofb_cipher aes_ofb_cipher static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define aesni_cfb_cipher aes_cfb_cipher +# define aesni_cfb_cipher aes_cfb_cipher static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define aesni_cfb8_cipher aes_cfb8_cipher +# define aesni_cfb8_cipher aes_cfb8_cipher static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define aesni_cfb1_cipher aes_cfb1_cipher +# define aesni_cfb1_cipher aes_cfb1_cipher static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define aesni_ctr_cipher aes_ctr_cipher +# define aesni_ctr_cipher aes_ctr_cipher static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - EVP_AES_GCM_CTX *gctx = ctx->cipher_data; + EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); if (!iv && !key) return 1; if (key) { - aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); + aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aesni_encrypt); gctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks; /* @@ -371,31 +359,34 @@ static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; } -# define aesni_gcm_cipher aes_gcm_cipher +# define aesni_gcm_cipher aes_gcm_cipher static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - EVP_AES_XTS_CTX *xctx = ctx->cipher_data; + EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); if (!iv && !key) return 1; if (key) { /* key_len is two AES keys */ if (enc) { - aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); + aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, + &xctx->ks1.ks); xctx->xts.block1 = (block128_f) aesni_encrypt; xctx->stream = aesni_xts_encrypt; } else { - aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); + aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, + &xctx->ks1.ks); xctx->xts.block1 = (block128_f) aesni_decrypt; xctx->stream = aesni_xts_decrypt; } - aesni_set_encrypt_key(key + ctx->key_len / 2, - ctx->key_len * 4, &xctx->ks2.ks); + aesni_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, + EVP_CIPHER_CTX_key_length(ctx) * 4, + &xctx->ks2.ks); xctx->xts.block2 = (block128_f) aesni_encrypt; xctx->xts.key1 = &xctx->ks1; @@ -403,24 +394,25 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (iv) { xctx->xts.key2 = &xctx->ks2; - memcpy(ctx->iv, iv, 16); + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16); } return 1; } -# define aesni_xts_cipher aes_xts_cipher +# define aesni_xts_cipher aes_xts_cipher static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - EVP_AES_CCM_CTX *cctx = ctx->cipher_data; + EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); if (!iv && !key) return 1; if (key) { - aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks); + aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &cctx->ks.ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, &cctx->ks, (block128_f) aesni_encrypt); cctx->str = enc ? (ccm128_f) aesni_ccm64_encrypt_blocks : @@ -428,17 +420,86 @@ static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, cctx->key_set = 1; } if (iv) { - memcpy(ctx->iv, iv, 15 - cctx->L); + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L); cctx->iv_set = 1; } return 1; } -# define aesni_ccm_cipher aes_ccm_cipher +# define aesni_ccm_cipher aes_ccm_cipher static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ +# ifndef OPENSSL_NO_OCB +void aesni_ocb_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); +void aesni_ocb_decrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); + +static int aesni_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); + if (!iv && !key) + return 1; + if (key) { + do { + /* + * We set both the encrypt and decrypt key here because decrypt + * needs both. We could possibly optimise to remove setting the + * decrypt for an encryption operation. + */ + aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &octx->ksenc.ks); + aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &octx->ksdec.ks); + if (!CRYPTO_ocb128_init(&octx->ocb, + &octx->ksenc.ks, &octx->ksdec.ks, + (block128_f) aesni_encrypt, + (block128_f) aesni_decrypt, + enc ? aesni_ocb_encrypt + : aesni_ocb_decrypt)) + return 0; + } + while (0); + + /* + * If we have an iv we can set it directly, otherwise use saved IV. + */ + if (iv == NULL && octx->iv_set) + iv = octx->iv; + if (iv) { + if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen) + != 1) + return 0; + octx->iv_set = 1; + } + octx->key_set = 1; + } else { + /* If key set use IV, otherwise copy */ + if (octx->key_set) + CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen); + else + memcpy(octx->iv, iv, octx->ivlen); + octx->iv_set = 1; + } + return 1; +} + +# define aesni_ocb_cipher aes_ocb_cipher +static int aesni_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); +# endif /* OPENSSL_NO_OCB */ + +# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ static const EVP_CIPHER aesni_##keylen##_##mode = { \ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ flags|EVP_CIPH_##MODE##_MODE, \ @@ -459,7 +520,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ { return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; } -# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ +# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ static const EVP_CIPHER aesni_##keylen##_##mode = { \ nid##_##keylen##_##mode,blocksize, \ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ @@ -481,13 +542,24 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ { return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; } -# elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) +#elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) -# include "sparc_arch.h" +# include "sparc_arch.h" extern unsigned int OPENSSL_sparcv9cap_P[]; -# define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES) +/* + * Initial Fujitsu SPARC64 X support + */ +# define HWAES_CAPABLE (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX) +# define HWAES_set_encrypt_key aes_fx_set_encrypt_key +# define HWAES_set_decrypt_key aes_fx_set_decrypt_key +# define HWAES_encrypt aes_fx_encrypt +# define HWAES_decrypt aes_fx_decrypt +# define HWAES_cbc_encrypt aes_fx_cbc_encrypt +# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks + +# define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES) void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks); void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks); @@ -504,7 +576,7 @@ void aes_t4_decrypt(const unsigned char *in, unsigned char *out, * non-key-length specific routines would require conditional branches * either in inner loops or on subroutines' entries. Former is hardly * acceptable, while latter means code size increase to size occupied - * by multiple key-length specfic subroutines, so why fight? + * by multiple key-length specific subroutines, so why fight? */ void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, @@ -550,14 +622,14 @@ static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { int ret, mode, bits; - EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; + EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); - mode = ctx->cipher->flags & EVP_CIPH_MODE; - bits = ctx->key_len * 8; + mode = EVP_CIPHER_CTX_mode(ctx); + bits = EVP_CIPHER_CTX_key_length(ctx) * 8; if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) { ret = 0; - aes_t4_set_decrypt_key(key, bits, ctx->cipher_data); + aes_t4_set_decrypt_key(key, bits, &dat->ks.ks); dat->block = (block128_f) aes_t4_decrypt; switch (bits) { case 128: @@ -577,7 +649,7 @@ static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, } } else { ret = 0; - aes_t4_set_encrypt_key(key, bits, ctx->cipher_data); + aes_t4_set_encrypt_key(key, bits, &dat->ks.ks); dat->block = (block128_f) aes_t4_encrypt; switch (bits) { case 128: @@ -617,42 +689,42 @@ static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; } -# define aes_t4_cbc_cipher aes_cbc_cipher +# define aes_t4_cbc_cipher aes_cbc_cipher static int aes_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define aes_t4_ecb_cipher aes_ecb_cipher +# define aes_t4_ecb_cipher aes_ecb_cipher static int aes_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define aes_t4_ofb_cipher aes_ofb_cipher +# define aes_t4_ofb_cipher aes_ofb_cipher static int aes_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define aes_t4_cfb_cipher aes_cfb_cipher +# define aes_t4_cfb_cipher aes_cfb_cipher static int aes_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define aes_t4_cfb8_cipher aes_cfb8_cipher +# define aes_t4_cfb8_cipher aes_cfb8_cipher static int aes_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define aes_t4_cfb1_cipher aes_cfb1_cipher +# define aes_t4_cfb1_cipher aes_cfb1_cipher static int aes_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define aes_t4_ctr_cipher aes_ctr_cipher +# define aes_t4_ctr_cipher aes_ctr_cipher static int aes_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - EVP_AES_GCM_CTX *gctx = ctx->cipher_data; + EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); if (!iv && !key) return 1; if (key) { - int bits = ctx->key_len * 8; + int bits = EVP_CIPHER_CTX_key_length(ctx) * 8; aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aes_t4_encrypt); @@ -691,19 +763,19 @@ static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; } -# define aes_t4_gcm_cipher aes_gcm_cipher +# define aes_t4_gcm_cipher aes_gcm_cipher static int aes_t4_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - EVP_AES_XTS_CTX *xctx = ctx->cipher_data; + EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); if (!iv && !key) return 1; if (key) { - int bits = ctx->key_len * 4; + int bits = EVP_CIPHER_CTX_key_length(ctx) * 4; xctx->stream = NULL; /* key_len is two AES keys */ if (enc) { @@ -713,11 +785,6 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, case 128: xctx->stream = aes128_t4_xts_encrypt; break; -# if 0 /* not yet */ - case 192: - xctx->stream = aes192_t4_xts_encrypt; - break; -# endif case 256: xctx->stream = aes256_t4_xts_encrypt; break; @@ -725,17 +792,13 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 0; } } else { - aes_t4_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); + aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, + &xctx->ks1.ks); xctx->xts.block1 = (block128_f) aes_t4_decrypt; switch (bits) { case 128: xctx->stream = aes128_t4_xts_decrypt; break; -# if 0 /* not yet */ - case 192: - xctx->stream = aes192_t4_xts_decrypt; - break; -# endif case 256: xctx->stream = aes256_t4_xts_decrypt; break; @@ -744,8 +807,9 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, } } - aes_t4_set_encrypt_key(key + ctx->key_len / 2, - ctx->key_len * 4, &xctx->ks2.ks); + aes_t4_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, + EVP_CIPHER_CTX_key_length(ctx) * 4, + &xctx->ks2.ks); xctx->xts.block2 = (block128_f) aes_t4_encrypt; xctx->xts.key1 = &xctx->ks1; @@ -753,61 +817,97 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (iv) { xctx->xts.key2 = &xctx->ks2; - memcpy(ctx->iv, iv, 16); + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16); } return 1; } -# define aes_t4_xts_cipher aes_xts_cipher +# define aes_t4_xts_cipher aes_xts_cipher static int aes_t4_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - EVP_AES_CCM_CTX *cctx = ctx->cipher_data; + EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); if (!iv && !key) return 1; if (key) { - int bits = ctx->key_len * 8; + int bits = EVP_CIPHER_CTX_key_length(ctx) * 8; aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, &cctx->ks, (block128_f) aes_t4_encrypt); -# if 0 /* not yet */ - switch (bits) { - case 128: - cctx->str = enc ? (ccm128_f) aes128_t4_ccm64_encrypt : - (ccm128_f) ae128_t4_ccm64_decrypt; - break; - case 192: - cctx->str = enc ? (ccm128_f) aes192_t4_ccm64_encrypt : - (ccm128_f) ae192_t4_ccm64_decrypt; - break; - case 256: - cctx->str = enc ? (ccm128_f) aes256_t4_ccm64_encrypt : - (ccm128_f) ae256_t4_ccm64_decrypt; - break; - default: - return 0; - } -# else cctx->str = NULL; -# endif cctx->key_set = 1; } if (iv) { - memcpy(ctx->iv, iv, 15 - cctx->L); + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L); cctx->iv_set = 1; } return 1; } -# define aes_t4_ccm_cipher aes_ccm_cipher +# define aes_t4_ccm_cipher aes_ccm_cipher static int aes_t4_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ +# ifndef OPENSSL_NO_OCB +static int aes_t4_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); + if (!iv && !key) + return 1; + if (key) { + do { + /* + * We set both the encrypt and decrypt key here because decrypt + * needs both. We could possibly optimise to remove setting the + * decrypt for an encryption operation. + */ + aes_t4_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &octx->ksenc.ks); + aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &octx->ksdec.ks); + if (!CRYPTO_ocb128_init(&octx->ocb, + &octx->ksenc.ks, &octx->ksdec.ks, + (block128_f) aes_t4_encrypt, + (block128_f) aes_t4_decrypt, + NULL)) + return 0; + } + while (0); + + /* + * If we have an iv we can set it directly, otherwise use saved IV. + */ + if (iv == NULL && octx->iv_set) + iv = octx->iv; + if (iv) { + if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen) + != 1) + return 0; + octx->iv_set = 1; + } + octx->key_set = 1; + } else { + /* If key set use IV, otherwise copy */ + if (octx->key_set) + CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen); + else + memcpy(octx->iv, iv, octx->ivlen); + octx->iv_set = 1; + } + return 1; +} + +# define aes_t4_ocb_cipher aes_ocb_cipher +static int aes_t4_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); +# endif /* OPENSSL_NO_OCB */ + +# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ flags|EVP_CIPH_##MODE##_MODE, \ @@ -828,7 +928,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ { return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } -# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ +# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ nid##_##keylen##_##mode,blocksize, \ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ @@ -850,9 +950,9 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ { return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } -# else +#else -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ +# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ static const EVP_CIPHER aes_##keylen##_##mode = { \ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ flags|EVP_CIPH_##MODE##_MODE, \ @@ -864,7 +964,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ { return &aes_##keylen##_##mode; } -# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ +# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ static const EVP_CIPHER aes_##keylen##_##mode = { \ nid##_##keylen##_##mode,blocksize, \ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ @@ -876,25 +976,29 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ NULL,NULL,aes_##mode##_ctrl,NULL }; \ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ { return &aes_##keylen##_##mode; } -# endif -# if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__)) -# include "arm_arch.h" -# if __ARM_MAX_ARCH__>=7 -# if defined(BSAES_ASM) -# define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) -# endif -# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES) -# define HWAES_set_encrypt_key aes_v8_set_encrypt_key -# define HWAES_set_decrypt_key aes_v8_set_decrypt_key -# define HWAES_encrypt aes_v8_encrypt -# define HWAES_decrypt aes_v8_decrypt -# define HWAES_cbc_encrypt aes_v8_cbc_encrypt -# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks +#endif + +#if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__)) +# include "arm_arch.h" +# if __ARM_MAX_ARCH__>=7 +# if defined(BSAES_ASM) +# define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) # endif +# if defined(VPAES_ASM) +# define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) +# endif +# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES) +# define HWAES_set_encrypt_key aes_v8_set_encrypt_key +# define HWAES_set_decrypt_key aes_v8_set_decrypt_key +# define HWAES_encrypt aes_v8_encrypt +# define HWAES_decrypt aes_v8_decrypt +# define HWAES_cbc_encrypt aes_v8_cbc_encrypt +# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks # endif +#endif -# if defined(HWAES_CAPABLE) +#if defined(HWAES_CAPABLE) int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key); int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits, @@ -909,9 +1013,15 @@ void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out, void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, const unsigned char ivec[16]); -# endif +void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out, + size_t len, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char iv[16]); +void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out, + size_t len, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char iv[16]); +#endif -# define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ +#define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ @@ -924,85 +1034,97 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { int ret, mode; - EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; + EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); - mode = ctx->cipher->flags & EVP_CIPH_MODE; + mode = EVP_CIPHER_CTX_mode(ctx); if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) - && !enc) -# ifdef HWAES_CAPABLE + && !enc) { +#ifdef HWAES_CAPABLE if (HWAES_CAPABLE) { - ret = HWAES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + ret = HWAES_set_decrypt_key(key, + EVP_CIPHER_CTX_key_length(ctx) * 8, + &dat->ks.ks); dat->block = (block128_f) HWAES_decrypt; dat->stream.cbc = NULL; -# ifdef HWAES_cbc_encrypt +# ifdef HWAES_cbc_encrypt if (mode == EVP_CIPH_CBC_MODE) dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt; -# endif - } else # endif -# ifdef BSAES_CAPABLE + } else +#endif +#ifdef BSAES_CAPABLE if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) { - ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + ret = AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &dat->ks.ks); dat->block = (block128_f) AES_decrypt; dat->stream.cbc = (cbc128_f) bsaes_cbc_encrypt; } else -# endif -# ifdef VPAES_CAPABLE +#endif +#ifdef VPAES_CAPABLE if (VPAES_CAPABLE) { - ret = vpaes_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + ret = vpaes_set_decrypt_key(key, + EVP_CIPHER_CTX_key_length(ctx) * 8, + &dat->ks.ks); dat->block = (block128_f) vpaes_decrypt; dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f) vpaes_cbc_encrypt : NULL; } else -# endif +#endif { - ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + ret = AES_set_decrypt_key(key, + EVP_CIPHER_CTX_key_length(ctx) * 8, + &dat->ks.ks); dat->block = (block128_f) AES_decrypt; dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f) AES_cbc_encrypt : NULL; + } } else -# ifdef HWAES_CAPABLE +#ifdef HWAES_CAPABLE if (HWAES_CAPABLE) { - ret = HWAES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + ret = HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &dat->ks.ks); dat->block = (block128_f) HWAES_encrypt; dat->stream.cbc = NULL; -# ifdef HWAES_cbc_encrypt +# ifdef HWAES_cbc_encrypt if (mode == EVP_CIPH_CBC_MODE) dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt; else -# endif -# ifdef HWAES_ctr32_encrypt_blocks +# endif +# ifdef HWAES_ctr32_encrypt_blocks if (mode == EVP_CIPH_CTR_MODE) dat->stream.ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks; else -# endif +# endif (void)0; /* terminate potentially open 'else' */ } else -# endif -# ifdef BSAES_CAPABLE +#endif +#ifdef BSAES_CAPABLE if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) { - ret = AES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &dat->ks.ks); dat->block = (block128_f) AES_encrypt; dat->stream.ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks; } else -# endif -# ifdef VPAES_CAPABLE +#endif +#ifdef VPAES_CAPABLE if (VPAES_CAPABLE) { - ret = vpaes_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + ret = vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &dat->ks.ks); dat->block = (block128_f) vpaes_encrypt; dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f) vpaes_cbc_encrypt : NULL; } else -# endif +#endif { - ret = AES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &dat->ks.ks); dat->block = (block128_f) AES_encrypt; dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f) AES_cbc_encrypt : NULL; -# ifdef AES_CTR_ASM +#ifdef AES_CTR_ASM if (mode == EVP_CIPH_CTR_MODE) dat->stream.ctr = (ctr128_f) AES_ctr32_encrypt; -# endif +#endif } if (ret < 0) { @@ -1016,14 +1138,18 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; + EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); if (dat->stream.cbc) - (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, ctx->encrypt); - else if (ctx->encrypt) - CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, dat->block); + (*dat->stream.cbc) (in, out, len, &dat->ks, + EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_encrypting(ctx)); + else if (EVP_CIPHER_CTX_encrypting(ctx)) + CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, + EVP_CIPHER_CTX_iv_noconst(ctx), dat->block); else - CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, dat->block); + CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, + EVP_CIPHER_CTX_iv_noconst(ctx), dat->block); return 1; } @@ -1031,9 +1157,9 @@ static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - size_t bl = ctx->cipher->block_size; + size_t bl = EVP_CIPHER_CTX_block_size(ctx); size_t i; - EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; + EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); if (len < bl) return 1; @@ -1047,52 +1173,70 @@ static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; + EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); + int num = EVP_CIPHER_CTX_num(ctx); CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, - ctx->iv, &ctx->num, dat->block); + EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block); + EVP_CIPHER_CTX_set_num(ctx, num); return 1; } static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; + EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); + int num = EVP_CIPHER_CTX_num(ctx); CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, - ctx->iv, &ctx->num, ctx->encrypt, dat->block); + EVP_CIPHER_CTX_iv_noconst(ctx), &num, + EVP_CIPHER_CTX_encrypting(ctx), dat->block); + EVP_CIPHER_CTX_set_num(ctx, num); return 1; } static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; + EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); + int num = EVP_CIPHER_CTX_num(ctx); CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, - ctx->iv, &ctx->num, ctx->encrypt, dat->block); + EVP_CIPHER_CTX_iv_noconst(ctx), &num, + EVP_CIPHER_CTX_encrypting(ctx), dat->block); + EVP_CIPHER_CTX_set_num(ctx, num); return 1; } static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; + EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); - if (ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) { + if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) { + int num = EVP_CIPHER_CTX_num(ctx); CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, - ctx->iv, &ctx->num, ctx->encrypt, dat->block); + EVP_CIPHER_CTX_iv_noconst(ctx), &num, + EVP_CIPHER_CTX_encrypting(ctx), dat->block); + EVP_CIPHER_CTX_set_num(ctx, num); return 1; } while (len >= MAXBITCHUNK) { + int num = EVP_CIPHER_CTX_num(ctx); CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, - ctx->iv, &ctx->num, ctx->encrypt, dat->block); + EVP_CIPHER_CTX_iv_noconst(ctx), &num, + EVP_CIPHER_CTX_encrypting(ctx), dat->block); + EVP_CIPHER_CTX_set_num(ctx, num); len -= MAXBITCHUNK; } - if (len) + if (len) { + int num = EVP_CIPHER_CTX_num(ctx); CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, - ctx->iv, &ctx->num, ctx->encrypt, dat->block); + EVP_CIPHER_CTX_iv_noconst(ctx), &num, + EVP_CIPHER_CTX_encrypting(ctx), dat->block); + EVP_CIPHER_CTX_set_num(ctx, num); + } return 1; } @@ -1100,28 +1244,34 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - unsigned int num = ctx->num; - EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; + unsigned int num = EVP_CIPHER_CTX_num(ctx); + EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); if (dat->stream.ctr) CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, - ctx->iv, ctx->buf, &num, dat->stream.ctr); + EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_buf_noconst(ctx), + &num, dat->stream.ctr); else CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, - ctx->iv, ctx->buf, &num, dat->block); - ctx->num = (size_t)num; + EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_buf_noconst(ctx), &num, + dat->block); + EVP_CIPHER_CTX_set_num(ctx, num); return 1; } -BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS) - BLOCK_CIPHER_generic_pack(NID_aes, 192, EVP_CIPH_FLAG_FIPS) - BLOCK_CIPHER_generic_pack(NID_aes, 256, EVP_CIPH_FLAG_FIPS) +BLOCK_CIPHER_generic_pack(NID_aes, 128, 0) + BLOCK_CIPHER_generic_pack(NID_aes, 192, 0) + BLOCK_CIPHER_generic_pack(NID_aes, 256, 0) static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) { - EVP_AES_GCM_CTX *gctx = c->cipher_data; + EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c); + if (gctx == NULL) + return 0; OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm)); - if (gctx->iv != c->iv) + if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c)) OPENSSL_free(gctx->iv); return 1; } @@ -1144,43 +1294,44 @@ static void ctr64_inc(unsigned char *counter) static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { - EVP_AES_GCM_CTX *gctx = c->cipher_data; + EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c); switch (type) { case EVP_CTRL_INIT: gctx->key_set = 0; gctx->iv_set = 0; - gctx->ivlen = c->cipher->iv_len; - gctx->iv = c->iv; + gctx->ivlen = EVP_CIPHER_CTX_iv_length(c); + gctx->iv = EVP_CIPHER_CTX_iv_noconst(c); gctx->taglen = -1; gctx->iv_gen = 0; gctx->tls_aad_len = -1; return 1; - case EVP_CTRL_GCM_SET_IVLEN: + case EVP_CTRL_AEAD_SET_IVLEN: if (arg <= 0) return 0; /* Allocate memory for IV if needed */ if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { - if (gctx->iv != c->iv) + if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c)) OPENSSL_free(gctx->iv); gctx->iv = OPENSSL_malloc(arg); - if (!gctx->iv) + if (gctx->iv == NULL) return 0; } gctx->ivlen = arg; return 1; - case EVP_CTRL_GCM_SET_TAG: - if (arg <= 0 || arg > 16 || c->encrypt) + case EVP_CTRL_AEAD_SET_TAG: + if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_encrypting(c)) return 0; - memcpy(c->buf, ptr, arg); + memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); gctx->taglen = arg; return 1; - case EVP_CTRL_GCM_GET_TAG: - if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0) + case EVP_CTRL_AEAD_GET_TAG: + if (arg <= 0 || arg > 16 || !EVP_CIPHER_CTX_encrypting(c) + || gctx->taglen < 0) return 0; - memcpy(ptr, c->buf, arg); + memcpy(ptr, EVP_CIPHER_CTX_buf_noconst(c), arg); return 1; case EVP_CTRL_GCM_SET_IV_FIXED: @@ -1198,7 +1349,8 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 0; if (arg) memcpy(gctx->iv, ptr, arg); - if (c->encrypt && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) + if (EVP_CIPHER_CTX_encrypting(c) + && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) return 0; gctx->iv_gen = 1; return 1; @@ -1219,7 +1371,8 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 1; case EVP_CTRL_GCM_SET_IV_INV: - if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt) + if (gctx->iv_gen == 0 || gctx->key_set == 0 + || EVP_CIPHER_CTX_encrypting(c)) return 0; memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen); @@ -1230,17 +1383,24 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) /* Save the AAD for later use */ if (arg != EVP_AEAD_TLS1_AAD_LEN) return 0; - memcpy(c->buf, ptr, arg); + memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); gctx->tls_aad_len = arg; { - unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1]; + unsigned int len = + EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8 + | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1]; /* Correct length for explicit IV */ + if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN) + return 0; len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; /* If decrypting correct for tag too */ - if (!c->encrypt) + if (!EVP_CIPHER_CTX_encrypting(c)) { + if (len < EVP_GCM_TLS_TAG_LEN) + return 0; len -= EVP_GCM_TLS_TAG_LEN; - c->buf[arg - 2] = len >> 8; - c->buf[arg - 1] = len & 0xff; + } + EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8; + EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff; } /* Extra padding: tag appended to record */ return EVP_GCM_TLS_TAG_LEN; @@ -1248,17 +1408,17 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_COPY: { EVP_CIPHER_CTX *out = ptr; - EVP_AES_GCM_CTX *gctx_out = out->cipher_data; + EVP_AES_GCM_CTX *gctx_out = EVP_C_DATA(EVP_AES_GCM_CTX,out); if (gctx->gcm.key) { if (gctx->gcm.key != &gctx->ks) return 0; gctx_out->gcm.key = &gctx_out->ks; } - if (gctx->iv == c->iv) - gctx_out->iv = out->iv; + if (gctx->iv == EVP_CIPHER_CTX_iv_noconst(c)) + gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out); else { gctx_out->iv = OPENSSL_malloc(gctx->ivlen); - if (!gctx_out->iv) + if (gctx_out->iv == NULL) return 0; memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); } @@ -1274,52 +1434,56 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - EVP_AES_GCM_CTX *gctx = ctx->cipher_data; + EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); if (!iv && !key) return 1; if (key) { do { -# ifdef HWAES_CAPABLE +#ifdef HWAES_CAPABLE if (HWAES_CAPABLE) { - HWAES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); + HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) HWAES_encrypt); -# ifdef HWAES_ctr32_encrypt_blocks +# ifdef HWAES_ctr32_encrypt_blocks gctx->ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks; -# else +# else gctx->ctr = NULL; -# endif +# endif break; } else -# endif -# ifdef BSAES_CAPABLE +#endif +#ifdef BSAES_CAPABLE if (BSAES_CAPABLE) { - AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); + AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) AES_encrypt); gctx->ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks; break; } else -# endif -# ifdef VPAES_CAPABLE +#endif +#ifdef VPAES_CAPABLE if (VPAES_CAPABLE) { - vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); + vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) vpaes_encrypt); gctx->ctr = NULL; break; } else -# endif +#endif (void)0; /* terminate potentially open 'else' */ - AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); + AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) AES_encrypt); -# ifdef AES_CTR_ASM +#ifdef AES_CTR_ASM gctx->ctr = (ctr128_f) AES_ctr32_encrypt; -# else +#else gctx->ctr = NULL; -# endif +#endif } while (0); /* @@ -1354,7 +1518,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - EVP_AES_GCM_CTX *gctx = ctx->cipher_data; + EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); int rv = -1; /* Encrypt/decrypt must be performed in place */ if (out != in @@ -1364,22 +1528,23 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, * Set IV from start of buffer or generate IV and write to start of * buffer. */ - if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_encrypting(ctx) ? EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) goto err; /* Use saved AAD */ - if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len)) + if (CRYPTO_gcm128_aad(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), + gctx->tls_aad_len)) goto err; /* Fix buffer and length to point to payload */ in += EVP_GCM_TLS_EXPLICIT_IV_LEN; out += EVP_GCM_TLS_EXPLICIT_IV_LEN; len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; - if (ctx->encrypt) { + if (EVP_CIPHER_CTX_encrypting(ctx)) { /* Encrypt payload */ if (gctx->ctr) { size_t bulk = 0; -# if defined(AES_GCM_ASM) +#if defined(AES_GCM_ASM) if (len >= 32 && AES_GCM_ASM(gctx)) { if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0)) return -1; @@ -1389,7 +1554,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, gctx->gcm.Yi.c, gctx->gcm.Xi.u); gctx->gcm.len.u[1] += bulk; } -# endif +#endif if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, in + bulk, out + bulk, @@ -1397,7 +1562,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, goto err; } else { size_t bulk = 0; -# if defined(AES_GCM_ASM2) +#if defined(AES_GCM_ASM2) if (len >= 32 && AES_GCM_ASM2(gctx)) { if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0)) return -1; @@ -1407,7 +1572,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, gctx->gcm.Yi.c, gctx->gcm.Xi.u); gctx->gcm.len.u[1] += bulk; } -# endif +#endif if (CRYPTO_gcm128_encrypt(&gctx->gcm, in + bulk, out + bulk, len - bulk)) goto err; @@ -1420,7 +1585,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, /* Decrypt */ if (gctx->ctr) { size_t bulk = 0; -# if defined(AES_GCM_ASM) +#if defined(AES_GCM_ASM) if (len >= 16 && AES_GCM_ASM(gctx)) { if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0)) return -1; @@ -1430,7 +1595,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, gctx->gcm.Yi.c, gctx->gcm.Xi.u); gctx->gcm.len.u[1] += bulk; } -# endif +#endif if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, in + bulk, out + bulk, @@ -1438,7 +1603,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, goto err; } else { size_t bulk = 0; -# if defined(AES_GCM_ASM2) +#if defined(AES_GCM_ASM2) if (len >= 16 && AES_GCM_ASM2(gctx)) { if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0)) return -1; @@ -1448,15 +1613,17 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, gctx->gcm.Yi.c, gctx->gcm.Xi.u); gctx->gcm.len.u[1] += bulk; } -# endif +#endif if (CRYPTO_gcm128_decrypt(&gctx->gcm, in + bulk, out + bulk, len - bulk)) goto err; } /* Retrieve tag */ - CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN); + CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), + EVP_GCM_TLS_TAG_LEN); /* If tag mismatch wipe buffer */ - if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { + if (CRYPTO_memcmp(EVP_CIPHER_CTX_buf_noconst(ctx), in + len, + EVP_GCM_TLS_TAG_LEN)) { OPENSSL_cleanse(out, len); goto err; } @@ -1472,7 +1639,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - EVP_AES_GCM_CTX *gctx = ctx->cipher_data; + EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); /* If not set up, return error */ if (!gctx->key_set) return -1; @@ -1486,10 +1653,10 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (out == NULL) { if (CRYPTO_gcm128_aad(&gctx->gcm, in, len)) return -1; - } else if (ctx->encrypt) { + } else if (EVP_CIPHER_CTX_encrypting(ctx)) { if (gctx->ctr) { size_t bulk = 0; -# if defined(AES_GCM_ASM) +#if defined(AES_GCM_ASM) if (len >= 32 && AES_GCM_ASM(gctx)) { size_t res = (16 - gctx->gcm.mres) % 16; @@ -1503,7 +1670,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, gctx->gcm.len.u[1] += bulk; bulk += res; } -# endif +#endif if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, in + bulk, out + bulk, @@ -1511,7 +1678,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return -1; } else { size_t bulk = 0; -# if defined(AES_GCM_ASM2) +#if defined(AES_GCM_ASM2) if (len >= 32 && AES_GCM_ASM2(gctx)) { size_t res = (16 - gctx->gcm.mres) % 16; @@ -1525,7 +1692,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, gctx->gcm.len.u[1] += bulk; bulk += res; } -# endif +#endif if (CRYPTO_gcm128_encrypt(&gctx->gcm, in + bulk, out + bulk, len - bulk)) return -1; @@ -1533,7 +1700,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } else { if (gctx->ctr) { size_t bulk = 0; -# if defined(AES_GCM_ASM) +#if defined(AES_GCM_ASM) if (len >= 16 && AES_GCM_ASM(gctx)) { size_t res = (16 - gctx->gcm.mres) % 16; @@ -1547,7 +1714,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, gctx->gcm.len.u[1] += bulk; bulk += res; } -# endif +#endif if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, in + bulk, out + bulk, @@ -1555,7 +1722,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return -1; } else { size_t bulk = 0; -# if defined(AES_GCM_ASM2) +#if defined(AES_GCM_ASM2) if (len >= 16 && AES_GCM_ASM2(gctx)) { size_t res = (16 - gctx->gcm.mres) % 16; @@ -1569,7 +1736,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, gctx->gcm.len.u[1] += bulk; bulk += res; } -# endif +#endif if (CRYPTO_gcm128_decrypt(&gctx->gcm, in + bulk, out + bulk, len - bulk)) return -1; @@ -1577,15 +1744,17 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } return len; } else { - if (!ctx->encrypt) { + if (!EVP_CIPHER_CTX_encrypting(ctx)) { if (gctx->taglen < 0) return -1; - if (CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen) != 0) + if (CRYPTO_gcm128_finish(&gctx->gcm, + EVP_CIPHER_CTX_buf_noconst(ctx), + gctx->taglen) != 0) return -1; gctx->iv_set = 0; return 0; } - CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16); + CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), 16); gctx->taglen = 16; /* Don't reuse the IV */ gctx->iv_set = 0; @@ -1594,27 +1763,24 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } -# define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ +#define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ | EVP_CIPH_CUSTOM_COPY) BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, - EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | - CUSTOM_FLAGS) + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM, - EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | - CUSTOM_FLAGS) + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM, - EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | - CUSTOM_FLAGS) + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { - EVP_AES_XTS_CTX *xctx = c->cipher_data; + EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,c); if (type == EVP_CTRL_COPY) { EVP_CIPHER_CTX *out = ptr; - EVP_AES_XTS_CTX *xctx_out = out->cipher_data; + EVP_AES_XTS_CTX *xctx_out = EVP_C_DATA(EVP_AES_XTS_CTX,out); if (xctx->xts.key1) { if (xctx->xts.key1 != &xctx->ks1) return 0; @@ -1637,75 +1803,90 @@ static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - EVP_AES_XTS_CTX *xctx = ctx->cipher_data; + EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); if (!iv && !key) return 1; if (key) do { -# ifdef AES_XTS_ASM +#ifdef AES_XTS_ASM xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt; -# else +#else xctx->stream = NULL; -# endif +#endif /* key_len is two AES keys */ -# ifdef HWAES_CAPABLE +#ifdef HWAES_CAPABLE if (HWAES_CAPABLE) { if (enc) { - HWAES_set_encrypt_key(key, ctx->key_len * 4, + HWAES_set_encrypt_key(key, + EVP_CIPHER_CTX_key_length(ctx) * 4, &xctx->ks1.ks); xctx->xts.block1 = (block128_f) HWAES_encrypt; +# ifdef HWAES_xts_encrypt + xctx->stream = HWAES_xts_encrypt; +# endif } else { - HWAES_set_decrypt_key(key, ctx->key_len * 4, + HWAES_set_decrypt_key(key, + EVP_CIPHER_CTX_key_length(ctx) * 4, &xctx->ks1.ks); xctx->xts.block1 = (block128_f) HWAES_decrypt; +# ifdef HWAES_xts_decrypt + xctx->stream = HWAES_xts_decrypt; +#endif } - HWAES_set_encrypt_key(key + ctx->key_len / 2, - ctx->key_len * 4, &xctx->ks2.ks); + HWAES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, + EVP_CIPHER_CTX_key_length(ctx) * 4, + &xctx->ks2.ks); xctx->xts.block2 = (block128_f) HWAES_encrypt; xctx->xts.key1 = &xctx->ks1; break; } else -# endif -# ifdef BSAES_CAPABLE +#endif +#ifdef BSAES_CAPABLE if (BSAES_CAPABLE) xctx->stream = enc ? bsaes_xts_encrypt : bsaes_xts_decrypt; else -# endif -# ifdef VPAES_CAPABLE +#endif +#ifdef VPAES_CAPABLE if (VPAES_CAPABLE) { if (enc) { - vpaes_set_encrypt_key(key, ctx->key_len * 4, + vpaes_set_encrypt_key(key, + EVP_CIPHER_CTX_key_length(ctx) * 4, &xctx->ks1.ks); xctx->xts.block1 = (block128_f) vpaes_encrypt; } else { - vpaes_set_decrypt_key(key, ctx->key_len * 4, + vpaes_set_decrypt_key(key, + EVP_CIPHER_CTX_key_length(ctx) * 4, &xctx->ks1.ks); xctx->xts.block1 = (block128_f) vpaes_decrypt; } - vpaes_set_encrypt_key(key + ctx->key_len / 2, - ctx->key_len * 4, &xctx->ks2.ks); + vpaes_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, + EVP_CIPHER_CTX_key_length(ctx) * 4, + &xctx->ks2.ks); xctx->xts.block2 = (block128_f) vpaes_encrypt; xctx->xts.key1 = &xctx->ks1; break; } else -# endif +#endif (void)0; /* terminate potentially open 'else' */ if (enc) { - AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); + AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, + &xctx->ks1.ks); xctx->xts.block1 = (block128_f) AES_encrypt; } else { - AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); + AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, + &xctx->ks1.ks); xctx->xts.block1 = (block128_f) AES_decrypt; } - AES_set_encrypt_key(key + ctx->key_len / 2, - ctx->key_len * 4, &xctx->ks2.ks); + AES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, + EVP_CIPHER_CTX_key_length(ctx) * 4, + &xctx->ks2.ks); xctx->xts.block2 = (block128_f) AES_encrypt; xctx->xts.key1 = &xctx->ks1; @@ -1713,7 +1894,7 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (iv) { xctx->xts.key2 = &xctx->ks2; - memcpy(ctx->iv, iv, 16); + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16); } return 1; @@ -1722,34 +1903,34 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - EVP_AES_XTS_CTX *xctx = ctx->cipher_data; + EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); if (!xctx->xts.key1 || !xctx->xts.key2) return 0; if (!out || !in || len < AES_BLOCK_SIZE) return 0; if (xctx->stream) (*xctx->stream) (in, out, len, - xctx->xts.key1, xctx->xts.key2, ctx->iv); - else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len, - ctx->encrypt)) + xctx->xts.key1, xctx->xts.key2, + EVP_CIPHER_CTX_iv_noconst(ctx)); + else if (CRYPTO_xts128_encrypt(&xctx->xts, EVP_CIPHER_CTX_iv_noconst(ctx), + in, out, len, + EVP_CIPHER_CTX_encrypting(ctx))) return 0; return 1; } -# define aes_xts_cleanup NULL +#define aes_xts_cleanup NULL -# define XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \ +#define XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ | EVP_CIPH_CUSTOM_COPY) -BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, - EVP_CIPH_FLAG_FIPS | XTS_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, - EVP_CIPH_FLAG_FIPS | XTS_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS) + BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS) static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { - EVP_AES_CCM_CTX *cctx = c->cipher_data; + EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,c); switch (type) { case EVP_CTRL_INIT: cctx->key_set = 0; @@ -1758,9 +1939,44 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) cctx->M = 12; cctx->tag_set = 0; cctx->len_set = 0; + cctx->tls_aad_len = -1; return 1; - case EVP_CTRL_CCM_SET_IVLEN: + case EVP_CTRL_AEAD_TLS1_AAD: + /* Save the AAD for later use */ + if (arg != EVP_AEAD_TLS1_AAD_LEN) + return 0; + memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); + cctx->tls_aad_len = arg; + { + uint16_t len = + EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8 + | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1]; + /* Correct length for explicit IV */ + if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN) + return 0; + len -= EVP_CCM_TLS_EXPLICIT_IV_LEN; + /* If decrypting correct for tag too */ + if (!EVP_CIPHER_CTX_encrypting(c)) { + if (len < cctx->M) + return 0; + len -= cctx->M; + } + EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8; + EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff; + } + /* Extra padding: tag appended to record */ + return cctx->M; + + case EVP_CTRL_CCM_SET_IV_FIXED: + /* Sanity check length */ + if (arg != EVP_CCM_TLS_FIXED_IV_LEN) + return 0; + /* Just copy to first part of IV */ + memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg); + return 1; + + case EVP_CTRL_AEAD_SET_IVLEN: arg = 15 - arg; case EVP_CTRL_CCM_SET_L: if (arg < 2 || arg > 8) @@ -1768,20 +1984,20 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) cctx->L = arg; return 1; - case EVP_CTRL_CCM_SET_TAG: + case EVP_CTRL_AEAD_SET_TAG: if ((arg & 1) || arg < 4 || arg > 16) return 0; - if (c->encrypt && ptr) + if (EVP_CIPHER_CTX_encrypting(c) && ptr) return 0; if (ptr) { cctx->tag_set = 1; - memcpy(c->buf, ptr, arg); + memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); } cctx->M = arg; return 1; - case EVP_CTRL_CCM_GET_TAG: - if (!c->encrypt || !cctx->tag_set) + case EVP_CTRL_AEAD_GET_TAG: + if (!EVP_CIPHER_CTX_encrypting(c) || !cctx->tag_set) return 0; if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg)) return 0; @@ -1793,7 +2009,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_COPY: { EVP_CIPHER_CTX *out = ptr; - EVP_AES_CCM_CTX *cctx_out = out->cipher_data; + EVP_AES_CCM_CTX *cctx_out = EVP_C_DATA(EVP_AES_CCM_CTX,out); if (cctx->ccm.key) { if (cctx->ccm.key != &cctx->ks) return 0; @@ -1811,14 +2027,15 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - EVP_AES_CCM_CTX *cctx = ctx->cipher_data; + EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); if (!iv && !key) return 1; if (key) do { -# ifdef HWAES_CAPABLE +#ifdef HWAES_CAPABLE if (HWAES_CAPABLE) { - HWAES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks); + HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &cctx->ks.ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, &cctx->ks, (block128_f) HWAES_encrypt); @@ -1826,43 +2043,101 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, cctx->key_set = 1; break; } else -# endif -# ifdef VPAES_CAPABLE +#endif +#ifdef VPAES_CAPABLE if (VPAES_CAPABLE) { - vpaes_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks); + vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &cctx->ks.ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, &cctx->ks, (block128_f) vpaes_encrypt); cctx->str = NULL; cctx->key_set = 1; break; } -# endif - AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks); +#endif + AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &cctx->ks.ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, &cctx->ks, (block128_f) AES_encrypt); cctx->str = NULL; cctx->key_set = 1; } while (0); if (iv) { - memcpy(ctx->iv, iv, 15 - cctx->L); + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L); cctx->iv_set = 1; } return 1; } +static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); + CCM128_CONTEXT *ccm = &cctx->ccm; + /* Encrypt/decrypt must be performed in place */ + if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M)) + return -1; + /* If encrypting set explicit IV from sequence number (start of AAD) */ + if (EVP_CIPHER_CTX_encrypting(ctx)) + memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx), + EVP_CCM_TLS_EXPLICIT_IV_LEN); + /* Get rest of IV from explicit IV */ + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx) + EVP_CCM_TLS_FIXED_IV_LEN, in, + EVP_CCM_TLS_EXPLICIT_IV_LEN); + /* Correct length value */ + len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M; + if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L, + len)) + return -1; + /* Use saved AAD */ + CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->tls_aad_len); + /* Fix buffer to point to payload */ + in += EVP_CCM_TLS_EXPLICIT_IV_LEN; + out += EVP_CCM_TLS_EXPLICIT_IV_LEN; + if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, + cctx->str) : + CRYPTO_ccm128_encrypt(ccm, in, out, len)) + return -1; + if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M)) + return -1; + return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M; + } else { + if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, + cctx->str) : + !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { + unsigned char tag[16]; + if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { + if (!CRYPTO_memcmp(tag, in + len, cctx->M)) + return len; + } + } + OPENSSL_cleanse(out, len); + return -1; + } +} + static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - EVP_AES_CCM_CTX *cctx = ctx->cipher_data; + EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); CCM128_CONTEXT *ccm = &cctx->ccm; /* If not set up, return error */ - if (!cctx->iv_set && !cctx->key_set) + if (!cctx->key_set) return -1; - if (!ctx->encrypt && !cctx->tag_set) + + if (cctx->tls_aad_len >= 0) + return aes_ccm_tls_cipher(ctx, out, in, len); + + if (!cctx->iv_set) + return -1; + + if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set) return -1; if (!out) { if (!in) { - if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) + if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), + 15 - cctx->L, len)) return -1; cctx->len_set = 1; return len; @@ -1878,11 +2153,12 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 0; /* If not set length yet do it */ if (!cctx->len_set) { - if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) + if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), + 15 - cctx->L, len)) return -1; cctx->len_set = 1; } - if (ctx->encrypt) { + if (EVP_CIPHER_CTX_encrypting(ctx)) { if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str) : CRYPTO_ccm128_encrypt(ccm, in, out, len)) @@ -1896,7 +2172,8 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { unsigned char tag[16]; if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { - if (!CRYPTO_memcmp(tag, ctx->buf, cctx->M)) + if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx), + cctx->M)) rv = len; } } @@ -1907,18 +2184,17 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, cctx->len_set = 0; return rv; } - } -# define aes_ccm_cleanup NULL +#define aes_ccm_cleanup NULL BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, - EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS) + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM, - EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS) + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM, - EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS) -#endif + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) + typedef struct { union { double align; @@ -1931,20 +2207,22 @@ typedef struct { static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - EVP_AES_WRAP_CTX *wctx = ctx->cipher_data; + EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx); if (!iv && !key) return 1; if (key) { - if (ctx->encrypt) - AES_set_encrypt_key(key, ctx->key_len * 8, &wctx->ks.ks); + if (EVP_CIPHER_CTX_encrypting(ctx)) + AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &wctx->ks.ks); else - AES_set_decrypt_key(key, ctx->key_len * 8, &wctx->ks.ks); + AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &wctx->ks.ks); if (!iv) wctx->iv = NULL; } if (iv) { - memcpy(ctx->iv, iv, 8); - wctx->iv = ctx->iv; + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, EVP_CIPHER_CTX_iv_length(ctx)); + wctx->iv = EVP_CIPHER_CTX_iv_noconst(ctx); } return 1; } @@ -1952,28 +2230,59 @@ static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inlen) { - EVP_AES_WRAP_CTX *wctx = ctx->cipher_data; + EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx); size_t rv; + /* AES wrap with padding has IV length of 4, without padding 8 */ + int pad = EVP_CIPHER_CTX_iv_length(ctx) == 4; + /* No final operation so always return zero length */ if (!in) return 0; - if (inlen % 8) + /* Input length must always be non-zero */ + if (!inlen) return -1; - if (ctx->encrypt && inlen < 8) + /* If decrypting need at least 16 bytes and multiple of 8 */ + if (!EVP_CIPHER_CTX_encrypting(ctx) && (inlen < 16 || inlen & 0x7)) return -1; - if (!ctx->encrypt && inlen < 16) + /* If not padding input must be multiple of 8 */ + if (!pad && inlen & 0x7) return -1; + if (is_partially_overlapping(out, in, inlen)) { + EVPerr(EVP_F_AES_WRAP_CIPHER, EVP_R_PARTIALLY_OVERLAPPING); + return 0; + } if (!out) { - if (ctx->encrypt) + if (EVP_CIPHER_CTX_encrypting(ctx)) { + /* If padding round up to multiple of 8 */ + if (pad) + inlen = (inlen + 7) / 8 * 8; + /* 8 byte prefix */ return inlen + 8; - else + } else { + /* + * If not padding output will be exactly 8 bytes smaller than + * input. If padding it will be at least 8 bytes smaller but we + * don't know how much. + */ return inlen - 8; + } + } + if (pad) { + if (EVP_CIPHER_CTX_encrypting(ctx)) + rv = CRYPTO_128_wrap_pad(&wctx->ks.ks, wctx->iv, + out, in, inlen, + (block128_f) AES_encrypt); + else + rv = CRYPTO_128_unwrap_pad(&wctx->ks.ks, wctx->iv, + out, in, inlen, + (block128_f) AES_decrypt); + } else { + if (EVP_CIPHER_CTX_encrypting(ctx)) + rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv, + out, in, inlen, (block128_f) AES_encrypt); + else + rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv, + out, in, inlen, (block128_f) AES_decrypt); } - if (ctx->encrypt) - rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv, out, in, inlen, - (block128_f) AES_encrypt); - else - rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv, out, in, inlen, - (block128_f) AES_decrypt); return rv ? (int)rv : -1; } @@ -2022,3 +2331,372 @@ const EVP_CIPHER *EVP_aes_256_wrap(void) { return &aes_256_wrap; } + +static const EVP_CIPHER aes_128_wrap_pad = { + NID_id_aes128_wrap_pad, + 8, 16, 4, WRAP_FLAGS, + aes_wrap_init_key, aes_wrap_cipher, + NULL, + sizeof(EVP_AES_WRAP_CTX), + NULL, NULL, NULL, NULL +}; + +const EVP_CIPHER *EVP_aes_128_wrap_pad(void) +{ + return &aes_128_wrap_pad; +} + +static const EVP_CIPHER aes_192_wrap_pad = { + NID_id_aes192_wrap_pad, + 8, 24, 4, WRAP_FLAGS, + aes_wrap_init_key, aes_wrap_cipher, + NULL, + sizeof(EVP_AES_WRAP_CTX), + NULL, NULL, NULL, NULL +}; + +const EVP_CIPHER *EVP_aes_192_wrap_pad(void) +{ + return &aes_192_wrap_pad; +} + +static const EVP_CIPHER aes_256_wrap_pad = { + NID_id_aes256_wrap_pad, + 8, 32, 4, WRAP_FLAGS, + aes_wrap_init_key, aes_wrap_cipher, + NULL, + sizeof(EVP_AES_WRAP_CTX), + NULL, NULL, NULL, NULL +}; + +const EVP_CIPHER *EVP_aes_256_wrap_pad(void) +{ + return &aes_256_wrap_pad; +} + +#ifndef OPENSSL_NO_OCB +static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +{ + EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c); + EVP_CIPHER_CTX *newc; + EVP_AES_OCB_CTX *new_octx; + + switch (type) { + case EVP_CTRL_INIT: + octx->key_set = 0; + octx->iv_set = 0; + octx->ivlen = EVP_CIPHER_CTX_iv_length(c); + octx->iv = EVP_CIPHER_CTX_iv_noconst(c); + octx->taglen = 16; + octx->data_buf_len = 0; + octx->aad_buf_len = 0; + return 1; + + case EVP_CTRL_AEAD_SET_IVLEN: + /* IV len must be 1 to 15 */ + if (arg <= 0 || arg > 15) + return 0; + + octx->ivlen = arg; + return 1; + + case EVP_CTRL_AEAD_SET_TAG: + if (!ptr) { + /* Tag len must be 0 to 16 */ + if (arg < 0 || arg > 16) + return 0; + + octx->taglen = arg; + return 1; + } + if (arg != octx->taglen || EVP_CIPHER_CTX_encrypting(c)) + return 0; + memcpy(octx->tag, ptr, arg); + return 1; + + case EVP_CTRL_AEAD_GET_TAG: + if (arg != octx->taglen || !EVP_CIPHER_CTX_encrypting(c)) + return 0; + + memcpy(ptr, octx->tag, arg); + return 1; + + case EVP_CTRL_COPY: + newc = (EVP_CIPHER_CTX *)ptr; + new_octx = EVP_C_DATA(EVP_AES_OCB_CTX,newc); + return CRYPTO_ocb128_copy_ctx(&new_octx->ocb, &octx->ocb, + &new_octx->ksenc.ks, + &new_octx->ksdec.ks); + + default: + return -1; + + } +} + +# ifdef HWAES_CAPABLE +# ifdef HWAES_ocb_encrypt +void HWAES_ocb_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); +# else +# define HWAES_ocb_encrypt ((ocb128_f)NULL) +# endif +# ifdef HWAES_ocb_decrypt +void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); +# else +# define HWAES_ocb_decrypt ((ocb128_f)NULL) +# endif +# endif + +static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); + if (!iv && !key) + return 1; + if (key) { + do { + /* + * We set both the encrypt and decrypt key here because decrypt + * needs both. We could possibly optimise to remove setting the + * decrypt for an encryption operation. + */ +# ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) { + HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &octx->ksenc.ks); + HWAES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &octx->ksdec.ks); + if (!CRYPTO_ocb128_init(&octx->ocb, + &octx->ksenc.ks, &octx->ksdec.ks, + (block128_f) HWAES_encrypt, + (block128_f) HWAES_decrypt, + enc ? HWAES_ocb_encrypt + : HWAES_ocb_decrypt)) + return 0; + break; + } +# endif +# ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { + vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &octx->ksenc.ks); + vpaes_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &octx->ksdec.ks); + if (!CRYPTO_ocb128_init(&octx->ocb, + &octx->ksenc.ks, &octx->ksdec.ks, + (block128_f) vpaes_encrypt, + (block128_f) vpaes_decrypt, + NULL)) + return 0; + break; + } +# endif + AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &octx->ksenc.ks); + AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &octx->ksdec.ks); + if (!CRYPTO_ocb128_init(&octx->ocb, + &octx->ksenc.ks, &octx->ksdec.ks, + (block128_f) AES_encrypt, + (block128_f) AES_decrypt, + NULL)) + return 0; + } + while (0); + + /* + * If we have an iv we can set it directly, otherwise use saved IV. + */ + if (iv == NULL && octx->iv_set) + iv = octx->iv; + if (iv) { + if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen) + != 1) + return 0; + octx->iv_set = 1; + } + octx->key_set = 1; + } else { + /* If key set use IV, otherwise copy */ + if (octx->key_set) + CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen); + else + memcpy(octx->iv, iv, octx->ivlen); + octx->iv_set = 1; + } + return 1; +} + +static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + unsigned char *buf; + int *buf_len; + int written_len = 0; + size_t trailing_len; + EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); + + /* If IV or Key not set then return error */ + if (!octx->iv_set) + return -1; + + if (!octx->key_set) + return -1; + + if (in != NULL) { + /* + * Need to ensure we are only passing full blocks to low level OCB + * routines. We do it here rather than in EVP_EncryptUpdate/ + * EVP_DecryptUpdate because we need to pass full blocks of AAD too + * and those routines don't support that + */ + + /* Are we dealing with AAD or normal data here? */ + if (out == NULL) { + buf = octx->aad_buf; + buf_len = &(octx->aad_buf_len); + } else { + buf = octx->data_buf; + buf_len = &(octx->data_buf_len); + + if (is_partially_overlapping(out + *buf_len, in, len)) { + EVPerr(EVP_F_AES_OCB_CIPHER, EVP_R_PARTIALLY_OVERLAPPING); + return 0; + } + } + + /* + * If we've got a partially filled buffer from a previous call then + * use that data first + */ + if (*buf_len > 0) { + unsigned int remaining; + + remaining = AES_BLOCK_SIZE - (*buf_len); + if (remaining > len) { + memcpy(buf + (*buf_len), in, len); + *(buf_len) += len; + return 0; + } + memcpy(buf + (*buf_len), in, remaining); + + /* + * If we get here we've filled the buffer, so process it + */ + len -= remaining; + in += remaining; + if (out == NULL) { + if (!CRYPTO_ocb128_aad(&octx->ocb, buf, AES_BLOCK_SIZE)) + return -1; + } else if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (!CRYPTO_ocb128_encrypt(&octx->ocb, buf, out, + AES_BLOCK_SIZE)) + return -1; + } else { + if (!CRYPTO_ocb128_decrypt(&octx->ocb, buf, out, + AES_BLOCK_SIZE)) + return -1; + } + written_len = AES_BLOCK_SIZE; + *buf_len = 0; + if (out != NULL) + out += AES_BLOCK_SIZE; + } + + /* Do we have a partial block to handle at the end? */ + trailing_len = len % AES_BLOCK_SIZE; + + /* + * If we've got some full blocks to handle, then process these first + */ + if (len != trailing_len) { + if (out == NULL) { + if (!CRYPTO_ocb128_aad(&octx->ocb, in, len - trailing_len)) + return -1; + } else if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (!CRYPTO_ocb128_encrypt + (&octx->ocb, in, out, len - trailing_len)) + return -1; + } else { + if (!CRYPTO_ocb128_decrypt + (&octx->ocb, in, out, len - trailing_len)) + return -1; + } + written_len += len - trailing_len; + in += len - trailing_len; + } + + /* Handle any trailing partial block */ + if (trailing_len > 0) { + memcpy(buf, in, trailing_len); + *buf_len = trailing_len; + } + + return written_len; + } else { + /* + * First of all empty the buffer of any partial block that we might + * have been provided - both for data and AAD + */ + if (octx->data_buf_len > 0) { + if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (!CRYPTO_ocb128_encrypt(&octx->ocb, octx->data_buf, out, + octx->data_buf_len)) + return -1; + } else { + if (!CRYPTO_ocb128_decrypt(&octx->ocb, octx->data_buf, out, + octx->data_buf_len)) + return -1; + } + written_len = octx->data_buf_len; + octx->data_buf_len = 0; + } + if (octx->aad_buf_len > 0) { + if (!CRYPTO_ocb128_aad + (&octx->ocb, octx->aad_buf, octx->aad_buf_len)) + return -1; + octx->aad_buf_len = 0; + } + /* If decrypting then verify */ + if (!EVP_CIPHER_CTX_encrypting(ctx)) { + if (octx->taglen < 0) + return -1; + if (CRYPTO_ocb128_finish(&octx->ocb, + octx->tag, octx->taglen) != 0) + return -1; + octx->iv_set = 0; + return written_len; + } + /* If encrypting then just get the tag */ + if (CRYPTO_ocb128_tag(&octx->ocb, octx->tag, 16) != 1) + return -1; + /* Don't reuse the IV */ + octx->iv_set = 0; + return written_len; + } +} + +static int aes_ocb_cleanup(EVP_CIPHER_CTX *c) +{ + EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c); + CRYPTO_ocb128_cleanup(&octx->ocb); + return 1; +} + +BLOCK_CIPHER_custom(NID_aes, 128, 16, 12, ocb, OCB, + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB, + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB, + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) +#endif /* OPENSSL_NO_OCB */ diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c b/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c index 6dfd590a..52c7c744 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -1,50 +1,10 @@ -/* ==================================================================== - * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. +/* + * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <openssl/opensslconf.h> @@ -52,31 +12,14 @@ #include <stdio.h> #include <string.h> -#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA1) - -# include <openssl/evp.h> -# include <openssl/objects.h> -# include <openssl/aes.h> -# include <openssl/sha.h> -# include <openssl/rand.h> -# include "modes_lcl.h" -# include "constant_time_locl.h" - -# ifndef EVP_CIPH_FLAG_AEAD_CIPHER -# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 -# define EVP_CTRL_AEAD_TLS1_AAD 0x16 -# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 -# endif - -# if !defined(EVP_CIPH_FLAG_DEFAULT_ASN1) -# define EVP_CIPH_FLAG_DEFAULT_ASN1 0 -# endif - -# if !defined(EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) -# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0 -# endif - -# define TLS1_1_VERSION 0x0302 +#include <openssl/evp.h> +#include <openssl/objects.h> +#include <openssl/aes.h> +#include <openssl/sha.h> +#include <openssl/rand.h> +#include "modes_lcl.h" +#include "internal/evp_int.h" +#include "internal/constant_time_locl.h" typedef struct { AES_KEY ks; @@ -88,15 +31,14 @@ typedef struct { } aux; } EVP_AES_HMAC_SHA1; -# define NO_PAYLOAD_LENGTH ((size_t)-1) +#define NO_PAYLOAD_LENGTH ((size_t)-1) -# if defined(AES_ASM) && ( \ +#if defined(AES_ASM) && ( \ defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) || \ - defined(__INTEL__) ) + defined(_M_AMD64) || defined(_M_X64) ) extern unsigned int OPENSSL_ia32cap_P[]; -# define AESNI_CAPABLE (1<<(57-32)) +# define AESNI_CAPABLE (1<<(57-32)) int aesni_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key); @@ -116,7 +58,7 @@ void aesni256_cbc_sha1_dec(const void *inp, void *out, size_t blocks, const AES_KEY *key, unsigned char iv[16], SHA_CTX *ctx, const void *in0); -# define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data) +# define data(ctx) ((EVP_AES_HMAC_SHA1 *)EVP_CIPHER_CTX_get_cipher_data(ctx)) static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *inkey, @@ -126,9 +68,13 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, int ret; if (enc) - ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks); + ret = aesni_set_encrypt_key(inkey, + EVP_CIPHER_CTX_key_length(ctx) * 8, + &key->ks); else - ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks); + ret = aesni_set_decrypt_key(inkey, + EVP_CIPHER_CTX_key_length(ctx) * 8, + &key->ks); SHA1_Init(&key->head); /* handy when benchmarking */ key->tail = key->head; @@ -139,12 +85,12 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, return ret < 0 ? 