aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/evp
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/evp')
-rw-r--r--crypto/evp/Makefile795
-rw-r--r--crypto/evp/bio_b64.c224
-rw-r--r--crypto/evp/bio_enc.c336
-rw-r--r--crypto/evp/bio_md.c205
-rw-r--r--crypto/evp/bio_ok.c286
-rw-r--r--crypto/evp/build.info25
-rw-r--r--crypto/evp/c_all.c85
-rw-r--r--crypto/evp/c_allc.c149
-rw-r--r--crypto/evp/c_alld.c106
-rw-r--r--crypto/evp/cmeth_lib.c151
-rw-r--r--crypto/evp/digest.c324
-rw-r--r--crypto/evp/e_aes.c3013
-rw-r--r--crypto/evp/e_aes_cbc_hmac_sha1.c269
-rw-r--r--crypto/evp/e_aes_cbc_hmac_sha256.c252
-rw-r--r--crypto/evp/e_aria.c756
-rw-r--r--crypto/evp/e_bf.c65
-rw-r--r--crypto/evp/e_camellia.c162
-rw-r--r--crypto/evp/e_cast.c65
-rw-r--r--crypto/evp/e_chacha20_poly1305.c630
-rw-r--r--crypto/evp/e_des.c151
-rw-r--r--crypto/evp/e_des3.c227
-rw-r--r--crypto/evp/e_dsa.c69
-rw-r--r--crypto/evp/e_idea.c95
-rw-r--r--crypto/evp/e_null.c72
-rw-r--r--crypto/evp/e_old.c73
-rw-r--r--crypto/evp/e_rc2.c96
-rw-r--r--crypto/evp/e_rc4.c73
-rw-r--r--crypto/evp/e_rc4_hmac_md5.c74
-rw-r--r--crypto/evp/e_rc5.c66
-rw-r--r--crypto/evp/e_seed.c66
-rw-r--r--crypto/evp/e_sm4.c100
-rw-r--r--crypto/evp/e_xcbc_d.c79
-rw-r--r--crypto/evp/encode.c296
-rw-r--r--crypto/evp/evp.h1628
-rw-r--r--crypto/evp/evp_acnf.c73
-rw-r--r--crypto/evp/evp_cnf.c80
-rw-r--r--crypto/evp/evp_enc.c287
-rw-r--r--crypto/evp/evp_err.c490
-rw-r--r--crypto/evp/evp_extra_test.c489
-rw-r--r--crypto/evp/evp_key.c99
-rw-r--r--crypto/evp/evp_lib.c353
-rw-r--r--crypto/evp/evp_locl.h421
-rw-r--r--crypto/evp/evp_pbe.c146
-rw-r--r--crypto/evp/evp_pkey.c120
-rw-r--r--crypto/evp/evp_test.c598
-rw-r--r--crypto/evp/evptests.txt401
-rw-r--r--crypto/evp/m_dss.c104
-rw-r--r--crypto/evp/m_dss1.c105
-rw-r--r--crypto/evp/m_ecdsa.c154
-rw-r--r--crypto/evp/m_md2.c78
-rw-r--r--crypto/evp/m_md4.c79
-rw-r--r--crypto/evp/m_md5.c78
-rw-r--r--crypto/evp/m_md5_sha1.c142
-rw-r--r--crypto/evp/m_mdc2.c79
-rw-r--r--crypto/evp/m_null.c67
-rw-r--r--crypto/evp/m_ripemd.c80
-rw-r--r--crypto/evp/m_sha.c106
-rw-r--r--crypto/evp/m_sha1.c270
-rw-r--r--crypto/evp/m_sha3.c406
-rw-r--r--crypto/evp/m_sigver.c193
-rw-r--r--crypto/evp/m_wp.c22
-rw-r--r--crypto/evp/names.c117
-rw-r--r--crypto/evp/openbsd_hw.c453
-rw-r--r--crypto/evp/p5_crpt.c92
-rw-r--r--crypto/evp/p5_crpt2.c177
-rw-r--r--crypto/evp/p_dec.c75
-rw-r--r--crypto/evp/p_enc.c74
-rw-r--r--crypto/evp/p_lib.c486
-rw-r--r--crypto/evp/p_open.c92
-rw-r--r--crypto/evp/p_seal.c100
-rw-r--r--crypto/evp/p_sign.c154
-rw-r--r--crypto/evp/p_verify.c133
-rw-r--r--crypto/evp/pbe_scrypt.c266
-rw-r--r--crypto/evp/pmeth_fn.c71
-rw-r--r--crypto/evp/pmeth_gn.c149
-rw-r--r--crypto/evp/pmeth_lib.c362
76 files changed, 8583 insertions, 10801 deletions
diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile
deleted file mode 100644
index fa138d0b1014..000000000000
--- a/crypto/evp/Makefile
+++ /dev/null
@@ -1,795 +0,0 @@
-#
-# OpenSSL/crypto/evp/Makefile
-#
-
-DIR= evp
-TOP= ../..
-CC= cc
-INCLUDES= -I.. -I$(TOP) -I../../include
-CFLAG=-g
-MAKEFILE= Makefile
-AR= ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=evp_test.c evp_extra_test.c
-TESTDATA=evptests.txt
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \
- e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
- e_rc4.c e_aes.c names.c e_seed.c \
- e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
- m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c m_wp.c \
- m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\
- p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
- bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
- c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
- evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
- e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
- e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c
-
-LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
- e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\
- e_rc4.o e_aes.o names.o e_seed.o \
- e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
- m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o m_wp.o \
- m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\
- p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
- bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
- c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
- evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
- e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o \
- e_aes_cbc_hmac_sha1.o e_aes_cbc_hmac_sha256.o e_rc4_hmac_md5.o
-
-SRC= $(LIBSRC)
-
-EXHEADER= evp.h
-HEADER= evp_locl.h $(EXHEADER)
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
-
-all: lib
-
-lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB) || echo Never mind.
- @touch lib
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
- @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
- @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
- @[ -f $(TESTDATA) ] && cp $(TESTDATA) ../../test && echo "$(TESTDATA) -> ../../test/$(TESTDATA)"
- @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
-
-install:
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
- @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-
-tags:
- ctags $(SRC)
-
-tests:
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-update: depend
-
-depend:
- @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-bio_b64.o: ../../e_os.h ../../include/openssl/asn1.h
-bio_b64.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bio_b64.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-bio_b64.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-bio_b64.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bio_b64.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_b64.c
-bio_enc.o: ../../e_os.h ../../include/openssl/asn1.h
-bio_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bio_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-bio_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-bio_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bio_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_enc.c
-bio_md.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bio_md.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-bio_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-bio_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bio_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-bio_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bio_md.o: ../cryptlib.h bio_md.c
-bio_ok.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-bio_ok.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-bio_ok.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bio_ok.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bio_ok.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_ok.c
-c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-c_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-c_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-c_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-c_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-c_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-c_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-c_all.o: ../cryptlib.h c_all.c
-c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-c_allc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-c_allc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-c_allc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-c_allc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-c_allc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-c_allc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-c_allc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-c_allc.o: ../cryptlib.h c_allc.c
-c_alld.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-c_alld.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-c_alld.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-c_alld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-c_alld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-c_alld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-c_alld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-c_alld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-c_alld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-c_alld.o: ../cryptlib.h c_alld.c
-digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-digest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-digest.o: ../cryptlib.h digest.c
-e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_aes.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_aes.o: ../../include/openssl/modes.h ../../include/openssl/obj_mac.h
-e_aes.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_aes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_aes.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_aes.o: ../modes/modes_lcl.h e_aes.c evp_locl.h
-e_aes_cbc_hmac_sha1.o: ../../e_os.h ../../include/openssl/aes.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/crypto.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/e_os2.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/evp.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/modes.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/obj_mac.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/objects.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/opensslconf.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/opensslv.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/ossl_typ.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/rand.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/safestack.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/sha.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/stack.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/symhacks.h ../constant_time_locl.h
-e_aes_cbc_hmac_sha1.o: ../modes/modes_lcl.h e_aes_cbc_hmac_sha1.c
-e_aes_cbc_hmac_sha256.o: ../../e_os.h ../../include/openssl/aes.h
-e_aes_cbc_hmac_sha256.o: ../../include/openssl/asn1.h
-e_aes_cbc_hmac_sha256.o: ../../include/openssl/bio.h
-e_aes_cbc_hmac_sha256.o: ../../include/openssl/crypto.h
-e_aes_cbc_hmac_sha256.o: ../../include/openssl/e_os2.h
-e_aes_cbc_hmac_sha256.o: ../../include/openssl/evp.h
-e_aes_cbc_hmac_sha256.o: ../../include/openssl/modes.h
-e_aes_cbc_hmac_sha256.o: ../../include/openssl/obj_mac.h
-e_aes_cbc_hmac_sha256.o: ../../include/openssl/objects.h
-e_aes_cbc_hmac_sha256.o: ../../include/openssl/opensslconf.h
-e_aes_cbc_hmac_sha256.o: ../../include/openssl/opensslv.h
-e_aes_cbc_hmac_sha256.o: ../../include/openssl/ossl_typ.h
-e_aes_cbc_hmac_sha256.o: ../../include/openssl/rand.h
-e_aes_cbc_hmac_sha256.o: ../../include/openssl/safestack.h
-e_aes_cbc_hmac_sha256.o: ../../include/openssl/sha.h
-e_aes_cbc_hmac_sha256.o: ../../include/openssl/stack.h
-e_aes_cbc_hmac_sha256.o: ../../include/openssl/symhacks.h
-e_aes_cbc_hmac_sha256.o: ../constant_time_locl.h ../modes/modes_lcl.h
-e_aes_cbc_hmac_sha256.o: e_aes_cbc_hmac_sha256.c
-e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h
-e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-e_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_bf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_bf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_bf.o: ../../include/openssl/symhacks.h ../cryptlib.h e_bf.c evp_locl.h
-e_camellia.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_camellia.o: ../../include/openssl/camellia.h ../../include/openssl/crypto.h
-e_camellia.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_camellia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_camellia.o: ../../include/openssl/modes.h ../../include/openssl/obj_mac.h
-e_camellia.o: ../../include/openssl/objects.h
-e_camellia.o: ../../include/openssl/opensslconf.h
-e_camellia.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_camellia.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_camellia.o: ../../include/openssl/symhacks.h ../modes/modes_lcl.h
-e_camellia.o: e_camellia.c evp_locl.h
-e_cast.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_cast.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_cast.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-e_cast.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_cast.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_cast.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h e_cast.c evp_locl.h
-e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_des.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_des.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_des.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-e_des.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h
-e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_des3.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_des3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_des3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-e_des3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_des3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_des3.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-e_des3.o: ../cryptlib.h e_des3.c evp_locl.h
-e_idea.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_idea.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-e_idea.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_idea.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_idea.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_idea.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_idea.o: ../../include/openssl/symhacks.h ../cryptlib.h e_idea.c evp_locl.h
-e_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_null.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-e_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_null.o: ../cryptlib.h e_null.c
-e_old.o: e_old.c
-e_rc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_rc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_rc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_rc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_rc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_rc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
-e_rc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_rc2.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc2.c evp_locl.h
-e_rc4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_rc4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h
-e_rc4.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc4.c evp_locl.h
-e_rc4_hmac_md5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_rc4_hmac_md5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-e_rc4_hmac_md5.o: ../../include/openssl/evp.h ../../include/openssl/md5.h
-e_rc4_hmac_md5.o: ../../include/openssl/obj_mac.h
-e_rc4_hmac_md5.o: ../../include/openssl/objects.h
-e_rc4_hmac_md5.o: ../../include/openssl/opensslconf.h
-e_rc4_hmac_md5.o: ../../include/openssl/opensslv.h
-e_rc4_hmac_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h
-e_rc4_hmac_md5.o: ../../include/openssl/safestack.h
-e_rc4_hmac_md5.o: ../../include/openssl/stack.h
-e_rc4_hmac_md5.o: ../../include/openssl/symhacks.h e_rc4_hmac_md5.c
-e_rc5.o: ../../e_os.h ../../include/openssl/bio.h
-e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_rc5.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-e_rc5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_rc5.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc5.c
-e_seed.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_seed.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-e_seed.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_seed.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_seed.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_seed.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_seed.o: ../../include/openssl/safestack.h ../../include/openssl/seed.h
-e_seed.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_seed.o: e_seed.c evp_locl.h
-e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h
-e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
-e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_xcbc_d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_xcbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c
-e_xcbc_d.o: evp_locl.h
-encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-encode.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-encode.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-encode.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-encode.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-encode.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-encode.o: ../cryptlib.h encode.c
-evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_acnf.o: ../../include/openssl/opensslconf.h
-evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c
-evp_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-evp_cnf.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-evp_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-evp_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_cnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_cnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-evp_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-evp_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-evp_cnf.o: ../../include/openssl/x509v3.h ../cryptlib.h evp_cnf.c
-evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_enc.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-evp_enc.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h
-evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-evp_err.o: ../../include/openssl/symhacks.h evp_err.c
-evp_key.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_key.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-evp_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_key.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-evp_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-evp_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_key.o: ../../include/openssl/ui.h ../../include/openssl/x509.h
-evp_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_key.c
-evp_lib.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-evp_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_lib.c
-evp_pbe.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_pbe.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_pbe.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-evp_pbe.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h evp_pbe.c
-evp_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-evp_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_pkey.o: ../../include/openssl/opensslconf.h
-evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-evp_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-evp_pkey.o: ../asn1/asn1_locl.h ../cryptlib.h evp_pkey.c
-m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-m_dss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_dss.o: ../cryptlib.h m_dss.c
-m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-m_dss1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_dss1.o: ../cryptlib.h m_dss1.c
-m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h
-m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-m_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-m_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-m_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_ecdsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_ecdsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_ecdsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_ecdsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_ecdsa.o: ../cryptlib.h m_ecdsa.c
-m_md2.o: ../../e_os.h ../../include/openssl/bio.h
-m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-m_md2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-m_md2.o: ../../include/openssl/symhacks.h ../cryptlib.h m_md2.c
-m_md4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_md4.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_md4.o: ../../include/openssl/lhash.h ../../include/openssl/md4.h
-m_md4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_md4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_md4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_md4.c
-m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_md5.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_md5.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h
-m_md5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_md5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_md5.c
-m_mdc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_mdc2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_mdc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h
-m_mdc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_mdc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_mdc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_mdc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_mdc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_mdc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-m_mdc2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-m_mdc2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_mdc2.c
-m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_null.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-m_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_null.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_null.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_null.c
-m_ripemd.o: ../../e_os.h ../../include/openssl/asn1.h
-m_ripemd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-m_ripemd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-m_ripemd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_ripemd.o: ../../include/openssl/opensslconf.h
-m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/ripemd.h
-m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h
-m_ripemd.o: m_ripemd.c
-m_sha.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_sha.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_sha.o: ../cryptlib.h evp_locl.h m_sha.c
-m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-m_sha1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
-m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_sha1.o: ../cryptlib.h m_sha1.c
-m_sigver.o: ../../e_os.h ../../include/openssl/asn1.h
-m_sigver.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-m_sigver.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-m_sigver.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-m_sigver.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_sigver.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_sigver.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_sigver.o: ../../include/openssl/opensslconf.h
-m_sigver.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_sigver.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-m_sigver.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_sigver.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_sigver.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h
-m_sigver.o: m_sigver.c
-m_wp.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_wp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_wp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_wp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_wp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_wp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_wp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_wp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_wp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-m_wp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_wp.o: ../../include/openssl/symhacks.h ../../include/openssl/whrlpool.h
-m_wp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_wp.o: ../cryptlib.h evp_locl.h m_wp.c
-names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-names.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-names.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-names.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-names.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-names.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-names.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-names.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-names.o: ../../include/openssl/x509_vfy.h ../cryptlib.h names.c
-p5_crpt.o: ../../e_os.h ../../include/openssl/asn1.h
-p5_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-p5_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-p5_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p5_crpt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-p5_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p5_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_crpt.o: ../cryptlib.h p5_crpt.c
-p5_crpt2.o: ../../e_os.h ../../include/openssl/asn1.h
-p5_crpt2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-p5_crpt2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-p5_crpt2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
-p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p5_crpt2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p5_crpt2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h
-p5_crpt2.o: p5_crpt2.c
-p_dec.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-p_dec.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_dec.c
-p_enc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-p_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_enc.c
-p_lib.o: ../../e_os.h ../../include/openssl/asn1.h
-p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
-p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-p_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-p_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-p_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-p_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p_lib.o: ../asn1/asn1_locl.h ../cryptlib.h p_lib.c
-p_open.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-p_open.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-p_open.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_open.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p_open.o: ../cryptlib.h p_open.c
-p_seal.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-p_seal.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_seal.c
-p_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-p_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_sign.c
-p_verify.o: ../../e_os.h ../../include/openssl/asn1.h
-p_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-p_verify.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-p_verify.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p_verify.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p_verify.o: ../../include/openssl/opensslconf.h
-p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_verify.c
-pmeth_fn.o: ../../e_os.h ../../include/openssl/asn1.h
-pmeth_fn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-pmeth_fn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-pmeth_fn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pmeth_fn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pmeth_fn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pmeth_fn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pmeth_fn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-pmeth_fn.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
-pmeth_fn.o: pmeth_fn.c
-pmeth_gn.o: ../../e_os.h ../../include/openssl/asn1.h
-pmeth_gn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-pmeth_gn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-pmeth_gn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-pmeth_gn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pmeth_gn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pmeth_gn.o: ../../include/openssl/opensslconf.h
-pmeth_gn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pmeth_gn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-pmeth_gn.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
-pmeth_gn.o: pmeth_gn.c
-pmeth_lib.o: ../../e_os.h ../../include/openssl/asn1.h
-pmeth_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-pmeth_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-pmeth_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-pmeth_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-pmeth_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pmeth_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pmeth_lib.o: ../../include/openssl/objects.h
-pmeth_lib.o: ../../include/openssl/opensslconf.h
-pmeth_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pmeth_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-pmeth_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pmeth_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pmeth_lib.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
-pmeth_lib.o: evp_locl.h pmeth_lib.c
diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c
index 5ad5a950352b..9f891f7626a6 100644
--- a/crypto/evp/bio_b64.c
+++ b/crypto/evp/bio_b64.c
@@ -1,77 +1,26 @@
-/* crypto/evp/bio_b64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <errno.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/buffer.h>
#include <openssl/evp.h>
+#include "internal/bio.h"
static int b64_write(BIO *h, const char *buf, int num);
static int b64_read(BIO *h, char *buf, int size);
static int b64_puts(BIO *h, const char *str);
-/*
- * static int b64_gets(BIO *h, char *str, int size);
- */
static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int b64_new(BIO *h);
static int b64_free(BIO *data);
-static long b64_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+static long b64_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
#define B64_BLOCK_SIZE 1024
#define B64_BLOCK_SIZE2 768
#define B64_NONE 0
@@ -89,14 +38,19 @@ typedef struct b64_struct {
int encode;
int start; /* have we started decoding yet? */
int cont; /* <= 0 when finished */
- EVP_ENCODE_CTX base64;
+ EVP_ENCODE_CTX *base64;
char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE) + 10];
char tmp[B64_BLOCK_SIZE];
} BIO_B64_CTX;
-static BIO_METHOD methods_b64 = {
- BIO_TYPE_BASE64, "base64 encoding",
+static const BIO_METHOD methods_b64 = {
+ BIO_TYPE_BASE64,
+ "base64 encoding",
+ /* TODO: Convert to new style write function */
+ bwrite_conv,
b64_write,
+ /* TODO: Convert to new style read function */
+ bread_conv,
b64_read,
b64_puts,
NULL, /* b64_gets, */
@@ -106,43 +60,51 @@ static BIO_METHOD methods_b64 = {
b64_callback_ctrl,
};
-BIO_METHOD *BIO_f_base64(void)
+
+const BIO_METHOD *BIO_f_base64(void)
{
- return (&methods_b64);
+ return &methods_b64;
}
static int b64_new(BIO *bi)
{
BIO_B64_CTX *ctx;
- ctx = (BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX));
- if (ctx == NULL)
- return (0);
+ if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+ EVPerr(EVP_F_B64_NEW, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
- ctx->buf_len = 0;
- ctx->tmp_len = 0;
- ctx->tmp_nl = 0;
- ctx->buf_off = 0;
ctx->cont = 1;
ctx->start = 1;
- ctx->encode = 0;
+ ctx->base64 = EVP_ENCODE_CTX_new();
+ if (ctx->base64 == NULL) {
+ OPENSSL_free(ctx);
+ return 0;
+ }
- bi->init = 1;
- bi->ptr = (char *)ctx;
- bi->flags = 0;
- bi->num = 0;
- return (1);
+ BIO_set_data(bi, ctx);
+ BIO_set_init(bi, 1);
+
+ return 1;
}
static int b64_free(BIO *a)
{
+ BIO_B64_CTX *ctx;
if (a == NULL)
- return (0);
- OPENSSL_free(a->ptr);
- a->ptr = NULL;
- a->init = 0;
- a->flags = 0;
- return (1);
+ return 0;
+
+ ctx = BIO_get_data(a);
+ if (ctx == NULL)
+ return 0;
+
+ EVP_ENCODE_CTX_free(ctx->base64);
+ OPENSSL_free(ctx);
+ BIO_set_data(a, NULL);
+ BIO_set_init(a, 0);
+
+ return 1;
}
static int b64_read(BIO *b, char *out, int outl)
@@ -150,13 +112,15 @@ static int b64_read(BIO *b, char *out, int outl)
int ret = 0, i, ii, j, k, x, n, num, ret_code = 0;
BIO_B64_CTX *ctx;
unsigned char *p, *q;
+ BIO *next;
if (out == NULL)
- return (0);
- ctx = (BIO_B64_CTX *)b->ptr;
+ return 0;
+ ctx = (BIO_B64_CTX *)BIO_get_data(b);
- if ((ctx == NULL) || (b->next_bio == NULL))
- return (0);
+ next = BIO_next(b);
+ if ((ctx == NULL) || (next == NULL))
+ return 0;
BIO_clear_retry_flags(b);
@@ -165,7 +129,7 @@ static int b64_read(BIO *b, char *out, int outl)
ctx->buf_len = 0;
ctx->buf_off = 0;
ctx->tmp_len = 0;
- EVP_DecodeInit(&(ctx->base64));
+ EVP_DecodeInit(ctx->base64);
}
/* First check if there are bytes decoded/encoded */
@@ -196,14 +160,14 @@ static int b64_read(BIO *b, char *out, int outl)
if (ctx->cont <= 0)
break;
- i = BIO_read(b->next_bio, &(ctx->tmp[ctx->tmp_len]),
+ i = BIO_read(next, &(ctx->tmp[ctx->tmp_len]),
B64_BLOCK_SIZE - ctx->tmp_len);
if (i <= 0) {
ret_code = i;
/* Should we continue next time we are called? */
- if (!BIO_should_retry(b->next_bio)) {
+ if (!BIO_should_retry(next)) {
ctx->cont = i;
/* If buffer empty break */
if (ctx->tmp_len == 0)
@@ -244,11 +208,11 @@ static int b64_read(BIO *b, char *out, int outl)
continue;
}
- k = EVP_DecodeUpdate(&(ctx->base64),
+ k = EVP_DecodeUpdate(ctx->base64,
(unsigned char *)ctx->buf,
&num, p, q - p);
if ((k <= 0) && (num == 0) && (ctx->start))
- EVP_DecodeInit(&ctx->base64);
+ EVP_DecodeInit(ctx->base64);
else {
if (p != (unsigned char *)
&(ctx->tmp[0])) {
@@ -257,7 +221,7 @@ static int b64_read(BIO *b, char *out, int outl)
for (x = 0; x < i; x++)
ctx->tmp[x] = p[x];
}
- EVP_DecodeInit(&ctx->base64);
+ EVP_DecodeInit(ctx->base64);
ctx->start = 0;
break;
}
@@ -298,11 +262,7 @@ static int b64_read(BIO *b, char *out, int outl)
if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
int z, jj;
-#if 0
- jj = (i >> 2) << 2;
-#else
jj = i & ~3; /* process per 4 */
-#endif
z = EVP_DecodeBlock((unsigned char *)ctx->buf,
(unsigned char *)ctx->tmp, jj);
if (jj > 2) {
@@ -325,7 +285,7 @@ static int b64_read(BIO *b, char *out, int outl)
}
i = z;
} else {
- i = EVP_DecodeUpdate(&(ctx->base64),
+ i = EVP_DecodeUpdate(ctx->base64,
(unsigned char *)ctx->buf, &ctx->buf_len,
(unsigned char *)ctx->tmp, i);
ctx->tmp_len = 0;
@@ -371,8 +331,13 @@ static int b64_write(BIO *b, const char *in, int inl)
int n;
int i;
BIO_B64_CTX *ctx;
+ BIO *next;
+
+ ctx = (BIO_B64_CTX *)BIO_get_data(b);
+ next = BIO_next(b);
+ if ((ctx == NULL) || (next == NULL))
+ return 0;
- ctx = (BIO_B64_CTX *)b->ptr;
BIO_clear_retry_flags(b);
if (ctx->encode != B64_ENCODE) {
@@ -380,7 +345,7 @@ static int b64_write(BIO *b, const char *in, int inl)
ctx->buf_len = 0;
ctx->buf_off = 0;
ctx->tmp_len = 0;
- EVP_EncodeInit(&(ctx->base64));
+ EVP_EncodeInit(ctx->base64);
}
OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf));
@@ -388,10 +353,10 @@ static int b64_write(BIO *b, const char *in, int inl)
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
n = ctx->buf_len - ctx->buf_off;
while (n > 0) {
- i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
+ i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
if (i <= 0) {
BIO_copy_next_retry(b);
- return (i);
+ return i;
}
OPENSSL_assert(i <= n);
ctx->buf_off += i;
@@ -404,7 +369,7 @@ static int b64_write(BIO *b, const char *in, int inl)
ctx->buf_len = 0;
if ((in == NULL) || (inl <= 0))
- return (0);
+ return 0;
while (inl > 0) {
n = (inl > B64_BLOCK_SIZE) ? B64_BLOCK_SIZE : inl;
@@ -449,9 +414,10 @@ static int b64_write(BIO *b, const char *in, int inl)
ret += n;
}
} else {
- EVP_EncodeUpdate(&(ctx->base64),
- (unsigned char *)ctx->buf, &ctx->buf_len,
- (unsigned char *)in, n);
+ if (!EVP_EncodeUpdate(ctx->base64,
+ (unsigned char *)ctx->buf, &ctx->buf_len,
+ (unsigned char *)in, n))
+ return ((ret == 0) ? -1 : ret);
OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
ret += n;
@@ -462,7 +428,7 @@ static int b64_write(BIO *b, const char *in, int inl)
ctx->buf_off = 0;
n = ctx->buf_len;
while (n > 0) {
- i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
+ i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
if (i <= 0) {
BIO_copy_next_retry(b);
return ((ret == 0) ? i : ret);
@@ -476,7 +442,7 @@ static int b64_write(BIO *b, const char *in, int inl)
ctx->buf_len = 0;
ctx->buf_off = 0;
}
- return (ret);
+ return ret;
}
static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -484,36 +450,40 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
BIO_B64_CTX *ctx;
long ret = 1;
int i;
+ BIO *next;
- ctx = (BIO_B64_CTX *)b->ptr;
+ ctx = (BIO_B64_CTX *)BIO_get_data(b);
+ next = BIO_next(b);
+ if ((ctx == NULL) || (next == NULL))
+ return 0;
switch (cmd) {
case BIO_CTRL_RESET:
ctx->cont = 1;
ctx->start = 1;
ctx->encode = B64_NONE;
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
break;
case BIO_CTRL_EOF: /* More to read */
if (ctx->cont <= 0)
ret = 1;
else
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
break;
case BIO_CTRL_WPENDING: /* More to write in buffer */
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
ret = ctx->buf_len - ctx->buf_off;
if ((ret == 0) && (ctx->encode != B64_NONE)
- && (ctx->base64.num != 0))
+ && (EVP_ENCODE_CTX_num(ctx->base64) != 0))
ret = 1;
else if (ret <= 0)
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
break;
case BIO_CTRL_PENDING: /* More to read in buffer */
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
ret = ctx->buf_len - ctx->buf_off;
if (ret <= 0)
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
break;
case BIO_CTRL_FLUSH:
/* do a final write */
@@ -532,20 +502,21 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
ctx->tmp_len = 0;
goto again;
}
- } else if (ctx->encode != B64_NONE && ctx->base64.num != 0) {
+ } else if (ctx->encode != B64_NONE
+ && EVP_ENCODE_CTX_num(ctx->base64) != 0) {
ctx->buf_off = 0;
- EVP_EncodeFinal(&(ctx->base64),
+ EVP_EncodeFinal(ctx->base64,
(unsigned char *)ctx->buf, &(ctx->buf_len));
/* push out the bytes */
goto again;
}
/* Finally flush the underlying BIO */
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
break;
case BIO_C_DO_STATE_MACHINE:
BIO_clear_retry_flags(b);
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
BIO_copy_next_retry(b);
break;
@@ -555,24 +526,25 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_CTRL_GET:
case BIO_CTRL_SET:
default:
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
break;
}
- return (ret);
+ return ret;
}
-static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+static long b64_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
{
long ret = 1;
+ BIO *next = BIO_next(b);
- if (b->next_bio == NULL)
- return (0);
+ if (next == NULL)
+ return 0;
switch (cmd) {
default:
- ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+ ret = BIO_callback_ctrl(next, cmd, fp);
break;
}
- return (ret);
+ return ret;
}
static int b64_puts(BIO *b, const char *str)
diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c
index 0806f233b67d..6639061eae9a 100644
--- a/crypto/evp/bio_enc.c
+++ b/crypto/evp/bio_enc.c
@@ -1,81 +1,28 @@
-/* crypto/evp/bio_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <errno.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/buffer.h>
#include <openssl/evp.h>
+#include "internal/bio.h"
static int enc_write(BIO *h, const char *buf, int num);
static int enc_read(BIO *h, char *buf, int size);
-/*
- * static int enc_puts(BIO *h, const char *str);
- */
-/*
- * static int enc_gets(BIO *h, char *str, int size);
- */
static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int enc_new(BIO *h);
static int enc_free(BIO *data);
-static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps);
+static long enc_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fps);
#define ENC_BLOCK_SIZE (1024*4)
-#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2)
+#define ENC_MIN_CHUNK (256)
+#define BUF_OFFSET (ENC_MIN_CHUNK + EVP_MAX_BLOCK_LENGTH)
typedef struct enc_struct {
int buf_len;
@@ -83,17 +30,23 @@ typedef struct enc_struct {
int cont; /* <= 0 when finished */
int finished;
int ok; /* bad decrypt */
- EVP_CIPHER_CTX cipher;
+ EVP_CIPHER_CTX *cipher;
+ unsigned char *read_start, *read_end;
/*
* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return
* up to a block more data than is presented to it
*/
- char buf[ENC_BLOCK_SIZE + BUF_OFFSET + 2];
+ unsigned char buf[BUF_OFFSET + ENC_BLOCK_SIZE];
} BIO_ENC_CTX;
-static BIO_METHOD methods_enc = {
- BIO_TYPE_CIPHER, "cipher",
+static const BIO_METHOD methods_enc = {
+ BIO_TYPE_CIPHER,
+ "cipher",
+ /* TODO: Convert to new style write function */
+ bwrite_conv,
enc_write,
+ /* TODO: Convert to new style read function */
+ bread_conv,
enc_read,
NULL, /* enc_puts, */
NULL, /* enc_gets, */
@@ -103,30 +56,32 @@ static BIO_METHOD methods_enc = {
enc_callback_ctrl,
};
-BIO_METHOD *BIO_f_cipher(void)
+const BIO_METHOD *BIO_f_cipher(void)
{
- return (&methods_enc);
+ return &methods_enc;
}
static int enc_new(BIO *bi)
{
BIO_ENC_CTX *ctx;
- ctx = (BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX));
- if (ctx == NULL)
- return (0);
- EVP_CIPHER_CTX_init(&ctx->cipher);
+ if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+ EVPerr(EVP_F_ENC_NEW, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
- ctx->buf_len = 0;
- ctx->buf_off = 0;
+ ctx->cipher = EVP_CIPHER_CTX_new();
+ if (ctx->cipher == NULL) {
+ OPENSSL_free(ctx);
+ return 0;
+ }
ctx->cont = 1;
- ctx->finished = 0;
ctx->ok = 1;
+ ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]);
+ BIO_set_data(bi, ctx);
+ BIO_set_init(bi, 1);
- bi->init = 0;
- bi->ptr = (char *)ctx;
- bi->flags = 0;
- return (1);
+ return 1;
}
static int enc_free(BIO *a)
@@ -134,28 +89,33 @@ static int enc_free(BIO *a)
BIO_ENC_CTX *b;
if (a == NULL)
- return (0);
- b = (BIO_ENC_CTX *)a->ptr;
- EVP_CIPHER_CTX_cleanup(&(b->cipher));
- OPENSSL_cleanse(a->ptr, sizeof(BIO_ENC_CTX));
- OPENSSL_free(a->ptr);
- a->ptr = NULL;
- a->init = 0;
- a->flags = 0;
- return (1);
+ return 0;
+
+ b = BIO_get_data(a);
+ if (b == NULL)
+ return 0;
+
+ EVP_CIPHER_CTX_free(b->cipher);
+ OPENSSL_clear_free(b, sizeof(BIO_ENC_CTX));
+ BIO_set_data(a, NULL);
+ BIO_set_init(a, 0);
+
+ return 1;
}
static int enc_read(BIO *b, char *out, int outl)
{
- int ret = 0, i;
+ int ret = 0, i, blocksize;
BIO_ENC_CTX *ctx;
+ BIO *next;
if (out == NULL)
- return (0);
- ctx = (BIO_ENC_CTX *)b->ptr;
+ return 0;
+ ctx = BIO_get_data(b);
- if ((ctx == NULL) || (b->next_bio == NULL))
- return (0);
+ next = BIO_next(b);
+ if ((ctx == NULL) || (next == NULL))
+ return 0;
/* First check if there are bytes decoded/encoded */
if (ctx->buf_len > 0) {
@@ -173,6 +133,10 @@ static int enc_read(BIO *b, char *out, int outl)
}
}
+ blocksize = EVP_CIPHER_CTX_block_size(ctx->cipher);
+ if (blocksize == 1)
+ blocksize = 0;
+
/*
* At this point, we have room of outl bytes and an empty buffer, so we
* should read in some more.
@@ -182,18 +146,21 @@ static int enc_read(BIO *b, char *out, int outl)
if (ctx->cont <= 0)
break;
- /*
- * read in at IV offset, read the EVP_Cipher documentation about why
- */
- i = BIO_read(b->next_bio, &(ctx->buf[BUF_OFFSET]), ENC_BLOCK_SIZE);
+ if (ctx->read_start == ctx->read_end) { /* time to read more data */
+ ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]);
+ i = BIO_read(next, ctx->read_start, ENC_BLOCK_SIZE);
+ if (i > 0)
+ ctx->read_end += i;
+ } else {
+ i = ctx->read_end - ctx->read_start;
+ }
if (i <= 0) {
/* Should be continue next time we are called? */
- if (!BIO_should_retry(b->next_bio)) {
+ if (!BIO_should_retry(next)) {
ctx->cont = i;
- i = EVP_CipherFinal_ex(&(ctx->cipher),
- (unsigned char *)ctx->buf,
- &(ctx->buf_len));
+ i = EVP_CipherFinal_ex(ctx->cipher,
+ ctx->buf, &(ctx->buf_len));
ctx->ok = i;
ctx->buf_off = 0;
} else {
@@ -201,14 +168,40 @@ static int enc_read(BIO *b, char *out, int outl)
break;
}
} else {
- if (!EVP_CipherUpdate(&ctx->cipher,
- (unsigned char *)ctx->buf, &ctx->buf_len,
- (unsigned char *)&(ctx->buf[BUF_OFFSET]),
- i)) {
+ if (outl > ENC_MIN_CHUNK) {
+ /*
+ * Depending on flags block cipher decrypt can write
+ * one extra block and then back off, i.e. output buffer
+ * has to accommodate extra block...
