aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/evp
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2020-03-17 21:27:57 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2020-03-17 21:27:57 +0000
commitaa144ced5d61b5c7fb74acaebb37d85bd08f0416 (patch)
tree2de6902cff4b007f4fae30a7d6c546b4dd3d1740 /crypto/evp
parentfbc3ad1ae1976eb5f2bac351260f2c5ee255c27f (diff)
downloadsrc-aa144ced5d61b5c7fb74acaebb37d85bd08f0416.tar.gz
src-aa144ced5d61b5c7fb74acaebb37d85bd08f0416.zip
Import OpenSSL 1.1.1e.vendor/openssl/1.1.1e
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=359051 svn path=/vendor-crypto/openssl/1.1.1e/; revision=359052; tag=vendor/openssl/1.1.1e
Diffstat (limited to 'crypto/evp')
-rw-r--r--crypto/evp/bio_md.c4
-rw-r--r--crypto/evp/bio_ok.c2
-rw-r--r--crypto/evp/c_allc.c2
-rw-r--r--crypto/evp/c_alld.c2
-rw-r--r--crypto/evp/cmeth_lib.c4
-rw-r--r--crypto/evp/digest.c4
-rw-r--r--crypto/evp/e_aes.c14
-rw-r--r--crypto/evp/e_aes_cbc_hmac_sha1.c8
-rw-r--r--crypto/evp/e_aes_cbc_hmac_sha256.c10
-rw-r--r--crypto/evp/e_aria.c15
-rw-r--r--crypto/evp/e_bf.c2
-rw-r--r--crypto/evp/e_camellia.c4
-rw-r--r--crypto/evp/e_cast.c2
-rw-r--r--crypto/evp/e_chacha20_poly1305.c8
-rw-r--r--crypto/evp/e_des.c2
-rw-r--r--crypto/evp/e_des3.c4
-rw-r--r--crypto/evp/e_idea.c2
-rw-r--r--crypto/evp/e_null.c2
-rw-r--r--crypto/evp/e_rc2.c2
-rw-r--r--crypto/evp/e_rc4.c2
-rw-r--r--crypto/evp/e_rc4_hmac_md5.c2
-rw-r--r--crypto/evp/e_rc5.c4
-rw-r--r--crypto/evp/e_seed.c2
-rw-r--r--crypto/evp/e_sm4.c4
-rw-r--r--crypto/evp/e_xcbc_d.c2
-rw-r--r--crypto/evp/encode.c4
-rw-r--r--crypto/evp/evp_enc.c35
-rw-r--r--crypto/evp/evp_err.c3
-rw-r--r--crypto/evp/evp_lib.c4
-rw-r--r--crypto/evp/evp_local.h (renamed from crypto/evp/evp_locl.h)0
-rw-r--r--crypto/evp/evp_pbe.c2
-rw-r--r--crypto/evp/evp_pkey.c6
-rw-r--r--crypto/evp/m_md2.c2
-rw-r--r--crypto/evp/m_md4.c2
-rw-r--r--crypto/evp/m_md5.c2
-rw-r--r--crypto/evp/m_md5_sha1.c2
-rw-r--r--crypto/evp/m_mdc2.c2
-rw-r--r--crypto/evp/m_null.c2
-rw-r--r--crypto/evp/m_ripemd.c2
-rw-r--r--crypto/evp/m_sha1.c4
-rw-r--r--crypto/evp/m_sha3.c4
-rw-r--r--crypto/evp/m_sigver.c4
-rw-r--r--crypto/evp/m_wp.c2
-rw-r--r--crypto/evp/names.c4
-rw-r--r--crypto/evp/p5_crpt.c26
-rw-r--r--crypto/evp/p5_crpt2.c2
-rw-r--r--crypto/evp/p_lib.c12
-rw-r--r--crypto/evp/p_sign.c2
-rw-r--r--crypto/evp/p_verify.c2
-rw-r--r--crypto/evp/pmeth_fn.c2
-rw-r--r--crypto/evp/pmeth_gn.c6
-rw-r--r--crypto/evp/pmeth_lib.c36
52 files changed, 173 insertions, 110 deletions
diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c
index 288dee01b220..fed4cf1eb1ff 100644
--- a/crypto/evp/bio_md.c
+++ b/crypto/evp/bio_md.c
@@ -12,8 +12,8 @@
#include "internal/cryptlib.h"
#include <openssl/buffer.h>
#include <openssl/evp.h>
-#include "internal/evp_int.h"
-#include "evp_locl.h"
+#include "crypto/evp.h"
+#include "evp_local.h"
#include "internal/bio.h"
/*
diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c
index 300db6cd320d..a77cfb1552de 100644
--- a/crypto/evp/bio_ok.c
+++ b/crypto/evp/bio_ok.c
@@ -76,7 +76,7 @@
#include "internal/bio.h"
#include <openssl/evp.h>
#include <openssl/rand.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
static int ok_write(BIO *h, const char *buf, int num);
static int ok_read(BIO *h, char *buf, int size);
diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
index 086b3c4d51b4..22fdcc409c16 100644
--- a/crypto/evp/c_allc.c
+++ b/crypto/evp/c_allc.c
@@ -10,7 +10,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
#include <openssl/pkcs12.h>
#include <openssl/objects.h>
diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c
index 1267531a7d23..16ac1b67f465 100644
--- a/crypto/evp/c_alld.c
+++ b/crypto/evp/c_alld.c
@@ -10,7 +10,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
#include <openssl/pkcs12.h>
#include <openssl/objects.h>
diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c
index e2295c4dc589..272e48249e42 100644
--- a/crypto/evp/cmeth_lib.c
+++ b/crypto/evp/cmeth_lib.c
@@ -10,8 +10,8 @@
#include <string.h>
#include <openssl/evp.h>