0 : 1; } -# define STITCHED_CALL -# undef STITCHED_DECRYPT_CALL +# define STITCHED_CALL +# undef STITCHED_DECRYPT_CALL -# if !defined(STITCHED_CALL) -# define aes_off 0 -# endif +# if !defined(STITCHED_CALL) +# define aes_off 0 +# endif void sha1_block_data_order(void *c, const void *p, size_t len); @@ -179,12 +125,12 @@ static void sha1_update(SHA_CTX *c, const void *data, size_t len) SHA1_Update(c, ptr, res); } -# ifdef SHA1_Update -# undef SHA1_Update -# endif -# define SHA1_Update sha1_update +# ifdef SHA1_Update +# undef SHA1_Update +# endif +# define SHA1_Update sha1_update -# if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK +# if !defined(OPENSSL_NO_MULTIBLOCK) typedef struct { unsigned int A[8], B[8], C[8], D[8], E[8]; @@ -223,9 +169,9 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, 0; size_t ret = 0; u8 *IVs; -# if defined(BSWAP8) +# if defined(BSWAP8) u64 seqnum; -# endif +# endif /* ask for IVs in bulk */ if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0) @@ -259,15 +205,15 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, IVs += 16; } -# if defined(BSWAP8) +# if defined(BSWAP8) memcpy(blocks[0].c, key->md.data, 8); seqnum = BSWAP8(blocks[0].q[0]); -# endif +# endif for (i = 0; i < x4; i++) { unsigned int len = (i == (x4 - 1) ? last : frag); -# if !defined(BSWAP8) +# if !defined(BSWAP8) unsigned int carry, j; -# endif +# endif ctx->A[i] = key->md.h0; ctx->B[i] = key->md.h1; @@ -276,14 +222,14 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, ctx->E[i] = key->md.h4; /* fix seqnum */ -# if defined(BSWAP8) +# if defined(BSWAP8) blocks[i].q[0] = BSWAP8(seqnum + i); -# else +# else for (carry = i, j = 8; j--;) { blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry; carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1); } -# endif +# endif blocks[i].c[8] = ((u8 *)key->md.data)[8]; blocks[i].c[9] = ((u8 *)key->md.data)[9]; blocks[i].c[10] = ((u8 *)key->md.data)[10]; @@ -302,10 +248,10 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, /* hash 13-byte headers and first 64-13 bytes of inputs */ sha1_multi_block(ctx, edges, n4x); /* hash bulk inputs */ -# define MAXCHUNKSIZE 2048 -# if MAXCHUNKSIZE%64 -# error "MAXCHUNKSIZE is not divisible by 64" -# elif MAXCHUNKSIZE +# define MAXCHUNKSIZE 2048 +# if MAXCHUNKSIZE%64 +# error "MAXCHUNKSIZE is not divisible by 64" +# elif MAXCHUNKSIZE /* * goal is to minimize pressure on L1 cache by moving in shorter steps, * so that hashed data is still in the cache by the time we encrypt it @@ -334,8 +280,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, minblocks -= MAXCHUNKSIZE / 64; } while (minblocks > MAXCHUNKSIZE / 64); } -# endif -# undef MAXCHUNKSIZE +# endif +# undef MAXCHUNKSIZE sha1_multi_block(ctx, hash_d, n4x); memset(blocks, 0, sizeof(blocks)); @@ -350,18 +296,18 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, len += 64 + 13; /* 64 is HMAC header */ len *= 8; /* convert to bits */ if (off < (64 - 8)) { -# ifdef BSWAP4 +# ifdef BSWAP4 blocks[i].d[15] = BSWAP4(len); -# else +# else PUTU32(blocks[i].c + 60, len); -# endif +# endif edges[i].blocks = 1; } else { -# ifdef BSWAP4 +# ifdef BSWAP4 blocks[i].d[31] = BSWAP4(len); -# else +# else PUTU32(blocks[i].c + 124, len); -# endif +# endif edges[i].blocks = 2; } edges[i].ptr = blocks[i].c; @@ -372,7 +318,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, memset(blocks, 0, sizeof(blocks)); for (i = 0; i < x4; i++) { -# ifdef BSWAP4 +# ifdef BSWAP4 blocks[i].d[0] = BSWAP4(ctx->A[i]); ctx->A[i] = key->tail.h0; blocks[i].d[1] = BSWAP4(ctx->B[i]); @@ -385,7 +331,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, ctx->E[i] = key->tail.h4; blocks[i].c[20] = 0x80; blocks[i].d[15] = BSWAP4((64 + 20) * 8); -# else +# else PUTU32(blocks[i].c + 0, ctx->A[i]); ctx->A[i] = key->tail.h0; PUTU32(blocks[i].c + 4, ctx->B[i]); @@ -398,7 +344,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, ctx->E[i] = key->tail.h4; blocks[i].c[20] = 0x80; PUTU32(blocks[i].c + 60, (64 + 20) * 8); -# endif +# endif edges[i].ptr = blocks[i].c; edges[i].blocks = 1; } @@ -451,7 +397,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, return ret; } -# endif +# endif static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) @@ -461,18 +407,18 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and * later */ sha_off = 0; -# if defined(STITCHED_CALL) +# if defined(STITCHED_CALL) size_t aes_off = 0, blocks; sha_off = SHA_CBLOCK - key->md.num; -# endif +# endif key->payload_length = NO_PAYLOAD_LENGTH; if (len % AES_BLOCK_SIZE) return 0; - if (ctx->encrypt) { + if (EVP_CIPHER_CTX_encrypting(ctx)) { if (plen == NO_PAYLOAD_LENGTH) plen = len; else if (len != @@ -482,13 +428,14 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, else if (key->aux.tls_ver >= TLS1_1_VERSION) iv = AES_BLOCK_SIZE; -# if defined(STITCHED_CALL) +# if defined(STITCHED_CALL) if (plen > (sha_off + iv) && (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) { SHA1_Update(&key->md, in + iv, sha_off); aesni_cbc_sha1_enc(in, out, blocks, &key->ks, - ctx->iv, &key->md, in + iv + sha_off); + EVP_CIPHER_CTX_iv_noconst(ctx), + &key->md, in + iv + sha_off); blocks *= SHA_CBLOCK; aes_off += blocks; sha_off += blocks; @@ -499,7 +446,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } else { sha_off = 0; } -# endif +# endif sha_off += iv; SHA1_Update(&key->md, in + sha_off, plen - sha_off); @@ -519,10 +466,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, out[plen] = l; /* encrypt HMAC|padding at once */ aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off, - &key->ks, ctx->iv, 1); + &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1); } else { aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off, - &key->ks, ctx->iv, 1); + &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1); } } else { union { @@ -541,10 +488,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned int u[SHA_LBLOCK]; unsigned char c[SHA_CBLOCK]; } *data = (void *)key->md.data; -# if defined(STITCHED_DECRYPT_CALL) +# if defined(STITCHED_DECRYPT_CALL) unsigned char tail_iv[AES_BLOCK_SIZE]; int stitch = 0; -# endif +# endif if ((key->aux.tls_aad[plen - 4] << 8 | key->aux.tls_aad[plen - 3]) >= TLS1_1_VERSION) { @@ -552,14 +499,15 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 0; /* omit explicit iv */ - memcpy(ctx->iv, in, AES_BLOCK_SIZE); + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), in, AES_BLOCK_SIZE); + in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; len -= AES_BLOCK_SIZE; } else if (len < (SHA_DIGEST_LENGTH + 1)) return 0; -# if defined(STITCHED_DECRYPT_CALL) +# if defined(STITCHED_DECRYPT_CALL) if (len >= 1024 && ctx->key_len == 32) { /* decrypt last block */ memcpy(tail_iv, in + len - 2 * AES_BLOCK_SIZE, @@ -569,9 +517,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, &key->ks, tail_iv, 0); stitch = 1; } else -# endif +# endif /* decrypt HMAC|padding at once */ - aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0); + aesni_cbc_encrypt(in, out, len, &key->ks, + EVP_CIPHER_CTX_iv_noconst(ctx), 0); /* figure out payload length */ pad = out[len - 1]; @@ -593,7 +542,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, key->md = key->head; SHA1_Update(&key->md, key->aux.tls_aad, plen); -# if defined(STITCHED_DECRYPT_CALL) +# if defined(STITCHED_DECRYPT_CALL) if (stitch) { blocks = (len - (256 + 32 + SHA_CBLOCK)) / SHA_CBLOCK; aes_off = len - AES_BLOCK_SIZE - blocks * SHA_CBLOCK; @@ -614,9 +563,9 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, key->md.Nl += (blocks << 3); /* at most 18 bits */ memcpy(ctx->iv, tail_iv, AES_BLOCK_SIZE); } -# endif +# endif -# if 1 +# if 1 len -= SHA_DIGEST_LENGTH; /* amend mac */ if (len >= (256 + SHA_CBLOCK)) { j = (len - (256 + SHA_CBLOCK)) & (0 - SHA_CBLOCK); @@ -629,15 +578,15 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, /* but pretend as if we hashed padded payload */ bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */ -# ifdef BSWAP4 +# ifdef BSWAP4 bitlen = BSWAP4(bitlen); -# else +# else mac.c[0] = 0; mac.c[1] = (unsigned char)(bitlen >> 16); mac.c[2] = (unsigned char)(bitlen >> 8); mac.c[3] = (unsigned char)bitlen; bitlen = mac.u[0]; -# endif +# endif pmac->u[0] = 0; pmac->u[1] = 0; @@ -694,13 +643,13 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, pmac->u[3] |= key->md.h3 & mask; pmac->u[4] |= key->md.h4 & mask; -# ifdef BSWAP4 +# ifdef BSWAP4 pmac->u[0] = BSWAP4(pmac->u[0]); pmac->u[1] = BSWAP4(pmac->u[1]); pmac->u[2] = BSWAP4(pmac->u[2]); pmac->u[3] = BSWAP4(pmac->u[3]); pmac->u[4] = BSWAP4(pmac->u[4]); -# else +# else for (i = 0; i < 5; i++) { res = pmac->u[i]; pmac->c[4 * i + 0] = (unsigned char)(res >> 24); @@ -708,9 +657,9 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, pmac->c[4 * i + 2] = (unsigned char)(res >> 8); pmac->c[4 * i + 3] = (unsigned char)res; } -# endif +# endif len += SHA_DIGEST_LENGTH; -# else +# else SHA1_Update(&key->md, out, inp_len); res = key->md.num; SHA1_Final(pmac->c, &key->md); @@ -729,7 +678,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, for (; inp_blocks < pad_blocks; inp_blocks++) sha1_block_data_order(&key->md, data, 1); } -# endif +# endif key->md = key->tail; SHA1_Update(&key->md, pmac->c, SHA_DIGEST_LENGTH); SHA1_Final(pmac->c, &key->md); @@ -737,7 +686,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, /* verify HMAC */ out += inp_len; len -= inp_len; -# if 1 +# if 1 { unsigned char *p = out + len - 1 - maxpad - SHA_DIGEST_LENGTH; size_t off = out - p; @@ -759,7 +708,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); ret &= (int)~res; } -# else +# else for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++) res |= out[i] ^ pmac->c[i]; res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); @@ -773,10 +722,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, res = (0 - res) >> (sizeof(res) * 8 - 1); ret &= (int)~res; -# endif +# endif return ret; } else { -# if defined(STITCHED_DECRYPT_CALL) +# if defined(STITCHED_DECRYPT_CALL) if (len >= 1024 && ctx->key_len == 32) { if (sha_off %= SHA_CBLOCK) blocks = (len - 3 * SHA_CBLOCK) / SHA_CBLOCK; @@ -799,9 +748,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (key->md.Nl < (unsigned int)blocks) key->md.Nh++; } else -# endif +# endif /* decrypt HMAC|padding at once */ - aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0); + aesni_cbc_encrypt(in, out, len, &key->ks, + EVP_CIPHER_CTX_iv_noconst(ctx), 0); SHA1_Update(&key->md, out, len); } @@ -852,10 +802,10 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, if (arg != EVP_AEAD_TLS1_AAD_LEN) return -1; - + len = p[arg - 2] << 8 | p[arg - 1]; - if (ctx->encrypt) { + if (EVP_CIPHER_CTX_encrypting(ctx)) { key->payload_length = len; if ((key->aux.tls_ver = p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { @@ -876,7 +826,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, return SHA_DIGEST_LENGTH; } } -# if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK +# if !defined(OPENSSL_NO_MULTIBLOCK) case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE: return (int)(5 + 16 + ((arg + 20 + 16) & -16)); case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: @@ -891,7 +841,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, inp_len = param->inp[11] << 8 | param->inp[12]; - if (ctx->encrypt) { + if (EVP_CIPHER_CTX_encrypting(ctx)) { if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION) return -1; @@ -939,19 +889,19 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, param->interleave / 4); } case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT: -# endif +# endif default: return -1; } } static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = { -# ifdef NID_aes_128_cbc_hmac_sha1 +# ifdef NID_aes_128_cbc_hmac_sha1 NID_aes_128_cbc_hmac_sha1, -# else +# else NID_undef, -# endif - 16, 16, 16, +# endif + AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE, EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, aesni_cbc_hmac_sha1_init_key, @@ -965,12 +915,12 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = { }; static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = { -# ifdef NID_aes_256_cbc_hmac_sha1 +# ifdef NID_aes_256_cbc_hmac_sha1 NID_aes_256_cbc_hmac_sha1, -# else +# else NID_undef, -# endif - 16, 32, 16, +# endif + AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE, EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, aesni_cbc_hmac_sha1_init_key, @@ -994,7 +944,7 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void) return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ? &aesni_256_cbc_hmac_sha1_cipher : NULL); } -# else +#else const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void) { return NULL; @@ -1004,5 +954,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void) { return NULL; } -# endif #endif diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c b/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c index 46c9d033..5a92e0b8 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -1,50 +1,10 @@ -/* ==================================================================== - * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. +/* + * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <openssl/opensslconf.h> @@ -52,31 +12,15 @@ #include <stdio.h> #include <string.h> -#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA256) - -# include <openssl/evp.h> -# include <openssl/objects.h> -# include <openssl/aes.h> -# include <openssl/sha.h> -# include <openssl/rand.h> -# include "modes_lcl.h" -# include "constant_time_locl.h" -# ifndef EVP_CIPH_FLAG_AEAD_CIPHER -# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 -# define EVP_CTRL_AEAD_TLS1_AAD 0x16 -# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 -# endif - -# if !defined(EVP_CIPH_FLAG_DEFAULT_ASN1) -# define EVP_CIPH_FLAG_DEFAULT_ASN1 0 -# endif - -# if !defined(EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) -# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0 -# endif - -# define TLS1_1_VERSION 0x0302 +#include <openssl/evp.h> +#include <openssl/objects.h> +#include <openssl/aes.h> +#include <openssl/sha.h> +#include <openssl/rand.h> +#include "modes_lcl.h" +#include "internal/constant_time_locl.h" +#include "internal/evp_int.h" typedef struct { AES_KEY ks; @@ -90,13 +34,12 @@ typedef struct { # define NO_PAYLOAD_LENGTH ((size_t)-1) -# if defined(AES_ASM) && ( \ +#if defined(AES_ASM) && ( \ defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) || \ - defined(__INTEL__) ) + defined(_M_AMD64) || defined(_M_X64) ) extern unsigned int OPENSSL_ia32cap_P[]; -# define AESNI_CAPABLE (1<<(57-32)) +# define AESNI_CAPABLE (1<<(57-32)) int aesni_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key); @@ -112,7 +55,7 @@ int aesni_cbc_sha256_enc(const void *inp, void *out, size_t blocks, const AES_KEY *key, unsigned char iv[16], SHA256_CTX *ctx, const void *in0); -# define data(ctx) ((EVP_AES_HMAC_SHA256 *)(ctx)->cipher_data) +# define data(ctx) ((EVP_AES_HMAC_SHA256 *)EVP_CIPHER_CTX_get_cipher_data(ctx)) static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *inkey, @@ -122,10 +65,13 @@ static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx, int ret; if (enc) - memset(&key->ks, 0, sizeof(key->ks.rd_key)), - ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks); + ret = aesni_set_encrypt_key(inkey, + EVP_CIPHER_CTX_key_length(ctx) * 8, + &key->ks); else - ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks); + ret = aesni_set_decrypt_key(inkey, + EVP_CIPHER_CTX_key_length(ctx) * 8, + &key->ks); SHA256_Init(&key->head); /* handy when benchmarking */ key->tail = key->head; @@ -136,11 +82,11 @@ static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx, return ret < 0 ? 0 : 1; } -# define STITCHED_CALL +# define STITCHED_CALL -# if !defined(STITCHED_CALL) -# define aes_off 0 -# endif +# if !defined(STITCHED_CALL) +# define aes_off 0 +# endif void sha256_block_data_order(void *c, const void *p, size_t len); @@ -175,12 +121,12 @@ static void sha256_update(SHA256_CTX *c, const void *data, size_t len) SHA256_Update(c, ptr, res); } -# ifdef SHA256_Update -# undef SHA256_Update -# endif -# define SHA256_Update sha256_update +# ifdef SHA256_Update +# undef SHA256_Update +# endif +# define SHA256_Update sha256_update -# if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK +# if !defined(OPENSSL_NO_MULTIBLOCK) typedef struct { unsigned int A[8], B[8], C[8], D[8], E[8], F[8], G[8], H[8]; @@ -219,9 +165,9 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, 0; size_t ret = 0; u8 *IVs; -# if defined(BSWAP8) +# if defined(BSWAP8) u64 seqnum; -# endif +# endif /* ask for IVs in bulk */ if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0) @@ -256,15 +202,15 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, IVs += 16; } -# if defined(BSWAP8) +# if defined(BSWAP8) memcpy(blocks[0].c, key->md.data, 8); seqnum = BSWAP8(blocks[0].q[0]); -# endif +# endif for (i = 0; i < x4; i++) { unsigned int len = (i == (x4 - 1) ? last : frag); -# if !defined(BSWAP8) +# if !defined(BSWAP8) unsigned int carry, j; -# endif +# endif ctx->A[i] = key->md.h[0]; ctx->B[i] = key->md.h[1]; @@ -276,14 +222,14 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, ctx->H[i] = key->md.h[7]; /* fix seqnum */ -# if defined(BSWAP8) +# if defined(BSWAP8) blocks[i].q[0] = BSWAP8(seqnum + i); -# else +# else for (carry = i, j = 8; j--;) { blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry; carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1); } -# endif +# endif blocks[i].c[8] = ((u8 *)key->md.data)[8]; blocks[i].c[9] = ((u8 *)key->md.data)[9]; blocks[i].c[10] = ((u8 *)key->md.data)[10]; @@ -302,10 +248,10 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, /* hash 13-byte headers and first 64-13 bytes of inputs */ sha256_multi_block(ctx, edges, n4x); /* hash bulk inputs */ -# define MAXCHUNKSIZE 2048 -# if MAXCHUNKSIZE%64 -# error "MAXCHUNKSIZE is not divisible by 64" -# elif MAXCHUNKSIZE +# define MAXCHUNKSIZE 2048 +# if MAXCHUNKSIZE%64 +# error "MAXCHUNKSIZE is not divisible by 64" +# elif MAXCHUNKSIZE /* * goal is to minimize pressure on L1 cache by moving in shorter steps, * so that hashed data is still in the cache by the time we encrypt it @@ -334,8 +280,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, minblocks -= MAXCHUNKSIZE / 64; } while (minblocks > MAXCHUNKSIZE / 64); } -# endif -# undef MAXCHUNKSIZE +# endif +# undef MAXCHUNKSIZE sha256_multi_block(ctx, hash_d, n4x); memset(blocks, 0, sizeof(blocks)); @@ -350,18 +296,18 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, len += 64 + 13; /* 64 is HMAC header */ len *= 8; /* convert to bits */ if (off < (64 - 8)) { -# ifdef BSWAP4 +# ifdef BSWAP4 blocks[i].d[15] = BSWAP4(len); -# else +# else PUTU32(blocks[i].c + 60, len); -# endif +# endif edges[i].blocks = 1; } else { -# ifdef BSWAP4 +# ifdef BSWAP4 blocks[i].d[31] = BSWAP4(len); -# else +# else PUTU32(blocks[i].c + 124, len); -# endif +# endif edges[i].blocks = 2; } edges[i].ptr = blocks[i].c; @@ -372,7 +318,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, memset(blocks, 0, sizeof(blocks)); for (i = 0; i < x4; i++) { -# ifdef BSWAP4 +# ifdef BSWAP4 blocks[i].d[0] = BSWAP4(ctx->A[i]); ctx->A[i] = key->tail.h[0]; blocks[i].d[1] = BSWAP4(ctx->B[i]); @@ -391,7 +337,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, ctx->H[i] = key->tail.h[7]; blocks[i].c[32] = 0x80; blocks[i].d[15] = BSWAP4((64 + 32) * 8); -# else +# else PUTU32(blocks[i].c + 0, ctx->A[i]); ctx->A[i] = key->tail.h[0]; PUTU32(blocks[i].c + 4, ctx->B[i]); @@ -410,7 +356,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, ctx->H[i] = key->tail.h[7]; blocks[i].c[32] = 0x80; PUTU32(blocks[i].c + 60, (64 + 32) * 8); -# endif +# endif edges[i].ptr = blocks[i].c; edges[i].blocks = 1; } @@ -466,7 +412,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, return ret; } -# endif +# endif static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, @@ -477,18 +423,18 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and * later */ sha_off = 0; -# if defined(STITCHED_CALL) +# if defined(STITCHED_CALL) size_t aes_off = 0, blocks; sha_off = SHA256_CBLOCK - key->md.num; -# endif +# endif key->payload_length = NO_PAYLOAD_LENGTH; if (len % AES_BLOCK_SIZE) return 0; - if (ctx->encrypt) { + if (EVP_CIPHER_CTX_encrypting(ctx)) { if (plen == NO_PAYLOAD_LENGTH) plen = len; else if (len != @@ -498,7 +444,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, else if (key->aux.tls_ver >= TLS1_1_VERSION) iv = AES_BLOCK_SIZE; -# if defined(STITCHED_CALL) +# if defined(STITCHED_CALL) /* * Assembly stitch handles AVX-capable processors, but its * performance is not optimal on AMD Jaguar, ~40% worse, for @@ -516,7 +462,8 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, SHA256_Update(&key->md, in + iv, sha_off); (void)aesni_cbc_sha256_enc(in, out, blocks, &key->ks, - ctx->iv, &key->md, in + iv + sha_off); + EVP_CIPHER_CTX_iv_noconst(ctx), + &key->md, in + iv + sha_off); blocks *= SHA256_CBLOCK; aes_off += blocks; sha_off += blocks; @@ -527,7 +474,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, } else { sha_off = 0; } -# endif +# endif sha_off += iv; SHA256_Update(&key->md, in + sha_off, plen - sha_off); @@ -547,10 +494,10 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, out[plen] = l; /* encrypt HMAC|padding at once */ aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off, - &key->ks, ctx->iv, 1); + &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1); } else { aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off, - &key->ks, ctx->iv, 1); + &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1); } } else { union { @@ -562,7 +509,8 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, pmac = (void *)(((size_t)mac.c + 63) & ((size_t)0 - 64)); /* decrypt HMAC|padding at once */ - aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0); + aesni_cbc_encrypt(in, out, len, &key->ks, + EVP_CIPHER_CTX_iv_noconst(ctx), 0); if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ size_t inp_len, mask, j, i; @@ -604,7 +552,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, key->md = key->head; SHA256_Update(&key->md, key->aux.tls_aad, plen); -# if 1 +# if 1 len -= SHA256_DIGEST_LENGTH; /* amend mac */ if (len >= (256 + SHA256_CBLOCK)) { j = (len - (256 + SHA256_CBLOCK)) & (0 - SHA256_CBLOCK); @@ -617,15 +565,15 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, /* but pretend as if we hashed padded payload */ bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */ -# ifdef BSWAP4 +# ifdef BSWAP4 bitlen = BSWAP4(bitlen); -# else +# else mac.c[0] = 0; mac.c[1] = (unsigned char)(bitlen >> 16); mac.c[2] = (unsigned char)(bitlen >> 8); mac.c[3] = (unsigned char)bitlen; bitlen = mac.u[0]; -# endif +# endif pmac->u[0] = 0; pmac->u[1] = 0; @@ -694,7 +642,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, pmac->u[6] |= key->md.h[6] & mask; pmac->u[7] |= key->md.h[7] & mask; -# ifdef BSWAP4 +# ifdef BSWAP4 pmac->u[0] = BSWAP4(pmac->u[0]); pmac->u[1] = BSWAP4(pmac->u[1]); pmac->u[2] = BSWAP4(pmac->u[2]); @@ -703,7 +651,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, pmac->u[5] = BSWAP4(pmac->u[5]); pmac->u[6] = BSWAP4(pmac->u[6]); pmac->u[7] = BSWAP4(pmac->u[7]); -# else +# else for (i = 0; i < 8; i++) { res = pmac->u[i]; pmac->c[4 * i + 0] = (unsigned char)(res >> 24); @@ -711,9 +659,9 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, pmac->c[4 * i + 2] = (unsigned char)(res >> 8); pmac->c[4 * i + 3] = (unsigned char)res; } -# endif +# endif len += SHA256_DIGEST_LENGTH; -# else +# else SHA256_Update(&key->md, out, inp_len); res = key->md.num; SHA256_Final(pmac->c, &key->md); @@ -732,7 +680,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, for (; inp_blocks < pad_blocks; inp_blocks++) sha1_block_data_order(&key->md, data, 1); } -# endif +# endif key->md = key->tail; SHA256_Update(&key->md, pmac->c, SHA256_DIGEST_LENGTH); SHA256_Final(pmac->c, &key->md); @@ -740,7 +688,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, /* verify HMAC */ out += inp_len; len -= inp_len; -# if 1 +# if 1 { unsigned char *p = out + len - 1 - maxpad - SHA256_DIGEST_LENGTH; @@ -763,7 +711,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); ret &= (int)~res; } -# else +# else for (res = 0, i = 0; i < SHA256_DIGEST_LENGTH; i++) res |= out[i] ^ pmac->c[i]; res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); @@ -777,7 +725,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, res = (0 - res) >> (sizeof(res) * 8 - 1); ret &= (int)~res; -# endif +# endif return ret; } else { SHA256_Update(&key->md, out, len); @@ -791,6 +739,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { EVP_AES_HMAC_SHA256 *key = data(ctx); + unsigned int u_arg = (unsigned int)arg; switch (type) { case EVP_CTRL_AEAD_SET_MAC_KEY: @@ -800,7 +749,10 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, memset(hmac_key, 0, sizeof(hmac_key)); - if (arg > (int)sizeof(hmac_key)) { + if (arg < 0) + return -1; + + if (u_arg > sizeof(hmac_key)) { SHA256_Init(&key->head); SHA256_Update(&key->head, ptr, arg); SHA256_Final(hmac_key, &key->head); @@ -830,7 +782,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, if (arg != EVP_AEAD_TLS1_AAD_LEN) return -1; - if (ctx->encrypt) { + if (EVP_CIPHER_CTX_encrypting(ctx)) { key->payload_length = len; if ((key->aux.tls_ver = p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { @@ -851,7 +803,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, return SHA256_DIGEST_LENGTH; } } -# if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK +# if !defined(OPENSSL_NO_MULTIBLOCK) case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE: return (int)(5 + 16 + ((arg + 32 + 16) & -16)); case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: @@ -861,12 +813,15 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, unsigned int n4x = 1, x4; unsigned int frag, last, packlen, inp_len; - if (arg < (int)sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)) + if (arg < 0) + return -1; + + if (u_arg < sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)) return -1; inp_len = param->inp[11] << 8 | param->inp[12]; - if (ctx->encrypt) { + if (EVP_CIPHER_CTX_encrypting(ctx)) { if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION) return -1; @@ -914,19 +869,19 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, param->interleave / 4); } case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT: -# endif +# endif default: return -1; } } static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = { -# ifdef NID_aes_128_cbc_hmac_sha256 +# ifdef NID_aes_128_cbc_hmac_sha256 NID_aes_128_cbc_hmac_sha256, -# else +# else NID_undef, -# endif - 16, 16, 16, +# endif + AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE, EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, aesni_cbc_hmac_sha256_init_key, @@ -940,12 +895,12 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = { }; static EVP_CIPHER aesni_256_cbc_hmac_sha256_cipher = { -# ifdef NID_aes_256_cbc_hmac_sha256 +# ifdef NID_aes_256_cbc_hmac_sha256 NID_aes_256_cbc_hmac_sha256, -# else +# else NID_undef, -# endif - 16, 32, 16, +# endif + AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE, EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, aesni_cbc_hmac_sha256_init_key, @@ -971,7 +926,7 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void) aesni_cbc_sha256_enc(NULL, NULL, 0, NULL, NULL, NULL, NULL) ? &aesni_256_cbc_hmac_sha256_cipher : NULL); } -# else +#else const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void) { return NULL; @@ -981,5 +936,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void) { return NULL; } -# endif #endif diff --git a/Cryptlib/OpenSSL/crypto/evp/e_bf.c b/Cryptlib/OpenSSL/crypto/evp/e_bf.c index d6a01782..dc386905 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_bf.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_bf.c @@ -1,66 +1,17 @@ -/* crypto/evp/e_bf.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_BF # include <openssl/evp.h> -# include "evp_locl.h" +# include "internal/evp_int.h" # include <openssl/objects.h> # include <openssl/blowfish.h> diff --git a/Cryptlib/OpenSSL/crypto/evp/e_camellia.c b/Cryptlib/OpenSSL/crypto/evp/e_camellia.c index f273f9c9..b50fa0b9 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_camellia.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_camellia.c @@ -1,66 +1,23 @@ -/* crypto/evp/e_camellia.c */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <openssl/opensslconf.h> -#ifndef OPENSSL_NO_CAMELLIA +#ifdef OPENSSL_NO_CAMELLIA +NON_EMPTY_TRANSLATION_UNIT +#else + # include <openssl/evp.h> # include <openssl/err.h> # include <string.h> # include <assert.h> # include <openssl/camellia.h> -# include "evp_locl.h" +# include "internal/evp_int.h" # include "modes_lcl.h" static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -119,10 +76,11 @@ static int cmll_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { int ret, mode, bits; - EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; + EVP_CAMELLIA_KEY *dat = + (EVP_CAMELLIA_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx); - mode = ctx->cipher->flags & EVP_CIPH_MODE; - bits = ctx->key_len * 8; + mode = EVP_CIPHER_CTX_mode(ctx); + bits = EVP_CIPHER_CTX_key_length(ctx) * 8; cmll_t4_set_key(key, bits, &dat->ks); @@ -248,24 +206,23 @@ const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \ BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) -# if 0 /* not yet, missing NID */ -BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags) -# endif + BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags) + /* The subkey for Camellia is generated. */ static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { int ret, mode; - EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; + EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); - ret = Camellia_set_key(key, ctx->key_len * 8, &dat->ks); + ret = Camellia_set_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, &dat->ks); if (ret < 0) { EVPerr(EVP_F_CAMELLIA_INIT_KEY, EVP_R_CAMELLIA_KEY_SETUP_FAILED); return 0; } - mode = ctx->cipher->flags & EVP_CIPH_MODE; + mode = EVP_CIPHER_CTX_mode(ctx); if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) { dat->block = (block128_f) Camellia_decrypt; @@ -283,14 +240,18 @@ static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; + EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); if (dat->stream.cbc) - (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, ctx->encrypt); - else if (ctx->encrypt) - CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, dat->block); + (*dat->stream.cbc) (in, out, len, &dat->ks, + EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_encrypting(ctx)); + else if (EVP_CIPHER_CTX_encrypting(ctx)) + CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, + EVP_CIPHER_CTX_iv_noconst(ctx), dat->block); else - CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, dat->block); + CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, + EVP_CIPHER_CTX_iv_noconst(ctx), dat->block); return 1; } @@ -298,9 +259,9 @@ static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - size_t bl = ctx->cipher->block_size; + size_t bl = EVP_CIPHER_CTX_block_size(ctx); size_t i; - EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; + EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); if (len < bl) return 1; @@ -314,81 +275,90 @@ static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int camellia_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; + EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); + int num = EVP_CIPHER_CTX_num(ctx); CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, - ctx->iv, &ctx->num, dat->block); + EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block); + EVP_CIPHER_CTX_set_num(ctx, num); return 1; } static int camellia_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; + EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); + int num = EVP_CIPHER_CTX_num(ctx); CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, - ctx->iv, &ctx->num, ctx->encrypt, dat->block); + EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block); + EVP_CIPHER_CTX_set_num(ctx, num); return 1; } static int camellia_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; + EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); + int num = EVP_CIPHER_CTX_num(ctx); CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, - ctx->iv, &ctx->num, ctx->encrypt, dat->block); + EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block); + EVP_CIPHER_CTX_set_num(ctx, num); return 1; } static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; + EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); - if (ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) { + if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) { + int num = EVP_CIPHER_CTX_num(ctx); CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, - ctx->iv, &ctx->num, ctx->encrypt, dat->block); + EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block); + EVP_CIPHER_CTX_set_num(ctx, num); return 1; } while (len >= MAXBITCHUNK) { + int num = EVP_CIPHER_CTX_num(ctx); CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, - ctx->iv, &ctx->num, ctx->encrypt, dat->block); + EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block); len -= MAXBITCHUNK; + EVP_CIPHER_CTX_set_num(ctx, num); } - if (len) + if (len) { + int num = EVP_CIPHER_CTX_num(ctx); CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, - ctx->iv, &ctx->num, ctx->encrypt, dat->block); + EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block); + EVP_CIPHER_CTX_set_num(ctx, num); + } return 1; } -# if 0 /* not yet, missing NID */ static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - unsigned int num = ctx->num; - EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; + unsigned int num = EVP_CIPHER_CTX_num(ctx); + EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); if (dat->stream.ctr) CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, - ctx->iv, ctx->buf, &num, dat->stream.ctr); + EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_buf_noconst(ctx), &num, + dat->stream.ctr); else CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, - ctx->iv, ctx->buf, &num, dat->block); - ctx->num = (size_t)num; + EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_buf_noconst(ctx), &num, + dat->block); + EVP_CIPHER_CTX_set_num(ctx, num); return 1; } -# endif BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0) BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0) BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0) -#else - -# ifdef PEDANTIC -static void *dummy = &dummy; -# endif - #endif diff --git a/Cryptlib/OpenSSL/crypto/evp/e_cast.c b/Cryptlib/OpenSSL/crypto/evp/e_cast.c index 3f745485..259d4405 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_cast.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_cast.c @@ -1,68 +1,19 @@ -/* crypto/evp/e_cast.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_CAST # include <openssl/evp.h> # include <openssl/objects.h> -# include "evp_locl.h" +# include "internal/evp_int.h" # include <openssl/cast.h> static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/Cryptlib/OpenSSL/crypto/evp/e_chacha20_poly1305.c b/Cryptlib/OpenSSL/crypto/evp/e_chacha20_poly1305.c new file mode 100644 index 00000000..7fd4f8df --- /dev/null +++ b/Cryptlib/OpenSSL/crypto/evp/e_chacha20_poly1305.c @@ -0,0 +1,454 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include "internal/cryptlib.h" + +#ifndef OPENSSL_NO_CHACHA + +# include <openssl/evp.h> +# include <openssl/objects.h> +# include "evp_locl.h" +# include "internal/evp_int.h" +# include "internal/chacha.h" + +typedef struct { + union { + double align; /* this ensures even sizeof(EVP_CHACHA_KEY)%8==0 */ + unsigned int d[CHACHA_KEY_SIZE / 4]; + } key; + unsigned int counter[CHACHA_CTR_SIZE / 4]; + unsigned char buf[CHACHA_BLK_SIZE]; + unsigned int partial_len; +} EVP_CHACHA_KEY; + +#define data(ctx) ((EVP_CHACHA_KEY *)(ctx)->cipher_data) + +static int chacha_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char user_key[CHACHA_KEY_SIZE], + const unsigned char iv[CHACHA_CTR_SIZE], int enc) +{ + EVP_CHACHA_KEY *key = data(ctx); + unsigned int i; + + if (user_key) + for (i = 0; i < CHACHA_KEY_SIZE; i+=4) { + key->key.d[i/4] = CHACHA_U8TOU32(user_key+i); + } + + if (iv) + for (i = 0; i < CHACHA_CTR_SIZE; i+=4) { + key->counter[i/4] = CHACHA_U8TOU32(iv+i); + } + + key->partial_len = 0; + + return 1; +} + +static int chacha_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, + const unsigned char *inp, size_t len) +{ + EVP_CHACHA_KEY *key = data(ctx); + unsigned int n, rem, ctr32; + + if ((n = key->partial_len)) { + while (len && n < CHACHA_BLK_SIZE) { + *out++ = *inp++ ^ key->buf[n++]; + len--; + } + key->partial_len = n; + + if (len == 0) + return 1; + + if (n == CHACHA_BLK_SIZE) { + key->partial_len = 0; + key->counter[0]++; + if (key->counter[0] == 0) + key->counter[1]++; + } + } + + rem = (unsigned int)(len % CHACHA_BLK_SIZE); + len -= rem; + ctr32 = key->counter[0]; + while (len >= CHACHA_BLK_SIZE) { + size_t blocks = len / CHACHA_BLK_SIZE; + /* + * 1<<28 is just a not-so-small yet not-so-large number... + * Below condition is practically never met, but it has to + * be checked for code correctness. + */ + if (sizeof(size_t)>sizeof(unsigned int) && blocks>(1U<<28)) + blocks = (1U<<28); + + /* + * As ChaCha20_ctr32 operates on 32-bit counter, caller + * has to handle overflow. 