diff options
Diffstat (limited to 'usr/src/common/openssl/crypto/evp')
50 files changed, 1747 insertions, 396 deletions
diff --git a/usr/src/common/openssl/crypto/evp/bio_b64.c b/usr/src/common/openssl/crypto/evp/bio_b64.c index 33349c2f98..fa5cbc7eb1 100644 --- a/usr/src/common/openssl/crypto/evp/bio_b64.c +++ b/usr/src/common/openssl/crypto/evp/bio_b64.c @@ -165,7 +165,7 @@ static int b64_read(BIO *b, char *out, int outl) { i=ctx->buf_len-ctx->buf_off; if (i > outl) i=outl; - OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf); + OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf)); memcpy(out,&(ctx->buf[ctx->buf_off]),i); ret=i; out+=i; diff --git a/usr/src/common/openssl/crypto/evp/bio_enc.c b/usr/src/common/openssl/crypto/evp/bio_enc.c index ab81851503..f6ac94c6e1 100644 --- a/usr/src/common/openssl/crypto/evp/bio_enc.c +++ b/usr/src/common/openssl/crypto/evp/bio_enc.c @@ -71,7 +71,7 @@ static int enc_new(BIO *h); static int enc_free(BIO *data); static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps); #define ENC_BLOCK_SIZE (1024*4) -#define BUF_OFFSET EVP_MAX_BLOCK_LENGTH +#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2) typedef struct enc_struct { @@ -405,8 +405,8 @@ EVP_CIPHER_ctx *c; } */ -void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, unsigned char *k, - unsigned char *i, int e) +void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, + const unsigned char *i, int e) { BIO_ENC_CTX *ctx; diff --git a/usr/src/common/openssl/crypto/evp/bio_md.c b/usr/src/common/openssl/crypto/evp/bio_md.c index c632dfb202..76ff9fe815 100644 --- a/usr/src/common/openssl/crypto/evp/bio_md.c +++ b/usr/src/common/openssl/crypto/evp/bio_md.c @@ -153,7 +153,7 @@ static int md_write(BIO *b, const char *in, int inl) { if (ret > 0) { - EVP_DigestUpdate(ctx,(unsigned char *)in, + EVP_DigestUpdate(ctx,(const unsigned char *)in, (unsigned int)ret); } } @@ -176,10 +176,11 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) { case BIO_CTRL_RESET: if (b->init) - EVP_DigestInit_ex(ctx,ctx->digest, NULL); + ret = EVP_DigestInit_ex(ctx,ctx->digest, NULL); else ret=0; - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + if (ret > 0) + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); break; case BIO_C_GET_MD: if (b->init) @@ -207,8 +208,9 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_C_SET_MD: md=ptr; - EVP_DigestInit_ex(ctx,md, NULL); - b->init=1; + ret = EVP_DigestInit_ex(ctx,md, NULL); + if (ret > 0) + b->init=1; break; case BIO_CTRL_DUP: dbio=ptr; diff --git a/usr/src/common/openssl/crypto/evp/bio_ok.c b/usr/src/common/openssl/crypto/evp/bio_ok.c index 4e3f10141b..98bc1ab409 100644 --- a/usr/src/common/openssl/crypto/evp/bio_ok.c +++ b/usr/src/common/openssl/crypto/evp/bio_ok.c @@ -119,6 +119,7 @@ #include <stdio.h> #include <errno.h> +#include <assert.h> #include "cryptlib.h" #include <openssl/buffer.h> #include <openssl/bio.h> @@ -141,22 +142,12 @@ static void block_in(BIO* b); #define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE) #define WELLKNOWN "The quick brown fox jumped over the lazy dog's back." -#ifndef L_ENDIAN -#define swapem(x) \ - ((unsigned long int)((((unsigned long int)(x) & 0x000000ffU) << 24) | \ - (((unsigned long int)(x) & 0x0000ff00U) << 8) | \ - (((unsigned long int)(x) & 0x00ff0000U) >> 8) | \ - (((unsigned long int)(x) & 0xff000000U) >> 24))) -#else -#define swapem(x) (x) -#endif - typedef struct ok_struct { - int buf_len; - int buf_off; - int buf_len_save; - int buf_off_save; + size_t buf_len; + size_t buf_off; + size_t buf_len_save; + size_t buf_off_save; int cont; /* <= 0 when finished */ int finished; EVP_MD_CTX md; @@ -295,6 +286,8 @@ static int ok_write(BIO *b, const char *in, int inl) int ret=0,n,i; BIO_OK_CTX *ctx; + if (inl <= 0) return inl; + ctx=(BIO_OK_CTX *)b->ptr; ret=inl; @@ -330,7 +323,7 @@ static int ok_write(BIO *b, const char *in, int inl) if ((in == NULL) || (inl <= 0)) return(0); n= (inl+ ctx->buf_len > OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) ? - OK_BLOCK_SIZE+ OK_BLOCK_BLOCK- ctx->buf_len : inl; + (int)(OK_BLOCK_SIZE+OK_BLOCK_BLOCK-ctx->buf_len) : inl; memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),(unsigned char *)in,n); ctx->buf_len+= n; @@ -448,16 +441,18 @@ static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) return(ret); } -static void longswap(void *_ptr, int len) -{ -#ifndef L_ENDIAN - int i; - char *ptr=_ptr; +static void longswap(void *_ptr, size_t len) +{ const union { long one; char little; } is_endian = {1}; - for(i= 0;i < len;i+= 4){ - *((unsigned long *)&(ptr[i]))= swapem(*((unsigned long *)&(ptr[i]))); + if (is_endian.little) { + size_t i; + unsigned char *p=_ptr,c; + + for(i= 0;i < len;i+= 4) { + c=p[0],p[0]=p[3],p[3]=c; + c=p[1],p[1]=p[2],p[2]=c; + } } -#endif } static void sig_out(BIO* b) @@ -496,7 +491,7 @@ static void sig_in(BIO* b) ctx=b->ptr; md=&ctx->md; - if(ctx->buf_len- ctx->buf_off < 2* md->digest->md_size) return; + if((int)(ctx->buf_len-ctx->buf_off) < 2*md->digest->md_size) return; EVP_DigestInit_ex(md, md->digest, NULL); memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size); @@ -533,9 +528,10 @@ static void block_out(BIO* b) md=&ctx->md; tl= ctx->buf_len- OK_BLOCK_BLOCK; - tl= swapem(tl); - memcpy(ctx->buf, &tl, OK_BLOCK_BLOCK); - tl= swapem(tl); + ctx->buf[0]=(unsigned char)(tl>>24); + ctx->buf[1]=(unsigned char)(tl>>16); + ctx->buf[2]=(unsigned char)(tl>>8); + ctx->buf[3]=(unsigned char)(tl); EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); ctx->buf_len+= md->digest->md_size; @@ -546,14 +542,18 @@ static void block_in(BIO* b) { BIO_OK_CTX *ctx; EVP_MD_CTX *md; - long tl= 0; + unsigned long tl= 0; unsigned char tmp[EVP_MAX_MD_SIZE]; ctx=b->ptr; md=&ctx->md; - memcpy(&tl, ctx->buf, OK_BLOCK_BLOCK); - tl= swapem(tl); + assert(sizeof(tl)>=OK_BLOCK_BLOCK); /* always true */ + tl =ctx->buf[0]; tl<<=8; + tl|=ctx->buf[1]; tl<<=8; + tl|=ctx->buf[2]; tl<<=8; + tl|=ctx->buf[3]; + if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return; EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); diff --git a/usr/src/common/openssl/crypto/evp/c_all.c b/usr/src/common/openssl/crypto/evp/c_all.c index fa60a73ead..a5da52e62d 100644 --- a/usr/src/common/openssl/crypto/evp/c_all.c +++ b/usr/src/common/openssl/crypto/evp/c_all.c @@ -74,6 +74,12 @@ void OpenSSL_add_all_algorithms(void) void OPENSSL_add_all_algorithms_noconf(void) { + /* + * For the moment OPENSSL_cpuid_setup does something + * only on IA-32, but we reserve the option for all + * platforms... + */ + OPENSSL_cpuid_setup(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); #ifndef OPENSSL_NO_ENGINE diff --git a/usr/src/common/openssl/crypto/evp/c_allc.c b/usr/src/common/openssl/crypto/evp/c_allc.c index af8cd03d0b..8cd3b01a3d 100644 --- a/usr/src/common/openssl/crypto/evp/c_allc.c +++ b/usr/src/common/openssl/crypto/evp/c_allc.c @@ -56,6 +56,13 @@ * [including the GNU Public Licence.] */ +/* + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#pragma ident "%Z%%M% %I% %E% SMI" + #include <stdio.h> #include "cryptlib.h" #include <openssl/evp.h> @@ -67,6 +74,8 @@ void OpenSSL_add_all_ciphers(void) #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cfb()); + EVP_add_cipher(EVP_des_cfb1()); + EVP_add_cipher(EVP_des_cfb8()); EVP_add_cipher(EVP_des_ede_cfb()); EVP_add_cipher(EVP_des_ede3_cfb()); @@ -150,6 +159,8 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_aes_128_ecb()); EVP_add_cipher(EVP_aes_128_cbc()); EVP_add_cipher(EVP_aes_128_cfb()); + EVP_add_cipher(EVP_aes_128_cfb1()); + EVP_add_cipher(EVP_aes_128_cfb8()); EVP_add_cipher(EVP_aes_128_ofb()); #if 0 EVP_add_cipher(EVP_aes_128_ctr()); @@ -160,6 +171,8 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_aes_192_ecb()); EVP_add_cipher(EVP_aes_192_cbc()); EVP_add_cipher(EVP_aes_192_cfb()); + EVP_add_cipher(EVP_aes_192_cfb1()); + EVP_add_cipher(EVP_aes_192_cfb8()); EVP_add_cipher(EVP_aes_192_ofb()); #if 0 EVP_add_cipher(EVP_aes_192_ctr()); @@ -169,6 +182,8 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_aes_256_ecb()); EVP_add_cipher(EVP_aes_256_cbc()); EVP_add_cipher(EVP_aes_256_cfb()); + EVP_add_cipher(EVP_aes_256_cfb1()); + EVP_add_cipher(EVP_aes_256_cfb8()); EVP_add_cipher(EVP_aes_256_ofb()); #if 0 EVP_add_cipher(EVP_aes_256_ctr()); diff --git a/usr/src/common/openssl/crypto/evp/c_alld.c b/usr/src/common/openssl/crypto/evp/c_alld.c index be91cdb037..d270b0ee03 100644 --- a/usr/src/common/openssl/crypto/evp/c_alld.c +++ b/usr/src/common/openssl/crypto/evp/c_alld.c @@ -75,7 +75,7 @@ void OpenSSL_add_all_digests(void) EVP_add_digest_alias(SN_md5,"ssl2-md5"); EVP_add_digest_alias(SN_md5,"ssl3-md5"); #endif -#ifndef OPENSSL_NO_SHA +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) EVP_add_digest(EVP_sha()); #ifndef OPENSSL_NO_DSA EVP_add_digest(EVP_dss()); @@ -91,6 +91,9 @@ void OpenSSL_add_all_digests(void) EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); #endif +#ifndef OPENSSL_NO_ECDSA + EVP_add_digest(EVP_ecdsa()); +#endif #endif #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) EVP_add_digest(EVP_mdc2()); @@ -100,4 +103,12 @@ void OpenSSL_add_all_digests(void) EVP_add_digest_alias(SN_ripemd160,"ripemd"); EVP_add_digest_alias(SN_ripemd160,"rmd160"); #endif +#ifndef OPENSSL_NO_SHA256 + EVP_add_digest(EVP_sha224()); + EVP_add_digest(EVP_sha256()); +#endif +#ifndef OPENSSL_NO_SHA512 + EVP_add_digest(EVP_sha384()); + EVP_add_digest(EVP_sha512()); +#endif } diff --git a/usr/src/common/openssl/crypto/evp/digest.c b/usr/src/common/openssl/crypto/evp/digest.c index 0623ddf1f0..762e6d3450 100644 --- a/usr/src/common/openssl/crypto/evp/digest.c +++ b/usr/src/common/openssl/crypto/evp/digest.c @@ -159,7 +159,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { if (!ENGINE_init(impl)) { - EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); return 0; } } @@ -173,7 +173,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) if(!d) { /* Same comment from evp_enc.c */ - EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); return 0; } /* We'll use the ENGINE's private digest definition */ @@ -189,7 +189,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) else if(!ctx->digest) { - EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET); + EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET); return 0; } #endif @@ -208,9 +208,9 @@ skip_to_init: } int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, - unsigned int count) + size_t count) { - return ctx->digest->update(ctx,data,(unsigned long)count); + return ctx->digest->update(ctx,data,count); } /* The caller can assume that this removes any secret data from the context */ @@ -251,14 +251,14 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) unsigned char *tmp_buf; if ((in == NULL) || (in->digest == NULL)) { - EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); + EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,EVP_R_INPUT_NOT_INITIALIZED); return 0; } #ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a digest context using an ENGINE */ if (in->engine && !ENGINE_init(in->engine)) { - EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB); + EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB); return 0; } #endif @@ -285,7 +285,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) return 1; } -int EVP_Digest(void *data, unsigned int count, +int EVP_Digest(const void *data, size_t count, unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) { EVP_MD_CTX ctx; diff --git a/usr/src/common/openssl/crypto/evp/e_aes.c b/usr/src/common/openssl/crypto/evp/e_aes.c index ce2765ecca..c28084c6db 100644 --- a/usr/src/common/openssl/crypto/evp/e_aes.c +++ b/usr/src/common/openssl/crypto/evp/e_aes.c @@ -48,10 +48,19 @@ * */ +/* + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#pragma ident "%Z%%M% %I% %E% SMI" + +#include <openssl/opensslconf.h> #ifndef OPENSSL_NO_AES #include <openssl/evp.h> #include <openssl/err.h> #include <string.h> +#include <assert.h> #include <openssl/aes.h> #include "evp_locl.h" @@ -86,21 +95,44 @@ IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, NULL) #endif /* CRYPTO_UNLIMITED */ +#define IMPLEMENT_AES_CFBR(ksize,cbits) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16) + +IMPLEMENT_AES_CFBR(128,1) +#ifdef CRYPTO_UNLIMITED +IMPLEMENT_AES_CFBR(192,1) +IMPLEMENT_AES_CFBR(256,1) +#endif /* CRYPTO_UNLIMITED */ + +IMPLEMENT_AES_CFBR(128,8) +#ifdef CRYPTO_UNLIMITED +IMPLEMENT_AES_CFBR(192,8) +IMPLEMENT_AES_CFBR(256,8) +#endif /* CRYPTO_UNLIMITED */ + static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) { + const unsigned char *iv, int enc) + { + int ret; -#ifndef CRYPTO_UNLIMITED +#ifndef CRYPTO_UNLIMITED if (ctx->key_len > 16) return 0; #endif /* CRYPTO_UNLIMITED */ + if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE || enc) - AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); + ret=AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); else - AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); + ret=AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); + + if(ret < 0) + { + EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED); + return 0; + } return 1; -} + } #endif diff --git a/usr/src/common/openssl/crypto/evp/e_bf.c b/usr/src/common/openssl/crypto/evp/e_bf.c index 69ba0a3b4d..b2e399337b 100644 --- a/usr/src/common/openssl/crypto/evp/e_bf.c +++ b/usr/src/common/openssl/crypto/evp/e_bf.c @@ -56,9 +56,16 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_BF +/* + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#pragma ident "%Z%%M% %I% %E% SMI" + #include <stdio.h> #include "cryptlib.h" +#ifndef OPENSSL_NO_BF #include <openssl/evp.h> #include "evp_locl.h" #include <openssl/objects.h> @@ -85,6 +92,7 @@ static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (ctx->key_len > 16) return 0; #endif /* CRYPTO_UNLIMITED */ + BF_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key); return 1; } diff --git a/usr/src/common/openssl/crypto/evp/e_cast.c b/usr/src/common/openssl/crypto/evp/e_cast.c index 3400fef187..d77bcd9298 100644 --- a/usr/src/common/openssl/crypto/evp/e_cast.c +++ b/usr/src/common/openssl/crypto/evp/e_cast.c @@ -56,10 +56,10 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_CAST - #include <stdio.h> #include "cryptlib.h" + +#ifndef OPENSSL_NO_CAST #include <openssl/evp.h> #include <openssl/objects.h> #include "evp_locl.h" diff --git a/usr/src/common/openssl/crypto/evp/e_des.c b/usr/src/common/openssl/crypto/evp/e_des.c index 105266a4b3..856323648c 100644 --- a/usr/src/common/openssl/crypto/evp/e_des.c +++ b/usr/src/common/openssl/crypto/evp/e_des.c @@ -56,16 +56,18 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_DES #include <stdio.h> #include "cryptlib.h" +#ifndef OPENSSL_NO_DES #include <openssl/evp.h> #include <openssl/objects.h> #include "evp_locl.h" #include <openssl/des.h> +#include <openssl/rand.h> static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); +static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); /* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */ @@ -92,28 +94,83 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -static int des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) +static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, unsigned int inl) { DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); return 1; } +/* Although we have a CFB-r implementation for DES, it doesn't pack the right + way, so wrap it here */ +static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, unsigned int inl) + { + unsigned int n; + unsigned char c[1],d[1]; + + for(n=0 ; n < inl ; ++n) + { + c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; + DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv, + ctx->encrypt); + out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8)); + } + return 1; + } + +static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, unsigned int inl) + { + DES_cfb_encrypt(in,out,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv, + ctx->encrypt); + return 1; + } + BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, - 0, des_init_key, NULL, + EVP_CIPH_RAND_KEY, des_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, - NULL) + des_ctrl) +BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, + EVP_CIPH_RAND_KEY, des_init_key,NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv,des_ctrl) + +BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, + EVP_CIPH_RAND_KEY,des_init_key,NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv,des_ctrl) static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { DES_cblock *deskey = (DES_cblock *)key; - +#ifdef EVP_CHECK_DES_KEY + if(DES_set_key_checked(deskey,ctx->cipher_data) != 0) + return 0; +#else DES_set_key_unchecked(deskey,ctx->cipher_data); +#endif return 1; } +static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + { + + switch(type) + { + case EVP_CTRL_RAND_KEY: + if (RAND_bytes(ptr, 8) <= 0) + return 0; + DES_set_odd_parity((DES_cblock *)ptr); + return 1; + + default: + return -1; + } + } + #endif diff --git a/usr/src/common/openssl/crypto/evp/e_des3.c b/usr/src/common/openssl/crypto/evp/e_des3.c index 077860e7b6..ac148efab2 100644 --- a/usr/src/common/openssl/crypto/evp/e_des3.c +++ b/usr/src/common/openssl/crypto/evp/e_des3.c @@ -56,13 +56,14 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_DES #include <stdio.h> #include "cryptlib.h" +#ifndef OPENSSL_NO_DES #include <openssl/evp.h> #include <openssl/objects.h> #include "evp_locl.h" #include <openssl/des.h> +#include <openssl/rand.h> static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv,int enc); @@ -70,6 +71,8 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv,int enc); +static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); + typedef struct { DES_key_schedule ks1;/* key schedule */ @@ -85,7 +88,8 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { BLOCK_CIPHER_ecb_loop() - DES_ecb3_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), + DES_ecb3_encrypt((const_DES_cblock *)(in + i), + (DES_cblock *)(out + i), &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ctx->encrypt); @@ -121,7 +125,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { DES_ede3_cfb64_encrypt(in, out, (long)inl, @@ -130,30 +134,76 @@ static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } +/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right + way, so wrap it here */ +static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, unsigned int inl) + { + unsigned int n; + unsigned char c[1],d[1]; + + for(n=0 ; n < inl ; ++n) + { + c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; + DES_ede3_cfb_encrypt(c,d,1,1, + &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3, + (DES_cblock *)ctx->iv,ctx->encrypt); + out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8)); + } + + return 1; + } + +static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, unsigned int inl) + { + DES_ede3_cfb_encrypt(in,out,8,inl, + &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3, + (DES_cblock *)ctx->iv,ctx->encrypt); + return 1; + } + BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, - 0, des_ede_init_key, NULL, + EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, - NULL) + des3_ctrl) -#define des_ede3_cfb_cipher des_ede_cfb_cipher +#define des_ede3_cfb64_cipher des_ede_cfb64_cipher #define des_ede3_ofb_cipher des_ede_ofb_cipher #define des_ede3_cbc_cipher des_ede_cbc_cipher #define des_ede3_ecb_cipher des_ede_ecb_cipher BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, - 0, des_ede3_init_key, NULL, + EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, - NULL) + des3_ctrl) + +BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, + EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + des3_ctrl) + +BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, + EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + des3_ctrl) static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { DES_cblock *deskey = (DES_cblock *)key; - +#ifdef EVP_CHECK_DES_KEY + if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1) + !! DES_set_key_checked(&deskey[1],&data(ctx)->ks2)) + return 0; +#else DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); +#endif memcpy(&data(ctx)->ks3,&data(ctx)->ks1, sizeof(data(ctx)->ks1)); return 1; @@ -174,13 +224,41 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, } #endif /* KSSL_DEBUG */ +#ifdef EVP_CHECK_DES_KEY + if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1) + || DES_set_key_checked(&deskey[1],&data(ctx)->ks2) + || DES_set_key_checked(&deskey[2],&data(ctx)->ks3)) + return 0; +#else DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3); - +#endif return 1; } +static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + { + + DES_cblock *deskey = ptr; + + switch(type) + { + case EVP_CTRL_RAND_KEY: + if (RAND_bytes(ptr, c->key_len) <= 0) + return 0; + DES_set_odd_parity(deskey); + if (c->key_len >= 16) + DES_set_odd_parity(deskey + 1); + if (c->key_len >= 24) + DES_set_odd_parity(deskey + 2); + return 1; + + default: + return -1; + } + } + const EVP_CIPHER *EVP_des_ede(void) { return &des_ede_ecb; diff --git a/usr/src/common/openssl/crypto/evp/e_idea.c b/usr/src/common/openssl/crypto/evp/e_idea.c index b9efa75ae7..48c33a774a 100644 --- a/usr/src/common/openssl/crypto/evp/e_idea.c +++ b/usr/src/common/openssl/crypto/evp/e_idea.c @@ -56,10 +56,10 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_IDEA - #include <stdio.h> #include "cryptlib.h" + +#ifndef OPENSSL_NO_IDEA #include <openssl/evp.h> #include <openssl/objects.h> #include "evp_locl.h" diff --git a/usr/src/common/openssl/crypto/evp/e_null.c b/usr/src/common/openssl/crypto/evp/e_null.c index 2420d7e5af..5205259f18 100644 --- a/usr/src/common/openssl/crypto/evp/e_null.c +++ b/usr/src/common/openssl/crypto/evp/e_null.c @@ -76,6 +76,7 @@ static const EVP_CIPHER n_cipher= 0, NULL, NULL, + NULL, NULL }; @@ -95,7 +96,7 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { if (in != out) - memcpy((char *)out,(char *)in,(int)inl); + memcpy((char *)out,(const char *)in,(size_t)inl); return 1; } diff --git a/usr/src/common/openssl/crypto/evp/e_old.c b/usr/src/common/openssl/crypto/evp/e_old.c new file mode 100644 index 0000000000..ace2979dcf --- /dev/null +++ b/usr/src/common/openssl/crypto/evp/e_old.c @@ -0,0 +1,127 @@ +/* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifdef OPENSSL_NO_DEPRECATED +static void *dummy = &dummy; +#else + +#include <openssl/evp.h> + +/* Define some deprecated functions, so older programs + don't crash and burn too quickly. On Windows and VMS, + these will never be used, since functions and variables + in shared libraries are selected by entry point location, + not by name. */ + +#ifndef OPENSSL_NO_BF +#undef EVP_bf_cfb +const EVP_CIPHER *EVP_bf_cfb(void); +const EVP_CIPHER *EVP_bf_cfb(void) { return EVP_bf_cfb64(); } +#endif + +#ifndef OPENSSL_NO_DES +#undef EVP_des_cfb +const EVP_CIPHER *EVP_des_cfb(void); +const EVP_CIPHER *EVP_des_cfb(void) { return EVP_des_cfb64(); } +#undef EVP_des_ede3_cfb +const EVP_CIPHER *EVP_des_ede3_cfb(void); +const EVP_CIPHER *EVP_des_ede3_cfb(void) { return EVP_des_ede3_cfb64(); } +#undef EVP_des_ede_cfb +const EVP_CIPHER *EVP_des_ede_cfb(void); +const EVP_CIPHER *EVP_des_ede_cfb(void) { return EVP_des_ede_cfb64(); } +#endif + +#ifndef OPENSSL_NO_IDEA +#undef EVP_idea_cfb +const EVP_CIPHER *EVP_idea_cfb(void); +const EVP_CIPHER *EVP_idea_cfb(void) { return EVP_idea_cfb64(); } +#endif + +#ifndef OPENSSL_NO_RC2 +#undef EVP_rc2_cfb +const EVP_CIPHER *EVP_rc2_cfb(void); +const EVP_CIPHER *EVP_rc2_cfb(void) { return EVP_rc2_cfb64(); } +#endif + +#ifndef OPENSSL_NO_CAST +#undef EVP_cast5_cfb +const EVP_CIPHER *EVP_cast5_cfb(void); +const EVP_CIPHER *EVP_cast5_cfb(void) { return EVP_cast5_cfb64(); } +#endif + +#ifndef OPENSSL_NO_RC5 +#undef EVP_rc5_32_12_16_cfb +const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); +const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) { return EVP_rc5_32_12_16_cfb64(); } +#endif + +#ifndef OPENSSL_NO_AES +#undef EVP_aes_128_cfb +const EVP_CIPHER *EVP_aes_128_cfb(void); +const EVP_CIPHER *EVP_aes_128_cfb(void) { return EVP_aes_128_cfb128(); } +#ifdef CRYPTO_UNLIMITED +#undef EVP_aes_192_cfb +const EVP_CIPHER *EVP_aes_192_cfb(void); +const EVP_CIPHER *EVP_aes_192_cfb(void) { return EVP_aes_192_cfb128(); } +#undef EVP_aes_256_cfb +const EVP_CIPHER *EVP_aes_256_cfb(void); +const EVP_CIPHER *EVP_aes_256_cfb(void) { return EVP_aes_256_cfb128(); } +#endif /* CRYPTO UNLIMITED */ +#endif + +#endif diff --git a/usr/src/common/openssl/crypto/evp/e_rc2.c b/usr/src/common/openssl/crypto/evp/e_rc2.c index d42cbfd17e..d37726ffae 100644 --- a/usr/src/common/openssl/crypto/evp/e_rc2.c +++ b/usr/src/common/openssl/crypto/evp/e_rc2.c @@ -56,10 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RC2 - #include <stdio.h> #include "cryptlib.h" + +#ifndef OPENSSL_NO_RC2 + #include <openssl/evp.h> #include <openssl/objects.h> #include "evp_locl.h" @@ -167,16 +168,17 @@ static int rc2_magic_to_meth(int i) static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { long num=0; - int i=0,l; + int i=0; int key_bits; + unsigned int l; unsigned char iv[EVP_MAX_IV_LENGTH]; if (type != NULL) { l=EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(l <= sizeof iv); + OPENSSL_assert(l <= sizeof(iv)); i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l); - if (i != l) + if (i != (int)l) return(-1); key_bits =rc2_magic_to_meth((int)num); if (!key_bits) diff --git a/usr/src/common/openssl/crypto/evp/e_rc4.c b/usr/src/common/openssl/crypto/evp/e_rc4.c index ff8f751eae..b84dc55ce8 100644 --- a/usr/src/common/openssl/crypto/evp/e_rc4.c +++ b/usr/src/common/openssl/crypto/evp/e_rc4.c @@ -56,10 +56,18 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RC4 +/* + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#pragma ident "%Z%%M% %I% %E% SMI" #include <stdio.h> #include "cryptlib.h" + +#ifndef OPENSSL_NO_RC4 + #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/rc4.h> @@ -89,6 +97,7 @@ static const EVP_CIPHER r4_cipher= sizeof(EVP_RC4_KEY), NULL, NULL, + NULL, NULL }; @@ -103,6 +112,7 @@ static const EVP_CIPHER r4_40_cipher= sizeof(EVP_RC4_KEY), NULL, NULL, + NULL, NULL }; diff --git a/usr/src/common/openssl/crypto/evp/e_rc5.c b/usr/src/common/openssl/crypto/evp/e_rc5.c index 3c7713b181..19a10c6402 100644 --- a/usr/src/common/openssl/crypto/evp/e_rc5.c +++ b/usr/src/common/openssl/crypto/evp/e_rc5.c @@ -56,10 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RC5 - #include <stdio.h> #include "cryptlib.h" + +#ifndef OPENSSL_NO_RC5 + #include <openssl/evp.h> #include <openssl/objects.h> #include "evp_locl.h" diff --git a/usr/src/common/openssl/crypto/evp/e_xcbc_d.c b/usr/src/common/openssl/crypto/evp/e_xcbc_d.c index a6f849e93d..8832da2433 100644 --- a/usr/src/common/openssl/crypto/evp/e_xcbc_d.c +++ b/usr/src/common/openssl/crypto/evp/e_xcbc_d.