-#include "internal/evp_int.h"
-#include "evp_locl.h"
+#include "crypto/evp.h"
+#include "evp_local.h"
EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)
{
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 6693f270b694..d1bfa274ca81 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -12,8 +12,8 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/engine.h>
-#include "internal/evp_int.h"
-#include "evp_locl.h"
+#include "crypto/evp.h"
+#include "evp_local.h"
/* This call frees resources associated with the context */
int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 1db346fc864b..405ddbf9bf09 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -14,10 +14,10 @@
#include <string.h>
#include <assert.h>
#include <openssl/aes.h>
-#include "internal/evp_int.h"
-#include "modes_lcl.h"
+#include "crypto/evp.h"
+#include "modes_local.h"
#include <openssl/rand.h>
-#include "evp_locl.h"
+#include "evp_local.h"
typedef struct {
union {
@@ -176,7 +176,7 @@ static void ctr64_inc(unsigned char *counter)
# define HWAES_xts_decrypt aes_p8_xts_decrypt
#endif
-#if !defined(OPENSSL_NO_ASM) && ( \
+#if defined(OPENSSL_CPUID_OBJ) && ( \
((defined(__i386) || defined(__i386__) || \
defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
defined(__x86_64) || defined(__x86_64__) || \
@@ -1127,7 +1127,7 @@ typedef struct {
} icv;
unsigned char k[32];
} kmac_param;
- /* KMAC-AES paramater block - end */
+ /* KMAC-AES parameter block - end */
union {
unsigned long long g[2];
@@ -1414,7 +1414,7 @@ static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
(OPENSSL_s390xcap_P.kma[0] & \
S390X_CAPBIT(S390X_AES_256)))
-/* iv + padding length for iv lenghts != 12 */
+/* iv + padding length for iv lengths != 12 */
# define S390X_gcm_ivpadlen(i) ((((i) + 15) >> 4 << 4) + 16)
/*-
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index 09d24dc3d02a..27c36b46e7a4 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -17,9 +17,9 @@
#include <openssl/aes.h>
#include <openssl/sha.h>
#include <openssl/rand.h>
-#include "modes_lcl.h"
-#include "internal/evp_int.h"
-#include "internal/constant_time_locl.h"
+#include "modes_local.h"
+#include "crypto/evp.h"
+#include "internal/constant_time.h"
typedef struct {
AES_KEY ks;
@@ -33,7 +33,7 @@ typedef struct {
#define NO_PAYLOAD_LENGTH ((size_t)-1)
-#if defined(AES_ASM) && ( \
+#if defined(AESNI_ASM) && ( \
defined(__x86_64) || defined(__x86_64__) || \
defined(_M_AMD64) || defined(_M_X64) )
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index caac0c9d3da2..cc622b6faa8c 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -18,9 +18,9 @@
#include <openssl/aes.h>
#include <openssl/sha.h>
#include <openssl/rand.h>
-#include "modes_lcl.h"
-#include "internal/constant_time_locl.h"
-#include "internal/evp_int.h"
+#include "modes_local.h"
+#include "internal/constant_time.h"
+#include "crypto/evp.h"
typedef struct {
AES_KEY ks;
@@ -34,7 +34,7 @@ typedef struct {
# define NO_PAYLOAD_LENGTH ((size_t)-1)
-#if defined(AES_ASM) && ( \
+#if defined(AESNI_ASM) && ( \
defined(__x86_64) || defined(__x86_64__) || \
defined(_M_AMD64) || defined(_M_X64) )
@@ -947,4 +947,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void)
{
return NULL;
}
-#endif
+#endif /* AESNI_ASM */
diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c
index fcaceb3bcadf..1cc6dd91a95a 100644
--- a/crypto/evp/e_aria.c
+++ b/crypto/evp/e_aria.c
@@ -14,10 +14,10 @@
# include <openssl/modes.h>
# include <openssl/rand.h>
# include <openssl/rand_drbg.h>
-# include "internal/aria.h"
-# include "internal/evp_int.h"
-# include "modes_lcl.h"
-# include "evp_locl.h"
+# include "crypto/aria.h"
+# include "crypto/evp.h"
+# include "modes_local.h"
+# include "evp_local.h"
/* ARIA subkey Structure */
typedef struct {
@@ -695,8 +695,6 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (!cctx->iv_set)
return -1;
- if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
- return -1;
if (!out) {
if (!in) {
if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
