1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00

AppleM1: Update openssl to v1.1.1l

This commit is contained in:
winlin 2022-08-14 19:05:01 +08:00
parent 1fe12b8e8c
commit b787656eea
990 changed files with 13406 additions and 18710 deletions

View file

@ -12,8 +12,8 @@
#include "internal/cryptlib.h"
#include <openssl/buffer.h>
#include <openssl/evp.h>
#include "internal/evp_int.h"
#include "evp_locl.h"
#include "crypto/evp.h"
#include "evp_local.h"
#include "internal/bio.h"
/*

View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -38,9 +38,9 @@
of memory.
BIO_f_reliable splits data stream into blocks. Each block is prefixed
with it's length and suffixed with it's digest. So you need only
with its length and suffixed with its digest. So you need only
several Kbytes of memory to buffer single block before verifying
it's digest.
its digest.
BIO_f_reliable goes further and adds several important capabilities:
@ -76,7 +76,7 @@
#include "internal/bio.h"
#include <openssl/evp.h>
#include <openssl/rand.h>
#include "internal/evp_int.h"
#include "crypto/evp.h"
static int ok_write(BIO *h, const char *buf, int num);
static int ok_read(BIO *h, char *buf, int size);
@ -203,7 +203,7 @@ static int ok_read(BIO *b, char *out, int outl)
/*
* copy start of the next block into proper place
*/
if (ctx->buf_len_save - ctx->buf_off_save > 0) {
if (ctx->buf_len_save > ctx->buf_off_save) {
ctx->buf_len = ctx->buf_len_save - ctx->buf_off_save;
memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]),
ctx->buf_len);

View file

@ -10,7 +10,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
#include "internal/evp_int.h"
#include "crypto/evp.h"
#include <openssl/pkcs12.h>
#include <openssl/objects.h>

View file

@ -10,7 +10,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
#include "internal/evp_int.h"
#include "crypto/evp.h"
#include <openssl/pkcs12.h>
#include <openssl/objects.h>

View file

@ -10,8 +10,8 @@
#include <string.h>
#include <openssl/evp.h>
#include "internal/evp_int.h"
#include "evp_locl.h"
#include "crypto/evp.h"
#include "evp_local.h"
EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)
{

View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -12,8 +12,8 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/engine.h>
#include "internal/evp_int.h"
#include "evp_locl.h"
#include "crypto/evp.h"
#include "evp_local.h"
/* This call frees resources associated with the context */
int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
@ -150,6 +150,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
{
if (count == 0)
return 1;
return ctx->update(ctx, data, count);
}