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_DES #include <stdio.h> #include "cryptlib.h" + +#ifndef OPENSSL_NO_DES + #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/des.h> @@ -89,6 +91,7 @@ static const EVP_CIPHER d_xcbc_cipher= sizeof(DESX_CBC_KEY), EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, + NULL, NULL }; diff --git a/usr/src/common/openssl/crypto/evp/encode.c b/usr/src/common/openssl/crypto/evp/encode.c index 08209357ce..5921f0d710 100644 --- a/usr/src/common/openssl/crypto/evp/encode.c +++ b/usr/src/common/openssl/crypto/evp/encode.c @@ -129,14 +129,14 @@ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) } void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - unsigned char *in, int inl) + const unsigned char *in, int inl) { int i,j; unsigned int total=0; *outl=0; if (inl == 0) return; - OPENSSL_assert(ctx->length <= sizeof ctx->enc_data); + OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); if ((ctx->num+inl) < ctx->length) { memcpy(&(ctx->enc_data[ctx->num]),in,inl); @@ -233,7 +233,7 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) * 1 for full line */ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - unsigned char *in, int inl) + const unsigned char *in, int inl) { int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl; unsigned char *d; @@ -259,7 +259,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, /* only save the good data :-) */ if (!B64_NOT_BASE64(v)) { - OPENSSL_assert(n < sizeof ctx->enc_data); + OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); d[n++]=tmp; ln++; } @@ -313,7 +313,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, /* There will never be more than two '=' */ } - if ((v == B64_EOF) || (n >= 64)) + if ((v == B64_EOF && (n&3) == 0) || (n >= 64)) { /* This is needed to work correctly on 64 byte input * lines. We process the line and then need to @@ -323,8 +323,8 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, if (n > 0) { v=EVP_DecodeBlock(out,d,n); - if (v < 0) { rv=0; goto end; } n=0; + if (v < 0) { rv=0; goto end; } ret+=(v-eof); } else diff --git a/usr/src/common/openssl/crypto/evp/evp.h b/usr/src/common/openssl/crypto/evp/evp.h index 4801d8eaa3..e35d472c70 100644 --- a/usr/src/common/openssl/crypto/evp/evp.h +++ b/usr/src/common/openssl/crypto/evp/evp.h @@ -74,48 +74,6 @@ #ifndef OPENSSL_NO_BIO #include <openssl/bio.h> #endif -#ifndef OPENSSL_NO_MD2 -#include <openssl/md2.h> -#endif -#ifndef OPENSSL_NO_MD4 -#include <openssl/md4.h> -#endif -#ifndef OPENSSL_NO_MD5 -#include <openssl/md5.h> -#endif -#ifndef OPENSSL_NO_SHA -#include <openssl/sha.h> -#endif -#ifndef OPENSSL_NO_RIPEMD -#include <openssl/ripemd.h> -#endif -#ifndef OPENSSL_NO_DES -#include <openssl/des.h> -#endif -#ifndef OPENSSL_NO_RC4 -#include <openssl/rc4.h> -#endif -#ifndef OPENSSL_NO_RC2 -#include <openssl/rc2.h> -#endif -#ifndef OPENSSL_NO_RC5 -#include <openssl/rc5.h> -#endif -#ifndef OPENSSL_NO_BF -#include <openssl/blowfish.h> -#endif -#ifndef OPENSSL_NO_CAST -#include <openssl/cast.h> -#endif -#ifndef OPENSSL_NO_IDEA -#include <openssl/idea.h> -#endif -#ifndef OPENSSL_NO_MDC2 -#include <openssl/mdc2.h> -#endif -#ifndef OPENSSL_NO_AES -#include <openssl/aes.h> -#endif /* #define EVP_RC2_KEY_SIZE 16 @@ -124,7 +82,7 @@ #define EVP_CAST5_KEY_SIZE 16 #define EVP_RC5_32_12_16_KEY_SIZE 16 */ -#define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ +#define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */ #define EVP_MAX_KEY_LENGTH 32 #define EVP_MAX_IV_LENGTH 16 #define EVP_MAX_BLOCK_LENGTH 32 @@ -133,28 +91,18 @@ /* Default PKCS#5 iteration count */ #define PKCS5_DEFAULT_ITER 2048 -#ifndef OPENSSL_NO_RSA -#include <openssl/rsa.h> -#endif - -#ifndef OPENSSL_NO_DSA -#include <openssl/dsa.h> -#endif - -#ifndef OPENSSL_NO_DH -#include <openssl/dh.h> -#endif - #include <openssl/objects.h> #define EVP_PK_RSA 0x0001 #define EVP_PK_DSA 0x0002 #define EVP_PK_DH 0x0004 +#define EVP_PK_EC 0x0008 #define EVP_PKT_SIGN 0x0010 #define EVP_PKT_ENC 0x0020 #define EVP_PKT_EXCH 0x0040 #define EVP_PKS_RSA 0x0100 #define EVP_PKS_DSA 0x0200 +#define EVP_PKS_EC 0x0400 #define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ #define EVP_PKEY_NONE NID_undef @@ -166,6 +114,7 @@ #define EVP_PKEY_DSA3 NID_dsaWithSHA1 #define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 #define EVP_PKEY_DH NID_dhKeyAgreement +#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey #ifdef __cplusplus extern "C" { @@ -190,6 +139,9 @@ struct evp_pkey_st #ifndef OPENSSL_NO_DH struct dh_st *dh; /* DH */ #endif +#ifndef OPENSSL_NO_EC + struct ec_key_st *ec; /* ECC */ +#endif } pkey; int save_parameters; STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ @@ -275,38 +227,58 @@ struct env_md_st int md_size; unsigned long flags; int (*init)(EVP_MD_CTX *ctx); - int (*update)(EVP_MD_CTX *ctx,const void *data,unsigned long count); + int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count); int (*final)(EVP_MD_CTX *ctx,unsigned char *md); int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from); int (*cleanup)(EVP_MD_CTX *ctx); /* FIXME: prototype these some day */ - int (*sign)(); - int (*verify)(); + int (*sign)(int type, const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, void *key); + int (*verify)(int type, const unsigned char *m, unsigned int m_length, + const unsigned char *sigbuf, unsigned int siglen, + void *key); int required_pkey_type[5]; /*EVP_PKEY_xxx */ int block_size; int ctx_size; /* how big does the ctx->md_data need to be */ } /* EVP_MD */; +typedef int evp_sign_method(int type,const unsigned char *m, + unsigned int m_length,unsigned char *sigret, + unsigned int *siglen, void *key); +typedef int evp_verify_method(int type,const unsigned char *m, + unsigned int m_length,const unsigned char *sigbuf, + unsigned int siglen, void *key); + #define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single * block */ #define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} #ifndef OPENSSL_NO_DSA -#define EVP_PKEY_DSA_method DSA_sign,DSA_verify, \ +#define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \ + (evp_verify_method *)DSA_verify, \ {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ EVP_PKEY_DSA4,0} #else #define EVP_PKEY_DSA_method EVP_PKEY_NULL_method #endif +#ifndef OPENSSL_NO_ECDSA +#define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ + (evp_verify_method *)ECDSA_verify, \ + {EVP_PKEY_EC,0,0,0} +#else +#define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method +#endif + #ifndef OPENSSL_NO_RSA -#define EVP_PKEY_RSA_method RSA_sign,RSA_verify, \ +#define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \ + (evp_verify_method *)RSA_verify, \ {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} #define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ - RSA_sign_ASN1_OCTET_STRING, \ - RSA_verify_ASN1_OCTET_STRING, \ + (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \ + (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \ {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} #else #define EVP_PKEY_RSA_method EVP_PKEY_NULL_method @@ -373,6 +345,8 @@ struct evp_cipher_st #define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 /* Don't use standard block padding */ #define EVP_CIPH_NO_PADDING 0x100 +/* cipher handles random key generation */ +#define EVP_CIPH_RAND_KEY 0x200 /* ctrl() values */ @@ -382,6 +356,7 @@ struct evp_cipher_st #define EVP_CTRL_SET_RC2_KEY_BITS 0x3 #define EVP_CTRL_GET_RC5_ROUNDS 0x4 #define EVP_CTRL_SET_RC5_ROUNDS 0x5 +#define EVP_CTRL_RAND_KEY 0x6 typedef struct evp_cipher_info_st { @@ -443,6 +418,11 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, (char *)(dh)) #endif +#ifndef OPENSSL_NO_EC +#define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ + (char *)(eckey)) +#endif + /* Add some extra combinations */ #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) @@ -523,9 +503,9 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); #define EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, - unsigned int cnt); + size_t cnt); int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); -int EVP_Digest(void *data, unsigned int count, +int EVP_Digest(const void *data, size_t count, unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); @@ -533,7 +513,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); -void EVP_set_pw_prompt(char *prompt); +void EVP_set_pw_prompt(const char *prompt); char * EVP_get_pw_prompt(void); int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, @@ -572,26 +552,28 @@ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, EVP_PKEY *pkey); -int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, +int EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey); -int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *ek, - int ekl,unsigned char *iv,EVP_PKEY *priv); +int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, + const unsigned char *ek, int ekl, const unsigned char *iv, + EVP_PKEY *priv); int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, - int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); +int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char **ek, int *ekl, unsigned char *iv, + EVP_PKEY **pubk, int npubk); int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); -void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out, - int *outl,unsigned char *in,int inl); +void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, + const unsigned char *in,int inl); void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, - unsigned char *in, int inl); + const unsigned char *in, int inl); int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); @@ -601,14 +583,15 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); #ifndef OPENSSL_NO_BIO BIO_METHOD *BIO_f_md(void); BIO_METHOD *BIO_f_base64(void); BIO_METHOD *BIO_f_cipher(void); BIO_METHOD *BIO_f_reliable(void); -void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k, - unsigned char *i, int enc); +void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,const unsigned char *k, + const unsigned char *i, int enc); #endif const EVP_MD *EVP_md_null(void); @@ -626,6 +609,15 @@ const EVP_MD *EVP_sha(void); const EVP_MD *EVP_sha1(void); const EVP_MD *EVP_dss(void); const EVP_MD *EVP_dss1(void); +const EVP_MD *EVP_ecdsa(void); +#endif +#ifndef OPENSSL_NO_SHA256 +const EVP_MD *EVP_sha224(void); +const EVP_MD *EVP_sha256(void); +#endif +#ifndef OPENSSL_NO_SHA512 +const EVP_MD *EVP_sha384(void); +const EVP_MD *EVP_sha512(void); #endif #ifndef OPENSSL_NO_MDC2 const EVP_MD *EVP_mdc2(void); @@ -640,9 +632,20 @@ const EVP_CIPHER *EVP_des_ede(void); const EVP_CIPHER *EVP_des_ede3(void); const EVP_CIPHER *EVP_des_ede_ecb(void); const EVP_CIPHER *EVP_des_ede3_ecb(void); -const EVP_CIPHER *EVP_des_cfb(void); -const EVP_CIPHER *EVP_des_ede_cfb(void); -const EVP_CIPHER *EVP_des_ede3_cfb(void); +const EVP_CIPHER *EVP_des_cfb64(void); +# define EVP_des_cfb EVP_des_cfb64 +const EVP_CIPHER *EVP_des_cfb1(void); +const EVP_CIPHER *EVP_des_cfb8(void); +const EVP_CIPHER *EVP_des_ede_cfb64(void); +# define EVP_des_ede_cfb EVP_des_ede_cfb64 +#if 0 +const EVP_CIPHER *EVP_des_ede_cfb1(void); +const EVP_CIPHER *EVP_des_ede_cfb8(void); +#endif +const EVP_CIPHER *EVP_des_ede3_cfb64(void); +# define EVP_des_ede3_cfb EVP_des_ede3_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb1(void); +const EVP_CIPHER *EVP_des_ede3_cfb8(void); const EVP_CIPHER *EVP_des_ofb(void); const EVP_CIPHER *EVP_des_ede_ofb(void); const EVP_CIPHER *EVP_des_ede3_ofb(void); @@ -666,7 +669,8 @@ const EVP_CIPHER *EVP_rc4_40(void); #endif #ifndef OPENSSL_NO_IDEA const EVP_CIPHER *EVP_idea_ecb(void); -const EVP_CIPHER *EVP_idea_cfb(void); +const EVP_CIPHER *EVP_idea_cfb64(void); +# define EVP_idea_cfb EVP_idea_cfb64 const EVP_CIPHER *EVP_idea_ofb(void); const EVP_CIPHER *EVP_idea_cbc(void); #endif @@ -675,45 +679,58 @@ const EVP_CIPHER *EVP_rc2_ecb(void); const EVP_CIPHER *EVP_rc2_cbc(void); const EVP_CIPHER *EVP_rc2_40_cbc(void); const EVP_CIPHER *EVP_rc2_64_cbc(void); -const EVP_CIPHER *EVP_rc2_cfb(void); +const EVP_CIPHER *EVP_rc2_cfb64(void); +# define EVP_rc2_cfb EVP_rc2_cfb64 const EVP_CIPHER *EVP_rc2_ofb(void); #endif #ifndef