@@ -711,6 +709,11 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
CRYPTO_ccm128_aad(ccm, in, len);
return len;
}
+
+ /* The tag must be set before actually decrypting data */
+ if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
+ return -1;
+
/* If not set length yet do it */
if (!cctx->len_set) {
if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c
index dc386905c5cb..9a065582c6c8 100644
--- a/crypto/evp/e_bf.c
+++ b/crypto/evp/e_bf.c
@@ -11,7 +11,7 @@
#include "internal/cryptlib.h"
#ifndef OPENSSL_NO_BF
# include <openssl/evp.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
# include <openssl/objects.h>
# include <openssl/blowfish.h>
diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c
index 2df4a6e3e011..502d6936cc13 100644
--- a/crypto/evp/e_camellia.c
+++ b/crypto/evp/e_camellia.c
@@ -17,8 +17,8 @@ NON_EMPTY_TRANSLATION_UNIT
# include <string.h>
# include <assert.h>
# include <openssl/camellia.h>
-# include "internal/evp_int.h"
-# include "modes_lcl.h"
+# include "crypto/evp.h"
+# include "modes_local.h"
static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c
index 259d44059b20..df9f445bd0a2 100644
--- a/crypto/evp/e_cast.c
+++ b/crypto/evp/e_cast.c
@@ -13,7 +13,7 @@
#ifndef OPENSSL_NO_CAST
# include <openssl/evp.h>
# include <openssl/objects.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
# include <openssl/cast.h>
static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
index 435a38d3658d..bdc406bb69dc 100644
--- a/crypto/evp/e_chacha20_poly1305.c
+++ b/crypto/evp/e_chacha20_poly1305.c
@@ -14,9 +14,9 @@
# include <openssl/evp.h>
# include <openssl/objects.h>
-# include "evp_locl.h"
-# include "internal/evp_int.h"
-# include "internal/chacha.h"
+# include "evp_local.h"
+# include "crypto/evp.h"
+# include "crypto/chacha.h"
typedef struct {
union {
@@ -146,7 +146,7 @@ const EVP_CIPHER *EVP_chacha20(void)
}
# ifndef OPENSSL_NO_POLY1305
-# include "internal/poly1305.h"
+# include "crypto/poly1305.h"
typedef struct {
EVP_CHACHA_KEY key;
diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c
index c13fb3e25a9b..6d6e919af696 100644
--- a/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
@@ -12,7 +12,7 @@
#ifndef OPENSSL_NO_DES
# include <openssl/evp.h>
# include <openssl/objects.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
# include <openssl/des.h>
# include <openssl/rand.h>
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index 6b492ce47023..2a5597fee527 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -12,10 +12,10 @@
#ifndef OPENSSL_NO_DES
# include <openssl/evp.h>
# include <openssl/objects.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
# include <openssl/des.h>
# include <openssl/rand.h>
-# include "evp_locl.h"
+# include "evp_local.h"
typedef struct {
union {
diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c
index 93f6a4131fa8..1068378ddc75 100644
--- a/crypto/evp/e_idea.c
+++ b/crypto/evp/e_idea.c
@@ -13,7 +13,7 @@
#ifndef OPENSSL_NO_IDEA
# include <openssl/evp.h>
# include <openssl/objects.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
# include <openssl/idea.h>
/* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */
diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c
index 18a8468216a0..0725454a3a4a 100644
--- a/crypto/evp/e_null.c
+++ b/crypto/evp/e_null.c
@@ -11,7 +11,7 @@
#include "internal/cryptlib.h"
#include <openssl/evp.h>
#include <openssl/objects.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c
index aa0d14018687..4d8a0ee4b015 100644
--- a/crypto/evp/e_rc2.c
+++ b/crypto/evp/e_rc2.c
@@ -14,7 +14,7 @@
# include <openssl/evp.h>
# include <openssl/objects.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
# include <openssl/rc2.h>
static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c
index d16abdd0d2d7..c24bc8fe5982 100644
--- a/crypto/evp/e_rc4.c
+++ b/crypto/evp/e_rc4.c
@@ -16,7 +16,7 @@
# include <openssl/objects.h>
# include <openssl/rc4.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
typedef struct {
RC4_KEY ks; /* working key */
diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