+ */
+ int j = outl - blocksize, buf_len;
+
+ if (!EVP_CipherUpdate(ctx->cipher,
+ (unsigned char *)out, &buf_len,
+ ctx->read_start, i > j ? j : i)) {
+ BIO_clear_retry_flags(b);
+ return 0;
+ }
+ ret += buf_len;
+ out += buf_len;
+ outl -= buf_len;
+
+ if ((i -= j) <= 0) {
+ ctx->read_start = ctx->read_end;
+ continue;
+ }
+ ctx->read_start += j;
+ }
+ if (i > ENC_MIN_CHUNK)
+ i = ENC_MIN_CHUNK;
+ if (!EVP_CipherUpdate(ctx->cipher,
+ ctx->buf, &ctx->buf_len,
+ ctx->read_start, i)) {
BIO_clear_retry_flags(b);
ctx->ok = 0;
return 0;
}
+ ctx->read_start += i;
ctx->cont = 1;
/*
* Note: it is possible for EVP_CipherUpdate to decrypt zero
@@ -242,17 +235,22 @@ static int enc_write(BIO *b, const char *in, int inl)
{
int ret = 0, n, i;
BIO_ENC_CTX *ctx;
+ BIO *next;
+
+ ctx = BIO_get_data(b);
+ next = BIO_next(b);
+ if ((ctx == NULL) || (next == NULL))
+ return 0;
- ctx = (BIO_ENC_CTX *)b->ptr;
ret = inl;
BIO_clear_retry_flags(b);
n = ctx->buf_len - ctx->buf_off;
while (n > 0) {
- i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
+ i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
if (i <= 0) {
BIO_copy_next_retry(b);
- return (i);
+ return i;
}
ctx->buf_off += i;
n -= i;
@@ -260,14 +258,14 @@ static int enc_write(BIO *b, const char *in, int inl)
/* at this point all pending data has been written */
if ((in == NULL) || (inl <= 0))
- return (0);
+ return 0;
ctx->buf_off = 0;
while (inl > 0) {
n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl;
- if (!EVP_CipherUpdate(&ctx->cipher,
- (unsigned char *)ctx->buf, &ctx->buf_len,
- (unsigned char *)in, n)) {
+ if (!EVP_CipherUpdate(ctx->cipher,
+ ctx->buf, &ctx->buf_len,
+ (const unsigned char *)in, n)) {
BIO_clear_retry_flags(b);
ctx->ok = 0;
return 0;
@@ -278,7 +276,7 @@ static int enc_write(BIO *b, const char *in, int inl)
ctx->buf_off = 0;
n = ctx->buf_len;
while (n > 0) {
- i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
+ i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
if (i <= 0) {
BIO_copy_next_retry(b);
return (ret == inl) ? i : ret - inl;
@@ -290,7 +288,7 @@ static int enc_write(BIO *b, const char *in, int inl)
ctx->buf_off = 0;
}
BIO_copy_next_retry(b);
- return (ret);
+ return ret;
}
static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -300,32 +298,37 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
long ret = 1;
int i;
EVP_CIPHER_CTX **c_ctx;
+ BIO *next;
- ctx = (BIO_ENC_CTX *)b->ptr;
+ ctx = BIO_get_data(b);
+ next = BIO_next(b);
+ if (ctx == NULL)
+ return 0;
switch (cmd) {
case BIO_CTRL_RESET:
ctx->ok = 1;
ctx->finished = 0;
- EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL,
- ctx->cipher.encrypt);
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ if (!EVP_CipherInit_ex(ctx->cipher, NULL, NULL, NULL, NULL,
+ EVP_CIPHER_CTX_encrypting(ctx->cipher)))
+ return 0;
+ ret = BIO_ctrl(next, cmd, num, ptr);
break;
case BIO_CTRL_EOF: /* More to read */
if (ctx->cont <= 0)
ret = 1;
else
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
break;
case BIO_CTRL_WPENDING:
ret = ctx->buf_len - ctx->buf_off;
if (ret <= 0)
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
break;
case BIO_CTRL_PENDING: /* More to read in buffer */
ret = ctx->buf_len - ctx->buf_off;
if (ret <= 0)
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
break;
case BIO_CTRL_FLUSH:
/* do a final write */
@@ -339,7 +342,7 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
if (!ctx->finished) {
ctx->finished = 1;
ctx->buf_off = 0;
- ret = EVP_CipherFinal_ex(&(ctx->cipher),
+ ret = EVP_CipherFinal_ex(ctx->cipher,
(unsigned char *)ctx->buf,
&(ctx->buf_len));
ctx->ok = (int)ret;
@@ -351,87 +354,76 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
}
/* Finally flush the underlying BIO */
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
break;
case BIO_C_GET_CIPHER_STATUS:
ret = (long)ctx->ok;
break;
case BIO_C_DO_STATE_MACHINE:
BIO_clear_retry_flags(b);
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
BIO_copy_next_retry(b);
break;
case BIO_C_GET_CIPHER_CTX:
c_ctx = (EVP_CIPHER_CTX **)ptr;
- (*c_ctx) = &(ctx->cipher);
- b->init = 1;
+ *c_ctx = ctx->cipher;
+ BIO_set_init(b, 1);
break;
case BIO_CTRL_DUP:
dbio = (BIO *)ptr;
- dctx = (BIO_ENC_CTX *)dbio->ptr;
- EVP_CIPHER_CTX_init(&dctx->cipher);
- ret = EVP_CIPHER_CTX_copy(&dctx->cipher, &ctx->cipher);
+ dctx = BIO_get_data(dbio);
+ dctx->cipher = EVP_CIPHER_CTX_new();
+ if (dctx->cipher == NULL)
+ return 0;
+ ret = EVP_CIPHER_CTX_copy(dctx->cipher, ctx->cipher);
if (ret)
- dbio->init = 1;
+ BIO_set_init(dbio, 1);
break;
default:
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
break;
}
- return (ret);
+ return ret;
}
-static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+static long enc_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
{
long ret = 1;
+ BIO *next = BIO_next(b);
- if (b->next_bio == NULL)
- return (0);
+ if (next == NULL)
+ return 0;
switch (cmd) {
default:
- ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+ ret = BIO_callback_ctrl(next, cmd, fp);
break;
}
- return (ret);
+ return ret;
}
-/*-
-void BIO_set_cipher_ctx(b,c)
-BIO *b;
-EVP_CIPHER_ctx *c;
- {
- if (b == NULL) return;
-
- if ((b->callback != NULL) &&
- (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
- return;
-
- b->init=1;
- ctx=(BIO_ENC_CTX *)b->ptr;
- memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));
-
- if (b->callback != NULL)
- b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
- }
-*/
-
-void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
- const unsigned char *i, int e)
+int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
+ const unsigned char *i, int e)
{
BIO_ENC_CTX *ctx;
+ long (*callback) (struct bio_st *, int, const char *, int, long, long);
- if (b == NULL)
- return;
+ ctx = BIO_get_data(b);
+ if (ctx == NULL)
+ return 0;
+
+ callback = BIO_get_callback(b);
+
+ if ((callback != NULL) &&
+ (callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e,
+ 0L) <= 0))
+ return 0;
- if ((b->callback != NULL) &&
- (b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 0L) <=
- 0))
- return;
+ BIO_set_init(b, 1);
- b->init = 1;
- ctx = (BIO_ENC_CTX *)b->ptr;
- EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e);
+ if (!EVP_CipherInit_ex(ctx->cipher, c, NULL, k, i, e))
+ return 0;
- if (b->callback != NULL)
- b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L);
+ if (callback != NULL)
+ return callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L);
+ return 1;
}
diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c
index f0b0c0c0a7a8..288dee01b220 100644
--- a/crypto/evp/bio_md.c
+++ b/crypto/evp/bio_md.c
@@ -1,66 +1,20 @@
-/* crypto/evp/bio_md.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <errno.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/buffer.h>
#include <openssl/evp.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+#include "internal/bio.h"
/*
* BIO_put and BIO_get both add to the digest, BIO_gets returns the digest
@@ -68,18 +22,20 @@
static int md_write(BIO *h, char const *buf, int num);
static int md_read(BIO *h, char *buf, int size);
-/*
- * static int md_puts(BIO *h, const char *str);
- */
static int md_gets(BIO *h, char *str, int size);
static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int md_new(BIO *h);
static int md_free(BIO *data);
-static long md_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+static long md_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
-static BIO_METHOD methods_md = {
- BIO_TYPE_MD, "message digest",
+static const BIO_METHOD methods_md = {
+ BIO_TYPE_MD,
+ "message digest",
+ /* TODO: Convert to new style write function */
+ bwrite_conv,
md_write,
+ /* TODO: Convert to new style read function */
+ bread_conv,
md_read,
NULL, /* md_puts, */
md_gets,
@@ -89,73 +45,79 @@ static BIO_METHOD methods_md = {
md_callback_ctrl,
};
-BIO_METHOD *BIO_f_md(void)
+const BIO_METHOD *BIO_f_md(void)
{
- return (&methods_md);
+ return &methods_md;
}
static int md_new(BIO *bi)
{
EVP_MD_CTX *ctx;
- ctx = EVP_MD_CTX_create();
+ ctx = EVP_MD_CTX_new();
if (ctx == NULL)
- return (0);
+ return 0;
- bi->init = 0;
- bi->ptr = (char *)ctx;
- bi->flags = 0;
- return (1);
+ BIO_set_init(bi, 1);
+ BIO_set_data(bi, ctx);
+
+ return 1;
}
static int md_free(BIO *a)
{
if (a == NULL)
- return (0);
- EVP_MD_CTX_destroy(a->ptr);
- a->ptr = NULL;
- a->init = 0;
- a->flags = 0;
- return (1);
+ return 0;
+ EVP_MD_CTX_free(BIO_get_data(a));
+ BIO_set_data(a, NULL);
+ BIO_set_init(a, 0);
+
+ return 1;
}
static int md_read(BIO *b, char *out, int outl)
{
int ret = 0;
EVP_MD_CTX *ctx;
+ BIO *next;
if (out == NULL)
- return (0);
- ctx = b->ptr;
+ return 0;
- if ((ctx == NULL) || (b->next_bio == NULL))
- return (0);
+ ctx = BIO_get_data(b);
+ next = BIO_next(b);
- ret = BIO_read(b->next_bio, out, outl);
- if (b->init) {
+ if ((ctx == NULL) || (next == NULL))
+ return 0;
+
+ ret = BIO_read(next, out, outl);
+ if (BIO_get_init(b)) {
if (ret > 0) {
if (EVP_DigestUpdate(ctx, (unsigned char *)out,
(unsigned int)ret) <= 0)
- return (-1);
+ return -1;
}
}
BIO_clear_retry_flags(b);
BIO_copy_next_retry(b);
- return (ret);
+ return ret;
}
static int md_write(BIO *b, const char *in, int inl)
{
int ret = 0;
EVP_MD_CTX *ctx;
+ BIO *next;
if ((in == NULL) || (inl <= 0))
- return (0);
- ctx = b->ptr;
+ return 0;
+
+ ctx = BIO_get_data(b);
+ next = BIO_next(b);
+ if ((ctx != NULL) && (next != NULL))
+ ret = BIO_write(next, in, inl);
- if ((ctx != NULL) && (b->next_bio != NULL))
- ret = BIO_write(b->next_bio, in, inl);
- if (b->init) {
+ if (BIO_get_init(b)) {
if (ret > 0) {
if (!EVP_DigestUpdate(ctx, (const unsigned char *)in,
(unsigned int)ret)) {
@@ -164,11 +126,11 @@ static int md_write(BIO *b, const char *in, int inl)
}
}
}
- if (b->next_bio != NULL) {
+ if (next != NULL) {
BIO_clear_retry_flags(b);
BIO_copy_next_retry(b);
}
- return (ret);
+ return ret;
}
static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -177,21 +139,23 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
const EVP_MD **ppmd;
EVP_MD *md;
long ret = 1;
- BIO *dbio;
+ BIO *dbio, *next;
+
- ctx = b->ptr;
+ ctx = BIO_get_data(b);
+ next = BIO_next(b);
switch (cmd) {
case BIO_CTRL_RESET:
- if (b->init)
+ if (BIO_get_init(b))
ret = EVP_DigestInit_ex(ctx, ctx->digest, NULL);
else
ret = 0;
if (ret > 0)
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
break;
case BIO_C_GET_MD:
- if (b->init) {
+ if (BIO_get_init(b)) {
ppmd = ptr;
*ppmd = ctx->digest;
} else
@@ -200,17 +164,17 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_C_GET_MD_CTX:
pctx = ptr;
*pctx = ctx;
- b->init = 1;
+ BIO_set_init(b, 1);
break;
case BIO_C_SET_MD_CTX:
- if (b->init)
- b->ptr = ptr;
+ if (BIO_get_init(b))
+ BIO_set_data(b, ptr);
else
ret = 0;
break;
case BIO_C_DO_STATE_MACHINE:
BIO_clear_retry_flags(b);
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
BIO_copy_next_retry(b);
break;
@@ -218,34 +182,38 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
md = ptr;
ret = EVP_DigestInit_ex(ctx, md, NULL);
if (ret > 0)
- b->init = 1;
+ BIO_set_init(b, 1);
break;
case BIO_CTRL_DUP:
dbio = ptr;
- dctx = dbio->ptr;
+ dctx = BIO_get_data(dbio);
if (!EVP_MD_CTX_copy_ex(dctx, ctx))
return 0;
- b->init = 1;
+ BIO_set_init(b, 1);
break;
default:
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
break;
}
- return (ret);
+ return ret;
}
-static long md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+static long md_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
{
long ret = 1;
+ BIO *next;
+
+ next = BIO_next(b);
+
+ if (next == NULL)
+ return 0;
- if (b->next_bio == NULL)
- return (0);
switch (cmd) {
default:
- ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+ ret = BIO_callback_ctrl(next, cmd, fp);
break;
}
- return (ret);
+ return ret;
}
static int md_gets(BIO *bp, char *buf, int size)
@@ -253,20 +221,13 @@ static int md_gets(BIO *bp, char *buf, int size)
EVP_MD_CTX *ctx;
unsigned int ret;
- ctx = bp->ptr;
+ ctx = BIO_get_data(bp);
+
if (size < ctx->digest->md_size)
- return (0);
+ return 0;
+
if (EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret) <= 0)
return -1;
- return ((int)ret);
+ return (int)ret;
}
-
-/*-
-static int md_puts(bp,str)
-BIO *bp;
-char *str;
- {
- return(-1);
- }
-*/
diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c
index 16e151f11017..a0462219beb7 100644
--- a/crypto/evp/bio_ok.c
+++ b/crypto/evp/bio_ok.c
@@ -1,63 +1,14 @@
-/* crypto/evp/bio_ok.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
/*-
- From: Arne Ansper <arne@cyber.ee>
+ From: Arne Ansper
Why BIO_f_reliable?
@@ -120,23 +71,24 @@
#include <stdio.h>
#include <errno.h>
#include <assert.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/buffer.h>
-#include <openssl/bio.h>
+#include "internal/bio.h"
#include <openssl/evp.h>
#include <openssl/rand.h>
+#include "internal/evp_int.h"
static int ok_write(BIO *h, const char *buf, int num);
static int ok_read(BIO *h, char *buf, int size);
static long ok_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int ok_new(BIO *h);
static int ok_free(BIO *data);
-static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+static long ok_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
-static int sig_out(BIO *b);
-static int sig_in(BIO *b);
-static int block_out(BIO *b);
-static int block_in(BIO *b);
+static __owur int sig_out(BIO *b);
+static __owur int sig_in(BIO *b);
+static __owur int block_out(BIO *b);
+static __owur int block_in(BIO *b);
#define OK_BLOCK_SIZE (1024*4)
#define OK_BLOCK_BLOCK 4
#define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)
@@ -149,15 +101,20 @@ typedef struct ok_struct {
size_t buf_off_save;
int cont; /* <= 0 when finished */
int finished;
- EVP_MD_CTX md;
+ EVP_MD_CTX *md;
int blockout; /* output block is ready */
int sigio; /* must process signature */
unsigned char buf[IOBS];
} BIO_OK_CTX;
-static BIO_METHOD methods_ok = {
- BIO_TYPE_CIPHER, "reliable",
+static const BIO_METHOD methods_ok = {
+ BIO_TYPE_CIPHER,
+ "reliable",
+ /* TODO: Convert to new style write function */
+ bwrite_conv,
ok_write,
+ /* TODO: Convert to new style read function */
+ bread_conv,
ok_read,
NULL, /* ok_puts, */
NULL, /* ok_gets, */
@@ -167,60 +124,64 @@ static BIO_METHOD methods_ok = {
ok_callback_ctrl,
};
-BIO_METHOD *BIO_f_reliable(void)
+const BIO_METHOD *BIO_f_reliable(void)
{
- return (&methods_ok);
+ return &methods_ok;
}
static int ok_new(BIO *bi)
{
BIO_OK_CTX *ctx;
- ctx = (BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX));
- if (ctx == NULL)
- return (0);
+ if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+ EVPerr(EVP_F_OK_NEW, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
- ctx->buf_len = 0;
- ctx->buf_off = 0;
- ctx->buf_len_save = 0;
- ctx->buf_off_save = 0;
ctx->cont = 1;
- ctx->finished = 0;
- ctx->blockout = 0;
ctx->sigio = 1;
+ ctx->md = EVP_MD_CTX_new();
+ if (ctx->md == NULL) {
+ OPENSSL_free(ctx);
+ return 0;
+ }
+ BIO_set_init(bi, 0);
+ BIO_set_data(bi, ctx);
- EVP_MD_CTX_init(&ctx->md);
-
- bi->init = 0;
- bi->ptr = (char *)ctx;
- bi->flags = 0;
- return (1);
+ return 1;
}
static int ok_free(BIO *a)
{
+ BIO_OK_CTX *ctx;
+
if (a == NULL)
- return (0);
- EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);
- OPENSSL_cleanse(a->ptr, sizeof(BIO_OK_CTX));
- OPENSSL_free(a->ptr);
- a->ptr = NULL;
- a->init = 0;
- a->flags = 0;
- return (1);
+ return 0;
+
+ ctx = BIO_get_data(a);
+
+ EVP_MD_CTX_free(ctx->md);
+ OPENSSL_clear_free(ctx, sizeof(BIO_OK_CTX));
+ BIO_set_data(a, NULL);
+ BIO_set_init(a, 0);
+
+ return 1;
}
static int ok_read(BIO *b, char *out, int outl)
{
int ret = 0, i, n;
BIO_OK_CTX *ctx;
+ BIO *next;
if (out == NULL)
- return (0);
- ctx = (BIO_OK_CTX *)b->ptr;
+ return 0;
+
+ ctx = BIO_get_data(b);
+ next = BIO_next(b);
- if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0))
- return (0);
+ if ((ctx == NULL) || (next == NULL) || (BIO_get_init(b) == 0))
+ return 0;
while (outl > 0) {
@@ -259,7 +220,7 @@ static int ok_read(BIO *b, char *out, int outl)
/* no clean bytes in buffer -- fill it */
n = IOBS - ctx->buf_len;
- i = BIO_read(b->next_bio, &(ctx->buf[ctx->buf_len]), n);
+ i = BIO_read(next, &(ctx->buf[ctx->buf_len]), n);
if (i <= 0)
break; /* nothing new */
@@ -290,22 +251,24 @@ static int ok_read(BIO *b, char *out, int outl)
BIO_clear_retry_flags(b);
BIO_copy_next_retry(b);
- return (ret);
+ return ret;
}
static int ok_write(BIO *b, const char *in, int inl)
{
int ret = 0, n, i;
BIO_OK_CTX *ctx;
+ BIO *next;
if (inl <= 0)
return inl;
- ctx = (BIO_OK_CTX *)b->ptr;
+ ctx = BIO_get_data(b);
+ next = BIO_next(b);
ret = inl;
- if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0))
- return (0);
+ if ((ctx == NULL) || (next == NULL) || (BIO_get_init(b) == 0))
+ return 0;
if (ctx->sigio && !sig_out(b))
return 0;
@@ -314,12 +277,12 @@ static int ok_write(BIO *b, const char *in, int inl)
BIO_clear_retry_flags(b);
n = ctx->buf_len - ctx->buf_off;
while (ctx->blockout && n > 0) {
- i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
+ i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
if (i <= 0) {
BIO_copy_next_retry(b);
if (!BIO_should_retry(b))
ctx->cont = 0;
- return (i);
+ return i;
}
ctx->buf_off += i;
n -= i;
@@ -333,13 +296,12 @@ static int ok_write(BIO *b, const char *in, int inl)
}
if ((in == NULL) || (inl <= 0))
- return (0);
+ return 0;
n = (inl + ctx->buf_len > OK_BLOCK_SIZE + OK_BLOCK_BLOCK) ?
(int)(OK_BLOCK_SIZE + OK_BLOCK_BLOCK - ctx->buf_len) : inl;
- memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),
- (unsigned char *)in, n);
+ memcpy(&ctx->buf[ctx->buf_len], in, n);
ctx->buf_len += n;
inl -= n;
in += n;
@@ -354,7 +316,7 @@ static int ok_write(BIO *b, const char *in, int inl)
BIO_clear_retry_flags(b);
BIO_copy_next_retry(b);
- return (ret);
+ return ret;
}
static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -364,8 +326,10 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
const EVP_MD **ppmd;
long ret = 1;
int i;
+ BIO *next;
- ctx = b->ptr;
+ ctx = BIO_get_data(b);
+ next = BIO_next(b);
switch (cmd) {
case BIO_CTRL_RESET:
@@ -377,19 +341,19 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
ctx->finished = 0;
ctx->blockout = 0;
ctx->sigio = 1;
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
break;
case BIO_CTRL_EOF: /* More to read */
if (ctx->cont <= 0)
ret = 1;
else
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
break;
case BIO_CTRL_PENDING: /* More to read in buffer */
case BIO_CTRL_WPENDING: /* More to read in buffer */
ret = ctx->blockout ? ctx->buf_len - ctx->buf_off : 0;
if (ret <= 0)
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
break;
case BIO_CTRL_FLUSH:
/* do a final write */
@@ -410,11 +374,11 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
ctx->cont = (int)ret;
/* Finally flush the underlying BIO */
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
break;
case BIO_C_DO_STATE_MACHINE:
BIO_clear_retry_flags(b);
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
BIO_copy_next_retry(b);
break;
case BIO_CTRL_INFO:
@@ -422,36 +386,41 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
break;
case BIO_C_SET_MD:
md = ptr;
- if (!EVP_DigestInit_ex(&ctx->md, md, NULL))
+ if (!EVP_DigestInit_ex(ctx->md, md, NULL))
return 0;
- b->init = 1;
+ BIO_set_init(b, 1);
break;
case BIO_C_GET_MD:
- if (b->init) {
+ if (BIO_get_init(b)) {
ppmd = ptr;
- *ppmd = ctx->md.digest;
+ *ppmd = EVP_MD_CTX_md(ctx->md);
} else
ret = 0;
break;
default:
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
break;
}
- return (ret);
+ return ret;
}
-static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+static long ok_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
{
long ret = 1;
+ BIO *next;
+
+ next = BIO_next(b);
+
+ if (next == NULL)
+ return 0;
- if (b->next_bio == NULL)
- return (0);
switch (cmd) {
default:
- ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+ ret = BIO_callback_ctrl(next, cmd, fp);
break;
}
- return (ret);
+
+ return ret;
}
static void longswap(void *_ptr, size_t len)
@@ -478,30 +447,36 @@ static int sig_out(BIO *b)
{
BIO_OK_CTX *ctx;
EVP_MD_CTX *md;
+ const EVP_MD *digest;
+ int md_size;
+ void *md_data;
- ctx = b->ptr;
- md = &ctx->md;
+ ctx = BIO_get_data(b);
+ md = ctx->md;
+ digest = EVP_MD_CTX_md(md);
+ md_size = EVP_MD_size(digest);
+ md_data = EVP_MD_CTX_md_data(md);
- if (ctx->buf_len + 2 * md->digest->md_size > OK_BLOCK_SIZE)
+ if (ctx->buf_len + 2 * md_size > OK_BLOCK_SIZE)
return 1;
- if (!EVP_DigestInit_ex(md, md->digest, NULL))
+ if (!EVP_DigestInit_ex(md, digest, NULL))
goto berr;
/*
* FIXME: there's absolutely no guarantee this makes any sense at all,
* particularly now EVP_MD_CTX has been restructured.
*/
- if (RAND_bytes(md->md_data, md->digest->md_size) <= 0)
+ if (RAND_bytes(md_data, md_size) <= 0)
goto berr;
- memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
- longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
- ctx->buf_len += md->digest->md_size;
+ memcpy(&(ctx->buf[ctx->buf_len]), md_data, md_size);
+ longswap(&(ctx->buf[ctx->buf_len]), md_size);
+ ctx->buf_len += md_size;
if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
goto berr;
if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
goto berr;
- ctx->buf_len += md->digest->md_size;
+ ctx->buf_len += md_size;
ctx->blockout = 1;
ctx->sigio = 0;
return 1;
@@ -516,25 +491,31 @@ static int sig_in(BIO *b)
EVP_MD_CTX *md;
unsigned char tmp[EVP_MAX_MD_SIZE];
int ret = 0;
+ const EVP_MD *digest;
+ int md_size;
+ void *md_data;
- ctx = b->ptr;
- md = &ctx->md;
+ ctx = BIO_get_data(b);
+ md = ctx->md;
+ digest = EVP_MD_CTX_md(md);
+ md_size = EVP_MD_size(digest);
+ md_data = EVP_MD_CTX_md_data(md);
- if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md->digest->md_size)
+ if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md_size)
return 1;
- if (!EVP_DigestInit_ex(md, md->digest, NULL))
+ if (!EVP_DigestInit_ex(md, digest, NULL))
goto berr;
- memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size);
- longswap(md->md_data, md->digest->md_size);
- ctx->buf_off += md->digest->md_size;
+ memcpy(md_data, &(ctx->buf[ctx->buf_off]), md_size);
+ longswap(md_data, md_size);
+ ctx->buf_off += md_size;
if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
goto berr;
if (!EVP_DigestFinal_ex(md, tmp, NULL))
goto berr;
- ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
- ctx->buf_off += md->digest->md_size;
+ ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md_size) == 0;
+ ctx->buf_off += md_size;
if (ret == 1) {
ctx->sigio = 0;
if (ctx->buf_len != ctx->buf_off) {
@@ -557,9 +538,13 @@ static int block_out(BIO *b)
BIO_OK_CTX *ctx;
EVP_MD_CTX *md;
unsigned long tl;
+ const EVP_MD *digest;
+ int md_size;
- ctx = b->ptr;
- md = &ctx->md;
+ ctx = BIO_get_data(b);
+ md = ctx->md;
+ digest = EVP_MD_CTX_md(md);
+ md_size = EVP_MD_size(digest);
tl = ctx->buf_len - OK_BLOCK_BLOCK;
ctx->buf[0] = (unsigned char)(tl >> 24);
@@ -571,7 +556,7 @@ static int block_out(BIO *b)
goto berr;
if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
goto berr;
- ctx->buf_len += md->digest->md_size;
+ ctx->buf_len += md_size;
ctx->blockout = 1;
return 1;
berr:
@@ -585,9 +570,11 @@ static int block_in(BIO *b)
EVP_MD_CTX *md;
unsigned long tl = 0;
unsigned char tmp[EVP_MAX_MD_SIZE];
+ int md_size;
- ctx = b->ptr;
- md = &ctx->md;
+ ctx = BIO_get_data(b);
+ md = ctx->md;
+ md_size = EVP_MD_size(EVP_MD_CTX_md(md));
assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */
tl = ctx->buf[0];
@@ -598,7 +585,7 @@ static int block_in(BIO *b)
tl <<= 8;
tl |= ctx->buf[3];
- if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md->digest->md_size)
+ if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md_size)
return 1;
if (!EVP_DigestUpdate(md,
@@ -606,10 +593,9 @@ static int block_in(BIO *b)
goto berr;
if (!EVP_DigestFinal_ex(md, tmp, NULL))
goto berr;
- if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md->digest->md_size) ==
- 0) {
+ if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md_size) == 0) {
/* there might be parts from next block lurking around ! */
- ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md->digest->md_size;
+ ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md_size;
ctx->buf_len_save = ctx->buf_len;
ctx->buf_off = OK_BLOCK_BLOCK;
ctx->buf_len = tl + OK_BLOCK_BLOCK;
diff --git a/crypto/evp/build.info b/crypto/evp/build.info
new file mode 100644
index 000000000000..cc33ac3c4942
--- /dev/null
+++ b/crypto/evp/build.info
@@ -0,0 +1,25 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+ encode.c digest.c evp_enc.c evp_key.c evp_cnf.c \
+ e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
+ e_rc4.c e_aes.c names.c e_seed.c e_aria.c e_sm4.c \
+ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
+ m_null.c m_md2.c m_md4.c m_md5.c m_sha1.c m_wp.c \
+ m_md5_sha1.c m_mdc2.c m_ripemd.c m_sha3.c \
+ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
+ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
+ c_allc.c c_alld.c evp_lib.c bio_ok.c \
+ evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \
+ e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
+ e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
+ e_chacha20_poly1305.c cmeth_lib.c
+
+INCLUDE[e_aes.o]=.. ../modes
+INCLUDE[e_aes_cbc_hmac_sha1.o]=../modes
+INCLUDE[e_aes_cbc_hmac_sha256.o]=../modes
+INCLUDE[e_aria.o]=.. ../modes
+INCLUDE[e_camellia.o]=.. ../modes
+INCLUDE[e_sm4.o]=.. ../modes
+INCLUDE[e_des.o]=..
+INCLUDE[e_des3.o]=..
+INCLUDE[m_sha3.o]=..
diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c
deleted file mode 100644
index 719e34d22fde..000000000000
--- a/crypto/evp/c_all.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/* crypto/evp/c_all.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-
-#if 0
-# undef OpenSSL_add_all_algorithms
-
-void OpenSSL_add_all_algorithms(void)
-{
- OPENSSL_add_all_algorithms_noconf();
-}
-#endif
-
-void OPENSSL_add_all_algorithms_noconf(void)
-{
- /*
- * For the moment OPENSSL_cpuid_setup does something
- * only on IA-32, but we reserve the option for all
- * platforms...
- */
- OPENSSL_cpuid_setup();
- OpenSSL_add_all_ciphers();
- OpenSSL_add_all_digests();
-}
diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
index 280e58408f2b..086b3c4d51b4 100644
--- a/crypto/evp/c_allc.c
+++ b/crypto/evp/c_allc.c
@@ -1,68 +1,20 @@
-/* crypto/evp/c_allc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/evp.h>
+#include "internal/evp_int.h"
#include <openssl/pkcs12.h>
#include <openssl/objects.h>
-void OpenSSL_add_all_ciphers(void)
+void openssl_add_all_ciphers_int(void)
{
#ifndef OPENSSL_NO_DES
@@ -92,8 +44,13 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher(EVP_des_ecb());
EVP_add_cipher(EVP_des_ede());
+ EVP_add_cipher_alias(SN_des_ede_ecb, "DES-EDE-ECB");
+ EVP_add_cipher_alias(SN_des_ede_ecb, "des-ede-ecb");
EVP_add_cipher(EVP_des_ede3());
+ EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB");
+ EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb");
EVP_add_cipher(EVP_des_ede3_wrap());
+ EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap");
#endif
#ifndef OPENSSL_NO_RC4
@@ -122,6 +79,16 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher_alias(SN_seed_cbc, "seed");
#endif
+#ifndef OPENSSL_NO_SM4
+ EVP_add_cipher(EVP_sm4_ecb());
+ EVP_add_cipher(EVP_sm4_cbc());
+ EVP_add_cipher(EVP_sm4_cfb());
+ EVP_add_cipher(EVP_sm4_ofb());
+ EVP_add_cipher(EVP_sm4_ctr());
+ EVP_add_cipher_alias(SN_sm4_cbc, "SM4");
+ EVP_add_cipher_alias(SN_sm4_cbc, "sm4");
+#endif
+
#ifndef OPENSSL_NO_RC2
EVP_add_cipher(EVP_rc2_ecb());
EVP_add_cipher(EVP_rc2_cfb());
@@ -131,6 +98,9 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher(EVP_rc2_64_cbc());
EVP_add_cipher_alias(SN_rc2_cbc, "RC2");
EVP_add_cipher_alias(SN_rc2_cbc, "rc2");
+ EVP_add_cipher_alias(SN_rc2_cbc, "rc2-128");
+ EVP_add_cipher_alias(SN_rc2_64_cbc, "rc2-64");
+ EVP_add_cipher_alias(SN_rc2_40_cbc, "rc2-40");
#endif
#ifndef OPENSSL_NO_BF
@@ -163,7 +133,6 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher_alias(SN_rc5_cbc, "RC5");
#endif
-#ifndef OPENSSL_NO_AES
EVP_add_cipher(EVP_aes_128_ecb());
EVP_add_cipher(EVP_aes_128_cbc());
EVP_add_cipher(EVP_aes_128_cfb());
@@ -172,9 +141,14 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher(EVP_aes_128_ofb());
EVP_add_cipher(EVP_aes_128_ctr());
EVP_add_cipher(EVP_aes_128_gcm());
+#ifndef OPENSSL_NO_OCB
+ EVP_add_cipher(EVP_aes_128_ocb());
+#endif
EVP_add_cipher(EVP_aes_128_xts());
EVP_add_cipher(EVP_aes_128_ccm());
EVP_add_cipher(EVP_aes_128_wrap());
+ EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap");
+ EVP_add_cipher(EVP_aes_128_wrap_pad());
EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
EVP_add_cipher(EVP_aes_192_ecb());
@@ -185,8 +159,13 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher(EVP_aes_192_ofb());
EVP_add_cipher(EVP_aes_192_ctr());
EVP_add_cipher(EVP_aes_192_gcm());
+#ifndef OPENSSL_NO_OCB
+ EVP_add_cipher(EVP_aes_192_ocb());
+#endif
EVP_add_cipher(EVP_aes_192_ccm());
EVP_add_cipher(EVP_aes_192_wrap());
+ EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap");
+ EVP_add_cipher(EVP_aes_192_wrap_pad());
EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
EVP_add_cipher(EVP_aes_256_ecb());
@@ -197,19 +176,55 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher(EVP_aes_256_ofb());
EVP_add_cipher(EVP_aes_256_ctr());
EVP_add_cipher(EVP_aes_256_gcm());
+#ifndef OPENSSL_NO_OCB
+ EVP_add_cipher(EVP_aes_256_ocb());
+#endif
EVP_add_cipher(EVP_aes_256_xts());
EVP_add_cipher(EVP_aes_256_ccm());
EVP_add_cipher(EVP_aes_256_wrap());
+ EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap");
+ EVP_add_cipher(EVP_aes_256_wrap_pad());
EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
-# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
-# endif
-# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
-# endif
+
+#ifndef OPENSSL_NO_ARIA
+ EVP_add_cipher(EVP_aria_128_ecb());
+ EVP_add_cipher(EVP_aria_128_cbc());
+ EVP_add_cipher(EVP_aria_128_cfb());
+ EVP_add_cipher(EVP_aria_128_cfb1());
+ EVP_add_cipher(EVP_aria_128_cfb8());
+ EVP_add_cipher(EVP_aria_128_ctr());
+ EVP_add_cipher(EVP_aria_128_ofb());
+ EVP_add_cipher(EVP_aria_128_gcm());
+ EVP_add_cipher(EVP_aria_128_ccm());
+ EVP_add_cipher_alias(SN_aria_128_cbc, "ARIA128");
+ EVP_add_cipher_alias(SN_aria_128_cbc, "aria128");
+ EVP_add_cipher(EVP_aria_192_ecb());
+ EVP_add_cipher(EVP_aria_192_cbc());
+ EVP_add_cipher(EVP_aria_192_cfb());
+ EVP_add_cipher(EVP_aria_192_cfb1());
+ EVP_add_cipher(EVP_aria_192_cfb8());
+ EVP_add_cipher(EVP_aria_192_ctr());
+ EVP_add_cipher(EVP_aria_192_ofb());
+ EVP_add_cipher(EVP_aria_192_gcm());
+ EVP_add_cipher(EVP_aria_192_ccm());
+ EVP_add_cipher_alias(SN_aria_192_cbc, "ARIA192");
+ EVP_add_cipher_alias(SN_aria_192_cbc, "aria192");
+ EVP_add_cipher(EVP_aria_256_ecb());
+ EVP_add_cipher(EVP_aria_256_cbc());
+ EVP_add_cipher(EVP_aria_256_cfb());
+ EVP_add_cipher(EVP_aria_256_cfb1());
+ EVP_add_cipher(EVP_aria_256_cfb8());
+ EVP_add_cipher(EVP_aria_256_ctr());
+ EVP_add_cipher(EVP_aria_256_ofb());
+ EVP_add_cipher(EVP_aria_256_gcm());
+ EVP_add_cipher(EVP_aria_256_ccm());
+ EVP_add_cipher_alias(SN_aria_256_cbc, "ARIA256");
+ EVP_add_cipher_alias(SN_aria_256_cbc, "aria256");
#endif
#ifndef OPENSSL_NO_CAMELLIA
@@ -237,5 +252,15 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher(EVP_camellia_256_ofb());
EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256");
EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256");
+ EVP_add_cipher(EVP_camellia_128_ctr());
+ EVP_add_cipher(EVP_camellia_192_ctr());
+ EVP_add_cipher(EVP_camellia_256_ctr());
+#endif
+
+#ifndef OPENSSL_NO_CHACHA
+ EVP_add_cipher(EVP_chacha20());
+# ifndef OPENSSL_NO_POLY1305
+ EVP_add_cipher(EVP_chacha20_poly1305());
+# endif
#endif
}
diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c
index fdbe3ee0486a..1267531a7d23 100644
--- a/crypto/evp/c_alld.c
+++ b/crypto/evp/c_alld.c
@@ -1,114 +1,60 @@
-/* crypto/evp/c_alld.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/evp.h>
+#include "internal/evp_int.h"
#include <openssl/pkcs12.h>
#include <openssl/objects.h>
-void OpenSSL_add_all_digests(void)
+void openssl_add_all_digests_int(void)
{
#ifndef OPENSSL_NO_MD4
EVP_add_digest(EVP_md4());
#endif
#ifndef OPENSSL_NO_MD5
EVP_add_digest(EVP_md5());
- EVP_add_digest_alias(SN_md5, "ssl2-md5");
EVP_add_digest_alias(SN_md5, "ssl3-md5");
+ EVP_add_digest(EVP_md5_sha1());
#endif
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
- EVP_add_digest(EVP_sha());
-# ifndef OPENSSL_NO_DSA
- EVP_add_digest(EVP_dss());
-# endif
-#endif
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
EVP_add_digest(EVP_sha1());
EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
-# ifndef OPENSSL_NO_DSA
- EVP_add_digest(EVP_dss1());
- EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
- EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
- EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
-# endif
-# ifndef OPENSSL_NO_ECDSA
- EVP_add_digest(EVP_ecdsa());
-# endif
-#endif
#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
EVP_add_digest(EVP_mdc2());
#endif
-#ifndef OPENSSL_NO_RIPEMD
+#ifndef OPENSSL_NO_RMD160
EVP_add_digest(EVP_ripemd160());
EVP_add_digest_alias(SN_ripemd160, "ripemd");
EVP_add_digest_alias(SN_ripemd160, "rmd160");
#endif
-#ifndef OPENSSL_NO_SHA256
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
-#endif
-#ifndef OPENSSL_NO_SHA512
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
-#endif
+ EVP_add_digest(EVP_sha512_224());
+ EVP_add_digest(EVP_sha512_256());
#ifndef OPENSSL_NO_WHIRLPOOL
EVP_add_digest(EVP_whirlpool());
#endif
+#ifndef OPENSSL_NO_SM3
+ EVP_add_digest(EVP_sm3());
+#endif
+#ifndef OPENSSL_NO_BLAKE2
+ EVP_add_digest(EVP_blake2b512());
+ EVP_add_digest(EVP_blake2s256());
+#endif
+ EVP_add_digest(EVP_sha3_224());
+ EVP_add_digest(EVP_sha3_256());
+ EVP_add_digest(EVP_sha3_384());
+ EVP_add_digest(EVP_sha3_512());
+ EVP_add_digest(EVP_shake128());
+ EVP_add_digest(EVP_shake256());
}
diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c
new file mode 100644
index 000000000000..e2295c4dc589
--- /dev/null
+++ b/crypto/evp/cmeth_lib.c
@@ -0,0 +1,151 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+
+EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)
+{
+ EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER));
+
+ if (cipher != NULL) {
+ cipher->nid = cipher_type;
+ cipher->block_size = block_size;
+ cipher->key_len = key_len;
+ }
+ return cipher;
+}
+
+EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher)
+{
+ EVP_CIPHER *to = EVP_CIPHER_meth_new(cipher->nid, cipher->block_size,
+ cipher->key_len);
+
+ if (to != NULL)
+ memcpy(to, cipher, sizeof(*to));
+ return to;
+}
+
+void EVP_CIPHER_meth_free(EVP_CIPHER *cipher)
+{
+ OPENSSL_free(cipher);
+}
+
+int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len)
+{
+ cipher->iv_len = iv_len;
+ return 1;
+}
+
+int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags)
+{
+ cipher->flags = flags;
+ return 1;
+}
+
+int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size)
+{
+ cipher->ctx_size = ctx_size;
+ return 1;
+}
+
+int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
+ int (*init) (EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv,
+ int enc))
+{
+ cipher->init = init;
+ return 1;
+}
+
+int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
+ int (*do_cipher) (EVP_CIPHER_CTX *ctx,
+ unsigned char *out,
+ const unsigned char *in,
+ size_t inl))
+{
+ cipher->do_cipher = do_cipher;
+ return 1;
+}
+
+int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
+ int (*cleanup) (EVP_CIPHER_CTX *))
+{
+ cipher->cleanup = cleanup;
+ return 1;
+}
+
+int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher,
+ int (*set_asn1_parameters) (EVP_CIPHER_CTX *,
+ ASN1_TYPE *))
+{
+ cipher->set_asn1_parameters = set_asn1_parameters;
+ return 1;
+}
+
+int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher,
+ int (*get_asn1_parameters) (EVP_CIPHER_CTX *,
+ ASN1_TYPE *))
+{
+ cipher->get_asn1_parameters = get_asn1_parameters;
+ return 1;
+}
+
+int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
+ int (*ctrl) (EVP_CIPHER_CTX *, int type,
+ int arg, void *ptr))
+{
+ cipher->ctrl = ctrl;
+ return 1;
+}
+
+
+int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv,
+ int enc)
+{
+ return cipher->init;
+}
+int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+ unsigned char *out,
+ const unsigned char *in,
+ size_t inl)
+{
+ return cipher->do_cipher;
+}
+
+int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *)
+{
+ return cipher->cleanup;
+}
+
+int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+ ASN1_TYPE *)
+{
+ return cipher->set_asn1_parameters;
+}
+
+int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+ ASN1_TYPE *)
+{
+ return cipher->get_asn1_parameters;
+}
+
+int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+ int type, int arg,
+ void *ptr)
+{
+ return cipher->ctrl;
+}
+
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index d4274c5729b7..f78dab767865 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -1,173 +1,80 @@
-/* crypto/evp/digest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+
+/* This call frees resources associated with the context */
+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
+{
+ if (ctx == NULL)
+ return 1;
+
+ /*
+ * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
+ * sometimes only copies of the context are ever finalised.