'if' below detects the + * overflow, which is then handled by limiting the + * amount of blocks to the exact overflow point... + */ + ctr32 += (unsigned int)blocks; + if (ctr32 < blocks) { + blocks -= ctr32; + ctr32 = 0; + } + blocks *= CHACHA_BLK_SIZE; + ChaCha20_ctr32(out, inp, blocks, key->key.d, key->counter); + len -= blocks; + inp += blocks; + out += blocks; + + key->counter[0] = ctr32; + if (ctr32 == 0) key->counter[1]++; + } + + if (rem) { + memset(key->buf, 0, sizeof(key->buf)); + ChaCha20_ctr32(key->buf, key->buf, CHACHA_BLK_SIZE, + key->key.d, key->counter); + for (n = 0; n < rem; n++) + out[n] = inp[n] ^ key->buf[n]; + key->partial_len = rem; + } + + return 1; +} + +static const EVP_CIPHER chacha20 = { + NID_chacha20, + 1, /* block_size */ + CHACHA_KEY_SIZE, /* key_len */ + CHACHA_CTR_SIZE, /* iv_len, 128-bit counter in the context */ + EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT, + chacha_init_key, + chacha_cipher, + NULL, + sizeof(EVP_CHACHA_KEY), + NULL, + NULL, + NULL, + NULL +}; + +const EVP_CIPHER *EVP_chacha20(void) +{ + return (&chacha20); +} + +# ifndef OPENSSL_NO_POLY1305 +# include "internal/poly1305.h" + +typedef struct { + EVP_CHACHA_KEY key; + unsigned int nonce[12/4]; + unsigned char tag[POLY1305_BLOCK_SIZE]; + struct { uint64_t aad, text; } len; + int aad, mac_inited, tag_len, nonce_len; + size_t tls_payload_length; +} EVP_CHACHA_AEAD_CTX; + +# define NO_TLS_PAYLOAD_LENGTH ((size_t)-1) +# define aead_data(ctx) ((EVP_CHACHA_AEAD_CTX *)(ctx)->cipher_data) +# define POLY1305_ctx(actx) ((POLY1305 *)(actx + 1)) + +static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *inkey, + const unsigned char *iv, int enc) +{ + EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); + + if (!inkey && !iv) + return 1; + + actx->len.aad = 0; + actx->len.text = 0; + actx->aad = 0; + actx->mac_inited = 0; + actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; + + if (iv != NULL) { + unsigned char temp[CHACHA_CTR_SIZE] = { 0 }; + + /* pad on the left */ + if (actx->nonce_len <= CHACHA_CTR_SIZE) + memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len); + + chacha_init_key(ctx, inkey, temp, enc); + + actx->nonce[0] = actx->key.counter[1]; + actx->nonce[1] = actx->key.counter[2]; + actx->nonce[2] = actx->key.counter[3]; + } else { + chacha_init_key(ctx, inkey, NULL, enc); + } + + return 1; +} + +static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); + size_t rem, plen = actx->tls_payload_length; + static const unsigned char zero[POLY1305_BLOCK_SIZE] = { 0 }; + + if (!actx->mac_inited) { + actx->key.counter[0] = 0; + memset(actx->key.buf, 0, sizeof(actx->key.buf)); + ChaCha20_ctr32(actx->key.buf, actx->key.buf, CHACHA_BLK_SIZE, + actx->key.key.d, actx->key.counter); + Poly1305_Init(POLY1305_ctx(actx), actx->key.buf); + actx->key.counter[0] = 1; + actx->key.partial_len = 0; + actx->len.aad = actx->len.text = 0; + actx->mac_inited = 1; + } + + if (in) { /* aad or text */ + if (out == NULL) { /* aad */ + Poly1305_Update(POLY1305_ctx(actx), in, len); + actx->len.aad += len; + actx->aad = 1; + return len; + } else { /* plain- or ciphertext */ + if (actx->aad) { /* wrap up aad */ + if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE)) + Poly1305_Update(POLY1305_ctx(actx), zero, + POLY1305_BLOCK_SIZE - rem); + actx->aad = 0; + } + + actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; + if (plen == NO_TLS_PAYLOAD_LENGTH) + plen = len; + else if (len != plen + POLY1305_BLOCK_SIZE) + return -1; + + if (ctx->encrypt) { /* plaintext */ + chacha_cipher(ctx, out, in, plen); + Poly1305_Update(POLY1305_ctx(actx), out, plen); + in += plen; + out += plen; + actx->len.text += plen; + } else { /* ciphertext */ + Poly1305_Update(POLY1305_ctx(actx), in, plen); + chacha_cipher(ctx, out, in, plen); + in += plen; + out += plen; + actx->len.text += plen; + } + } + } + if (in == NULL /* explicit final */ + || plen != len) { /* or tls mode */ + const union { + long one; + char little; + } is_endian = { 1 }; + unsigned char temp[POLY1305_BLOCK_SIZE]; + + if (actx->aad) { /* wrap up aad */ + if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE)) + Poly1305_Update(POLY1305_ctx(actx), zero, + POLY1305_BLOCK_SIZE - rem); + actx->aad = 0; + } + + if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE)) + Poly1305_Update(POLY1305_ctx(actx), zero, + POLY1305_BLOCK_SIZE - rem); + + if (is_endian.little) { + Poly1305_Update(POLY1305_ctx(actx), + (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE); + } else { + temp[0] = (unsigned char)(actx->len.aad); + temp[1] = (unsigned char)(actx->len.aad>>8); + temp[2] = (unsigned char)(actx->len.aad>>16); + temp[3] = (unsigned char)(actx->len.aad>>24); + temp[4] = (unsigned char)(actx->len.aad>>32); + temp[5] = (unsigned char)(actx->len.aad>>40); + temp[6] = (unsigned char)(actx->len.aad>>48); + temp[7] = (unsigned char)(actx->len.aad>>56); + + temp[8] = (unsigned char)(actx->len.text); + temp[9] = (unsigned char)(actx->len.text>>8); + temp[10] = (unsigned char)(actx->len.text>>16); + temp[11] = (unsigned char)(actx->len.text>>24); + temp[12] = (unsigned char)(actx->len.text>>32); + temp[13] = (unsigned char)(actx->len.text>>40); + temp[14] = (unsigned char)(actx->len.text>>48); + temp[15] = (unsigned char)(actx->len.text>>56); + + Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE); + } + Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag + : temp); + actx->mac_inited = 0; + + if (in != NULL && len != plen) { /* tls mode */ + if (ctx->encrypt) { + memcpy(out, actx->tag, POLY1305_BLOCK_SIZE); + } else { + if (CRYPTO_memcmp(temp, in, POLY1305_BLOCK_SIZE)) { + memset(out - plen, 0, plen); + return -1; + } + } + } + else if (!ctx->encrypt) { + if (CRYPTO_memcmp(temp, actx->tag, actx->tag_len)) + return -1; + } + } + return len; +} + +static int chacha20_poly1305_cleanup(EVP_CIPHER_CTX *ctx) +{ + EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); + if (actx) + OPENSSL_cleanse(ctx->cipher_data, sizeof(*actx) + Poly1305_ctx_size()); + return 1; +} + +static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + void *ptr) +{ + EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); + + switch(type) { + case EVP_CTRL_INIT: + if (actx == NULL) + actx = ctx->cipher_data + = OPENSSL_zalloc(sizeof(*actx) + Poly1305_ctx_size()); + if (actx == NULL) { + EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_INITIALIZATION_ERROR); + return 0; + } + actx->len.aad = 0; + actx->len.text = 0; + actx->aad = 0; + actx->mac_inited = 0; + actx->tag_len = 0; + actx->nonce_len = 12; + actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; + return 1; + + case EVP_CTRL_COPY: + if (actx) { + EVP_CIPHER_CTX *dst = (EVP_CIPHER_CTX *)ptr; + + dst->cipher_data = + OPENSSL_memdup(actx, sizeof(*actx) + Poly1305_ctx_size()); + if (dst->cipher_data == NULL) { + EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_COPY_ERROR); + return 0; + } + } + return 1; + + case EVP_CTRL_AEAD_SET_IVLEN: + if (arg <= 0 || arg > CHACHA_CTR_SIZE) + return 0; + actx->nonce_len = arg; + return 1; + + case EVP_CTRL_AEAD_SET_IV_FIXED: + if (arg != 12) + return 0; + actx->nonce[0] = actx->key.counter[1] + = CHACHA_U8TOU32((unsigned char *)ptr); + actx->nonce[1] = actx->key.counter[2] + = CHACHA_U8TOU32((unsigned char *)ptr+4); + actx->nonce[2] = actx->key.counter[3] + = CHACHA_U8TOU32((unsigned char *)ptr+8); + return 1; + + case EVP_CTRL_AEAD_SET_TAG: + if (arg <= 0 || arg > POLY1305_BLOCK_SIZE) + return 0; + if (ptr != NULL) { + memcpy(actx->tag, ptr, arg); + actx->tag_len = arg; + } + return 1; + + case EVP_CTRL_AEAD_GET_TAG: + if (arg <= 0 || arg > POLY1305_BLOCK_SIZE || !ctx->encrypt) + return 0; + memcpy(ptr, actx->tag, arg); + return 1; + + case EVP_CTRL_AEAD_TLS1_AAD: + if (arg != EVP_AEAD_TLS1_AAD_LEN) + return 0; + { + unsigned int len; + unsigned char *aad = ptr, temp[POLY1305_BLOCK_SIZE]; + + len = aad[EVP_AEAD_TLS1_AAD_LEN - 2] << 8 | + aad[EVP_AEAD_TLS1_AAD_LEN - 1]; + if (!ctx->encrypt) { + if (len < POLY1305_BLOCK_SIZE) + return 0; + len -= POLY1305_BLOCK_SIZE; /* discount attached tag */ + memcpy(temp, aad, EVP_AEAD_TLS1_AAD_LEN - 2); + aad = temp; + temp[EVP_AEAD_TLS1_AAD_LEN - 2] = (unsigned char)(len >> 8); + temp[EVP_AEAD_TLS1_AAD_LEN - 1] = (unsigned char)len; + } + actx->tls_payload_length = len; + + /* + * merge record sequence number as per RFC7905 + */ + actx->key.counter[1] = actx->nonce[0]; + actx->key.counter[2] = actx->nonce[1] ^ CHACHA_U8TOU32(aad); + actx->key.counter[3] = actx->nonce[2] ^ CHACHA_U8TOU32(aad+4); + actx->mac_inited = 0; + chacha20_poly1305_cipher(ctx, NULL, aad, EVP_AEAD_TLS1_AAD_LEN); + return POLY1305_BLOCK_SIZE; /* tag length */ + } + + case EVP_CTRL_AEAD_SET_MAC_KEY: + /* no-op */ + return 1; + + default: + return -1; + } +} + +static EVP_CIPHER chacha20_poly1305 = { + NID_chacha20_poly1305, + 1, /* block_size */ + CHACHA_KEY_SIZE, /* key_len */ + 12, /* iv_len, 96-bit nonce in the context */ + EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CUSTOM_IV | + EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | + EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER, + chacha20_poly1305_init_key, + chacha20_poly1305_cipher, + chacha20_poly1305_cleanup, + 0, /* 0 moves context-specific structure allocation to ctrl */ + NULL, /* set_asn1_parameters */ + NULL, /* get_asn1_parameters */ + chacha20_poly1305_ctrl, + NULL /* app_data */ +}; + +const EVP_CIPHER *EVP_chacha20_poly1305(void) +{ + return(&chacha20_poly1305); +} +# endif +#endif diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des.c b/Cryptlib/OpenSSL/crypto/evp/e_des.c index 8ca65cd0..9b2facfe 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_des.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_des.c @@ -1,67 +1,18 @@ -/* crypto/evp/e_des.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_DES # include <openssl/evp.h> # include <openssl/objects.h> -# include "evp_locl.h" +# include "internal/evp_int.h" # include <openssl/des.h> # include <openssl/rand.h> @@ -106,7 +57,8 @@ static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, { BLOCK_CIPHER_ecb_loop() DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), - ctx->cipher_data, ctx->encrypt); + EVP_CIPHER_CTX_get_cipher_data(ctx), + EVP_CIPHER_CTX_encrypting(ctx)); return 1; } @@ -114,37 +66,49 @@ static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { while (inl >= EVP_MAXCHUNK) { - DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, - (DES_cblock *)ctx->iv, &ctx->num); + int num = EVP_CIPHER_CTX_num(ctx); + DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, + EVP_CIPHER_CTX_get_cipher_data(ctx), + (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num); + EVP_CIPHER_CTX_set_num(ctx, num); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; out += EVP_MAXCHUNK; } - if (inl) - DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, - (DES_cblock *)ctx->iv, &ctx->num); + if (inl) { + int num = EVP_CIPHER_CTX_num(ctx); + DES_ofb64_encrypt(in, out, (long)inl, + EVP_CIPHER_CTX_get_cipher_data(ctx), + (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num); + EVP_CIPHER_CTX_set_num(ctx, num); + } return 1; } static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - EVP_DES_KEY *dat = (EVP_DES_KEY *) ctx->cipher_data; + EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx); if (dat->stream.cbc != NULL) { - (*dat->stream.cbc) (in, out, inl, &dat->ks.ks, ctx->iv); + (*dat->stream.cbc) (in, out, inl, &dat->ks.ks, + EVP_CIPHER_CTX_iv_noconst(ctx)); return 1; } while (inl >= EVP_MAXCHUNK) { - DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, - (DES_cblock *)ctx->iv, ctx->encrypt); + DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, + EVP_CIPHER_CTX_get_cipher_data(ctx), + (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_encrypting(ctx)); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; out += EVP_MAXCHUNK; } if (inl) - DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data, - (DES_cblock *)ctx->iv, ctx->encrypt); + DES_ncbc_encrypt(in, out, (long)inl, + EVP_CIPHER_CTX_get_cipher_data(ctx), + (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_encrypting(ctx)); return 1; } @@ -152,15 +116,24 @@ static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { while (inl >= EVP_MAXCHUNK) { - DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, - (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); + int num = EVP_CIPHER_CTX_num(ctx); + DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, + EVP_CIPHER_CTX_get_cipher_data(ctx), + (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num, + EVP_CIPHER_CTX_encrypting(ctx)); + EVP_CIPHER_CTX_set_num(ctx, num); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; out += EVP_MAXCHUNK; } - if (inl) - DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, - (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); + if (inl) { + int num = EVP_CIPHER_CTX_num(ctx); + DES_cfb64_encrypt(in, out, (long)inl, + EVP_CIPHER_CTX_get_cipher_data(ctx), + (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num, + EVP_CIPHER_CTX_encrypting(ctx)); + EVP_CIPHER_CTX_set_num(ctx, num); + } return 1; } @@ -180,8 +153,9 @@ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, while (inl && inl >= chunk) { for (n = 0; n < chunk * 8; ++n) { c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; - DES_cfb_encrypt(c, d, 1, 1, ctx->cipher_data, - (DES_cblock *)ctx->iv, ctx->encrypt); + DES_cfb_encrypt(c, d, 1, 1, EVP_CIPHER_CTX_get_cipher_data(ctx), + (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_encrypting(ctx)); out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) | ((d[0] & 0x80) >> (unsigned int)(n % 8)); @@ -200,15 +174,19 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { while (inl >= EVP_MAXCHUNK) { - DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, ctx->cipher_data, - (DES_cblock *)ctx->iv, ctx->encrypt); + DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, + EVP_CIPHER_CTX_get_cipher_data(ctx), + (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_encrypting(ctx)); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; out += EVP_MAXCHUNK; } if (inl) - DES_cfb_encrypt(in, out, 8, (long)inl, ctx->cipher_data, - (DES_cblock *)ctx->iv, ctx->encrypt); + DES_cfb_encrypt(in, out, 8, (long)inl, + EVP_CIPHER_CTX_get_cipher_data(ctx), + (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_encrypting(ctx)); return 1; } @@ -228,12 +206,12 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { DES_cblock *deskey = (DES_cblock *)key; - EVP_DES_KEY *dat = (EVP_DES_KEY *) ctx->cipher_data; + EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx); dat->stream.cbc = NULL; # if defined(SPARC_DES_CAPABLE) if (SPARC_DES_CAPABLE) { - int mode = ctx->cipher->flags & EVP_CIPH_MODE; + int mode = EVP_CIPHER_CTX_mode(ctx); if (mode == EVP_CIPH_CBC_MODE) { des_t4_key_expand(key, &dat->ks.ks); @@ -242,12 +220,7 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, } } # endif -# ifdef EVP_CHECK_DES_KEY - if (DES_set_key_checked(deskey, dat->ks.ks) != 0) - return 0; -# else - DES_set_key_unchecked(deskey, ctx->cipher_data); -# endif + DES_set_key_unchecked(deskey, EVP_CIPHER_CTX_get_cipher_data(ctx)); return 1; } diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des3.c b/Cryptlib/OpenSSL/crypto/evp/e_des3.c index 0e910d6d..da77936c 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_des3.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_des3.c @@ -1,73 +1,21 @@ -/* crypto/evp/e_des3.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_DES # include <openssl/evp.h> # include <openssl/objects.h> -# include "evp_locl.h" +# include "internal/evp_int.h" # include <openssl/des.h> # include <openssl/rand.h> - -/* Block use of implementations in FIPS mode */ -# undef EVP_CIPH_FLAG_FIPS -# define EVP_CIPH_FLAG_FIPS 0 +# include "evp_locl.h" typedef struct { union { @@ -107,7 +55,7 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); -# define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data) +# define data(ctx) EVP_C_DATA(DES_EDE_KEY,ctx) /* * Because of various casts and different args can't use @@ -121,7 +69,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, DES_ecb3_encrypt((const_DES_cblock *)(in + i), (DES_cblock *)(out + i), &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, ctx->encrypt); + &data(ctx)->ks3, EVP_CIPHER_CTX_encrypting(ctx)); return 1; } @@ -129,20 +77,26 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { while (inl >= EVP_MAXCHUNK) { + int num = EVP_CIPHER_CTX_num(ctx); DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, (DES_cblock *)ctx->iv, - &ctx->num); + &data(ctx)->ks3, + (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + &num); + EVP_CIPHER_CTX_set_num(ctx, num); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; out += EVP_MAXCHUNK; } - if (inl) + if (inl) { + int num = EVP_CIPHER_CTX_num(ctx); DES_ede3_ofb64_encrypt(in, out, (long)inl, &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, (DES_cblock *)ctx->iv, - &ctx->num); - + &data(ctx)->ks3, + (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + &num); + EVP_CIPHER_CTX_set_num(ctx, num); + } return 1; } @@ -151,26 +105,17 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, { DES_EDE_KEY *dat = data(ctx); -# ifdef KSSL_DEBUG - { - int i; - fprintf(stderr, "des_ede_cbc_cipher(ctx=%p, buflen=%d)\n", ctx, - ctx->buf_len); - fprintf(stderr, "\t iv= "); - for (i = 0; i < 8; i++) - fprintf(stderr, "%02X", ctx->iv[i]); - fprintf(stderr, "\n"); - } -# endif /* KSSL_DEBUG */ - if (dat->stream.cbc) { - (*dat->stream.cbc) (in, out, inl, dat->ks.ks, ctx->iv); + if (dat->stream.cbc != NULL) { + (*dat->stream.cbc) (in, out, inl, dat->ks.ks, + EVP_CIPHER_CTX_iv_noconst(ctx)); return 1; } while (inl >= EVP_MAXCHUNK) { DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &dat->ks1, &dat->ks2, &dat->ks3, - (DES_cblock *)ctx->iv, ctx->encrypt); + (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_encrypting(ctx)); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; out += EVP_MAXCHUNK; @@ -178,7 +123,8 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (inl) DES_ede3_cbc_encrypt(in, out, (long)inl, &dat->ks1, &dat->ks2, &dat->ks3, - (DES_cblock *)ctx->iv, ctx->encrypt); + (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_encrypting(ctx)); return 1; } @@ -186,19 +132,26 @@ static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { while (inl >= EVP_MAXCHUNK) { + int num = EVP_CIPHER_CTX_num(ctx); DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, (DES_cblock *)ctx->iv, - &ctx->num, ctx->encrypt); + &data(ctx)->ks3, + (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + &num, EVP_CIPHER_CTX_encrypting(ctx)); + EVP_CIPHER_CTX_set_num(ctx, num); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; out += EVP_MAXCHUNK; } - if (inl) + if (inl) { + int num = EVP_CIPHER_CTX_num(ctx); DES_ede3_cfb64_encrypt(in, out, (long)inl, &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, (DES_cblock *)ctx->iv, - &ctx->num, ctx->encrypt); + &data(ctx)->ks3, + (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + &num, EVP_CIPHER_CTX_encrypting(ctx)); + EVP_CIPHER_CTX_set_num(ctx, num); + } return 1; } @@ -212,12 +165,15 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, size_t n; unsigned char c[1], d[1]; + if (!EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) + inl *= 8; for (n = 0; n < inl; ++n) { c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; DES_ede3_cfb_encrypt(c, d, 1, 1, &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, (DES_cblock *)ctx->iv, - ctx->encrypt); + &data(ctx)->ks3, + (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_encrypting(ctx)); out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) | ((d[0] & 0x80) >> (unsigned int)(n % 8)); } @@ -231,8 +187,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, while (inl >= EVP_MAXCHUNK) { DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, (DES_cblock *)ctx->iv, - ctx->encrypt); + &data(ctx)->ks3, + (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_encrypting(ctx)); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; out += EVP_MAXCHUNK; @@ -240,8 +197,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (inl) DES_ede3_cfb_encrypt(in, out, 8, (long)inl, &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, (DES_cblock *)ctx->iv, - ctx->encrypt); + &data(ctx)->ks3, + (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_encrypting(ctx)); return 1; } @@ -253,19 +211,16 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, # define des_ede3_cbc_cipher des_ede_cbc_cipher # define des_ede3_ecb_cipher des_ede_ecb_cipher BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, - EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | - EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL, - des3_ctrl) + EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, + des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1, - EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | - EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, - NULL, des3_ctrl) + EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, + des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8, - EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | - EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, - NULL, des3_ctrl) + EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, + des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) @@ -276,7 +231,7 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, dat->stream.cbc = NULL; # if defined(SPARC_DES_CAPABLE) if (SPARC_DES_CAPABLE) { - int mode = ctx->cipher->flags & EVP_CIPH_MODE; + int mode = EVP_CIPHER_CTX_mode(ctx); if (mode == EVP_CIPH_CBC_MODE) { des_t4_key_expand(&deskey[0], &dat->ks1); @@ -288,14 +243,8 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, } } # endif -# ifdef EVP_CHECK_DES_KEY - if (DES_set_key_checked(&deskey[0], &dat->ks1) - || DES_set_key_checked(&deskey[1], &dat->ks2)) - return 0; -# else DES_set_key_unchecked(&deskey[0], &dat->ks1); DES_set_key_unchecked(&deskey[1], &dat->ks2); -# endif memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1)); return 1; } @@ -306,27 +255,10 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, DES_cblock *deskey = (DES_cblock *)key; DES_EDE_KEY *dat = data(ctx); -# ifdef KSSL_DEBUG - { - int i; - fprintf(stderr, "des_ede3_init_key(ctx=%p)\n", ctx); - fprintf(stderr, "\tKEY= "); - for (i = 0; i < 24; i++) - fprintf(stderr, "%02X", key[i]); - fprintf(stderr, "\n"); - if (iv) { - fprintf(stderr, "\t IV= "); - for (i = 0; i < 8; i++) - fprintf(stderr, "%02X", iv[i]); - fprintf(stderr, "\n"); - } - } -# endif /* KSSL_DEBUG */ - dat->stream.cbc = NULL; # if defined(SPARC_DES_CAPABLE) if (SPARC_DES_CAPABLE) { - int mode = ctx->cipher->flags & EVP_CIPH_MODE; + int mode = EVP_CIPHER_CTX_mode(ctx); if (mode == EVP_CIPH_CBC_MODE) { des_t4_key_expand(&deskey[0], &dat->ks1); @@ -338,32 +270,25 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, } } # endif -# ifdef EVP_CHECK_DES_KEY - if (DES_set_key_checked(&deskey[0], &dat->ks1) - || DES_set_key_checked(&deskey[1], &dat->ks2) - || DES_set_key_checked(&deskey[2], &dat->ks3)) - return 0; -# else DES_set_key_unchecked(&deskey[0], &dat->ks1); DES_set_key_unchecked(&deskey[1], &dat->ks2); DES_set_key_unchecked(&deskey[2], &dat->ks3); -# endif return 1; } -static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +static int des3_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { DES_cblock *deskey = ptr; switch (type) { case EVP_CTRL_RAND_KEY: - if (RAND_bytes(ptr, c->key_len) <= 0) + if (RAND_bytes(ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0) return 0; DES_set_odd_parity(deskey); - if (c->key_len >= 16) + if (EVP_CIPHER_CTX_key_length(ctx) >= 16) DES_set_odd_parity(deskey + 1); - if (c->key_len >= 24) + if (EVP_CIPHER_CTX_key_length(ctx) >= 24) DES_set_odd_parity(deskey + 2); return 1; @@ -382,9 +307,8 @@ const EVP_CIPHER *EVP_des_ede3(void) return &des_ede3_ecb; } -# ifndef OPENSSL_NO_SHA -# include <openssl/sha.h> +# include <openssl/sha.h> static const unsigned char wrap_iv[8] = { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 }; @@ -398,7 +322,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out, return -1; if (out == NULL) return inl - 16; - memcpy(ctx->iv, wrap_iv, 8); + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8); /* Decrypt first block which will end up as icv */ des_ede_cbc_cipher(ctx, icv, in, 8); /* Decrypt central blocks */ @@ -416,7 +340,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out, /* Reverse order of everything */ BUF_reverse(icv, NULL, 8); BUF_reverse(out, NULL, inl - 16); - BUF_reverse(ctx->iv, iv, 8); + BUF_reverse(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 8); /* Decrypt again using new IV */ des_ede_cbc_cipher(ctx, out, out, inl - 16); des_ede_cbc_cipher(ctx, icv, icv, 8); @@ -428,7 +352,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out, OPENSSL_cleanse(icv, 8); OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); OPENSSL_cleanse(iv, 8); - OPENSSL_cleanse(ctx->iv, 8); + OPENSSL_cleanse(EVP_CIPHER_CTX_iv_noconst(ctx), 8); if (rv == -1) OPENSSL_cleanse(out, inl - 16); @@ -448,13 +372,13 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out, memcpy(out + inl + 8, sha1tmp, 8); OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); /* Generate random IV */ - if (RAND_bytes(ctx->iv, 8) <= 0) + if (RAND_bytes(EVP_CIPHER_CTX_iv_noconst(ctx), 8) <= 0) return -1; - memcpy(out, ctx->iv, 8); + memcpy(out, EVP_CIPHER_CTX_iv_noconst(ctx), 8); /* Encrypt everything after IV in place */ des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8); BUF_reverse(out, NULL, inl + 16); - memcpy(ctx->iv, wrap_iv, 8); + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8); des_ede_cbc_cipher(ctx, out, out, inl + 16); return inl + 16; } @@ -469,7 +393,13 @@ static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, */ if (inl >= EVP_MAXCHUNK || inl % 8) return -1; - if (ctx->encrypt) + + if (is_partially_overlapping(out, in, inl)) { + EVPerr(EVP_F_DES_EDE3_WRAP_CIPHER, EVP_R_PARTIALLY_OVERLAPPING); + return 0; + } + + if (EVP_CIPHER_CTX_encrypting(ctx)) return des_ede3_wrap(ctx, out, in, inl); else return des_ede3_unwrap(ctx, out, in, inl); @@ -491,5 +421,4 @@ const EVP_CIPHER *EVP_des_ede3_wrap(void) return &des3_wrap; } -# endif #endif diff --git a/Cryptlib/OpenSSL/crypto/evp/e_idea.c b/Cryptlib/OpenSSL/crypto/evp/e_idea.c index cac72b33..93f6a413 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_idea.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_idea.c @@ -1,75 +1,32 @@ -/* crypto/evp/e_idea.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_IDEA # include <openssl/evp.h> # include <openssl/objects.h> -# include "evp_locl.h" +# include "internal/evp_int.h" # include <openssl/idea.h> +/* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */ + +typedef struct { + IDEA_KEY_SCHEDULE ks; +} EVP_IDEA_KEY; + static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); /* - * NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a + * NB IDEA_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a * special case */ @@ -77,21 +34,15 @@ static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { BLOCK_CIPHER_ecb_loop() - idea_ecb_encrypt(in + i, out + i, ctx->cipher_data); + IDEA_ecb_encrypt(in + i, out + i, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks); return 1; } -/* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */ - -typedef struct { - IDEA_KEY_SCHEDULE ks; -} EVP_IDEA_KEY; - -BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks) - BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks) - BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks) +BLOCK_CIPHER_func_cbc(idea, IDEA, EVP_IDEA_KEY, ks) +BLOCK_CIPHER_func_ofb(idea, IDEA, 64, EVP_IDEA_KEY, ks) +BLOCK_CIPHER_func_cfb(idea, IDEA, 64, EVP_IDEA_KEY, ks) - BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, +BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, 0, idea_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) @@ -105,12 +56,12 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, enc = 1; } if (enc) - idea_set_encrypt_key(key, ctx->cipher_data); + IDEA_set_encrypt_key(key, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks); else { IDEA_KEY_SCHEDULE tmp; - idea_set_encrypt_key(key, &tmp); - idea_set_decrypt_key(&tmp, ctx->cipher_data); + IDEA_set_encrypt_key(key, &tmp); + IDEA_set_decrypt_key(&tmp, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks); OPENSSL_cleanse((unsigned char *)&tmp, sizeof(IDEA_KEY_SCHEDULE)); } return 1; diff --git a/Cryptlib/OpenSSL/crypto/evp/e_null.c b/Cryptlib/OpenSSL/crypto/evp/e_null.c index 599fcb80..0dfc48ab 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_null.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_null.c @@ -1,65 +1,17 @@ -/* crypto/evp/e_null.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/evp.h> #include <openssl/objects.h> +#include "internal/evp_int.h" static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); @@ -67,8 +19,7 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl); static const EVP_CIPHER n_cipher = { NID_undef, - 1, 0, 0, - 0, + 1, 0, 0, 0, null_init_key, null_cipher, NULL, @@ -87,7 +38,6 @@ const EVP_CIPHER *EVP_enc_null(void) static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - /* memset(&(ctx->c),0,sizeof(ctx->c)); */ return 1; } @@ -95,6 +45,6 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { if (in != out) - memcpy((char *)out, (const char *)in, inl); + memcpy(out, in, inl); return 1; } diff --git a/Cryptlib/OpenSSL/crypto/evp/e_old.c b/Cryptlib/OpenSSL/crypto/evp/e_old.c index a23d143b..927908f8 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_old.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_old.c @@ -1,64 +1,15 @@ -/* crypto/evp/e_old.c */ /* - * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project - * 2004. - */ -/* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#ifdef OPENSSL_NO_DEPRECATED -static void *dummy = &dummy; +#include <openssl/opensslconf.h> +#if OPENSSL_API_COMPAT >= 0x00908000L +NON_EMPTY_TRANSLATION_UNIT #else # include <openssl/evp.h> @@ -138,27 +89,25 @@ const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) } # endif -# ifndef OPENSSL_NO_AES -# undef EVP_aes_128_cfb +# undef EVP_aes_128_cfb const EVP_CIPHER *EVP_aes_128_cfb(void); const EVP_CIPHER *EVP_aes_128_cfb(void) { return EVP_aes_128_cfb128(); } -# undef EVP_aes_192_cfb +# undef EVP_aes_192_cfb const EVP_CIPHER *EVP_aes_192_cfb(void); const EVP_CIPHER *EVP_aes_192_cfb(void) { return EVP_aes_192_cfb128(); } -# undef EVP_aes_256_cfb +# undef EVP_aes_256_cfb const EVP_CIPHER *EVP_aes_256_cfb(void); const EVP_CIPHER *EVP_aes_256_cfb(void) { return EVP_aes_256_cfb128(); } -# endif #endif diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc2.c b/Cryptlib/OpenSSL/crypto/evp/e_rc2.c index 718cc869..ed10bb33 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_rc2.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_rc2.c @@ -1,69 +1,20 @@ -/* crypto/evp/e_rc2.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_RC2 # include <openssl/evp.h> # include <openssl/objects.h> -# include "evp_locl.h" +# include "internal/evp_int.h" # include <openssl/rc2.h> static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -79,7 +30,7 @@ typedef struct { RC2_KEY ks; /* key schedule */ } EVP_RC2_KEY; -# define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data) +# define data(ctx) EVP_C_DATA(EVP_RC2_KEY,ctx) IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2, 8, @@ -179,16 +130,17 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) OPENSSL_assert(l <= sizeof(iv)); i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l); if (i != (int)l) - return (-1); + return -1; key_bits = rc2_magic_to_meth((int)num); if (!key_bits) - return (-1); + return -1; if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1)) return -1; EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); - EVP_CIPHER_CTX_set_key_length(c, key_bits / 8); + if (EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0) + return -1; } - return (i); + return i; } static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) @@ -199,7 +151,9 @@ static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { num = rc2_meth_to_magic(c); j = EVP_CIPHER_CTX_iv_length(c); - i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j); + i = ASN1_TYPE_set_int_octetstring(type, num, + (unsigned char *)EVP_CIPHER_CTX_original_iv(c), + j); } return (i); } diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc4.c b/Cryptlib/OpenSSL/crypto/evp/e_rc4.c index 08e48f39..ea95deab 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_rc4.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_rc4.c @@ -1,79 +1,28 @@ -/* crypto/evp/e_rc4.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_RC4 # include <openssl/evp.h> -# include "evp_locl.h" # include <openssl/objects.h> # include <openssl/rc4.h> -/* FIXME: surely this is available elsewhere? */ -# define EVP_RC4_KEY_SIZE 16 +# include "internal/evp_int.h" typedef struct { RC4_KEY ks; /* working key */ } EVP_RC4_KEY; -# define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data) +# define data(ctx) ((EVP_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx)) static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc4_hmac_md5.c b/Cryptlib/OpenSSL/crypto/evp/e_rc4_hmac_md5.c index 93cfe3f1..8ab18c14 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_rc4_hmac_md5.