index b1e8ccd6ddca..201ce443435c 100644
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
@@ -19,7 +19,7 @@
# include <openssl/objects.h>
# include <openssl/rc4.h>
# include <openssl/md5.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
typedef struct {
RC4_KEY ks;
diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c
index dc5589b68813..c86e87b65ab4 100644
--- a/crypto/evp/e_rc5.c
+++ b/crypto/evp/e_rc5.c
@@ -13,9 +13,9 @@
#ifndef OPENSSL_NO_RC5
# include <openssl/evp.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
# include <openssl/objects.h>
-# include "evp_locl.h"
+# include "evp_local.h"
# include <openssl/rc5.h>
static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/crypto/evp/e_seed.c b/crypto/evp/e_seed.c
index 40aec5fc6ac0..aeb2363beade 100644
--- a/crypto/evp/e_seed.c
+++ b/crypto/evp/e_seed.c
@@ -16,7 +16,7 @@ NON_EMPTY_TRANSLATION_UNIT
# include <string.h>
# include <assert.h>
# include <openssl/seed.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c
index 79deb6563646..fce32794fc51 100644
--- a/crypto/evp/e_sm4.c
+++ b/crypto/evp/e_sm4.c
@@ -13,8 +13,8 @@
#ifndef OPENSSL_NO_SM4
# include <openssl/evp.h>
# include <openssl/modes.h>
-# include "internal/sm4.h"
-# include "internal/evp_int.h"
+# include "crypto/sm4.h"
+# include "crypto/evp.h"
typedef struct {
SM4_KEY ks;
diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c
index 57ce813da824..b73077542264 100644
--- a/crypto/evp/e_xcbc_d.c
+++ b/crypto/evp/e_xcbc_d.c
@@ -14,7 +14,7 @@
# include <openssl/evp.h>
# include <openssl/objects.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
# include <openssl/des.h>
static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index da32d4fd1973..9307ff046424 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -11,8 +11,8 @@
#include <limits.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
-#include "evp_locl.h"
-#include "internal/evp_int.h"
+#include "evp_local.h"
+#include "crypto/evp.h"
static unsigned char conv_ascii2bin(unsigned char a,
const unsigned char *table);
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 05dd791b6cb0..b9b6490fe069 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -15,8 +15,8 @@
#include <openssl/rand.h>
#include <openssl/rand_drbg.h>
#include <openssl/engine.h>
-#include "internal/evp_int.h"
-#include "evp_locl.h"
+#include "crypto/evp.h"
+#include "evp_local.h"
int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
{
@@ -305,6 +305,17 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
bl = ctx->cipher->block_size;
+ /*
+ * CCM mode needs to know about the case where inl == 0 && in == NULL - it
+ * means the plaintext/ciphertext length is 0
+ */
+ if (inl < 0
+ || (inl == 0
+ && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)) {
+ *outl = 0;
+ return inl == 0;
+ }
+
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
/* If block size > 1 then the cipher will have to do this check */
if (bl == 1 && is_partially_overlapping(out, in, cmpl)) {
@@ -320,10 +331,6 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
return 1;
}
- if (inl <= 0) {
- *outl = 0;
- return inl == 0;
- }
if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
return 0;
@@ -457,6 +464,17 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
cmpl = (cmpl + 7) / 8;
+ /*
+ * CCM mode needs to know about the case where inl == 0 - it means the
+ * plaintext/ciphertext length is 0
+ */
+ if (inl < 0
+ || (inl == 0
+ && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)) {
+ *outl = 0;
+ return inl == 0;
+ }
+
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
if (b == 1 && is_partially_overlapping(out, in, cmpl)) {
EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
@@ -472,11 +490,6 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
return 1;
}
- if (inl <= 0) {
- *outl = 0;
- return inl == 0;
- }
-
if (ctx->flags & EVP_CIPH_NO_PADDING)
return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 84bd3c2dab27..05481d827fb4 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -213,6 +213,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