+ */
+ if (ctx->digest && ctx->digest->cleanup
+ && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
+ ctx->digest->cleanup(ctx);
+ if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
+ && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
+ OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
+ }
+ /*
+ * pctx should be freed by the user of EVP_MD_CTX
+ * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set
+ */
+ if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
+ EVP_PKEY_CTX_free(ctx->pctx);
#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
+ ENGINE_finish(ctx->engine);
#endif
+ OPENSSL_cleanse(ctx, sizeof(*ctx));
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-# include "evp_locl.h"
-#endif
+ return 1;
+}
-void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
+EVP_MD_CTX *EVP_MD_CTX_new(void)
{
- memset(ctx, '\0', sizeof(*ctx));
+ return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
}
-EVP_MD_CTX *EVP_MD_CTX_create(void)
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
{
- EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
-
- if (ctx)
- EVP_MD_CTX_init(ctx);
-
- return ctx;
+ EVP_MD_CTX_reset(ctx);
+ OPENSSL_free(ctx);
}
int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
{
- EVP_MD_CTX_init(ctx);
+ EVP_MD_CTX_reset(ctx);
return EVP_DigestInit_ex(ctx, type, NULL);
}
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
{
EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
-#ifdef OPENSSL_FIPS
- /* If FIPS mode switch to approved implementation if possible */
- if (FIPS_mode()) {
- const EVP_MD *fipsmd;
- if (type) {
- fipsmd = evp_get_fips_md(type);
- if (fipsmd)
- type = fipsmd;
- }
- }
-#endif
#ifndef OPENSSL_NO_ENGINE
/*
* Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
* this context may already have an ENGINE! Try to avoid releasing the
* previous handle, re-querying for an ENGINE, and having a
- * reinitialisation, when it may all be unecessary.
+ * reinitialisation, when it may all be unnecessary.
*/
- if (ctx->engine && ctx->digest && (!type ||
- (type
- && (type->type ==
- ctx->digest->type))))
+ if (ctx->engine && ctx->digest &&
+ (type == NULL || (type->type == ctx->digest->type)))
goto skip_to_init;
if (type) {
/*
@@ -175,21 +82,21 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
* previous check attempted to avoid this if the same ENGINE and
* EVP_MD could be used).
*/
- if (ctx->engine)
- ENGINE_finish(ctx->engine);
- if (impl) {
+ ENGINE_finish(ctx->engine);
+ if (impl != NULL) {
if (!ENGINE_init(impl)) {
EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
return 0;
}
- } else
+ } else {
/* Ask if an ENGINE is reserved for this job */
impl = ENGINE_get_digest_engine(type->type);
- if (impl) {
+ }
+ if (impl != NULL) {
/* There's an ENGINE for this job ... (apparently) */
const EVP_MD *d = ENGINE_get_digest(impl, type->type);
- if (!d) {
- /* Same comment from evp_enc.c */
+
+ if (d == NULL) {
EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
ENGINE_finish(impl);
return 0;
@@ -213,13 +120,13 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
#endif
if (ctx->digest != type) {
if (ctx->digest && ctx->digest->ctx_size) {
- OPENSSL_free(ctx->md_data);
+ OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
ctx->md_data = NULL;
}
ctx->digest = type;
if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
ctx->update = type->update;
- ctx->md_data = OPENSSL_malloc(type->ctx_size);
+ ctx->md_data = OPENSSL_zalloc(type->ctx_size);
if (ctx->md_data == NULL) {
EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE);
return 0;
@@ -238,24 +145,11 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
}
if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
return 1;
-#ifdef OPENSSL_FIPS
- if (FIPS_mode()) {
- if (FIPS_digestinit(ctx, type))
- return 1;
- OPENSSL_free(ctx->md_data);
- ctx->md_data = NULL;
- return 0;
- }
-#endif
return ctx->digest->init(ctx);
}
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
{
-#ifdef OPENSSL_FIPS
- if (FIPS_mode())
- return FIPS_digestupdate(ctx, data, count);
-#endif
return ctx->update(ctx, data, count);
}
@@ -264,7 +158,7 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
{
int ret;
ret = EVP_DigestFinal_ex(ctx, md, size);
- EVP_MD_CTX_cleanup(ctx);
+ EVP_MD_CTX_reset(ctx);
return ret;
}
@@ -272,10 +166,6 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
{
int ret;
-#ifdef OPENSSL_FIPS
- if (FIPS_mode())
- return FIPS_digestfinal(ctx, md, size);
-#endif
OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
ret = ctx->digest->final(ctx, md);
@@ -289,9 +179,30 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
return ret;
}
+int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
+{
+ int ret = 0;
+
+ if (ctx->digest->flags & EVP_MD_FLAG_XOF
+ && size <= INT_MAX
+ && ctx->digest->md_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, (int)size, NULL)) {
+ ret = ctx->digest->final(ctx, md);
+
+ if (ctx->digest->cleanup != NULL) {
+ ctx->digest->cleanup(ctx);
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
+ }
+ OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
+ } else {
+ EVPerr(EVP_F_EVP_DIGESTFINALXOF, EVP_R_NOT_XOF_OR_INVALID_LENGTH);
+ }
+
+ return ret;
+}
+
int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
{
- EVP_MD_CTX_init(out);
+ EVP_MD_CTX_reset(out);
return EVP_MD_CTX_copy_ex(out, in);
}
@@ -315,15 +226,25 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE);
} else
tmp_buf = NULL;
- EVP_MD_CTX_cleanup(out);
+ EVP_MD_CTX_reset(out);
memcpy(out, in, sizeof(*out));
+ /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
+ EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
+
+ /* Null these variables, since they are getting fixed up
+ * properly below. Anything else may cause a memleak and/or
+ * double free if any of the memory allocations below fail
+ */
+ out->md_data = NULL;
+ out->pctx = NULL;
+
if (in->md_data && out->digest->ctx_size) {
if (tmp_buf)
out->md_data = tmp_buf;
else {
out->md_data = OPENSSL_malloc(out->digest->ctx_size);
- if (!out->md_data) {
+ if (out->md_data == NULL) {
EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_MALLOC_FAILURE);
return 0;
}
@@ -336,7 +257,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
if (in->pctx) {
out->pctx = EVP_PKEY_CTX_dup(in->pctx);
if (!out->pctx) {
- EVP_MD_CTX_cleanup(out);
+ EVP_MD_CTX_reset(out);
return 0;
}
}
@@ -351,58 +272,27 @@ int EVP_Digest(const void *data, size_t count,
unsigned char *md, unsigned int *size, const EVP_MD *type,
ENGINE *impl)
{
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = EVP_MD_CTX_new();
int ret;
- EVP_MD_CTX_init(&ctx);
- EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT);
- ret = EVP_DigestInit_ex(&ctx, type, impl)
- && EVP_DigestUpdate(&ctx, data, count)
- && EVP_DigestFinal_ex(&ctx, md, size);
- EVP_MD_CTX_cleanup(&ctx);
+ if (ctx == NULL)
+ return 0;
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT);
+ ret = EVP_DigestInit_ex(ctx, type, impl)
+ && EVP_DigestUpdate(ctx, data, count)
+ && EVP_DigestFinal_ex(ctx, md, size);
+ EVP_MD_CTX_free(ctx);
return ret;
}
-void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
-{
- if (ctx) {
- EVP_MD_CTX_cleanup(ctx);
- OPENSSL_free(ctx);
- }
-}
-
-/* This call frees resources associated with the context */
-int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
+int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
{
-#ifndef OPENSSL_FIPS
- /*
- * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
- * sometimes only copies of the context are ever finalised.
- */
- if (ctx->digest && ctx->digest->cleanup
- && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
- ctx->digest->cleanup(ctx);
- if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
- && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
- OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
- OPENSSL_free(ctx->md_data);
+ if (ctx->digest && ctx->digest->md_ctrl) {
+ int ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2);
+ if (ret <= 0)
+ return 0;
+ return 1;
}
-#endif
- if (ctx->pctx)
- EVP_PKEY_CTX_free(ctx->pctx);
-#ifndef OPENSSL_NO_ENGINE
- if (ctx->engine)
- /*
- * The EVP_MD we used belongs to an ENGINE, release the functional
- * reference we held for this reason.
- */
- ENGINE_finish(ctx->engine);
-#endif
-#ifdef OPENSSL_FIPS
- FIPS_md_ctx_cleanup(ctx);
-#endif
- memset(ctx, '\0', sizeof(*ctx));
-
- return 1;
+ return 0;
}
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index ccc626f1d81c..0add393276bc 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -1,67 +1,23 @@
-/* ====================================================================
- * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
*
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_AES
#include <openssl/crypto.h>
-# include <openssl/evp.h>
-# include <openssl/err.h>
-# include <string.h>
-# include <assert.h>
-# include <openssl/aes.h>
-# include "evp_locl.h"
-# include "modes_lcl.h"
-# include <openssl/rand.h>
-
-# undef EVP_CIPH_FLAG_FIPS
-# define EVP_CIPH_FLAG_FIPS 0
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <string.h>
+#include <assert.h>
+#include <openssl/aes.h>
+#include "internal/evp_int.h"
+#include "modes_lcl.h"
+#include <openssl/rand.h>
+#include "evp_locl.h"
typedef struct {
union {
@@ -113,13 +69,38 @@ typedef struct {
int tag_set; /* Set if tag is valid */
int len_set; /* Set if message length set */
int L, M; /* L and M parameters from RFC3610 */
+ int tls_aad_len; /* TLS AAD length */
CCM128_CONTEXT ccm;
ccm128_f str;
} EVP_AES_CCM_CTX;
-# define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))
+#ifndef OPENSSL_NO_OCB
+typedef struct {
+ union {
+ double align;
+ AES_KEY ks;
+ } ksenc; /* AES key schedule to use for encryption */
+ union {
+ double align;
+ AES_KEY ks;
+ } ksdec; /* AES key schedule to use for decryption */
+ int key_set; /* Set if key initialised */
+ int iv_set; /* Set if an iv is set */
+ OCB128_CONTEXT ocb;
+ unsigned char *iv; /* Temporary IV store */
+ unsigned char tag[16];
+ unsigned char data_buf[16]; /* Store partial data blocks */
+ unsigned char aad_buf[16]; /* Store partial AAD blocks */
+ int data_buf_len;
+ int aad_buf_len;
+ int ivlen; /* IV length */
+ int taglen;
+} EVP_AES_OCB_CTX;
+#endif
-# ifdef VPAES_ASM
+#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))
+
+#ifdef VPAES_ASM
int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
AES_KEY *key);
int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
@@ -134,8 +115,8 @@ void vpaes_cbc_encrypt(const unsigned char *in,
unsigned char *out,
size_t length,
const AES_KEY *key, unsigned char *ivec, int enc);
-# endif
-# ifdef BSAES_ASM
+#endif
+#ifdef BSAES_ASM
void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
unsigned char ivec[16], int enc);
@@ -148,54 +129,71 @@ void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
size_t len, const AES_KEY *key1,
const AES_KEY *key2, const unsigned char iv[16]);
-# endif
-# ifdef AES_CTR_ASM
+#endif
+#ifdef AES_CTR_ASM
void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
size_t blocks, const AES_KEY *key,
const unsigned char ivec[AES_BLOCK_SIZE]);
-# endif
-# ifdef AES_XTS_ASM
+#endif
+#ifdef AES_XTS_ASM
void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len,
const AES_KEY *key1, const AES_KEY *key2,
const unsigned char iv[16]);
void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len,
const AES_KEY *key1, const AES_KEY *key2,
const unsigned char iv[16]);
-# endif
+#endif
-# if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
-# include "ppc_arch.h"
-# ifdef VPAES_ASM
-# define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC)
-# endif
-# define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207)
-# define HWAES_set_encrypt_key aes_p8_set_encrypt_key
-# define HWAES_set_decrypt_key aes_p8_set_decrypt_key
-# define HWAES_encrypt aes_p8_encrypt
-# define HWAES_decrypt aes_p8_decrypt
-# define HWAES_cbc_encrypt aes_p8_cbc_encrypt
-# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks
+/* increment counter (64-bit int) by 1 */
+static void ctr64_inc(unsigned char *counter)
+{
+ int n = 8;
+ unsigned char c;
+
+ do {
+ --n;
+ c = counter[n];
+ ++c;
+ counter[n] = c;
+ if (c)
+ return;
+ } while (n);
+}
+
+#if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
+# include "ppc_arch.h"
+# ifdef VPAES_ASM
+# define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC)
# endif
+# define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207)
+# define HWAES_set_encrypt_key aes_p8_set_encrypt_key
+# define HWAES_set_decrypt_key aes_p8_set_decrypt_key
+# define HWAES_encrypt aes_p8_encrypt
+# define HWAES_decrypt aes_p8_decrypt
+# define HWAES_cbc_encrypt aes_p8_cbc_encrypt
+# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks
+# define HWAES_xts_encrypt aes_p8_xts_encrypt
+# define HWAES_xts_decrypt aes_p8_xts_decrypt
+#endif
-# if defined(AES_ASM) && !defined(I386_ONLY) && ( \
+#if defined(AES_ASM) && !defined(I386_ONLY) && ( \
((defined(__i386) || defined(__i386__) || \
defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
defined(__x86_64) || defined(__x86_64__) || \
- defined(_M_AMD64) || defined(_M_X64) || \
- defined(__INTEL__) )
+ defined(_M_AMD64) || defined(_M_X64) )
extern unsigned int OPENSSL_ia32cap_P[];
-# ifdef VPAES_ASM
-# define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
-# endif
-# ifdef BSAES_ASM
-# define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
-# endif
+# ifdef VPAES_ASM
+# define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
+# endif
+# ifdef BSAES_ASM
+# define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
+# endif
/*
* AES-NI section
*/
-# define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
+# define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
AES_KEY *key);
@@ -246,41 +244,43 @@ void aesni_ccm64_decrypt_blocks(const unsigned char *in,
const unsigned char ivec[16],
unsigned char cmac[16]);
-# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
+# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
size_t aesni_gcm_encrypt(const unsigned char *in,
unsigned char *out,
size_t len,
const void *key, unsigned char ivec[16], u64 *Xi);
-# define AES_gcm_encrypt aesni_gcm_encrypt
+# define AES_gcm_encrypt aesni_gcm_encrypt
size_t aesni_gcm_decrypt(const unsigned char *in,
unsigned char *out,
size_t len,
const void *key, unsigned char ivec[16], u64 *Xi);
-# define AES_gcm_decrypt aesni_gcm_decrypt
+# define AES_gcm_decrypt aesni_gcm_decrypt
void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in,
size_t len);
-# define AES_GCM_ASM(gctx) (gctx->ctr==aesni_ctr32_encrypt_blocks && \
+# define AES_GCM_ASM(gctx) (gctx->ctr==aesni_ctr32_encrypt_blocks && \
gctx->gcm.ghash==gcm_ghash_avx)
-# define AES_GCM_ASM2(gctx) (gctx->gcm.block==(block128_f)aesni_encrypt && \
+# define AES_GCM_ASM2(gctx) (gctx->gcm.block==(block128_f)aesni_encrypt && \
gctx->gcm.ghash==gcm_ghash_avx)
-# undef AES_GCM_ASM2 /* minor size optimization */
-# endif
+# undef AES_GCM_ASM2 /* minor size optimization */
+# endif
static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
int ret, mode;
- EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+ EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
- mode = ctx->cipher->flags & EVP_CIPH_MODE;
+ mode = EVP_CIPHER_CTX_mode(ctx);
if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
&& !enc) {
- ret = aesni_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
+ ret = aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &dat->ks.ks);
dat->block = (block128_f) aesni_decrypt;
dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
(cbc128_f) aesni_cbc_encrypt : NULL;
} else {
- ret = aesni_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
+ ret = aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &dat->ks.ks);
dat->block = (block128_f) aesni_encrypt;
if (mode == EVP_CIPH_CBC_MODE)
dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt;
@@ -301,7 +301,9 @@ static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
- aesni_cbc_encrypt(in, out, len, ctx->cipher_data, ctx->iv, ctx->encrypt);
+ aesni_cbc_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks,
+ EVP_CIPHER_CTX_iv_noconst(ctx),
+ EVP_CIPHER_CTX_encrypting(ctx));
return 1;
}
@@ -309,44 +311,46 @@ static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
- size_t bl = ctx->cipher->block_size;
+ size_t bl = EVP_CIPHER_CTX_block_size(ctx);
if (len < bl)
return 1;
- aesni_ecb_encrypt(in, out, len, ctx->cipher_data, ctx->encrypt);
+ aesni_ecb_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks,
+ EVP_CIPHER_CTX_encrypting(ctx));
return 1;
}
-# define aesni_ofb_cipher aes_ofb_cipher
+# define aesni_ofb_cipher aes_ofb_cipher
static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
-# define aesni_cfb_cipher aes_cfb_cipher
+# define aesni_cfb_cipher aes_cfb_cipher
static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
-# define aesni_cfb8_cipher aes_cfb8_cipher
+# define aesni_cfb8_cipher aes_cfb8_cipher
static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
-# define aesni_cfb1_cipher aes_cfb1_cipher
+# define aesni_cfb1_cipher aes_cfb1_cipher
static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
-# define aesni_ctr_cipher aes_ctr_cipher
+# define aesni_ctr_cipher aes_ctr_cipher
static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
- EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
+ EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
if (!iv && !key)
return 1;
if (key) {
- aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+ aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &gctx->ks.ks);
CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aesni_encrypt);
gctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
/*
@@ -371,31 +375,34 @@ static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
return 1;
}
-# define aesni_gcm_cipher aes_gcm_cipher
+# define aesni_gcm_cipher aes_gcm_cipher
static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
- EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
+ EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
if (!iv && !key)
return 1;
if (key) {
/* key_len is two AES keys */
if (enc) {
- aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+ aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+ &xctx->ks1.ks);
xctx->xts.block1 = (block128_f) aesni_encrypt;
xctx->stream = aesni_xts_encrypt;
} else {
- aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+ aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+ &xctx->ks1.ks);
xctx->xts.block1 = (block128_f) aesni_decrypt;
xctx->stream = aesni_xts_decrypt;
}
- aesni_set_encrypt_key(key + ctx->key_len / 2,
- ctx->key_len * 4, &xctx->ks2.ks);
+ aesni_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+ EVP_CIPHER_CTX_key_length(ctx) * 4,
+ &xctx->ks2.ks);
xctx->xts.block2 = (block128_f) aesni_encrypt;
xctx->xts.key1 = &xctx->ks1;
@@ -403,24 +410,25 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
if (iv) {
xctx->xts.key2 = &xctx->ks2;
- memcpy(ctx->iv, iv, 16);
+ memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);
}
return 1;
}
-# define aesni_xts_cipher aes_xts_cipher
+# define aesni_xts_cipher aes_xts_cipher
static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
- EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
+ EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
if (!iv && !key)
return 1;
if (key) {
- aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
+ aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &cctx->ks.ks);
CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
&cctx->ks, (block128_f) aesni_encrypt);
cctx->str = enc ? (ccm128_f) aesni_ccm64_encrypt_blocks :
@@ -428,17 +436,86 @@ static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
cctx->key_set = 1;
}
if (iv) {
- memcpy(ctx->iv, iv, 15 - cctx->L);
+ memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
cctx->iv_set = 1;
}
return 1;
}
-# define aesni_ccm_cipher aes_ccm_cipher
+# define aesni_ccm_cipher aes_ccm_cipher
static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
-# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+# ifndef OPENSSL_NO_OCB
+void aesni_ocb_encrypt(const unsigned char *in, unsigned char *out,
+ size_t blocks, const void *key,
+ size_t start_block_num,
+ unsigned char offset_i[16],
+ const unsigned char L_[][16],
+ unsigned char checksum[16]);
+void aesni_ocb_decrypt(const unsigned char *in, unsigned char *out,
+ size_t blocks, const void *key,
+ size_t start_block_num,
+ unsigned char offset_i[16],
+ const unsigned char L_[][16],
+ unsigned char checksum[16]);
+
+static int aesni_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+ if (!iv && !key)
+ return 1;
+ if (key) {
+ do {
+ /*
+ * We set both the encrypt and decrypt key here because decrypt
+ * needs both. We could possibly optimise to remove setting the
+ * decrypt for an encryption operation.
+ */
+ aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &octx->ksenc.ks);
+ aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &octx->ksdec.ks);
+ if (!CRYPTO_ocb128_init(&octx->ocb,
+ &octx->ksenc.ks, &octx->ksdec.ks,
+ (block128_f) aesni_encrypt,
+ (block128_f) aesni_decrypt,
+ enc ? aesni_ocb_encrypt
+ : aesni_ocb_decrypt))
+ return 0;
+ }
+ while (0);
+
+ /*
+ * If we have an iv we can set it directly, otherwise use saved IV.
+ */
+ if (iv == NULL && octx->iv_set)
+ iv = octx->iv;
+ if (iv) {
+ if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen)
+ != 1)
+ return 0;
+ octx->iv_set = 1;
+ }
+ octx->key_set = 1;
+ } else {
+ /* If key set use IV, otherwise copy */
+ if (octx->key_set)
+ CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen);
+ else
+ memcpy(octx->iv, iv, octx->ivlen);
+ octx->iv_set = 1;
+ }
+ return 1;
+}
+
+# define aesni_ocb_cipher aes_ocb_cipher
+static int aesni_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+# endif /* OPENSSL_NO_OCB */
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
static const EVP_CIPHER aesni_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
@@ -459,7 +536,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
-# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
static const EVP_CIPHER aesni_##keylen##_##mode = { \
nid##_##keylen##_##mode,blocksize, \
(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
@@ -481,13 +558,24 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
-# elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
+#elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
-# include "sparc_arch.h"
+# include "sparc_arch.h"
extern unsigned int OPENSSL_sparcv9cap_P[];
-# define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES)
+/*
+ * Initial Fujitsu SPARC64 X support
+ */
+# define HWAES_CAPABLE (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX)
+# define HWAES_set_encrypt_key aes_fx_set_encrypt_key
+# define HWAES_set_decrypt_key aes_fx_set_decrypt_key
+# define HWAES_encrypt aes_fx_encrypt
+# define HWAES_decrypt aes_fx_decrypt
+# define HWAES_cbc_encrypt aes_fx_cbc_encrypt
+# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks
+
+# define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES)
void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
@@ -504,7 +592,7 @@ void aes_t4_decrypt(const unsigned char *in, unsigned char *out,
* non-key-length specific routines would require conditional branches
* either in inner loops or on subroutines' entries. Former is hardly
* acceptable, while latter means code size increase to size occupied
- * by multiple key-length specfic subroutines, so why fight?
+ * by multiple key-length specific subroutines, so why fight?
*/
void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
@@ -550,14 +638,14 @@ static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
int ret, mode, bits;
- EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+ EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
- mode = ctx->cipher->flags & EVP_CIPH_MODE;
- bits = ctx->key_len * 8;
+ mode = EVP_CIPHER_CTX_mode(ctx);
+ bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
&& !enc) {
ret = 0;
- aes_t4_set_decrypt_key(key, bits, ctx->cipher_data);
+ aes_t4_set_decrypt_key(key, bits, &dat->ks.ks);
dat->block = (block128_f) aes_t4_decrypt;
switch (bits) {
case 128:
@@ -577,7 +665,7 @@ static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
}
} else {
ret = 0;
- aes_t4_set_encrypt_key(key, bits, ctx->cipher_data);
+ aes_t4_set_encrypt_key(key, bits, &dat->ks.ks);
dat->block = (block128_f) aes_t4_encrypt;
switch (bits) {
case 128:
@@ -617,42 +705,42 @@ static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
return 1;
}
-# define aes_t4_cbc_cipher aes_cbc_cipher
+# define aes_t4_cbc_cipher aes_cbc_cipher
static int aes_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
-# define aes_t4_ecb_cipher aes_ecb_cipher
+# define aes_t4_ecb_cipher aes_ecb_cipher
static int aes_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
-# define aes_t4_ofb_cipher aes_ofb_cipher
+# define aes_t4_ofb_cipher aes_ofb_cipher
static int aes_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
-# define aes_t4_cfb_cipher aes_cfb_cipher
+# define aes_t4_cfb_cipher aes_cfb_cipher
static int aes_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
-# define aes_t4_cfb8_cipher aes_cfb8_cipher
+# define aes_t4_cfb8_cipher aes_cfb8_cipher
static int aes_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
-# define aes_t4_cfb1_cipher aes_cfb1_cipher
+# define aes_t4_cfb1_cipher aes_cfb1_cipher
static int aes_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
-# define aes_t4_ctr_cipher aes_ctr_cipher
+# define aes_t4_ctr_cipher aes_ctr_cipher
static int aes_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
- EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
+ EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
if (!iv && !key)
return 1;
if (key) {
- int bits = ctx->key_len * 8;
+ int bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks);
CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
(block128_f) aes_t4_encrypt);
@@ -691,19 +779,19 @@ static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
return 1;
}
-# define aes_t4_gcm_cipher aes_gcm_cipher
+# define aes_t4_gcm_cipher aes_gcm_cipher
static int aes_t4_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
- EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
+ EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
if (!iv && !key)
return 1;
if (key) {
- int bits = ctx->key_len * 4;
+ int bits = EVP_CIPHER_CTX_key_length(ctx) * 4;
xctx->stream = NULL;
/* key_len is two AES keys */
if (enc) {
@@ -713,11 +801,6 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
case 128:
xctx->stream = aes128_t4_xts_encrypt;
break;
-# if 0 /* not yet */
- case 192:
- xctx->stream = aes192_t4_xts_encrypt;
- break;
-# endif
case 256:
xctx->stream = aes256_t4_xts_encrypt;
break;
@@ -725,17 +808,13 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
return 0;
}
} else {
- aes_t4_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+ aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+ &xctx->ks1.ks);
xctx->xts.block1 = (block128_f) aes_t4_decrypt;
switch (bits) {
case 128:
xctx->stream = aes128_t4_xts_decrypt;
break;
-# if 0 /* not yet */
- case 192:
- xctx->stream = aes192_t4_xts_decrypt;
- break;
-# endif
case 256:
xctx->stream = aes256_t4_xts_decrypt;
break;
@@ -744,8 +823,9 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
}
}
- aes_t4_set_encrypt_key(key + ctx->key_len / 2,
- ctx->key_len * 4, &xctx->ks2.ks);
+ aes_t4_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+ EVP_CIPHER_CTX_key_length(ctx) * 4,
+ &xctx->ks2.ks);
xctx->xts.block2 = (block128_f) aes_t4_encrypt;
xctx->xts.key1 = &xctx->ks1;
@@ -753,61 +833,97 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
if (iv) {
xctx->xts.key2 = &xctx->ks2;
- memcpy(ctx->iv, iv, 16);
+ memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);
}
return 1;
}
-# define aes_t4_xts_cipher aes_xts_cipher
+# define aes_t4_xts_cipher aes_xts_cipher
static int aes_t4_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
- EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
+ EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
if (!iv && !key)
return 1;
if (key) {
- int bits = ctx->key_len * 8;
+ int bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks);
CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
&cctx->ks, (block128_f) aes_t4_encrypt);
-# if 0 /* not yet */
- switch (bits) {
- case 128:
- cctx->str = enc ? (ccm128_f) aes128_t4_ccm64_encrypt :
- (ccm128_f) ae128_t4_ccm64_decrypt;
- break;
- case 192:
- cctx->str = enc ? (ccm128_f) aes192_t4_ccm64_encrypt :
- (ccm128_f) ae192_t4_ccm64_decrypt;
- break;
- case 256:
- cctx->str = enc ? (ccm128_f) aes256_t4_ccm64_encrypt :
- (ccm128_f) ae256_t4_ccm64_decrypt;
- break;
- default:
- return 0;
- }
-# else
cctx->str = NULL;
-# endif
cctx->key_set = 1;
}
if (iv) {
- memcpy(ctx->iv, iv, 15 - cctx->L);
+ memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
cctx->iv_set = 1;
}
return 1;
}
-# define aes_t4_ccm_cipher aes_ccm_cipher
+# define aes_t4_ccm_cipher aes_ccm_cipher
static int aes_t4_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
-# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+# ifndef OPENSSL_NO_OCB
+static int aes_t4_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+ if (!iv && !key)
+ return 1;
+ if (key) {
+ do {
+ /*
+ * We set both the encrypt and decrypt key here because decrypt
+ * needs both. We could possibly optimise to remove setting the
+ * decrypt for an encryption operation.
+ */
+ aes_t4_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &octx->ksenc.ks);
+ aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &octx->ksdec.ks);
+ if (!CRYPTO_ocb128_init(&octx->ocb,
+ &octx->ksenc.ks, &octx->ksdec.ks,
+ (block128_f) aes_t4_encrypt,
+ (block128_f) aes_t4_decrypt,
+ NULL))
+ return 0;
+ }
+ while (0);
+
+ /*
+ * If we have an iv we can set it directly, otherwise use saved IV.
+ */
+ if (iv == NULL && octx->iv_set)
+ iv = octx->iv;
+ if (iv) {
+ if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen)
+ != 1)
+ return 0;
+ octx->iv_set = 1;
+ }
+ octx->key_set = 1;
+ } else {
+ /* If key set use IV, otherwise copy */
+ if (octx->key_set)
+ CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen);
+ else
+ memcpy(octx->iv, iv, octx->ivlen);
+ octx->iv_set = 1;
+ }
+ return 1;
+}
+
+# define aes_t4_ocb_cipher aes_ocb_cipher
+static int aes_t4_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+# endif /* OPENSSL_NO_OCB */
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
@@ -828,7 +944,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
-# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
nid##_##keylen##_##mode,blocksize, \
(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
@@ -850,9 +966,1524 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
-# else
+#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
+/*
+ * IBM S390X support
+ */
+# include "s390x_arch.h"
+
+typedef struct {
+ union {
+ double align;
+ /*-
+ * KM-AES parameter block - begin
+ * (see z/Architecture Principles of Operation >= SA22-7832-06)
+ */
+ struct {
+ unsigned char k[32];
+ } param;
+ /* KM-AES parameter block - end */
+ } km;
+ unsigned int fc;
+} S390X_AES_ECB_CTX;
+
+typedef struct {
+ union {
+ double align;
+ /*-
+ * KMO-AES parameter block - begin
+ * (see z/Architecture Principles of Operation >= SA22-7832-08)
+ */
+ struct {
+ unsigned char cv[16];
+ unsigned char k[32];
+ } param;
+ /* KMO-AES parameter block - end */
+ } kmo;
+ unsigned int fc;
+
+ int res;
+} S390X_AES_OFB_CTX;
+
+typedef struct {
+ union {
+ double align;
+ /*-
+ * KMF-AES parameter block - begin
+ * (see z/Architecture Principles of Operation >= SA22-7832-08)
+ */
+ struct {
+ unsigned char cv[16];
+ unsigned char k[32];
+ } param;
+ /* KMF-AES parameter block - end */
+ } kmf;
+ unsigned int fc;
+
+ int res;
+} S390X_AES_CFB_CTX;
+
+typedef struct {
+ union {
+ double align;
+ /*-
+ * KMA-GCM-AES parameter block - begin
+ * (see z/Architecture Principles of Operation >= SA22-7832-11)
+ */
+ struct {
+ unsigned char reserved[12];
+ union {
+ unsigned int w;
+ unsigned char b[4];
+ } cv;
+ union {
+ unsigned long long g[2];
+ unsigned char b[16];
+ } t;
+ unsigned char h[16];
+ unsigned long long taadl;
+ unsigned long long tpcl;
+ union {
+ unsigned long long g[2];
+ unsigned int w[4];
+ } j0;
+ unsigned char k[32];
+ } param;
+ /* KMA-GCM-AES parameter block - end */
+ } kma;
+ unsigned int fc;
+ int key_set;
+
+ unsigned char *iv;
+ int ivlen;
+ int iv_set;
+ int iv_gen;
+
+ int taglen;
+
+ unsigned char ares[16];
+ unsigned char mres[16];
+ unsigned char kres[16];
+ int areslen;
+ int mreslen;
+ int kreslen;
+
+ int tls_aad_len;
+} S390X_AES_GCM_CTX;
+
+typedef struct {
+ union {
+ double align;
+ /*-
+ * Padding is chosen so that ccm.kmac_param.k overlaps with key.k and
+ * ccm.fc with key.k.rounds. Remember that on s390x, an AES_KEY's
+ * rounds field is used to store the function code and that the key
+ * schedule is not stored (if aes hardware support is detected).
+ */
+ struct {
+ unsigned char pad[16];
+ AES_KEY k;
+ } key;
+
+ struct {
+ /*-
+ * KMAC-AES parameter block - begin
+ * (see z/Architecture Principles of Operation >= SA22-7832-08)
+ */
+ struct {
+ union {
+ unsigned long long g[2];
+ unsigned char b[16];
+ } icv;
+ unsigned char k[32];
+ } kmac_param;
+ /* KMAC-AES paramater block - end */
+
+ union {
+ unsigned long long g[2];
+ unsigned char b[16];
+ } nonce;
+ union {
+ unsigned long long g[2];
+ unsigned char b[16];
+ } buf;
+
+ unsigned long long blocks;
+ int l;
+ int m;
+ int tls_aad_len;
+ int iv_set;
+ int tag_set;
+ int len_set;
+ int key_set;
+
+ unsigned char pad[140];
+ unsigned int fc;
+ } ccm;
+ } aes;
+} S390X_AES_CCM_CTX;
+
+/* Convert key size to function code: [16,24,32] -> [18,19,20]. */
+# define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6))
+
+/* Most modes of operation need km for partial block processing. */
+# define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] & \
+ S390X_CAPBIT(S390X_AES_128))
+# define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] & \
+ S390X_CAPBIT(S390X_AES_192))
+# define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] & \
+ S390X_CAPBIT(S390X_AES_256))
+
+# define s390x_aes_init_key aes_init_key
+static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+
+# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */
+# define S390X_aes_192_cbc_CAPABLE 1
+# define S390X_aes_256_cbc_CAPABLE 1
+# define S390X_AES_CBC_CTX EVP_AES_KEY
+
+# define s390x_aes_cbc_init_key aes_init_key
+
+# define s390x_aes_cbc_cipher aes_cbc_cipher
+static int s390x_aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# define S390X_aes_128_ecb_CAPABLE S390X_aes_128_CAPABLE
+# define S390X_aes_192_ecb_CAPABLE S390X_aes_192_CAPABLE
+# define S390X_aes_256_ecb_CAPABLE S390X_aes_256_CAPABLE
+
+static int s390x_aes_ecb_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);
+ const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+ cctx->fc = S390X_AES_FC(keylen);
+ if (!enc)
+ cctx->fc |= S390X_DECRYPT;
+
+ memcpy(cctx->km.param.k, key, keylen);
+ return 1;
+}
+
+static int s390x_aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);
+
+ s390x_km(in, len, out, cctx->fc, &cctx->km.param);
+ return 1;
+}
+
+# define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE && \
+ (OPENSSL_s390xcap_P.kmo[0] & \
+ S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE && \
+ (OPENSSL_s390xcap_P.kmo[0] & \
+ S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE && \
+ (OPENSSL_s390xcap_P.kmo[0] & \
+ S390X_CAPBIT(S390X_AES_256)))
+
+static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *ivec, int enc)
+{
+ S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
+ const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+ const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+ const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+
+ memcpy(cctx->kmo.param.cv, iv, ivlen);
+ memcpy(cctx->kmo.param.k, key, keylen);
+ cctx->fc = S390X_AES_FC(keylen);
+ cctx->res = 0;
+ return 1;
+}
+
+static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
+ int n = cctx->res;
+ int rem;
+
+ while (n && len) {
+ *out = *in ^ cctx->kmo.param.cv[n];
+ n = (n + 1) & 0xf;
+ --len;
+ ++in;
+ ++out;
+ }
+
+ rem = len & 0xf;
+
+ len &= ~(size_t)0xf;
+ if (len) {
+ s390x_kmo(in, len, out, cctx->fc, &cctx->kmo.param);
+
+ out += len;
+ in += len;
+ }
+
+ if (rem) {
+ s390x_km(cctx->kmo.param.cv, 16, cctx->kmo.param.cv, cctx->fc,
+ cctx->kmo.param.k);
+
+ while (rem--) {
+ out[n] = in[n] ^ cctx->kmo.param.cv[n];
+ ++n;
+ }
+ }
+
+ cctx->res = n;
+ return 1;
+}
+
+# define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE && \
+ (OPENSSL_s390xcap_P.kmf[0] & \
+ S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE && \
+ (OPENSSL_s390xcap_P.kmf[0] & \
+ S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE && \
+ (OPENSSL_s390xcap_P.kmf[0] & \
+ S390X_CAPBIT(S390X_AES_256)))
+
+static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *ivec, int enc)
+{
+ S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+ const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+ const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+ const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+
+ cctx->fc = S390X_AES_FC(keylen);
+ cctx->fc |= 16 << 24; /* 16 bytes cipher feedback */
+ if (!enc)
+ cctx->fc |= S390X_DECRYPT;
+
+ cctx->res = 0;
+ memcpy(cctx->kmf.param.cv, iv, ivlen);
+ memcpy(cctx->kmf.param.k, key, keylen);
+ return 1;
+}
+
+static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+ const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+ const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+ int n = cctx->res;
+ int rem;
+ unsigned char tmp;
+
+ while (n && len) {
+ tmp = *in;
+ *out = cctx->kmf.param.cv[n] ^ tmp;
+ cctx->kmf.param.cv[n] = enc ? *out : tmp;
+ n = (n + 1) & 0xf;
+ --len;
+ ++in;
+ ++out;
+ }
+
+ rem = len & 0xf;
+
+ len &= ~(size_t)0xf;
+ if (len) {
+ s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param);
+
+ out += len;
+ in += len;
+ }
+
+ if (rem) {
+ s390x_km(cctx->kmf.param.cv, 16, cctx->kmf.param.cv,
+ S390X_AES_FC(keylen), cctx->kmf.param.k);
+
+ while (rem--) {
+ tmp = in[n];
+ out[n] = cctx->kmf.param.cv[n] ^ tmp;
+ cctx->kmf.param.cv[n] = enc ? out[n] : tmp;
+ ++n;
+ }
+ }
+
+ cctx->res = n;
+ return 1;
+}
+
+# define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \
+ S390X_CAPBIT(S390X_AES_128))
+# define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \
+ S390X_CAPBIT(S390X_AES_192))
+# define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \
+ S390X_CAPBIT(S390X_AES_256))
+
+static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *ivec, int enc)
+{
+ S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+ const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+ const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+ const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+
+ cctx->fc = S390X_AES_FC(keylen);
+ cctx->fc |= 1 << 24; /* 1 byte cipher feedback */
+ if (!enc)
+ cctx->fc |= S390X_DECRYPT;
+
+ memcpy(cctx->kmf.param.cv, iv, ivlen);
+ memcpy(cctx->kmf.param.k, key, keylen);
+ return 1;
+}
+
+static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+
+ s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param);
+ return 1;
+}
+
+# define S390X_aes_128_cfb1_CAPABLE 0
+# define S390X_aes_192_cfb1_CAPABLE 0
+# define S390X_aes_256_cfb1_CAPABLE 0
+
+# define s390x_aes_cfb1_init_key aes_init_key
+
+# define s390x_aes_cfb1_cipher aes_cfb1_cipher
+static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */
+# define S390X_aes_192_ctr_CAPABLE 1
+# define S390X_aes_256_ctr_CAPABLE 1
+# define S390X_AES_CTR_CTX EVP_AES_KEY
+
+# define s390x_aes_ctr_init_key aes_init_key
+
+# define s390x_aes_ctr_cipher aes_ctr_cipher
+static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE && \
+ (OPENSSL_s390xcap_P.kma[0] & \
+ S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE && \
+ (OPENSSL_s390xcap_P.kma[0] & \
+ S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE && \
+ (OPENSSL_s390xcap_P.kma[0] & \
+ S390X_CAPBIT(S390X_AES_256)))
+
+/* iv + padding length for iv lenghts != 12 */
+# define S390X_gcm_ivpadlen(i) ((((i) + 15) >> 4 << 4) + 16)
+
+/*-
+ * Process additional authenticated data. Returns 0 on success. Code is
+ * big-endian.