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_rc4_hmac_md5.c @@ -1,50 +1,10 @@ -/* ==================================================================== - * Copyright (c) 2011 The OpenSSL Project. All rights reserved. +/* + * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <openssl/opensslconf.h> @@ -59,15 +19,7 @@ # include <openssl/objects.h> # include <openssl/rc4.h> # include <openssl/md5.h> - -# ifndef EVP_CIPH_FLAG_AEAD_CIPHER -# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 -# define EVP_CTRL_AEAD_TLS1_AAD 0x16 -# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 -# endif - -/* FIXME: surely this is available elsewhere? */ -# define EVP_RC4_KEY_SIZE 16 +# include "internal/evp_int.h" typedef struct { RC4_KEY ks; @@ -80,7 +32,7 @@ typedef struct { void rc4_md5_enc(RC4_KEY *key, const void *in0, void *out, MD5_CTX *ctx, const void *inp, size_t blocks); -# define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data) +# define data(ctx) ((EVP_RC4_HMAC_MD5 *)EVP_CIPHER_CTX_get_cipher_data(ctx)) static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *inkey, @@ -101,9 +53,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, # if defined(RC4_ASM) && defined(MD5_ASM) && ( \ defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) || \ - defined(__INTEL__) ) && \ - !(defined(__APPLE__) && defined(__MACH__)) + defined(_M_AMD64) || defined(_M_X64) ) # define STITCHED_CALL # endif @@ -128,7 +78,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH)) return 0; - if (ctx->encrypt) { + if (EVP_CIPHER_CTX_encrypting(ctx)) { if (plen == NO_PAYLOAD_LENGTH) plen = len; # if defined(STITCHED_CALL) @@ -268,7 +218,7 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, len = p[arg - 2] << 8 | p[arg - 1]; - if (!ctx->encrypt) { + if (!EVP_CIPHER_CTX_encrypting(ctx)) { if (len < MD5_DIGEST_LENGTH) return -1; len -= MD5_DIGEST_LENGTH; diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc5.c b/Cryptlib/OpenSSL/crypto/evp/e_rc5.c index f17e99d0..f69ba5b2 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_rc5.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_rc5.c @@ -1,67 +1,19 @@ -/* crypto/evp/e_rc5.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_RC5 # include <openssl/evp.h> +# include <internal/evp_int.h> # include <openssl/objects.h> # include "evp_locl.h" # include <openssl/rc5.h> @@ -102,7 +54,7 @@ static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 1; default: - EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); + EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS); return 0; } diff --git a/Cryptlib/OpenSSL/crypto/evp/e_seed.c b/Cryptlib/OpenSSL/crypto/evp/e_seed.c index 3d01eaca..40aec5fc 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_seed.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_seed.c @@ -1,66 +1,22 @@ -/* crypto/evp/e_seed.c */ -/* ==================================================================== - * Copyright (c) 2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <openssl/opensslconf.h> -#ifndef OPENSSL_NO_SEED +#ifdef OPENSSL_NO_SEED +NON_EMPTY_TRANSLATION_UNIT +#else # include <openssl/evp.h> # include <openssl/err.h> # include <string.h> # include <assert.h> # include <openssl/seed.h> -# include "evp_locl.h" +# include "internal/evp_int.h" static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); @@ -76,7 +32,7 @@ IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed, static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - SEED_set_key(key, ctx->cipher_data); + SEED_set_key(key, &EVP_C_DATA(EVP_SEED_KEY,ctx)->ks); return 1; } diff --git a/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c b/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c index 3430df9e..effaf5cc 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c @@ -1,69 +1,20 @@ -/* crypto/evp/e_xcbc_d.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_DES # include <openssl/evp.h> # include <openssl/objects.h> -# include "evp_locl.h" +# include "internal/evp_int.h" # include <openssl/des.h> static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -77,7 +28,7 @@ typedef struct { DES_cblock outw; } DESX_CBC_KEY; -# define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data) +# define data(ctx) EVP_C_DATA(DESX_CBC_KEY,ctx) static const EVP_CIPHER d_xcbc_cipher = { NID_desx_cbc, @@ -115,16 +66,18 @@ static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, { while (inl >= EVP_MAXCHUNK) { DES_xcbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks, - (DES_cblock *)&(ctx->iv[0]), - &data(ctx)->inw, &data(ctx)->outw, ctx->encrypt); + (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + &data(ctx)->inw, &data(ctx)->outw, + EVP_CIPHER_CTX_encrypting(ctx)); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; out += EVP_MAXCHUNK; } if (inl) DES_xcbc_encrypt(in, out, (long)inl, &data(ctx)->ks, - (DES_cblock *)&(ctx->iv[0]), - &data(ctx)->inw, &data(ctx)->outw, ctx->encrypt); + (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), + &data(ctx)->inw, &data(ctx)->outw, + EVP_CIPHER_CTX_encrypting(ctx)); return 1; } #endif diff --git a/Cryptlib/OpenSSL/crypto/evp/encode.c b/Cryptlib/OpenSSL/crypto/evp/encode.c index c6c775e0..abb10443 100644 --- a/Cryptlib/OpenSSL/crypto/evp/encode.c +++ b/Cryptlib/OpenSSL/crypto/evp/encode.c @@ -1,65 +1,17 @@ -/* crypto/evp/encode.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> #include <limits.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/evp.h> +#include "evp_locl.h" static unsigned char conv_ascii2bin(unsigned char a); #ifndef CHARSET_EBCDIC @@ -103,7 +55,7 @@ abcdefghijklmnopqrstuvwxyz0123456789+/"; #define B64_WS 0xE0 #define B64_ERROR 0xFF #define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3) -#define B64_BASE64(a) !B64_NOT_BASE64(a) +#define B64_BASE64(a) (!B64_NOT_BASE64(a)) static const unsigned char data_ascii2bin[128] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -141,6 +93,28 @@ static unsigned char conv_ascii2bin(unsigned char a) } #endif +EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void) +{ + return OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX)); +} + +void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx) +{ + OPENSSL_free(ctx); +} + +int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx) +{ + memcpy(dctx, sctx, sizeof(EVP_ENCODE_CTX)); + + return 1; +} + +int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx) +{ + return ctx->num; +} + void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) { ctx->length = 48; @@ -148,7 +122,7 @@ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) ctx->line_num = 0; } -void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, +int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { int i, j; @@ -156,12 +130,12 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, *outl = 0; if (inl <= 0) - return; + return 0; OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); if (ctx->length - ctx->num > inl) { memcpy(&(ctx->enc_data[ctx->num]), in, inl); ctx->num += inl; - return; + return 1; } if (ctx->num != 0) { i = ctx->length - ctx->num; @@ -187,12 +161,14 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, if (total > INT_MAX) { /* Too much output data! */ *outl = 0; - return; + return 0; } if (inl != 0) memcpy(&(ctx->enc_data[0]), in, inl); ctx->num = inl; *outl = total; + + return 1; } void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) @@ -426,35 +402,3 @@ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) } else return (1); } - -#ifdef undef -int EVP_DecodeValid(unsigned char *buf, int len) -{ - int i, num = 0, bad = 0; - - if (len == 0) - return (-1); - while (conv_ascii2bin(*buf) == B64_WS) { - buf++; - len--; - if (len == 0) - return (-1); - } - - for (i = len; i >= 4; i -= 4) { - if ((conv_ascii2bin(buf[0]) >= 0x40) || - (conv_ascii2bin(buf[1]) >= 0x40) || - (conv_ascii2bin(buf[2]) >= 0x40) || - (conv_ascii2bin(buf[3]) >= 0x40)) - return (-1); - buf += 4; - num += 1 + (buf[2] != '=') + (buf[3] != '='); - } - if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN)) - return (num); - if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) && - (conv_ascii2bin(buf[0]) == B64_EOLN)) - return (num); - return (1); -} -#endif diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c deleted file mode 100644 index 9703116e..00000000 --- a/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c +++ /dev/null @@ -1,73 +0,0 @@ -/* evp_acnf.c */ -/* - * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project - * 2001. - */ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "cryptlib.h" -#include <openssl/evp.h> -#include <openssl/conf.h> - -/* - * Load all algorithms and configure OpenSSL. This function is called - * automatically when OPENSSL_LOAD_CONF is set. - */ - -void OPENSSL_add_all_algorithms_conf(void) -{ - OPENSSL_add_all_algorithms_noconf(); - OPENSSL_config(NULL); -} diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c index 6fd3a6da..71d13b8d 100644 --- a/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c +++ b/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c @@ -1,73 +1,19 @@ -/* evp_cnf.c */ /* - * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project - * 2007. - */ -/* ==================================================================== - * Copyright (c) 2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> #include <ctype.h> #include <openssl/crypto.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/conf.h> -#include <openssl/dso.h> #include <openssl/x509.h> #include <openssl/x509v3.h> -#ifdef OPENSSL_FIPS -# include <openssl/fips.h> -#endif /* Algorithm configuration module. */ @@ -77,14 +23,15 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) const char *oid_section; STACK_OF(CONF_VALUE) *sktmp; CONF_VALUE *oval; + oid_section = CONF_imodule_get_value(md); - if (!(sktmp = NCONF_get_section(cnf, oid_section))) { + if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) { EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION); return 0; } for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { oval = sk_CONF_VALUE_value(sktmp, i); - if (!strcmp(oval->name, "fips_mode")) { + if (strcmp(oval->name, "fips_mode") == 0) { int m; if (!X509V3_get_value_bool(oval, &m)) { EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE); diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c index 0e40f09f..f829e8dc 100644 --- a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c +++ b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c @@ -1,101 +1,56 @@ -/* crypto/evp/evp_enc.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include <assert.h> +#include "internal/cryptlib.h" #include <openssl/evp.h> #include <openssl/err.h> #include <openssl/rand.h> -#ifndef OPENSSL_NO_ENGINE -# include <openssl/engine.h> -#endif -#ifdef OPENSSL_FIPS -# include <openssl/fips.h> -#endif +#include <openssl/engine.h> +#include "internal/evp_int.h" #include "evp_locl.h" -#ifdef OPENSSL_FIPS -# define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl) -#else -# define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl) +int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c) +{ + if (c == NULL) + return 1; + if (c->cipher != NULL) { + if (c->cipher->cleanup && !c->cipher->cleanup(c)) + return 0; + /* Cleanse cipher context data */ + if (c->cipher_data && c->cipher->ctx_size) + OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); + } + OPENSSL_free(c->cipher_data); +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(c->engine); #endif + memset(c, 0, sizeof(*c)); + return 1; +} -const char EVP_version[] = "EVP" OPENSSL_VERSION_PTEXT; - -void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { - memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); - /* ctx->cipher=NULL; */ + return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX)); } -EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) { - EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx); - if (ctx) - EVP_CIPHER_CTX_init(ctx); - return ctx; + EVP_CIPHER_CTX_reset(ctx); + OPENSSL_free(ctx); } int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, int enc) { - if (cipher) - EVP_CIPHER_CTX_init(ctx); + EVP_CIPHER_CTX_reset(ctx); return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc); } @@ -115,12 +70,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so * this context may already have an ENGINE! Try to avoid releasing the * previous handle, re-querying for an ENGINE, and having a - * reinitialisation, when it may all be unecessary. + * reinitialisation, when it may all be unnecessary. */ - if (ctx->engine && ctx->cipher && (!cipher || - (cipher - && (cipher->nid == - ctx->cipher->nid)))) + if (ctx->engine && ctx->cipher + && (cipher == NULL || cipher->nid == ctx->cipher->nid)) goto skip_to_init; #endif if (cipher) { @@ -131,7 +84,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, */ if (ctx->cipher) { unsigned long flags = ctx->flags; - EVP_CIPHER_CTX_cleanup(ctx); + EVP_CIPHER_CTX_reset(ctx); /* Restore encrypt and flags */ ctx->encrypt = enc; ctx->flags = flags; @@ -152,7 +105,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, /* * One positive side-effect of US's export control history, * is that we should at least be able to avoid using US - * mispellings of "initialisation"? + * misspellings of "initialisation"? */ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; @@ -168,20 +121,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ctx->engine = NULL; #endif -#ifdef OPENSSL_FIPS - if (FIPS_mode()) { - const EVP_CIPHER *fcipher = NULL; - if (cipher) - fcipher = evp_get_fips_cipher(cipher); - if (fcipher) - cipher = fcipher; - return FIPS_cipherinit(ctx, cipher, key, iv, enc); - } -#endif ctx->cipher = cipher; if (ctx->cipher->ctx_size) { - ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size); - if (!ctx->cipher_data) { + ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size); + if (ctx->cipher_data == NULL) { + ctx->cipher = NULL; EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); return 0; } @@ -193,6 +137,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW; if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { + ctx->cipher = NULL; EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; } @@ -204,10 +149,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, #ifndef OPENSSL_NO_ENGINE skip_to_init: #endif -#ifdef OPENSSL_FIPS - if (FIPS_mode()) - return FIPS_cipherinit(ctx, cipher, key, iv, enc); -#endif /* we assume block size is a power of 2 in *cryptUpdate */ OPENSSL_assert(ctx->cipher->block_size == 1 || ctx->cipher->block_size == 8 @@ -219,7 +160,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, return 0; } - if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { + if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_CUSTOM_IV)) { switch (EVP_CIPHER_CTX_mode(ctx)) { case EVP_CIPH_STREAM_CIPHER: @@ -250,7 +191,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, default: return 0; - break; } } @@ -315,13 +255,61 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); } +/* + * According to the letter of standard difference between pointers + * is specified to be valid only within same object. This makes + * it formally challenging to determine if input and output buffers + * are not partially overlapping with standard pointer arithmetic. + */ +#ifdef PTRDIFF_T +# undef PTRDIFF_T +#endif +#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64 +/* + * Then we have VMS that distinguishes itself by adhering to + * sizeof(size_t)==4 even in 64-bit builds, which means that + * difference between two pointers might be truncated to 32 bits. + * In the context one can even wonder how comparison for + * equality is implemented. To be on the safe side we adhere to + * PTRDIFF_T even for comparison for equality. + */ +# define PTRDIFF_T uint64_t +#else +# define PTRDIFF_T size_t +#endif + +int is_partially_overlapping(const void *ptr1, const void *ptr2, int len) +{ + PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2; + /* + * Check for partially overlapping buffers. [Binary logical + * operations are used instead of boolean to minimize number + * of conditional branches.] + */ + int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) | + (diff > (0 - (PTRDIFF_T)len))); + + return overlapped; +} + int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int i, j, bl; + int i, j, bl, cmpl = inl; + + if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) + cmpl = (cmpl + 7) / 8; + + bl = ctx->cipher->block_size; if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - i = M_do_cipher(ctx, out, in, inl); + /* If block size > 1 then the cipher will have to do this check */ + if (bl == 1 && is_partially_overlapping(out, in, cmpl)) { + EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); + return 0; + } + + i = ctx->cipher->do_cipher(ctx, out, in, inl); if (i < 0) return 0; else @@ -333,9 +321,13 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, *outl = 0; return inl == 0; } + if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) { + EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); + return 0; + } if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) { - if (M_do_cipher(ctx, out, in, inl)) { + if (ctx->cipher->do_cipher(ctx, out, in, inl)) { *outl = inl; return 1; } else { @@ -344,7 +336,6 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } } i = ctx->buf_len; - bl = ctx->cipher->block_size; OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); if (i != 0) { if (bl - i > inl) { @@ -355,10 +346,10 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } else { j = bl - i; memcpy(&(ctx->buf[i]), in, j); - if (!M_do_cipher(ctx, out, ctx->buf, bl)) - return 0; inl -= j; in += j; + if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl)) + return 0; out += bl; *outl = bl; } @@ -367,7 +358,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, i = inl & (bl - 1); inl -= i; if (inl > 0) { - if (!M_do_cipher(ctx, out, in, inl)) + if (!ctx->cipher->do_cipher(ctx, out, in, inl)) return 0; *outl += inl; } @@ -391,7 +382,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) unsigned int i, b, bl; if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - ret = M_do_cipher(ctx, out, NULL, 0); + ret = ctx->cipher->do_cipher(ctx, out, NULL, 0); if (ret < 0) return 0; else @@ -419,7 +410,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) n = b - bl; for (i = bl; i < b; i++) ctx->buf[i] = n; - ret = M_do_cipher(ctx, out, ctx->buf, b); + ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b); if (ret) *outl = b; @@ -430,11 +421,21 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int fix_len; + int fix_len, cmpl = inl; unsigned int b; + b = ctx->cipher->block_size; + + if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) + cmpl = (cmpl + 7) / 8; + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - fix_len = M_do_cipher(ctx, out, in, inl); + if (b == 1 && is_partially_overlapping(out, in, cmpl)) { + EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); + return 0; + } + + fix_len = ctx->cipher->do_cipher(ctx, out, in, inl); if (fix_len < 0) { *outl = 0; return 0; @@ -451,10 +452,15 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, if (ctx->flags & EVP_CIPH_NO_PADDING) return EVP_EncryptUpdate(ctx, out, outl, in, inl); - b = ctx->cipher->block_size; OPENSSL_assert(b <= sizeof ctx->final); if (ctx->final_used) { + /* see comment about PTRDIFF_T comparison above */ + if (((PTRDIFF_T)out == (PTRDIFF_T)in) + || is_partially_overlapping(out, in, b)) { + EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); + return 0; + } memcpy(out, ctx->final, b); out += b; fix_len = 1; @@ -495,7 +501,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) *outl = 0; if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - i = M_do_cipher(ctx, out, NULL, 0); + i = ctx->cipher->do_cipher(ctx, out, NULL, 0); if (i < 0) return 0; else @@ -544,42 +550,6 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) return (1); } -void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) -{ - if (ctx) { - EVP_CIPHER_CTX_cleanup(ctx); - OPENSSL_free(ctx); - } -} - -int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) -{ -#ifndef OPENSSL_FIPS - if (c->cipher != NULL) { - if (c->cipher->cleanup && !c->cipher->cleanup(c)) - return 0; - /* Cleanse cipher context data */ - if (c->cipher_data) - OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); - } - if (c->cipher_data) - OPENSSL_free(c->cipher_data); -#endif -#ifndef OPENSSL_NO_ENGINE - if (c->engine) - /* - * The EVP_CIPHER we used belongs to an ENGINE, release the - * functional reference we held for this reason. - */ - ENGINE_finish(c->engine); -#endif -#ifdef OPENSSL_FIPS - FIPS_cipher_ctx_cleanup(c); -#endif - memset(c, 0, sizeof(EVP_CIPHER_CTX)); - return 1; -} - int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) { if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) @@ -648,12 +618,13 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) } #endif - EVP_CIPHER_CTX_cleanup(out); - memcpy(out, in, sizeof *out); + EVP_CIPHER_CTX_reset(out); + memcpy(out, in, sizeof(*out)); if (in->cipher_data && in->cipher->ctx_size) { out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); - if (!out->cipher_data) { + if (out->cipher_data == NULL) { + out->cipher = NULL; EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE); return 0; } @@ -661,6 +632,10 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) } if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) - return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out); + if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) { + out->cipher = NULL; + EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INITIALIZATION_ERROR); + return 0; + } return 1; } diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_err.c b/Cryptlib/OpenSSL/crypto/evp/evp_err.c index bcd841eb..e32a1c01 100644 --- a/Cryptlib/OpenSSL/crypto/evp/evp_err.c +++ b/Cryptlib/OpenSSL/crypto/evp/evp_err.c @@ -1,62 +1,11 @@ -/* crypto/evp/evp_err.c */ -/* ==================================================================== - * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - /* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> @@ -70,39 +19,36 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason) static ERR_STRING_DATA EVP_str_functs[] = { - {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"}, - {ERR_FUNC(EVP_F_AESNI_XTS_CIPHER), "AESNI_XTS_CIPHER"}, - {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, - {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "AES_T4_INIT_KEY"}, - {ERR_FUNC(EVP_F_AES_XTS), "AES_XTS"}, - {ERR_FUNC(EVP_F_AES_XTS_CIPHER), "AES_XTS_CIPHER"}, - {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"}, - {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, - {ERR_FUNC(EVP_F_CMAC_INIT), "CMAC_INIT"}, - {ERR_FUNC(EVP_F_CMLL_T4_INIT_KEY), "CMLL_T4_INIT_KEY"}, - {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, - {ERR_FUNC(EVP_F_DO_SIGVER_INIT), "DO_SIGVER_INIT"}, - {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, - {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"}, - {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"}, - {ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"}, + {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "aesni_init_key"}, + {ERR_FUNC(EVP_F_AES_INIT_KEY), "aes_init_key"}, + {ERR_FUNC(EVP_F_AES_OCB_CIPHER), "aes_ocb_cipher"}, + {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "aes_t4_init_key"}, + {ERR_FUNC(EVP_F_AES_WRAP_CIPHER), "aes_wrap_cipher"}, + {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "alg_module_init"}, + {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "camellia_init_key"}, + {ERR_FUNC(EVP_F_CHACHA20_POLY1305_CTRL), "chacha20_poly1305_ctrl"}, + {ERR_FUNC(EVP_F_CMLL_T4_INIT_KEY), "cmll_t4_init_key"}, + {ERR_FUNC(EVP_F_DES_EDE3_WRAP_CIPHER), "des_ede3_wrap_cipher"}, + {ERR_FUNC(EVP_F_DO_SIGVER_INIT), "do_sigver_init"}, {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_COPY), "EVP_CIPHER_CTX_copy"}, {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"}, {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, + {ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"}, {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, + {ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"}, {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, {ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"}, {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"}, {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, + {ERR_FUNC(EVP_F_EVP_PBE_SCRYPT), "EVP_PBE_scrypt"}, {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, - {ERR_FUNC(EVP_F_EVP_PKCS82PKEY_BROKEN), "EVP_PKCS82PKEY_BROKEN"}, - {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"}, + {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8), "EVP_PKEY2PKCS8"}, {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL), "EVP_PKEY_CTX_ctrl"}, {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL_STR), "EVP_PKEY_CTX_ctrl_str"}, @@ -116,11 +62,11 @@ static ERR_STRING_DATA EVP_str_functs[] = { {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT), "EVP_PKEY_encrypt_init"}, {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"}, - {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"}, - {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"}, - {ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"}, - {ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"}, - {ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"}, + {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DH), "EVP_PKEY_get0_DH"}, + {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DSA), "EVP_PKEY_get0_DSA"}, + {ERR_FUNC(EVP_F_EVP_PKEY_GET0_EC_KEY), "EVP_PKEY_get0_EC_KEY"}, + {ERR_FUNC(EVP_F_EVP_PKEY_GET0_HMAC), "EVP_PKEY_get0_hmac"}, + {ERR_FUNC(EVP_F_EVP_PKEY_GET0_RSA), "EVP_PKEY_get0_RSA"}, {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"}, {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"}, {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, @@ -133,42 +79,28 @@ static ERR_STRING_DATA EVP_str_functs[] = { {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER), "EVP_PKEY_verify_recover"}, {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT), "EVP_PKEY_verify_recover_init"}, - {ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, {ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"}, {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, - {ERR_FUNC(EVP_F_FIPS_CIPHERINIT), "FIPS_CIPHERINIT"}, - {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_COPY), "FIPS_CIPHER_CTX_COPY"}, - {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_CTRL), "FIPS_CIPHER_CTX_CTRL"}, - {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH), - "FIPS_CIPHER_CTX_SET_KEY_LENGTH"}, - {ERR_FUNC(EVP_F_FIPS_DIGESTINIT), "FIPS_DIGESTINIT"}, - {ERR_FUNC(EVP_F_FIPS_MD_CTX_COPY), "FIPS_MD_CTX_COPY"}, - {ERR_FUNC(EVP_F_HMAC_INIT_EX), "HMAC_Init_ex"}, - {ERR_FUNC(EVP_F_INT_CTX_NEW), "INT_CTX_NEW"}, + {ERR_FUNC(EVP_F_INT_CTX_NEW), "int_ctx_new"}, {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, - {ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN), "PKCS5_V2_PBKDF2_KEYIVGEN"}, - {ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"}, - {ERR_FUNC(EVP_F_PKEY_SET_TYPE), "PKEY_SET_TYPE"}, - {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, - {ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, + {ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN), "PKCS5_v2_PBKDF2_keyivgen"}, + {ERR_FUNC(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN), "PKCS5_v2_scrypt_keyivgen"}, + {ERR_FUNC(EVP_F_PKEY_SET_TYPE), "pkey_set_type"}, + {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "rc2_magic_to_meth"}, + {ERR_FUNC(EVP_F_RC5_CTRL), "rc5_ctrl"}, {0, NULL} }; static ERR_STRING_DATA EVP_str_reasons[] = { - {ERR_REASON(EVP_R_AES_IV_SETUP_FAILED), "aes iv setup failed"}, {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED), "aes key setup failed"}, - {ERR_REASON(EVP_R_ASN1_LIB), "asn1 lib"}, - {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH), "bad block length"}, {ERR_REASON(EVP_R_BAD_DECRYPT), "bad decrypt"}, - {ERR_REASON(EVP_R_BAD_KEY_LENGTH), "bad key length"}, - {ERR_REASON(EVP_R_BN_DECODE_ERROR), "bn decode error"}, - {ERR_REASON(EVP_R_BN_PUBKEY_ERROR), "bn pubkey error"}, {ERR_REASON(EVP_R_BUFFER_TOO_SMALL), "buffer too small"}, {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED), "camellia key setup failed"}, {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"}, {ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED), "command not supported"}, + {ERR_REASON(EVP_R_COPY_ERROR), "copy error"}, {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED), "ctrl not implemented"}, {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED), "ctrl operation not implemented"}, @@ -177,17 +109,16 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_DECODE_ERROR), "decode error"}, {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"}, {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"}, - {ERR_REASON(EVP_R_DISABLED_FOR_FIPS), "disabled for fips"}, - {ERR_REASON(EVP_R_ENCODE_ERROR), "encode error"}, {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"}, {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"}, - {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR), "evp pbe cipherinit error"}, + {ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"}, {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY), "expecting an rsa key"}, {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"}, {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY), "expecting a dsa key"}, - {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY), "expecting a ecdsa key"}, {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"}, {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, + {ERR_REASON(EVP_R_ILLEGAL_SCRYPT_PARAMETERS), + "illegal scrypt parameters"}, {ERR_REASON(EVP_R_INITIALIZATION_ERROR), "initialization error"}, {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"}, {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"}, @@ -195,55 +126,48 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_INVALID_KEY), "invalid key"}, {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"}, {ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"}, - {ERR_REASON(EVP_R_IV_TOO_LARGE), "iv too large"}, {ERR_REASON(EVP_R_KEYGEN_FAILURE), "keygen failure"}, + {ERR_REASON(EVP_R_MEMORY_LIMIT_EXCEEDED), "memory limit exceeded"}, {ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL), "message digest is null"}, {ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED), "method not supported"}, {ERR_REASON(EVP_R_MISSING_PARAMETERS), "missing parameters"}, {ERR_REASON(EVP_R_NO_CIPHER_SET), "no cipher set"}, {ERR_REASON(EVP_R_NO_DEFAULT_DIGEST), "no default digest"}, {ERR_REASON(EVP_R_NO_DIGEST_SET), "no digest set"}, - {ERR_REASON(EVP_R_NO_DSA_PARAMETERS), "no dsa parameters"}, {ERR_REASON(EVP_R_NO_KEY_SET), "no key set"}, {ERR_REASON(EVP_R_NO_OPERATION_SET), "no operation set"}, - {ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED), - "no sign function configured"}, - {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED), - "no verify function configured"}, {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, - {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), - "pkcs8 unknown broken type"}, + {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING), + "partially overlapping buffers"}, {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"}, {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, - {ERR_REASON(EVP_R_TOO_LARGE), "too large"}, {ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"}, {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"}, {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM), "unknown pbe algorithm"}, - {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS), - "unsuported number of rounds"}, {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"}, {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH), "unsupported keylength"}, {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION), "unsupported key derivation function"}, {ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE), "unsupported key size"}, + {ERR_REASON(EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS), + "unsupported number of rounds"}, {ERR_REASON(EVP_R_UNSUPPORTED_PRF), "unsupported prf"}, {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM), "unsupported private key algorithm"}, {ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE), "unsupported salt type"}, {ERR_REASON(EVP_R_WRAP_MODE_NOT_ALLOWED), "wrap mode not allowed"}, {ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"}, - {ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"}, {0, NULL} }; #endif -void ERR_load_EVP_strings(void) +int ERR_load_EVP_strings(void) { #ifndef OPENSSL_NO_ERR @@ -252,4 +176,5 @@ void ERR_load_EVP_strings(void) ERR_load_strings(0, EVP_str_reasons); } #endif + return 1; } diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_key.c b/Cryptlib/OpenSSL/crypto/evp/evp_key.c index 63c8866e..8a4297cf 100644 --- a/Cryptlib/OpenSSL/crypto/evp/evp_key.c +++ b/Cryptlib/OpenSSL/crypto/evp/evp_key.c @@ -1,63 +1,14 @@ -/* crypto/evp/evp_key.