OPENSSL_NO_BF const EVP_CIPHER *EVP_bf_ecb(void); const EVP_CIPHER *EVP_bf_cbc(void); -const EVP_CIPHER *EVP_bf_cfb(void); +const EVP_CIPHER *EVP_bf_cfb64(void); +# define EVP_bf_cfb EVP_bf_cfb64 const EVP_CIPHER *EVP_bf_ofb(void); #endif #ifndef OPENSSL_NO_CAST const EVP_CIPHER *EVP_cast5_ecb(void); const EVP_CIPHER *EVP_cast5_cbc(void); -const EVP_CIPHER *EVP_cast5_cfb(void); +const EVP_CIPHER *EVP_cast5_cfb64(void); +# define EVP_cast5_cfb EVP_cast5_cfb64 const EVP_CIPHER *EVP_cast5_ofb(void); #endif #ifndef OPENSSL_NO_RC5 const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); -const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); +const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); +# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); #endif #ifndef OPENSSL_NO_AES const EVP_CIPHER *EVP_aes_128_ecb(void); const EVP_CIPHER *EVP_aes_128_cbc(void); -const EVP_CIPHER *EVP_aes_128_cfb(void); +const EVP_CIPHER *EVP_aes_128_cfb1(void); +const EVP_CIPHER *EVP_aes_128_cfb8(void); +const EVP_CIPHER *EVP_aes_128_cfb128(void); +# define EVP_aes_128_cfb EVP_aes_128_cfb128 const EVP_CIPHER *EVP_aes_128_ofb(void); #if 0 const EVP_CIPHER *EVP_aes_128_ctr(void); #endif const EVP_CIPHER *EVP_aes_192_ecb(void); const EVP_CIPHER *EVP_aes_192_cbc(void); -const EVP_CIPHER *EVP_aes_192_cfb(void); +const EVP_CIPHER *EVP_aes_192_cfb1(void); +const EVP_CIPHER *EVP_aes_192_cfb8(void); +const EVP_CIPHER *EVP_aes_192_cfb128(void); +# define EVP_aes_192_cfb EVP_aes_192_cfb128 const EVP_CIPHER *EVP_aes_192_ofb(void); #if 0 const EVP_CIPHER *EVP_aes_192_ctr(void); #endif const EVP_CIPHER *EVP_aes_256_ecb(void); const EVP_CIPHER *EVP_aes_256_cbc(void); -const EVP_CIPHER *EVP_aes_256_cfb(void); +const EVP_CIPHER *EVP_aes_256_cfb1(void); +const EVP_CIPHER *EVP_aes_256_cfb8(void); +const EVP_CIPHER *EVP_aes_256_cfb128(void); +# define EVP_aes_256_cfb EVP_aes_256_cfb128 const EVP_CIPHER *EVP_aes_256_ofb(void); #if 0 const EVP_CIPHER *EVP_aes_256_ctr(void); @@ -744,10 +761,12 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name); const EVP_MD *EVP_get_digestbyname(const char *name); void EVP_cleanup(void); -int EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key, - int enc_key_len,EVP_PKEY *private_key); +int EVP_PKEY_decrypt(unsigned char *dec_key, + const unsigned char *enc_key,int enc_key_len, + EVP_PKEY *private_key); int EVP_PKEY_encrypt(unsigned char *enc_key, - unsigned char *key,int key_len,EVP_PKEY *pub_key); + const unsigned char *key,int key_len, + EVP_PKEY *pub_key); int EVP_PKEY_type(int type); int EVP_PKEY_bits(EVP_PKEY *pkey); int EVP_PKEY_size(EVP_PKEY *pkey); @@ -768,24 +787,31 @@ struct dh_st; int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key); struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); #endif - +#ifndef OPENSSL_NO_EC +struct ec_key_st; +int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,struct ec_key_st *key); +struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +#endif EVP_PKEY * EVP_PKEY_new(void); void EVP_PKEY_free(EVP_PKEY *pkey); -EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp, + +EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp, long length); int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); -EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp, +EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, const unsigned char **pp, long length); -EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp, +EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, long length); int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); -int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from); -int EVP_PKEY_missing_parameters(EVP_PKEY *pkey); +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); -int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b); +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); int EVP_CIPHER_type(const EVP_CIPHER *ctx); @@ -802,7 +828,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, + const unsigned char *salt, int saltlen, int iter, int keylen, unsigned char *out); int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, @@ -825,25 +851,31 @@ void ERR_load_EVP_strings(void); /* Error codes for the EVP functions. */ /* Function codes. */ +#define EVP_F_AES_INIT_KEY 133 #define EVP_F_D2I_PKEY 100 -#define EVP_F_EVP_CIPHERINIT 123 +#define EVP_F_DSAPKEY2PKCS8 134 +#define EVP_F_DSA_PKEY2PKCS8 135 +#define EVP_F_ECDSA_PKEY2PKCS8 129 +#define EVP_F_ECKEY_PKEY2PKCS8 132 +#define EVP_F_EVP_CIPHERINIT_EX 123 #define EVP_F_EVP_CIPHER_CTX_CTRL 124 #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 -#define EVP_F_EVP_DECRYPTFINAL 101 -#define EVP_F_EVP_DIGESTINIT 128 -#define EVP_F_EVP_ENCRYPTFINAL 127 -#define EVP_F_EVP_MD_CTX_COPY 110 +#define EVP_F_EVP_DECRYPTFINAL_EX 101 +#define EVP_F_EVP_DIGESTINIT_EX 128 +#define EVP_F_EVP_ENCRYPTFINAL_EX 127 +#define EVP_F_EVP_MD_CTX_COPY_EX 110 #define EVP_F_EVP_OPENINIT 102 #define EVP_F_EVP_PBE_ALG_ADD 115 #define EVP_F_EVP_PBE_CIPHERINIT 116 #define EVP_F_EVP_PKCS82PKEY 111 -#define EVP_F_EVP_PKCS8_SET_BROKEN 112 -#define EVP_F_EVP_PKEY2PKCS8 113 +#define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 #define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 #define EVP_F_EVP_PKEY_DECRYPT 104 #define EVP_F_EVP_PKEY_ENCRYPT 105 #define EVP_F_EVP_PKEY_GET1_DH 119 #define EVP_F_EVP_PKEY_GET1_DSA 120 +#define EVP_F_EVP_PKEY_GET1_ECDSA 130 +#define EVP_F_EVP_PKEY_GET1_EC_KEY 131 #define EVP_F_EVP_PKEY_GET1_RSA 121 #define EVP_F_EVP_PKEY_NEW 106 #define EVP_F_EVP_RIJNDAEL 126 @@ -851,10 +883,13 @@ void ERR_load_EVP_strings(void); #define EVP_F_EVP_VERIFYFINAL 108 #define EVP_F_PKCS5_PBE_KEYIVGEN 117 #define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 +#define EVP_F_PKCS8_SET_BROKEN 112 #define EVP_F_RC2_MAGIC_TO_METH 109 #define EVP_F_RC5_CTRL 125 /* Reason codes. */ +#define EVP_R_AES_KEY_SETUP_FAILED 143 +#define EVP_R_ASN1_LIB 140 #define EVP_R_BAD_BLOCK_LENGTH 136 #define EVP_R_BAD_DECRYPT 100 #define EVP_R_BAD_KEY_LENGTH 137 @@ -871,6 +906,8 @@ void ERR_load_EVP_strings(void); #define EVP_R_EXPECTING_AN_RSA_KEY 127 #define EVP_R_EXPECTING_A_DH_KEY 128 #define EVP_R_EXPECTING_A_DSA_KEY 129 +#define EVP_R_EXPECTING_A_ECDSA_KEY 141 +#define EVP_R_EXPECTING_A_EC_KEY 142 #define EVP_R_INITIALIZATION_ERROR 134 #define EVP_R_INPUT_NOT_INITIALIZED 111 #define EVP_R_INVALID_KEY_LENGTH 130 diff --git a/usr/src/common/openssl/crypto/evp/evp_enc.c b/usr/src/common/openssl/crypto/evp/evp_enc.c index 8ea5aa935d..22cb6131be 100644 --- a/usr/src/common/openssl/crypto/evp/evp_enc.c +++ b/usr/src/common/openssl/crypto/evp/evp_enc.c @@ -60,6 +60,7 @@ #include "cryptlib.h" #include <openssl/evp.h> #include <openssl/err.h> +#include <openssl/rand.h> #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif @@ -116,7 +117,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp { if (!ENGINE_init(impl)) { - EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; } } @@ -133,7 +134,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp * control history, is that we should at least * be able to avoid using US mispellings of * "initialisation"? */ - EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; } /* We'll use the ENGINE's private cipher definition */ @@ -153,7 +154,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); if (!ctx->cipher_data) { - EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); return 0; } } @@ -167,14 +168,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp { if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { - EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; } } } else if(!ctx->cipher) { - EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET); + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET); return 0; } #ifndef OPENSSL_NO_ENGINE @@ -199,7 +200,8 @@ skip_to_init: case EVP_CIPH_CBC_MODE: - OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv); + OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= + (int)sizeof(ctx->iv)); if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); break; @@ -286,7 +288,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } i=ctx->buf_len; bl=ctx->cipher->block_size; - OPENSSL_assert(bl <= sizeof ctx->buf); + OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); if (i != 0) { if (i+inl < bl) @@ -332,7 +334,8 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - int i,n,b,bl,ret; + int n,ret; + unsigned int i, b, bl; b=ctx->cipher->block_size; OPENSSL_assert(b <= sizeof ctx->buf); @@ -346,7 +349,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { if(bl) { - EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); + EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); return 0; } *outl = 0; @@ -368,7 +371,8 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int b, fix_len; + int fix_len; + unsigned int b; if (inl == 0) { @@ -421,8 +425,8 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - int i,b; - int n; + int i,n; + unsigned int b; *outl=0; b=ctx->cipher->block_size; @@ -430,7 +434,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { if(ctx->buf_len) { - EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); return 0; } *outl = 0; @@ -440,21 +444,21 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { if (ctx->buf_len || !ctx->final_used) { - EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH); + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH); return(0); } OPENSSL_assert(b <= sizeof ctx->final); n=ctx->final[b-1]; - if (n > b) + if (n == 0 || n > (int)b) { - EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); return(0); } for (i=0; i<n; i++) { if (ctx->final[--b] != n) { - EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); return(0); } } @@ -531,3 +535,13 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) } return ret; } + +int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) + { + if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) + return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); + if (RAND_bytes(key, ctx->key_len) <= 0) + return 0; + return 1; + } + diff --git a/usr/src/common/openssl/crypto/evp/evp_err.c b/usr/src/common/openssl/crypto/evp/evp_err.c index 3a23d21c21..e854aadfa2 100644 --- a/usr/src/common/openssl/crypto/evp/evp_err.c +++ b/usr/src/common/openssl/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* crypto/evp/evp_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,81 +64,96 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason) + static ERR_STRING_DATA EVP_str_functs[]= { -{ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"}, -{ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0), "EVP_CipherInit"}, -{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0), "EVP_CIPHER_CTX_ctrl"}, -{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0), "EVP_CIPHER_CTX_set_key_length"}, -{ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"}, -{ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0), "EVP_DigestInit"}, -{ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0), "EVP_EncryptFinal"}, -{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"}, -{ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"}, -{ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0), "EVP_PBE_alg_add"}, -{ERR_PACK(0,EVP_F_EVP_PBE_CIPHERINIT,0), "EVP_PBE_CipherInit"}, -{ERR_PACK(0,EVP_F_EVP_PKCS82PKEY,0), "EVP_PKCS82PKEY"}, -{ERR_PACK(0,EVP_F_EVP_PKCS8_SET_BROKEN,0), "EVP_PKCS8_SET_BROKEN"}, -{ERR_PACK(0,EVP_F_EVP_PKEY2PKCS8,0), "EVP_PKEY2PKCS8"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0), "EVP_PKEY_copy_parameters"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0), "EVP_PKEY_decrypt"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0), "EVP_PKEY_encrypt"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DH,0), "EVP_PKEY_get1_DH"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DSA,0), "EVP_PKEY_get1_DSA"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_RSA,0), "EVP_PKEY_get1_RSA"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0), "EVP_PKEY_new"}, -{ERR_PACK(0,EVP_F_EVP_RIJNDAEL,0), "EVP_RIJNDAEL"}, -{ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0), "EVP_SignFinal"}, -{ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0), "EVP_VerifyFinal"}, -{ERR_PACK(0,EVP_F_PKCS5_PBE_KEYIVGEN,0), "PKCS5_PBE_keyivgen"}, -{ERR_PACK(0,EVP_F_PKCS5_V2_PBE_KEYIVGEN,0), "PKCS5_v2_PBE_keyivgen"}, -{ERR_PACK(0,EVP_F_RC2_MAGIC_TO_METH,0), "RC2_MAGIC_TO_METH"}, -{ERR_PACK(0,EVP_F_RC5_CTRL,0), "RC5_CTRL"}, +{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, +{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, +{ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, +{ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"}, +{ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"}, +{ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"}, +{ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, +{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, +{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"}, +{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, +{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, +{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, +{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, +{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, +{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, +{ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, +{ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, +{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"}, +{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, +{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"}, +{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, +{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"}, +{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"}, +{ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"}, +{ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"}, +{ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"}, +{ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, +{ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, +{ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"}, +{ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, +{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, +{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, +{ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"}, +{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, +{ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, {0,NULL} }; static