+ */
+static int s390x_aes_gcm_aad(S390X_AES_GCM_CTX *ctx, const unsigned char *aad,
+ size_t len)
+{
+ unsigned long long alen;
+ int n, rem;
+
+ if (ctx->kma.param.tpcl)
+ return -2;
+
+ alen = ctx->kma.param.taadl + len;
+ if (alen > (U64(1) << 61) || (sizeof(len) == 8 && alen < len))
+ return -1;
+ ctx->kma.param.taadl = alen;
+
+ n = ctx->areslen;
+ if (n) {
+ while (n && len) {
+ ctx->ares[n] = *aad;
+ n = (n + 1) & 0xf;
+ ++aad;
+ --len;
+ }
+ /* ctx->ares contains a complete block if offset has wrapped around */
+ if (!n) {
+ s390x_kma(ctx->ares, 16, NULL, 0, NULL, ctx->fc, &ctx->kma.param);
+ ctx->fc |= S390X_KMA_HS;
+ }
+ ctx->areslen = n;
+ }
+
+ rem = len & 0xf;
+
+ len &= ~(size_t)0xf;
+ if (len) {
+ s390x_kma(aad, len, NULL, 0, NULL, ctx->fc, &ctx->kma.param);
+ aad += len;
+ ctx->fc |= S390X_KMA_HS;
+ }
+
+ if (rem) {
+ ctx->areslen = rem;
+
+ do {
+ --rem;
+ ctx->ares[rem] = aad[rem];
+ } while (rem);
+ }
+ return 0;
+}
-# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+/*-
+ * En/de-crypt plain/cipher-text and authenticate ciphertext. Returns 0 for
+ * success. Code is big-endian.
+ */
+static int s390x_aes_gcm(S390X_AES_GCM_CTX *ctx, const unsigned char *in,
+ unsigned char *out, size_t len)
+{
+ const unsigned char *inptr;
+ unsigned long long mlen;
+ union {
+ unsigned int w[4];
+ unsigned char b[16];
+ } buf;
+ size_t inlen;
+ int n, rem, i;
+
+ mlen = ctx->kma.param.tpcl + len;
+ if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+ return -1;
+ ctx->kma.param.tpcl = mlen;
+
+ n = ctx->mreslen;
+ if (n) {
+ inptr = in;
+ inlen = len;
+ while (n && inlen) {
+ ctx->mres[n] = *inptr;
+ n = (n + 1) & 0xf;
+ ++inptr;
+ --inlen;
+ }
+ /* ctx->mres contains a complete block if offset has wrapped around */
+ if (!n) {
+ s390x_kma(ctx->ares, ctx->areslen, ctx->mres, 16, buf.b,
+ ctx->fc | S390X_KMA_LAAD, &ctx->kma.param);
+ ctx->fc |= S390X_KMA_HS;
+ ctx->areslen = 0;
+
+ /* previous call already encrypted/decrypted its remainder,
+ * see comment below */
+ n = ctx->mreslen;
+ while (n) {
+ *out = buf.b[n];
+ n = (n + 1) & 0xf;
+ ++out;
+ ++in;
+ --len;
+ }
+ ctx->mreslen = 0;
+ }
+ }
+
+ rem = len & 0xf;
+
+ len &= ~(size_t)0xf;
+ if (len) {
+ s390x_kma(ctx->ares, ctx->areslen, in, len, out,
+ ctx->fc | S390X_KMA_LAAD, &ctx->kma.param);
+ in += len;
+ out += len;
+ ctx->fc |= S390X_KMA_HS;
+ ctx->areslen = 0;
+ }
+
+ /*-
+ * If there is a remainder, it has to be saved such that it can be
+ * processed by kma later. However, we also have to do the for-now
+ * unauthenticated encryption/decryption part here and now...
+ */
+ if (rem) {
+ if (!ctx->mreslen) {
+ buf.w[0] = ctx->kma.param.j0.w[0];
+ buf.w[1] = ctx->kma.param.j0.w[1];
+ buf.w[2] = ctx->kma.param.j0.w[2];
+ buf.w[3] = ctx->kma.param.cv.w + 1;
+ s390x_km(buf.b, 16, ctx->kres, ctx->fc & 0x1f, &ctx->kma.param.k);
+ }
+
+ n = ctx->mreslen;
+ for (i = 0; i < rem; i++) {
+ ctx->mres[n + i] = in[i];
+ out[i] = in[i] ^ ctx->kres[n + i];
+ }
+
+ ctx->mreslen += rem;
+ }
+ return 0;
+}
+
+/*-
+ * Initialize context structure. Code is big-endian.
+ */
+static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx,
+ const unsigned char *iv)
+{
+ ctx->kma.param.t.g[0] = 0;
+ ctx->kma.param.t.g[1] = 0;
+ ctx->kma.param.tpcl = 0;
+ ctx->kma.param.taadl = 0;
+ ctx->mreslen = 0;
+ ctx->areslen = 0;
+ ctx->kreslen = 0;
+
+ if (ctx->ivlen == 12) {
+ memcpy(&ctx->kma.param.j0, iv, ctx->ivlen);
+ ctx->kma.param.j0.w[3] = 1;
+ ctx->kma.param.cv.w = 1;
+ } else {
+ /* ctx->iv has the right size and is already padded. */
+ memcpy(ctx->iv, iv, ctx->ivlen);
+ s390x_kma(ctx->iv, S390X_gcm_ivpadlen(ctx->ivlen), NULL, 0, NULL,
+ ctx->fc, &ctx->kma.param);
+ ctx->fc |= S390X_KMA_HS;
+
+ ctx->kma.param.j0.g[0] = ctx->kma.param.t.g[0];
+ ctx->kma.param.j0.g[1] = ctx->kma.param.t.g[1];
+ ctx->kma.param.cv.w = ctx->kma.param.j0.w[3];
+ ctx->kma.param.t.g[0] = 0;
+ ctx->kma.param.t.g[1] = 0;
+ }
+}
+
+/*-
+ * Performs various operations on the context structure depending on control
+ * type. Returns 1 for success, 0 for failure and -1 for unknown control type.
+ * Code is big-endian.
+ */
+static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+ S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c);
+ S390X_AES_GCM_CTX *gctx_out;
+ EVP_CIPHER_CTX *out;
+ unsigned char *buf, *iv;
+ int ivlen, enc, len;
+
+ switch (type) {
+ case EVP_CTRL_INIT:
+ ivlen = EVP_CIPHER_CTX_iv_length(c);
+ iv = EVP_CIPHER_CTX_iv_noconst(c);
+ gctx->key_set = 0;
+ gctx->iv_set = 0;
+ gctx->ivlen = ivlen;
+ gctx->iv = iv;
+ gctx->taglen = -1;
+ gctx->iv_gen = 0;
+ gctx->tls_aad_len = -1;
+ return 1;
+
+ case EVP_CTRL_AEAD_SET_IVLEN:
+ if (arg <= 0)
+ return 0;
+
+ if (arg != 12) {
+ iv = EVP_CIPHER_CTX_iv_noconst(c);
+ len = S390X_gcm_ivpadlen(arg);
+
+ /* Allocate memory for iv if needed. */
+ if (gctx->ivlen == 12 || len > S390X_gcm_ivpadlen(gctx->ivlen)) {
+ if (gctx->iv != iv)
+ OPENSSL_free(gctx->iv);
+
+ if ((gctx->iv = OPENSSL_malloc(len)) == NULL) {
+ EVPerr(EVP_F_S390X_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
+ /* Add padding. */
+ memset(gctx->iv + arg, 0, len - arg - 8);
+ *((unsigned long long *)(gctx->iv + len - 8)) = arg << 3;
+ }
+ gctx->ivlen = arg;
+ return 1;
+
+ case EVP_CTRL_AEAD_SET_TAG:
+ buf = EVP_CIPHER_CTX_buf_noconst(c);
+ enc = EVP_CIPHER_CTX_encrypting(c);
+ if (arg <= 0 || arg > 16 || enc)
+ return 0;
+
+ memcpy(buf, ptr, arg);
+ gctx->taglen = arg;
+ return 1;
+
+ case EVP_CTRL_AEAD_GET_TAG:
+ enc = EVP_CIPHER_CTX_encrypting(c);
+ if (arg <= 0 || arg > 16 || !enc || gctx->taglen < 0)
+ return 0;
+
+ memcpy(ptr, gctx->kma.param.t.b, arg);
+ return 1;
+
+ case EVP_CTRL_GCM_SET_IV_FIXED:
+ /* Special case: -1 length restores whole iv */
+ if (arg == -1) {
+ memcpy(gctx->iv, ptr, gctx->ivlen);
+ gctx->iv_gen = 1;
+ return 1;
+ }
+ /*
+ * Fixed field must be at least 4 bytes and invocation field at least
+ * 8.
+ */
+ if ((arg < 4) || (gctx->ivlen - arg) < 8)
+ return 0;
+
+ if (arg)
+ memcpy(gctx->iv, ptr, arg);
+
+ enc = EVP_CIPHER_CTX_encrypting(c);
+ if (enc && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
+ return 0;
+
+ gctx->iv_gen = 1;
+ return 1;
+
+ case EVP_CTRL_GCM_IV_GEN:
+ if (gctx->iv_gen == 0 || gctx->key_set == 0)
+ return 0;
+
+ s390x_aes_gcm_setiv(gctx, gctx->iv);
+
+ if (arg <= 0 || arg > gctx->ivlen)
+ arg = gctx->ivlen;
+
+ memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
+ /*
+ * Invocation field will be at least 8 bytes in size and so no need
+ * to check wrap around or increment more than last 8 bytes.
+ */
+ ctr64_inc(gctx->iv + gctx->ivlen - 8);
+ gctx->iv_set = 1;
+ return 1;
+
+ case EVP_CTRL_GCM_SET_IV_INV:
+ enc = EVP_CIPHER_CTX_encrypting(c);
+ if (gctx->iv_gen == 0 || gctx->key_set == 0 || enc)
+ return 0;
+
+ memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
+ s390x_aes_gcm_setiv(gctx, gctx->iv);
+ gctx->iv_set = 1;
+ return 1;
+
+ case EVP_CTRL_AEAD_TLS1_AAD:
+ /* Save the aad for later use. */
+ if (arg != EVP_AEAD_TLS1_AAD_LEN)
+ return 0;
+
+ buf = EVP_CIPHER_CTX_buf_noconst(c);
+ memcpy(buf, ptr, arg);
+ gctx->tls_aad_len = arg;
+
+ len = buf[arg - 2] << 8 | buf[arg - 1];
+ /* Correct length for explicit iv. */
+ if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
+ return 0;
+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+
+ /* If decrypting correct for tag too. */
+ enc = EVP_CIPHER_CTX_encrypting(c);
+ if (!enc) {
+ if (len < EVP_GCM_TLS_TAG_LEN)
+ return 0;
+ len -= EVP_GCM_TLS_TAG_LEN;
+ }
+ buf[arg - 2] = len >> 8;
+ buf[arg - 1] = len & 0xff;
+ /* Extra padding: tag appended to record. */
+ return EVP_GCM_TLS_TAG_LEN;
+
+ case EVP_CTRL_COPY:
+ out = ptr;
+ gctx_out = EVP_C_DATA(S390X_AES_GCM_CTX, out);
+ iv = EVP_CIPHER_CTX_iv_noconst(c);
+
+ if (gctx->iv == iv) {
+ gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out);
+ } else {
+ len = S390X_gcm_ivpadlen(gctx->ivlen);
+
+ if ((gctx_out->iv = OPENSSL_malloc(len)) == NULL) {
+ EVPerr(EVP_F_S390X_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ memcpy(gctx_out->iv, gctx->iv, len);
+ }
+ return 1;
+
+ default:
+ return -1;
+ }
+}
+
+/*-
+ * Set key and/or iv. Returns 1 on success. Otherwise 0 is returned.
+ */
+static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
+ int keylen;
+
+ if (iv == NULL && key == NULL)
+ return 1;
+
+ if (key != NULL) {
+ keylen = EVP_CIPHER_CTX_key_length(ctx);
+ memcpy(&gctx->kma.param.k, key, keylen);
+
+ gctx->fc = S390X_AES_FC(keylen);
+ if (!enc)
+ gctx->fc |= S390X_DECRYPT;
+
+ if (iv == NULL && gctx->iv_set)
+ iv = gctx->iv;
+
+ if (iv != NULL) {
+ s390x_aes_gcm_setiv(gctx, iv);
+ gctx->iv_set = 1;
+ }
+ gctx->key_set = 1;
+ } else {
+ if (gctx->key_set)
+ s390x_aes_gcm_setiv(gctx, iv);
+ else
+ memcpy(gctx->iv, iv, gctx->ivlen);
+
+ gctx->iv_set = 1;
+ gctx->iv_gen = 0;
+ }
+ return 1;
+}
+
+/*-
+ * En/de-crypt and authenticate TLS packet. Returns the number of bytes written
+ * if successful. Otherwise -1 is returned. Code is big-endian.
+ */
+static int s390x_aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
+ const unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+ const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+ int rv = -1;
+
+ if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
+ return -1;
+
+ if (EVP_CIPHER_CTX_ctrl(ctx, enc ? EVP_CTRL_GCM_IV_GEN
+ : EVP_CTRL_GCM_SET_IV_INV,
+ EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
+ goto err;
+
+ in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+ out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+
+ gctx->kma.param.taadl = gctx->tls_aad_len << 3;
+ gctx->kma.param.tpcl = len << 3;
+ s390x_kma(buf, gctx->tls_aad_len, in, len, out,
+ gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param);
+
+ if (enc) {
+ memcpy(out + len, gctx->kma.param.t.b, EVP_GCM_TLS_TAG_LEN);
+ rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+ } else {
+ if (CRYPTO_memcmp(gctx->kma.param.t.b, in + len,
+ EVP_GCM_TLS_TAG_LEN)) {
+ OPENSSL_cleanse(out, len);
+ goto err;
+ }
+ rv = len;
+ }
+err:
+ gctx->iv_set = 0;
+ gctx->tls_aad_len = -1;
+ return rv;
+}
+
+/*-
+ * Called from EVP layer to initialize context, process additional
+ * authenticated data, en/de-crypt plain/cipher-text and authenticate
+ * ciphertext or process a TLS packet, depending on context. Returns bytes
+ * written on success. Otherwise -1 is returned. Code is big-endian.
+ */
+static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
+ unsigned char *buf, tmp[16];
+ int enc;
+
+ if (!gctx->key_set)
+ return -1;
+
+ if (gctx->tls_aad_len >= 0)
+ return s390x_aes_gcm_tls_cipher(ctx, out, in, len);
+
+ if (!gctx->iv_set)
+ return -1;
+
+ if (in != NULL) {
+ if (out == NULL) {
+ if (s390x_aes_gcm_aad(gctx, in, len))
+ return -1;
+ } else {
+ if (s390x_aes_gcm(gctx, in, out, len))
+ return -1;
+ }
+ return len;
+ } else {
+ gctx->kma.param.taadl <<= 3;
+ gctx->kma.param.tpcl <<= 3;
+ s390x_kma(gctx->ares, gctx->areslen, gctx->mres, gctx->mreslen, tmp,
+ gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param);
+ /* recall that we already did en-/decrypt gctx->mres
+ * and returned it to caller... */
+ OPENSSL_cleanse(tmp, gctx->mreslen);
+ gctx->iv_set = 0;
+
+ enc = EVP_CIPHER_CTX_encrypting(ctx);
+ if (enc) {
+ gctx->taglen = 16;
+ } else {
+ if (gctx->taglen < 0)
+ return -1;
+
+ buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+ if (CRYPTO_memcmp(buf, gctx->kma.param.t.b, gctx->taglen))
+ return -1;
+ }
+ return 0;
+ }
+}
+
+static int s390x_aes_gcm_cleanup(EVP_CIPHER_CTX *c)
+{
+ S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c);
+ const unsigned char *iv;
+
+ if (gctx == NULL)
+ return 0;
+
+ iv = EVP_CIPHER_CTX_iv(c);
+ if (iv != gctx->iv)
+ OPENSSL_free(gctx->iv);
+
+ OPENSSL_cleanse(gctx, sizeof(*gctx));
+ return 1;
+}
+
+# define S390X_AES_XTS_CTX EVP_AES_XTS_CTX
+# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */
+# define S390X_aes_256_xts_CAPABLE 1
+
+# define s390x_aes_xts_init_key aes_xts_init_key
+static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv, int enc);
+# define s390x_aes_xts_cipher aes_xts_cipher
+static int s390x_aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+# define s390x_aes_xts_ctrl aes_xts_ctrl
+static int s390x_aes_xts_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
+# define s390x_aes_xts_cleanup aes_xts_cleanup
+
+# define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE && \
+ (OPENSSL_s390xcap_P.kmac[0] & \
+ S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE && \
+ (OPENSSL_s390xcap_P.kmac[0] & \
+ S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE && \
+ (OPENSSL_s390xcap_P.kmac[0] & \
+ S390X_CAPBIT(S390X_AES_256)))
+
+# define S390X_CCM_AAD_FLAG 0x40
+
+/*-
+ * Set nonce and length fields. Code is big-endian.
+ */
+static inline void s390x_aes_ccm_setiv(S390X_AES_CCM_CTX *ctx,
+ const unsigned char *nonce,
+ size_t mlen)
+{
+ ctx->aes.ccm.nonce.b[0] &= ~S390X_CCM_AAD_FLAG;
+ ctx->aes.ccm.nonce.g[1] = mlen;
+ memcpy(ctx->aes.ccm.nonce.b + 1, nonce, 15 - ctx->aes.ccm.l);
+}
+
+/*-
+ * Process additional authenticated data. Code is big-endian.
+ */
+static void s390x_aes_ccm_aad(S390X_AES_CCM_CTX *ctx, const unsigned char *aad,
+ size_t alen)
+{
+ unsigned char *ptr;
+ int i, rem;
+
+ if (!alen)
+ return;
+
+ ctx->aes.ccm.nonce.b[0] |= S390X_CCM_AAD_FLAG;
+
+ /* Suppress 'type-punned pointer dereference' warning. */
+ ptr = ctx->aes.ccm.buf.b;
+
+ if (alen < ((1 << 16) - (1 << 8))) {
+ *(uint16_t *)ptr = alen;
+ i = 2;
+ } else if (sizeof(alen) == 8
+ && alen >= (size_t)1 << (32 % (sizeof(alen) * 8))) {
+ *(uint16_t *)ptr = 0xffff;
+ *(uint64_t *)(ptr + 2) = alen;
+ i = 10;
+ } else {
+ *(uint16_t *)ptr = 0xfffe;
+ *(uint32_t *)(ptr + 2) = alen;
+ i = 6;
+ }
+
+ while (i < 16 && alen) {
+ ctx->aes.ccm.buf.b[i] = *aad;
+ ++aad;
+ --alen;
+ ++i;
+ }
+ while (i < 16) {
+ ctx->aes.ccm.buf.b[i] = 0;
+ ++i;
+ }
+
+ ctx->aes.ccm.kmac_param.icv.g[0] = 0;
+ ctx->aes.ccm.kmac_param.icv.g[1] = 0;
+ s390x_kmac(ctx->aes.ccm.nonce.b, 32, ctx->aes.ccm.fc,
+ &ctx->aes.ccm.kmac_param);
+ ctx->aes.ccm.blocks += 2;
+
+ rem = alen & 0xf;
+ alen &= ~(size_t)0xf;
+ if (alen) {
+ s390x_kmac(aad, alen, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);
+ ctx->aes.ccm.blocks += alen >> 4;
+ aad += alen;
+ }
+ if (rem) {
+ for (i = 0; i < rem; i++)
+ ctx->aes.ccm.kmac_param.icv.b[i] ^= aad[i];
+
+ s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,
+ ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,
+ ctx->aes.ccm.kmac_param.k);
+ ctx->aes.ccm.blocks++;
+ }
+}
+
+/*-
+ * En/de-crypt plain/cipher-text. Compute tag from plaintext. Returns 0 for
+ * success.
+ */
+static int s390x_aes_ccm(S390X_AES_CCM_CTX *ctx, const unsigned char *in,
+ unsigned char *out, size_t len, int enc)
+{
+ size_t n, rem;
+ unsigned int i, l, num;
+ unsigned char flags;
+
+ flags = ctx->aes.ccm.nonce.b[0];
+ if (!(flags & S390X_CCM_AAD_FLAG)) {
+ s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.kmac_param.icv.b,
+ ctx->aes.ccm.fc, ctx->aes.ccm.kmac_param.k);
+ ctx->aes.ccm.blocks++;
+ }
+ l = flags & 0x7;
+ ctx->aes.ccm.nonce.b[0] = l;
+
+ /*-
+ * Reconstruct length from encoded length field
+ * and initialize it with counter value.
+ */
+ n = 0;
+ for (i = 15 - l; i < 15; i++) {
+ n |= ctx->aes.ccm.nonce.b[i];
+ ctx->aes.ccm.nonce.b[i] = 0;
+ n <<= 8;
+ }
+ n |= ctx->aes.ccm.nonce.b[15];
+ ctx->aes.ccm.nonce.b[15] = 1;
+
+ if (n != len)
+ return -1; /* length mismatch */
+
+ if (enc) {
+ /* Two operations per block plus one for tag encryption */
+ ctx->aes.ccm.blocks += (((len + 15) >> 4) << 1) + 1;
+ if (ctx->aes.ccm.blocks > (1ULL << 61))
+ return -2; /* too much data */
+ }
+
+ num = 0;
+ rem = len & 0xf;
+ len &= ~(size_t)0xf;
+
+ if (enc) {
+ /* mac-then-encrypt */
+ if (len)
+ s390x_kmac(in, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);
+ if (rem) {
+ for (i = 0; i < rem; i++)
+ ctx->aes.ccm.kmac_param.icv.b[i] ^= in[len + i];
+
+ s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,
+ ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,
+ ctx->aes.ccm.kmac_param.k);
+ }
+
+ CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &ctx->aes.key.k,
+ ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b,
+ &num, (ctr128_f)AES_ctr32_encrypt);
+ } else {
+ /* decrypt-then-mac */
+ CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &ctx->aes.key.k,
+ ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b,
+ &num, (ctr128_f)AES_ctr32_encrypt);
+
+ if (len)
+ s390x_kmac(out, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);
+ if (rem) {
+ for (i = 0; i < rem; i++)
+ ctx->aes.ccm.kmac_param.icv.b[i] ^= out[len + i];
+
+ s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,
+ ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,
+ ctx->aes.ccm.kmac_param.k);
+ }
+ }
+ /* encrypt tag */
+ for (i = 15 - l; i < 16; i++)
+ ctx->aes.ccm.nonce.b[i] = 0;
+
+ s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.buf.b, ctx->aes.ccm.fc,
+ ctx->aes.ccm.kmac_param.k);
+ ctx->aes.ccm.kmac_param.icv.g[0] ^= ctx->aes.ccm.buf.g[0];
+ ctx->aes.ccm.kmac_param.icv.g[1] ^= ctx->aes.ccm.buf.g[1];
+
+ ctx->aes.ccm.nonce.b[0] = flags; /* restore flags field */
+ return 0;
+}
+
+/*-
+ * En/de-crypt and authenticate TLS packet. Returns the number of bytes written
+ * if successful. Otherwise -1 is returned.
+ */
+static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
+ unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
+ unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+ const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+
+ if (out != in
+ || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m))
+ return -1;
+
+ if (enc) {
+ /* Set explicit iv (sequence number). */
+ memcpy(out, buf, EVP_CCM_TLS_EXPLICIT_IV_LEN);
+ }
+
+ len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m;
+ /*-
+ * Get explicit iv (sequence number). We already have fixed iv
+ * (server/client_write_iv) here.
+ */
+ memcpy(ivec + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
+ s390x_aes_ccm_setiv(cctx, ivec, len);
+
+ /* Process aad (sequence number|type|version|length) */
+ s390x_aes_ccm_aad(cctx, buf, cctx->aes.ccm.tls_aad_len);
+
+ in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+ out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+
+ if (enc) {
+ if (s390x_aes_ccm(cctx, in, out, len, enc))
+ return -1;
+
+ memcpy(out + len, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m);
+ return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m;
+ } else {
+ if (!s390x_aes_ccm(cctx, in, out, len, enc)) {
+ if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, in + len,
+ cctx->aes.ccm.m))
+ return len;
+ }
+
+ OPENSSL_cleanse(out, len);
+ return -1;
+ }
+}
+
+/*-
+ * Set key and flag field and/or iv. Returns 1 if successful. Otherwise 0 is
+ * returned.
+ */
+static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
+ unsigned char *ivec;
+ int keylen;
+
+ if (iv == NULL && key == NULL)
+ return 1;
+
+ if (key != NULL) {
+ keylen = EVP_CIPHER_CTX_key_length(ctx);
+ cctx->aes.ccm.fc = S390X_AES_FC(keylen);
+ memcpy(cctx->aes.ccm.kmac_param.k, key, keylen);
+
+ /* Store encoded m and l. */
+ cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7)
+ | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3;
+ memset(cctx->aes.ccm.nonce.b + 1, 0,
+ sizeof(cctx->aes.ccm.nonce.b));
+ cctx->aes.ccm.blocks = 0;
+
+ cctx->aes.ccm.key_set = 1;
+ }
+
+ if (iv != NULL) {
+ ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
+ memcpy(ivec, iv, 15 - cctx->aes.ccm.l);
+
+ cctx->aes.ccm.iv_set = 1;
+ }
+
+ return 1;
+}
+
+/*-
+ * Called from EVP layer to initialize context, process additional
+ * authenticated data, en/de-crypt plain/cipher-text and authenticate
+ * plaintext or process a TLS packet, depending on context. Returns bytes
+ * written on success. Otherwise -1 is returned.
+ */
+static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
+ const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+ int rv;
+ unsigned char *buf, *ivec;
+
+ if (!cctx->aes.ccm.key_set)
+ return -1;
+
+ if (cctx->aes.ccm.tls_aad_len >= 0)
+ return s390x_aes_ccm_tls_cipher(ctx, out, in, len);
+
+ /*-
+ * Final(): Does not return any data. Recall that ccm is mac-then-encrypt
+ * so integrity must be checked already at Update() i.e., before
+ * potentially corrupted data is output.
+ */
+ if (in == NULL && out != NULL)
+ return 0;
+
+ if (!cctx->aes.ccm.iv_set)
+ return -1;
+
+ if (!enc && !cctx->aes.ccm.tag_set)
+ return -1;
+
+ if (out == NULL) {
+ /* Update(): Pass message length. */
+ if (in == NULL) {
+ ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
+ s390x_aes_ccm_setiv(cctx, ivec, len);
+
+ cctx->aes.ccm.len_set = 1;
+ return len;
+ }
+
+ /* Update(): Process aad. */
+ if (!cctx->aes.ccm.len_set && len)
+ return -1;
+
+ s390x_aes_ccm_aad(cctx, in, len);
+ return len;
+ }
+
+ /* Update(): Process message. */
+
+ if (!cctx->aes.ccm.len_set) {
+ /*-
+ * In case message length was not previously set explicitely via
+ * Update(), set it now.
+ */
+ ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
+ s390x_aes_ccm_setiv(cctx, ivec, len);
+
+ cctx->aes.ccm.len_set = 1;
+ }
+
+ if (enc) {
+ if (s390x_aes_ccm(cctx, in, out, len, enc))
+ return -1;
+
+ cctx->aes.ccm.tag_set = 1;
+ return len;
+ } else {
+ rv = -1;
+
+ if (!s390x_aes_ccm(cctx, in, out, len, enc)) {
+ buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+ if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, buf,
+ cctx->aes.ccm.m))
+ rv = len;
+ }
+
+ if (rv == -1)
+ OPENSSL_cleanse(out, len);
+
+ cctx->aes.ccm.iv_set = 0;
+ cctx->aes.ccm.tag_set = 0;
+ cctx->aes.ccm.len_set = 0;
+ return rv;
+ }
+}
+
+/*-
+ * Performs various operations on the context structure depending on control
+ * type. Returns 1 for success, 0 for failure and -1 for unknown control type.
+ * Code is big-endian.