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/x509.h> #include <openssl/objects.h> #include <openssl/evp.h> @@ -125,40 +76,42 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, int datal, int count, unsigned char *key, unsigned char *iv) { - EVP_MD_CTX c; + EVP_MD_CTX *c; unsigned char md_buf[EVP_MAX_MD_SIZE]; int niv, nkey, addmd = 0; unsigned int mds = 0, i; int rv = 0; - nkey = type->key_len; - niv = type->iv_len; + nkey = EVP_CIPHER_key_length(type); + niv = EVP_CIPHER_iv_length(type); OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH); OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH); if (data == NULL) return (nkey); - EVP_MD_CTX_init(&c); + c = EVP_MD_CTX_new(); + if (c == NULL) + goto err; for (;;) { - if (!EVP_DigestInit_ex(&c, md, NULL)) + if (!EVP_DigestInit_ex(c, md, NULL)) goto err; if (addmd++) - if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds)) + if (!EVP_DigestUpdate(c, &(md_buf[0]), mds)) goto err; - if (!EVP_DigestUpdate(&c, data, datal)) + if (!EVP_DigestUpdate(c, data, datal)) goto err; if (salt != NULL) - if (!EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN)) + if (!EVP_DigestUpdate(c, salt, PKCS5_SALT_LEN)) goto err; - if (!EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds)) + if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds)) goto err; for (i = 1; i < (unsigned int)count; i++) { - if (!EVP_DigestInit_ex(&c, md, NULL)) + if (!EVP_DigestInit_ex(c, md, NULL)) goto err; - if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds)) + if (!EVP_DigestUpdate(c, &(md_buf[0]), mds)) goto err; - if (!EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds)) + if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds)) goto err; } i = 0; @@ -189,9 +142,9 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, if ((nkey == 0) && (niv == 0)) break; } - rv = type->key_len; + rv = EVP_CIPHER_key_length(type); err: - EVP_MD_CTX_cleanup(&c); + EVP_MD_CTX_free(c); OPENSSL_cleanse(md_buf, sizeof(md_buf)); return rv; } diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c index 7e0bab90..0c76db5a 100644 --- a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c +++ b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c @@ -1,69 +1,18 @@ -/* crypto/evp/evp_lib.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/evp.h> #include <openssl/objects.h> -#ifdef OPENSSL_FIPS -# include <openssl/fips.h> -# include "evp_locl.h" -#endif +#include "internal/evp_int.h" +#include "evp_locl.h" int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { @@ -82,6 +31,7 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) case EVP_CIPH_GCM_MODE: case EVP_CIPH_CCM_MODE: case EVP_CIPH_XTS_MODE: + case EVP_CIPH_OCB_MODE: ret = -1; break; @@ -109,6 +59,7 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) case EVP_CIPH_GCM_MODE: case EVP_CIPH_CCM_MODE: case EVP_CIPH_XTS_MODE: + case EVP_CIPH_OCB_MODE: ret = -1; break; @@ -204,7 +155,7 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx) default: /* Check it has an OID and it is valid */ otmp = OBJ_nid2obj(nid); - if (!otmp || !otmp->data) + if (OBJ_get0_data(otmp) == NULL) nid = NID_undef; ASN1_OBJECT_free(otmp); return nid; @@ -221,6 +172,11 @@ int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) return ctx->cipher->block_size; } +int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e) +{ + return e->ctx_size; +} + int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { @@ -232,24 +188,14 @@ const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) return ctx->cipher; } -unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) +int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx) { -#ifdef OPENSSL_FIPS - const EVP_CIPHER *fcipher; - fcipher = evp_get_fips_cipher(cipher); - if (fcipher && fcipher->flags & EVP_CIPH_FLAG_FIPS) - return cipher->flags | EVP_CIPH_FLAG_FIPS; -#endif - return cipher->flags; + return ctx->encrypt; } -unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) +unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) { -#ifdef OPENSSL_FIPS - return EVP_CIPHER_flags(ctx->cipher); -#else - return ctx->cipher->flags; -#endif + return cipher->flags; } void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) @@ -262,6 +208,21 @@ void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) ctx->app_data = data; } +void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx) +{ + return ctx->cipher_data; +} + +void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data) +{ + void *old_cipher_data; + + old_cipher_data = ctx->cipher_data; + ctx->cipher_data = cipher_data; + + return old_cipher_data; +} + int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) { return cipher->iv_len; @@ -272,6 +233,36 @@ int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) return ctx->cipher->iv_len; } +const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx) +{ + return ctx->oiv; +} + +const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx) +{ + return ctx->iv; +} + +unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx) +{ + return ctx->iv; +} + +unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx) +{ + return ctx->buf; +} + +int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx) +{ + return ctx->num; +} + +void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num) +{ + ctx->num = num; +} + int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) { return cipher->key_len; @@ -316,42 +307,134 @@ int EVP_MD_size(const EVP_MD *md) return md->md_size; } -#ifdef OPENSSL_FIPS - -const EVP_MD *evp_get_fips_md(const EVP_MD *md) +unsigned long EVP_MD_flags(const EVP_MD *md) { - int nid = EVP_MD_type(md); - if (nid == NID_dsa) - return FIPS_evp_dss1(); - else if (nid == NID_dsaWithSHA) - return FIPS_evp_dss(); - else if (nid == NID_ecdsa_with_SHA1) - return FIPS_evp_ecdsa(); - else - return FIPS_get_digestbynid(nid); + return md->flags; } -const EVP_CIPHER *evp_get_fips_cipher(const EVP_CIPHER *cipher) +EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type) { - int nid = cipher->nid; - if (nid == NID_undef) - return FIPS_evp_enc_null(); - else - return FIPS_get_cipherbynid(nid); + EVP_MD *md = OPENSSL_zalloc(sizeof(*md)); + + if (md != NULL) { + md->type = md_type; + md->pkey_type = pkey_type; + } + return md; } +EVP_MD *EVP_MD_meth_dup(const EVP_MD *md) +{ + EVP_MD *to = EVP_MD_meth_new(md->type, md->pkey_type); -#endif + if (to != NULL) + memcpy(to, md, sizeof(*to)); + return to; +} +void EVP_MD_meth_free(EVP_MD *md) +{ + OPENSSL_free(md); +} +int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize) +{ + md->block_size = blocksize; + return 1; +} +int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize) +{ + md->md_size = resultsize; + return 1; +} +int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize) +{ + md->ctx_size = datasize; + return 1; +} +int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags) +{ + md->flags = flags; + return 1; +} +int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)) +{ + md->init = init; + return 1; +} +int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, + const void *data, + size_t count)) +{ + md->update = update; + return 1; +} +int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, + unsigned char *md)) +{ + md->final = final; + return 1; +} +int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, + const EVP_MD_CTX *from)) +{ + md->copy = copy; + return 1; +} +int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)) +{ + md->cleanup = cleanup; + return 1; +} +int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2)) +{ + md->md_ctrl = ctrl; + return 1; +} -unsigned long EVP_MD_flags(const EVP_MD *md) +int EVP_MD_meth_get_input_blocksize(const EVP_MD *md) +{ + return md->block_size; +} +int EVP_MD_meth_get_result_size(const EVP_MD *md) +{ + return md->md_size; +} +int EVP_MD_meth_get_app_datasize(const EVP_MD *md) +{ + return md->ctx_size; +} +unsigned long EVP_MD_meth_get_flags(const EVP_MD *md) { -#ifdef OPENSSL_FIPS - const EVP_MD *fmd; - fmd = evp_get_fips_md(md); - if (fmd && fmd->flags & EVP_MD_FLAG_FIPS) - return md->flags | EVP_MD_FLAG_FIPS; -#endif return md->flags; } +int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx) +{ + return md->init; +} +int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, + const void *data, + size_t count) +{ + return md->update; +} +int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, + unsigned char *md) +{ + return md->final; +} +int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, + const EVP_MD_CTX *from) +{ + return md->copy; +} +int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx) +{ + return md->cleanup; +} +int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2) +{ + return md->md_ctrl; +} const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx) { @@ -360,6 +443,29 @@ const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx) return ctx->digest; } +EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx) +{ + return ctx->pctx; +} + +void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx) +{ + return ctx->md_data; +} + +int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, + const void *data, size_t count) +{ + return ctx->update; +} + +void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, + int (*update) (EVP_MD_CTX *ctx, + const void *data, size_t count)) +{ + ctx->update = update; +} + void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags) { ctx->flags |= flags; diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_locl.h b/Cryptlib/OpenSSL/crypto/evp/evp_locl.h index 2bb709a0..209577b7 100644 --- a/Cryptlib/OpenSSL/crypto/evp/evp_locl.h +++ b/Cryptlib/OpenSSL/crypto/evp/evp_locl.h @@ -1,373 +1,68 @@ -/* evp_locl.h */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2000. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -/* Macros to code block cipher wrappers */ - -/* Wrapper functions for each cipher mode */ - -#define BLOCK_CIPHER_ecb_loop() \ - size_t i, bl; \ - bl = ctx->cipher->block_size;\ - if(inl < bl) return 1;\ - inl -= bl; \ - for(i=0; i <= inl; i+=bl) - -#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ -static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -{\ - BLOCK_CIPHER_ecb_loop() \ - cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\ - return 1;\ -} - -#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2)) - -#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ -static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -{\ - while(inl>=EVP_MAXCHUNK)\ - {\ - cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ - inl-=EVP_MAXCHUNK;\ - in +=EVP_MAXCHUNK;\ - out+=EVP_MAXCHUNK;\ - }\ - if (inl)\ - cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ - return 1;\ -} - -#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ -static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -{\ - while(inl>=EVP_MAXCHUNK) \ - {\ - cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ - inl-=EVP_MAXCHUNK;\ - in +=EVP_MAXCHUNK;\ - out+=EVP_MAXCHUNK;\ - }\ - if (inl)\ - cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ - return 1;\ -} - -#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ -static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -{\ - size_t chunk=EVP_MAXCHUNK;\ - if (cbits==1) chunk>>=3;\ - if (inl<chunk) chunk=inl;\ - while(inl && inl>=chunk)\ - {\ - cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ - inl-=chunk;\ - in +=chunk;\ - out+=chunk;\ - if(inl<chunk) chunk=inl;\ - }\ - return 1;\ -} - -#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ - BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ - BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ - BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ - BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) - -#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \ - key_len, iv_len, flags, init_key, cleanup, \ - set_asn1, get_asn1, ctrl) \ -static const EVP_CIPHER cname##_##mode = { \ - nid##_##nmode, block_size, key_len, iv_len, \ - flags | EVP_CIPH_##MODE##_MODE, \ - init_key, \ - cname##_##mode##_cipher, \ - cleanup, \ - sizeof(kstruct), \ - set_asn1, get_asn1,\ - ctrl, \ - NULL \ -}; \ -const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; } - -#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \ - iv_len, flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) \ -BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ - iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) - -#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ - iv_len, cbits, flags, init_key, cleanup, \ - set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \ - key_len, iv_len, flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) - -#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \ - iv_len, cbits, flags, init_key, cleanup, \ - set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \ - key_len, iv_len, flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) - -#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \ - flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) \ -BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ - 0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) - -#define BLOCK_CIPHER_defs(cname, kstruct, \ - nid, block_size, key_len, iv_len, cbits, flags, \ - init_key, cleanup, set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ - init_key, cleanup, set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \ - flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \ - flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \ - init_key, cleanup, set_asn1, get_asn1, ctrl) - -/*- -#define BLOCK_CIPHER_defs(cname, kstruct, \ - nid, block_size, key_len, iv_len, flags,\ - init_key, cleanup, set_asn1, get_asn1, ctrl)\ -static const EVP_CIPHER cname##_cbc = {\ - nid##_cbc, block_size, key_len, iv_len, \ - flags | EVP_CIPH_CBC_MODE,\ - init_key,\ - cname##_cbc_cipher,\ - cleanup,\ - sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ - sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ - set_asn1, get_asn1,\ - ctrl, \ - NULL \ -};\ -const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ -static const EVP_CIPHER cname##_cfb = {\ - nid##_cfb64, 1, key_len, iv_len, \ - flags | EVP_CIPH_CFB_MODE,\ - init_key,\ - cname##_cfb_cipher,\ - cleanup,\ - sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ - sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ - set_asn1, get_asn1,\ - ctrl,\ - NULL \ -};\ -const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ -static const EVP_CIPHER cname##_ofb = {\ - nid##_ofb64, 1, key_len, iv_len, \ - flags | EVP_CIPH_OFB_MODE,\ - init_key,\ - cname##_ofb_cipher,\ - cleanup,\ - sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ - sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ - set_asn1, get_asn1,\ - ctrl,\ - NULL \ -};\ -const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ -static const EVP_CIPHER cname##_ecb = {\ - nid##_ecb, block_size, key_len, iv_len, \ - flags | EVP_CIPH_ECB_MODE,\ - init_key,\ - cname##_ecb_cipher,\ - cleanup,\ - sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ - sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ - set_asn1, get_asn1,\ - ctrl,\ - NULL \ -};\ -const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } -*/ - -#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ - block_size, key_len, iv_len, cbits, \ - flags, init_key, \ - cleanup, set_asn1, get_asn1, ctrl) \ - BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ - BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ - cbits, flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) - -#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) - -#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \ - BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ - BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ - NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ - 0, cipher##_init_key, NULL, \ - EVP_CIPHER_set_asn1_iv, \ - EVP_CIPHER_get_asn1_iv, \ - NULL) - -struct evp_pkey_ctx_st { - /* Method associated with this operation */ - const EVP_PKEY_METHOD *pmeth; - /* Engine that implements this method or NULL if builtin */ - ENGINE *engine; - /* Key: may be NULL */ - EVP_PKEY *pkey; - /* Peer key for key agreement, may be NULL */ - EVP_PKEY *peerkey; - /* Actual operation */ - int operation; - /* Algorithm specific data */ - void *data; - /* Application specific data */ - void *app_data; - /* Keygen callback */ - EVP_PKEY_gen_cb *pkey_gencb; - /* implementation specific keygen data */ - int *keygen_info; - int keygen_info_count; -} /* EVP_PKEY_CTX */ ; - -#define EVP_PKEY_FLAG_DYNAMIC 1 - -struct evp_pkey_method_st { - int pkey_id; - int flags; - int (*init) (EVP_PKEY_CTX *ctx); - int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); - void (*cleanup) (EVP_PKEY_CTX *ctx); - int (*paramgen_init) (EVP_PKEY_CTX *ctx); - int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); - int (*keygen_init) (EVP_PKEY_CTX *ctx); - int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); - int (*sign_init) (EVP_PKEY_CTX *ctx); - int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen); - int (*verify_init) (EVP_PKEY_CTX *ctx); - int (*verify) (EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen); - int (*verify_recover_init) (EVP_PKEY_CTX *ctx); - int (*verify_recover) (EVP_PKEY_CTX *ctx, - unsigned char *rout, size_t *routlen, - const unsigned char *sig, size_t siglen); - int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); - int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - EVP_MD_CTX *mctx); - int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); - int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, - EVP_MD_CTX *mctx); - int (*encrypt_init) (EVP_PKEY_CTX *ctx); - int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); - int (*decrypt_init) (EVP_PKEY_CTX *ctx); - int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); - int (*derive_init) (EVP_PKEY_CTX *ctx); - int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); - int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); - int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); -} /* EVP_PKEY_METHOD */ ; - -void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); +/* EVP_MD_CTX related stuff */ + +struct evp_md_ctx_st { + const EVP_MD *digest; + ENGINE *engine; /* functional reference if 'digest' is + * ENGINE-provided */ + unsigned long flags; + void *md_data; + /* Public key context for sign/verify */ + EVP_PKEY_CTX *pctx; + /* Update function: usually copied from EVP_MD */ + int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); +} /* EVP_MD_CTX */ ; + +struct evp_cipher_ctx_st { + const EVP_CIPHER *cipher; + ENGINE *engine; /* functional reference if 'cipher' is + * ENGINE-provided */ + int encrypt; /* encrypt or decrypt */ + int buf_len; /* number we have left */ + unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ + unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ + unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */ + int num; /* used by cfb/ofb/ctr mode */ + /* FIXME: Should this even exist? It appears unused */ + void *app_data; /* application stuff */ + int key_len; /* May change for variable length cipher */ + unsigned long flags; /* Various flags */ + void *cipher_data; /* per EVP data */ + int final_used; + int block_mask; + unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ +} /* EVP_CIPHER_CTX */ ; int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de); -const EVP_MD *evp_get_fips_md(const EVP_MD *md); -const EVP_CIPHER *evp_get_fips_cipher(const EVP_CIPHER *cipher); - -#ifdef OPENSSL_FIPS - -# ifdef OPENSSL_DOING_MAKEDEPEND -# undef SHA1_Init -# undef SHA1_Update -# undef SHA224_Init -# undef SHA256_Init -# undef SHA384_Init -# undef SHA512_Init -# undef DES_set_key_unchecked -# endif - -# define RIPEMD160_Init private_RIPEMD160_Init -# define WHIRLPOOL_Init private_WHIRLPOOL_Init -# define MD5_Init private_MD5_Init -# define MD4_Init private_MD4_Init -# define MD2_Init private_MD2_Init -# define MDC2_Init private_MDC2_Init -# define SHA_Init private_SHA_Init -# define SHA1_Init private_SHA1_Init -# define SHA224_Init private_SHA224_Init -# define SHA256_Init private_SHA256_Init -# define SHA384_Init private_SHA384_Init -# define SHA512_Init private_SHA512_Init - -# define BF_set_key private_BF_set_key -# define CAST_set_key private_CAST_set_key -# define idea_set_encrypt_key private_idea_set_encrypt_key -# define SEED_set_key private_SEED_set_key -# define RC2_set_key private_RC2_set_key -# define RC4_set_key private_RC4_set_key -# define DES_set_key_unchecked private_DES_set_key_unchecked -# define Camellia_set_key private_Camellia_set_key - -#endif +struct evp_Encode_Ctx_st { + /* number saved in a partial encode/decode */ + int num; + /* + * The length is either the output line length (in input bytes) or the + * shortest input line length that is ok. Once decoding begins, the + * length is adjusted up each time a longer line is decoded + */ + int length; + /* data to encode */ + unsigned char enc_data[80]; + /* number read on current line */ + int line_num; + int expect_nl; +}; + +typedef struct evp_pbe_st EVP_PBE_CTL; +DEFINE_STACK_OF(EVP_PBE_CTL) + +int is_partially_overlapping(const void *ptr1, const void *ptr2, int len); diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c index 7934c95f..ce7aa2cf 100644 --- a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c +++ b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c @@ -1,64 +1,14 @@ -/* evp_pbe.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/evp.h> #include <openssl/pkcs12.h> #include <openssl/x509.h> @@ -66,18 +16,17 @@ /* Password based encryption (PBE) functions */ -DECLARE_STACK_OF(EVP_PBE_CTL) -static STACK_OF(EVP_PBE_CTL) *pbe_algs; - /* Setup a cipher context from a PBE algorithm */ -typedef struct { +struct evp_pbe_st { int pbe_type; int pbe_nid; int cipher_nid; int md_nid; EVP_PBE_KEYGEN *keygen; -} EVP_PBE_CTL; +}; + +static STACK_OF(EVP_PBE_CTL) *pbe_algs; static const EVP_PBE_CTL builtin_pbe[] = { {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC, @@ -87,9 +36,7 @@ static const EVP_PBE_CTL builtin_pbe[] = { {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC, NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen}, -#ifndef OPENSSL_NO_HMAC {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen}, -#endif {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4, NID_rc4, NID_sha1, PKCS12_PBE_keyivgen}, @@ -104,9 +51,8 @@ static const EVP_PBE_CTL builtin_pbe[] = { {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC, NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen}, -#ifndef OPENSSL_NO_HMAC {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen}, -#endif + {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC, NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen}, {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC, @@ -121,32 +67,15 @@ static const EVP_PBE_CTL builtin_pbe[] = { {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0}, {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0}, {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0}, -}; - -#ifdef TEST -int main(int argc, char **argv) -{ - int i, nid_md, nid_cipher; - EVP_PBE_CTL *tpbe, *tpbe2; - /* - * OpenSSL_add_all_algorithms(); - */ - - for (i = 0; i < sizeof(builtin_pbe) / sizeof(EVP_PBE_CTL); i++) { - tpbe = builtin_pbe + i; - fprintf(stderr, "%d %d %s ", tpbe->pbe_type, tpbe->pbe_nid, - OBJ_nid2sn(tpbe->pbe_nid)); - if (EVP_PBE_find(tpbe->pbe_type, tpbe->pbe_nid, - &nid_cipher, &nid_md, 0)) - fprintf(stderr, "Found %s %s\n", - OBJ_nid2sn(nid_cipher), OBJ_nid2sn(nid_md)); - else - fprintf(stderr, "Find ERROR!!\n"); - } - - return 0; -} + {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_256, -1, + NID_id_GostR3411_2012_256, 0}, + {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_512, -1, + NID_id_GostR3411_2012_512, 0}, + {EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen}, +#ifndef OPENSSL_NO_SCRYPT + {EVP_PBE_TYPE_KDF, NID_id_scrypt, -1, -1, PKCS5_v2_scrypt_keyivgen} #endif +}; int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) @@ -161,7 +90,7 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, char obj_tmp[80]; EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM); if (!pbe_obj) - BUF_strlcpy(obj_tmp, "NULL", sizeof obj_tmp); + OPENSSL_strlcpy(obj_tmp, "NULL", sizeof obj_tmp); else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); ERR_add_error_data(2, "TYPE=", obj_tmp); @@ -244,7 +173,10 @@ int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, pbe_tmp->md_nid = md_nid; pbe_tmp->keygen = keygen; - sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp); + if (!sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp)) { + OPENSSL_free(pbe_tmp); + goto err; + } return 1; err: @@ -256,6 +188,7 @@ int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, EVP_PBE_KEYGEN *keygen) { int cipher_nid, md_nid; + if (cipher) cipher_nid = EVP_CIPHER_nid(cipher); else @@ -286,8 +219,7 @@ int EVP_PBE_find(int type, int pbe_nid, pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i); } if (pbetmp == NULL) { - pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, - sizeof(builtin_pbe) / sizeof(EVP_PBE_CTL)); + pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, OSSL_NELEM(builtin_pbe)); } if (pbetmp == NULL) return 0; @@ -302,7 +234,7 @@ int EVP_PBE_find(int type, int pbe_nid, static void free_evp_pbe_ctl(EVP_PBE_CTL *pbe) { - OPENSSL_freeFunc(pbe); + OPENSSL_free(pbe); } void EVP_PBE_cleanup(void) @@ -310,3 +242,18 @@ void EVP_PBE_cleanup(void) sk_EVP_PBE_CTL_pop_free(pbe_algs, free_evp_pbe_ctl); pbe_algs = NULL; } + +int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num) +{ + const EVP_PBE_CTL *tpbe; + + if (num >= OSSL_NELEM(builtin_pbe)) + return 0; + + tpbe = builtin_pbe + num; + if (ptype) + *ptype = tpbe->pbe_type; + if (ppbe_nid) + *ppbe_nid = tpbe->pbe_nid; + return 1; +} diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c b/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c index 6a456297..81bffa6d 100644 --- a/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c +++ b/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c @@ -1,81 +1,33 @@ -/* evp_pkey.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> #include <stdlib.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/x509.h> #include <openssl/rand.h> -#include "asn1_locl.h" +#include "internal/asn1_int.h" +#include "internal/evp_int.h" +#include "internal/x509_int.h" /* Extract a private key from a PKCS8 structure */ -EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) +EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8) { EVP_PKEY *pkey = NULL; - ASN1_OBJECT *algoid; + const ASN1_OBJECT *algoid; char obj_tmp[80]; if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8)) return NULL; - if (!(pkey = EVP_PKEY_new())) { + if ((pkey = EVP_PKEY_new()) == NULL) { EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); return NULL; } @@ -104,68 +56,37 @@ EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) return NULL; } -PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) -{ - return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK); -} - /* Turn a private key into a PKCS8 structure */ -PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) +PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) { - PKCS8_PRIV_KEY_INFO *p8; - - if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { - EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE); + PKCS8_PRIV_KEY_INFO *p8 = PKCS8_PRIV_KEY_INFO_new(); + if (p8 == NULL) { + EVPerr(EVP_F_EVP_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); return NULL; } - p8->broken = broken; if (pkey->ameth) { if (pkey->ameth->priv_encode) { if (!pkey->ameth->priv_encode(p8, pkey)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, - EVP_R_PRIVATE_KEY_ENCODE_ERROR); + EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_PRIVATE_KEY_ENCODE_ERROR); goto error; } } else { - EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_METHOD_NOT_SUPPORTED); + EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_METHOD_NOT_SUPPORTED); goto error; } } else { - EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, - EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); + EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); goto error; } - RAND_add(p8->pkey->value.octet_string->data, - p8->pkey->value.octet_string->length, 0.0); + RAND_add(p8->pkey->data, p8->pkey->length, 0.0); return p8; error: PKCS8_PRIV_KEY_INFO_free(p8); return NULL; } -PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) -{ - switch (broken) { - - case PKCS8_OK: - p8->broken = PKCS8_OK; - return p8; - break; - - case PKCS8_NO_OCTET: - p8->broken = PKCS8_NO_OCTET; - p8->pkey->type = V_ASN1_SEQUENCE; - return p8; - break; - - default: - EVPerr(EVP_F_PKCS8_SET_BROKEN, EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); - return NULL; - } -} - /* EVP_PKEY attribute functions */ int EVP_PKEY_get_attr_count(const EVP_PKEY *key) @@ -178,7 +99,7 @@ int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos) return X509at_get_attr_by_NID(key->attributes, nid, lastpos); } -int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, +int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, int lastpos) { return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos); diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss.c b/Cryptlib/OpenSSL/crypto/evp/m_dss.c deleted file mode 100644 index 14784486..00000000 --- a/Cryptlib/OpenSSL/crypto/evp/m_dss.c +++ /dev/null @@ -1,104 +0,0 @@ -/* crypto/evp/m_dss.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "cryptlib.h" -#include <openssl/evp.h> -#include <openssl/objects.h> -#include <openssl/sha.h> -#ifndef OPENSSL_NO_DSA -# include <openssl/dsa.h> -#endif - -#ifndef OPENSSL_NO_SHA - -static int init(EVP_MD_CTX *ctx) -{ - return SHA1_Init(ctx->md_data); -} - -static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA1_Update(ctx->md_data, data, count); -} - -static int final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA1_Final(md, ctx->md_data); -} - -static const EVP_MD dsa_md = { - NID_dsaWithSHA, - NID_dsaWithSHA, - SHA_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_DIGEST, - init, - update, - final, - NULL, - NULL, - EVP_PKEY_DSA_method, - SHA_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA_CTX), -}; - -const EVP_MD *EVP_dss(void) -{ - return (&dsa_md); -} -#endif diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss1.c b/Cryptlib/OpenSSL/crypto/evp/m_dss1.c deleted file mode 100644 index e36fabff..00000000 --- a/Cryptlib/OpenSSL/crypto/evp/m_dss1.c +++ /dev/null @@ -1,105 +0,0 @@ -/* crypto/evp/m_dss1.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "cryptlib.h" - -#ifndef OPENSSL_NO_SHA - -# include <openssl/evp.h> -# include <openssl/objects.h> -# include <openssl/sha.h> -# ifndef OPENSSL_NO_DSA -# include <openssl/dsa.h> -# endif - -static int init(EVP_MD_CTX *ctx) -{ - return SHA1_Init(ctx->md_data); -} - -static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA1_Update(ctx->md_data, data, count); -} - -static int final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA1_Final(md, ctx->md_data); -} - -static const EVP_MD dss1_md = { - NID_dsa, - NID_dsaWithSHA1, - SHA_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_DIGEST, - init, - update, - final, - NULL, - NULL, - EVP_PKEY_DSA_method, - SHA_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA_CTX), -}; - -const EVP_MD *EVP_dss1(void) -{ - return (&dss1_md); -} -#endif diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c b/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c deleted file mode 100644 index 803d3149..00000000 --- a/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c +++ /dev/null @@ -1,154 +0,0 @@ -/* crypto/evp/m_ecdsa.c */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "cryptlib.h" -#include <openssl/evp.h> -#include <openssl/objects.h> -#include <openssl/x509.h> - -#ifndef OPENSSL_NO_SHA - -static int init(EVP_MD_CTX *ctx) -{ - return SHA1_Init(ctx->md_data); -} - -static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA1_Update(ctx->md_data, data, count); -} - -static int final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA1_Final(md, ctx->md_data); -} - -static const EVP_MD ecdsa_md = { - NID_ecdsa_with_SHA1, - NID_ecdsa_with_SHA1, - SHA_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_DIGEST, - init, - update, - final, - NULL, - NULL, - EVP_PKEY_ECDSA_method, - SHA_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA_CTX), -}; - -const EVP_MD *EVP_ecdsa(void) -{ - return (&ecdsa_md); -} -#endif diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md2.c b/Cryptlib/OpenSSL/crypto/evp/m_md2.c index 3c4cd7bf..c4e28ae1 100644 --- a/Cryptlib/OpenSSL/crypto/evp/m_md2.c +++ b/Cryptlib/OpenSSL/crypto/evp/m_md2.c @@ -1,63 +1,14 @@ -/* crypto/evp/m_md2.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_MD2 @@ -65,23 +16,23 @@ # include <openssl/objects.h> # include <openssl/x509.h> # include <openssl/md2.h> -# ifndef OPENSSL_NO_RSA -# include <openssl/rsa.h> -# endif +# include <openssl/rsa.h> + +#include "internal/evp_int.h" static int init(EVP_MD_CTX *ctx) { - return MD2_Init(ctx->md_data); + return MD2_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return MD2_Update(ctx->md_data, data, count); + return MD2_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return MD2_Final(md, ctx->md_data); + return MD2_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD md2_md = { @@ -94,13 +45,12 @@ static const EVP_MD md2_md = { final, NULL, NULL, - EVP_PKEY_RSA_method, MD2_BLOCK, sizeof(EVP_MD *) + sizeof(MD2_CTX), }; const EVP_MD *EVP_md2(void) { - return (&md2_md); + return &md2_md; } #endif diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md4.c b/Cryptlib/OpenSSL/crypto/evp/m_md4.c index 851de69f..f3decaaf 100644 --- a/Cryptlib/OpenSSL/crypto/evp/m_md4.c +++ b/Cryptlib/OpenSSL/crypto/evp/m_md4.c @@ -1,63 +1,14 @@ -/* crypto/evp/m_md4.