View file

@ -1,5 +1,5 @@
/*
* Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -14,10 +14,10 @@
#include <string.h>
#include <assert.h>
#include <openssl/aes.h>
#include "internal/evp_int.h"
#include "modes_lcl.h"
#include "crypto/evp.h"
#include "modes_local.h"
#include <openssl/rand.h>
#include "evp_locl.h"
#include "evp_local.h"
typedef struct {
union {
@ -176,7 +176,7 @@ static void ctr64_inc(unsigned char *counter)
# define HWAES_xts_decrypt aes_p8_xts_decrypt
#endif
#if defined(AES_ASM) && !defined(I386_ONLY) && ( \
#if defined(OPENSSL_CPUID_OBJ) && ( \
((defined(__i386) || defined(__i386__) || \
defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
defined(__x86_64) || defined(__x86_64__) || \
@ -383,10 +383,25 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
if (!iv && !key)
return 1;
if (key) {
/* The key is two half length keys in reality */
const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2;
/*
* Verify that the two keys are different.
*
* This addresses Rogaway's vulnerability.
* See comment in aes_xts_init_key() below.
*/
if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
EVPerr(EVP_F_AESNI_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS);
return 0;
}
/* key_len is two AES keys */
if (enc) {
aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
@ -596,22 +611,22 @@ void aes_t4_decrypt(const unsigned char *in, unsigned char *out,
*/
void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
unsigned char *ivec);
unsigned char *ivec, int /*unused*/);
void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
unsigned char *ivec);
unsigned char *ivec, int /*unused*/);
void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
unsigned char *ivec);
unsigned char *ivec, int /*unused*/);
void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
unsigned char *ivec);
unsigned char *ivec, int /*unused*/);
void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
unsigned char *ivec);
unsigned char *ivec, int /*unused*/);
void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
unsigned char *ivec);
unsigned char *ivec, int /*unused*/);
void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
size_t blocks, const AES_KEY *key,
unsigned char *ivec);
@ -787,11 +802,26 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
if (!iv && !key)
return 1;
if (key) {
int bits = EVP_CIPHER_CTX_key_length(ctx) * 4;
/* The key is two half length keys in reality */
const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2;
const int bits = bytes * 8;
/*
* Verify that the two keys are different.
*
* This addresses Rogaway's vulnerability.
* See comment in aes_xts_init_key() below.
*/
if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
EVPerr(EVP_F_AES_T4_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS);
return 0;
}
xctx->stream = NULL;
/* key_len is two AES keys */
if (enc) {
@ -1097,7 +1127,7 @@ typedef struct {
} icv;
unsigned char k[32];
} kmac_param;
/* KMAC-AES paramater block - end */
/* KMAC-AES parameter block - end */
union {
unsigned long long g[2];
@ -1138,9 +1168,9 @@ typedef struct {
static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */
# define S390X_aes_192_cbc_CAPABLE 1
# define S390X_aes_256_cbc_CAPABLE 1
# define S390X_aes_128_cbc_CAPABLE 0 /* checked by callee */
# define S390X_aes_192_cbc_CAPABLE 0
# define S390X_aes_256_cbc_CAPABLE 0
# define S390X_AES_CBC_CTX EVP_AES_KEY
# define s390x_aes_cbc_init_key aes_init_key
@ -1160,11 +1190,11 @@ static int s390x_aes_ecb_init_key(EVP_CIPHER_CTX *ctx,
S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
cctx->fc = S390X_AES_FC(keylen);
if (!enc)
cctx->fc |= S390X_DECRYPT;
cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT);
if (key != NULL)
memcpy(cctx->km.param.k, key, keylen);
memcpy(cctx->km.param.k, key, keylen);
return 1;
}
@ -1192,14 +1222,17 @@ static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *ivec, int enc)
{
S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx);
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
memcpy(cctx->kmo.param.cv, iv, ivlen);
memcpy(cctx->kmo.param.k, key, keylen);
cctx->fc = S390X_AES_FC(keylen);
if (key != NULL)
memcpy(cctx->kmo.param.k, key, keylen);
cctx->res = 0;
memcpy(cctx->kmo.param.cv, oiv, ivlen);
return 1;
}
@ -1207,9 +1240,12 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
int n = cctx->res;
int rem;
memcpy(cctx->kmo.param.cv, iv, ivlen);
while (n && len) {
*out = *in ^ cctx->kmo.param.cv[n];
n = (n + 1) & 0xf;
@ -1238,6 +1274,7 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
}
memcpy(iv, cctx->kmo.param.cv, ivlen);
cctx->res = n;
return 1;
}
@ -1257,18 +1294,18 @@ static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *ivec, int enc)
{
S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx);
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
cctx->fc = S390X_AES_FC(keylen);
cctx->fc |= 16 << 24; /* 16 bytes cipher feedback */
if (!enc)
cctx->fc |= S390X_DECRYPT;
cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT)
| (16 << 24); /* 16 bytes cipher feedback */
if (key != NULL)
memcpy(cctx->kmf.param.k, key, keylen);
cctx->res = 0;
memcpy(cctx->kmf.param.cv, iv, ivlen);
memcpy(cctx->kmf.param.k, key, keylen);
memcpy(cctx->kmf.param.cv, oiv, ivlen);
return 1;
}
@ -1278,10 +1315,13 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
const int enc = EVP_CIPHER_CTX_encrypting(ctx);
const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
int n = cctx->res;
int rem;
unsigned char tmp;
memcpy(cctx->kmf.param.cv, iv, ivlen);
while (n && len) {
tmp = *in;
*out = cctx->kmf.param.cv[n] ^ tmp;
@ -1314,6 +1354,7 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
}
memcpy(iv, cctx->kmf.param.cv, ivlen);
cctx->res = n;
return 1;
}
@ -1330,17 +1371,18 @@ static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *ivec, int enc)
{
S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx);
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
cctx->fc = S390X_AES_FC(keylen);
cctx->fc |= 1 << 24; /* 1 byte cipher feedback */
if (!enc)
cctx->fc |= S390X_DECRYPT;
cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT)
| (1 << 24); /* 1 byte cipher feedback flag */
memcpy(cctx->kmf.param.cv, iv, ivlen);
memcpy(cctx->kmf.param.k, key, keylen);
if (key != NULL)
memcpy(cctx->kmf.param.k, key, keylen);
cctx->res = 0;
memcpy(cctx->kmf.param.cv, oiv, ivlen);
return 1;
}
@ -1348,8 +1390,12 @@ static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
memcpy(cctx->kmf.param.cv, iv, ivlen);
s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param);
memcpy(iv, cctx->kmf.param.cv, ivlen);
return 1;
}
@ -1363,9 +1409,9 @@ static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */
# define S390X_aes_192_ctr_CAPABLE 1
# define S390X_aes_256_ctr_CAPABLE 1
# define S390X_aes_128_ctr_CAPABLE 0 /* checked by callee */
# define S390X_aes_192_ctr_CAPABLE 0
# define S390X_aes_256_ctr_CAPABLE 0
# define S390X_AES_CTR_CTX EVP_AES_KEY
# define s390x_aes_ctr_init_key aes_init_key
@ -1384,7 +1430,7 @@ static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
(OPENSSL_s390xcap_P.kma[0] & \
S390X_CAPBIT(S390X_AES_256)))
/* iv + padding length for iv lenghts != 12 */
/* iv + padding length for iv lengths != 12 */
# define S390X_gcm_ivpadlen(i) ((((i) + 15) >> 4 << 4) + 16)
/*-
@ -1533,8 +1579,7 @@ static int s390x_aes_gcm(S390X_AES_GCM_CTX *ctx, const unsigned char *in,
/*-
* Initialize context structure. Code is big-endian.
*/
static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx,
const unsigned char *iv)
static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx)
{
ctx->kma.param.t.g[0] = 0;
ctx->kma.param.t.g[1] = 0;
@ -1545,12 +1590,11 @@ static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx,
ctx->kreslen = 0;
if (ctx->ivlen == 12) {
memcpy(&ctx->kma.param.j0, iv, ctx->ivlen);
memcpy(&ctx->kma.param.j0, ctx->iv, ctx->ivlen);
ctx->kma.param.j0.w[3] = 1;
ctx->kma.param.cv.w = 1;
} else {
/* ctx->iv has the right size and is already padded. */
memcpy(ctx->iv, iv, ctx->ivlen);
s390x_kma(ctx->iv, S390X_gcm_ivpadlen(ctx->ivlen), NULL, 0, NULL,
ctx->fc, &ctx->kma.param);
ctx->fc |= S390X_KMA_HS;
@ -1578,7 +1622,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
switch (type) {
case EVP_CTRL_INIT:
ivlen = EVP_CIPHER_CTX_iv_length(c);
ivlen = EVP_CIPHER_iv_length(c->cipher);
iv = EVP_CIPHER_CTX_iv_noconst(c);
gctx->key_set = 0;
gctx->iv_set = 0;
@ -1589,6 +1633,10 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
gctx->tls_aad_len = -1;
return 1;
case EVP_CTRL_GET_IVLEN:
*(int *)ptr = gctx->ivlen;
return 1;
case EVP_CTRL_AEAD_SET_IVLEN:
if (arg <= 0)
return 0;
@ -1660,7 +1708,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
if (gctx->iv_gen == 0 || gctx->key_set == 0)
return 0;
s390x_aes_gcm_setiv(gctx, gctx->iv);
s390x_aes_gcm_setiv(gctx);
if (arg <= 0 || arg > gctx->ivlen)
arg = gctx->ivlen;
@ -1680,7 +1728,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
return 0;
memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
s390x_aes_gcm_setiv(gctx, gctx->iv);
s390x_aes_gcm_setiv(gctx);
gctx->iv_set = 1;
return 1;
@ -1736,43 +1784,36 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
}
/*-
* Set key and/or iv. Returns 1 on success. Otherwise 0 is returned.
* Set key or iv or enc/dec. Returns 1 on success. Otherwise 0 is returned.
*/
static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
const unsigned char *iv, int enc)
{
S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
int keylen;
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
if (iv == NULL && key == NULL)
return 1;
gctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT);
if (key != NULL) {
keylen = EVP_CIPHER_CTX_key_length(ctx);