+ */
+static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+ S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, c);
+ unsigned char *buf, *iv;
+ int enc, len;
+
+ switch (type) {
+ case EVP_CTRL_INIT:
+ cctx->aes.ccm.key_set = 0;
+ cctx->aes.ccm.iv_set = 0;
+ cctx->aes.ccm.l = 8;
+ cctx->aes.ccm.m = 12;
+ cctx->aes.ccm.tag_set = 0;
+ cctx->aes.ccm.len_set = 0;
+ cctx->aes.ccm.tls_aad_len = -1;
+ return 1;
+
+ case EVP_CTRL_AEAD_TLS1_AAD:
+ if (arg != EVP_AEAD_TLS1_AAD_LEN)
+ return 0;
+
+ /* Save the aad for later use. */
+ buf = EVP_CIPHER_CTX_buf_noconst(c);
+ memcpy(buf, ptr, arg);
+ cctx->aes.ccm.tls_aad_len = arg;
+
+ len = buf[arg - 2] << 8 | buf[arg - 1];
+ if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
+ return 0;
+
+ /* Correct length for explicit iv. */
+ len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+
+ enc = EVP_CIPHER_CTX_encrypting(c);
+ if (!enc) {
+ if (len < cctx->aes.ccm.m)
+ return 0;
+
+ /* Correct length for tag. */
+ len -= cctx->aes.ccm.m;
+ }
+
+ buf[arg - 2] = len >> 8;
+ buf[arg - 1] = len & 0xff;
+
+ /* Extra padding: tag appended to record. */
+ return cctx->aes.ccm.m;
+
+ case EVP_CTRL_CCM_SET_IV_FIXED:
+ if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
+ return 0;
+
+ /* Copy to first part of the iv. */
+ iv = EVP_CIPHER_CTX_iv_noconst(c);
+ memcpy(iv, ptr, arg);
+ return 1;
+
+ case EVP_CTRL_AEAD_SET_IVLEN:
+ arg = 15 - arg;
+ /* fall-through */
+
+ case EVP_CTRL_CCM_SET_L:
+ if (arg < 2 || arg > 8)
+ return 0;
+
+ cctx->aes.ccm.l = arg;
+ return 1;
+
+ case EVP_CTRL_AEAD_SET_TAG:
+ if ((arg & 1) || arg < 4 || arg > 16)
+ return 0;
+
+ enc = EVP_CIPHER_CTX_encrypting(c);
+ if (enc && ptr)
+ return 0;
+
+ if (ptr) {
+ cctx->aes.ccm.tag_set = 1;
+ buf = EVP_CIPHER_CTX_buf_noconst(c);
+ memcpy(buf, ptr, arg);
+ }
+
+ cctx->aes.ccm.m = arg;
+ return 1;
+
+ case EVP_CTRL_AEAD_GET_TAG:
+ enc = EVP_CIPHER_CTX_encrypting(c);
+ if (!enc || !cctx->aes.ccm.tag_set)
+ return 0;
+
+ if(arg < cctx->aes.ccm.m)
+ return 0;
+
+ memcpy(ptr, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m);
+ cctx->aes.ccm.tag_set = 0;
+ cctx->aes.ccm.iv_set = 0;
+ cctx->aes.ccm.len_set = 0;
+ return 1;
+
+ case EVP_CTRL_COPY:
+ return 1;
+
+ default:
+ return -1;
+ }
+}
+
+# define s390x_aes_ccm_cleanup aes_ccm_cleanup
+
+# ifndef OPENSSL_NO_OCB
+# define S390X_AES_OCB_CTX EVP_AES_OCB_CTX
+# define S390X_aes_128_ocb_CAPABLE 0
+# define S390X_aes_192_ocb_CAPABLE 0
+# define S390X_aes_256_ocb_CAPABLE 0
+
+# define s390x_aes_ocb_init_key aes_ocb_init_key
+static int s390x_aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+# define s390x_aes_ocb_cipher aes_ocb_cipher
+static int s390x_aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+# define s390x_aes_ocb_cleanup aes_ocb_cleanup
+static int s390x_aes_ocb_cleanup(EVP_CIPHER_CTX *);
+# define s390x_aes_ocb_ctrl aes_ocb_ctrl
+static int s390x_aes_ocb_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
+# endif
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode, \
+ MODE,flags) \
+static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \
+ nid##_##keylen##_##nmode,blocksize, \
+ keylen / 8, \
+ ivlen, \
+ flags | EVP_CIPH_##MODE##_MODE, \
+ s390x_aes_##mode##_init_key, \
+ s390x_aes_##mode##_cipher, \
+ NULL, \
+ sizeof(S390X_AES_##MODE##_CTX), \
+ NULL, \
+ NULL, \
+ NULL, \
+ NULL \
+}; \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+ nid##_##keylen##_##nmode, \
+ blocksize, \
+ keylen / 8, \
+ ivlen, \
+ flags | EVP_CIPH_##MODE##_MODE, \
+ aes_init_key, \
+ aes_##mode##_cipher, \
+ NULL, \
+ sizeof(EVP_AES_KEY), \
+ NULL, \
+ NULL, \
+ NULL, \
+ NULL \
+}; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ \
+ return S390X_aes_##keylen##_##mode##_CAPABLE ? \
+ &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode; \
+}
+
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags)\
+static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \
+ nid##_##keylen##_##mode, \
+ blocksize, \
+ (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8, \
+ ivlen, \
+ flags | EVP_CIPH_##MODE##_MODE, \
+ s390x_aes_##mode##_init_key, \
+ s390x_aes_##mode##_cipher, \
+ s390x_aes_##mode##_cleanup, \
+ sizeof(S390X_AES_##MODE##_CTX), \
+ NULL, \
+ NULL, \
+ s390x_aes_##mode##_ctrl, \
+ NULL \
+}; \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+ nid##_##keylen##_##mode,blocksize, \
+ (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8, \
+ ivlen, \
+ flags | EVP_CIPH_##MODE##_MODE, \
+ aes_##mode##_init_key, \
+ aes_##mode##_cipher, \
+ aes_##mode##_cleanup, \
+ sizeof(EVP_AES_##MODE##_CTX), \
+ NULL, \
+ NULL, \
+ aes_##mode##_ctrl, \
+ NULL \
+}; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ \
+ return S390X_aes_##keylen##_##mode##_CAPABLE ? \
+ &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode; \
+}
+
+#else
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
static const EVP_CIPHER aes_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
@@ -864,7 +2495,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
{ return &aes_##keylen##_##mode; }
-# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
static const EVP_CIPHER aes_##keylen##_##mode = { \
nid##_##keylen##_##mode,blocksize, \
(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
@@ -876,25 +2507,29 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
NULL,NULL,aes_##mode##_ctrl,NULL }; \
const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
{ return &aes_##keylen##_##mode; }
-# endif
-# if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__))
-# include "arm_arch.h"
-# if __ARM_MAX_ARCH__>=7
-# if defined(BSAES_ASM)
-# define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
-# endif
-# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES)
-# define HWAES_set_encrypt_key aes_v8_set_encrypt_key
-# define HWAES_set_decrypt_key aes_v8_set_decrypt_key
-# define HWAES_encrypt aes_v8_encrypt
-# define HWAES_decrypt aes_v8_decrypt
-# define HWAES_cbc_encrypt aes_v8_cbc_encrypt
-# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks
+#endif
+
+#if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__))
+# include "arm_arch.h"
+# if __ARM_MAX_ARCH__>=7
+# if defined(BSAES_ASM)
+# define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
+# endif
+# if defined(VPAES_ASM)
+# define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
# endif
+# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES)
+# define HWAES_set_encrypt_key aes_v8_set_encrypt_key
+# define HWAES_set_decrypt_key aes_v8_set_decrypt_key
+# define HWAES_encrypt aes_v8_encrypt
+# define HWAES_decrypt aes_v8_decrypt
+# define HWAES_cbc_encrypt aes_v8_cbc_encrypt
+# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks
# endif
+#endif
-# if defined(HWAES_CAPABLE)
+#if defined(HWAES_CAPABLE)
int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key);
int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits,
@@ -909,9 +2544,15 @@ void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out,
void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
const unsigned char ivec[16]);
-# endif
+void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out,
+ size_t len, const AES_KEY *key1,
+ const AES_KEY *key2, const unsigned char iv[16]);
+void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out,
+ size_t len, const AES_KEY *key1,
+ const AES_KEY *key2, const unsigned char iv[16]);
+#endif
-# define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \
+#define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \
BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
@@ -924,85 +2565,97 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
int ret, mode;
- EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+ EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
- mode = ctx->cipher->flags & EVP_CIPH_MODE;
+ mode = EVP_CIPHER_CTX_mode(ctx);
if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
- && !enc)
-# ifdef HWAES_CAPABLE
+ && !enc) {
+#ifdef HWAES_CAPABLE
if (HWAES_CAPABLE) {
- ret = HWAES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+ ret = HWAES_set_decrypt_key(key,
+ EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &dat->ks.ks);
dat->block = (block128_f) HWAES_decrypt;
dat->stream.cbc = NULL;
-# ifdef HWAES_cbc_encrypt
+# ifdef HWAES_cbc_encrypt
if (mode == EVP_CIPH_CBC_MODE)
dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt;
-# endif
- } else
# endif
-# ifdef BSAES_CAPABLE
+ } else
+#endif
+#ifdef BSAES_CAPABLE
if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) {
- ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+ ret = AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &dat->ks.ks);
dat->block = (block128_f) AES_decrypt;
dat->stream.cbc = (cbc128_f) bsaes_cbc_encrypt;
} else
-# endif
-# ifdef VPAES_CAPABLE
+#endif
+#ifdef VPAES_CAPABLE
if (VPAES_CAPABLE) {
- ret = vpaes_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+ ret = vpaes_set_decrypt_key(key,
+ EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &dat->ks.ks);
dat->block = (block128_f) vpaes_decrypt;
dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
(cbc128_f) vpaes_cbc_encrypt : NULL;
} else
-# endif
+#endif
{
- ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+ ret = AES_set_decrypt_key(key,
+ EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &dat->ks.ks);
dat->block = (block128_f) AES_decrypt;
dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
(cbc128_f) AES_cbc_encrypt : NULL;
+ }
} else
-# ifdef HWAES_CAPABLE
+#ifdef HWAES_CAPABLE
if (HWAES_CAPABLE) {
- ret = HWAES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+ ret = HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &dat->ks.ks);
dat->block = (block128_f) HWAES_encrypt;
dat->stream.cbc = NULL;
-# ifdef HWAES_cbc_encrypt
+# ifdef HWAES_cbc_encrypt
if (mode == EVP_CIPH_CBC_MODE)
dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt;
else
-# endif
-# ifdef HWAES_ctr32_encrypt_blocks
+# endif
+# ifdef HWAES_ctr32_encrypt_blocks
if (mode == EVP_CIPH_CTR_MODE)
dat->stream.ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks;
else
-# endif
+# endif
(void)0; /* terminate potentially open 'else' */
} else
-# endif
-# ifdef BSAES_CAPABLE
+#endif
+#ifdef BSAES_CAPABLE
if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) {
- ret = AES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+ ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &dat->ks.ks);
dat->block = (block128_f) AES_encrypt;
dat->stream.ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks;
} else
-# endif
-# ifdef VPAES_CAPABLE
+#endif
+#ifdef VPAES_CAPABLE
if (VPAES_CAPABLE) {
- ret = vpaes_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+ ret = vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &dat->ks.ks);
dat->block = (block128_f) vpaes_encrypt;
dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
(cbc128_f) vpaes_cbc_encrypt : NULL;
} else
-# endif
+#endif
{
- ret = AES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+ ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &dat->ks.ks);
dat->block = (block128_f) AES_encrypt;
dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
(cbc128_f) AES_cbc_encrypt : NULL;
-# ifdef AES_CTR_ASM
+#ifdef AES_CTR_ASM
if (mode == EVP_CIPH_CTR_MODE)
dat->stream.ctr = (ctr128_f) AES_ctr32_encrypt;
-# endif
+#endif
}
if (ret < 0) {
@@ -1016,14 +2669,18 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
- EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+ EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
if (dat->stream.cbc)
- (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, ctx->encrypt);
- else if (ctx->encrypt)
- CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, dat->block);
+ (*dat->stream.cbc) (in, out, len, &dat->ks,
+ EVP_CIPHER_CTX_iv_noconst(ctx),
+ EVP_CIPHER_CTX_encrypting(ctx));
+ else if (EVP_CIPHER_CTX_encrypting(ctx))
+ CRYPTO_cbc128_encrypt(in, out, len, &dat->ks,
+ EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
else
- CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, dat->block);
+ CRYPTO_cbc128_decrypt(in, out, len, &dat->ks,
+ EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
return 1;
}
@@ -1031,9 +2688,9 @@ static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
- size_t bl = ctx->cipher->block_size;
+ size_t bl = EVP_CIPHER_CTX_block_size(ctx);
size_t i;
- EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+ EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
if (len < bl)
return 1;
@@ -1047,54 +2704,72 @@ static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
- EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+ EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+ int num = EVP_CIPHER_CTX_num(ctx);
CRYPTO_ofb128_encrypt(in, out, len, &dat->ks,
- ctx->iv, &ctx->num, dat->block);
+ EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block);
+ EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
- EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+ EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+ int num = EVP_CIPHER_CTX_num(ctx);
CRYPTO_cfb128_encrypt(in, out, len, &dat->ks,
- ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+ EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+ EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+ EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
- EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+ EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+ int num = EVP_CIPHER_CTX_num(ctx);
CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks,
- ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+ EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+ EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+ EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
- EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+ EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
- if (ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) {
+ if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
+ int num = EVP_CIPHER_CTX_num(ctx);
CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks,
- ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+ EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+ EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+ EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
while (len >= MAXBITCHUNK) {
+ int num = EVP_CIPHER_CTX_num(ctx);
CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
- ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+ EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+ EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+ EVP_CIPHER_CTX_set_num(ctx, num);
len -= MAXBITCHUNK;
out += MAXBITCHUNK;
in += MAXBITCHUNK;
}
- if (len)
+ if (len) {
+ int num = EVP_CIPHER_CTX_num(ctx);
CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
- ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+ EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+ EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+ EVP_CIPHER_CTX_set_num(ctx, num);
+ }
return 1;
}
@@ -1102,53 +2777,41 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
- unsigned int num = ctx->num;
- EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+ unsigned int num = EVP_CIPHER_CTX_num(ctx);
+ EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
if (dat->stream.ctr)
CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
- ctx->iv, ctx->buf, &num, dat->stream.ctr);
+ EVP_CIPHER_CTX_iv_noconst(ctx),
+ EVP_CIPHER_CTX_buf_noconst(ctx),
+ &num, dat->stream.ctr);
else
CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
- ctx->iv, ctx->buf, &num, dat->block);
- ctx->num = (size_t)num;
+ EVP_CIPHER_CTX_iv_noconst(ctx),
+ EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+ dat->block);
+ EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
-BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS)
- BLOCK_CIPHER_generic_pack(NID_aes, 192, EVP_CIPH_FLAG_FIPS)
- BLOCK_CIPHER_generic_pack(NID_aes, 256, EVP_CIPH_FLAG_FIPS)
+BLOCK_CIPHER_generic_pack(NID_aes, 128, 0)
+ BLOCK_CIPHER_generic_pack(NID_aes, 192, 0)
+ BLOCK_CIPHER_generic_pack(NID_aes, 256, 0)
static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
{
- EVP_AES_GCM_CTX *gctx = c->cipher_data;
+ EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c);
if (gctx == NULL)
return 0;
OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
- if (gctx->iv != c->iv)
+ if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
OPENSSL_free(gctx->iv);
return 1;
}
-/* increment counter (64-bit int) by 1 */
-static void ctr64_inc(unsigned char *counter)
-{
- int n = 8;
- unsigned char c;
-
- do {
- --n;
- c = counter[n];
- ++c;
- counter[n] = c;
- if (c)
- return;
- } while (n);
-}
-
static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
- EVP_AES_GCM_CTX *gctx = c->cipher_data;
+ EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c);
switch (type) {
case EVP_CTRL_INIT:
gctx->key_set = 0;
@@ -1160,29 +2823,31 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
gctx->tls_aad_len = -1;
return 1;
- case EVP_CTRL_GCM_SET_IVLEN:
+ case EVP_CTRL_AEAD_SET_IVLEN:
if (arg <= 0)
return 0;
/* Allocate memory for IV if needed */
if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
if (gctx->iv != c->iv)
OPENSSL_free(gctx->iv);
- gctx->iv = OPENSSL_malloc(arg);
- if (!gctx->iv)
+ if ((gctx->iv = OPENSSL_malloc(arg)) == NULL) {
+ EVPerr(EVP_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);
return 0;
+ }
}
gctx->ivlen = arg;
return 1;
- case EVP_CTRL_GCM_SET_TAG:
+ case EVP_CTRL_AEAD_SET_TAG:
if (arg <= 0 || arg > 16 || c->encrypt)
return 0;
memcpy(c->buf, ptr, arg);
gctx->taglen = arg;
return 1;
- case EVP_CTRL_GCM_GET_TAG:
- if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0)
+ case EVP_CTRL_AEAD_GET_TAG:
+ if (arg <= 0 || arg > 16 || !c->encrypt
+ || gctx->taglen < 0)
return 0;
memcpy(ptr, c->buf, arg);
return 1;
@@ -1257,7 +2922,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
case EVP_CTRL_COPY:
{
EVP_CIPHER_CTX *out = ptr;
- EVP_AES_GCM_CTX *gctx_out = out->cipher_data;
+ EVP_AES_GCM_CTX *gctx_out = EVP_C_DATA(EVP_AES_GCM_CTX,out);
if (gctx->gcm.key) {
if (gctx->gcm.key != &gctx->ks)
return 0;
@@ -1266,9 +2931,10 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
if (gctx->iv == c->iv)
gctx_out->iv = out->iv;
else {
- gctx_out->iv = OPENSSL_malloc(gctx->ivlen);
- if (!gctx_out->iv)
+ if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) {
+ EVPerr(EVP_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);
return 0;
+ }
memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
}
return 1;
@@ -1283,25 +2949,25 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
- EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
+ EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
if (!iv && !key)
return 1;
if (key) {
do {
-# ifdef HWAES_CAPABLE
+#ifdef HWAES_CAPABLE
if (HWAES_CAPABLE) {
HWAES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
(block128_f) HWAES_encrypt);
-# ifdef HWAES_ctr32_encrypt_blocks
+# ifdef HWAES_ctr32_encrypt_blocks
gctx->ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks;
-# else
+# else
gctx->ctr = NULL;
-# endif
+# endif
break;
} else
-# endif
-# ifdef BSAES_CAPABLE
+#endif
+#ifdef BSAES_CAPABLE
if (BSAES_CAPABLE) {
AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
@@ -1309,8 +2975,8 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
gctx->ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks;
break;
} else
-# endif
-# ifdef VPAES_CAPABLE
+#endif
+#ifdef VPAES_CAPABLE
if (VPAES_CAPABLE) {
vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
@@ -1318,17 +2984,17 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
gctx->ctr = NULL;
break;
} else
-# endif
+#endif
(void)0; /* terminate potentially open 'else' */
AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
(block128_f) AES_encrypt);
-# ifdef AES_CTR_ASM
+#ifdef AES_CTR_ASM
gctx->ctr = (ctr128_f) AES_ctr32_encrypt;
-# else
+#else
gctx->ctr = NULL;
-# endif
+#endif
} while (0);
/*
@@ -1363,7 +3029,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
- EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
+ EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
int rv = -1;
/* Encrypt/decrypt must be performed in place */
if (out != in
@@ -1373,8 +3039,8 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
* Set IV from start of buffer or generate IV and write to start of
* buffer.
*/
- if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
- EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
+ if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? EVP_CTRL_GCM_IV_GEN
+ : EVP_CTRL_GCM_SET_IV_INV,
EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
goto err;
/* Use saved AAD */
@@ -1388,7 +3054,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
/* Encrypt payload */
if (gctx->ctr) {
size_t bulk = 0;
-# if defined(AES_GCM_ASM)
+#if defined(AES_GCM_ASM)
if (len >= 32 && AES_GCM_ASM(gctx)) {
if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0))
return -1;
@@ -1398,7 +3064,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
gctx->gcm.Yi.c, gctx->gcm.Xi.u);
gctx->gcm.len.u[1] += bulk;
}
-# endif
+#endif
if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
in + bulk,
out + bulk,
@@ -1406,7 +3072,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
goto err;
} else {
size_t bulk = 0;
-# if defined(AES_GCM_ASM2)
+#if defined(AES_GCM_ASM2)
if (len >= 32 && AES_GCM_ASM2(gctx)) {
if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0))
return -1;
@@ -1416,7 +3082,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
gctx->gcm.Yi.c, gctx->gcm.Xi.u);
gctx->gcm.len.u[1] += bulk;
}
-# endif
+#endif
if (CRYPTO_gcm128_encrypt(&gctx->gcm,
in + bulk, out + bulk, len - bulk))
goto err;
@@ -1429,7 +3095,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
/* Decrypt */
if (gctx->ctr) {
size_t bulk = 0;
-# if defined(AES_GCM_ASM)
+#if defined(AES_GCM_ASM)
if (len >= 16 && AES_GCM_ASM(gctx)) {
if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0))
return -1;
@@ -1439,7 +3105,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
gctx->gcm.Yi.c, gctx->gcm.Xi.u);
gctx->gcm.len.u[1] += bulk;
}
-# endif
+#endif
if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
in + bulk,
out + bulk,
@@ -1447,7 +3113,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
goto err;
} else {
size_t bulk = 0;
-# if defined(AES_GCM_ASM2)
+#if defined(AES_GCM_ASM2)
if (len >= 16 && AES_GCM_ASM2(gctx)) {
if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0))
return -1;
@@ -1457,7 +3123,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
gctx->gcm.Yi.c, gctx->gcm.Xi.u);
gctx->gcm.len.u[1] += bulk;
}
-# endif
+#endif
if (CRYPTO_gcm128_decrypt(&gctx->gcm,
in + bulk, out + bulk, len - bulk))
goto err;
@@ -1481,7 +3147,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
- EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
+ EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
/* If not set up, return error */
if (!gctx->key_set)
return -1;
@@ -1498,7 +3164,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
} else if (ctx->encrypt) {
if (gctx->ctr) {
size_t bulk = 0;
-# if defined(AES_GCM_ASM)
+#if defined(AES_GCM_ASM)
if (len >= 32 && AES_GCM_ASM(gctx)) {
size_t res = (16 - gctx->gcm.mres) % 16;
@@ -1512,7 +3178,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
gctx->gcm.len.u[1] += bulk;
bulk += res;
}
-# endif
+#endif
if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
in + bulk,
out + bulk,
@@ -1520,7 +3186,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
return -1;
} else {
size_t bulk = 0;
-# if defined(AES_GCM_ASM2)
+#if defined(AES_GCM_ASM2)
if (len >= 32 && AES_GCM_ASM2(gctx)) {
size_t res = (16 - gctx->gcm.mres) % 16;
@@ -1534,7 +3200,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
gctx->gcm.len.u[1] += bulk;
bulk += res;
}
-# endif
+#endif
if (CRYPTO_gcm128_encrypt(&gctx->gcm,
in + bulk, out + bulk, len - bulk))
return -1;
@@ -1542,7 +3208,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
} else {
if (gctx->ctr) {
size_t bulk = 0;
-# if defined(AES_GCM_ASM)
+#if defined(AES_GCM_ASM)
if (len >= 16 && AES_GCM_ASM(gctx)) {
size_t res = (16 - gctx->gcm.mres) % 16;
@@ -1556,7 +3222,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
gctx->gcm.len.u[1] += bulk;
bulk += res;
}
-# endif
+#endif
if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
in + bulk,
out + bulk,
@@ -1564,7 +3230,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
return -1;
} else {
size_t bulk = 0;
-# if defined(AES_GCM_ASM2)
+#if defined(AES_GCM_ASM2)
if (len >= 16 && AES_GCM_ASM2(gctx)) {
size_t res = (16 - gctx->gcm.mres) % 16;
@@ -1578,7 +3244,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
gctx->gcm.len.u[1] += bulk;
bulk += res;
}
-# endif
+#endif
if (CRYPTO_gcm128_decrypt(&gctx->gcm,
in + bulk, out + bulk, len - bulk))
return -1;
@@ -1603,27 +3269,24 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
-# define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \
+#define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \
| EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
| EVP_CIPH_CUSTOM_COPY)
BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM,
- EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER |
- CUSTOM_FLAGS)
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM,
- EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER |
- CUSTOM_FLAGS)
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM,
- EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER |
- CUSTOM_FLAGS)
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
- EVP_AES_XTS_CTX *xctx = c->cipher_data;
+ EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,c);
if (type == EVP_CTRL_COPY) {
EVP_CIPHER_CTX *out = ptr;
- EVP_AES_XTS_CTX *xctx_out = out->cipher_data;
+ EVP_AES_XTS_CTX *xctx_out = EVP_C_DATA(EVP_AES_XTS_CTX,out);
if (xctx->xts.key1) {
if (xctx->xts.key1 != &xctx->ks1)
return 0;
@@ -1646,75 +3309,90 @@ static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
- EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
+ EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
if (!iv && !key)
return 1;
if (key)
do {
-# ifdef AES_XTS_ASM
+#ifdef AES_XTS_ASM
xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
-# else
+#else
xctx->stream = NULL;
-# endif
+#endif
/* key_len is two AES keys */
-# ifdef HWAES_CAPABLE
+#ifdef HWAES_CAPABLE
if (HWAES_CAPABLE) {
if (enc) {
- HWAES_set_encrypt_key(key, ctx->key_len * 4,
+ HWAES_set_encrypt_key(key,
+ EVP_CIPHER_CTX_key_length(ctx) * 4,
&xctx->ks1.ks);
xctx->xts.block1 = (block128_f) HWAES_encrypt;
+# ifdef HWAES_xts_encrypt
+ xctx->stream = HWAES_xts_encrypt;
+# endif
} else {
- HWAES_set_decrypt_key(key, ctx->key_len * 4,
+ HWAES_set_decrypt_key(key,
+ EVP_CIPHER_CTX_key_length(ctx) * 4,
&xctx->ks1.ks);
xctx->xts.block1 = (block128_f) HWAES_decrypt;
+# ifdef HWAES_xts_decrypt
+ xctx->stream = HWAES_xts_decrypt;
+#endif
}
- HWAES_set_encrypt_key(key + ctx->key_len / 2,
- ctx->key_len * 4, &xctx->ks2.ks);
+ HWAES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+ EVP_CIPHER_CTX_key_length(ctx) * 4,
+ &xctx->ks2.ks);
xctx->xts.block2 = (block128_f) HWAES_encrypt;
xctx->xts.key1 = &xctx->ks1;
break;
} else
-# endif
-# ifdef BSAES_CAPABLE
+#endif
+#ifdef BSAES_CAPABLE
if (BSAES_CAPABLE)
xctx->stream = enc ? bsaes_xts_encrypt : bsaes_xts_decrypt;
else
-# endif
-# ifdef VPAES_CAPABLE
+#endif
+#ifdef VPAES_CAPABLE
if (VPAES_CAPABLE) {
if (enc) {
- vpaes_set_encrypt_key(key, ctx->key_len * 4,
+ vpaes_set_encrypt_key(key,
+ EVP_CIPHER_CTX_key_length(ctx) * 4,
&xctx->ks1.ks);
xctx->xts.block1 = (block128_f) vpaes_encrypt;
} else {
- vpaes_set_decrypt_key(key, ctx->key_len * 4,
+ vpaes_set_decrypt_key(key,
+ EVP_CIPHER_CTX_key_length(ctx) * 4,
&xctx->ks1.ks);
xctx->xts.block1 = (block128_f) vpaes_decrypt;
}
- vpaes_set_encrypt_key(key + ctx->key_len / 2,
- ctx->key_len * 4, &xctx->ks2.ks);
+ vpaes_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+ EVP_CIPHER_CTX_key_length(ctx) * 4,
+ &xctx->ks2.ks);
xctx->xts.block2 = (block128_f) vpaes_encrypt;
xctx->xts.key1 = &xctx->ks1;
break;
} else
-# endif
+#endif
(void)0; /* terminate potentially open 'else' */
if (enc) {
- AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+ AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+ &xctx->ks1.ks);
xctx->xts.block1 = (block128_f) AES_encrypt;
} else {
- AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+ AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+ &xctx->ks1.ks);
xctx->xts.block1 = (block128_f) AES_decrypt;
}
- AES_set_encrypt_key(key + ctx->key_len / 2,
- ctx->key_len * 4, &xctx->ks2.ks);
+ AES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+ EVP_CIPHER_CTX_key_length(ctx) * 4,
+ &xctx->ks2.ks);
xctx->xts.block2 = (block128_f) AES_encrypt;
xctx->xts.key1 = &xctx->ks1;
@@ -1722,7 +3400,7 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
if (iv) {
xctx->xts.key2 = &xctx->ks2;
- memcpy(ctx->iv, iv, 16);
+ memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);
}
return 1;
@@ -1731,34 +3409,34 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
- EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
+ EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
if (!xctx->xts.key1 || !xctx->xts.key2)
return 0;
if (!out || !in || len < AES_BLOCK_SIZE)
return 0;
if (xctx->stream)
(*xctx->stream) (in, out, len,
- xctx->xts.key1, xctx->xts.key2, ctx->iv);
- else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len,
- ctx->encrypt))
+ xctx->xts.key1, xctx->xts.key2,
+ EVP_CIPHER_CTX_iv_noconst(ctx));
+ else if (CRYPTO_xts128_encrypt(&xctx->xts, EVP_CIPHER_CTX_iv_noconst(ctx),
+ in, out, len,
+ EVP_CIPHER_CTX_encrypting(ctx)))
return 0;
return 1;
}
-# define aes_xts_cleanup NULL
+#define aes_xts_cleanup NULL
-# define XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \
+#define XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \
| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
| EVP_CIPH_CUSTOM_COPY)
-BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS,
- EVP_CIPH_FLAG_FIPS | XTS_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS,
- EVP_CIPH_FLAG_FIPS | XTS_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS)
+ BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS)
static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
- EVP_AES_CCM_CTX *cctx = c->cipher_data;
+ EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,c);
switch (type) {
case EVP_CTRL_INIT:
cctx->key_set = 0;
@@ -1767,30 +3445,66 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
cctx->M = 12;
cctx->tag_set = 0;
cctx->len_set = 0;
+ cctx->tls_aad_len = -1;
+ return 1;
+
+ case EVP_CTRL_AEAD_TLS1_AAD:
+ /* Save the AAD for later use */
+ if (arg != EVP_AEAD_TLS1_AAD_LEN)
+ return 0;
+ memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+ cctx->tls_aad_len = arg;
+ {
+ uint16_t len =
+ EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
+ | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
+ /* Correct length for explicit IV */
+ if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
+ return 0;
+ len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+ /* If decrypting correct for tag too */
+ if (!EVP_CIPHER_CTX_encrypting(c)) {
+ if (len < cctx->M)
+ return 0;
+ len -= cctx->M;
+ }
+ EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
+ EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
+ }
+ /* Extra padding: tag appended to record */
+ return cctx->M;
+
+ case EVP_CTRL_CCM_SET_IV_FIXED:
+ /* Sanity check length */
+ if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
+ return 0;
+ /* Just copy to first part of IV */
+ memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg);
return 1;
- case EVP_CTRL_CCM_SET_IVLEN:
+ case EVP_CTRL_AEAD_SET_IVLEN:
arg = 15 - arg;
+ /* fall thru */
case EVP_CTRL_CCM_SET_L:
if (arg < 2 || arg > 8)
return 0;
cctx->L = arg;
return 1;
- case EVP_CTRL_CCM_SET_TAG:
+ case EVP_CTRL_AEAD_SET_TAG:
if ((arg & 1) || arg < 4 || arg > 16)
return 0;
- if (c->encrypt && ptr)
+ if (EVP_CIPHER_CTX_encrypting(c) && ptr)
return 0;
if (ptr) {
cctx->tag_set = 1;
- memcpy(c->buf, ptr, arg);
+ memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
}
cctx->M = arg;
return 1;
- case EVP_CTRL_CCM_GET_TAG:
- if (!c->encrypt || !cctx->tag_set)
+ case EVP_CTRL_AEAD_GET_TAG:
+ if (!EVP_CIPHER_CTX_encrypting(c) || !cctx->tag_set)
return 0;
if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
return 0;
@@ -1802,7 +3516,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
case EVP_CTRL_COPY:
{
EVP_CIPHER_CTX *out = ptr;
- EVP_AES_CCM_CTX *cctx_out = out->cipher_data;
+ EVP_AES_CCM_CTX *cctx_out = EVP_C_DATA(EVP_AES_CCM_CTX,out);
if (cctx->ccm.key) {
if (cctx->ccm.key != &cctx->ks)
return 0;
@@ -1820,14 +3534,15 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
- EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
+ EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
if (!iv && !key)
return 1;
if (key)
do {
-# ifdef HWAES_CAPABLE
+#ifdef HWAES_CAPABLE
if (HWAES_CAPABLE) {
- HWAES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
+ HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &cctx->ks.ks);
CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
&cctx->ks, (block128_f) HWAES_encrypt);
@@ -1835,43 +3550,105 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
cctx->key_set = 1;
break;
} else
-# endif
-# ifdef VPAES_CAPABLE
+#endif
+#ifdef VPAES_CAPABLE
if (VPAES_CAPABLE) {
- vpaes_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
+ vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &cctx->ks.ks);
CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
&cctx->ks, (block128_f) vpaes_encrypt);
cctx->str = NULL;
cctx->key_set = 1;
break;
}
-# endif
- AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
+#endif
+ AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &cctx->ks.ks);
CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
&cctx->ks, (block128_f) AES_encrypt);
cctx->str = NULL;
cctx->key_set = 1;
} while (0);
if (iv) {
- memcpy(ctx->iv, iv, 15 - cctx->L);
+ memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
cctx->iv_set = 1;
}
return 1;
}
+static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
+ CCM128_CONTEXT *ccm = &cctx->ccm;
+ /* Encrypt/decrypt must be performed in place */
+ if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M))
+ return -1;
+ /* If encrypting set explicit IV from sequence number (start of AAD) */
+ if (EVP_CIPHER_CTX_encrypting(ctx))
+ memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx),
+ EVP_CCM_TLS_EXPLICIT_IV_LEN);
+ /* Get rest of IV from explicit IV */
+ memcpy(EVP_CIPHER_CTX_iv_noconst(ctx) + EVP_CCM_TLS_FIXED_IV_LEN, in,
+ EVP_CCM_TLS_EXPLICIT_IV_LEN);
+ /* Correct length value */
+ len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+ if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L,
+ len))
+ return -1;
+ /* Use saved AAD */
+ CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->tls_aad_len);
+ /* Fix buffer to point to payload */
+ in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+ out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+ if (EVP_CIPHER_CTX_encrypting(ctx)) {
+ if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
+ cctx->str) :
+ CRYPTO_ccm128_encrypt(ccm, in, out, len))
+ return -1;
+ if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M))
+ return -1;
+ return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+ } else {
+ if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
+ cctx->str) :
+ !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
+ unsigned char tag[16];
+ if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
+ if (!CRYPTO_memcmp(tag, in + len, cctx->M))
+ return len;
+ }
+ }
+ OPENSSL_cleanse(out, len);
+ return -1;
+ }
+}
+
static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
- EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
+ EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
CCM128_CONTEXT *ccm = &cctx->ccm;
/* If not set up, return error */
- if (!cctx->iv_set && !cctx->key_set)
+ if (!cctx->key_set)
return -1;
- if (!ctx->encrypt && !cctx->tag_set)
+
+ if (cctx->tls_aad_len >= 0)
+ return aes_ccm_tls_cipher(ctx, out, in, len);
+
+ /* EVP_*Final() doesn't return any data */
+ if (in == NULL && out != NULL)
+ return 0;
+
+ if (!cctx->iv_set)
+ return -1;
+
+ if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
return -1;
if (!out) {
if (!in) {
- if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
+ if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+ 15 - cctx->L, len))
return -1;
cctx->len_set = 1;
return len;
@@ -1882,16 +3659,14 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
CRYPTO_ccm128_aad(ccm, in, len);
return len;
}
- /* EVP_*Final() doesn't return any data */
- if (!in)
- return 0;
/* If not set length yet do it */
if (!cctx->len_set) {
- if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
+ if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+ 15 - cctx->L, len))
return -1;
cctx->len_set = 1;
}
- if (ctx->encrypt) {
+ if (EVP_CIPHER_CTX_encrypting(ctx)) {
if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
cctx->str) :
CRYPTO_ccm128_encrypt(ccm, in, out, len))
@@ -1905,7 +3680,8 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
!CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
unsigned char tag[16];
if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
- if (!CRYPTO_memcmp(tag, ctx->buf, cctx->M))
+ if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx),
+ cctx->M))
rv = len;
}
}
@@ -1916,18 +3692,17 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
cctx->len_set = 0;
return rv;
}
-
}
-# define aes_ccm_cleanup NULL
+#define aes_ccm_cleanup NULL
BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
- EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS)
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
- EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS)
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
- EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS)
-#endif
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+
typedef struct {
union {
double align;
@@ -1940,20 +3715,22 @@ typedef struct {
static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
- EVP_AES_WRAP_CTX *wctx = ctx->cipher_data;
+ EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx);
if (!iv && !key)
return 1;
if (key) {
- if (ctx->encrypt)
- AES_set_encrypt_key(key, ctx->key_len * 8, &wctx->ks.ks);
+ if (EVP_CIPHER_CTX_encrypting(ctx))
+ AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &wctx->ks.ks);
else
- AES_set_decrypt_key(key, ctx->key_len * 8, &wctx->ks.ks);
+ AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &wctx->ks.ks);
if (!iv)
wctx->iv = NULL;
}
if (iv) {
- memcpy(ctx->iv, iv, 8);
- wctx->iv = ctx->iv;
+ memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, EVP_CIPHER_CTX_iv_length(ctx));
+ wctx->iv = EVP_CIPHER_CTX_iv_noconst(ctx);
}
return 1;
}
@@ -1961,28 +3738,59 @@ static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inlen)
{
- EVP_AES_WRAP_CTX *wctx = ctx->cipher_data;
+ EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx);
size_t rv;
+ /* AES wrap with padding has IV length of 4, without padding 8 */
+ int pad = EVP_CIPHER_CTX_iv_length(ctx) == 4;
+ /* No final operation so always return zero length */
if (!in)
return 0;
- if (inlen % 8)
+ /* Input length must always be non-zero */
+ if (!inlen)
return -1;
- if (ctx->encrypt && inlen < 8)
+ /* If decrypting need at least 16 bytes and multiple of 8 */
+ if (!EVP_CIPHER_CTX_encrypting(ctx) && (inlen < 16 || inlen & 0x7))
return -1;
- if (!ctx->encrypt && inlen < 16)
+ /* If not padding input must be multiple of 8 */
+ if (!pad && inlen & 0x7)
return -1;
+ if (is_partially_overlapping(out, in, inlen)) {
+ EVPerr(EVP_F_AES_WRAP_CIPHER, EVP_R_PARTIALLY_OVERLAPPING);
+ return 0;
+ }
if (!out) {
- if (ctx->encrypt)
+ if (EVP_CIPHER_CTX_encrypting(ctx)) {
+ /* If padding round up to multiple of 8 */
+ if (pad)
+ inlen = (inlen + 7) / 8 * 8;
+ /* 8 byte prefix */
return inlen + 8;
- else
+ } else {
+ /*
+ * If not padding output will be exactly 8 bytes smaller than
+ * input. If padding it will be at least 8 bytes smaller but we
+ * don't know how much.
+ */
return inlen - 8;
+ }
+ }
+ if (pad) {
+ if (EVP_CIPHER_CTX_encrypting(ctx))
+ rv = CRYPTO_128_wrap_pad(&wctx->ks.ks, wctx->iv,
+ out, in, inlen,
+ (block128_f) AES_encrypt);
+ else
+ rv = CRYPTO_128_unwrap_pad(&wctx->ks.ks, wctx->iv,
+ out, in, inlen,
+ (block128_f) AES_decrypt);
+ } else {
+ if (EVP_CIPHER_CTX_encrypting(ctx))
+ rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv,
+ out, in, inlen, (block128_f) AES_encrypt);
+ else
+ rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv,
+ out, in, inlen, (block128_f) AES_decrypt);
}
- if (ctx->encrypt)
- rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv, out, in, inlen,
- (block128_f) AES_encrypt);
- else
- rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv, out, in, inlen,
- (block128_f) AES_decrypt);
return rv ? (int)rv : -1;
}
@@ -2031,3 +3839,372 @@ const EVP_CIPHER *EVP_aes_256_wrap(void)
{
return &aes_256_wrap;
}
+
+static const EVP_CIPHER aes_128_wrap_pad = {
+ NID_id_aes128_wrap_pad,
+ 8, 16, 4, WRAP_FLAGS,
+ aes_wrap_init_key, aes_wrap_cipher,
+ NULL,
+ sizeof(EVP_AES_WRAP_CTX),
+ NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_128_wrap_pad(void)
+{
+ return &aes_128_wrap_pad;
+}
+
+static const EVP_CIPHER aes_192_wrap_pad = {
+ NID_id_aes192_wrap_pad,
+ 8, 24, 4, WRAP_FLAGS,
+ aes_wrap_init_key, aes_wrap_cipher,
+ NULL,
+ sizeof(EVP_AES_WRAP_CTX),
+ NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_192_wrap_pad(void)
+{
+ return &aes_192_wrap_pad;
+}
+
+static const EVP_CIPHER aes_256_wrap_pad = {
+ NID_id_aes256_wrap_pad,
+ 8, 32, 4, WRAP_FLAGS,
+ aes_wrap_init_key, aes_wrap_cipher,
+ NULL,
+ sizeof(EVP_AES_WRAP_CTX),
+ NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_256_wrap_pad(void)
+{
+ return &aes_256_wrap_pad;
+}
+
+#ifndef OPENSSL_NO_OCB
+static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+ EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c);
+ EVP_CIPHER_CTX *newc;
+ EVP_AES_OCB_CTX *new_octx;
+
+ switch (type) {
+ case EVP_CTRL_INIT:
+ octx->key_set = 0;
+ octx->iv_set = 0;
+ octx->ivlen = EVP_CIPHER_CTX_iv_length(c);
+ octx->iv = EVP_CIPHER_CTX_iv_noconst(c);
+ octx->taglen = 16;
+ octx->data_buf_len = 0;
+ octx->aad_buf_len = 0;
+ return 1;
+
+ case EVP_CTRL_AEAD_SET_IVLEN:
+ /* IV len must be 1 to 15 */
+ if (arg <= 0 || arg > 15)
+ return 0;
+
+ octx->ivlen = arg;
+ return 1;
+
+ case EVP_CTRL_AEAD_SET_TAG:
+ if (!ptr) {
+ /* Tag len must be 0 to 16 */
+ if (arg < 0 || arg > 16)
+ return 0;
+
+ octx->taglen = arg;
+ return 1;
+ }
+ if (arg != octx->taglen || EVP_CIPHER_CTX_encrypting(c))
+ return 0;
+ memcpy(octx->tag, ptr, arg);
+ return 1;
+
+ case EVP_CTRL_AEAD_GET_TAG:
+ if (arg != octx->taglen || !EVP_CIPHER_CTX_encrypting(c))
+ return 0;
+
+ memcpy(ptr, octx->tag, arg);
+ return 1;
+
+ case EVP_CTRL_COPY:
+ newc = (EVP_CIPHER_CTX *)ptr;
+ new_octx = EVP_C_DATA(EVP_AES_OCB_CTX,newc);
+ return CRYPTO_ocb128_copy_ctx(&new_octx->ocb, &octx->ocb,
+ &new_octx->ksenc.ks,
+ &new_octx->ksdec.ks);
+
+ default:
+ return -1;
+
+ }
+}
+
+# ifdef HWAES_CAPABLE
+# ifdef HWAES_ocb_encrypt
+void HWAES_ocb_encrypt(const unsigned char *in, unsigned char *out,
+ size_t blocks, const void *key,
+ size_t start_block_num,
+ unsigned char offset_i[16],
+ const unsigned char L_[][16],
+ unsigned char checksum[16]);
+# else
+# define HWAES_ocb_encrypt ((ocb128_f)NULL)
+# endif
+# ifdef HWAES_ocb_decrypt
+void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out,
+ size_t blocks, const void *key,
+ size_t start_block_num,
+ unsigned char offset_i[16],
+ const unsigned char L_[][16],
+ unsigned char checksum[16]);
+# else
+# define HWAES_ocb_decrypt ((ocb128_f)NULL)
+# endif
+# endif
+
+static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+ if (!iv && !key)
+ return 1;
+ if (key) {
+ do {
+ /*
+ * We set both the encrypt and decrypt key here because decrypt
+ * needs both. We could possibly optimise to remove setting the
+ * decrypt for an encryption operation.
+ */
+# ifdef HWAES_CAPABLE
+ if (HWAES_CAPABLE) {
+ HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &octx->ksenc.ks);
+ HWAES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &octx->ksdec.ks);
+ if (!CRYPTO_ocb128_init(&octx->ocb,
+ &octx->ksenc.ks, &octx->ksdec.ks,
+ (block128_f) HWAES_encrypt,
+ (block128_f) HWAES_decrypt,
+ enc ? HWAES_ocb_encrypt
+ : HWAES_ocb_decrypt))
+ return 0;
+ break;
+ }
+# endif
+# ifdef VPAES_CAPABLE
+ if (VPAES_CAPABLE) {
+ vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &octx->ksenc.ks);
+ vpaes_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &octx->ksdec.ks);
+ if (!CRYPTO_ocb128_init(&octx->ocb,
+ &octx->ksenc.ks, &octx->ksdec.ks,
+ (block128_f) vpaes_encrypt,
+ (block128_f) vpaes_decrypt,
+ NULL))
+ return 0;
+ break;
+ }
+# endif
+ AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &octx->ksenc.ks);
+ AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &octx->ksdec.ks);
+ if (!CRYPTO_ocb128_init(&octx->ocb,
+ &octx->ksenc.ks, &octx->ksdec.ks,
+ (block128_f) AES_encrypt,
+ (block128_f) AES_decrypt,
+ NULL))
+ return 0;
+ }
+ while (0);
+
+ /*
+ * If we have an iv we can set it directly, otherwise use saved IV.