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_MD4 @@ -65,25 +16,22 @@ # include <openssl/objects.h> # include <openssl/x509.h> # include <openssl/md4.h> -# ifndef OPENSSL_NO_RSA -# include <openssl/rsa.h> -# endif - -# include "evp_locl.h" +# include <openssl/rsa.h> +# include "internal/evp_int.h" static int init(EVP_MD_CTX *ctx) { - return MD4_Init(ctx->md_data); + return MD4_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return MD4_Update(ctx->md_data, data, count); + return MD4_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return MD4_Final(md, ctx->md_data); + return MD4_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD md4_md = { @@ -96,7 +44,6 @@ static const EVP_MD md4_md = { final, NULL, NULL, - EVP_PKEY_RSA_method, MD4_CBLOCK, sizeof(EVP_MD *) + sizeof(MD4_CTX), }; diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md5.c b/Cryptlib/OpenSSL/crypto/evp/m_md5.c index e5d5f71b..f4dc0c43 100644 --- a/Cryptlib/OpenSSL/crypto/evp/m_md5.c +++ b/Cryptlib/OpenSSL/crypto/evp/m_md5.c @@ -1,63 +1,14 @@ -/* crypto/evp/m_md5.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_MD5 @@ -65,24 +16,22 @@ # include <openssl/objects.h> # include <openssl/x509.h> # include <openssl/md5.h> -# ifndef OPENSSL_NO_RSA -# include <openssl/rsa.h> -# endif -# include "evp_locl.h" +# include <openssl/rsa.h> +# include "internal/evp_int.h" static int init(EVP_MD_CTX *ctx) { - return MD5_Init(ctx->md_data); + return MD5_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return MD5_Update(ctx->md_data, data, count); + return MD5_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return MD5_Final(md, ctx->md_data); + return MD5_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD md5_md = { @@ -95,7 +44,6 @@ static const EVP_MD md5_md = { final, NULL, NULL, - EVP_PKEY_RSA_method, MD5_CBLOCK, sizeof(EVP_MD *) + sizeof(MD5_CTX), }; diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md5_sha1.c b/Cryptlib/OpenSSL/crypto/evp/m_md5_sha1.c new file mode 100644 index 00000000..2d98886b --- /dev/null +++ b/Cryptlib/OpenSSL/crypto/evp/m_md5_sha1.c @@ -0,0 +1,142 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#if !defined(OPENSSL_NO_MD5) + +# include <openssl/evp.h> +# include <openssl/objects.h> +# include <openssl/x509.h> +# include <openssl/md5.h> +# include <openssl/sha.h> +# include "internal/cryptlib.h" +# include "internal/evp_int.h" +# include <openssl/rsa.h> + +struct md5_sha1_ctx { + MD5_CTX md5; + SHA_CTX sha1; +}; + +static int init(EVP_MD_CTX *ctx) +{ + struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); + if (!MD5_Init(&mctx->md5)) + return 0; + return SHA1_Init(&mctx->sha1); +} + +static int update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); + if (!MD5_Update(&mctx->md5, data, count)) + return 0; + return SHA1_Update(&mctx->sha1, data, count); +} + +static int final(EVP_MD_CTX *ctx, unsigned char *md) +{ + struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); + if (!MD5_Final(md, &mctx->md5)) + return 0; + return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1); +} + +static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms) +{ + unsigned char padtmp[48]; + unsigned char md5tmp[MD5_DIGEST_LENGTH]; + unsigned char sha1tmp[SHA_DIGEST_LENGTH]; + struct md5_sha1_ctx *mctx; + + if (cmd != EVP_CTRL_SSL3_MASTER_SECRET) + return -2; + + if (ctx == NULL) + return 0; + + mctx = EVP_MD_CTX_md_data(ctx); + + /* SSLv3 client auth handling: see RFC-6101 5.6.8 */ + if (mslen != 48) + return 0; + + /* At this point hash contains all handshake messages, update + * with master secret and pad_1. + */ + + if (update(ctx, ms, mslen) <= 0) + return 0; + + /* Set padtmp to pad_1 value */ + memset(padtmp, 0x36, sizeof(padtmp)); + + if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp))) + return 0; + + if (!MD5_Final(md5tmp, &mctx->md5)) + return 0; + + if (!SHA1_Update(&mctx->sha1, padtmp, 40)) + return 0; + + if (!SHA1_Final(sha1tmp, &mctx->sha1)) + return 0; + + /* Reinitialise context */ + + if (!init(ctx)) + return 0; + + if (update(ctx, ms, mslen) <= 0) + return 0; + + /* Set padtmp to pad_2 value */ + memset(padtmp, 0x5c, sizeof(padtmp)); + + if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp))) + return 0; + + if (!MD5_Update(&mctx->md5, md5tmp, sizeof(md5tmp))) + return 0; + + if (!SHA1_Update(&mctx->sha1, padtmp, 40)) + return 0; + + if (!SHA1_Update(&mctx->sha1, sha1tmp, sizeof(sha1tmp))) + return 0; + + /* Now when ctx is finalised it will return the SSL v3 hash value */ + + OPENSSL_cleanse(md5tmp, sizeof(md5tmp)); + OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp)); + + return 1; + +} + +static const EVP_MD md5_sha1_md = { + NID_md5_sha1, + NID_md5_sha1, + MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, + 0, + init, + update, + final, + NULL, + NULL, + MD5_CBLOCK, + sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx), + ctrl +}; + +const EVP_MD *EVP_md5_sha1(void) +{ + return &md5_sha1_md; +} +#endif diff --git a/Cryptlib/OpenSSL/crypto/evp/m_mdc2.c b/Cryptlib/OpenSSL/crypto/evp/m_mdc2.c index 94e12a6b..b7f0fd8c 100644 --- a/Cryptlib/OpenSSL/crypto/evp/m_mdc2.c +++ b/Cryptlib/OpenSSL/crypto/evp/m_mdc2.c @@ -1,63 +1,14 @@ -/* crypto/evp/m_mdc2.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_MDC2 @@ -65,25 +16,22 @@ # include <openssl/objects.h> # include <openssl/x509.h> # include <openssl/mdc2.h> -# ifndef OPENSSL_NO_RSA -# include <openssl/rsa.h> -# endif - -# include "evp_locl.h" +# include <openssl/rsa.h> +# include "internal/evp_int.h" static int init(EVP_MD_CTX *ctx) { - return MDC2_Init(ctx->md_data); + return MDC2_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return MDC2_Update(ctx->md_data, data, count); + return MDC2_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return MDC2_Final(md, ctx->md_data); + return MDC2_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD mdc2_md = { @@ -96,7 +44,6 @@ static const EVP_MD mdc2_md = { final, NULL, NULL, - EVP_PKEY_RSA_ASN1_OCTET_STRING_method, MDC2_BLOCK, sizeof(EVP_MD *) + sizeof(MDC2_CTX), }; diff --git a/Cryptlib/OpenSSL/crypto/evp/m_null.c b/Cryptlib/OpenSSL/crypto/evp/m_null.c index 017e1feb..6c4daf56 100644 --- a/Cryptlib/OpenSSL/crypto/evp/m_null.c +++ b/Cryptlib/OpenSSL/crypto/evp/m_null.c @@ -1,66 +1,18 @@ -/* crypto/evp/m_null.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> +#include "internal/evp_int.h" static int init(EVP_MD_CTX *ctx) { @@ -87,7 +39,6 @@ static const EVP_MD null_md = { final, NULL, NULL, - EVP_PKEY_NULL_method, 0, sizeof(EVP_MD *), }; diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c b/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c index 81de0ef4..07b46bd5 100644 --- a/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c +++ b/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c @@ -1,88 +1,37 @@ -/* crypto/evp/m_ripemd.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" -#ifndef OPENSSL_NO_RIPEMD +#ifndef OPENSSL_NO_RMD160 # include <openssl/ripemd.h> # include <openssl/evp.h> # include <openssl/objects.h> # include <openssl/x509.h> -# ifndef OPENSSL_NO_RSA -# include <openssl/rsa.h> -# endif -# include "evp_locl.h" +# include <openssl/rsa.h> +# include "internal/evp_int.h" static int init(EVP_MD_CTX *ctx) { - return RIPEMD160_Init(ctx->md_data); + return RIPEMD160_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return RIPEMD160_Update(ctx->md_data, data, count); + return RIPEMD160_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return RIPEMD160_Final(md, ctx->md_data); + return RIPEMD160_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD ripemd160_md = { @@ -95,7 +44,6 @@ static const EVP_MD ripemd160_md = { final, NULL, NULL, - EVP_PKEY_RSA_method, RIPEMD160_CBLOCK, sizeof(EVP_MD *) + sizeof(RIPEMD160_CTX), }; diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha.c b/Cryptlib/OpenSSL/crypto/evp/m_sha.c deleted file mode 100644 index e1e22e0c..00000000 --- a/Cryptlib/OpenSSL/crypto/evp/m_sha.c +++ /dev/null @@ -1,106 +0,0 @@ -/* crypto/evp/m_sha.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "cryptlib.h" - -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) - -# include <openssl/evp.h> -# include <openssl/objects.h> -# include <openssl/x509.h> -# ifndef OPENSSL_NO_RSA -# include <openssl/rsa.h> -# endif -# include "evp_locl.h" - -static int init(EVP_MD_CTX *ctx) -{ - return SHA_Init(ctx->md_data); -} - -static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA_Update(ctx->md_data, data, count); -} - -static int final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA_Final(md, ctx->md_data); -} - -static const EVP_MD sha_md = { - NID_sha, - NID_shaWithRSAEncryption, - SHA_DIGEST_LENGTH, - 0, - init, - update, - final, - NULL, - NULL, - EVP_PKEY_RSA_method, - SHA_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA_CTX), -}; - -const EVP_MD *EVP_sha(void) -{ - return (&sha_md); -} -#endif diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha1.c b/Cryptlib/OpenSSL/crypto/evp/m_sha1.c index a74e6b77..8f30077a 100644 --- a/Cryptlib/OpenSSL/crypto/evp/m_sha1.c +++ b/Cryptlib/OpenSSL/crypto/evp/m_sha1.c @@ -1,118 +1,123 @@ -/* crypto/evp/m_sha1.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" -#ifndef OPENSSL_NO_SHA - -# include <openssl/evp.h> -# include <openssl/objects.h> -# include <openssl/sha.h> -# ifndef OPENSSL_NO_RSA -# include <openssl/rsa.h> -# endif +#include <openssl/evp.h> +#include <openssl/objects.h> +#include <openssl/sha.h> +#include <openssl/rsa.h> +#include "internal/evp_int.h" static int init(EVP_MD_CTX *ctx) { - return SHA1_Init(ctx->md_data); + return SHA1_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return SHA1_Update(ctx->md_data, data, count); + return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return SHA1_Final(md, ctx->md_data); + return SHA1_Final(md, EVP_MD_CTX_md_data(ctx)); +} + +static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms) +{ + unsigned char padtmp[40]; + unsigned char sha1tmp[SHA_DIGEST_LENGTH]; + + SHA_CTX *sha1; + + if (cmd != EVP_CTRL_SSL3_MASTER_SECRET) + return -2; + + if (ctx == NULL) + return 0; + + sha1 = EVP_MD_CTX_md_data(ctx); + + /* SSLv3 client auth handling: see RFC-6101 5.6.8 */ + if (mslen != 48) + return 0; + + /* At this point hash contains all handshake messages, update + * with master secret and pad_1. + */ + + if (SHA1_Update(sha1, ms, mslen) <= 0) + return 0; + + /* Set padtmp to pad_1 value */ + memset(padtmp, 0x36, sizeof(padtmp)); + + if (!SHA1_Update(sha1, padtmp, sizeof(padtmp))) + return 0; + + if (!SHA1_Final(sha1tmp, sha1)) + return 0; + + /* Reinitialise context */ + + if (!SHA1_Init(sha1)) + return 0; + + if (SHA1_Update(sha1, ms, mslen) <= 0) + return 0; + + /* Set padtmp to pad_2 value */ + memset(padtmp, 0x5c, sizeof(padtmp)); + + if (!SHA1_Update(sha1, padtmp, sizeof(padtmp))) + return 0; + + if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp))) + return 0; + + /* Now when ctx is finalised it will return the SSL v3 hash value */ + OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp)); + + return 1; + } static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, SHA_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + EVP_MD_FLAG_DIGALGID_ABSENT, init, update, final, NULL, NULL, - EVP_PKEY_RSA_method, SHA_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA_CTX), + ctrl }; const EVP_MD *EVP_sha1(void) { return (&sha1_md); } -#endif -#ifndef OPENSSL_NO_SHA256 static int init224(EVP_MD_CTX *ctx) { - return SHA224_Init(ctx->md_data); + return SHA224_Init(EVP_MD_CTX_md_data(ctx)); } static int init256(EVP_MD_CTX *ctx) { - return SHA256_Init(ctx->md_data); + return SHA256_Init(EVP_MD_CTX_md_data(ctx)); } /* @@ -122,25 +127,24 @@ static int init256(EVP_MD_CTX *ctx) */ static int update256(EVP_MD_CTX *ctx, const void *data, size_t count) { - return SHA256_Update(ctx->md_data, data, count); + return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final256(EVP_MD_CTX *ctx, unsigned char *md) { - return SHA256_Final(md, ctx->md_data); + return SHA256_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD sha224_md = { NID_sha224, NID_sha224WithRSAEncryption, SHA224_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + EVP_MD_FLAG_DIGALGID_ABSENT, init224, update256, final256, NULL, NULL, - EVP_PKEY_RSA_method, SHA256_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA256_CTX), }; @@ -154,13 +158,12 @@ static const EVP_MD sha256_md = { NID_sha256, NID_sha256WithRSAEncryption, SHA256_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + EVP_MD_FLAG_DIGALGID_ABSENT, init256, update256, final256, NULL, NULL, - EVP_PKEY_RSA_method, SHA256_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA256_CTX), }; @@ -169,41 +172,38 @@ const EVP_MD *EVP_sha256(void) { return (&sha256_md); } -#endif /* ifndef OPENSSL_NO_SHA256 */ -#ifndef OPENSSL_NO_SHA512 static int init384(EVP_MD_CTX *ctx) { - return SHA384_Init(ctx->md_data); + return SHA384_Init(EVP_MD_CTX_md_data(ctx)); } static int init512(EVP_MD_CTX *ctx) { - return SHA512_Init(ctx->md_data); + return SHA512_Init(EVP_MD_CTX_md_data(ctx)); } /* See comment in SHA224/256 section */ static int update512(EVP_MD_CTX *ctx, const void *data, size_t count) { - return SHA512_Update(ctx->md_data, data, count); + return SHA512_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final512(EVP_MD_CTX *ctx, unsigned char *md) { - return SHA512_Final(md, ctx->md_data); + return SHA512_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD sha384_md = { NID_sha384, NID_sha384WithRSAEncryption, SHA384_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + EVP_MD_FLAG_DIGALGID_ABSENT, init384, update512, final512, NULL, NULL, - EVP_PKEY_RSA_method, SHA512_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA512_CTX), }; @@ -217,13 +217,12 @@ static const EVP_MD sha512_md = { NID_sha512, NID_sha512WithRSAEncryption, SHA512_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + EVP_MD_FLAG_DIGALGID_ABSENT, init512, update512, final512, NULL, NULL, - EVP_PKEY_RSA_method, SHA512_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA512_CTX), }; @@ -232,4 +231,3 @@ const EVP_MD *EVP_sha512(void) { return (&sha512_md); } -#endif /* ifndef OPENSSL_NO_SHA512 */ diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sigver.c b/Cryptlib/OpenSSL/crypto/evp/m_sigver.c index 4492d207..3b74f722 100644 --- a/Cryptlib/OpenSSL/crypto/evp/m_sigver.c +++ b/Cryptlib/OpenSSL/crypto/evp/m_sigver.c @@ -1,67 +1,18 @@ -/* m_sigver.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2006. - */ -/* ==================================================================== - * Copyright (c) 2006,2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> +#include "internal/evp_int.h" #include "evp_locl.h" static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, @@ -128,17 +79,20 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) { - int sctx, r = 0; + int sctx = 0, r = 0; EVP_PKEY_CTX *pctx = ctx->pctx; if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) { - EVP_PKEY_CTX *dctx; if (!sigret) return pctx->pmeth->signctx(pctx, sigret, siglen, ctx); - dctx = EVP_PKEY_CTX_dup(ctx->pctx); - if (!dctx) - return 0; - r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx); - EVP_PKEY_CTX_free(dctx); + if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) + r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx); + else { + EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_dup(ctx->pctx); + if (!dctx) + return 0; + r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx); + EVP_PKEY_CTX_free(dctx); + } return r; } if (pctx->pmeth->signctx) @@ -146,18 +100,24 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, else sctx = 0; if (sigret) { - EVP_MD_CTX tmp_ctx; unsigned char md[EVP_MAX_MD_SIZE]; - unsigned int mdlen; - EVP_MD_CTX_init(&tmp_ctx); - if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) - return 0; - if (sctx) - r = tmp_ctx.pctx->pmeth->signctx(tmp_ctx.pctx, - sigret, siglen, &tmp_ctx); - else - r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); - EVP_MD_CTX_cleanup(&tmp_ctx); + unsigned int mdlen = 0; + if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) { + if (sctx) + r = ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx); + else + r = EVP_DigestFinal_ex(ctx, md, &mdlen); + } else { + EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); + if (tmp_ctx == NULL || !EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) + return 0; + if (sctx) + r = tmp_ctx->pctx->pmeth->signctx(tmp_ctx->pctx, + sigret, siglen, tmp_ctx); + else + r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen); + EVP_MD_CTX_free(tmp_ctx); + } if (sctx || !r) return r; if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0) @@ -178,25 +138,31 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen) { - EVP_MD_CTX tmp_ctx; unsigned char md[EVP_MAX_MD_SIZE]; - int r; - unsigned int mdlen; - int vctx; + int r = 0; + unsigned int mdlen = 0; + int vctx = 0; if (ctx->pctx->pmeth->verifyctx) vctx = 1; else vctx = 0; - EVP_MD_CTX_init(&tmp_ctx); - if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) - return -1; - if (vctx) { - r = tmp_ctx.pctx->pmeth->verifyctx(tmp_ctx.pctx, - sig, siglen, &tmp_ctx); - } else - r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); - EVP_MD_CTX_cleanup(&tmp_ctx); + if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) { + if (vctx) { + r = ctx->pctx->pmeth->verifyctx(ctx->pctx, sig, siglen, ctx); + } else + r = EVP_DigestFinal_ex(ctx, md, &mdlen); + } else { + EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); + if (tmp_ctx == NULL || !EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) + return -1; + if (vctx) { + r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx, + sig, siglen, tmp_ctx); + } else + r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen); + EVP_MD_CTX_free(tmp_ctx); + } if (vctx || !r) return r; return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen); diff --git a/Cryptlib/OpenSSL/crypto/evp/m_wp.c b/Cryptlib/OpenSSL/crypto/evp/m_wp.c index a890939e..94fac226 100644 --- a/Cryptlib/OpenSSL/crypto/evp/m_wp.c +++ b/Cryptlib/OpenSSL/crypto/evp/m_wp.c @@ -1,7 +1,14 @@ -/* crypto/evp/m_wp.c */ +/* + * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_WHIRLPOOL @@ -9,21 +16,21 @@ # include <openssl/objects.h> # include <openssl/x509.h> # include <openssl/whrlpool.h> -# include "evp_locl.h" +# include "internal/evp_int.h" static int init(EVP_MD_CTX *ctx) { - return WHIRLPOOL_Init(ctx->md_data); + return WHIRLPOOL_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return WHIRLPOOL_Update(ctx->md_data, data, count); + return WHIRLPOOL_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return WHIRLPOOL_Final(md, ctx->md_data); + return WHIRLPOOL_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD whirlpool_md = { @@ -36,7 +43,6 @@ static const EVP_MD whirlpool_md = { final, NULL, NULL, - EVP_PKEY_NULL_method, WHIRLPOOL_BBLOCK / 8, sizeof(EVP_MD *) + sizeof(WHIRLPOOL_CTX), }; diff --git a/Cryptlib/OpenSSL/crypto/evp/names.c b/Cryptlib/OpenSSL/crypto/evp/names.c index ff115a31..a92be1fe 100644 --- a/Cryptlib/OpenSSL/crypto/evp/names.c +++ b/Cryptlib/OpenSSL/crypto/evp/names.c @@ -1,66 +1,18 @@ -/* crypto/evp/names.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/evp.h> -#include <openssl/objects.h> +#include <internal/objects.h> #include <openssl/x509.h> +#include "internal/evp_int.h" int EVP_add_cipher(const EVP_CIPHER *c) { @@ -69,13 +21,10 @@ int EVP_add_cipher(const EVP_CIPHER *c) if (c == NULL) return 0; - OPENSSL_init(); - r = OBJ_NAME_add(OBJ_nid2sn(c->nid), OBJ_NAME_TYPE_CIPHER_METH, (const char *)c); if (r == 0) return (0); - check_defer(c->nid); r = OBJ_NAME_add(OBJ_nid2ln(c->nid), OBJ_NAME_TYPE_CIPHER_METH, (const char *)c); return (r); @@ -85,13 +34,11 @@ int EVP_add_digest(const EVP_MD *md) { int r; const char *name; - OPENSSL_init(); name = OBJ_nid2sn(md->type); r = OBJ_NAME_add(name, OBJ_NAME_TYPE_MD_METH, (const char *)md); if (r == 0) return (0); - check_defer(md->type); r = OBJ_NAME_add(OBJ_nid2ln(md->type), OBJ_NAME_TYPE_MD_METH, (const char *)md); if (r == 0) @@ -102,7 +49,6 @@ int EVP_add_digest(const EVP_MD *md) OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name); if (r == 0) return (0); - check_defer(md->pkey_type); r = OBJ_NAME_add(OBJ_nid2ln(md->pkey_type), OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name); } @@ -113,6 +59,9 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) { const EVP_CIPHER *cp; + if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL)) + return NULL; + cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH); return (cp); } @@ -121,11 +70,14 @@ const EVP_MD *EVP_get_digestbyname(const char *name) { const EVP_MD *cp; + if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)) + return NULL; + cp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); return (cp); } -void EVP_cleanup(void) +void evp_cleanup_int(void) { OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH); OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH); @@ -137,10 +89,6 @@ void EVP_cleanup(void) OBJ_NAME_cleanup(-1); EVP_PBE_cleanup(); - if (obj_cleanup_defer == 2) { - obj_cleanup_defer = 0; - OBJ_cleanup(); - } OBJ_sigid_free(); } @@ -164,6 +112,10 @@ void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, void *arg) { struct doall_cipher dc; + + /* Ignore errors */ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL); + dc.fn = fn; dc.arg = arg; OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc); @@ -174,6 +126,10 @@ void EVP_CIPHER_do_all_sorted(void (*fn) (const EVP_CIPHER *ciph, void *x), void *arg) { struct doall_cipher dc; + + /* Ignore errors */ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL); + dc.fn = fn; dc.arg = arg; OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc); @@ -199,6 +155,10 @@ void EVP_MD_do_all(void (*fn) (const EVP_MD *md, void *arg) { struct doall_md dc; + + /* Ignore errors */ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); + dc.fn = fn; dc.arg = arg; OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc); @@ -209,6 +169,9 @@ void EVP_MD_do_all_sorted(void (*fn) (const EVP_MD *md, void *x), void *arg) { struct doall_md dc; + + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); + dc.fn = fn; dc.arg = arg; OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc); diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c index d06ab90a..7e55d0bf 100644 --- a/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c +++ b/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c @@ -1,65 +1,15 @@ -/* p5_crpt.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> #include <stdlib.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/x509.h> #include <openssl/evp.h> @@ -75,17 +25,15 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx; unsigned char md_tmp[EVP_MAX_MD_SIZE]; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; int i; PBEPARAM *pbe; int saltlen, iter; unsigned char *salt; - const unsigned char *pbuf; int mdsize; int rv = 0; - EVP_MD_CTX_init(&ctx); /* Extract useful info from parameter */ if (param == NULL || param->type != V_ASN1_SEQUENCE || @@ -94,8 +42,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, return 0; } - pbuf = param->value.sequence->data; - if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { + pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), param); + if (pbe == NULL) { EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); return 0; } @@ -112,24 +60,30 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, else if (passlen == -1) passlen = strlen(pass); - if (!EVP_DigestInit_ex(&ctx, md, NULL)) + ctx = EVP_MD_CTX_new(); + if (ctx == NULL) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!EVP_DigestInit_ex(ctx, md, NULL)) goto err; - if (!EVP_DigestUpdate(&ctx, pass, passlen)) + if (!EVP_DigestUpdate(ctx, pass, passlen)) goto err; - if (!EVP_DigestUpdate(&ctx, salt, saltlen)) + if (!EVP_DigestUpdate(ctx, salt, saltlen)) goto err; PBEPARAM_free(pbe); - if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) + if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) goto err; mdsize = EVP_MD_size(md); if (mdsize < 0) return 0; for (i = 1; i < iter; i++) { - if (!EVP_DigestInit_ex(&ctx, md, NULL)) + if (!EVP_DigestInit_ex(ctx, md, NULL)) goto err; - if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize)) + if (!EVP_DigestUpdate(ctx, md_tmp, mdsize)) goto err; - if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) + if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) goto err; } OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); @@ -144,6 +98,6 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); rv = 1; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_free(ctx); return rv; } diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c index f2ae1e57..2e45aa3b 100644 --- a/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c +++ b/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c @@ -1,74 +1,24 @@ -/* p5_crpt2.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ + #include <stdio.h> #include <stdlib.h> -#include "cryptlib.h" -#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) +#include "internal/cryptlib.h" # include <openssl/x509.h> # include <openssl/evp.h> # include <openssl/hmac.h> # include "evp_locl.h" /* set this to print out info about the keygen algorithm */ -/* #define DEBUG_PKCS5V2 */ +/* #define OPENSSL_DEBUG_PKCS5V2 */ -# ifdef DEBUG_PKCS5V2 +# ifdef OPENSSL_DEBUG_PKCS5V2 static void h__dump(const unsigned char *p, int len); # endif @@ -86,21 +36,28 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; int cplen, j, k, tkeylen, mdlen; unsigned long i = 1; - HMAC_CTX hctx_tpl, hctx; + HMAC_CTX *hctx_tpl = NULL, *hctx = NULL; mdlen = EVP_MD_size(digest); if (mdlen < 0) return 0; - HMAC_CTX_init(&hctx_tpl); + hctx_tpl = HMAC_CTX_new(); + if (hctx_tpl == NULL) + return 0; p = out; tkeylen = keylen; if (!pass) passlen = 0; else if (passlen == -1) passlen = strlen(pass); - if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) { - HMAC_CTX_cleanup(&hctx_tpl); + if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL)) { + HMAC_CTX_free(hctx_tpl); + return 0; + } + hctx = HMAC_CTX_new(); + if (hctx == NULL) { + HMAC_CTX_free(hctx_tpl); return 0; } while (tkeylen) { @@ -116,31 +73,33 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, itmp[1] = (unsigned char)((i >> 16) & 0xff); itmp[2] = (unsigned char)((i >> 8) & 0xff); itmp[3] = (unsigned char)(i & 0xff); - if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { - HMAC_CTX_cleanup(&hctx_tpl); + if (!HMAC_CTX_copy(hctx, hctx_tpl)) { + HMAC_CTX_free(hctx); + HMAC_CTX_free(hctx_tpl); return 0; } - if (!HMAC_Update(&hctx, salt, saltlen) - || !HMAC_Update(&hctx, itmp, 4) - || !HMAC_Final(&hctx, digtmp, NULL)) { - HMAC_CTX_cleanup(&hctx_tpl); - HMAC_CTX_cleanup(&hctx); + if (!HMAC_Update(hctx, salt, saltlen) + || !HMAC_Update(hctx, itmp, 4) + || !HMAC_Final(hctx, digtmp, NULL)) { + HMAC_CTX_free(hctx); + HMAC_CTX_free(hctx_tpl); return 0; } - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_reset(hctx); memcpy(p, digtmp, cplen); for (j = 1; j < iter; j++) { - if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { - HMAC_CTX_cleanup(&hctx_tpl); + if (!HMAC_CTX_copy(hctx, hctx_tpl)) { + HMAC_CTX_free(hctx); + HMAC_CTX_free(hctx_tpl); return 0; } - if (!HMAC_Update(&hctx, digtmp, mdlen) - || !HMAC_Final(&hctx, digtmp, NULL)) { - HMAC_CTX_cleanup(&hctx_tpl); - HMAC_CTX_cleanup(&hctx); + if (!HMAC_Update(hctx, digtmp, mdlen) + || !HMAC_Final(hctx, digtmp, NULL)) { + HMAC_CTX_free(hctx); + HMAC_CTX_free(hctx_tpl); return 0; } - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_reset(hctx); for (k = 0; k < cplen; k++) p[k] ^= digtmp[k]; } @@ -148,8 +107,9 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, i++; p += cplen; } - HMAC_CTX_cleanup(&hctx_tpl); -# ifdef DEBUG_PKCS5V2 + HMAC_CTX_free(hctx); + HMAC_CTX_free(hctx_tpl); +# ifdef OPENSSL_DEBUG_PKCS5V2 fprintf(stderr, "Password:\n"); h__dump(pass, passlen); fprintf(stderr, "Salt:\n"); @@ -191,29 +151,21 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) { - const unsigned char *pbuf; - int plen; PBE2PARAM *pbe2 = NULL; const EVP_CIPHER *cipher; + EVP_PBE_KEYGEN *kdf; int rv = 0; - if (param == NULL || param->type != V_ASN1_SEQUENCE || - param->value.sequence == NULL) { - EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); - goto err; - } - - pbuf = param->value.sequence->data; - plen = param->value.sequence->length; - if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { + pbe2 = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBE2PARAM), param); + if (pbe2 == NULL) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); goto err; } /* See if we recognise the key derivation function */ - - if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) { + if (!EVP_PBE_find(EVP_PBE_TYPE_KDF, OBJ_obj2nid(pbe2->keyfunc->algorithm), + NULL, NULL, &kdf)) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); goto err; @@ -237,8 +189,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_CIPHER_PARAMETER_ERROR); goto err; } - rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen, - pbe2->keyfunc->parameter, c, md, en_de); + rv = kdf(ctx, pass, passlen, pbe2->keyfunc->parameter, NULL, NULL, en_de); err: PBE2PARAM_free(pbe2); return rv; @@ -249,8 +200,7 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, const EVP_CIPHER *c, const EVP_MD *md, int en_de) { unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; - const unsigned char *pbuf; - int saltlen, iter, plen; + int saltlen, iter; int rv = 0; unsigned int keylen = 0; int prf_nid, hmac_md_nid; @@ -266,15 +216,9 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, /* Decode parameter */ - if (!param || (param->type != V_ASN1_SEQUENCE)) { - EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); - goto err; - } - - pbuf = param->value.sequence->data; - plen = param->value.sequence->length; + kdf = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), param); - if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen))) { + if (kdf == NULL) { EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); goto err; } @@ -323,7 +267,7 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, return rv; } -# ifdef DEBUG_PKCS5V2 +# ifdef OPENSSL_DEBUG_PKCS5V2 static void h__dump(const unsigned char *p, int len) { for (; len--; p++) @@ -331,4 +275,3 @@ static void h__dump(const unsigned char *p, int len) fprintf(stderr, "\n"); } # endif -#endif diff --git a/Cryptlib/OpenSSL/crypto/evp/p_dec.c b/Cryptlib/OpenSSL/crypto/evp/p_dec.c index 225b8b45..6bec4062 100644 --- a/Cryptlib/OpenSSL/crypto/evp/p_dec.c +++ b/Cryptlib/OpenSSL/crypto/evp/p_dec.c @@ -1,67 +1,15 @@ -/* crypto/evp/p_dec.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" -#include <openssl/rand.h> -#ifndef OPENSSL_NO_RSA -# include <openssl/rsa.h> -#endif +#include "internal/cryptlib.h" +#include <openssl/rsa.h> #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> @@ -72,7 +20,7 @@ int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, int ret = -1; #ifndef OPENSSL_NO_RSA - if (priv->type != EVP_PKEY_RSA) { + if (EVP_PKEY_id(priv) != EVP_PKEY_RSA) { #endif EVPerr(EVP_F_EVP_PKEY_DECRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA); #ifndef OPENSSL_NO_RSA @@ -80,7 +28,8 @@ int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, } ret = - RSA_private_decrypt(ekl, ek, key, priv->pkey.rsa, RSA_PKCS1_PADDING); + RSA_private_decrypt(ekl, ek, key, EVP_PKEY_get0_RSA(priv), + RSA_PKCS1_PADDING); err: #endif return (ret); diff --git a/Cryptlib/OpenSSL/crypto/evp/p_enc.c b/Cryptlib/OpenSSL/crypto/evp/p_enc.c index f565f33f..3277fbb0 100644 --- a/Cryptlib/OpenSSL/crypto/evp/p_enc.c +++ b/Cryptlib/OpenSSL/crypto/evp/p_enc.c @@ -1,67 +1,15 @@ -/* crypto/evp/p_enc.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" -#include <openssl/rand.h> -#ifndef OPENSSL_NO_RSA -# include <openssl/rsa.h> -#endif +#include "internal/cryptlib.h" +#include <openssl/rsa.h> #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> @@ -72,14 +20,14 @@ int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, int ret = 0; #ifndef OPENSSL_NO_RSA - if (pubk->type != EVP_PKEY_RSA) { + if (EVP_PKEY_id(pubk) != EVP_PKEY_RSA) { #endif EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA); #ifndef OPENSSL_NO_RSA goto err; } ret = - RSA_public_encrypt(key_len, key, ek, pubk->pkey.rsa, + RSA_public_encrypt(key_len, key, ek, EVP_PKEY_get0_RSA(pubk), RSA_PKCS1_PADDING); err: #endif diff --git a/Cryptlib/OpenSSL/crypto/evp/p_lib.c b/Cryptlib/OpenSSL/crypto/evp/p_lib.c index 545d04fd..98286205 100644 --- a/Cryptlib/OpenSSL/crypto/evp/p_lib.c +++ b/Cryptlib/OpenSSL/crypto/evp/p_lib.c @@ -1,94 +1,45 @@ -/* crypto/evp/p_lib.