gctx->fc &= ~S390X_KMA_HS;
memcpy(&gctx->kma.param.k, key, keylen);
gctx->fc = S390X_AES_FC(keylen);
if (!enc)
gctx->fc |= S390X_DECRYPT;
if (iv == NULL && gctx->iv_set)
iv = gctx->iv;
if (iv != NULL) {
s390x_aes_gcm_setiv(gctx, iv);
gctx->iv_set = 1;
}
gctx->key_set = 1;
} else {
if (gctx->key_set)
s390x_aes_gcm_setiv(gctx, iv);
else
memcpy(gctx->iv, iv, gctx->ivlen);
gctx->iv_set = 1;
gctx->iv_gen = 0;
}
if (iv != NULL) {
memcpy(gctx->iv, iv, gctx->ivlen);
gctx->iv_gen = 0;
gctx->iv_set = 1;
}
if (gctx->key_set && gctx->iv_set)
s390x_aes_gcm_setiv(gctx);
gctx->fc &= ~(S390X_KMA_LPC | S390X_KMA_LAAD);
gctx->areslen = 0;
gctx->mreslen = 0;
gctx->kreslen = 0;
return 1;
}
@ -1861,7 +1902,6 @@ static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
/* recall that we already did en-/decrypt gctx->mres
* and returned it to caller... */
OPENSSL_cleanse(tmp, gctx->mreslen);
gctx->iv_set = 0;
enc = EVP_CIPHER_CTX_encrypting(ctx);
if (enc) {
@ -1895,8 +1935,8 @@ static int s390x_aes_gcm_cleanup(EVP_CIPHER_CTX *c)
}
# define S390X_AES_XTS_CTX EVP_AES_XTS_CTX
# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */
# define S390X_aes_256_xts_CAPABLE 1
# define S390X_aes_128_xts_CAPABLE 0 /* checked by callee */
# define S390X_aes_256_xts_CAPABLE 0
# define s390x_aes_xts_init_key aes_xts_init_key
static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx,
@ -2100,9 +2140,10 @@ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
const unsigned char *ivec = EVP_CIPHER_CTX_iv(ctx);
unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
const int enc = EVP_CIPHER_CTX_encrypting(ctx);
unsigned char iv[EVP_MAX_IV_LENGTH];
if (out != in
|| len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m))
@ -2118,8 +2159,9 @@ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
* Get explicit iv (sequence number). We already have fixed iv
* (server/client_write_iv) here.
*/
memcpy(ivec + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
s390x_aes_ccm_setiv(cctx, ivec, len);
memcpy(iv, ivec, sizeof(iv));
memcpy(iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
s390x_aes_ccm_setiv(cctx, iv, len);
/* Process aad (sequence number|type|version|length) */
s390x_aes_ccm_aad(cctx, buf, cctx->aes.ccm.tls_aad_len);
@ -2146,42 +2188,35 @@ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
/*-
* Set key and flag field and/or iv. Returns 1 if successful. Otherwise 0 is
* returned.
* Set key or iv or enc/dec. Returns 1 if successful.
* Otherwise 0 is returned.
*/
static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
const unsigned char *iv, int enc)
{
S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
unsigned char *ivec;
int keylen;
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
if (iv == NULL && key == NULL)
return 1;
cctx->aes.ccm.fc = S390X_AES_FC(keylen);
if (key != NULL) {
keylen = EVP_CIPHER_CTX_key_length(ctx);
cctx->aes.ccm.fc = S390X_AES_FC(keylen);
memcpy(cctx->aes.ccm.kmac_param.k, key, keylen);
/* Store encoded m and l. */
cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7)
| (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3;
memset(cctx->aes.ccm.nonce.b + 1, 0,
sizeof(cctx->aes.ccm.nonce.b));
cctx->aes.ccm.blocks = 0;
cctx->aes.ccm.key_set = 1;
}
if (iv != NULL) {
ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
memcpy(ivec, iv, 15 - cctx->aes.ccm.l);
cctx->aes.ccm.iv_set = 1;
}
/* Store encoded m and l. */
cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7)
| (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3;
memset(cctx->aes.ccm.nonce.b + 1, 0, sizeof(cctx->aes.ccm.nonce.b) - 1);
cctx->aes.ccm.blocks = 0;
cctx->aes.ccm.len_set = 0;
return 1;
}
@ -2196,8 +2231,9 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
{
S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
const int enc = EVP_CIPHER_CTX_encrypting(ctx);
const unsigned char *ivec = EVP_CIPHER_CTX_iv(ctx);
unsigned char *buf;
int rv;
unsigned char *buf, *ivec;
if (!cctx->aes.ccm.key_set)
return -1;
@ -2216,13 +2252,9 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (!cctx->aes.ccm.iv_set)
return -1;
if (!enc && !cctx->aes.ccm.tag_set)
return -1;
if (out == NULL) {
/* Update(): Pass message length. */
if (in == NULL) {
ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
s390x_aes_ccm_setiv(cctx, ivec, len);
cctx->aes.ccm.len_set = 1;
@ -2237,6 +2269,10 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
return len;
}
/* The tag must be set before actually decrypting data */
if (!enc && !cctx->aes.ccm.tag_set)
return -1;
/* Update(): Process message. */
if (!cctx->aes.ccm.len_set) {
@ -2244,7 +2280,6 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
* In case message length was not previously set explicitly via
* Update(), set it now.
*/
ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
s390x_aes_ccm_setiv(cctx, ivec, len);
cctx->aes.ccm.len_set = 1;
@ -2269,9 +2304,6 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (rv == -1)
OPENSSL_cleanse(out, len);
cctx->aes.ccm.iv_set = 0;
cctx->aes.ccm.tag_set = 0;
cctx->aes.ccm.len_set = 0;
return rv;
}
}
@ -2298,6 +2330,10 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
cctx->aes.ccm.tls_aad_len = -1;
return 1;
case EVP_CTRL_GET_IVLEN:
*(int *)ptr = 15 - cctx->aes.ccm.l;
return 1;
case EVP_CTRL_AEAD_TLS1_AAD:
if (arg != EVP_AEAD_TLS1_AAD_LEN)
return 0;
@ -2375,9 +2411,6 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
return 0;
memcpy(ptr, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m);
cctx->aes.ccm.tag_set = 0;
cctx->aes.ccm.iv_set = 0;
cctx->aes.ccm.len_set = 0;
return 1;
case EVP_CTRL_COPY:
@ -2414,7 +2447,7 @@ static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize, \
keylen / 8, \
ivlen, \
flags | EVP_CIPH_##MODE##_MODE, \
flags | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_##MODE##_MODE, \
s390x_aes_##mode##_init_key, \
s390x_aes_##mode##_cipher, \
NULL, \
@ -2451,7 +2484,7 @@ static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \
blocksize, \
(EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8, \
ivlen, \
flags | EVP_CIPH_##MODE##_MODE, \
flags | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_##MODE##_MODE, \
s390x_aes_##mode##_init_key, \
s390x_aes_##mode##_cipher, \
s390x_aes_##mode##_cleanup, \
@ -2816,13 +2849,17 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
case EVP_CTRL_INIT:
gctx->key_set = 0;
gctx->iv_set = 0;
gctx->ivlen = c->cipher->iv_len;
gctx->ivlen = EVP_CIPHER_iv_length(c->cipher);
gctx->iv = c->iv;
gctx->taglen = -1;
gctx->iv_gen = 0;
gctx->tls_aad_len = -1;
return 1;
case EVP_CTRL_GET_IVLEN:
*(int *)ptr = gctx->ivlen;
return 1;
case EVP_CTRL_AEAD_SET_IVLEN:
if (arg <= 0)
return 0;
@ -3272,7 +3309,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
#define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \
| EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
| EVP_CIPH_CUSTOM_COPY)
| EVP_CIPH_CUSTOM_COPY | EVP_CIPH_CUSTOM_IV_LENGTH)
BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
@ -3283,10 +3320,12 @@ BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM,
static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,c);
EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX, c);
if (type == EVP_CTRL_COPY) {
EVP_CIPHER_CTX *out = ptr;
EVP_AES_XTS_CTX *xctx_out = EVP_C_DATA(EVP_AES_XTS_CTX,out);
if (xctx->xts.key1) {
if (xctx->xts.key1 != &xctx->ks1)
return 0;
@ -3310,11 +3349,36 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
if (!iv && !key)
return 1;
if (key)
do {
/* The key is two half length keys in reality */
const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2;
/*
* Verify that the two keys are different.
*
* This addresses the vulnerability described in Rogaway's
* September 2004 paper:
*
* "Efficient Instantiations of Tweakable Blockciphers and
* Refinements to Modes OCB and PMAC".
* (http://web.cs.ucdavis.edu/~rogaway/papers/offsets.pdf)
*
* FIPS 140-2 IG A.9 XTS-AES Key Generation Requirements states
* that:
* "The check for Key_1 != Key_2 shall be done at any place
* BEFORE using the keys in the XTS-AES algorithm to process
* data with them."
*/
if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
EVPerr(EVP_F_AES_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS);
return 0;
}
#ifdef AES_XTS_ASM
xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
#else
@ -3447,7 +3511,9 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
cctx->len_set = 0;
cctx->tls_aad_len = -1;
return 1;
case EVP_CTRL_GET_IVLEN:
*(int *)ptr = 15 - cctx->L;
return 1;
case EVP_CTRL_AEAD_TLS1_AAD:
/* Save the AAD for later use */
if (arg != EVP_AEAD_TLS1_AAD_LEN)
@ -3643,8 +3709,6 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (!cctx->iv_set)
return -1;
if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
return -1;
if (!out) {
if (!in) {
if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
@ -3659,6 +3723,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
CRYPTO_ccm128_aad(ccm, in, len);
return len;
}
/* The tag must be set before actually decrypting data */
if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
return -1;
/* If not set length yet do it */
if (!cctx->len_set) {
if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
@ -3893,13 +3962,17 @@ static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
case EVP_CTRL_INIT:
octx->key_set = 0;
octx->iv_set = 0;
octx->ivlen = EVP_CIPHER_CTX_iv_length(c);
octx->ivlen = EVP_CIPHER_iv_length(c->cipher);
octx->iv = EVP_CIPHER_CTX_iv_noconst(c);
octx->taglen = 16;
octx->data_buf_len = 0;
octx->aad_buf_len = 0;
return 1;
case EVP_CTRL_GET_IVLEN:
*(int *)ptr = octx->ivlen;
return 1;
case EVP_CTRL_AEAD_SET_IVLEN:
/* IV len must be 1 to 15 */
if (arg <= 0 || arg > 15)