+ */
+ if (iv == NULL && octx->iv_set)
+ iv = octx->iv;
+ if (iv) {
+ if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen)
+ != 1)
+ return 0;
+ octx->iv_set = 1;
+ }
+ octx->key_set = 1;
+ } else {
+ /* If key set use IV, otherwise copy */
+ if (octx->key_set)
+ CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen);
+ else
+ memcpy(octx->iv, iv, octx->ivlen);
+ octx->iv_set = 1;
+ }
+ return 1;
+}
+
+static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ unsigned char *buf;
+ int *buf_len;
+ int written_len = 0;
+ size_t trailing_len;
+ EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+
+ /* If IV or Key not set then return error */
+ if (!octx->iv_set)
+ return -1;
+
+ if (!octx->key_set)
+ return -1;
+
+ if (in != NULL) {
+ /*
+ * Need to ensure we are only passing full blocks to low level OCB
+ * routines. We do it here rather than in EVP_EncryptUpdate/
+ * EVP_DecryptUpdate because we need to pass full blocks of AAD too
+ * and those routines don't support that
+ */
+
+ /* Are we dealing with AAD or normal data here? */
+ if (out == NULL) {
+ buf = octx->aad_buf;
+ buf_len = &(octx->aad_buf_len);
+ } else {
+ buf = octx->data_buf;
+ buf_len = &(octx->data_buf_len);
+
+ if (is_partially_overlapping(out + *buf_len, in, len)) {
+ EVPerr(EVP_F_AES_OCB_CIPHER, EVP_R_PARTIALLY_OVERLAPPING);
+ return 0;
+ }
+ }
+
+ /*
+ * If we've got a partially filled buffer from a previous call then
+ * use that data first
+ */
+ if (*buf_len > 0) {
+ unsigned int remaining;
+
+ remaining = AES_BLOCK_SIZE - (*buf_len);
+ if (remaining > len) {
+ memcpy(buf + (*buf_len), in, len);
+ *(buf_len) += len;
+ return 0;
+ }
+ memcpy(buf + (*buf_len), in, remaining);
+
+ /*
+ * If we get here we've filled the buffer, so process it
+ */
+ len -= remaining;
+ in += remaining;
+ if (out == NULL) {
+ if (!CRYPTO_ocb128_aad(&octx->ocb, buf, AES_BLOCK_SIZE))
+ return -1;
+ } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
+ if (!CRYPTO_ocb128_encrypt(&octx->ocb, buf, out,
+ AES_BLOCK_SIZE))
+ return -1;
+ } else {
+ if (!CRYPTO_ocb128_decrypt(&octx->ocb, buf, out,
+ AES_BLOCK_SIZE))
+ return -1;
+ }
+ written_len = AES_BLOCK_SIZE;
+ *buf_len = 0;
+ if (out != NULL)
+ out += AES_BLOCK_SIZE;
+ }
+
+ /* Do we have a partial block to handle at the end? */
+ trailing_len = len % AES_BLOCK_SIZE;
+
+ /*
+ * If we've got some full blocks to handle, then process these first
+ */
+ if (len != trailing_len) {
+ if (out == NULL) {
+ if (!CRYPTO_ocb128_aad(&octx->ocb, in, len - trailing_len))
+ return -1;
+ } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
+ if (!CRYPTO_ocb128_encrypt
+ (&octx->ocb, in, out, len - trailing_len))
+ return -1;
+ } else {
+ if (!CRYPTO_ocb128_decrypt
+ (&octx->ocb, in, out, len - trailing_len))
+ return -1;
+ }
+ written_len += len - trailing_len;
+ in += len - trailing_len;
+ }
+
+ /* Handle any trailing partial block */
+ if (trailing_len > 0) {
+ memcpy(buf, in, trailing_len);
+ *buf_len = trailing_len;
+ }
+
+ return written_len;
+ } else {
+ /*
+ * First of all empty the buffer of any partial block that we might
+ * have been provided - both for data and AAD
+ */
+ if (octx->data_buf_len > 0) {
+ if (EVP_CIPHER_CTX_encrypting(ctx)) {
+ if (!CRYPTO_ocb128_encrypt(&octx->ocb, octx->data_buf, out,
+ octx->data_buf_len))
+ return -1;
+ } else {
+ if (!CRYPTO_ocb128_decrypt(&octx->ocb, octx->data_buf, out,
+ octx->data_buf_len))
+ return -1;
+ }
+ written_len = octx->data_buf_len;
+ octx->data_buf_len = 0;
+ }
+ if (octx->aad_buf_len > 0) {
+ if (!CRYPTO_ocb128_aad
+ (&octx->ocb, octx->aad_buf, octx->aad_buf_len))
+ return -1;
+ octx->aad_buf_len = 0;
+ }
+ /* If decrypting then verify */
+ if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+ if (octx->taglen < 0)
+ return -1;
+ if (CRYPTO_ocb128_finish(&octx->ocb,
+ octx->tag, octx->taglen) != 0)
+ return -1;
+ octx->iv_set = 0;
+ return written_len;
+ }
+ /* If encrypting then just get the tag */
+ if (CRYPTO_ocb128_tag(&octx->ocb, octx->tag, 16) != 1)
+ return -1;
+ /* Don't reuse the IV */
+ octx->iv_set = 0;
+ return written_len;
+ }
+}
+
+static int aes_ocb_cleanup(EVP_CIPHER_CTX *c)
+{
+ EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c);
+ CRYPTO_ocb128_cleanup(&octx->ocb);
+ return 1;
+}
+
+BLOCK_CIPHER_custom(NID_aes, 128, 16, 12, ocb, OCB,
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB,
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB,
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+#endif /* OPENSSL_NO_OCB */
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index b25fc6d541d4..09d24dc3d02a 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -1,50 +1,10 @@
-/* ====================================================================
- * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved.
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
@@ -52,31 +12,14 @@
#include <stdio.h>
#include <string.h>
-#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA1)
-
-# include <openssl/evp.h>
-# include <openssl/objects.h>
-# include <openssl/aes.h>
-# include <openssl/sha.h>
-# include <openssl/rand.h>
-# include "modes_lcl.h"
-# include "constant_time_locl.h"
-
-# ifndef EVP_CIPH_FLAG_AEAD_CIPHER
-# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
-# define EVP_CTRL_AEAD_TLS1_AAD 0x16
-# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17
-# endif
-
-# if !defined(EVP_CIPH_FLAG_DEFAULT_ASN1)
-# define EVP_CIPH_FLAG_DEFAULT_ASN1 0
-# endif
-
-# if !defined(EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)
-# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
-# endif
-
-# define TLS1_1_VERSION 0x0302
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/aes.h>
+#include <openssl/sha.h>
+#include <openssl/rand.h>
+#include "modes_lcl.h"
+#include "internal/evp_int.h"
+#include "internal/constant_time_locl.h"
typedef struct {
AES_KEY ks;
@@ -88,15 +31,14 @@ typedef struct {
} aux;
} EVP_AES_HMAC_SHA1;
-# define NO_PAYLOAD_LENGTH ((size_t)-1)
+#define NO_PAYLOAD_LENGTH ((size_t)-1)
-# if defined(AES_ASM) && ( \
+#if defined(AES_ASM) && ( \
defined(__x86_64) || defined(__x86_64__) || \
- defined(_M_AMD64) || defined(_M_X64) || \
- defined(__INTEL__) )
+ defined(_M_AMD64) || defined(_M_X64) )
extern unsigned int OPENSSL_ia32cap_P[];
-# define AESNI_CAPABLE (1<<(57-32))
+# define AESNI_CAPABLE (1<<(57-32))
int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
AES_KEY *key);
@@ -116,7 +58,7 @@ void aesni256_cbc_sha1_dec(const void *inp, void *out, size_t blocks,
const AES_KEY *key, unsigned char iv[16],
SHA_CTX *ctx, const void *in0);
-# define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data)
+# define data(ctx) ((EVP_AES_HMAC_SHA1 *)EVP_CIPHER_CTX_get_cipher_data(ctx))
static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *inkey,
@@ -126,9 +68,13 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
int ret;
if (enc)
- ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks);
+ ret = aesni_set_encrypt_key(inkey,
+ EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &key->ks);
else
- ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks);
+ ret = aesni_set_decrypt_key(inkey,
+ EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &key->ks);
SHA1_Init(&key->head); /* handy when benchmarking */
key->tail = key->head;
@@ -139,12 +85,12 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
return ret < 0 ? 0 : 1;
}
-# define STITCHED_CALL
-# undef STITCHED_DECRYPT_CALL
+# define STITCHED_CALL
+# undef STITCHED_DECRYPT_CALL
-# if !defined(STITCHED_CALL)
-# define aes_off 0
-# endif
+# if !defined(STITCHED_CALL)
+# define aes_off 0
+# endif
void sha1_block_data_order(void *c, const void *p, size_t len);
@@ -179,12 +125,12 @@ static void sha1_update(SHA_CTX *c, const void *data, size_t len)
SHA1_Update(c, ptr, res);
}
-# ifdef SHA1_Update
-# undef SHA1_Update
-# endif
-# define SHA1_Update sha1_update
+# ifdef SHA1_Update
+# undef SHA1_Update
+# endif
+# define SHA1_Update sha1_update
-# if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+# if !defined(OPENSSL_NO_MULTIBLOCK)
typedef struct {
unsigned int A[8], B[8], C[8], D[8], E[8];
@@ -223,9 +169,9 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
0;
size_t ret = 0;
u8 *IVs;
-# if defined(BSWAP8)
+# if defined(BSWAP8)
u64 seqnum;
-# endif
+# endif
/* ask for IVs in bulk */
if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
@@ -259,15 +205,15 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
IVs += 16;
}
-# if defined(BSWAP8)
+# if defined(BSWAP8)
memcpy(blocks[0].c, key->md.data, 8);
seqnum = BSWAP8(blocks[0].q[0]);
-# endif
+# endif
for (i = 0; i < x4; i++) {
unsigned int len = (i == (x4 - 1) ? last : frag);
-# if !defined(BSWAP8)
+# if !defined(BSWAP8)
unsigned int carry, j;
-# endif
+# endif
ctx->A[i] = key->md.h0;
ctx->B[i] = key->md.h1;
@@ -276,14 +222,14 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
ctx->E[i] = key->md.h4;
/* fix seqnum */
-# if defined(BSWAP8)
+# if defined(BSWAP8)
blocks[i].q[0] = BSWAP8(seqnum + i);
-# else
+# else
for (carry = i, j = 8; j--;) {
blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry;
carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1);
}
-# endif
+# endif
blocks[i].c[8] = ((u8 *)key->md.data)[8];
blocks[i].c[9] = ((u8 *)key->md.data)[9];
blocks[i].c[10] = ((u8 *)key->md.data)[10];
@@ -302,10 +248,10 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
/* hash 13-byte headers and first 64-13 bytes of inputs */
sha1_multi_block(ctx, edges, n4x);
/* hash bulk inputs */
-# define MAXCHUNKSIZE 2048
-# if MAXCHUNKSIZE%64
-# error "MAXCHUNKSIZE is not divisible by 64"
-# elif MAXCHUNKSIZE
+# define MAXCHUNKSIZE 2048
+# if MAXCHUNKSIZE%64
+# error "MAXCHUNKSIZE is not divisible by 64"
+# elif MAXCHUNKSIZE
/*
* goal is to minimize pressure on L1 cache by moving in shorter steps,
* so that hashed data is still in the cache by the time we encrypt it
@@ -334,8 +280,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
minblocks -= MAXCHUNKSIZE / 64;
} while (minblocks > MAXCHUNKSIZE / 64);
}
-# endif
-# undef MAXCHUNKSIZE
+# endif
+# undef MAXCHUNKSIZE
sha1_multi_block(ctx, hash_d, n4x);
memset(blocks, 0, sizeof(blocks));
@@ -350,18 +296,18 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
len += 64 + 13; /* 64 is HMAC header */
len *= 8; /* convert to bits */
if (off < (64 - 8)) {
-# ifdef BSWAP4
+# ifdef BSWAP4
blocks[i].d[15] = BSWAP4(len);
-# else
+# else
PUTU32(blocks[i].c + 60, len);
-# endif
+# endif
edges[i].blocks = 1;
} else {
-# ifdef BSWAP4
+# ifdef BSWAP4
blocks[i].d[31] = BSWAP4(len);
-# else
+# else
PUTU32(blocks[i].c + 124, len);
-# endif
+# endif
edges[i].blocks = 2;
}
edges[i].ptr = blocks[i].c;
@@ -372,7 +318,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
memset(blocks, 0, sizeof(blocks));
for (i = 0; i < x4; i++) {
-# ifdef BSWAP4
+# ifdef BSWAP4
blocks[i].d[0] = BSWAP4(ctx->A[i]);
ctx->A[i] = key->tail.h0;
blocks[i].d[1] = BSWAP4(ctx->B[i]);
@@ -385,7 +331,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
ctx->E[i] = key->tail.h4;
blocks[i].c[20] = 0x80;
blocks[i].d[15] = BSWAP4((64 + 20) * 8);
-# else
+# else
PUTU32(blocks[i].c + 0, ctx->A[i]);
ctx->A[i] = key->tail.h0;
PUTU32(blocks[i].c + 4, ctx->B[i]);
@@ -398,7 +344,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
ctx->E[i] = key->tail.h4;
blocks[i].c[20] = 0x80;
PUTU32(blocks[i].c + 60, (64 + 20) * 8);
-# endif
+# endif
edges[i].ptr = blocks[i].c;
edges[i].blocks = 1;
}
@@ -451,7 +397,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
return ret;
}
-# endif
+# endif
static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
@@ -461,18 +407,18 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and
* later */
sha_off = 0;
-# if defined(STITCHED_CALL)
+# if defined(STITCHED_CALL)
size_t aes_off = 0, blocks;
sha_off = SHA_CBLOCK - key->md.num;
-# endif
+# endif
key->payload_length = NO_PAYLOAD_LENGTH;
if (len % AES_BLOCK_SIZE)
return 0;
- if (ctx->encrypt) {
+ if (EVP_CIPHER_CTX_encrypting(ctx)) {
if (plen == NO_PAYLOAD_LENGTH)
plen = len;
else if (len !=
@@ -482,13 +428,14 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
else if (key->aux.tls_ver >= TLS1_1_VERSION)
iv = AES_BLOCK_SIZE;
-# if defined(STITCHED_CALL)
+# if defined(STITCHED_CALL)
if (plen > (sha_off + iv)
&& (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) {
SHA1_Update(&key->md, in + iv, sha_off);
aesni_cbc_sha1_enc(in, out, blocks, &key->ks,
- ctx->iv, &key->md, in + iv + sha_off);
+ EVP_CIPHER_CTX_iv_noconst(ctx),
+ &key->md, in + iv + sha_off);
blocks *= SHA_CBLOCK;
aes_off += blocks;
sha_off += blocks;
@@ -499,7 +446,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
} else {
sha_off = 0;
}
-# endif
+# endif
sha_off += iv;
SHA1_Update(&key->md, in + sha_off, plen - sha_off);
@@ -519,10 +466,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
out[plen] = l;
/* encrypt HMAC|padding at once */
aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,
- &key->ks, ctx->iv, 1);
+ &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
} else {
aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off,
- &key->ks, ctx->iv, 1);
+ &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
}
} else {
union {
@@ -541,10 +488,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
unsigned int u[SHA_LBLOCK];
unsigned char c[SHA_CBLOCK];
} *data = (void *)key->md.data;
-# if defined(STITCHED_DECRYPT_CALL)
+# if defined(STITCHED_DECRYPT_CALL)
unsigned char tail_iv[AES_BLOCK_SIZE];
int stitch = 0;
-# endif
+# endif
if ((key->aux.tls_aad[plen - 4] << 8 | key->aux.tls_aad[plen - 3])
>= TLS1_1_VERSION) {
@@ -552,14 +499,15 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
return 0;
/* omit explicit iv */
- memcpy(ctx->iv, in, AES_BLOCK_SIZE);
+ memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), in, AES_BLOCK_SIZE);
+
in += AES_BLOCK_SIZE;
out += AES_BLOCK_SIZE;
len -= AES_BLOCK_SIZE;
} else if (len < (SHA_DIGEST_LENGTH + 1))
return 0;
-# if defined(STITCHED_DECRYPT_CALL)
+# if defined(STITCHED_DECRYPT_CALL)
if (len >= 1024 && ctx->key_len == 32) {
/* decrypt last block */
memcpy(tail_iv, in + len - 2 * AES_BLOCK_SIZE,
@@ -569,9 +517,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
&key->ks, tail_iv, 0);
stitch = 1;
} else
-# endif
+# endif
/* decrypt HMAC|padding at once */
- aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0);
+ aesni_cbc_encrypt(in, out, len, &key->ks,
+ EVP_CIPHER_CTX_iv_noconst(ctx), 0);
/* figure out payload length */
pad = out[len - 1];
@@ -598,7 +547,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
key->md = key->head;
SHA1_Update(&key->md, key->aux.tls_aad, plen);
-# if defined(STITCHED_DECRYPT_CALL)
+# if defined(STITCHED_DECRYPT_CALL)
if (stitch) {
blocks = (len - (256 + 32 + SHA_CBLOCK)) / SHA_CBLOCK;
aes_off = len - AES_BLOCK_SIZE - blocks * SHA_CBLOCK;
@@ -619,9 +568,9 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
key->md.Nl += (blocks << 3); /* at most 18 bits */
memcpy(ctx->iv, tail_iv, AES_BLOCK_SIZE);
}
-# endif
+# endif
-# if 1
+# if 1 /* see original reference version in #else */
len -= SHA_DIGEST_LENGTH; /* amend mac */
if (len >= (256 + SHA_CBLOCK)) {
j = (len - (256 + SHA_CBLOCK)) & (0 - SHA_CBLOCK);
@@ -634,15 +583,15 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
/* but pretend as if we hashed padded payload */
bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */
-# ifdef BSWAP4
+# ifdef BSWAP4
bitlen = BSWAP4(bitlen);
-# else
+# else
mac.c[0] = 0;
mac.c[1] = (unsigned char)(bitlen >> 16);
mac.c[2] = (unsigned char)(bitlen >> 8);
mac.c[3] = (unsigned char)bitlen;
bitlen = mac.u[0];
-# endif
+# endif
pmac->u[0] = 0;
pmac->u[1] = 0;
@@ -699,13 +648,13 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
pmac->u[3] |= key->md.h3 & mask;
pmac->u[4] |= key->md.h4 & mask;
-# ifdef BSWAP4
+# ifdef BSWAP4
pmac->u[0] = BSWAP4(pmac->u[0]);
pmac->u[1] = BSWAP4(pmac->u[1]);
pmac->u[2] = BSWAP4(pmac->u[2]);
pmac->u[3] = BSWAP4(pmac->u[3]);
pmac->u[4] = BSWAP4(pmac->u[4]);
-# else
+# else
for (i = 0; i < 5; i++) {
res = pmac->u[i];
pmac->c[4 * i + 0] = (unsigned char)(res >> 24);
@@ -713,9 +662,9 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
pmac->c[4 * i + 2] = (unsigned char)(res >> 8);
pmac->c[4 * i + 3] = (unsigned char)res;
}
-# endif
+# endif
len += SHA_DIGEST_LENGTH;
-# else
+# else /* pre-lucky-13 reference version of above */
SHA1_Update(&key->md, out, inp_len);
res = key->md.num;
SHA1_Final(pmac->c, &key->md);
@@ -734,7 +683,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
for (; inp_blocks < pad_blocks; inp_blocks++)
sha1_block_data_order(&key->md, data, 1);
}
-# endif
+# endif
key->md = key->tail;
SHA1_Update(&key->md, pmac->c, SHA_DIGEST_LENGTH);
SHA1_Final(pmac->c, &key->md);
@@ -742,7 +691,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
/* verify HMAC */
out += inp_len;
len -= inp_len;
-# if 1
+# if 1 /* see original reference version in #else */
{
unsigned char *p = out + len - 1 - maxpad - SHA_DIGEST_LENGTH;
size_t off = out - p;
@@ -764,7 +713,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
ret &= (int)~res;
}
-# else
+# else /* pre-lucky-13 reference version of above */
for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++)
res |= out[i] ^ pmac->c[i];
res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
@@ -778,10 +727,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
res = (0 - res) >> (sizeof(res) * 8 - 1);
ret &= (int)~res;
-# endif
+# endif
return ret;
} else {
-# if defined(STITCHED_DECRYPT_CALL)
+# if defined(STITCHED_DECRYPT_CALL)
if (len >= 1024 && ctx->key_len == 32) {
if (sha_off %= SHA_CBLOCK)
blocks = (len - 3 * SHA_CBLOCK) / SHA_CBLOCK;
@@ -804,9 +753,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (key->md.Nl < (unsigned int)blocks)
key->md.Nh++;
} else
-# endif
+# endif
/* decrypt HMAC|padding at once */
- aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0);
+ aesni_cbc_encrypt(in, out, len, &key->ks,
+ EVP_CIPHER_CTX_iv_noconst(ctx), 0);
SHA1_Update(&key->md, out, len);
}
@@ -857,10 +807,10 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
if (arg != EVP_AEAD_TLS1_AAD_LEN)
return -1;
-
+
len = p[arg - 2] << 8 | p[arg - 1];
- if (ctx->encrypt) {
+ if (EVP_CIPHER_CTX_encrypting(ctx)) {
key->payload_length = len;
if ((key->aux.tls_ver =
p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
@@ -883,7 +833,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
return SHA_DIGEST_LENGTH;
}
}
-# if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+# if !defined(OPENSSL_NO_MULTIBLOCK)
case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE:
return (int)(5 + 16 + ((arg + 20 + 16) & -16));
case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD:
@@ -898,7 +848,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
inp_len = param->inp[11] << 8 | param->inp[12];
- if (ctx->encrypt) {
+ if (EVP_CIPHER_CTX_encrypting(ctx)) {
if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION)
return -1;
@@ -946,19 +896,19 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
param->interleave / 4);
}
case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT:
-# endif
+# endif
default:
return -1;
}
}
static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = {
-# ifdef NID_aes_128_cbc_hmac_sha1
+# ifdef NID_aes_128_cbc_hmac_sha1
NID_aes_128_cbc_hmac_sha1,
-# else
+# else
NID_undef,
-# endif
- 16, 16, 16,
+# endif
+ AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE,
EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
aesni_cbc_hmac_sha1_init_key,
@@ -972,12 +922,12 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = {
};
static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = {
-# ifdef NID_aes_256_cbc_hmac_sha1
+# ifdef NID_aes_256_cbc_hmac_sha1
NID_aes_256_cbc_hmac_sha1,
-# else
+# else
NID_undef,
-# endif
- 16, 32, 16,
+# endif
+ AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE,
EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
aesni_cbc_hmac_sha1_init_key,
@@ -1001,7 +951,7 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void)
return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ?
&aesni_256_cbc_hmac_sha1_cipher : NULL);
}
-# else
+#else
const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void)
{
return NULL;
@@ -1011,5 +961,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void)
{
return NULL;
}
-# endif
#endif
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index 9a8a2ad7787c..caac0c9d3da2 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -1,50 +1,10 @@
-/* ====================================================================
- * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved.
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
@@ -52,31 +12,15 @@
#include <stdio.h>
#include <string.h>
-#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA256)
-
-# include <openssl/evp.h>
-# include <openssl/objects.h>
-# include <openssl/aes.h>
-# include <openssl/sha.h>
-# include <openssl/rand.h>
-# include "modes_lcl.h"
-# include "constant_time_locl.h"
-# ifndef EVP_CIPH_FLAG_AEAD_CIPHER
-# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
-# define EVP_CTRL_AEAD_TLS1_AAD 0x16
-# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17
-# endif
-
-# if !defined(EVP_CIPH_FLAG_DEFAULT_ASN1)
-# define EVP_CIPH_FLAG_DEFAULT_ASN1 0
-# endif
-
-# if !defined(EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)
-# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
-# endif
-
-# define TLS1_1_VERSION 0x0302
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/aes.h>
+#include <openssl/sha.h>
+#include <openssl/rand.h>
+#include "modes_lcl.h"
+#include "internal/constant_time_locl.h"
+#include "internal/evp_int.h"
typedef struct {
AES_KEY ks;
@@ -90,13 +34,12 @@ typedef struct {
# define NO_PAYLOAD_LENGTH ((size_t)-1)
-# if defined(AES_ASM) && ( \
+#if defined(AES_ASM) && ( \
defined(__x86_64) || defined(__x86_64__) || \
- defined(_M_AMD64) || defined(_M_X64) || \
- defined(__INTEL__) )
+ defined(_M_AMD64) || defined(_M_X64) )
extern unsigned int OPENSSL_ia32cap_P[];
-# define AESNI_CAPABLE (1<<(57-32))
+# define AESNI_CAPABLE (1<<(57-32))
int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
AES_KEY *key);
@@ -112,7 +55,7 @@ int aesni_cbc_sha256_enc(const void *inp, void *out, size_t blocks,
const AES_KEY *key, unsigned char iv[16],
SHA256_CTX *ctx, const void *in0);
-# define data(ctx) ((EVP_AES_HMAC_SHA256 *)(ctx)->cipher_data)
+# define data(ctx) ((EVP_AES_HMAC_SHA256 *)EVP_CIPHER_CTX_get_cipher_data(ctx))
static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *inkey,
@@ -122,10 +65,13 @@ static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx,
int ret;
if (enc)
- memset(&key->ks, 0, sizeof(key->ks.rd_key)),
- ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks);
+ ret = aesni_set_encrypt_key(inkey,
+ EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &key->ks);
else
- ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks);
+ ret = aesni_set_decrypt_key(inkey,
+ EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &key->ks);
SHA256_Init(&key->head); /* handy when benchmarking */
key->tail = key->head;
@@ -136,11 +82,11 @@ static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx,
return ret < 0 ? 0 : 1;
}
-# define STITCHED_CALL
+# define STITCHED_CALL
-# if !defined(STITCHED_CALL)
-# define aes_off 0
-# endif
+# if !defined(STITCHED_CALL)
+# define aes_off 0
+# endif
void sha256_block_data_order(void *c, const void *p, size_t len);
@@ -175,12 +121,12 @@ static void sha256_update(SHA256_CTX *c, const void *data, size_t len)
SHA256_Update(c, ptr, res);
}
-# ifdef SHA256_Update
-# undef SHA256_Update
-# endif
-# define SHA256_Update sha256_update
+# ifdef SHA256_Update
+# undef SHA256_Update
+# endif
+# define SHA256_Update sha256_update
-# if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+# if !defined(OPENSSL_NO_MULTIBLOCK)
typedef struct {
unsigned int A[8], B[8], C[8], D[8], E[8], F[8], G[8], H[8];
@@ -219,9 +165,9 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
0;
size_t ret = 0;
u8 *IVs;
-# if defined(BSWAP8)
+# if defined(BSWAP8)
u64 seqnum;
-# endif
+# endif
/* ask for IVs in bulk */
if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
@@ -256,15 +202,15 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
IVs += 16;
}
-# if defined(BSWAP8)
+# if defined(BSWAP8)
memcpy(blocks[0].c, key->md.data, 8);
seqnum = BSWAP8(blocks[0].q[0]);
-# endif
+# endif
for (i = 0; i < x4; i++) {
unsigned int len = (i == (x4 - 1) ? last : frag);
-# if !defined(BSWAP8)
+# if !defined(BSWAP8)
unsigned int carry, j;
-# endif
+# endif
ctx->A[i] = key->md.h[0];
ctx->B[i] = key->md.h[1];
@@ -276,14 +222,14 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
ctx->H[i] = key->md.h[7];
/* fix seqnum */
-# if defined(BSWAP8)
+# if defined(BSWAP8)
blocks[i].q[0] = BSWAP8(seqnum + i);
-# else
+# else
for (carry = i, j = 8; j--;) {
blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry;
carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1);
}
-# endif
+# endif
blocks[i].c[8] = ((u8 *)key->md.data)[8];
blocks[i].c[9] = ((u8 *)key->md.data)[9];
blocks[i].c[10] = ((u8 *)key->md.data)[10];
@@ -302,10 +248,10 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
/* hash 13-byte headers and first 64-13 bytes of inputs */
sha256_multi_block(ctx, edges, n4x);
/* hash bulk inputs */
-# define MAXCHUNKSIZE 2048
-# if MAXCHUNKSIZE%64
-# error "MAXCHUNKSIZE is not divisible by 64"
-# elif MAXCHUNKSIZE
+# define MAXCHUNKSIZE 2048
+# if MAXCHUNKSIZE%64
+# error "MAXCHUNKSIZE is not divisible by 64"
+# elif MAXCHUNKSIZE
/*
* goal is to minimize pressure on L1 cache by moving in shorter steps,
* so that hashed data is still in the cache by the time we encrypt it
@@ -334,8 +280,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
minblocks -= MAXCHUNKSIZE / 64;
} while (minblocks > MAXCHUNKSIZE / 64);
}
-# endif
-# undef MAXCHUNKSIZE
+# endif
+# undef MAXCHUNKSIZE
sha256_multi_block(ctx, hash_d, n4x);
memset(blocks, 0, sizeof(blocks));
@@ -350,18 +296,18 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
len += 64 + 13; /* 64 is HMAC header */
len *= 8; /* convert to bits */
if (off < (64 - 8)) {
-# ifdef BSWAP4
+# ifdef BSWAP4
blocks[i].d[15] = BSWAP4(len);
-# else
+# else
PUTU32(blocks[i].c + 60, len);
-# endif
+# endif
edges[i].blocks = 1;
} else {
-# ifdef BSWAP4
+# ifdef BSWAP4
blocks[i].d[31] = BSWAP4(len);
-# else
+# else
PUTU32(blocks[i].c + 124, len);
-# endif
+# endif
edges[i].blocks = 2;
}
edges[i].ptr = blocks[i].c;
@@ -372,7 +318,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
memset(blocks, 0, sizeof(blocks));
for (i = 0; i < x4; i++) {
-# ifdef BSWAP4
+# ifdef BSWAP4
blocks[i].d[0] = BSWAP4(ctx->A[i]);
ctx->A[i] = key->tail.h[0];
blocks[i].d[1] = BSWAP4(ctx->B[i]);
@@ -391,7 +337,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
ctx->H[i] = key->tail.h[7];
blocks[i].c[32] = 0x80;
blocks[i].d[15] = BSWAP4((64 + 32) * 8);
-# else
+# else
PUTU32(blocks[i].c + 0, ctx->A[i]);
ctx->A[i] = key->tail.h[0];
PUTU32(blocks[i].c + 4, ctx->B[i]);
@@ -410,7 +356,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
ctx->H[i] = key->tail.h[7];
blocks[i].c[32] = 0x80;
PUTU32(blocks[i].c + 60, (64 + 32) * 8);
-# endif
+# endif
edges[i].ptr = blocks[i].c;
edges[i].blocks = 1;
}
@@ -466,7 +412,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
return ret;
}
-# endif
+# endif
static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
unsigned char *out,
@@ -477,18 +423,18 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and
* later */
sha_off = 0;
-# if defined(STITCHED_CALL)
+# if defined(STITCHED_CALL)
size_t aes_off = 0, blocks;
sha_off = SHA256_CBLOCK - key->md.num;
-# endif
+# endif
key->payload_length = NO_PAYLOAD_LENGTH;
if (len % AES_BLOCK_SIZE)
return 0;
- if (ctx->encrypt) {
+ if (EVP_CIPHER_CTX_encrypting(ctx)) {
if (plen == NO_PAYLOAD_LENGTH)
plen = len;
else if (len !=
@@ -498,7 +444,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
else if (key->aux.tls_ver >= TLS1_1_VERSION)
iv = AES_BLOCK_SIZE;
-# if defined(STITCHED_CALL)
+# if defined(STITCHED_CALL)
/*
* Assembly stitch handles AVX-capable processors, but its
* performance is not optimal on AMD Jaguar, ~40% worse, for
@@ -518,7 +464,8 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
SHA256_Update(&key->md, in + iv, sha_off);
(void)aesni_cbc_sha256_enc(in, out, blocks, &key->ks,
- ctx->iv, &key->md, in + iv + sha_off);
+ EVP_CIPHER_CTX_iv_noconst(ctx),
+ &key->md, in + iv + sha_off);
blocks *= SHA256_CBLOCK;
aes_off += blocks;
sha_off += blocks;
@@ -529,7 +476,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
} else {
sha_off = 0;
}
-# endif
+# endif
sha_off += iv;
SHA256_Update(&key->md, in + sha_off, plen - sha_off);
@@ -549,10 +496,10 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
out[plen] = l;
/* encrypt HMAC|padding at once */
aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,
- &key->ks, ctx->iv, 1);
+ &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
} else {
aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off,
- &key->ks, ctx->iv, 1);
+ &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
}
} else {
union {
@@ -564,7 +511,8 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
pmac = (void *)(((size_t)mac.c + 63) & ((size_t)0 - 64));
/* decrypt HMAC|padding at once */
- aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0);
+ aesni_cbc_encrypt(in, out, len, &key->ks,
+ EVP_CIPHER_CTX_iv_noconst(ctx), 0);
if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
size_t inp_len, mask, j, i;
@@ -611,7 +559,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
key->md = key->head;
SHA256_Update(&key->md, key->aux.tls_aad, plen);
-# if 1
+# if 1 /* see original reference version in #else */
len -= SHA256_DIGEST_LENGTH; /* amend mac */
if (len >= (256 + SHA256_CBLOCK)) {
j = (len - (256 + SHA256_CBLOCK)) & (0 - SHA256_CBLOCK);
@@ -624,15 +572,15 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
/* but pretend as if we hashed padded payload */
bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */
-# ifdef BSWAP4
+# ifdef BSWAP4
bitlen = BSWAP4(bitlen);
-# else
+# else
mac.c[0] = 0;
mac.c[1] = (unsigned char)(bitlen >> 16);
mac.c[2] = (unsigned char)(bitlen >> 8);
mac.c[3] = (unsigned char)bitlen;
bitlen = mac.u[0];
-# endif
+# endif
pmac->u[0] = 0;
pmac->u[1] = 0;
@@ -701,7 +649,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
pmac->u[6] |= key->md.h[6] & mask;
pmac->u[7] |= key->md.h[7] & mask;
-# ifdef BSWAP4
+# ifdef BSWAP4
pmac->u[0] = BSWAP4(pmac->u[0]);
pmac->u[1] = BSWAP4(pmac->u[1]);
pmac->u[2] = BSWAP4(pmac->u[2]);
@@ -710,7 +658,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
pmac->u[5] = BSWAP4(pmac->u[5]);
pmac->u[6] = BSWAP4(pmac->u[6]);
pmac->u[7] = BSWAP4(pmac->u[7]);
-# else
+# else
for (i = 0; i < 8; i++) {
res = pmac->u[i];
pmac->c[4 * i + 0] = (unsigned char)(res >> 24);
@@ -718,9 +666,9 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
pmac->c[4 * i + 2] = (unsigned char)(res >> 8);
pmac->c[4 * i + 3] = (unsigned char)res;
}
-# endif
+# endif
len += SHA256_DIGEST_LENGTH;
-# else
+# else
SHA256_Update(&key->md, out, inp_len);
res = key->md.num;
SHA256_Final(pmac->c, &key->md);
@@ -739,7 +687,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
for (; inp_blocks < pad_blocks; inp_blocks++)
sha1_block_data_order(&key->md, data, 1);
}
-# endif
+# endif /* pre-lucky-13 reference version of above */
key->md = key->tail;
SHA256_Update(&key->md, pmac->c, SHA256_DIGEST_LENGTH);
SHA256_Final(pmac->c, &key->md);
@@ -747,7 +695,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
/* verify HMAC */
out += inp_len;
len -= inp_len;
-# if 1
+# if 1 /* see original reference version in #else */
{
unsigned char *p =
out + len - 1 - maxpad - SHA256_DIGEST_LENGTH;
@@ -770,7 +718,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
ret &= (int)~res;
}
-# else
+# else /* pre-lucky-13 reference version of above */
for (res = 0, i = 0; i < SHA256_DIGEST_LENGTH; i++)
res |= out[i] ^ pmac->c[i];
res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
@@ -784,7 +732,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
res = (0 - res) >> (sizeof(res) * 8 - 1);
ret &= (int)~res;
-# endif
+# endif
return ret;
} else {
SHA256_Update(&key->md, out, len);
@@ -798,6 +746,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
void *ptr)
{
EVP_AES_HMAC_SHA256 *key = data(ctx);
+ unsigned int u_arg = (unsigned int)arg;
switch (type) {
case EVP_CTRL_AEAD_SET_MAC_KEY:
@@ -807,7 +756,10 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
memset(hmac_key, 0, sizeof(hmac_key));
- if (arg > (int)sizeof(hmac_key)) {
+ if (arg < 0)
+ return -1;
+
+ if (u_arg > sizeof(hmac_key)) {
SHA256_Init(&key->head);
SHA256_Update(&key->head, ptr, arg);
SHA256_Final(hmac_key, &key->head);
@@ -839,7 +791,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
len = p[arg - 2] << 8 | p[arg - 1];
- if (ctx->encrypt) {
+ if (EVP_CIPHER_CTX_encrypting(ctx)) {
key->payload_length = len;
if ((key->aux.tls_ver =
p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
@@ -862,7 +814,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
return SHA256_DIGEST_LENGTH;
}
}
-# if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+# if !defined(OPENSSL_NO_MULTIBLOCK)
case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE:
return (int)(5 + 16 + ((arg + 32 + 16) & -16));
case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD:
@@ -872,12 +824,15 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
unsigned int n4x = 1, x4;
unsigned int frag, last, packlen, inp_len;
- if (arg < (int)sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM))
+ if (arg < 0)
+ return -1;
+
+ if (u_arg < sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM))
return -1;
inp_len = param->inp[11] << 8 | param->inp[12];
- if (ctx->encrypt) {
+ if (EVP_CIPHER_CTX_encrypting(ctx)) {
if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION)
return -1;
@@ -925,19 +880,19 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
param->interleave / 4);
}
case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT:
-# endif
+# endif
default:
return -1;
}
}
static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = {
-# ifdef NID_aes_128_cbc_hmac_sha256
+# ifdef NID_aes_128_cbc_hmac_sha256
NID_aes_128_cbc_hmac_sha256,
-# else
+# else
NID_undef,
-# endif
- 16, 16, 16,
+# endif
+ AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE,
EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
aesni_cbc_hmac_sha256_init_key,
@@ -951,12 +906,12 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = {
};
static EVP_CIPHER aesni_256_cbc_hmac_sha256_cipher = {
-# ifdef NID_aes_256_cbc_hmac_sha256
+# ifdef NID_aes_256_cbc_hmac_sha256
NID_aes_256_cbc_hmac_sha256,
-# else
+# else
NID_undef,
-# endif
- 16, 32, 16,
+# endif
+ AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE,
EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
aesni_cbc_hmac_sha256_init_key,
@@ -982,7 +937,7 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void)
aesni_cbc_sha256_enc(NULL, NULL, 0, NULL, NULL, NULL, NULL) ?