ERR_STRING_DATA EVP_str_reasons[]= { -{EVP_R_BAD_BLOCK_LENGTH ,"bad block length"}, -{EVP_R_BAD_DECRYPT ,"bad decrypt"}, -{EVP_R_BAD_KEY_LENGTH ,"bad key length"}, -{EVP_R_BN_DECODE_ERROR ,"bn decode error"}, -{EVP_R_BN_PUBKEY_ERROR ,"bn pubkey error"}, -{EVP_R_CIPHER_PARAMETER_ERROR ,"cipher parameter error"}, -{EVP_R_CTRL_NOT_IMPLEMENTED ,"ctrl not implemented"}, -{EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED ,"ctrl operation not implemented"}, -{EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"}, -{EVP_R_DECODE_ERROR ,"decode error"}, -{EVP_R_DIFFERENT_KEY_TYPES ,"different key types"}, -{EVP_R_ENCODE_ERROR ,"encode error"}, -{EVP_R_EVP_PBE_CIPHERINIT_ERROR ,"evp pbe cipherinit error"}, -{EVP_R_EXPECTING_AN_RSA_KEY ,"expecting an rsa key"}, -{EVP_R_EXPECTING_A_DH_KEY ,"expecting a dh key"}, -{EVP_R_EXPECTING_A_DSA_KEY ,"expecting a dsa key"}, -{EVP_R_INITIALIZATION_ERROR ,"initialization error"}, -{EVP_R_INPUT_NOT_INITIALIZED ,"input not initialized"}, -{EVP_R_INVALID_KEY_LENGTH ,"invalid key length"}, -{EVP_R_IV_TOO_LARGE ,"iv too large"}, -{EVP_R_KEYGEN_FAILURE ,"keygen failure"}, -{EVP_R_MISSING_PARAMETERS ,"missing parameters"}, -{EVP_R_NO_CIPHER_SET ,"no cipher set"}, -{EVP_R_NO_DIGEST_SET ,"no digest set"}, -{EVP_R_NO_DSA_PARAMETERS ,"no dsa parameters"}, -{EVP_R_NO_SIGN_FUNCTION_CONFIGURED ,"no sign function configured"}, -{EVP_R_NO_VERIFY_FUNCTION_CONFIGURED ,"no verify function configured"}, -{EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE ,"pkcs8 unknown broken type"}, -{EVP_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"}, -{EVP_R_UNKNOWN_PBE_ALGORITHM ,"unknown pbe algorithm"}, -{EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS ,"unsuported number of rounds"}, -{EVP_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, -{EVP_R_UNSUPPORTED_KEYLENGTH ,"unsupported keylength"}, -{EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION,"unsupported key derivation function"}, -{EVP_R_UNSUPPORTED_KEY_SIZE ,"unsupported key size"}, -{EVP_R_UNSUPPORTED_PRF ,"unsupported prf"}, -{EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM ,"unsupported private key algorithm"}, -{EVP_R_UNSUPPORTED_SALT_TYPE ,"unsupported salt type"}, -{EVP_R_WRONG_FINAL_BLOCK_LENGTH ,"wrong final block length"}, -{EVP_R_WRONG_PUBLIC_KEY_TYPE ,"wrong public key type"}, +{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"}, +{ERR_REASON(EVP_R_ASN1_LIB) ,"asn1 lib"}, +{ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"}, +{ERR_REASON(EVP_R_BAD_DECRYPT) ,"bad decrypt"}, +{ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"}, +{ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"}, +{ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"}, +{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"}, +{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"}, +{ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"}, +{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"}, +{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, +{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, +{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, +{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, +{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, +{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"}, +{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"}, +{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"}, +{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) ,"expecting a ec key"}, +{ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"}, +{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"}, +{ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"}, +{ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"}, +{ERR_REASON(EVP_R_KEYGEN_FAILURE) ,"keygen failure"}, +{ERR_REASON(EVP_R_MISSING_PARAMETERS) ,"missing parameters"}, +{ERR_REASON(EVP_R_NO_CIPHER_SET) ,"no cipher set"}, +{ERR_REASON(EVP_R_NO_DIGEST_SET) ,"no digest set"}, +{ERR_REASON(EVP_R_NO_DSA_PARAMETERS) ,"no dsa parameters"}, +{ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),"no sign function configured"}, +{ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"}, +{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"}, +{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, +{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"}, +{ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"}, +{ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, +{ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) ,"unsupported keylength"}, +{ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),"unsupported key derivation function"}, +{ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE) ,"unsupported key size"}, +{ERR_REASON(EVP_R_UNSUPPORTED_PRF) ,"unsupported prf"}, +{ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),"unsupported private key algorithm"}, +{ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE) ,"unsupported salt type"}, +{ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH),"wrong final block length"}, +{ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) ,"wrong public key type"}, {0,NULL} }; @@ -152,8 +167,8 @@ void ERR_load_EVP_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_EVP,EVP_str_functs); - ERR_load_strings(ERR_LIB_EVP,EVP_str_reasons); + ERR_load_strings(0,EVP_str_functs); + ERR_load_strings(0,EVP_str_reasons); #endif } diff --git a/usr/src/common/openssl/crypto/evp/evp_key.c b/usr/src/common/openssl/crypto/evp/evp_key.c index 13ecda9bb9..ff773e017a 100644 --- a/usr/src/common/openssl/crypto/evp/evp_key.c +++ b/usr/src/common/openssl/crypto/evp/evp_key.c @@ -56,6 +56,13 @@ * [including the GNU Public Licence.] */ +/* + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#pragma ident "%Z%%M% %I% %E% SMI" + #include <stdio.h> #include "cryptlib.h" #include <openssl/x509.h> @@ -66,7 +73,7 @@ /* should be init to zeros. */ static char prompt_string[80]; -void EVP_set_pw_prompt(char *prompt) +void EVP_set_pw_prompt(const char *prompt) { if (prompt == NULL) prompt_string[0]='\0'; @@ -85,7 +92,7 @@ char *EVP_get_pw_prompt(void) return(prompt_string); } -#ifndef _BOOT +#ifndef _BOOT /* For historical reasons, the standard function for reading passwords is * in the DES library -- if someone ever wants to disable DES, * this function will fail */ diff --git a/usr/src/common/openssl/crypto/evp/evp_lib.c b/usr/src/common/openssl/crypto/evp/evp_lib.c index 52a3b287be..36213964dd 100644 --- a/usr/src/common/openssl/crypto/evp/evp_lib.c +++ b/usr/src/common/openssl/crypto/evp/evp_lib.c @@ -68,7 +68,7 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->set_asn1_parameters != NULL) ret=c->cipher->set_asn1_parameters(c,type); else - ret=1; + ret=-1; return(ret); } @@ -79,20 +79,21 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->get_asn1_parameters != NULL) ret=c->cipher->get_asn1_parameters(c,type); else - ret=1; + ret=-1; return(ret); } int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { - int i=0,l; + int i=0; + unsigned int l; if (type != NULL) { l=EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(l <= sizeof c->iv); + OPENSSL_assert(l <= sizeof(c->iv)); i=ASN1_TYPE_get_octetstring(type,c->oiv,l); - if (i != l) + if (i != (int)l) return(-1); else if (i > 0) memcpy(c->iv,c->oiv,l); @@ -102,12 +103,13 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { - int i=0,j; + int i=0; + unsigned int j; if (type != NULL) { j=EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(j <= sizeof c->iv); + OPENSSL_assert(j <= sizeof(c->iv)); i=ASN1_TYPE_set_octetstring(type,c->oiv,j); } return(i); @@ -133,6 +135,30 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx) return NID_rc4; + case NID_aes_128_cfb128: + case NID_aes_128_cfb8: + case NID_aes_128_cfb1: + + return NID_aes_128_cfb128; + + case NID_aes_192_cfb128: + case NID_aes_192_cfb8: + case NID_aes_192_cfb1: + + return NID_aes_192_cfb128; + + case NID_aes_256_cfb128: + case NID_aes_256_cfb8: + case NID_aes_256_cfb1: + + return NID_aes_256_cfb128; + + case NID_des_cfb64: + case NID_des_cfb8: + case NID_des_cfb1: + + return NID_des_cfb64; + default: /* Check it has an OID and it is valid */ otmp = OBJ_nid2obj(nid); diff --git a/usr/src/common/openssl/crypto/evp/evp_locl.h b/usr/src/common/openssl/crypto/evp/evp_locl.h index 4d81a3bf4c..2204e345ad 100644 --- a/usr/src/common/openssl/crypto/evp/evp_locl.h +++ b/usr/src/common/openssl/crypto/evp/evp_locl.h @@ -90,7 +90,7 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns } #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ -static int cname##_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ +static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ {\ cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ return 1;\ @@ -127,7 +127,7 @@ BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ #define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ iv_len, cbits, flags, init_key, cleanup, \ set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def1(cname, cfb##cbits, cfb, CFB, kstruct, nid, 1, \ +BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \ key_len, iv_len, flags, init_key, cleanup, set_asn1, \ get_asn1, ctrl) @@ -225,3 +225,12 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } get_asn1, ctrl) #define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) + +#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \ + BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ + BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ + NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ + 0, cipher##_init_key, NULL, \ + EVP_CIPHER_set_asn1_iv, \ + EVP_CIPHER_get_asn1_iv, \ + NULL) diff --git a/usr/src/common/openssl/crypto/evp/evp_pbe.c b/usr/src/common/openssl/crypto/evp/evp_pbe.c index 91e545a141..c26d2de0f3 100644 --- a/usr/src/common/openssl/crypto/evp/evp_pbe.c +++ b/usr/src/common/openssl/crypto/evp/evp_pbe.c @@ -74,7 +74,7 @@ const EVP_MD *md; EVP_PBE_KEYGEN *keygen; } EVP_PBE_CTL; -int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, +int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) { @@ -106,7 +106,8 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, static int pbe_cmp(const char * const *a, const char * const *b) { - EVP_PBE_CTL **pbe1 = (EVP_PBE_CTL **) a, **pbe2 = (EVP_PBE_CTL **)b; + const EVP_PBE_CTL * const *pbe1 = (const EVP_PBE_CTL * const *) a, + * const *pbe2 = (const EVP_PBE_CTL * const *)b; return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); } diff --git a/usr/src/common/openssl/crypto/evp/evp_pkey.c b/usr/src/common/openssl/crypto/evp/evp_pkey.c index eb481ec661..0147f3e02a 100644 --- a/usr/src/common/openssl/crypto/evp/evp_pkey.c +++ b/usr/src/common/openssl/crypto/evp/evp_pkey.c @@ -3,7 +3,7 @@ * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -61,14 +61,24 @@ #include "cryptlib.h" #include <openssl/x509.h> #include <openssl/rand.h> +#ifndef OPENSSL_NO_RSA +#include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA +#include <openssl/dsa.h> +#endif +#include <openssl/bn.h> #ifndef OPENSSL_NO_DSA static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); #endif +#ifndef OPENSSL_NO_EC +static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); +#endif /* Extract a private key from a PKCS8 structure */ -EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) +EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) { EVP_PKEY *pkey = NULL; #ifndef OPENSSL_NO_RSA @@ -76,16 +86,24 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) #endif #ifndef OPENSSL_NO_DSA DSA *dsa = NULL; + ASN1_TYPE *t1, *t2; ASN1_INTEGER *privkey; - ASN1_TYPE *t1, *t2, *param = NULL; STACK_OF(ASN1_TYPE) *ndsa = NULL; +#endif +#ifndef OPENSSL_NO_EC + EC_KEY *eckey = NULL; + const unsigned char *p_tmp; +#endif +#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) + ASN1_TYPE *param = NULL; BN_CTX *ctx = NULL; int plen; #endif X509_ALGOR *a; - unsigned char *p; + const unsigned char *p; const unsigned char *cp; int pkeylen; + int nid; char obj_tmp[80]; if(p8->pkey->type == V_ASN1_OCTET_STRING) { @@ -102,7 +120,8 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) return NULL; } a = p8->pkeyalg; - switch (OBJ_obj2nid(a->algorithm)) + nid = OBJ_obj2nid(a->algorithm); + switch(nid) { #ifndef OPENSSL_NO_RSA case NID_rsaEncryption: @@ -208,6 +227,112 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) return NULL; break; #endif +#ifndef OPENSSL_NO_EC + case NID_X9_62_id_ecPublicKey: + p_tmp = p; + /* extract the ec parameters */ + param = p8->pkeyalg->parameter; + + if (!param || ((param->type != V_ASN1_SEQUENCE) && + (param->type != V_ASN1_OBJECT))) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); + goto ecerr; + } + + if (param->type == V_ASN1_SEQUENCE) + { + cp = p = param->value.sequence->data; + plen = param->value.sequence->length; + + if (!