View file

@ -17,9 +17,9 @@
#include <openssl/aes.h>
#include <openssl/sha.h>
#include <openssl/rand.h>
#include "modes_lcl.h"
#include "internal/evp_int.h"
#include "internal/constant_time_locl.h"
#include "modes_local.h"
#include "crypto/evp.h"
#include "internal/constant_time.h"
typedef struct {
AES_KEY ks;
@ -33,7 +33,7 @@ typedef struct {
#define NO_PAYLOAD_LENGTH ((size_t)-1)
#if defined(AES_ASM) && ( \
#if defined(AESNI_ASM) && ( \
defined(__x86_64) || defined(__x86_64__) || \
defined(_M_AMD64) || defined(_M_X64) )

View file

@ -18,9 +18,9 @@
#include <openssl/aes.h>
#include <openssl/sha.h>
#include <openssl/rand.h>
#include "modes_lcl.h"
#include "internal/constant_time_locl.h"
#include "internal/evp_int.h"
#include "modes_local.h"
#include "internal/constant_time.h"
#include "crypto/evp.h"
typedef struct {
AES_KEY ks;
@ -34,7 +34,7 @@ typedef struct {
# define NO_PAYLOAD_LENGTH ((size_t)-1)
#if defined(AES_ASM) && ( \
#if defined(AESNI_ASM) && ( \
defined(__x86_64) || defined(__x86_64__) || \
defined(_M_AMD64) || defined(_M_X64) )
@ -947,4 +947,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void)
{
return NULL;
}
#endif
#endif /* AESNI_ASM */