&aesni_256_cbc_hmac_sha256_cipher : NULL);
}
-# else
+#else
const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void)
{
return NULL;
@@ -992,5 +947,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void)
{
return NULL;
}
-# endif
#endif
diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c
new file mode 100644
index 000000000000..81c8a7eaf1d3
--- /dev/null
+++ b/crypto/evp/e_aria.c
@@ -0,0 +1,756 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#ifndef OPENSSL_NO_ARIA
+# include <openssl/evp.h>
+# include <openssl/modes.h>
+# include <openssl/rand.h>
+# include <openssl/rand_drbg.h>
+# include "internal/aria.h"
+# include "internal/evp_int.h"
+# include "modes_lcl.h"
+# include "evp_locl.h"
+
+/* ARIA subkey Structure */
+typedef struct {
+ ARIA_KEY ks;
+} EVP_ARIA_KEY;
+
+/* ARIA GCM context */
+typedef struct {
+ union {
+ double align;
+ ARIA_KEY ks;
+ } ks; /* ARIA subkey to use */
+ int key_set; /* Set if key initialised */
+ int iv_set; /* Set if an iv is set */
+ GCM128_CONTEXT gcm;
+ unsigned char *iv; /* Temporary IV store */
+ int ivlen; /* IV length */
+ int taglen;
+ int iv_gen; /* It is OK to generate IVs */
+ int tls_aad_len; /* TLS AAD length */
+} EVP_ARIA_GCM_CTX;
+
+/* ARIA CCM context */
+typedef struct {
+ union {
+ double align;
+ ARIA_KEY ks;
+ } ks; /* ARIA key schedule to use */
+ int key_set; /* Set if key initialised */
+ int iv_set; /* Set if an iv is set */
+ int tag_set; /* Set if tag is valid */
+ int len_set; /* Set if message length set */
+ int L, M; /* L and M parameters from RFC3610 */
+ int tls_aad_len; /* TLS AAD length */
+ CCM128_CONTEXT ccm;
+ ccm128_f str;
+} EVP_ARIA_CCM_CTX;
+
+/* The subkey for ARIA is generated. */
+static int aria_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ int ret;
+ int mode = EVP_CIPHER_CTX_mode(ctx);
+
+ if (enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE))
+ ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ EVP_CIPHER_CTX_get_cipher_data(ctx));
+ else
+ ret = aria_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ EVP_CIPHER_CTX_get_cipher_data(ctx));
+ if (ret < 0) {
+ EVPerr(EVP_F_ARIA_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED);
+ return 0;
+ }
+ return 1;
+}
+
+static void aria_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const ARIA_KEY *key,
+ unsigned char *ivec, const int enc)
+{
+
+ if (enc)
+ CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
+ (block128_f) aria_encrypt);
+ else
+ CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
+ (block128_f) aria_encrypt);
+}
+
+static void aria_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const ARIA_KEY *key,
+ unsigned char *ivec, int *num, const int enc)
+{
+
+ CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
+ (block128_f) aria_encrypt);
+}
+
+static void aria_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const ARIA_KEY *key,
+ unsigned char *ivec, int *num, const int enc)
+{
+ CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
+ (block128_f) aria_encrypt);
+}
+
+static void aria_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const ARIA_KEY *key,
+ unsigned char *ivec, int *num, const int enc)
+{
+ CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
+ (block128_f) aria_encrypt);
+}
+
+static void aria_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const ARIA_KEY *key, const int enc)
+{
+ aria_encrypt(in, out, key);
+}
+
+static void aria_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const ARIA_KEY *key,
+ unsigned char *ivec, int *num)
+{
+ CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
+ (block128_f) aria_encrypt);
+}
+
+IMPLEMENT_BLOCK_CIPHER(aria_128, ks, aria, EVP_ARIA_KEY,
+ NID_aria_128, 16, 16, 16, 128,
+ 0, aria_init_key, NULL,
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL)
+IMPLEMENT_BLOCK_CIPHER(aria_192, ks, aria, EVP_ARIA_KEY,
+ NID_aria_192, 16, 24, 16, 128,
+ 0, aria_init_key, NULL,
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL)
+IMPLEMENT_BLOCK_CIPHER(aria_256, ks, aria, EVP_ARIA_KEY,
+ NID_aria_256, 16, 32, 16, 128,
+ 0, aria_init_key, NULL,
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL)
+
+# define IMPLEMENT_ARIA_CFBR(ksize,cbits) \
+ IMPLEMENT_CFBR(aria,aria,EVP_ARIA_KEY,ks,ksize,cbits,16,0)
+IMPLEMENT_ARIA_CFBR(128,1)
+IMPLEMENT_ARIA_CFBR(192,1)
+IMPLEMENT_ARIA_CFBR(256,1)
+IMPLEMENT_ARIA_CFBR(128,8)
+IMPLEMENT_ARIA_CFBR(192,8)
+IMPLEMENT_ARIA_CFBR(256,8)
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER aria_##keylen##_##mode = { \
+ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+ flags|EVP_CIPH_##MODE##_MODE, \
+ aria_init_key, \
+ aria_##mode##_cipher, \
+ NULL, \
+ sizeof(EVP_ARIA_KEY), \
+ NULL,NULL,NULL,NULL }; \
+const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \
+{ return &aria_##keylen##_##mode; }
+
+static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ unsigned int num = EVP_CIPHER_CTX_num(ctx);
+ EVP_ARIA_KEY *dat = EVP_C_DATA(EVP_ARIA_KEY,ctx);
+
+ CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
+ EVP_CIPHER_CTX_iv_noconst(ctx),
+ EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+ (block128_f) aria_encrypt);
+ EVP_CIPHER_CTX_set_num(ctx, num);
+ return 1;
+}
+
+BLOCK_CIPHER_generic(NID_aria, 128, 1, 16, ctr, ctr, CTR, 0)
+BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0)
+BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0)
+
+/* Authenticated cipher modes (GCM/CCM) */
+
+/* increment counter (64-bit int) by 1 */
+static void ctr64_inc(unsigned char *counter)
+{
+ int n = 8;
+ unsigned char c;
+
+ do {
+ --n;
+ c = counter[n];
+ ++c;
+ counter[n] = c;
+ if (c)
+ return;
+ } while (n);
+}
+
+static int aria_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ int ret;
+ EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx);
+
+ if (!iv && !key)
+ return 1;
+ if (key) {
+ ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &gctx->ks.ks);
+ CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+ (block128_f) aria_encrypt);
+ if (ret < 0) {
+ EVPerr(EVP_F_ARIA_GCM_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED);
+ return 0;
+ }
+
+ /*
+ * If we have an iv can set it directly, otherwise use saved IV.
+ */
+ if (iv == NULL && gctx->iv_set)
+ iv = gctx->iv;
+ if (iv) {
+ CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+ gctx->iv_set = 1;
+ }
+ gctx->key_set = 1;
+ } else {
+ /* If key set use IV, otherwise copy */
+ if (gctx->key_set)
+ CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+ else
+ memcpy(gctx->iv, iv, gctx->ivlen);
+ gctx->iv_set = 1;
+ gctx->iv_gen = 0;
+ }
+ return 1;
+}
+
+static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+ EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,c);
+
+ switch (type) {
+ case EVP_CTRL_INIT:
+ gctx->key_set = 0;
+ gctx->iv_set = 0;
+ gctx->ivlen = EVP_CIPHER_CTX_iv_length(c);
+ gctx->iv = EVP_CIPHER_CTX_iv_noconst(c);
+ gctx->taglen = -1;
+ gctx->iv_gen = 0;
+ gctx->tls_aad_len = -1;
+ return 1;
+
+ case EVP_CTRL_AEAD_SET_IVLEN:
+ if (arg <= 0)
+ return 0;
+ /* Allocate memory for IV if needed */
+ if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
+ if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
+ OPENSSL_free(gctx->iv);
+ if ((gctx->iv = OPENSSL_malloc(arg)) == NULL) {
+ EVPerr(EVP_F_ARIA_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
+ gctx->ivlen = arg;
+ return 1;
+
+ case EVP_CTRL_AEAD_SET_TAG:
+ if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_encrypting(c))
+ return 0;
+ memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+ gctx->taglen = arg;
+ return 1;
+
+ case EVP_CTRL_AEAD_GET_TAG:
+ if (arg <= 0 || arg > 16 || !EVP_CIPHER_CTX_encrypting(c)
+ || gctx->taglen < 0)
+ return 0;
+ memcpy(ptr, EVP_CIPHER_CTX_buf_noconst(c), arg);
+ return 1;
+
+ case EVP_CTRL_GCM_SET_IV_FIXED:
+ /* Special case: -1 length restores whole IV */
+ if (arg == -1) {
+ memcpy(gctx->iv, ptr, gctx->ivlen);
+ gctx->iv_gen = 1;
+ return 1;
+ }
+ /*
+ * Fixed field must be at least 4 bytes and invocation field at least
+ * 8.
+ */
+ if ((arg < 4) || (gctx->ivlen - arg) < 8)
+ return 0;
+ if (arg)
+ memcpy(gctx->iv, ptr, arg);
+ if (EVP_CIPHER_CTX_encrypting(c)
+ && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
+ return 0;
+ gctx->iv_gen = 1;
+ return 1;
+
+ case EVP_CTRL_GCM_IV_GEN:
+ if (gctx->iv_gen == 0 || gctx->key_set == 0)
+ return 0;
+ CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
+ if (arg <= 0 || arg > gctx->ivlen)
+ arg = gctx->ivlen;
+ memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
+ /*
+ * Invocation field will be at least 8 bytes in size and so no need
+ * to check wrap around or increment more than last 8 bytes.
+ */
+ ctr64_inc(gctx->iv + gctx->ivlen - 8);
+ gctx->iv_set = 1;
+ return 1;
+
+ case EVP_CTRL_GCM_SET_IV_INV:
+ if (gctx->iv_gen == 0 || gctx->key_set == 0
+ || EVP_CIPHER_CTX_encrypting(c))
+ return 0;
+ memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
+ CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
+ gctx->iv_set = 1;
+ return 1;
+
+ case EVP_CTRL_AEAD_TLS1_AAD:
+ /* Save the AAD for later use */
+ if (arg != EVP_AEAD_TLS1_AAD_LEN)
+ return 0;
+ memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+ gctx->tls_aad_len = arg;
+ {
+ unsigned int len =
+ EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
+ | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
+ /* Correct length for explicit IV */
+ if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
+ return 0;
+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+ /* If decrypting correct for tag too */
+ if (!EVP_CIPHER_CTX_encrypting(c)) {
+ if (len < EVP_GCM_TLS_TAG_LEN)
+ return 0;
+ len -= EVP_GCM_TLS_TAG_LEN;
+ }
+ EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
+ EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
+ }
+ /* Extra padding: tag appended to record */
+ return EVP_GCM_TLS_TAG_LEN;
+
+ case EVP_CTRL_COPY:
+ {
+ EVP_CIPHER_CTX *out = ptr;
+ EVP_ARIA_GCM_CTX *gctx_out = EVP_C_DATA(EVP_ARIA_GCM_CTX,out);
+ if (gctx->gcm.key) {
+ if (gctx->gcm.key != &gctx->ks)
+ return 0;
+ gctx_out->gcm.key = &gctx_out->ks;
+ }
+ if (gctx->iv == EVP_CIPHER_CTX_iv_noconst(c))
+ gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out);
+ else {
+ if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) {
+ EVPerr(EVP_F_ARIA_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
+ }
+ return 1;
+ }
+
+ default:
+ return -1;
+
+ }
+}
+
+static int aria_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx);
+ int rv = -1;
+
+ /* Encrypt/decrypt must be performed in place */
+ if (out != in
+ || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
+ return -1;
+ /*
+ * Set IV from start of buffer or generate IV and write to start of
+ * buffer.
+ */
+ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_encrypting(ctx) ?
+ EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
+ EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
+ goto err;
+ /* Use saved AAD */
+ if (CRYPTO_gcm128_aad(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx),
+ gctx->tls_aad_len))
+ goto err;
+ /* Fix buffer and length to point to payload */
+ in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+ out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+ if (EVP_CIPHER_CTX_encrypting(ctx)) {
+ /* Encrypt payload */
+ if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
+ goto err;
+ out += len;
+ /* Finally write tag */
+ CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
+ rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+ } else {
+ /* Decrypt */
+ if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
+ goto err;
+ /* Retrieve tag */
+ CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx),
+ EVP_GCM_TLS_TAG_LEN);
+ /* If tag mismatch wipe buffer */
+ if (CRYPTO_memcmp(EVP_CIPHER_CTX_buf_noconst(ctx), in + len,
+ EVP_GCM_TLS_TAG_LEN)) {
+ OPENSSL_cleanse(out, len);
+ goto err;
+ }
+ rv = len;
+ }
+
+ err:
+ gctx->iv_set = 0;
+ gctx->tls_aad_len = -1;
+ return rv;
+}
+
+static int aria_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx);
+
+ /* If not set up, return error */
+ if (!gctx->key_set)
+ return -1;
+
+ if (gctx->tls_aad_len >= 0)
+ return aria_gcm_tls_cipher(ctx, out, in, len);
+
+ if (!gctx->iv_set)
+ return -1;
+ if (in) {
+ if (out == NULL) {
+ if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
+ return -1;
+ } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
+ if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
+ return -1;
+ } else {
+ if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
+ return -1;
+ }
+ return len;
+ }
+ if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+ if (gctx->taglen < 0)
+ return -1;
+ if (CRYPTO_gcm128_finish(&gctx->gcm,
+ EVP_CIPHER_CTX_buf_noconst(ctx),
+ gctx->taglen) != 0)
+ return -1;
+ gctx->iv_set = 0;
+ return 0;
+ }
+ CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), 16);
+ gctx->taglen = 16;
+ /* Don't reuse the IV */
+ gctx->iv_set = 0;
+ return 0;
+}
+
+static int aria_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ int ret;
+ EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx);
+
+ if (!iv && !key)
+ return 1;
+
+ if (key) {
+ ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+ &cctx->ks.ks);
+ CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+ &cctx->ks, (block128_f) aria_encrypt);
+ if (ret < 0) {
+ EVPerr(EVP_F_ARIA_CCM_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED);
+ return 0;
+ }
+ cctx->str = NULL;
+ cctx->key_set = 1;
+ }
+ if (iv) {
+ memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+ cctx->iv_set = 1;
+ }
+ return 1;
+}
+
+static int aria_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+ EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,c);
+
+ switch (type) {
+ case EVP_CTRL_INIT:
+ cctx->key_set = 0;
+ cctx->iv_set = 0;
+ cctx->L = 8;
+ cctx->M = 12;
+ cctx->tag_set = 0;
+ cctx->len_set = 0;
+ cctx->tls_aad_len = -1;
+ return 1;
+
+ case EVP_CTRL_AEAD_TLS1_AAD:
+ /* Save the AAD for later use */
+ if (arg != EVP_AEAD_TLS1_AAD_LEN)
+ return 0;
+ memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+ cctx->tls_aad_len = arg;
+ {
+ uint16_t len =
+ EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
+ | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
+ /* Correct length for explicit IV */
+ if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
+ return 0;
+ len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+ /* If decrypting correct for tag too */
+ if (!EVP_CIPHER_CTX_encrypting(c)) {
+ if (len < cctx->M)
+ return 0;
+ len -= cctx->M;
+ }
+ EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
+ EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
+ }
+ /* Extra padding: tag appended to record */
+ return cctx->M;
+
+ case EVP_CTRL_CCM_SET_IV_FIXED:
+ /* Sanity check length */
+ if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
+ return 0;
+ /* Just copy to first part of IV */
+ memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg);
+ return 1;
+
+ case EVP_CTRL_AEAD_SET_IVLEN:
+ arg = 15 - arg;
+ /* fall thru */
+ case EVP_CTRL_CCM_SET_L:
+ if (arg < 2 || arg > 8)
+ return 0;
+ cctx->L = arg;
+ return 1;
+ case EVP_CTRL_AEAD_SET_TAG:
+ if ((arg & 1) || arg < 4 || arg > 16)
+ return 0;
+ if (EVP_CIPHER_CTX_encrypting(c) && ptr)
+ return 0;
+ if (ptr) {
+ cctx->tag_set = 1;
+ memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+ }
+ cctx->M = arg;
+ return 1;
+
+ case EVP_CTRL_AEAD_GET_TAG:
+ if (!EVP_CIPHER_CTX_encrypting(c) || !cctx->tag_set)
+ return 0;
+ if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
+ return 0;
+ cctx->tag_set = 0;
+ cctx->iv_set = 0;
+ cctx->len_set = 0;
+ return 1;
+
+ case EVP_CTRL_COPY:
+ {
+ EVP_CIPHER_CTX *out = ptr;
+ EVP_ARIA_CCM_CTX *cctx_out = EVP_C_DATA(EVP_ARIA_CCM_CTX,out);
+ if (cctx->ccm.key) {
+ if (cctx->ccm.key != &cctx->ks)
+ return 0;
+ cctx_out->ccm.key = &cctx_out->ks;
+ }
+ return 1;
+ }
+
+ default:
+ return -1;
+ }
+}
+
+static int aria_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx);
+ CCM128_CONTEXT *ccm = &cctx->ccm;
+
+ /* Encrypt/decrypt must be performed in place */
+ if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M))
+ return -1;
+ /* If encrypting set explicit IV from sequence number (start of AAD) */
+ if (EVP_CIPHER_CTX_encrypting(ctx))
+ memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx),
+ EVP_CCM_TLS_EXPLICIT_IV_LEN);
+ /* Get rest of IV from explicit IV */
+ memcpy(EVP_CIPHER_CTX_iv_noconst(ctx) + EVP_CCM_TLS_FIXED_IV_LEN, in,
+ EVP_CCM_TLS_EXPLICIT_IV_LEN);
+ /* Correct length value */
+ len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+ if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L,
+ len))
+ return -1;
+ /* Use saved AAD */
+ CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->tls_aad_len);
+ /* Fix buffer to point to payload */
+ in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+ out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+ if (EVP_CIPHER_CTX_encrypting(ctx)) {
+ if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str)
+ : CRYPTO_ccm128_encrypt(ccm, in, out, len))
+ return -1;
+ if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M))
+ return -1;
+ return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+ } else {
+ if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, cctx->str)
+ : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
+ unsigned char tag[16];
+ if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
+ if (!CRYPTO_memcmp(tag, in + len, cctx->M))
+ return len;
+ }
+ }
+ OPENSSL_cleanse(out, len);
+ return -1;
+ }
+}
+
+static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx);
+ CCM128_CONTEXT *ccm = &cctx->ccm;
+
+ /* If not set up, return error */
+ if (!cctx->key_set)
+ return -1;
+
+ if (cctx->tls_aad_len >= 0)
+ return aria_ccm_tls_cipher(ctx, out, in, len);
+
+ /* EVP_*Final() doesn't return any data */
+ if (in == NULL && out != NULL)
+ return 0;
+
+ if (!cctx->iv_set)
+ return -1;
+
+ if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
+ return -1;
+ if (!out) {
+ if (!in) {
+ if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+ 15 - cctx->L, len))
+ return -1;
+ cctx->len_set = 1;
+ return len;
+ }
+ /* If have AAD need message length */
+ if (!cctx->len_set && len)
+ return -1;
+ CRYPTO_ccm128_aad(ccm, in, len);
+ return len;
+ }
+ /* If not set length yet do it */
+ if (!cctx->len_set) {
+ if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+ 15 - cctx->L, len))
+ return -1;
+ cctx->len_set = 1;
+ }
+ if (EVP_CIPHER_CTX_encrypting(ctx)) {
+ if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str)
+ : CRYPTO_ccm128_encrypt(ccm, in, out, len))
+ return -1;
+ cctx->tag_set = 1;
+ return len;
+ } else {
+ int rv = -1;
+ if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
+ cctx->str) :
+ !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
+ unsigned char tag[16];
+ if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
+ if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx),
+ cctx->M))
+ rv = len;
+ }
+ }
+ if (rv == -1)
+ OPENSSL_cleanse(out, len);
+ cctx->iv_set = 0;
+ cctx->tag_set = 0;
+ cctx->len_set = 0;
+ return rv;
+ }
+}
+
+#define ARIA_AUTH_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \
+ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
+ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
+ | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_AEAD_CIPHER)
+
+#define BLOCK_CIPHER_aead(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER aria_##keylen##_##mode = { \
+ nid##_##keylen##_##nmode, \
+ blocksize, keylen/8, ivlen, \
+ ARIA_AUTH_FLAGS|EVP_CIPH_##MODE##_MODE, \
+ aria_##mode##_init_key, \
+ aria_##mode##_cipher, \
+ NULL, \
+ sizeof(EVP_ARIA_##MODE##_CTX), \
+ NULL,NULL,aria_##mode##_ctrl,NULL }; \
+const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \
+{ return (EVP_CIPHER*)&aria_##keylen##_##mode; }
+
+BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, gcm, gcm, GCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, gcm, gcm, GCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, gcm, gcm, GCM, 0)
+
+BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, ccm, ccm, CCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, ccm, ccm, CCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, ccm, ccm, CCM, 0)
+
+#endif
diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c
index d6a017826e96..dc386905c5cb 100644
--- a/crypto/evp/e_bf.c
+++ b/crypto/evp/e_bf.c
@@ -1,66 +1,17 @@
-/* crypto/evp/e_bf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#ifndef OPENSSL_NO_BF
# include <openssl/evp.h>
-# include "evp_locl.h"
+# include "internal/evp_int.h"
# include <openssl/objects.h>
# include <openssl/blowfish.h>
diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c
index 996aed2a676b..2df4a6e3e011 100644
--- a/crypto/evp/e_camellia.c
+++ b/crypto/evp/e_camellia.c
@@ -1,66 +1,23 @@
-/* crypto/evp/e_camellia.c */
-/* ====================================================================
- * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
*
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_CAMELLIA
+#ifdef OPENSSL_NO_CAMELLIA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
# include <openssl/evp.h>
# include <openssl/err.h>
# include <string.h>
# include <assert.h>
# include <openssl/camellia.h>
-# include "evp_locl.h"
+# include "internal/evp_int.h"
# include "modes_lcl.h"
static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -119,10 +76,11 @@ static int cmll_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
int ret, mode, bits;
- EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data;
+ EVP_CAMELLIA_KEY *dat =
+ (EVP_CAMELLIA_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx);
- mode = ctx->cipher->flags & EVP_CIPH_MODE;
- bits = ctx->key_len * 8;
+ mode = EVP_CIPHER_CTX_mode(ctx);
+ bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
cmll_t4_set_key(key, bits, &dat->ks);
@@ -248,24 +206,23 @@ const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \
BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \
- BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags)
-# if 0 /* not yet, missing NID */
-BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
-# endif
+ BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \
+ BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
+
/* The subkey for Camellia is generated. */
static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
int ret, mode;
- EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data;
+ EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
- ret = Camellia_set_key(key, ctx->key_len * 8, &dat->ks);
+ ret = Camellia_set_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, &dat->ks);
if (ret < 0) {
EVPerr(EVP_F_CAMELLIA_INIT_KEY, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
return 0;
}
- mode = ctx->cipher->flags & EVP_CIPH_MODE;
+ mode = EVP_CIPHER_CTX_mode(ctx);
if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
&& !enc) {
dat->block = (block128_f) Camellia_decrypt;
@@ -283,14 +240,18 @@ static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
- EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data;
+ EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
if (dat->stream.cbc)
- (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, ctx->encrypt);
- else if (ctx->encrypt)
- CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, dat->block);
+ (*dat->stream.cbc) (in, out, len, &dat->ks,
+ EVP_CIPHER_CTX_iv_noconst(ctx),
+ EVP_CIPHER_CTX_encrypting(ctx));
+ else if (EVP_CIPHER_CTX_encrypting(ctx))
+ CRYPTO_cbc128_encrypt(in, out, len, &dat->ks,
+ EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
else
- CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, dat->block);
+ CRYPTO_cbc128_decrypt(in, out, len, &dat->ks,
+ EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
return 1;
}
@@ -298,9 +259,9 @@ static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
- size_t bl = ctx->cipher->block_size;
+ size_t bl = EVP_CIPHER_CTX_block_size(ctx);
size_t i;
- EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data;
+ EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
if (len < bl)
return 1;
@@ -314,83 +275,92 @@ static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static int camellia_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
- EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data;
+ EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+ int num = EVP_CIPHER_CTX_num(ctx);
CRYPTO_ofb128_encrypt(in, out, len, &dat->ks,
- ctx->iv, &ctx->num, dat->block);
+ EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block);
+ EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
static int camellia_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
- EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data;
+ EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+ int num = EVP_CIPHER_CTX_num(ctx);
CRYPTO_cfb128_encrypt(in, out, len, &dat->ks,
- ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+ EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+ EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
static int camellia_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
- EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data;
+ EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+ int num = EVP_CIPHER_CTX_num(ctx);
CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks,
- ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+ EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+ EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
- EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data;
+ EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
- if (ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) {
+ if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
+ int num = EVP_CIPHER_CTX_num(ctx);
CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks,
- ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+ EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+ EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
while (len >= MAXBITCHUNK) {
+ int num = EVP_CIPHER_CTX_num(ctx);
CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
- ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+ EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+ EVP_CIPHER_CTX_set_num(ctx, num);
len -= MAXBITCHUNK;
out += MAXBITCHUNK;
in += MAXBITCHUNK;
}
- if (len)
+ if (len) {
+ int num = EVP_CIPHER_CTX_num(ctx);
CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
- ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+ EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+ EVP_CIPHER_CTX_set_num(ctx, num);
+ }
return 1;
}
-# if 0 /* not yet, missing NID */
static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
- unsigned int num = ctx->num;
- EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data;
+ unsigned int num = EVP_CIPHER_CTX_num(ctx);
+ EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
if (dat->stream.ctr)
CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
- ctx->iv, ctx->buf, &num, dat->stream.ctr);
+ EVP_CIPHER_CTX_iv_noconst(ctx),
+ EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+ dat->stream.ctr);
else
CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
- ctx->iv, ctx->buf, &num, dat->block);
- ctx->num = (size_t)num;
+ EVP_CIPHER_CTX_iv_noconst(ctx),
+ EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+ dat->block);
+ EVP_CIPHER_CTX_set_num(ctx, num);
return 1;
}
-# endif
BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0)
BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)
-#else
-
-# ifdef PEDANTIC
-static void *dummy = &dummy;
-# endif
-
#endif
diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c
index 3f7454856957..259d44059b20 100644
--- a/crypto/evp/e_cast.c
+++ b/crypto/evp/e_cast.c
@@ -1,68 +1,19 @@
-/* crypto/evp/e_cast.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#ifndef OPENSSL_NO_CAST
# include <openssl/evp.h>
# include <openssl/objects.h>
-# include "evp_locl.h"
+# include "internal/evp_int.h"
# include <openssl/cast.h>
static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
new file mode 100644
index 000000000000..c1917bb86a6b
--- /dev/null
+++ b/crypto/evp/e_chacha20_poly1305.c
@@ -0,0 +1,630 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_CHACHA
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "evp_locl.h"
+# include "internal/evp_int.h"
+# include "internal/chacha.h"
+
+typedef struct {
+ union {
+ double align; /* this ensures even sizeof(EVP_CHACHA_KEY)%8==0 */
+ unsigned int d[CHACHA_KEY_SIZE / 4];
+ } key;
+ unsigned int counter[CHACHA_CTR_SIZE / 4];
+ unsigned char buf[CHACHA_BLK_SIZE];
+ unsigned int partial_len;
+} EVP_CHACHA_KEY;
+
+#define data(ctx) ((EVP_CHACHA_KEY *)(ctx)->cipher_data)
+
+static int chacha_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char user_key[CHACHA_KEY_SIZE],
+ const unsigned char iv[CHACHA_CTR_SIZE], int enc)
+{
+ EVP_CHACHA_KEY *key = data(ctx);
+ unsigned int i;
+
+ if (user_key)
+ for (i = 0; i < CHACHA_KEY_SIZE; i+=4) {
+ key->key.d[i/4] = CHACHA_U8TOU32(user_key+i);
+ }
+
+ if (iv)
+ for (i = 0; i < CHACHA_CTR_SIZE; i+=4) {
+ key->counter[i/4] = CHACHA_U8TOU32(iv+i);
+ }
+
+ key->partial_len = 0;
+
+ return 1;
+}
+
+static int chacha_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
+ const unsigned char *inp, size_t len)
+{
+ EVP_CHACHA_KEY *key = data(ctx);
+ unsigned int n, rem, ctr32;
+
+ if ((n = key->partial_len)) {
+ while (len && n < CHACHA_BLK_SIZE) {
+ *out++ = *inp++ ^ key->buf[n++];
+ len--;
+ }
+ key->partial_len = n;
+
+ if (len == 0)
+ return 1;
+
+ if (n == CHACHA_BLK_SIZE) {
+ key->partial_len = 0;
+ key->counter[0]++;
+ if (key->counter[0] == 0)
+ key->counter[1]++;
+ }
+ }
+
+ rem = (unsigned int)(len % CHACHA_BLK_SIZE);
+ len -= rem;
+ ctr32 = key->counter[0];
+ while (len >= CHACHA_BLK_SIZE) {
+ size_t blocks = len / CHACHA_BLK_SIZE;
+ /*
+ * 1<<28 is just a not-so-small yet not-so-large number...
+ * Below condition is practically never met, but it has to
+ * be checked for code correctness.
+ */
+ if (sizeof(size_t)>sizeof(unsigned int) && blocks>(1U<<28))
+ blocks = (1U<<28);
+
+ /*
+ * As ChaCha20_ctr32 operates on 32-bit counter, caller
+ * has to handle overflow. 'if' below detects the
+ * overflow, which is then handled by limiting the
+ * amount of blocks to the exact overflow point...