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/bn.h> #include <openssl/err.h> #include <openssl/objects.h> #include <openssl/evp.h> -#include <openssl/asn1_mac.h> #include <openssl/x509.h> -#ifndef OPENSSL_NO_RSA -# include <openssl/rsa.h> -#endif -#ifndef OPENSSL_NO_DSA -# include <openssl/dsa.h> -#endif -#ifndef OPENSSL_NO_DH -# include <openssl/dh.h> -#endif +#include <openssl/rsa.h> +#include <openssl/dsa.h> +#include <openssl/dh.h> +#include <openssl/engine.h> -#ifndef OPENSSL_NO_ENGINE -# include <openssl/engine.h> -#endif - -#include "asn1_locl.h" +#include "internal/asn1_int.h" +#include "internal/evp_int.h" static void EVP_PKEY_free_it(EVP_PKEY *x); -int EVP_PKEY_bits(EVP_PKEY *pkey) +int EVP_PKEY_bits(const EVP_PKEY *pkey) { if (pkey && pkey->ameth && pkey->ameth->pkey_bits) return pkey->ameth->pkey_bits(pkey); return 0; } +int EVP_PKEY_security_bits(const EVP_PKEY *pkey) +{ + if (pkey == NULL) + return 0; + if (!pkey->ameth || !pkey->ameth->pkey_security_bits) + return -2; + return pkey->ameth->pkey_security_bits(pkey); +} + int EVP_PKEY_size(EVP_PKEY *pkey) { if (pkey && pkey->ameth && pkey->ameth->pkey_size) @@ -121,7 +72,10 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) { - if (to->type != from->type) { + if (to->type == EVP_PKEY_NONE) { + if (EVP_PKEY_set_type(to, from->type) == 0) + return 0; + } else if (to->type != from->type) { EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_KEY_TYPES); goto err; } @@ -183,22 +137,35 @@ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) EVP_PKEY *EVP_PKEY_new(void) { - EVP_PKEY *ret; + EVP_PKEY *ret = OPENSSL_zalloc(sizeof(*ret)); - ret = (EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY)); if (ret == NULL) { EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } ret->type = EVP_PKEY_NONE; ret->save_type = EVP_PKEY_NONE; ret->references = 1; - ret->ameth = NULL; - ret->engine = NULL; - ret->pkey.ptr = NULL; - ret->attributes = NULL; ret->save_parameters = 1; - return (ret); + ret->lock = CRYPTO_THREAD_lock_new(); + if (ret->lock == NULL) { + EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE); + OPENSSL_free(ret); + return NULL; + } + return ret; +} + +int EVP_PKEY_up_ref(EVP_PKEY *pkey) +{ + int i; + + if (CRYPTO_atomic_add(&pkey->references, 1, &i, pkey->lock) <= 0) + return 0; + + REF_PRINT_COUNT("EVP_PKEY", pkey); + REF_ASSERT_ISNT(i < 2); + return ((i > 1) ? 1 : 0); } /* @@ -221,10 +188,8 @@ static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len) return 1; #ifndef OPENSSL_NO_ENGINE /* If we have an ENGINE release it */ - if (pkey->engine) { - ENGINE_finish(pkey->engine); - pkey->engine = NULL; - } + ENGINE_finish(pkey->engine); + pkey->engine = NULL; #endif } if (str) @@ -232,10 +197,10 @@ static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len) else ameth = EVP_PKEY_asn1_find(&e, type); #ifndef OPENSSL_NO_ENGINE - if (!pkey && e) + if (pkey == NULL) ENGINE_finish(e); #endif - if (!ameth) { + if (ameth == NULL) { EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM); return 0; } @@ -267,11 +232,23 @@ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) return (key != NULL); } -void *EVP_PKEY_get0(EVP_PKEY *pkey) +void *EVP_PKEY_get0(const EVP_PKEY *pkey) { return pkey->pkey.ptr; } +const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len) +{ + ASN1_OCTET_STRING *os = NULL; + if (pkey->type != EVP_PKEY_HMAC) { + EVPerr(EVP_F_EVP_PKEY_GET0_HMAC, EVP_R_EXPECTING_AN_HMAC_KEY); + return NULL; + } + os = EVP_PKEY_get0(pkey); + *len = os->length; + return os->data; +} + #ifndef OPENSSL_NO_RSA int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) { @@ -281,15 +258,22 @@ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) return ret; } -RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) +RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) { if (pkey->type != EVP_PKEY_RSA) { - EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY); + EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY); return NULL; } - RSA_up_ref(pkey->pkey.rsa); return pkey->pkey.rsa; } + +RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) +{ + RSA *ret = EVP_PKEY_get0_RSA(pkey); + if (ret != NULL) + RSA_up_ref(ret); + return ret; +} #endif #ifndef OPENSSL_NO_DSA @@ -301,15 +285,22 @@ int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key) return ret; } -DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) +DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey) { if (pkey->type != EVP_PKEY_DSA) { - EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY); + EVPerr(EVP_F_EVP_PKEY_GET0_DSA, EVP_R_EXPECTING_A_DSA_KEY); return NULL; } - DSA_up_ref(pkey->pkey.dsa); return pkey->pkey.dsa; } + +DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) +{ + DSA *ret = EVP_PKEY_get0_DSA(pkey); + if (ret != NULL) + DSA_up_ref(ret); + return ret; +} #endif #ifndef OPENSSL_NO_EC @@ -322,15 +313,22 @@ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) return ret; } -EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) +EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) { if (pkey->type != EVP_PKEY_EC) { - EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); + EVPerr(EVP_F_EVP_PKEY_GET0_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); return NULL; } - EC_KEY_up_ref(pkey->pkey.ec); return pkey->pkey.ec; } + +EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) +{ + EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey); + if (ret != NULL) + EC_KEY_up_ref(ret); + return ret; +} #endif #ifndef OPENSSL_NO_DH @@ -343,15 +341,22 @@ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) return ret; } -DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) +DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey) { if (pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) { - EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY); + EVPerr(EVP_F_EVP_PKEY_GET0_DH, EVP_R_EXPECTING_A_DH_KEY); return NULL; } - DH_up_ref(pkey->pkey.dh); return pkey->pkey.dh; } + +DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) +{ + DH *ret = EVP_PKEY_get0_DH(pkey); + if (ret != NULL) + DH_up_ref(ret); + return ret; +} #endif int EVP_PKEY_type(int type) @@ -365,8 +370,7 @@ int EVP_PKEY_type(int type) else ret = NID_undef; #ifndef OPENSSL_NO_ENGINE - if (e) - ENGINE_finish(e); + ENGINE_finish(e); #endif return ret; } @@ -388,35 +392,27 @@ void EVP_PKEY_free(EVP_PKEY *x) if (x == NULL) return; - i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_EVP_PKEY); -#ifdef REF_PRINT - REF_PRINT("EVP_PKEY", x); -#endif + CRYPTO_atomic_add(&x->references, -1, &i, x->lock); + REF_PRINT_COUNT("EVP_PKEY", x); if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) { - fprintf(stderr, "EVP_PKEY_free, bad reference count\n"); - abort(); - } -#endif + REF_ASSERT_ISNT(i < 0); EVP_PKEY_free_it(x); - if (x->attributes) - sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); + CRYPTO_THREAD_lock_free(x->lock); + sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); OPENSSL_free(x); } static void EVP_PKEY_free_it(EVP_PKEY *x) { + /* internal function; x is never NULL */ if (x->ameth && x->ameth->pkey_free) { x->ameth->pkey_free(x); x->pkey.ptr = NULL; } #ifndef OPENSSL_NO_ENGINE - if (x->engine) { - ENGINE_finish(x->engine); - x->engine = NULL; - } + ENGINE_finish(x->engine); + x->engine = NULL; #endif } @@ -455,10 +451,34 @@ int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, return unsup_alg(out, pkey, indent, "Parameters"); } -int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid) +static int evp_pkey_asn1_ctrl(EVP_PKEY *pkey, int op, int arg1, void *arg2) { - if (!pkey->ameth || !pkey->ameth->pkey_ctrl) + if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL) return -2; - return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, - 0, pnid); + return pkey->ameth->pkey_ctrl(pkey, op, arg1, arg2); +} + +int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid) +{ + return evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, 0, pnid); +} + +int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, + const unsigned char *pt, size_t ptlen) +{ + if (ptlen > INT_MAX) + return 0; + if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, ptlen, + (void *)pt) <= 0) + return 0; + return 1; +} + +size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt) +{ + int rv; + rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_GET1_TLS_ENCPT, 0, ppt); + if (rv <= 0) + return 0; + return rv; } diff --git a/Cryptlib/OpenSSL/crypto/evp/p_open.c b/Cryptlib/OpenSSL/crypto/evp/p_open.c index 229eb641..b65bc74e 100644 --- a/Cryptlib/OpenSSL/crypto/evp/p_open.c +++ b/Cryptlib/OpenSSL/crypto/evp/p_open.c @@ -1,66 +1,18 @@ -/* crypto/evp/p_open.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include <stdio.h> -#include "cryptlib.h" - -#ifndef OPENSSL_NO_RSA +#include "internal/cryptlib.h" +#ifdef OPENSSL_NO_RSA +NON_EMPTY_TRANSLATION_UNIT +#else +# include <stdio.h> # include <openssl/evp.h> # include <openssl/objects.h> # include <openssl/x509.h> @@ -74,7 +26,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, int i, size = 0, ret = 0; if (type) { - EVP_CIPHER_CTX_init(ctx); + EVP_CIPHER_CTX_reset(ctx); if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL)) return 0; } @@ -82,13 +34,13 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, if (!priv) return 1; - if (priv->type != EVP_PKEY_RSA) { + if (EVP_PKEY_id(priv) != EVP_PKEY_RSA) { EVPerr(EVP_F_EVP_OPENINIT, EVP_R_PUBLIC_KEY_NOT_RSA); goto err; } - size = RSA_size(priv->pkey.rsa); - key = (unsigned char *)OPENSSL_malloc(size + 2); + size = EVP_PKEY_size(priv); + key = OPENSSL_malloc(size + 2); if (key == NULL) { /* ERROR */ EVPerr(EVP_F_EVP_OPENINIT, ERR_R_MALLOC_FAILURE); @@ -105,9 +57,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ret = 1; err: - if (key != NULL) - OPENSSL_cleanse(key, size); - OPENSSL_free(key); + OPENSSL_clear_free(key, size); return (ret); } @@ -120,10 +70,4 @@ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL); return (i); } -#else /* !OPENSSL_NO_RSA */ - -# ifdef PEDANTIC -static void *dummy = &dummy; -# endif - #endif diff --git a/Cryptlib/OpenSSL/crypto/evp/p_seal.c b/Cryptlib/OpenSSL/crypto/evp/p_seal.c index ba9dfff2..faa24648 100644 --- a/Cryptlib/OpenSSL/crypto/evp/p_seal.c +++ b/Cryptlib/OpenSSL/crypto/evp/p_seal.c @@ -1,67 +1,16 @@ -/* crypto/evp/p_seal.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/rand.h> -#ifndef OPENSSL_NO_RSA -# include <openssl/rsa.h> -#endif +#include <openssl/rsa.h> #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> @@ -74,7 +23,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, int i; if (type) { - EVP_CIPHER_CTX_init(ctx); + EVP_CIPHER_CTX_reset(ctx); if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL)) return 0; } diff --git a/Cryptlib/OpenSSL/crypto/evp/p_sign.c b/Cryptlib/OpenSSL/crypto/evp/p_sign.c index 1b9ba060..6cb442e4 100644 --- a/Cryptlib/OpenSSL/crypto/evp/p_sign.c +++ b/Cryptlib/OpenSSL/crypto/evp/p_sign.c @@ -1,133 +1,61 @@ -/* crypto/evp/p_sign.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> - -#ifdef undef -void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) -{ - EVP_DigestInit_ex(ctx, type); -} - -void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, unsigned int count) -{ - EVP_DigestUpdate(ctx, data, count); -} -#endif +#include "internal/evp_int.h" int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey) { unsigned char m[EVP_MAX_MD_SIZE]; - unsigned int m_len; - int i = 0, ok = 0, v; - EVP_MD_CTX tmp_ctx; + unsigned int m_len = 0; + int i = 0; + size_t sltmp; EVP_PKEY_CTX *pkctx = NULL; *siglen = 0; - EVP_MD_CTX_init(&tmp_ctx); - if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) - goto err; - if (!EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len)) - goto err; - EVP_MD_CTX_cleanup(&tmp_ctx); - - if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { - size_t sltmp = (size_t)EVP_PKEY_size(pkey); - i = 0; - pkctx = EVP_PKEY_CTX_new(pkey, NULL); - if (!pkctx) + if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) { + if (!EVP_DigestFinal_ex(ctx, m, &m_len)) goto err; - if (EVP_PKEY_sign_init(pkctx) <= 0) - goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) - goto err; - if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) - goto err; - *siglen = sltmp; - i = 1; - err: - EVP_PKEY_CTX_free(pkctx); - return i; - } - - for (i = 0; i < 4; i++) { - v = ctx->digest->required_pkey_type[i]; - if (v == 0) - break; - if (pkey->type == v) { - ok = 1; - break; + } else { + int rv = 0; + EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); + if (tmp_ctx == NULL) { + EVPerr(EVP_F_EVP_SIGNFINAL, ERR_R_MALLOC_FAILURE); + return 0; } - } - if (!ok) { - EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE); - return (0); + rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx); + if (rv) + rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len); + EVP_MD_CTX_free(tmp_ctx); + if (!rv) + return 0; } - if (ctx->digest->sign == NULL) { - EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_NO_SIGN_FUNCTION_CONFIGURED); - return (0); - } - return (ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen, - pkey->pkey.ptr)); + sltmp = (size_t)EVP_PKEY_size(pkey); + i = 0; + pkctx = EVP_PKEY_CTX_new(pkey, NULL); + if (pkctx == NULL) + goto err; + if (EVP_PKEY_sign_init(pkctx) <= 0) + goto err; + if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0) + goto err; + if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) + goto err; + *siglen = sltmp; + i = 1; + err: + EVP_PKEY_CTX_free(pkctx); + return i; } diff --git a/Cryptlib/OpenSSL/crypto/evp/p_verify.c b/Cryptlib/OpenSSL/crypto/evp/p_verify.c index 65e1e216..6e8c565d 100644 --- a/Cryptlib/OpenSSL/crypto/evp/p_verify.c +++ b/Cryptlib/OpenSSL/crypto/evp/p_verify.c @@ -1,116 +1,55 @@ -/* crypto/evp/p_verify.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> +#include "internal/evp_int.h" int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey) { unsigned char m[EVP_MAX_MD_SIZE]; - unsigned int m_len; - int i = 0, ok = 0, v; - EVP_MD_CTX tmp_ctx; + unsigned int m_len = 0; + int i = 0; EVP_PKEY_CTX *pkctx = NULL; - EVP_MD_CTX_init(&tmp_ctx); - if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) - goto err; - if (!EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len)) - goto err; - EVP_MD_CTX_cleanup(&tmp_ctx); - - if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { - i = -1; - pkctx = EVP_PKEY_CTX_new(pkey, NULL); - if (!pkctx) - goto err; - if (EVP_PKEY_verify_init(pkctx) <= 0) - goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) { + if (!EVP_DigestFinal_ex(ctx, m, &m_len)) goto err; - i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); - err: - EVP_PKEY_CTX_free(pkctx); - return i; - } - - for (i = 0; i < 4; i++) { - v = ctx->digest->required_pkey_type[i]; - if (v == 0) - break; - if (pkey->type == v) { - ok = 1; - break; + } else { + int rv = 0; + EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); + if (tmp_ctx == NULL) { + EVPerr(EVP_F_EVP_VERIFYFINAL, ERR_R_MALLOC_FAILURE); + return 0; } - } - if (!ok) { - EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE); - return (-1); - } - if (ctx->digest->verify == NULL) { - EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); - return (0); + rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx); + if (rv) + rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len); + EVP_MD_CTX_free(tmp_ctx); + if (!rv) + return 0; } - return (ctx->digest->verify(ctx->digest->type, m, m_len, - sigbuf, siglen, pkey->pkey.ptr)); + i = -1; + pkctx = EVP_PKEY_CTX_new(pkey, NULL); + if (pkctx == NULL) + goto err; + if (EVP_PKEY_verify_init(pkctx) <= 0) + goto err; + if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0) + goto err; + i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); + err: + EVP_PKEY_CTX_free(pkctx); + return i; } diff --git a/Cryptlib/OpenSSL/crypto/evp/pmeth_fn.c b/Cryptlib/OpenSSL/crypto/evp/pmeth_fn.c index 727869e3..eb638019 100644 --- a/Cryptlib/OpenSSL/crypto/evp/pmeth_fn.c +++ b/Cryptlib/OpenSSL/crypto/evp/pmeth_fn.c @@ -1,68 +1,18 @@ -/* pmeth_fn.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2006. - */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> #include <stdlib.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/objects.h> #include <openssl/evp.h> -#include "evp_locl.h" +#include "internal/evp_int.h" #define M_check_autoarg(ctx, arg, arglen, err) \ if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \ @@ -317,8 +267,7 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) return -1; } - if (ctx->peerkey) - EVP_PKEY_free(ctx->peerkey); + EVP_PKEY_free(ctx->peerkey); ctx->peerkey = peer; ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer); @@ -328,7 +277,7 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) return ret; } - CRYPTO_add(&peer->references, 1, CRYPTO_LOCK_EVP_PKEY); + EVP_PKEY_up_ref(peer); return 1; } diff --git a/Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c b/Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c index 6a4d3573..6adc3a9c 100644 --- a/Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c +++ b/Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c @@ -1,69 +1,19 @@ -/* pmeth_gn.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2006. - */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> #include <stdlib.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/objects.h> #include <openssl/evp.h> -#include <openssl/bn.h> -#include "evp_locl.h" +#include "internal/bn_int.h" +#include "internal/evp_int.h" int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx) { @@ -146,7 +96,7 @@ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) return -1; } - if (!ppkey) + if (ppkey == NULL) return -1; if (*ppkey == NULL) @@ -179,7 +129,7 @@ EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx) static int trans_cb(int a, int b, BN_GENCB *gcb) { - EVP_PKEY_CTX *ctx = gcb->arg; + EVP_PKEY_CTX *ctx = BN_GENCB_get_arg(gcb); ctx->keygen_info[0] = a; ctx->keygen_info[1] = b; return ctx->pkey_gencb(ctx); @@ -187,7 +137,7 @@ static int trans_cb(int a, int b, BN_GENCB *gcb) void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx) { - BN_GENCB_set(cb, trans_cb, ctx) + BN_GENCB_set(cb, trans_cb, ctx); } int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx) @@ -209,14 +159,11 @@ EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, return NULL; if (EVP_PKEY_keygen_init(mac_ctx) <= 0) goto merr; - if (EVP_PKEY_CTX_ctrl(mac_ctx, -1, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_SET_MAC_KEY, - keylen, (void *)key) <= 0) + if (EVP_PKEY_CTX_set_mac_key(mac_ctx, key, keylen) <= 0) goto merr; if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0) goto merr; merr: - if (mac_ctx) - EVP_PKEY_CTX_free(mac_ctx); + EVP_PKEY_CTX_free(mac_ctx); return mac_key; } diff --git a/Cryptlib/OpenSSL/crypto/evp/pmeth_lib.c b/Cryptlib/OpenSSL/crypto/evp/pmeth_lib.c index d0668629..b7f06be5 100644 --- a/Cryptlib/OpenSSL/crypto/evp/pmeth_lib.c +++ b/Cryptlib/OpenSSL/crypto/evp/pmeth_lib.c @@ -1,81 +1,25 @@ -/* pmeth_lib.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2006. - */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> #include <stdlib.h> -#include "cryptlib.h" -#include <openssl/objects.h> +#include "internal/cryptlib.h" +#include <openssl/engine.h> #include <openssl/evp.h> -#ifndef OPENSSL_NO_ENGINE -# include <openssl/engine.h> -#endif -#include "asn1_locl.h" -#include "evp_locl.h" +#include <openssl/x509v3.h> +#include "internal/asn1_int.h" +#include "internal/evp_int.h" +#include "internal/numbers.h" typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); -DECLARE_STACK_OF(EVP_PKEY_METHOD) -STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; - -extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth; -extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth; -extern const EVP_PKEY_METHOD dhx_pkey_meth; +static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; static const EVP_PKEY_METHOD *standard_methods[] = { #ifndef OPENSSL_NO_RSA @@ -95,8 +39,13 @@ static const EVP_PKEY_METHOD *standard_methods[] = { &cmac_pkey_meth, #endif #ifndef OPENSSL_NO_DH - &dhx_pkey_meth + &dhx_pkey_meth, #endif + &tls1_prf_pkey_meth, +#ifndef OPENSSL_NO_EC + &ecx25519_pkey_meth, +#endif + &hkdf_pkey_meth }; DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *, @@ -152,7 +101,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) e = ENGINE_get_pkey_meth_engine(id); /* - * If an ENGINE handled this method look it up. Othewise use internal + * If an ENGINE handled this method look it up. Otherwise use internal * tables. */ @@ -167,11 +116,10 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) return NULL; } - ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); - if (!ret) { + ret = OPENSSL_zalloc(sizeof(*ret)); + if (ret == NULL) { #ifndef OPENSSL_NO_ENGINE - if (e) - ENGINE_finish(e); + ENGINE_finish(e); #endif EVPerr(EVP_F_INT_CTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; @@ -180,14 +128,12 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) ret->pmeth = pmeth; ret->operation = EVP_PKEY_OP_UNDEFINED; ret->pkey = pkey; - ret->peerkey = NULL; - ret->pkey_gencb = 0; if (pkey) - CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); - ret->data = NULL; + EVP_PKEY_up_ref(pkey); if (pmeth->init) { if (pmeth->init(ret) <= 0) { + ret->pmeth = NULL; EVP_PKEY_CTX_free(ret); return NULL; } @@ -200,12 +146,10 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) { EVP_PKEY_METHOD *pmeth; - pmeth = OPENSSL_malloc(sizeof(EVP_PKEY_METHOD)); - if (!pmeth) + pmeth = OPENSSL_zalloc(sizeof(*pmeth)); + if (pmeth == NULL) return NULL; - memset(pmeth, 0, sizeof(EVP_PKEY_METHOD)); - pmeth->pkey_id = id; pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; return pmeth; @@ -289,8 +233,8 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) return 0; } #endif - rctx = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); - if (!rctx) + rctx = OPENSSL_malloc(sizeof(*rctx)); + if (rctx == NULL) return NULL; rctx->pmeth = pctx->pmeth; @@ -299,12 +243,12 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) #endif if (pctx->pkey) - CRYPTO_add(&pctx->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + EVP_PKEY_up_ref(pctx->pkey); rctx->pkey = pctx->pkey; if (pctx->peerkey) - CRYPTO_add(&pctx->peerkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + EVP_PKEY_up_ref(pctx->peerkey); rctx->peerkey = pctx->peerkey; @@ -315,6 +259,7 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) if (pctx->pmeth->copy(rctx, pctx) > 0) return rctx; + rctx->pmeth = NULL; EVP_PKEY_CTX_free(rctx); return NULL; @@ -324,7 +269,7 @@ int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth) { if (app_pkey_methods == NULL) { app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp); - if (!app_pkey_methods) + if (app_pkey_methods == NULL) return 0; } if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) @@ -339,17 +284,10 @@ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) return; if (ctx->pmeth && ctx->pmeth->cleanup) ctx->pmeth->cleanup(ctx); - if (ctx->pkey) - EVP_PKEY_free(ctx->pkey); - if (ctx->peerkey) - EVP_PKEY_free(ctx->peerkey); + EVP_PKEY_free(ctx->pkey); + EVP_PKEY_free(ctx->peerkey); #ifndef OPENSSL_NO_ENGINE - if (ctx->engine) - /* - * The EVP_PKEY_CTX we used belongs to an ENGINE, release the - * functional reference we held for this reason. - */ - ENGINE_finish(ctx->engine); + ENGINE_finish(ctx->engine); #endif OPENSSL_free(ctx); } @@ -391,9 +329,9 @@ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED); return -2; } - if (!strcmp(name, "digest")) { + if (strcmp(name, "digest") == 0) { const EVP_MD *md; - if (!value || !(md = EVP_get_digestbyname(value))) { + if (value == NULL || (md = EVP_get_digestbyname(value)) == NULL) { EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_INVALID_DIGEST); return 0; } @@ -402,6 +340,33 @@ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, return ctx->pmeth->ctrl_str(ctx, name, value); } +/* Utility functions to send a string of hex string to a ctrl */ + +int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str) +{ + size_t len; + + len = strlen(str); + if (len > INT_MAX) + return -1; + return ctx->pmeth->ctrl(ctx, cmd, len, (void *)str); +} + +int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex) +{ + unsigned char *bin; + long binlen; + int rv = -1; + + bin = OPENSSL_hexstr2buf(hex, &binlen); + if (bin == NULL) + return 0; + if (binlen <= INT_MAX) + rv = ctx->pmeth->ctrl(ctx, cmd, binlen, bin); + OPENSSL_free(bin); + return rv; +} + int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx) { return ctx->operation; @@ -587,3 +552,170 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, pmeth->ctrl = ctrl; pmeth->ctrl_str = ctrl_str; } + +void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, + int (**pinit) (EVP_PKEY_CTX *ctx)) +{ + *pinit = pmeth->init; +} + +void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth, + int (**pcopy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)) +{ + *pcopy = pmeth->copy; +} + +void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth, + void (**pcleanup) (EVP_PKEY_CTX *ctx)) +{ + *pcleanup = pmeth->cleanup; +} + +void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, + int (**pparamgen_init) (EVP_PKEY_CTX *ctx), + int (**pparamgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)) +{ + if (pparamgen_init) + *pparamgen_init = pmeth->paramgen_init; + if (pparamgen) + *pparamgen = pmeth->paramgen; +} + +void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, + int (**pkeygen_init) (EVP_PKEY_CTX *ctx), + int (**pkeygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)) +{ + if (pkeygen_init) + *pkeygen_init = pmeth->keygen_init; + if (pkeygen) + *pkeygen = pmeth->keygen; +} + +void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, + int (**psign_init) (EVP_PKEY_CTX *ctx), + int (**psign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)) +{ + if (psign_init) + *psign_init = pmeth->sign_init; + if (psign) + *psign = pmeth->sign; +} + +void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, + int (**pverify_init) (EVP_PKEY_CTX *ctx), + int (**pverify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)) +{ + if (pverify_init) + *pverify_init = pmeth->verify_init; + if (pverify) + *pverify = pmeth->verify; +} + +void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, + int (**pverify_recover_init) (EVP_PKEY_CTX + *ctx), + int (**pverify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)) +{ + if (pverify_recover_init) + *pverify_recover_init = pmeth->verify_recover_init; + if (pverify_recover) + *pverify_recover = pmeth->verify_recover; +} + +void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, + int (**psignctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**psignctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)) +{ + if (psignctx_init) + *psignctx_init = pmeth->signctx_init; + if (psignctx) + *psignctx = pmeth->signctx; +} + +void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, + int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**pverifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)) +{ + if (pverifyctx_init) + *pverifyctx_init = pmeth->verifyctx_init; + if (pverifyctx) + *pverifyctx = pmeth->verifyctx; +} + +void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, + int (**pencrypt_init) (EVP_PKEY_CTX *ctx), + int (**pencryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)) +{ + if (pencrypt_init) + *pencrypt_init = pmeth->encrypt_init; + if (pencryptfn) + *pencryptfn = pmeth->encrypt; +} + +void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, + int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), + int (**pdecrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)) +{ + if (pdecrypt_init) + *pdecrypt_init = pmeth->decrypt_init; + if (pdecrypt) + *pdecrypt = pmeth->decrypt; +} + +void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, + int (**pderive_init) (EVP_PKEY_CTX *ctx), + int (**pderive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)) +{ + if (pderive_init) + *pderive_init = pmeth->derive_init; + if (pderive) + *pderive = pmeth->derive; +} + +void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth, + int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (**pctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)) +{ + if (pctrl) + *pctrl = pmeth->ctrl; + if (pctrl_str) + *pctrl_str = pmeth->ctrl_str; +} diff --git a/Cryptlib/OpenSSL/crypto/evp/scrypt.c b/Cryptlib/OpenSSL/crypto/evp/scrypt.c new file mode 100644 index 00000000..101bb1ed --- /dev/null +++ b/Cryptlib/OpenSSL/crypto/evp/scrypt.c @@ -0,0 +1,248 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stddef.h> +#include <stdio.h> +#include <string.h> +#include <openssl/evp.h> +#include <openssl/err.h> +#include <internal/numbers.h> + +#ifndef OPENSSL_NO_SCRYPT + +#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b)))) +static void salsa208_word_specification(uint32_t inout[16]) +{ + int i; + uint32_t x[16]; + memcpy(x, inout, sizeof(x)); + for (i = 8; i > 0; i -= 2) { + x[4] ^= R(x[0] + x[12], 7); + x[8] ^= R(x[4] + x[0], 9); + x[12] ^= R(x[8] + x[4], 13); + x[0] ^= R(x[12] + x[8], 18); + x[9] ^= R(x[5] + x[1], 7); + x[13] ^= R(x[9] + x[5], 9); + x[1] ^= R(x[13] + x[9], 13); + x[5] ^= R(x[1] + x[13], 18); + x[14] ^= R(x[10] + x[6], 7); + x[2] ^= R(x[14] + x[10], 9); + x[6] ^= R(x[2] + x[14], 13); + x[10] ^= R(x[6] + x[2], 18); + x[3] ^= R(x[15] + x[11], 7); + x[7] ^= R(x[3] + x[15], 9); + x[11] ^= R(x[7] + x[3], 13); + x[15] ^= R(x[11] + x[7], 18); + x[1] ^= R(x[0] + x[3], 7); + x[2] ^= R(x[1] + x[0], 9); + x[3] ^= R(x[2] + x[1], 13); + x[0] ^= R(x[3] + x[2], 18); + x[6] ^= R(x[5] + x[4], 7); + x[7] ^= R(x[6] + x[5], 9); + x[4] ^= R(x[7] + x[6], 13); + x[5] ^= R(x[4] + x[7], 18); + x[11] ^= R(x[10] + x[9], 7); + x[8] ^= R(x[11] + x[10], 9); + x[9] ^= R(x[8] + x[11], 13); + x[10] ^= R(x[9] + x[8], 18); + x[12] ^= R(x[15] + x[14], 7); + x[13] ^= R(x[12] + x[15], 9); + x[14] ^= R(x[13] + x[12], 13); + x[15] ^= R(x[14] + x[13], 18); + } + for (i = 0; i < 16; ++i) + inout[i] += x[i]; + OPENSSL_cleanse(x, sizeof(x)); +} + +static void scryptBlockMix(uint32_t *B_, uint32_t *B, uint64_t r) +{ + uint64_t i, j; + uint32_t X[16], *pB; + + memcpy(X, B + (r * 2 - 1) * 16, sizeof(X)); + pB = B; + for (i = 0; i < r * 2; i++) { + for (j = 0; j < 16; j++) + X[j] ^= *pB++; + salsa208_word_specification(X); + memcpy(B_ + (i / 2 + (i & 1) * r) * 16, X, sizeof(X)); + } + OPENSSL_cleanse(X, sizeof(X)); +} + +static void scryptROMix(unsigned char *B, uint64_t r, uint64_t N, + uint32_t *X, uint32_t *T, uint32_t *V) +{ + unsigned char *pB; + uint32_t *pV; + uint64_t i, k; + + /* Convert from little endian input */ + for (pV = V, i = 0, pB = B; i < 32 * r; i++, pV++) { + *pV = *pB++; + *pV |= *pB++ << 8; + *pV |= *pB++ << 16; + *pV |= (uint32_t)*pB++ << 24; + } + + for (i = 1; i < N; i++, pV += 32 * r) + scryptBlockMix(pV, pV - 32 * r, r); + + scryptBlockMix(X, V + (N - 1) * 32 * r, r); + + for (i = 0; i < N; i++) { + uint32_t j; + j = X[16 * (2 * r - 1)] % N; + pV = V + 32 * r * j; + for (k = 0; k < 32 * r; k++) + T[k] = X[k] ^ *pV++; + scryptBlockMix(X, T, r); + } + /* Convert output to little endian */ + for (i = 0, pB = B; i < 32 * r; i++) { + uint32_t xtmp = X[i]; + *pB++ = xtmp & 0xff; + *pB++ = (xtmp >> 8) & 0xff; + *pB++ = (xtmp >> 16) & 0xff; + *pB++ = (xtmp >> 24) & 0xff; + } +} + +#ifndef SIZE_MAX +# define SIZE_MAX ((size_t)-1) +#endif + +/* + * Maximum power of two that will fit in uint64_t: this should work on + * most (all?) platforms. + */ + +#define LOG2_UINT64_MAX (sizeof(uint64_t) * 8 - 1) + +/* + * Maximum value of p * r: + * p <= ((2^32-1) * hLen) / MFLen => + * p <= ((2^32-1) * 32) / (128 * r) => + * p * r <= (2^30-1) + * + */ + +#define SCRYPT_PR_MAX ((1 << 30) - 1) + +/* + * Maximum permitted memory allow this to be overridden with Configuration + * option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible. + */ + +#ifdef SCRYPT_MAX_MEM +# if SCRYPT_MAX_MEM == 0 +# undef SCRYPT_MAX_MEM +/* + * Although we could theoretically allocate SIZE_MAX memory that would leave + * no memory available for anything else so set limit as half that. + */ +# define SCRYPT_MAX_MEM (SIZE_MAX/2) +# endif +#else +/* Default memory limit: 32 MB */ +# define SCRYPT_MAX_MEM (1024 * 1024 * 32) +#endif + +int EVP_PBE_scrypt(const char *pass, size_t passlen, + const unsigned char *salt, size_t saltlen, + uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, + unsigned char *key, size_t keylen) +{ + int rv = 0; + unsigned char *B; + uint32_t *X, *V, *T; + uint64_t i, Blen, Vlen; + size_t allocsize; + + /* Sanity check parameters */ + /* initial check, r,p must be non zero, N >= 2 and a power of 2 */ + if (r == 0 || p == 0 || N < 2 || (N & (N - 1))) + return 0; + /* Check p * r < SCRYPT_PR_MAX avoiding overflow */ + if (p > SCRYPT_PR_MAX / r) + return 0; + + /* + * Need to check N: if 2^(128 * r / 8) overflows limit this is + * automatically satisfied since N <= UINT64_MAX. + */ + + if (16 * r <= LOG2_UINT64_MAX) { + if (N >= (((uint64_t)1) << (16 * r))) + return 0; + } + + /* Memory checks: check total allocated buffer size fits in uint64_t */ + + /* + * B size in section 5 step 1.S + * Note: we know p * 128 * r < UINT64_MAX because we already checked + * p * r < SCRYPT_PR_MAX + */ + Blen = p * 128 * r; + + /* + * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in + * uint64_t and also size_t (their sizes are unrelated). + * This is combined size V, X and T (section 4) + */ + i = UINT64_MAX / (32 * sizeof(uint32_t)); + if (N + 2 > i / r) + return 0; + Vlen = 32 * r * (N + 2) * sizeof(uint32_t); + + /* check total allocated size fits in uint64_t */ + if (Blen > UINT64_MAX - Vlen) + return 0; + /* check total allocated size fits in size_t */ + if (Blen > SIZE_MAX - Vlen) + return 0; + + allocsize = (size_t)(Blen + Vlen); + + if (maxmem == 0) + maxmem = SCRYPT_MAX_MEM; + + if (allocsize > maxmem) { + EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); + return 0; + } + + /* If no key return to indicate parameters are OK */ + if (key == NULL) + return 1; + + B = OPENSSL_malloc(allocsize); + if (B == NULL) + return 0; + X = (uint32_t *)(B + Blen); + T = X + 32 * r; + V = T + 32 * r; + if (PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, 1, EVP_sha256(), + Blen, B) == 0) + goto err; + + for (i = 0; i < p; i++) + scryptROMix(B + 128 * r * i, r, N, X, T, V); + + if (PKCS5_PBKDF2_HMAC(pass, passlen, B, Blen, 1, EVP_sha256(), + keylen, key) == 0) + goto err; + rv = 1; + err: + OPENSSL_clear_free(B, allocsize); + return rv; +} +#endif |