View file

@ -1,5 +1,5 @@
/*
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
@ -14,10 +14,10 @@
# include <openssl/modes.h>
# include <openssl/rand.h>
# include <openssl/rand_drbg.h>
# include "internal/aria.h"
# include "internal/evp_int.h"
# include "modes_lcl.h"
# include "evp_locl.h"
# include "crypto/aria.h"
# include "crypto/evp.h"
# include "modes_local.h"
# include "evp_local.h"
/* ARIA subkey Structure */
typedef struct {
@ -252,7 +252,7 @@ static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
case EVP_CTRL_INIT:
gctx->key_set = 0;
gctx->iv_set = 0;
gctx->ivlen = EVP_CIPHER_CTX_iv_length(c);
gctx->ivlen = EVP_CIPHER_iv_length(c->cipher);
gctx->iv = EVP_CIPHER_CTX_iv_noconst(c);
gctx->taglen = -1;
gctx->iv_gen = 0;
@ -274,6 +274,10 @@ static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
gctx->ivlen = arg;
return 1;
case EVP_CTRL_GET_IVLEN:
*(int *)ptr = gctx->ivlen;
return 1;
case EVP_CTRL_AEAD_SET_TAG:
if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_encrypting(c))
return 0;
@ -486,6 +490,16 @@ static int aria_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
return 0;
}
static int aria_gcm_cleanup(EVP_CIPHER_CTX *ctx)
{
EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX, ctx);
if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(ctx))
OPENSSL_free(gctx->iv);
return 1;
}
static int aria_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
@ -563,6 +577,10 @@ static int aria_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg);
return 1;
case EVP_CTRL_GET_IVLEN:
*(int *)ptr = 15 - cctx->L;
return 1;
case EVP_CTRL_AEAD_SET_IVLEN:
arg = 15 - arg;
/* fall thru */
@ -677,8 +695,6 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (!cctx->iv_set)
return -1;
if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
return -1;
if (!out) {
if (!in) {
if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
@ -693,6 +709,11 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
CRYPTO_ccm128_aad(ccm, in, len);
return len;
}
/* The tag must be set before actually decrypting data */
if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
return -1;
/* If not set length yet do it */
if (!cctx->len_set) {
if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
@ -727,10 +748,13 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
}
#define aria_ccm_cleanup NULL
#define ARIA_AUTH_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \
| EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
| EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_AEAD_CIPHER)
| EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_AEAD_CIPHER \
| EVP_CIPH_CUSTOM_IV_LENGTH)
#define BLOCK_CIPHER_aead(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
static const EVP_CIPHER aria_##keylen##_##mode = { \
@ -739,7 +763,7 @@ static const EVP_CIPHER aria_##keylen##_##mode = { \
ARIA_AUTH_FLAGS|EVP_CIPH_##MODE##_MODE, \
aria_##mode##_init_key, \
aria_##mode##_cipher, \
NULL, \
aria_##mode##_cleanup, \
sizeof(EVP_ARIA_##MODE##_CTX), \
NULL,NULL,aria_##mode##_ctrl,NULL }; \
const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \

View file

@ -11,7 +11,7 @@
#include "internal/cryptlib.h"
#ifndef OPENSSL_NO_BF
# include <openssl/evp.h>
# include "internal/evp_int.h"
# include "crypto/evp.h"
# include <openssl/objects.h>
# include <openssl/blowfish.h>

View file

@ -1,5 +1,5 @@
/*
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -17,8 +17,8 @@ NON_EMPTY_TRANSLATION_UNIT
# include <string.h>
# include <assert.h>
# include <openssl/camellia.h>
# include "internal/evp_int.h"
# include "modes_lcl.h"
# include "crypto/evp.h"
# include "modes_local.h"
static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
@ -55,16 +55,16 @@ void cmll_t4_decrypt(const unsigned char *in, unsigned char *out,
void cmll128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const CAMELLIA_KEY *key,
unsigned char *ivec);
unsigned char *ivec, int /*unused*/);
void cmll128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const CAMELLIA_KEY *key,
unsigned char *ivec);
unsigned char *ivec, int /*unused*/);
void cmll256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const CAMELLIA_KEY *key,
unsigned char *ivec);
unsigned char *ivec, int /*unused*/);
void cmll256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const CAMELLIA_KEY *key,
unsigned char *ivec);
unsigned char *ivec, int /*unused*/);
void cmll128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
size_t blocks, const CAMELLIA_KEY *key,
unsigned char *ivec);

View file

@ -13,7 +13,7 @@
#ifndef OPENSSL_NO_CAST
# include <openssl/evp.h>
# include <openssl/objects.h>
# include "internal/evp_int.h"
# include "crypto/evp.h"
# include <openssl/cast.h>
static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

View file

@ -1,5 +1,5 @@
/*
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -14,9 +14,9 @@
# include <openssl/evp.h>
# include <openssl/objects.h>
# include "evp_locl.h"
# include "internal/evp_int.h"
# include "internal/chacha.h"
# include "evp_local.h"
# include "crypto/evp.h"
# include "crypto/chacha.h"
typedef struct {
union {
@ -30,6 +30,8 @@ typedef struct {
#define data(ctx) ((EVP_CHACHA_KEY *)(ctx)->cipher_data)
#define CHACHA20_POLY1305_MAX_IVLEN 12
static int chacha_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char user_key[CHACHA_KEY_SIZE],
const unsigned char iv[CHACHA_CTR_SIZE], int enc)
@ -144,7 +146,7 @@ const EVP_CIPHER *EVP_chacha20(void)
}
# ifndef OPENSSL_NO_POLY1305
# include "internal/poly1305.h"
# include "crypto/poly1305.h"
typedef struct {
EVP_CHACHA_KEY key;
@ -532,8 +534,12 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
}
return 1;
case EVP_CTRL_GET_IVLEN:
*(int *)ptr = actx->nonce_len;
return 1;
case EVP_CTRL_AEAD_SET_IVLEN:
if (arg <= 0 || arg > CHACHA_CTR_SIZE)
if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN)
return 0;
actx->nonce_len = arg;
return 1;
@ -611,7 +617,8 @@ static EVP_CIPHER chacha20_poly1305 = {
12, /* iv_len, 96-bit nonce in the context */
EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CUSTOM_IV |
EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT |
EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER,
EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER |
EVP_CIPH_CUSTOM_IV_LENGTH,
chacha20_poly1305_init_key,
chacha20_poly1305_cipher,
chacha20_poly1305_cleanup,