"input not initialized"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST), "invalid digest"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_IV_LENGTH), "invalid iv length"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_OPERATION), "invalid operation"},
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 4935c2a94a1a..45cde0da8bfc 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -11,8 +11,8 @@
#include "internal/cryptlib.h"
#include <openssl/evp.h>
#include <openssl/objects.h>
-#include "internal/evp_int.h"
-#include "evp_locl.h"
+#include "crypto/evp.h"
+#include "evp_local.h"
int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
{
diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_local.h
index f1589d682894..f1589d682894 100644
--- a/crypto/evp/evp_locl.h
+++ b/crypto/evp/evp_local.h
diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index 5a88817b4aa9..967203f373c9 100644
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -12,7 +12,7 @@
#include <openssl/evp.h>
#include <openssl/pkcs12.h>
#include <openssl/x509.h>
-#include "evp_locl.h"
+#include "evp_local.h"
/* Password based encryption (PBE) functions */
diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
index e61a8761a92d..586b74605cbd 100644
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
@@ -12,9 +12,9 @@
#include "internal/cryptlib.h"
#include <openssl/x509.h>
#include <openssl/rand.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
-#include "internal/x509_int.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+#include "crypto/x509.h"
/* Extract a private key from a PKCS8 structure */
diff --git a/crypto/evp/m_md2.c b/crypto/evp/m_md2.c
index c4e28ae17af2..1aec5185239d 100644
--- a/crypto/evp/m_md2.c
+++ b/crypto/evp/m_md2.c
@@ -18,7 +18,7 @@
# include <openssl/md2.h>
# include <openssl/rsa.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
static int init(EVP_MD_CTX *ctx)
{
diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c
index 0efc586dbaff..45d2cafee101 100644
--- a/crypto/evp/m_md4.c
+++ b/crypto/evp/m_md4.c
@@ -17,7 +17,7 @@
# include <openssl/x509.h>
# include <openssl/md4.h>
# include <openssl/rsa.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
static int init(EVP_MD_CTX *ctx)
{
diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c
index 3d96ae93b6c4..d26b5a4d31dc 100644
--- a/crypto/evp/m_md5.c
+++ b/crypto/evp/m_md5.c
@@ -17,7 +17,7 @@
# include <openssl/x509.h>
# include <openssl/md5.h>
# include <openssl/rsa.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
static int init(EVP_MD_CTX *ctx)
{
diff --git a/crypto/evp/m_md5_sha1.c b/crypto/evp/m_md5_sha1.c
index 2d98886ba0e7..eeec2b13e9ed 100644
--- a/crypto/evp/m_md5_sha1.c
+++ b/crypto/evp/m_md5_sha1.c
@@ -15,7 +15,7 @@
# include <openssl/md5.h>
# include <openssl/sha.h>
# include "internal/cryptlib.h"
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
# include <openssl/rsa.h>
struct md5_sha1_ctx {
diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c
index 1051a9070f97..fffa751efd18 100644
--- a/crypto/evp/m_mdc2.c
+++ b/crypto/evp/m_mdc2.c
@@ -17,7 +17,7 @@
# include <openssl/x509.h>
# include <openssl/mdc2.h>
# include <openssl/rsa.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
static int init(EVP_MD_CTX *ctx)
{
diff --git a/crypto/evp/m_null.c b/crypto/evp/m_null.c
index 5dce1d510e28..0847139df17b 100644
--- a/crypto/evp/m_null.c
+++ b/crypto/evp/m_null.c
@@ -12,7 +12,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
static int init(EVP_MD_CTX *ctx)
{
diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c
index 7ab320843cee..d93ad24fe58a 100644
--- a/crypto/evp/m_ripemd.c
+++ b/crypto/evp/m_ripemd.c
@@ -17,7 +17,7 @@
# include <openssl/objects.h>
# include <openssl/x509.h>
# include <openssl/rsa.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
static int init(EVP_MD_CTX *ctx)
{
diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c
index ac52417855b3..22b9bbc7d861 100644