(eckey = d2i_ECParameters(NULL, &cp, plen))) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, + EVP_R_DECODE_ERROR); + goto ecerr; + } + } + else + { + EC_GROUP *group; + cp = p = param->value.object->data; + plen = param->value.object->length; + + /* type == V_ASN1_OBJECT => the parameters are given + * by an asn1 OID + */ + if ((eckey = EC_KEY_new()) == NULL) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, + ERR_R_MALLOC_FAILURE); + goto ecerr; + } + group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object)); + if (group == NULL) + goto ecerr; + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); + if (EC_KEY_set_group(eckey, group) == 0) + goto ecerr; + EC_GROUP_free(group); + } + + /* We have parameters now set private key */ + if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen)) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); + goto ecerr; + } + + /* calculate public key (if necessary) */ + if (EC_KEY_get0_public_key(eckey) == NULL) + { + const BIGNUM *priv_key; + const EC_GROUP *group; + EC_POINT *pub_key; + /* the public key was not included in the SEC1 private + * key => calculate the public key */ + group = EC_KEY_get0_group(eckey); + pub_key = EC_POINT_new(group); + if (pub_key == NULL) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } + if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) + { + EC_POINT_free(pub_key); + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } + priv_key = EC_KEY_get0_private_key(eckey); + if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) + { + EC_POINT_free(pub_key); + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } + if (EC_KEY_set_public_key(eckey, pub_key) == 0) + { + EC_POINT_free(pub_key); + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } + EC_POINT_free(pub_key); + } + + EVP_PKEY_assign_EC_KEY(pkey, eckey); + if (ctx) + BN_CTX_free(ctx); + break; +ecerr: + if (ctx) + BN_CTX_free(ctx); + if (eckey) + EC_KEY_free(eckey); + if (pkey) + EVP_PKEY_free(pkey); + return NULL; +#endif default: EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); @@ -231,13 +356,17 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) PKCS8_PRIV_KEY_INFO *p8; if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); return NULL; } p8->broken = broken; - ASN1_INTEGER_set (p8->version, 0); + if (!ASN1_INTEGER_set(p8->version, 0)) { + EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); + PKCS8_PRIV_KEY_INFO_free (p8); + return NULL; + } if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); PKCS8_PRIV_KEY_INFO_free (p8); return NULL; } @@ -250,9 +379,9 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); p8->pkeyalg->parameter->type = V_ASN1_NULL; - if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey, + if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey, &p8->pkey->value.octet_string)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); PKCS8_PRIV_KEY_INFO_free (p8); return NULL; } @@ -267,13 +396,22 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) break; #endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + if (!eckey_pkey2pkcs8(p8, pkey)) + { + PKCS8_PRIV_KEY_INFO_free(p8); + return(NULL); + } + break; +#endif default: - EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); + EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); PKCS8_PRIV_KEY_INFO_free (p8); return NULL; } RAND_add(p8->pkey->value.octet_string->data, - p8->pkey->value.octet_string->length, 0); + p8->pkey->value.octet_string->length, 0.0); return p8; } @@ -293,39 +431,43 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) break; default: - EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); + EVPerr(EVP_F_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); return NULL; - break; - } } #ifndef OPENSSL_NO_DSA static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) { - ASN1_STRING *params; - ASN1_INTEGER *prkey; - ASN1_TYPE *ttmp; - STACK_OF(ASN1_TYPE) *ndsa; - unsigned char *p, *q; + ASN1_STRING *params = NULL; + ASN1_INTEGER *prkey = NULL; + ASN1_TYPE *ttmp = NULL; + STACK_OF(ASN1_TYPE) *ndsa = NULL; + unsigned char *p = NULL, *q; int len; p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); len = i2d_DSAparams (pkey->pkey.dsa, NULL); if (!(p = OPENSSL_malloc(len))) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - PKCS8_PRIV_KEY_INFO_free (p8); - return 0; + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; } q = p; i2d_DSAparams (pkey->pkey.dsa, &q); - params = ASN1_STRING_new(); - ASN1_STRING_set(params, p, len); + if (!(params = ASN1_STRING_new())) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } + if (!ASN1_STRING_set(params, p, len)) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } OPENSSL_free(p); + p = NULL; /* Get private key into integer */ if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); - return 0; + EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR); + goto err; } switch(p8->broken) { @@ -333,15 +475,16 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) case PKCS8_OK: case PKCS8_NO_OCTET: - if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER, + if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER, &p8->pkey->value.octet_string)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - M_ASN1_INTEGER_free (prkey); - return 0; + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; } M_ASN1_INTEGER_free (prkey); + prkey = NULL; p8->pkeyalg->parameter->value.sequence = params; + params = NULL; p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; break; @@ -349,32 +492,51 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) case PKCS8_NS_DB: p8->pkeyalg->parameter->value.sequence = params; + params = NULL; p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; - ndsa = sk_ASN1_TYPE_new_null(); - ttmp = ASN1_TYPE_new(); - if (!(ttmp->value.integer = BN_to_ASN1_INTEGER (pkey->pkey.dsa->pub_key, NULL))) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); - PKCS8_PRIV_KEY_INFO_free(p8); - return 0; + if (!(ndsa = sk_ASN1_TYPE_new_null())) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } + if (!(ttmp = ASN1_TYPE_new())) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } + if (!(ttmp->value.integer = + BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR); + goto err; } ttmp->type = V_ASN1_INTEGER; - sk_ASN1_TYPE_push(ndsa, ttmp); + if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } - ttmp = ASN1_TYPE_new(); + if (!(ttmp = ASN1_TYPE_new())) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } ttmp->value.integer = prkey; + prkey = NULL; ttmp->type = V_ASN1_INTEGER; - sk_ASN1_TYPE_push(ndsa, ttmp); + if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } + ttmp = NULL; - p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); + if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, &p8->pkey->value.octet_string->data, &p8->pkey->value.octet_string->length)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); - M_ASN1_INTEGER_free(prkey); - return 0; + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; } sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); break; @@ -382,31 +544,251 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) case PKCS8_EMBEDDED_PARAM: p8->pkeyalg->parameter->type = V_ASN1_NULL; - ndsa = sk_ASN1_TYPE_new_null(); - ttmp = ASN1_TYPE_new(); + if (!(ndsa = sk_ASN1_TYPE_new_null())) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } + if (!(ttmp = ASN1_TYPE_new())) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } ttmp->value.sequence = params; + params = NULL; ttmp->type = V_ASN1_SEQUENCE; - sk_ASN1_TYPE_push(ndsa, ttmp); + if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } - ttmp = ASN1_TYPE_new(); + if (!(ttmp = ASN1_TYPE_new())) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } ttmp->value.integer = prkey; + prkey = NULL; ttmp->type = V_ASN1_INTEGER; - sk_ASN1_TYPE_push(ndsa, ttmp); + if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } + ttmp = NULL; - p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); + if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, &p8->pkey->value.octet_string->data, &p8->pkey->value.octet_string->length)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); - M_ASN1_INTEGER_free (prkey); - return 0; + EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; } sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); break; } return 1; +err: + if (p != NULL) OPENSSL_free(p); + if (params != NULL) ASN1_STRING_free(params); + if (prkey != NULL) M_ASN1_INTEGER_free(prkey); + if (ttmp != NULL) ASN1_TYPE_free(ttmp); + if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); + return 0; +} +#endif + +#ifndef OPENSSL_NO_EC +static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) +{ + EC_KEY *ec_key; + const EC_GROUP *group; + unsigned char *p, *pp; + int nid, i, ret = 0; + unsigned int tmp_flags, old_flags; + + ec_key = pkey->pkey.ec; + if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) + { + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS); + return 0; + } + + /* set the ec parameters OID */ + if (p8->pkeyalg->algorithm) + ASN1_OBJECT_free(p8->pkeyalg->algorithm); + + p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey); + + /* set the ec parameters */ + + if (p8->pkeyalg->parameter) + { + ASN1_TYPE_free(p8->pkeyalg->parameter); + p8->pkeyalg->parameter = NULL; + } + + if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL) + { + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); + return 0; + } + + if (EC_GROUP_get_asn1_flag(group) + && (nid = EC_GROUP_get_curve_name(group))) + { + /* we have a 'named curve' => just set the OID */ + p8->pkeyalg->parameter->type = V_ASN1_OBJECT; + p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid); + } + else /* explicit parameters */ + { + if ((i = i2d_ECParameters(ec_key, NULL)) == 0) + { + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); + return 0; + } + if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL) + { + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); + return 0; + } + pp = p; + if (!i2d_ECParameters(ec_key, &pp)) + { + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); + OPENSSL_free(p); + return 0; + } + p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; + if ((p8->pkeyalg->parameter->value.sequence + = ASN1_STRING_new()) == NULL) + { + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB); + OPENSSL_free(p); + return 0; + } + ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i); + OPENSSL_free(p); + } + + /* set the private key */ + + /* do not include the parameters in the SEC1 private key + * see PKCS#11 12.11 */ + old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec); + tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; + EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags); + i = i2d_ECPrivateKey(pkey->pkey.ec, NULL); + if (!i) + { + EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); + return 0; + } + p = (unsigned char *) OPENSSL_malloc(i); + if (!p) + { + EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); + return 0; + } + pp = p; + if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp)) + { + EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); + OPENSSL_free(p); + return 0; + } + /* restore old encoding flags */ + EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); + + switch(p8->broken) { + + case PKCS8_OK: + p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); + if (!p8->pkey->value.octet_string || + !