View file

@ -12,7 +12,7 @@
#ifndef OPENSSL_NO_DES
# include <openssl/evp.h>
# include <openssl/objects.h>
# include "internal/evp_int.h"
# include "crypto/evp.h"
# include <openssl/des.h>
# include <openssl/rand.h>

View file

@ -12,10 +12,10 @@
#ifndef OPENSSL_NO_DES
# include <openssl/evp.h>
# include <openssl/objects.h>
# include "internal/evp_int.h"
# include "crypto/evp.h"
# include <openssl/des.h>
# include <openssl/rand.h>
# include "evp_locl.h"
# include "evp_local.h"
typedef struct {
union {

View file

@ -13,7 +13,7 @@
#ifndef OPENSSL_NO_IDEA
# include <openssl/evp.h>
# include <openssl/objects.h>
# include "internal/evp_int.h"
# include "crypto/evp.h"
# include <openssl/idea.h>
/* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */

View file

@ -11,7 +11,7 @@
#include "internal/cryptlib.h"
#include <openssl/evp.h>
#include <openssl/objects.h>
#include "internal/evp_int.h"
#include "crypto/evp.h"
static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);

View file

@ -14,7 +14,7 @@
# include <openssl/evp.h>
# include <openssl/objects.h>
# include "internal/evp_int.h"
# include "crypto/evp.h"
# include <openssl/rc2.h>
static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

View file

@ -16,7 +16,7 @@
# include <openssl/objects.h>
# include <openssl/rc4.h>
# include "internal/evp_int.h"
# include "crypto/evp.h"
typedef struct {
RC4_KEY ks; /* working key */

View file

@ -19,7 +19,7 @@
# include <openssl/objects.h>
# include <openssl/rc4.h>
# include <openssl/md5.h>
# include "internal/evp_int.h"
# include "crypto/evp.h"
typedef struct {
RC4_KEY ks;

View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -13,9 +13,9 @@
#ifndef OPENSSL_NO_RC5
# include <openssl/evp.h>
# include "internal/evp_int.h"
# include "crypto/evp.h"
# include <openssl/objects.h>
# include "evp_locl.h"
# include "evp_local.h"
# include <openssl/rc5.h>
static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@ -66,6 +66,10 @@ static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
if (EVP_CIPHER_CTX_key_length(ctx) > 255) {
EVPerr(EVP_F_R_32_12_16_INIT_KEY, EVP_R_BAD_KEY_LENGTH);
return 0;
}
RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
key, data(ctx)->rounds);
return 1;

View file

@ -16,7 +16,7 @@ NON_EMPTY_TRANSLATION_UNIT
# include <string.h>
# include <assert.h>
# include <openssl/seed.h>
# include "internal/evp_int.h"
# include "crypto/evp.h"
static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);

View file

@ -13,8 +13,8 @@
#ifndef OPENSSL_NO_SM4
# include <openssl/evp.h>
# include <openssl/modes.h>
# include "internal/sm4.h"
# include "internal/evp_int.h"
# include "crypto/sm4.h"
# include "crypto/evp.h"
typedef struct {
SM4_KEY ks;

View file

@ -14,7 +14,7 @@
# include <openssl/evp.h>
# include <openssl/objects.h>
# include "internal/evp_int.h"
# include "crypto/evp.h"
# include <openssl/des.h>
static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -11,8 +11,8 @@
#include <limits.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
#include "evp_locl.h"
#include "internal/evp_int.h"
#include "evp_local.h"
#include "crypto/evp.h"
static unsigned char conv_ascii2bin(unsigned char a,
const unsigned char *table);
@ -423,7 +423,7 @@ static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
table = data_ascii2bin;
/* trim white space from the start of the line. */
while ((conv_ascii2bin(*f, table) == B64_WS) && (n > 0)) {
while ((n > 0) && (conv_ascii2bin(*f, table) == B64_WS)) {
f++;
n--;
}

View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -8,6 +8,7 @@
*/
#include <stdio.h>
#include <limits.h>
#include <assert.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
@ -15,8 +16,8 @@
#include <openssl/rand.h>
#include <openssl/rand_drbg.h>
#include <openssl/engine.h>
#include "internal/evp_int.h"
#include "evp_locl.h"
#include "crypto/evp.h"
#include "evp_local.h"
int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
{
@ -305,6 +306,17 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
bl = ctx->cipher->block_size;
/*
* CCM mode needs to know about the case where inl == 0 && in == NULL - it
* means the plaintext/ciphertext length is 0
*/
if (inl < 0
|| (inl == 0
&& EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)) {
*outl = 0;
return inl == 0;
}
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
/* If block size > 1 then the cipher will have to do this check */
if (bl == 1 && is_partially_overlapping(out, in, cmpl)) {
@ -320,10 +332,6 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
return 1;
}
if (inl <= 0) {
*outl = 0;
return inl == 0;
}
if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
return 0;
@ -348,6 +356,19 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
return 1;
} else {
j = bl - i;
/*
* Once we've processed the first j bytes from in, the amount of
* data left that is a multiple of the block length is:
* (inl - j) & ~(bl - 1)
* We must ensure that this amount of data, plus the one block that
* we process from ctx->buf does not exceed INT_MAX
*/
if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE,
EVP_R_OUTPUT_WOULD_OVERFLOW);
return 0;
}
memcpy(&(ctx->buf[i]), in, j);
inl -= j;
in += j;
@ -457,6 +478,17 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
cmpl = (cmpl + 7) / 8;
/*
* CCM mode needs to know about the case where inl == 0 - it means the
* plaintext/ciphertext length is 0
*/
if (inl < 0
|| (inl == 0
&& EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)) {
*outl = 0;
return inl == 0;
}
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
if (b == 1 && is_partially_overlapping(out, in, cmpl)) {
EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
@ -472,11 +504,6 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
return 1;
}
if (inl <= 0) {
*outl = 0;
return inl == 0;
}
if (ctx->flags & EVP_CIPH_NO_PADDING)
return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
@ -489,6 +516,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
return 0;
}
/*
* final_used is only ever set if buf_len is 0. Therefore the maximum
* length output we will ever see from evp_EncryptDecryptUpdate is
* the maximum multiple of the block length that is <= inl, or just:
* inl & ~(b - 1)
* Since final_used has been set then the final output length is:
* (inl & ~(b - 1)) + b
* This must never exceed INT_MAX
*/
if ((inl & ~(b - 1)) > INT_MAX - b) {
EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW);
return 0;
}
memcpy(out, ctx->final, b);
out += b;
fix_len = 1;