--- a/crypto/evp/m_sha1.c
+++ b/crypto/evp/m_sha1.c
@@ -14,8 +14,8 @@
#include <openssl/objects.h>
#include <openssl/sha.h>
#include <openssl/rsa.h>
-#include "internal/evp_int.h"
-#include "internal/sha.h"
+#include "crypto/evp.h"
+#include "crypto/sha.h"
static int init(EVP_MD_CTX *ctx)
{
diff --git a/crypto/evp/m_sha3.c b/crypto/evp/m_sha3.c
index 01cf57d313d0..54c592a3cce2 100644
--- a/crypto/evp/m_sha3.c
+++ b/crypto/evp/m_sha3.c
@@ -12,8 +12,8 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
-#include "internal/evp_int.h"
-#include "evp_locl.h"
+#include "crypto/evp.h"
+#include "evp_local.h"
size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len,
size_t r);
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 94e37f02b22e..04643acc8837 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -12,8 +12,8 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
-#include "internal/evp_int.h"
-#include "evp_locl.h"
+#include "crypto/evp.h"
+#include "evp_local.h"
static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
{
diff --git a/crypto/evp/m_wp.c b/crypto/evp/m_wp.c
index 27e2b3c5cab8..5ce15d2d5e57 100644
--- a/crypto/evp/m_wp.c
+++ b/crypto/evp/m_wp.c
@@ -16,7 +16,7 @@
# include <openssl/objects.h>
# include <openssl/x509.h>
# include <openssl/whrlpool.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
static int init(EVP_MD_CTX *ctx)
{
diff --git a/crypto/evp/names.c b/crypto/evp/names.c
index 077c2a6c4b9a..90c7b73b7a49 100644
--- a/crypto/evp/names.c
+++ b/crypto/evp/names.c
@@ -10,9 +10,9 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
-#include "internal/objects.h"
+#include "crypto/objects.h"
#include <openssl/x509.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
int EVP_add_cipher(const EVP_CIPHER *c)
{
diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c
index 7e55d0bfb817..6c5f45f73368 100644
--- a/crypto/evp/p5_crpt.c
+++ b/crypto/evp/p5_crpt.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -28,7 +28,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
EVP_MD_CTX *ctx;
unsigned char md_tmp[EVP_MAX_MD_SIZE];
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
- int i;
+ int i, ivl, kl;
PBEPARAM *pbe;
int saltlen, iter;
unsigned char *salt;
@@ -48,6 +48,19 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
return 0;
}
+ ivl = EVP_CIPHER_iv_length(cipher);
+ if (ivl < 0 || ivl > 16) {
+ EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_IV_LENGTH);
+ PBEPARAM_free(pbe);
+ return 0;
+ }
+ kl = EVP_CIPHER_key_length(cipher);
+ if (kl < 0 || kl > (int)sizeof(md_tmp)) {
+ EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_KEY_LENGTH);
+ PBEPARAM_free(pbe);
+ return 0;
+ }
+
if (!pbe->iter)
iter = 1;
else
@@ -73,6 +86,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
if (!EVP_DigestUpdate(ctx, salt, saltlen))
goto err;
PBEPARAM_free(pbe);
+ pbe = NULL;
if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
goto err;
mdsize = EVP_MD_size(md);
@@ -86,11 +100,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
goto err;
}
- OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));
- memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
- OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
- memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
- EVP_CIPHER_iv_length(cipher));
+ memcpy(key, md_tmp, kl);
+ memcpy(iv, md_tmp + (16 - ivl), ivl);
if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
goto err;
OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
@@ -98,6 +109,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
rv = 1;
err:
+ PBEPARAM_free(pbe);
EVP_MD_CTX_free(ctx);
return rv;
}
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index e819eb9b47dc..7f625b3d57f3 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -13,7 +13,7 @@
# include <openssl/x509.h>
# include <openssl/evp.h>
# include <openssl/hmac.h>
-# include "evp_locl.h"
+# include "evp_local.h"
/* set this to print out info about the keygen algorithm */
/* #define OPENSSL_DEBUG_PKCS5V2 */