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string, + (const void *)p, i)) + + { + EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); + } + else + ret = 1; + break; + case PKCS8_NO_OCTET: /* RSA specific */ + case PKCS8_NS_DB: /* DSA specific */ + case PKCS8_EMBEDDED_PARAM: /* DSA specific */ + default: + EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR); + } + OPENSSL_cleanse(p, (size_t)i); + OPENSSL_free(p); + return ret; } #endif + +/* EVP_PKEY attribute functions */ + +int EVP_PKEY_get_attr_count(const EVP_PKEY *key) +{ + return X509at_get_attr_count(key->attributes); +} + +int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, + int lastpos) +{ + return X509at_get_attr_by_NID(key->attributes, nid, lastpos); +} + +int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, + int lastpos) +{ + return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos); +} + +X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc) +{ + return X509at_get_attr(key->attributes, loc); +} + +X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc) +{ + return X509at_delete_attr(key->attributes, loc); +} + +int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr) +{ + if(X509at_add1_attr(&key->attributes, attr)) return 1; + return 0; +} + +int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len) +{ + if(X509at_add1_attr_by_OBJ(&key->attributes, obj, + type, bytes, len)) return 1; + return 0; +} + +int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, + int nid, int type, + const unsigned char *bytes, int len) +{ + if(X509at_add1_attr_by_NID(&key->attributes, nid, + type, bytes, len)) return 1; + return 0; +} + +int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, + const char *attrname, int type, + const unsigned char *bytes, int len) +{ + if(X509at_add1_attr_by_txt(&key->attributes, attrname, + type, bytes, len)) return 1; + return 0; +} diff --git a/usr/src/common/openssl/crypto/evp/evp_test.c b/usr/src/common/openssl/crypto/evp/evp_test.c index 28460173f7..3bf8e9ab27 100644 --- a/usr/src/common/openssl/crypto/evp/evp_test.c +++ b/usr/src/common/openssl/crypto/evp/evp_test.c @@ -52,6 +52,7 @@ #include "../e_os.h" +#include <openssl/opensslconf.h> #include <openssl/evp.h> #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> @@ -162,6 +163,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv)) { fprintf(stderr,"EncryptInit failed\n"); + ERR_print_errors_fp(stderr); test1_exit(10); } EVP_CIPHER_CTX_set_padding(&ctx,0); @@ -169,11 +171,13 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn)) { fprintf(stderr,"Encrypt failed\n"); + ERR_print_errors_fp(stderr); test1_exit(6); } if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2)) { fprintf(stderr,"EncryptFinal failed\n"); + ERR_print_errors_fp(stderr); test1_exit(7); } @@ -198,6 +202,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv)) { fprintf(stderr,"DecryptInit failed\n"); + ERR_print_errors_fp(stderr); test1_exit(11); } EVP_CIPHER_CTX_set_padding(&ctx,0); @@ -205,11 +210,13 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn)) { fprintf(stderr,"Decrypt failed\n"); + ERR_print_errors_fp(stderr); test1_exit(6); } if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2)) { fprintf(stderr,"DecryptFinal failed\n"); + ERR_print_errors_fp(stderr); test1_exit(7); } @@ -272,16 +279,19 @@ static int test_digest(const char *digest, if(!EVP_DigestInit_ex(&ctx,d, NULL)) { fprintf(stderr,"DigestInit failed\n"); + ERR_print_errors_fp(stderr); EXIT(100); } if(!EVP_DigestUpdate(&ctx,plaintext,pn)) { fprintf(stderr,"DigestUpdate failed\n"); + ERR_print_errors_fp(stderr); EXIT(101); } if(!EVP_DigestFinal_ex(&ctx,md,&mdn)) { fprintf(stderr,"DigestFinal failed\n"); + ERR_print_errors_fp(stderr); EXIT(101); } EVP_MD_CTX_cleanup(&ctx); @@ -386,6 +396,27 @@ int main(int argc,char **argv) if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec) && !test_digest(cipher,plaintext,pn,ciphertext,cn)) { +#ifdef OPENSSL_NO_AES + if (strstr(cipher, "AES") == cipher) + { + fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); + continue; + } +#endif +#ifdef OPENSSL_NO_DES + if (strstr(cipher, "DES") == cipher) + { + fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); + continue; + } +#endif +#ifdef OPENSSL_NO_RC4 + if (strstr(cipher, "RC4") == cipher) + { + fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); + continue; + } +#endif fprintf(stderr,"Can't find %s\n",cipher); EXIT(3); } diff --git a/usr/src/common/openssl/crypto/evp/m_dss.c b/usr/src/common/openssl/crypto/evp/m_dss.c index beb8d7fc5c..a948c77fa4 100644 --- a/usr/src/common/openssl/crypto/evp/m_dss.c +++ b/usr/src/common/openssl/crypto/evp/m_dss.c @@ -61,12 +61,16 @@ #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> +#ifndef OPENSSL_NO_DSA +#include <openssl/dsa.h> +#endif #ifndef OPENSSL_NO_SHA + static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return SHA1_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/usr/src/common/openssl/crypto/evp/m_dss1.c b/usr/src/common/openssl/crypto/evp/m_dss1.c index f5668ebda0..c12e13972b 100644 --- a/usr/src/common/openssl/crypto/evp/m_dss1.c +++ b/usr/src/common/openssl/crypto/evp/m_dss1.c @@ -56,17 +56,22 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SHA #include <stdio.h> #include "cryptlib.h" + +#ifndef OPENSSL_NO_SHA + #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> +#ifndef OPENSSL_NO_DSA +#include <openssl/dsa.h> +#endif static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return SHA1_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/usr/src/common/openssl/crypto/evp/m_ecdsa.c b/usr/src/common/openssl/crypto/evp/m_ecdsa.c new file mode 100644 index 0000000000..fad270faca --- /dev/null +++ b/usr/src/common/openssl/crypto/evp/m_ecdsa.c @@ -0,0 +1,148 @@ +/* crypto/evp/m_ecdsa.c */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/evp.h> +#include <openssl/objects.h> +#include <openssl/x509.h> + +#ifndef OPENSSL_NO_SHA +static int init(EVP_MD_CTX *ctx) + { return SHA1_Init(ctx->md_data); } + +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) + { return SHA1_Update(ctx->md_data,data,count); } + +static int final(EVP_MD_CTX *ctx,unsigned char *md) + { return SHA1_Final(md,ctx->md_data); } + +static const EVP_MD ecdsa_md= + { + NID_ecdsa_with_SHA1, + NID_ecdsa_with_SHA1, + SHA_DIGEST_LENGTH, + 0, + init, + update, + final, + NULL, + NULL, + EVP_PKEY_ECDSA_method, + SHA_CBLOCK, + sizeof(EVP_MD *)+sizeof(SHA_CTX), + }; + +const EVP_MD *EVP_ecdsa(void) + { + return(&ecdsa_md); + } +#endif diff --git a/usr/src/common/openssl/crypto/evp/m_md2.c b/usr/src/common/openssl/crypto/evp/m_md2.c index 50914c83b3..5ce849f161 100644 --- a/usr/src/common/openssl/crypto/evp/m_md2.c +++ b/usr/src/common/openssl/crypto/evp/m_md2.c @@ -56,18 +56,23 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MD2 #include <stdio.h> #include "cryptlib.h" + +#ifndef OPENSSL_NO_MD2 + #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> #include <openssl/md2.h> +#ifndef OPENSSL_NO_RSA +#include <openssl/rsa.h> +#endif static int init(EVP_MD_CTX *ctx) { return MD2_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return MD2_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/usr/src/common/openssl/crypto/evp/m_md4.c b/usr/src/common/openssl/crypto/evp/m_md4.c index e19b663754..1e0b7c5b42 100644 --- a/usr/src/common/openssl/crypto/evp/m_md4.c +++ b/usr/src/common/openssl/crypto/evp/m_md4.c @@ -56,18 +56,23 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MD4 #include <stdio.h> #include "cryptlib.h" + +#ifndef OPENSSL_NO_MD4 + #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> #include <openssl/md4.h> +#ifndef OPENSSL_NO_RSA +#include <openssl/rsa.h> +#endif static int init(EVP_MD_CTX *ctx) { return MD4_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return MD4_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/usr/src/common/openssl/crypto/evp/m_md5.c b/usr/src/common/openssl/crypto/evp/m_md5.c index b00a03e048..63c142119e 100644 --- a/usr/src/common/openssl/crypto/evp/m_md5.c +++ b/usr/src/common/openssl/crypto/evp/m_md5.c @@ -56,18 +56,23 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MD5 #include <stdio.h> #include "cryptlib.h" + +#ifndef OPENSSL_NO_MD5 + #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> #include <openssl/md5.h> +#ifndef OPENSSL_NO_RSA +#include <openssl/rsa.h> +#endif static int init(EVP_MD_CTX *ctx) { return MD5_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return MD5_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/usr/src/common/openssl/crypto/evp/m_mdc2.c b/usr/src/common/openssl/crypto/evp/m_mdc2.c index 9f6467c931..36c4e9b134 100644 --- a/usr/src/common/openssl/crypto/evp/m_mdc2.c +++ b/usr/src/common/openssl/crypto/evp/m_mdc2.c @@ -56,18 +56,21 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MDC2 #include <stdio.h> #include "cryptlib.h" + +#ifndef OPENSSL_NO_MDC2 + #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> #include <openssl/mdc2.h> +#include <openssl/rsa.h> static int init(EVP_MD_CTX *ctx) { return MDC2_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return MDC2_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/usr/src/common/openssl/crypto/evp/m_null.c b/usr/src/common/openssl/crypto/evp/m_null.c index f6f0a1d2c0..cb0721699d 100644 --- a/usr/src/common/openssl/crypto/evp/m_null.c +++ b/usr/src/common/openssl/crypto/evp/m_null.c @@ -65,7 +65,7 @@ static int init(EVP_MD_CTX *ctx) { return 1; } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return 1; } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/usr/src/common/openssl/crypto/evp/m_ripemd.c b/usr/src/common/openssl/crypto/evp/m_ripemd.c index 64725528dc..a1d60ee78d 100644 --- a/usr/src/common/openssl/crypto/evp/m_ripemd.c +++ b/usr/src/common/openssl/crypto/evp/m_ripemd.c @@ -56,18 +56,23 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RIPEMD #include <stdio.h> #include "cryptlib.h" + +#ifndef OPENSSL_NO_RIPEMD + #include <openssl/ripemd.h> #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> +#ifndef OPENSSL_NO_RSA +#include <openssl/rsa.h> +#endif static int init(EVP_MD_CTX *ctx) { return RIPEMD160_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return RIPEMD160_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/usr/src/common/openssl/crypto/evp/m_sha.c b/usr/src/common/openssl/crypto/evp/m_sha.c index 10697c7ed3..acccc8f92d 100644 --- a/usr/src/common/openssl/crypto/evp/m_sha.c +++ b/usr/src/common/openssl/crypto/evp/m_sha.c @@ -56,17 +56,22 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SHA #include <stdio.h> #include "cryptlib.h" + +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) + #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> +#ifndef OPENSSL_NO_RSA +#include <openssl/rsa.h> +#endif static int init(EVP_MD_CTX *ctx) { return SHA_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return SHA_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) diff --git a/usr/src/common/openssl/crypto/evp/m_sha1.c b/usr/src/common/openssl/crypto/evp/m_sha1.c index d6be3502f0..4679b1c463 100644 --- a/usr/src/common/openssl/crypto/evp/m_sha1.c +++ b/usr/src/common/openssl/crypto/evp/m_sha1.c @@ -56,17 +56,22 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SHA #include <stdio.h> #include "cryptlib.h" + +#ifndef OPENSSL_NO_SHA + #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> +#ifndef OPENSSL_NO_RSA +#include <openssl/rsa.h> +#endif static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) { return SHA1_Update(ctx->md_data,data,count); } static int final(EVP_MD_CTX *ctx,unsigned char *md) @@ -93,3 +98,107 @@ const EVP_MD *EVP_sha1(void) return(&sha1_md); } #endif + +#ifndef OPENSSL_NO_SHA256 +static int init224(EVP_MD_CTX *ctx) + { return SHA224_Init(ctx->md_data); } +static int init256(EVP_MD_CTX *ctx) + { return SHA256_Init(ctx->md_data); } +/* + * Even though there're separate SHA224_[Update|Final], we call + * SHA256 functions even in SHA224 context. This is what happens + * there anyway, so we can spare few CPU cycles:-) + */ +static int update256(EVP_MD_CTX *ctx,const void *data,size_t count) + { return SHA256_Update(ctx->md_data,data,count); } +static int final256(EVP_MD_CTX *ctx,unsigned char *md) + { return SHA256_Final(md,ctx->md_data); } + +static const EVP_MD sha224_md= + { + NID_sha224, + NID_sha224WithRSAEncryption, + SHA224_DIGEST_LENGTH, + 0, + init224, + update256, + final256, + NULL, + NULL, + EVP_PKEY_RSA_method, + SHA256_CBLOCK, + sizeof(EVP_MD *)+sizeof(SHA256_CTX), + }; + +const EVP_MD *EVP_sha224(void) + { return(&sha224_md); } + +static const EVP_MD sha256_md= + { + NID_sha256, + NID_sha256WithRSAEncryption, + SHA256_DIGEST_LENGTH, + 0, + init256, + update256, + final256, + NULL, + NULL, + EVP_PKEY_RSA_method, + SHA256_CBLOCK, + sizeof(EVP_MD *)+sizeof(SHA256_CTX), + }; + +const EVP_MD *EVP_sha256(void) + { return(&sha256_md); } +#endif /* ifndef OPENSSL_NO_SHA256 */ + +#ifndef OPENSSL_NO_SHA512 +static int init384(EVP_MD_CTX *ctx) + { return SHA384_Init(ctx->md_data); } +static int init512(EVP_MD_CTX *ctx) + { return SHA512_Init(ctx->md_data); } +/* See comment in SHA224/256 section */ +static int update512(EVP_MD_CTX *ctx,const void *data,size_t count) + { return SHA512_Update(ctx->md_data,data,count); } +static int final512(EVP_MD_CTX *ctx,unsigned char *md) + { return