View file

@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -15,11 +15,15 @@
static const ERR_STRING_DATA EVP_str_functs[] = {
{ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_INIT_KEY, 0), "aesni_init_key"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_XTS_INIT_KEY, 0), "aesni_xts_init_key"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_AES_GCM_CTRL, 0), "aes_gcm_ctrl"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_AES_INIT_KEY, 0), "aes_init_key"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_AES_OCB_CIPHER, 0), "aes_ocb_cipher"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_XTS_INIT_KEY, 0),
"aes_t4_xts_init_key"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_AES_WRAP_CIPHER, 0), "aes_wrap_cipher"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_AES_XTS_INIT_KEY, 0), "aes_xts_init_key"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_ALG_MODULE_INIT, 0), "alg_module_init"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_CCM_INIT_KEY, 0), "aria_ccm_init_key"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_CTRL, 0), "aria_gcm_ctrl"},
@ -149,6 +153,8 @@ static const ERR_STRING_DATA EVP_str_functs[] = {
{ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_RC2_MAGIC_TO_METH, 0), "rc2_magic_to_meth"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_RC5_CTRL, 0), "rc5_ctrl"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_R_32_12_16_INIT_KEY, 0),
"r_32_12_16_init_key"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_CTRL, 0), "s390x_aes_gcm_ctrl"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"},
{0, NULL}
@ -160,6 +166,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ARIA_KEY_SETUP_FAILED),
"aria key setup failed"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_DECRYPT), "bad decrypt"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_KEY_LENGTH), "bad key length"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BUFFER_TOO_SMALL), "buffer too small"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CAMELLIA_KEY_SETUP_FAILED),
"camellia key setup failed"},
@ -206,6 +213,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
"input not initialized"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST), "invalid digest"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_IV_LENGTH), "invalid iv length"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_OPERATION), "invalid operation"},
@ -231,6 +239,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
"operation not supported for this keytype"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
"operaton not initialized"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW),
"output would overflow"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
"partially overlapping buffers"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
@ -266,6 +276,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
"wrap mode not allowed"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH),
"wrong final block length"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS),
"xts duplicated keys"},
{0, NULL}
};

View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -11,8 +11,8 @@
#include "internal/cryptlib.h"
#include <openssl/evp.h>
#include <openssl/objects.h>
#include "internal/evp_int.h"
#include "evp_locl.h"
#include "crypto/evp.h"
#include "evp_local.h"
int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
{
@ -242,6 +242,13 @@ int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
{
int i, rv;
if ((EVP_CIPHER_flags(ctx->cipher) & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) {
rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN,
0, &i);
return (rv == 1) ? i : -1;
}
return ctx->cipher->iv_len;
}

View file

@ -12,7 +12,7 @@
#include <openssl/evp.h>
#include <openssl/pkcs12.h>
#include <openssl/x509.h>
#include "evp_locl.h"
#include "evp_local.h"
/* Password based encryption (PBE) functions */

View file

@ -12,9 +12,9 @@
#include "internal/cryptlib.h"
#include <openssl/x509.h>
#include <openssl/rand.h>
#include "internal/asn1_int.h"
#include "internal/evp_int.h"
#include "internal/x509_int.h"
#include "crypto/asn1.h"
#include "crypto/evp.h"
#include "crypto/x509.h"
/* Extract a private key from a PKCS8 structure */

View file

@ -18,7 +18,7 @@
# include <openssl/md2.h>
# include <openssl/rsa.h>
#include "internal/evp_int.h"
#include "crypto/evp.h"
static int init(EVP_MD_CTX *ctx)
{

View file

@ -17,7 +17,7 @@
# include <openssl/x509.h>
# include <openssl/md4.h>
# include <openssl/rsa.h>
# include "internal/evp_int.h"
# include "crypto/evp.h"
static int init(EVP_MD_CTX *ctx)
{

View file

@ -17,7 +17,7 @@
# include <openssl/x509.h>
# include <openssl/md5.h>
# include <openssl/rsa.h>
# include "internal/evp_int.h"
# include "crypto/evp.h"
static int init(EVP_MD_CTX *ctx)
{

View file

@ -15,7 +15,7 @@
# include <openssl/md5.h>
# include <openssl/sha.h>
# include "internal/cryptlib.h"
# include "internal/evp_int.h"
# include "crypto/evp.h"
# include <openssl/rsa.h>
struct md5_sha1_ctx {

View file

@ -17,7 +17,7 @@
# include <openssl/x509.h>
# include <openssl/mdc2.h>
# include <openssl/rsa.h>
# include "internal/evp_int.h"
# include "crypto/evp.h"
static int init(EVP_MD_CTX *ctx)
{

View file

@ -12,7 +12,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include "internal/evp_int.h"
#include "crypto/evp.h"
static int init(EVP_MD_CTX *ctx)
{

View file

@ -17,7 +17,7 @@
# include <openssl/objects.h>
# include <openssl/x509.h>
# include <openssl/rsa.h>
# include "internal/evp_int.h"
# include "crypto/evp.h"
static int init(EVP_MD_CTX *ctx)
{

View file

@ -14,8 +14,8 @@
#include <openssl/objects.h>
#include <openssl/sha.h>
#include <openssl/rsa.h>
#include "internal/evp_int.h"
#include "internal/sha.h"
#include "crypto/evp.h"
#include "crypto/sha.h"
static int init(EVP_MD_CTX *ctx)
{

View file

@ -1,5 +1,5 @@
/*
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -12,8 +12,8 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include "internal/evp_int.h"
#include "evp_locl.h"
#include "crypto/evp.h"
#include "evp_local.h"
size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len,
size_t r);
@ -108,6 +108,9 @@ static int sha3_final(EVP_MD_CTX *evp_ctx, unsigned char *md)
size_t bsz = ctx->block_size;
size_t num = ctx->num;
if (ctx->md_size == 0)
return 1;
/*
* Pad the data with 10*1. Note that |num| can be |bsz - 1|
* in which case both byte operations below are performed on