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 3cd7ca8d54ca..9f1a485a5b83 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -21,8 +21,8 @@
#include <openssl/cmac.h>
#include <openssl/engine.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
static void EVP_PKEY_free_it(EVP_PKEY *x);
@@ -102,7 +102,7 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
{
- if (pkey->ameth && pkey->ameth->param_missing)
+ if (pkey != NULL && pkey->ameth && pkey->ameth->param_missing)
return pkey->ameth->param_missing(pkey);
return 0;
}
@@ -465,7 +465,7 @@ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
{
- if (pkey->type != EVP_PKEY_RSA) {
+ if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) {
EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
return NULL;
}
@@ -540,7 +540,9 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
{
- int ret = EVP_PKEY_assign_DH(pkey, key);
+ int type = DH_get0_q(key) == NULL ? EVP_PKEY_DH : EVP_PKEY_DHX;
+ int ret = EVP_PKEY_assign(pkey, type, key);
+
if (ret)
DH_up_ref(key);
return ret;
diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c
index 6cb442e4f91d..0383294a87c8 100644
--- a/crypto/evp/p_sign.c
+++ b/crypto/evp/p_sign.c
@@ -12,7 +12,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
unsigned int *siglen, EVP_PKEY *pkey)
diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c
index 6e8c565dfd6b..e27196f7c2e6 100644
--- a/crypto/evp/p_verify.c
+++ b/crypto/evp/p_verify.c
@@ -12,7 +12,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
unsigned int siglen, EVP_PKEY *pkey)
diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c
index de1c07e17114..02f4093461d8 100644
--- a/crypto/evp/pmeth_fn.c
+++ b/crypto/evp/pmeth_fn.c
@@ -12,7 +12,7 @@
#include "internal/cryptlib.h"
#include <openssl/objects.h>
#include <openssl/evp.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
#define M_check_autoarg(ctx, arg, arglen, err) \
if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \
diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index e14965f33384..3ad6d5c7c7a0 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -12,9 +12,9 @@
#include "internal/cryptlib.h"
#include <openssl/objects.h>
#include <openssl/evp.h>
-#include "internal/bn_int.h"
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
+#include "crypto/bn.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
{
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 7fbf895e0732..603ccd835219 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -13,8 +13,8 @@
#include <openssl/engine.h>
#include <openssl/evp.h>
#include <openssl/x509v3.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
#include "internal/numbers.h"
typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
@@ -642,6 +642,21 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
pmeth->ctrl_str = ctrl_str;
}
+void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth,
+ int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
+ const unsigned char *tbs, size_t tbslen))
+{
+ pmeth->digestsign = digestsign;
+}
+
+void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth,
+ int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
+ size_t siglen, const unsigned char *tbs,
+ size_t tbslen))
+{
+ pmeth->digestverify = digestverify;
+}
+
void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
int (*check) (EVP_PKEY *pkey))
{
@@ -834,6 +849,23 @@ void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth,
*pctrl_str = pmeth->ctrl_str;
}
+void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth,
+ int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
+ const unsigned char *tbs, size_t tbslen))
+{
+ if (digestsign)
+ *digestsign = pmeth->digestsign;
+}
+
+void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth,
+ int (**digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
+ size_t siglen, const unsigned char *tbs,
+ size_t tbslen))
+{
+ if (digestverify)
+ *digestverify = pmeth->digestverify;
+}
+
void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth,
int (**pcheck) (EVP_PKEY *pkey))
{