SHA512_Final(md,ctx->md_data); } + +static const EVP_MD sha384_md= + { + NID_sha384, + NID_sha384WithRSAEncryption, + SHA384_DIGEST_LENGTH, + 0, + init384, + update512, + final512, + NULL, + NULL, + EVP_PKEY_RSA_method, + SHA512_CBLOCK, + sizeof(EVP_MD *)+sizeof(SHA512_CTX), + }; + +const EVP_MD *EVP_sha384(void) + { return(&sha384_md); } + +static const EVP_MD sha512_md= + { + NID_sha512, + NID_sha512WithRSAEncryption, + SHA512_DIGEST_LENGTH, + 0, + init512, + update512, + final512, + NULL, + NULL, + EVP_PKEY_RSA_method, + SHA512_CBLOCK, + sizeof(EVP_MD *)+sizeof(SHA512_CTX), + }; + +const EVP_MD *EVP_sha512(void) + { return(&sha512_md); } +#endif /* ifndef OPENSSL_NO_SHA512 */ diff --git a/usr/src/common/openssl/crypto/evp/names.c b/usr/src/common/openssl/crypto/evp/names.c index eb9f4329cd..88c1e780dd 100644 --- a/usr/src/common/openssl/crypto/evp/names.c +++ b/usr/src/common/openssl/crypto/evp/names.c @@ -66,9 +66,9 @@ int EVP_add_cipher(const EVP_CIPHER *c) { int r; - r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c); + r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); if (r == 0) return(0); - r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c); + r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); return(r); } @@ -78,9 +78,9 @@ int EVP_add_digest(const EVP_MD *md) const char *name; name=OBJ_nid2sn(md->type); - r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(char *)md); + r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); if (r == 0) return(0); - r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(char *)md); + r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md); if (r == 0) return(0); if (md->type != md->pkey_type) diff --git a/usr/src/common/openssl/crypto/evp/p5_crpt.c b/usr/src/common/openssl/crypto/evp/p5_crpt.c index a1874e83b2..48d50014a0 100644 --- a/usr/src/common/openssl/crypto/evp/p5_crpt.c +++ b/usr/src/common/openssl/crypto/evp/p5_crpt.c @@ -110,12 +110,18 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, int i; PBEPARAM *pbe; int saltlen, iter; - unsigned char *salt, *pbuf; + unsigned char *salt; + const unsigned char *pbuf; /* Extract useful info from parameter */ + if (param == NULL || param->type != V_ASN1_SEQUENCE || + param->value.sequence == NULL) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); + return 0; + } + pbuf = param->value.sequence->data; - if (!param || (param->type != V_ASN1_SEQUENCE) || - !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) { + if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); return 0; } @@ -140,7 +146,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, EVP_DigestFinal_ex (&ctx, md_tmp, NULL); } EVP_MD_CTX_cleanup(&ctx); - OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp); + OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), diff --git a/usr/src/common/openssl/crypto/evp/p5_crpt2.c b/usr/src/common/openssl/crypto/evp/p5_crpt2.c index 1f94e1ef88..f11cb701a4 100644 --- a/usr/src/common/openssl/crypto/evp/p5_crpt2.c +++ b/usr/src/common/openssl/crypto/evp/p5_crpt2.c @@ -55,10 +55,10 @@ * Hudson (tjh@cryptsoft.com). * */ -#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) #include <stdio.h> #include <stdlib.h> #include "cryptlib.h" +#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) #include <openssl/x509.h> #include <openssl/evp.h> #include <openssl/hmac.h> @@ -77,7 +77,7 @@ */ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, + const unsigned char *salt, int saltlen, int iter, int keylen, unsigned char *out) { unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; @@ -148,16 +148,23 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) { - unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH]; - int saltlen, keylen, iter, plen; + unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; + const unsigned char *pbuf; + int saltlen, iter, plen; + unsigned int keylen; PBE2PARAM *pbe2 = NULL; const EVP_CIPHER *cipher; PBKDF2PARAM *kdf = NULL; + if (param == NULL || param->type != V_ASN1_SEQUENCE || + param->value.sequence == NULL) { + EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); + return 0; + } + pbuf = param->value.sequence->data; plen = param->value.sequence->length; - if(!param || (param->type != V_ASN1_SEQUENCE) || - !(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { + if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); return 0; } @@ -208,7 +215,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, /* Now check the parameters of the kdf */ - if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != keylen)){ + if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_KEYLENGTH); goto err; diff --git a/usr/src/common/openssl/crypto/evp/p_dec.c b/usr/src/common/openssl/crypto/evp/p_dec.c index 8af620400e..f64901f653 100644 --- a/usr/src/common/openssl/crypto/evp/p_dec.c +++ b/usr/src/common/openssl/crypto/evp/p_dec.c @@ -66,7 +66,7 @@ #include <openssl/objects.h> #include <openssl/x509.h> -int EVP_PKEY_decrypt(unsigned char *key, unsigned char *ek, int ekl, +int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl, EVP_PKEY *priv) { int ret= -1; diff --git a/usr/src/common/openssl/crypto/evp/p_enc.c b/usr/src/common/openssl/crypto/evp/p_enc.c index 656883b996..c2dfdc52ad 100644 --- a/usr/src/common/openssl/crypto/evp/p_enc.c +++ b/usr/src/common/openssl/crypto/evp/p_enc.c @@ -66,7 +66,7 @@ #include <openssl/objects.h> #include <openssl/x509.h> -int EVP_PKEY_encrypt(unsigned char *ek, unsigned char *key, int key_len, +int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len, EVP_PKEY *pubk) { int ret=0; diff --git a/usr/src/common/openssl/crypto/evp/p_lib.c b/usr/src/common/openssl/crypto/evp/p_lib.c index 215b94292a..22155ecf62 100644 --- a/usr/src/common/openssl/crypto/evp/p_lib.c +++ b/usr/src/common/openssl/crypto/evp/p_lib.c @@ -58,24 +58,60 @@ #include <stdio.h> #include "cryptlib.h" +#include <openssl/bn.h> +#include <openssl/err.h> #include <openssl/objects.h> #include <openssl/evp.h> #include <openssl/asn1_mac.h> #include <openssl/x509.h> +#ifndef OPENSSL_NO_RSA +#include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA +#include <openssl/dsa.h> +#endif +#ifndef OPENSSL_NO_DH +#include <openssl/dh.h> +#endif static void EVP_PKEY_free_it(EVP_PKEY *x); int EVP_PKEY_bits(EVP_PKEY *pkey) { + if (0) + return 0; #ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA) + else if (pkey->type == EVP_PKEY_RSA) return(BN_num_bits(pkey->pkey.rsa->n)); - else #endif #ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) + else if (pkey->type == EVP_PKEY_DSA) return(BN_num_bits(pkey->pkey.dsa->p)); #endif +#ifndef OPENSSL_NO_EC + else if (pkey->type == EVP_PKEY_EC) + { + BIGNUM *order = BN_new(); + const EC_GROUP *group; + int ret; + + if (!order) + { + ERR_clear_error(); + return 0; + } + group = EC_KEY_get0_group(pkey->pkey.ec); + if (!EC_GROUP_get_order(group, order, NULL)) + { + ERR_clear_error(); + return 0; + } + + ret = BN_num_bits(order); + BN_free(order); + return ret; + } +#endif return(0); } @@ -92,6 +128,11 @@ int EVP_PKEY_size(EVP_PKEY *pkey) if (pkey->type == EVP_PKEY_DSA) return(DSA_size(pkey->pkey.dsa)); #endif +#ifndef OPENSSL_NO_ECDSA + if (pkey->type == EVP_PKEY_EC) + return(ECDSA_size(pkey->pkey.ec)); +#endif + return(0); } @@ -107,10 +148,20 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) return(ret); } #endif +#ifndef OPENSSL_NO_EC + if (pkey->type == EVP_PKEY_EC) + { + int ret = pkey->save_parameters; + + if (mode >= 0) + pkey->save_parameters = mode; + return(ret); + } +#endif return(0); } -int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from) +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) { if (to->type != from->type) { @@ -141,12 +192,23 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from) to->pkey.dsa->g=a; } #endif +#ifndef OPENSSL_NO_EC + if (to->type == EVP_PKEY_EC) + { + EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec)); + if (group == NULL) + goto err; + if (EC_KEY_set_group(to->pkey.ec, group) == 0) + goto err; + EC_GROUP_free(group); + } +#endif return(1); err: return(0); } -int EVP_PKEY_missing_parameters(EVP_PKEY *pkey) +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) { #ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) @@ -158,10 +220,18 @@ int EVP_PKEY_missing_parameters(EVP_PKEY *pkey) return(1); } #endif +#ifndef OPENSSL_NO_EC + if (pkey->type == EVP_PKEY_EC) + { + if (EC_KEY_get0_group(pkey->pkey.ec) == NULL) + return(1); + } +#endif + return(0); } -int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b) +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) { #ifndef OPENSSL_NO_DSA if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) @@ -174,9 +244,72 @@ int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b) return(1); } #endif +#ifndef OPENSSL_NO_EC + if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC) + { + const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), + *group_b = EC_KEY_get0_group(b->pkey.ec); + if (EC_GROUP_cmp(group_a, group_b, NULL)) + return 0; + else + return 1; + } +#endif return(-1); } +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) + { + if (a->type != b->type) + return -1; + + if (EVP_PKEY_cmp_parameters(a, b) == 0) + return 0; + + switch (a->type) + { +#ifndef OPENSSL_NO_RSA + case EVP_PKEY_RSA: + if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0 + || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0) + return 0; + break; +#endif +#ifndef OPENSSL_NO_DSA + case EVP_PKEY_DSA: + if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0) + return 0; + break; +#endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + { + int r; + const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec); + const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), + *pb = EC_KEY_get0_public_key(b->pkey.ec); + r = EC_POINT_cmp(group, pa, pb, NULL); + if (r != 0) + { + if (r == 1) + return 0; + else + return -2; + } + } + break; +#endif +#ifndef OPENSSL_NO_DH + case EVP_PKEY_DH: + return -2; +#endif + default: + return -2; + } + + return 1; + } + EVP_PKEY *EVP_PKEY_new(void) { EVP_PKEY *ret; @@ -246,6 +379,29 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) } #endif +#ifndef OPENSSL_NO_EC + +int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) +{ + int ret = EVP_PKEY_assign_EC_KEY(pkey,key); + if (ret) + EC_KEY_up_ref(key); + return ret; +} + +EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_EC) + { + EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); + return NULL; + } + EC_KEY_up_ref(pkey->pkey.ec); + return pkey->pkey.ec; +} +#endif + + #ifndef OPENSSL_NO_DH int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) @@ -282,6 +438,8 @@ int EVP_PKEY_type(int type) return(EVP_PKEY_DSA); case EVP_PKEY_DH: return(EVP_PKEY_DH); + case EVP_PKEY_EC: + return(EVP_PKEY_EC); default: return(NID_undef); } @@ -306,6 +464,8 @@ void EVP_PKEY_free(EVP_PKEY *x) } #endif EVP_PKEY_free_it(x); + if (x->attributes) + sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); OPENSSL_free(x); } @@ -327,6 +487,11 @@ static void EVP_PKEY_free_it(EVP_PKEY *x) DSA_free(x->pkey.dsa); break; #endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + EC_KEY_free(x->pkey.ec); + break; +#endif #ifndef OPENSSL_NO_DH case EVP_PKEY_DH: DH_free(x->pkey.dh); diff --git a/usr/src/common/openssl/crypto/evp/p_open.c b/usr/src/common/openssl/crypto/evp/p_open.c index 5a933d1cda..9935206d0f 100644 --- a/usr/src/common/openssl/crypto/evp/p_open.c +++ b/usr/src/common/openssl/crypto/evp/p_open.c @@ -56,15 +56,19 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RSA #include <stdio.h> #include "cryptlib.h" + +#ifndef OPENSSL_NO_RSA + #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> +#include <openssl/rsa.h> -int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek, - int ekl, unsigned char *iv, EVP_PKEY *priv) +int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + const unsigned char *ek, int ekl, const unsigned char *iv, + EVP_PKEY *priv) { unsigned char *key=NULL; int i,size=0,ret=0; diff --git a/usr/src/common/openssl/crypto/evp/p_seal.c b/usr/src/common/openssl/crypto/evp/p_seal.c index 37e547fe72..8cc8fcb0bd 100644 --- a/usr/src/common/openssl/crypto/evp/p_seal.c +++ b/usr/src/common/openssl/crypto/evp/p_seal.c @@ -78,7 +78,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek } if ((npubk <= 0) || !pubk) return 1; - if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0) + if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) return 0; if (EVP_CIPHER_CTX_iv_length(ctx)) RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx)); diff --git a/usr/src/common/openssl/crypto/evp/p_verify.c b/usr/src/common/openssl/crypto/evp/p_verify.c index d854d743a5..21a40a375e 100644 --- a/usr/src/common/openssl/crypto/evp/p_verify.c +++ b/usr/src/common/openssl/crypto/evp/p_verify.c @@ -62,7 +62,7 @@ #include <openssl/objects.h> #include <openssl/x509.h> -int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, +int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey) { unsigned char m[EVP_MAX_MD_SIZE]; |