View file

@ -12,8 +12,8 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include "internal/evp_int.h"
#include "evp_locl.h"
#include "crypto/evp.h"
#include "evp_local.h"
static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
{

View file

@ -16,7 +16,7 @@
# include <openssl/objects.h>
# include <openssl/x509.h>
# include <openssl/whrlpool.h>
# include "internal/evp_int.h"
# include "crypto/evp.h"
static int init(EVP_MD_CTX *ctx)
{

View file

@ -10,9 +10,9 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
#include "internal/objects.h"
#include "crypto/objects.h"
#include <openssl/x509.h>
#include "internal/evp_int.h"
#include "crypto/evp.h"
int EVP_add_cipher(const EVP_CIPHER *c)
{

View file

@ -1,5 +1,5 @@
/*
* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -28,7 +28,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
EVP_MD_CTX *ctx;
unsigned char md_tmp[EVP_MAX_MD_SIZE];
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
int i;
int i, ivl, kl;
PBEPARAM *pbe;
int saltlen, iter;
unsigned char *salt;
@ -48,6 +48,19 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
return 0;
}
ivl = EVP_CIPHER_iv_length(cipher);
if (ivl < 0 || ivl > 16) {
EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_IV_LENGTH);
PBEPARAM_free(pbe);
return 0;
}
kl = EVP_CIPHER_key_length(cipher);
if (kl < 0 || kl > (int)sizeof(md_tmp)) {
EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_KEY_LENGTH);
PBEPARAM_free(pbe);
return 0;
}
if (!pbe->iter)
iter = 1;
else
@ -73,6 +86,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
if (!EVP_DigestUpdate(ctx, salt, saltlen))
goto err;
PBEPARAM_free(pbe);
pbe = NULL;
if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
goto err;
mdsize = EVP_MD_size(md);
@ -86,11 +100,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
goto err;
}
OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));
memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
EVP_CIPHER_iv_length(cipher));
memcpy(key, md_tmp, kl);
memcpy(iv, md_tmp + (16 - ivl), ivl);
if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
goto err;
OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
@ -98,6 +109,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
rv = 1;
err:
PBEPARAM_free(pbe);
EVP_MD_CTX_free(ctx);
return rv;
}

View file

@ -13,7 +13,7 @@
# include <openssl/x509.h>
# include <openssl/evp.h>
# include <openssl/hmac.h>
# include "evp_locl.h"
# include "evp_local.h"
/* set this to print out info about the keygen algorithm */
/* #define OPENSSL_DEBUG_PKCS5V2 */

View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -21,8 +21,8 @@
#include <openssl/cmac.h>
#include <openssl/engine.h>
#include "internal/asn1_int.h"
#include "internal/evp_int.h"
#include "crypto/asn1.h"
#include "crypto/evp.h"
static void EVP_PKEY_free_it(EVP_PKEY *x);
@ -102,7 +102,7 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
{
if (pkey->ameth && pkey->ameth->param_missing)
if (pkey != NULL && pkey->ameth && pkey->ameth->param_missing)
return pkey->ameth->param_missing(pkey);
return 0;
}
@ -394,6 +394,11 @@ int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e)
pkey->pmeth_engine = e;
return 1;
}
ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey)
{
return pkey->engine;
}
#endif
int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
{
@ -460,7 +465,7 @@ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
{
if (pkey->type != EVP_PKEY_RSA) {
if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) {
EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
return NULL;
}
@ -535,7 +540,9 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
{
int ret = EVP_PKEY_assign_DH(pkey, key);
int type = DH_get0_q(key) == NULL ? EVP_PKEY_DH : EVP_PKEY_DHX;
int ret = EVP_PKEY_assign(pkey, type, key);
if (ret)
DH_up_ref(key);
return ret;

View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -40,7 +40,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
}
size = EVP_PKEY_size(priv);
key = OPENSSL_malloc(size + 2);
key = OPENSSL_malloc(size);
if (key == NULL) {
/* ERROR */
EVPerr(EVP_F_EVP_OPENINIT, ERR_R_MALLOC_FAILURE);

View file

@ -12,7 +12,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include "internal/evp_int.h"
#include "crypto/evp.h"
int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
unsigned int *siglen, EVP_PKEY *pkey)

View file

@ -12,7 +12,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include "internal/evp_int.h"
#include "crypto/evp.h"
int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
unsigned int siglen, EVP_PKEY *pkey)

View file

@ -12,7 +12,7 @@
#include "internal/cryptlib.h"
#include <openssl/objects.h>
#include <openssl/evp.h>
#include "internal/evp_int.h"
#include "crypto/evp.h"
#define M_check_autoarg(ctx, arg, arglen, err) \
if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \

View file

@ -12,9 +12,9 @@
#include "internal/cryptlib.h"
#include <openssl/objects.h>
#include <openssl/evp.h>
#include "internal/bn_int.h"
#include "internal/asn1_int.h"
#include "internal/evp_int.h"
#include "crypto/bn.h"
#include "crypto/asn1.h"
#include "crypto/evp.h"
int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
{

View file

@ -13,8 +13,8 @@
#include <openssl/engine.h>
#include <openssl/evp.h>
#include <openssl/x509v3.h>
#include "internal/asn1_int.h"
#include "internal/evp_int.h"
#include "crypto/asn1.h"
#include "crypto/evp.h"
#include "internal/numbers.h"
typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
@ -642,6 +642,21 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
pmeth->ctrl_str = ctrl_str;
}
void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth,
int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
const unsigned char *tbs, size_t tbslen))
{
pmeth->digestsign = digestsign;
}
void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth,
int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs,
size_t tbslen))
{
pmeth->digestverify = digestverify;
}
void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
int (*check) (EVP_PKEY *pkey))
{
@ -834,6 +849,23 @@ void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth,
*pctrl_str = pmeth->ctrl_str;
}
void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth,
int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
const unsigned char *tbs, size_t tbslen))
{
if (digestsign)
*digestsign = pmeth->digestsign;
}
void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth,
int (**digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs,
size_t tbslen))
{
if (digestverify)
*digestverify = pmeth->digestverify;
}
void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth,
int (**pcheck) (EVP_PKEY *pkey))
{