+ */
+ ctr32 += (unsigned int)blocks;
+ if (ctr32 < blocks) {
+ blocks -= ctr32;
+ ctr32 = 0;
+ }
+ blocks *= CHACHA_BLK_SIZE;
+ ChaCha20_ctr32(out, inp, blocks, key->key.d, key->counter);
+ len -= blocks;
+ inp += blocks;
+ out += blocks;
+
+ key->counter[0] = ctr32;
+ if (ctr32 == 0) key->counter[1]++;
+ }
+
+ if (rem) {
+ memset(key->buf, 0, sizeof(key->buf));
+ ChaCha20_ctr32(key->buf, key->buf, CHACHA_BLK_SIZE,
+ key->key.d, key->counter);
+ for (n = 0; n < rem; n++)
+ out[n] = inp[n] ^ key->buf[n];
+ key->partial_len = rem;
+ }
+
+ return 1;
+}
+
+static const EVP_CIPHER chacha20 = {
+ NID_chacha20,
+ 1, /* block_size */
+ CHACHA_KEY_SIZE, /* key_len */
+ CHACHA_CTR_SIZE, /* iv_len, 128-bit counter in the context */
+ EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT,
+ chacha_init_key,
+ chacha_cipher,
+ NULL,
+ sizeof(EVP_CHACHA_KEY),
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+
+const EVP_CIPHER *EVP_chacha20(void)
+{
+ return &chacha20;
+}
+
+# ifndef OPENSSL_NO_POLY1305
+# include "internal/poly1305.h"
+
+typedef struct {
+ EVP_CHACHA_KEY key;
+ unsigned int nonce[12/4];
+ unsigned char tag[POLY1305_BLOCK_SIZE];
+ unsigned char tls_aad[POLY1305_BLOCK_SIZE];
+ struct { uint64_t aad, text; } len;
+ int aad, mac_inited, tag_len, nonce_len;
+ size_t tls_payload_length;
+} EVP_CHACHA_AEAD_CTX;
+
+# define NO_TLS_PAYLOAD_LENGTH ((size_t)-1)
+# define aead_data(ctx) ((EVP_CHACHA_AEAD_CTX *)(ctx)->cipher_data)
+# define POLY1305_ctx(actx) ((POLY1305 *)(actx + 1))
+
+static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char *inkey,
+ const unsigned char *iv, int enc)
+{
+ EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+
+ if (!inkey && !iv)
+ return 1;
+
+ actx->len.aad = 0;
+ actx->len.text = 0;
+ actx->aad = 0;
+ actx->mac_inited = 0;
+ actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+
+ if (iv != NULL) {
+ unsigned char temp[CHACHA_CTR_SIZE] = { 0 };
+
+ /* pad on the left */
+ if (actx->nonce_len <= CHACHA_CTR_SIZE)
+ memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv,
+ actx->nonce_len);
+
+ chacha_init_key(ctx, inkey, temp, enc);
+
+ actx->nonce[0] = actx->key.counter[1];
+ actx->nonce[1] = actx->key.counter[2];
+ actx->nonce[2] = actx->key.counter[3];
+ } else {
+ chacha_init_key(ctx, inkey, NULL, enc);
+ }
+
+ return 1;
+}
+
+# if !defined(OPENSSL_SMALL_FOOTPRINT)
+
+# if defined(POLY1305_ASM) && (defined(__x86_64) || defined(__x86_64__) || \
+ defined(_M_AMD64) || defined(_M_X64))
+# define XOR128_HELPERS
+void *xor128_encrypt_n_pad(void *out, const void *inp, void *otp, size_t len);
+void *xor128_decrypt_n_pad(void *out, const void *inp, void *otp, size_t len);
+static const unsigned char zero[4 * CHACHA_BLK_SIZE] = { 0 };
+# else
+static const unsigned char zero[2 * CHACHA_BLK_SIZE] = { 0 };
+# endif
+
+static int chacha20_poly1305_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+ size_t tail, tohash_len, buf_len, plen = actx->tls_payload_length;
+ unsigned char *buf, *tohash, *ctr, storage[sizeof(zero) + 32];
+
+ if (len != plen + POLY1305_BLOCK_SIZE)
+ return -1;
+
+ buf = storage + ((0 - (size_t)storage) & 15); /* align */
+ ctr = buf + CHACHA_BLK_SIZE;
+ tohash = buf + CHACHA_BLK_SIZE - POLY1305_BLOCK_SIZE;
+
+# ifdef XOR128_HELPERS
+ if (plen <= 3 * CHACHA_BLK_SIZE) {
+ actx->key.counter[0] = 0;
+ buf_len = (plen + 2 * CHACHA_BLK_SIZE - 1) & (0 - CHACHA_BLK_SIZE);
+ ChaCha20_ctr32(buf, zero, buf_len, actx->key.key.d,
+ actx->key.counter);
+ Poly1305_Init(POLY1305_ctx(actx), buf);
+ actx->key.partial_len = 0;
+ memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE);
+ tohash_len = POLY1305_BLOCK_SIZE;
+ actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
+ actx->len.text = plen;
+
+ if (plen) {
+ if (ctx->encrypt)
+ ctr = xor128_encrypt_n_pad(out, in, ctr, plen);
+ else
+ ctr = xor128_decrypt_n_pad(out, in, ctr, plen);
+
+ in += plen;
+ out += plen;
+ tohash_len = (size_t)(ctr - tohash);
+ }
+ }
+# else
+ if (plen <= CHACHA_BLK_SIZE) {
+ size_t i;
+
+ actx->key.counter[0] = 0;
+ ChaCha20_ctr32(buf, zero, (buf_len = 2 * CHACHA_BLK_SIZE),
+ actx->key.key.d, actx->key.counter);
+ Poly1305_Init(POLY1305_ctx(actx), buf);
+ actx->key.partial_len = 0;
+ memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE);
+ tohash_len = POLY1305_BLOCK_SIZE;
+ actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
+ actx->len.text = plen;
+
+ if (ctx->encrypt) {
+ for (i = 0; i < plen; i++) {
+ out[i] = ctr[i] ^= in[i];
+ }
+ } else {
+ for (i = 0; i < plen; i++) {
+ unsigned char c = in[i];
+ out[i] = ctr[i] ^ c;
+ ctr[i] = c;
+ }
+ }
+
+ in += i;
+ out += i;
+
+ tail = (0 - i) & (POLY1305_BLOCK_SIZE - 1);
+ memset(ctr + i, 0, tail);
+ ctr += i + tail;
+ tohash_len += i + tail;
+ }
+# endif
+ else {
+ actx->key.counter[0] = 0;
+ ChaCha20_ctr32(buf, zero, (buf_len = CHACHA_BLK_SIZE),
+ actx->key.key.d, actx->key.counter);
+ Poly1305_Init(POLY1305_ctx(actx), buf);
+ actx->key.counter[0] = 1;
+ actx->key.partial_len = 0;
+ Poly1305_Update(POLY1305_ctx(actx), actx->tls_aad, POLY1305_BLOCK_SIZE);
+ tohash = ctr;
+ tohash_len = 0;
+ actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
+ actx->len.text = plen;
+
+ if (ctx->encrypt) {
+ ChaCha20_ctr32(out, in, plen, actx->key.key.d, actx->key.counter);
+ Poly1305_Update(POLY1305_ctx(actx), out, plen);
+ } else {
+ Poly1305_Update(POLY1305_ctx(actx), in, plen);
+ ChaCha20_ctr32(out, in, plen, actx->key.key.d, actx->key.counter);
+ }
+
+ in += plen;
+ out += plen;
+ tail = (0 - plen) & (POLY1305_BLOCK_SIZE - 1);
+ Poly1305_Update(POLY1305_ctx(actx), zero, tail);
+ }
+
+ {
+ const union {
+ long one;
+ char little;
+ } is_endian = { 1 };
+
+ if (is_endian.little) {
+ memcpy(ctr, (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE);
+ } else {
+ ctr[0] = (unsigned char)(actx->len.aad);
+ ctr[1] = (unsigned char)(actx->len.aad>>8);
+ ctr[2] = (unsigned char)(actx->len.aad>>16);
+ ctr[3] = (unsigned char)(actx->len.aad>>24);
+ ctr[4] = (unsigned char)(actx->len.aad>>32);
+ ctr[5] = (unsigned char)(actx->len.aad>>40);
+ ctr[6] = (unsigned char)(actx->len.aad>>48);
+ ctr[7] = (unsigned char)(actx->len.aad>>56);
+
+ ctr[8] = (unsigned char)(actx->len.text);
+ ctr[9] = (unsigned char)(actx->len.text>>8);
+ ctr[10] = (unsigned char)(actx->len.text>>16);
+ ctr[11] = (unsigned char)(actx->len.text>>24);
+ ctr[12] = (unsigned char)(actx->len.text>>32);
+ ctr[13] = (unsigned char)(actx->len.text>>40);
+ ctr[14] = (unsigned char)(actx->len.text>>48);
+ ctr[15] = (unsigned char)(actx->len.text>>56);
+ }
+ tohash_len += POLY1305_BLOCK_SIZE;
+ }
+
+ Poly1305_Update(POLY1305_ctx(actx), tohash, tohash_len);
+ OPENSSL_cleanse(buf, buf_len);
+ Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag
+ : tohash);
+
+ actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+
+ if (ctx->encrypt) {
+ memcpy(out, actx->tag, POLY1305_BLOCK_SIZE);
+ } else {
+ if (CRYPTO_memcmp(tohash, in, POLY1305_BLOCK_SIZE)) {
+ memset(out - (len - POLY1305_BLOCK_SIZE), 0,
+ len - POLY1305_BLOCK_SIZE);
+ return -1;
+ }
+ }
+
+ return len;
+}
+# else
+static const unsigned char zero[CHACHA_BLK_SIZE] = { 0 };
+# endif
+
+static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+ size_t rem, plen = actx->tls_payload_length;
+
+ if (!actx->mac_inited) {
+# if !defined(OPENSSL_SMALL_FOOTPRINT)
+ if (plen != NO_TLS_PAYLOAD_LENGTH && out != NULL)
+ return chacha20_poly1305_tls_cipher(ctx, out, in, len);
+# endif
+ actx->key.counter[0] = 0;
+ ChaCha20_ctr32(actx->key.buf, zero, CHACHA_BLK_SIZE,
+ actx->key.key.d, actx->key.counter);
+ Poly1305_Init(POLY1305_ctx(actx), actx->key.buf);
+ actx->key.counter[0] = 1;
+ actx->key.partial_len = 0;
+ actx->len.aad = actx->len.text = 0;
+ actx->mac_inited = 1;
+ if (plen != NO_TLS_PAYLOAD_LENGTH) {
+ Poly1305_Update(POLY1305_ctx(actx), actx->tls_aad,
+ EVP_AEAD_TLS1_AAD_LEN);
+ actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
+ actx->aad = 1;
+ }
+ }
+
+ if (in) { /* aad or text */
+ if (out == NULL) { /* aad */
+ Poly1305_Update(POLY1305_ctx(actx), in, len);
+ actx->len.aad += len;
+ actx->aad = 1;
+ return len;
+ } else { /* plain- or ciphertext */
+ if (actx->aad) { /* wrap up aad */
+ if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
+ Poly1305_Update(POLY1305_ctx(actx), zero,
+ POLY1305_BLOCK_SIZE - rem);
+ actx->aad = 0;
+ }
+
+ actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+ if (plen == NO_TLS_PAYLOAD_LENGTH)
+ plen = len;
+ else if (len != plen + POLY1305_BLOCK_SIZE)
+ return -1;
+
+ if (ctx->encrypt) { /* plaintext */
+ chacha_cipher(ctx, out, in, plen);
+ Poly1305_Update(POLY1305_ctx(actx), out, plen);
+ in += plen;
+ out += plen;
+ actx->len.text += plen;
+ } else { /* ciphertext */
+ Poly1305_Update(POLY1305_ctx(actx), in, plen);
+ chacha_cipher(ctx, out, in, plen);
+ in += plen;
+ out += plen;
+ actx->len.text += plen;
+ }
+ }
+ }
+ if (in == NULL /* explicit final */
+ || plen != len) { /* or tls mode */
+ const union {
+ long one;
+ char little;
+ } is_endian = { 1 };
+ unsigned char temp[POLY1305_BLOCK_SIZE];
+
+ if (actx->aad) { /* wrap up aad */
+ if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
+ Poly1305_Update(POLY1305_ctx(actx), zero,
+ POLY1305_BLOCK_SIZE - rem);
+ actx->aad = 0;
+ }
+
+ if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE))
+ Poly1305_Update(POLY1305_ctx(actx), zero,
+ POLY1305_BLOCK_SIZE - rem);
+
+ if (is_endian.little) {
+ Poly1305_Update(POLY1305_ctx(actx),
+ (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE);
+ } else {
+ temp[0] = (unsigned char)(actx->len.aad);
+ temp[1] = (unsigned char)(actx->len.aad>>8);
+ temp[2] = (unsigned char)(actx->len.aad>>16);
+ temp[3] = (unsigned char)(actx->len.aad>>24);
+ temp[4] = (unsigned char)(actx->len.aad>>32);
+ temp[5] = (unsigned char)(actx->len.aad>>40);
+ temp[6] = (unsigned char)(actx->len.aad>>48);
+ temp[7] = (unsigned char)(actx->len.aad>>56);
+
+ temp[8] = (unsigned char)(actx->len.text);
+ temp[9] = (unsigned char)(actx->len.text>>8);
+ temp[10] = (unsigned char)(actx->len.text>>16);
+ temp[11] = (unsigned char)(actx->len.text>>24);
+ temp[12] = (unsigned char)(actx->len.text>>32);
+ temp[13] = (unsigned char)(actx->len.text>>40);
+ temp[14] = (unsigned char)(actx->len.text>>48);
+ temp[15] = (unsigned char)(actx->len.text>>56);
+
+ Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE);
+ }
+ Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag
+ : temp);
+ actx->mac_inited = 0;
+
+ if (in != NULL && len != plen) { /* tls mode */
+ if (ctx->encrypt) {
+ memcpy(out, actx->tag, POLY1305_BLOCK_SIZE);
+ } else {
+ if (CRYPTO_memcmp(temp, in, POLY1305_BLOCK_SIZE)) {
+ memset(out - plen, 0, plen);
+ return -1;
+ }
+ }
+ }
+ else if (!ctx->encrypt) {
+ if (CRYPTO_memcmp(temp, actx->tag, actx->tag_len))
+ return -1;
+ }
+ }
+ return len;
+}
+
+static int chacha20_poly1305_cleanup(EVP_CIPHER_CTX *ctx)
+{
+ EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+ if (actx)
+ OPENSSL_cleanse(ctx->cipher_data, sizeof(*actx) + Poly1305_ctx_size());
+ return 1;
+}
+
+static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+ void *ptr)
+{
+ EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+
+ switch(type) {
+ case EVP_CTRL_INIT:
+ if (actx == NULL)
+ actx = ctx->cipher_data
+ = OPENSSL_zalloc(sizeof(*actx) + Poly1305_ctx_size());
+ if (actx == NULL) {
+ EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_INITIALIZATION_ERROR);
+ return 0;
+ }
+ actx->len.aad = 0;
+ actx->len.text = 0;
+ actx->aad = 0;
+ actx->mac_inited = 0;
+ actx->tag_len = 0;
+ actx->nonce_len = 12;
+ actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+ memset(actx->tls_aad, 0, POLY1305_BLOCK_SIZE);
+ return 1;
+
+ case EVP_CTRL_COPY:
+ if (actx) {
+ EVP_CIPHER_CTX *dst = (EVP_CIPHER_CTX *)ptr;
+
+ dst->cipher_data =
+ OPENSSL_memdup(actx, sizeof(*actx) + Poly1305_ctx_size());
+ if (dst->cipher_data == NULL) {
+ EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_COPY_ERROR);
+ return 0;
+ }
+ }
+ return 1;
+
+ case EVP_CTRL_AEAD_SET_IVLEN:
+ if (arg <= 0 || arg > CHACHA_CTR_SIZE)
+ return 0;
+ actx->nonce_len = arg;
+ return 1;
+
+ case EVP_CTRL_AEAD_SET_IV_FIXED:
+ if (arg != 12)
+ return 0;
+ actx->nonce[0] = actx->key.counter[1]
+ = CHACHA_U8TOU32((unsigned char *)ptr);
+ actx->nonce[1] = actx->key.counter[2]
+ = CHACHA_U8TOU32((unsigned char *)ptr+4);
+ actx->nonce[2] = actx->key.counter[3]
+ = CHACHA_U8TOU32((unsigned char *)ptr+8);
+ return 1;
+
+ case EVP_CTRL_AEAD_SET_TAG:
+ if (arg <= 0 || arg > POLY1305_BLOCK_SIZE)
+ return 0;
+ if (ptr != NULL) {
+ memcpy(actx->tag, ptr, arg);
+ actx->tag_len = arg;
+ }
+ return 1;
+
+ case EVP_CTRL_AEAD_GET_TAG:
+ if (arg <= 0 || arg > POLY1305_BLOCK_SIZE || !ctx->encrypt)
+ return 0;
+ memcpy(ptr, actx->tag, arg);
+ return 1;
+
+ case EVP_CTRL_AEAD_TLS1_AAD:
+ if (arg != EVP_AEAD_TLS1_AAD_LEN)
+ return 0;
+ {
+ unsigned int len;
+ unsigned char *aad = ptr;
+
+ memcpy(actx->tls_aad, ptr, EVP_AEAD_TLS1_AAD_LEN);
+ len = aad[EVP_AEAD_TLS1_AAD_LEN - 2] << 8 |
+ aad[EVP_AEAD_TLS1_AAD_LEN - 1];
+ aad = actx->tls_aad;
+ if (!ctx->encrypt) {
+ if (len < POLY1305_BLOCK_SIZE)
+ return 0;
+ len -= POLY1305_BLOCK_SIZE; /* discount attached tag */
+ aad[EVP_AEAD_TLS1_AAD_LEN - 2] = (unsigned char)(len >> 8);
+ aad[EVP_AEAD_TLS1_AAD_LEN - 1] = (unsigned char)len;
+ }
+ actx->tls_payload_length = len;
+
+ /*
+ * merge record sequence number as per RFC7905
+ */
+ actx->key.counter[1] = actx->nonce[0];
+ actx->key.counter[2] = actx->nonce[1] ^ CHACHA_U8TOU32(aad);
+ actx->key.counter[3] = actx->nonce[2] ^ CHACHA_U8TOU32(aad+4);
+ actx->mac_inited = 0;
+
+ return POLY1305_BLOCK_SIZE; /* tag length */
+ }
+
+ case EVP_CTRL_AEAD_SET_MAC_KEY:
+ /* no-op */
+ return 1;
+
+ default:
+ return -1;
+ }
+}
+
+static EVP_CIPHER chacha20_poly1305 = {
+ NID_chacha20_poly1305,
+ 1, /* block_size */
+ CHACHA_KEY_SIZE, /* key_len */
+ 12, /* iv_len, 96-bit nonce in the context */
+ EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CUSTOM_IV |
+ EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT |
+ EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER,
+ chacha20_poly1305_init_key,
+ chacha20_poly1305_cipher,
+ chacha20_poly1305_cleanup,
+ 0, /* 0 moves context-specific structure allocation to ctrl */
+ NULL, /* set_asn1_parameters */
+ NULL, /* get_asn1_parameters */
+ chacha20_poly1305_ctrl,
+ NULL /* app_data */
+};
+
+const EVP_CIPHER *EVP_chacha20_poly1305(void)
+{
+ return(&chacha20_poly1305);
+}
+# endif
+#endif
diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c
index 8ca65cd03ae1..c13fb3e25a9b 100644
--- a/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
@@ -1,67 +1,18 @@
-/* crypto/evp/e_des.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#ifndef OPENSSL_NO_DES
# include <openssl/evp.h>
# include <openssl/objects.h>
-# include "evp_locl.h"
+# include "internal/evp_int.h"
# include <openssl/des.h>
# include <openssl/rand.h>
@@ -106,7 +57,8 @@ static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
{
BLOCK_CIPHER_ecb_loop()
DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
- ctx->cipher_data, ctx->encrypt);
+ EVP_CIPHER_CTX_get_cipher_data(ctx),
+ EVP_CIPHER_CTX_encrypting(ctx));
return 1;
}
@@ -114,37 +66,49 @@ static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
while (inl >= EVP_MAXCHUNK) {
- DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
- (DES_cblock *)ctx->iv, &ctx->num);
+ int num = EVP_CIPHER_CTX_num(ctx);
+ DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
+ EVP_CIPHER_CTX_get_cipher_data(ctx),
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num);
+ EVP_CIPHER_CTX_set_num(ctx, num);
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
out += EVP_MAXCHUNK;
}
- if (inl)
- DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data,
- (DES_cblock *)ctx->iv, &ctx->num);
+ if (inl) {
+ int num = EVP_CIPHER_CTX_num(ctx);
+ DES_ofb64_encrypt(in, out, (long)inl,
+ EVP_CIPHER_CTX_get_cipher_data(ctx),
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num);
+ EVP_CIPHER_CTX_set_num(ctx, num);
+ }
return 1;
}
static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
- EVP_DES_KEY *dat = (EVP_DES_KEY *) ctx->cipher_data;
+ EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx);
if (dat->stream.cbc != NULL) {
- (*dat->stream.cbc) (in, out, inl, &dat->ks.ks, ctx->iv);
+ (*dat->stream.cbc) (in, out, inl, &dat->ks.ks,
+ EVP_CIPHER_CTX_iv_noconst(ctx));
return 1;
}
while (inl >= EVP_MAXCHUNK) {
- DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
- (DES_cblock *)ctx->iv, ctx->encrypt);
+ DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK,
+ EVP_CIPHER_CTX_get_cipher_data(ctx),
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ EVP_CIPHER_CTX_encrypting(ctx));
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
out += EVP_MAXCHUNK;
}
if (inl)
- DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,
- (DES_cblock *)ctx->iv, ctx->encrypt);
+ DES_ncbc_encrypt(in, out, (long)inl,
+ EVP_CIPHER_CTX_get_cipher_data(ctx),
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ EVP_CIPHER_CTX_encrypting(ctx));
return 1;
}
@@ -152,15 +116,24 @@ static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
while (inl >= EVP_MAXCHUNK) {
- DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
- (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
+ int num = EVP_CIPHER_CTX_num(ctx);
+ DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
+ EVP_CIPHER_CTX_get_cipher_data(ctx),
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+ EVP_CIPHER_CTX_encrypting(ctx));
+ EVP_CIPHER_CTX_set_num(ctx, num);
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
out += EVP_MAXCHUNK;
}
- if (inl)
- DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
- (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
+ if (inl) {
+ int num = EVP_CIPHER_CTX_num(ctx);
+ DES_cfb64_encrypt(in, out, (long)inl,
+ EVP_CIPHER_CTX_get_cipher_data(ctx),
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+ EVP_CIPHER_CTX_encrypting(ctx));
+ EVP_CIPHER_CTX_set_num(ctx, num);
+ }
return 1;
}
@@ -180,8 +153,9 @@ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
while (inl && inl >= chunk) {
for (n = 0; n < chunk * 8; ++n) {
c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
- DES_cfb_encrypt(c, d, 1, 1, ctx->cipher_data,
- (DES_cblock *)ctx->iv, ctx->encrypt);
+ DES_cfb_encrypt(c, d, 1, 1, EVP_CIPHER_CTX_get_cipher_data(ctx),
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ EVP_CIPHER_CTX_encrypting(ctx));
out[n / 8] =
(out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) |
((d[0] & 0x80) >> (unsigned int)(n % 8));
@@ -200,15 +174,19 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
while (inl >= EVP_MAXCHUNK) {
- DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, ctx->cipher_data,
- (DES_cblock *)ctx->iv, ctx->encrypt);
+ DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
+ EVP_CIPHER_CTX_get_cipher_data(ctx),
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ EVP_CIPHER_CTX_encrypting(ctx));
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
out += EVP_MAXCHUNK;
}
if (inl)
- DES_cfb_encrypt(in, out, 8, (long)inl, ctx->cipher_data,
- (DES_cblock *)ctx->iv, ctx->encrypt);
+ DES_cfb_encrypt(in, out, 8, (long)inl,
+ EVP_CIPHER_CTX_get_cipher_data(ctx),
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ EVP_CIPHER_CTX_encrypting(ctx));
return 1;
}
@@ -228,12 +206,12 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
DES_cblock *deskey = (DES_cblock *)key;
- EVP_DES_KEY *dat = (EVP_DES_KEY *) ctx->cipher_data;
+ EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx);
dat->stream.cbc = NULL;
# if defined(SPARC_DES_CAPABLE)
if (SPARC_DES_CAPABLE) {
- int mode = ctx->cipher->flags & EVP_CIPH_MODE;
+ int mode = EVP_CIPHER_CTX_mode(ctx);
if (mode == EVP_CIPH_CBC_MODE) {
des_t4_key_expand(key, &dat->ks.ks);
@@ -242,12 +220,7 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
}
}
# endif
-# ifdef EVP_CHECK_DES_KEY
- if (DES_set_key_checked(deskey, dat->ks.ks) != 0)
- return 0;
-# else
- DES_set_key_unchecked(deskey, ctx->cipher_data);
-# endif
+ DES_set_key_unchecked(deskey, EVP_CIPHER_CTX_get_cipher_data(ctx));
return 1;
}
@@ -256,7 +229,7 @@ static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
switch (type) {
case EVP_CTRL_RAND_KEY:
- if (RAND_bytes(ptr, 8) <= 0)
+ if (RAND_priv_bytes(ptr, 8) <= 0)
return 0;
DES_set_odd_parity((DES_cblock *)ptr);
return 1;
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index ab8126e5c9cf..6b492ce47023 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -1,73 +1,21 @@
-/* crypto/evp/e_des3.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#ifndef OPENSSL_NO_DES
# include <openssl/evp.h>
# include <openssl/objects.h>
-# include "evp_locl.h"
+# include "internal/evp_int.h"
# include <openssl/des.h>
# include <openssl/rand.h>
-
-/* Block use of implementations in FIPS mode */
-# undef EVP_CIPH_FLAG_FIPS
-# define EVP_CIPH_FLAG_FIPS 0
+# include "evp_locl.h"
typedef struct {
union {
@@ -107,7 +55,7 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
-# define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data)
+# define data(ctx) EVP_C_DATA(DES_EDE_KEY,ctx)
/*
* Because of various casts and different args can't use
@@ -121,7 +69,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
DES_ecb3_encrypt((const_DES_cblock *)(in + i),
(DES_cblock *)(out + i),
&data(ctx)->ks1, &data(ctx)->ks2,
- &data(ctx)->ks3, ctx->encrypt);
+ &data(ctx)->ks3, EVP_CIPHER_CTX_encrypting(ctx));
return 1;
}
@@ -129,20 +77,26 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
while (inl >= EVP_MAXCHUNK) {
+ int num = EVP_CIPHER_CTX_num(ctx);
DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
&data(ctx)->ks1, &data(ctx)->ks2,
- &data(ctx)->ks3, (DES_cblock *)ctx->iv,
- &ctx->num);
+ &data(ctx)->ks3,
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ &num);
+ EVP_CIPHER_CTX_set_num(ctx, num);
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
out += EVP_MAXCHUNK;
}
- if (inl)
+ if (inl) {
+ int num = EVP_CIPHER_CTX_num(ctx);
DES_ede3_ofb64_encrypt(in, out, (long)inl,
&data(ctx)->ks1, &data(ctx)->ks2,
- &data(ctx)->ks3, (DES_cblock *)ctx->iv,
- &ctx->num);
-
+ &data(ctx)->ks3,
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ &num);
+ EVP_CIPHER_CTX_set_num(ctx, num);
+ }
return 1;
}
@@ -151,26 +105,17 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
{
DES_EDE_KEY *dat = data(ctx);
-# ifdef KSSL_DEBUG
- {
- int i;
- fprintf(stderr, "des_ede_cbc_cipher(ctx=%p, buflen=%d)\n", ctx,
- ctx->buf_len);
- fprintf(stderr, "\t iv= ");
- for (i = 0; i < 8; i++)
- fprintf(stderr, "%02X", ctx->iv[i]);
- fprintf(stderr, "\n");
- }
-# endif /* KSSL_DEBUG */
- if (dat->stream.cbc) {
- (*dat->stream.cbc) (in, out, inl, dat->ks.ks, ctx->iv);
+ if (dat->stream.cbc != NULL) {
+ (*dat->stream.cbc) (in, out, inl, dat->ks.ks,
+ EVP_CIPHER_CTX_iv_noconst(ctx));
return 1;
}
while (inl >= EVP_MAXCHUNK) {
DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
&dat->ks1, &dat->ks2, &dat->ks3,
- (DES_cblock *)ctx->iv, ctx->encrypt);
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ EVP_CIPHER_CTX_encrypting(ctx));
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
out += EVP_MAXCHUNK;
@@ -178,7 +123,8 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (inl)
DES_ede3_cbc_encrypt(in, out, (long)inl,
&dat->ks1, &dat->ks2, &dat->ks3,
- (DES_cblock *)ctx->iv, ctx->encrypt);
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ EVP_CIPHER_CTX_encrypting(ctx));
return 1;
}
@@ -186,19 +132,26 @@ static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
while (inl >= EVP_MAXCHUNK) {
+ int num = EVP_CIPHER_CTX_num(ctx);
DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
&data(ctx)->ks1, &data(ctx)->ks2,
- &data(ctx)->ks3, (DES_cblock *)ctx->iv,
- &ctx->num, ctx->encrypt);
+ &data(ctx)->ks3,
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ &num, EVP_CIPHER_CTX_encrypting(ctx));
+ EVP_CIPHER_CTX_set_num(ctx, num);
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
out += EVP_MAXCHUNK;
}
- if (inl)
+ if (inl) {
+ int num = EVP_CIPHER_CTX_num(ctx);
DES_ede3_cfb64_encrypt(in, out, (long)inl,
&data(ctx)->ks1, &data(ctx)->ks2,
- &data(ctx)->ks3, (DES_cblock *)ctx->iv,
- &ctx->num, ctx->encrypt);
+ &data(ctx)->ks3,
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ &num, EVP_CIPHER_CTX_encrypting(ctx));
+ EVP_CIPHER_CTX_set_num(ctx, num);
+ }
return 1;
}
@@ -218,8 +171,9 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
DES_ede3_cfb_encrypt(c, d, 1, 1,
&data(ctx)->ks1, &data(ctx)->ks2,
- &data(ctx)->ks3, (DES_cblock *)ctx->iv,
- ctx->encrypt);
+ &data(ctx)->ks3,
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ EVP_CIPHER_CTX_encrypting(ctx));
out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8)))
| ((d[0] & 0x80) >> (unsigned int)(n % 8));
}
@@ -233,8 +187,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
while (inl >= EVP_MAXCHUNK) {
DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
&data(ctx)->ks1, &data(ctx)->ks2,
- &data(ctx)->ks3, (DES_cblock *)ctx->iv,
- ctx->encrypt);
+ &data(ctx)->ks3,
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ EVP_CIPHER_CTX_encrypting(ctx));
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
out += EVP_MAXCHUNK;
@@ -242,8 +197,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (inl)
DES_ede3_cfb_encrypt(in, out, 8, (long)inl,
&data(ctx)->ks1, &data(ctx)->ks2,
- &data(ctx)->ks3, (DES_cblock *)ctx->iv,
- ctx->encrypt);
+ &data(ctx)->ks3,
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ EVP_CIPHER_CTX_encrypting(ctx));
return 1;
}
@@ -255,19 +211,16 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
# define des_ede3_cbc_cipher des_ede_cbc_cipher
# define des_ede3_ecb_cipher des_ede_ecb_cipher
BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS |
- EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL,
- des3_ctrl)
+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+ des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS |
- EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL,
- NULL, des3_ctrl)
+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+ des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS |
- EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL,
- NULL, des3_ctrl)
+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+ des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
@@ -278,7 +231,7 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
dat->stream.cbc = NULL;
# if defined(SPARC_DES_CAPABLE)
if (SPARC_DES_CAPABLE) {
- int mode = ctx->cipher->flags & EVP_CIPH_MODE;
+ int mode = EVP_CIPHER_CTX_mode(ctx);
if (mode == EVP_CIPH_CBC_MODE) {
des_t4_key_expand(&deskey[0], &dat->ks1);
@@ -290,14 +243,8 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
}
}
# endif
-# ifdef EVP_CHECK_DES_KEY
- if (DES_set_key_checked(&deskey[0], &dat->ks1)
- || DES_set_key_checked(&deskey[1], &dat->ks2))
- return 0;
-# else
DES_set_key_unchecked(&deskey[0], &dat->ks1);
DES_set_key_unchecked(&deskey[1], &dat->ks2);
-# endif
memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1));
return 1;
}
@@ -308,27 +255,10 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
DES_cblock *deskey = (DES_cblock *)key;
DES_EDE_KEY *dat = data(ctx);
-# ifdef KSSL_DEBUG
- {
- int i;
- fprintf(stderr, "des_ede3_init_key(ctx=%p)\n", ctx);
- fprintf(stderr, "\tKEY= ");
- for (i = 0; i < 24; i++)
- fprintf(stderr, "%02X", key[i]);
- fprintf(stderr, "\n");
- if (iv) {
- fprintf(stderr, "\t IV= ");
- for (i = 0; i < 8; i++)
- fprintf(stderr, "%02X", iv[i]);
- fprintf(stderr, "\n");
- }
- }
-# endif /* KSSL_DEBUG */
-
dat->stream.cbc = NULL;
# if defined(SPARC_DES_CAPABLE)
if (SPARC_DES_CAPABLE) {
- int mode = ctx->cipher->flags & EVP_CIPH_MODE;
+ int mode = EVP_CIPHER_CTX_mode(ctx);
if (mode == EVP_CIPH_CBC_MODE) {
des_t4_key_expand(&deskey[0], &dat->ks1);
@@ -340,32 +270,25 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
}
}
# endif
-# ifdef EVP_CHECK_DES_KEY
- if (DES_set_key_checked(&deskey[0], &dat->ks1)
- || DES_set_key_checked(&deskey[1], &dat->ks2)
- || DES_set_key_checked(&deskey[2], &dat->ks3))
- return 0;
-# else
DES_set_key_unchecked(&deskey[0], &dat->ks1);
DES_set_key_unchecked(&deskey[1], &dat->ks2);
DES_set_key_unchecked(&deskey[2], &dat->ks3);
-# endif
return 1;
}
-static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+static int des3_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
{
DES_cblock *deskey = ptr;
switch (type) {
case EVP_CTRL_RAND_KEY:
- if (RAND_bytes(ptr, c->key_len) <= 0)
+ if (RAND_priv_bytes(ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0)
return 0;
DES_set_odd_parity(deskey);
- if (c->key_len >= 16)
+ if (EVP_CIPHER_CTX_key_length(ctx) >= 16)
DES_set_odd_parity(deskey + 1);
- if (c->key_len >= 24)
+ if (EVP_CIPHER_CTX_key_length(ctx) >= 24)
DES_set_odd_parity(deskey + 2);
return 1;
@@ -384,9 +307,8 @@ const EVP_CIPHER *EVP_des_ede3(void)
return &des_ede3_ecb;
}
-# ifndef OPENSSL_NO_SHA
-# include <openssl/sha.h>
+# include <openssl/sha.h>
static const unsigned char wrap_iv[8] =
{ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 };
@@ -400,7 +322,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
return -1;
if (out == NULL)
return inl - 16;
- memcpy(ctx->iv, wrap_iv, 8);
+ memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8);
/* Decrypt first block which will end up as icv */
des_ede_cbc_cipher(ctx, icv, in, 8);
/* Decrypt central blocks */
@@ -418,7 +340,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
/* Reverse order of everything */
BUF_reverse(icv, NULL, 8);
BUF_reverse(out, NULL, inl - 16);
- BUF_reverse(ctx->iv, iv, 8);
+ BUF_reverse(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 8);
/* Decrypt again using new IV */
des_ede_cbc_cipher(ctx, out, out, inl - 16);
des_ede_cbc_cipher(ctx, icv, icv, 8);
@@ -430,7 +352,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
OPENSSL_cleanse(icv, 8);
OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
OPENSSL_cleanse(iv, 8);
- OPENSSL_cleanse(ctx->iv, 8);
+ OPENSSL_cleanse(EVP_CIPHER_CTX_iv_noconst(ctx), 8);
if (rv == -1)
OPENSSL_cleanse(out, inl - 16);
@@ -450,13 +372,13 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
memcpy(out + inl + 8, sha1tmp, 8);
OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
/* Generate random IV */
- if (RAND_bytes(ctx->iv, 8) <= 0)
+ if (RAND_bytes(EVP_CIPHER_CTX_iv_noconst(ctx), 8) <= 0)
return -1;
- memcpy(out, ctx->iv, 8);
+ memcpy(out, EVP_CIPHER_CTX_iv_noconst(ctx), 8);
/* Encrypt everything after IV in place */
des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8);
BUF_reverse(out, NULL, inl + 16);
- memcpy(ctx->iv, wrap_iv, 8);
+ memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8);
des_ede_cbc_cipher(ctx, out, out, inl + 16);
return inl + 16;
}
@@ -471,7 +393,13 @@ static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
*/
if (inl >= EVP_MAXCHUNK || inl % 8)
return -1;
- if (ctx->encrypt)
+
+ if (is_partially_overlapping(out, in, inl)) {
+ EVPerr(EVP_F_DES_EDE3_WRAP_CIPHER, EVP_R_PARTIALLY_OVERLAPPING);
+ return 0;
+ }
+
+ if (EVP_CIPHER_CTX_encrypting(ctx))
return des_ede3_wrap(ctx, out, in, inl);
else
return des_ede3_unwrap(ctx, out, in, inl);
@@ -493,5 +421,4 @@ const EVP_CIPHER *EVP_des_ede3_wrap(void)
return &des3_wrap;
}
-# endif
#endif
diff --git a/crypto/evp/e_dsa.c b/crypto/evp/e_dsa.c
deleted file mode 100644
index 523993f4d91e..000000000000
--- a/crypto/evp/e_dsa.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/* crypto/evp/e_dsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-static EVP_PKEY_METHOD dss_method = {
- DSA_sign,
- DSA_verify,
- {EVP_PKEY_DSA, EVP_PKEY_DSA2, EVP_PKEY_DSA3, NULL},
-};
diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c
index cac72b33ba96..93f6a4131fa8 100644
--- a/crypto/evp/e_idea.c
+++ b/crypto/evp/e_idea.c
@@ -1,75 +1,32 @@
-/* crypto/evp/e_idea.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#ifndef OPENSSL_NO_IDEA
# include <openssl/evp.h>
# include <openssl/objects.h>
-# include "evp_locl.h"
+# include "internal/evp_int.h"
# include <openssl/idea.h>
+/* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */
+
+typedef struct {
+ IDEA_KEY_SCHEDULE ks;
+} EVP_IDEA_KEY;
+
static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
/*
- * NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a
+ * NB IDEA_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a
* special case
*/
@@ -77,21 +34,15 @@ static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
BLOCK_CIPHER_ecb_loop()
- idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
+ IDEA_ecb_encrypt(in + i, out + i, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks);
return 1;
}
-/* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */
-
-typedef struct {
- IDEA_KEY_SCHEDULE ks;
-} EVP_IDEA_KEY;
-
-BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks)
- BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks)
- BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks)
+BLOCK_CIPHER_func_cbc(idea, IDEA, EVP_IDEA_KEY, ks)
+BLOCK_CIPHER_func_ofb(idea, IDEA, 64, EVP_IDEA_KEY, ks)
+BLOCK_CIPHER_func_cfb(idea, IDEA, 64, EVP_IDEA_KEY, ks)
- BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
+BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
0, idea_init_key, NULL,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
@@ -105,12 +56,12 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
enc = 1;
}
if (enc)
- idea_set_encrypt_key(key, ctx->cipher_data);
+ IDEA_set_encrypt_key(key, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks);
else {
IDEA_KEY_SCHEDULE tmp;
- idea_set_encrypt_key(key, &tmp);
- idea_set_decrypt_key(&tmp, ctx->cipher_data);
+ IDEA_set_encrypt_key(key, &tmp);
+ IDEA_set_decrypt_key(&tmp, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks);
OPENSSL_cleanse((unsigned char *)&tmp, sizeof(IDEA_KEY_SCHEDULE));
}
return 1;
diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c
index 599fcb808d21..18a8468216a0 100644
--- a/crypto/evp/e_null.c
+++ b/crypto/evp/e_null.c
@@ -1,65 +1,17 @@
-/* crypto/evp/e_null.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/evp.h>
#include <openssl/objects.h>
+#include "internal/evp_int.h"
static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
@@ -67,8 +19,7 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl);
static const EVP_CIPHER n_cipher = {
NID_undef,
- 1, 0, 0,
- 0,
+ 1, 0, 0, 0,
null_init_key,
null_cipher,
NULL,
@@ -81,13 +32,12 @@ static const EVP_CIPHER n_cipher = {
const EVP_CIPHER *EVP_enc_null(void)
{
- return (&n_cipher);
+ return &n_cipher;
}
static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
- /* memset(&(ctx->c),0,sizeof(ctx->c)); */
return 1;
}
@@ -95,6 +45,6 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
if (in != out)
- memcpy((char *)out, (const char *)in, inl);
+ memcpy(out, in, inl);
return 1;
}
diff --git a/crypto/evp/e_old.c b/crypto/evp/e_old.c
index a23d143b7fae..927908f87176 100644
--- a/crypto/evp/e_old.c
+++ b/crypto/evp/e_old.c
@@ -1,64 +1,15 @@
-/* crypto/evp/e_old.c */
/*
- * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
- * 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
*
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
-#ifdef OPENSSL_NO_DEPRECATED
-static void *dummy = &dummy;
+#include <openssl/opensslconf.h>
+#if OPENSSL_API_COMPAT >= 0x00908000L
+NON_EMPTY_TRANSLATION_UNIT
#else
# include <openssl/evp.h>
@@ -138,27 +89,25 @@ const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
}
# endif
-# ifndef OPENSSL_NO_AES
-# undef EVP_aes_128_cfb
+# undef EVP_aes_128_cfb
const EVP_CIPHER *EVP_aes_128_cfb(void);
const EVP_CIPHER *EVP_aes_128_cfb(void)
{
return EVP_aes_128_cfb128();
}
-# undef EVP_aes_192_cfb
+# undef EVP_aes_192_cfb
const EVP_CIPHER *EVP_aes_192_cfb(void);
const EVP_CIPHER *EVP_aes_192_cfb(void)
{
return EVP_aes_192_cfb128();
}
-# undef EVP_aes_256_cfb
+# undef EVP_aes_256_cfb
const EVP_CIPHER *EVP_aes_256_cfb(void);
const EVP_CIPHER *EVP_aes_256_cfb(void)
{
return EVP_aes_256_cfb128();
}
-# endif
#endif
diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c
index 718cc8694fe3..80afe316d764 100644
--- a/crypto/evp/e_rc2.c
+++ b/crypto/evp/e_rc2.c
@@ -1,69 +1,20 @@
-/* crypto/evp/e_rc2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#ifndef OPENSSL_NO_RC2
# include <openssl/evp.h>
# include <openssl/objects.h>
-# include "evp_locl.h"
+# include "internal/evp_int.h"
# include <openssl/rc2.h>
static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -79,7 +30,7 @@ typedef struct {
RC2_KEY ks; /* key schedule */
} EVP_RC2_KEY;
-# define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data)
+# define data(ctx) EVP_C_DATA(EVP_RC2_KEY,ctx)
IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2,
8,
@@ -121,12 +72,12 @@ static const EVP_CIPHER r2_40_cbc_cipher = {
const EVP_CIPHER *EVP_rc2_64_cbc(void)
{
- return (&r2_64_cbc_cipher);
+ return &r2_64_cbc_cipher;
}
const EVP_CIPHER *EVP_rc2_40_cbc(void)
{
- return (&r2_40_cbc_cipher);
+ return &r2_40_cbc_cipher;
}
static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -143,13 +94,13 @@ static int rc2_meth_to_magic(EVP_CIPHER_CTX *e)
EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i);
if (i == 128)
- return (RC2_128_MAGIC);
+ return RC2_128_MAGIC;
else if (i == 64)
- return (RC2_64_MAGIC);
+ return RC2_64_MAGIC;
else if (i == 40)
- return (RC2_40_MAGIC);
+ return RC2_40_MAGIC;
else
- return (0);
+ return 0;
}
static int rc2_magic_to_meth(int i)
@@ -162,7 +113,7 @@ static int rc2_magic_to_meth(int i)
return 40;
else {
EVPerr(EVP_F_RC2_MAGIC_TO_METH, EVP_R_UNSUPPORTED_KEY_SIZE);
- return (0);
+ return 0;
}
}
@@ -179,16 +130,17 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
OPENSSL_assert(l <= sizeof(iv));
i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
if (i != (int)l)
- return (-1);
+ return -1;
key_bits = rc2_magic_to_meth((int)num);
if (!key_bits)
- return (-1);
+ return -1;
if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1))
return -1;
EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
- EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
+ if (EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0)
+ return -1;
}
- return (i);
+ return i;
}
static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
@@ -199,9 +151,11 @@ static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
if (type != NULL) {
num = rc2_meth_to_magic(c);
j = EVP_CIPHER_CTX_iv_length(c);
- i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j);
+ i = ASN1_TYPE_set_int_octetstring(type, num,
+ (unsigned char *)EVP_CIPHER_CTX_original_iv(c),
+ j);
}
- return (i);
+ return i;
}
static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c
index 08e48f391d49..d16abdd0d2d7 100644
--- a/crypto/evp/e_rc4.c
+++ b/crypto/evp/e_rc4.c
@@ -1,79 +1,28 @@
-/* crypto/evp/e_rc4.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#ifndef OPENSSL_NO_RC4
# include <openssl/evp.h>
-# include "evp_locl.h"
# include <openssl/objects.h>
# include <openssl/rc4.h>
-/* FIXME: surely this is available elsewhere? */
-# define EVP_RC4_KEY_SIZE 16
+# include "internal/evp_int.h"
typedef struct {
RC4_KEY ks; /* working key */
} EVP_RC4_KEY;
-# define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data)
+# define data(ctx) ((EVP_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx))
static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
@@ -109,12 +58,12 @@ static const EVP_CIPHER r4_40_cipher = {
const EVP_CIPHER *EVP_rc4(void)
{
- return (&r4_cipher);
+ return &r4_cipher;
}
const EVP_CIPHER *EVP_rc4_40(void)
{
- return (&r4_40_cipher);
+ return &r4_40_cipher;
}
static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
index 93cfe3f1074f..b1e8ccd6ddca 100644
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
@@ -1,50 +1,10 @@
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
@@ -59,15 +19,7 @@
# include <openssl/objects.h>
# include <openssl/rc4.h>
# include <openssl/md5.h>
-
-# ifndef EVP_CIPH_FLAG_AEAD_CIPHER
-# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
-# define EVP_CTRL_AEAD_TLS1_AAD 0x16
-# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17
-# endif
-
-/* FIXME: surely this is available elsewhere? */
-# define EVP_RC4_KEY_SIZE 16
+# include "internal/evp_int.h"
typedef struct {
RC4_KEY ks;
@@ -80,7 +32,7 @@ typedef struct {
void rc4_md5_enc(RC4_KEY *key, const void *in0, void *out,
MD5_CTX *ctx, const void *inp, size_t blocks);
-# define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data)
+# define data(ctx) ((EVP_RC4_HMAC_MD5 *)EVP_CIPHER_CTX_get_cipher_data(ctx))
static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *inkey,
@@ -101,9 +53,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
# if defined(RC4_ASM) && defined(MD5_ASM) && ( \
defined(__x86_64) || defined(__x86_64__) || \
- defined(_M_AMD64) || defined(_M_X64) || \
- defined(__INTEL__) ) && \
- !(defined(__APPLE__) && defined(__MACH__))
+ defined(_M_AMD64) || defined(_M_X64) )
# define STITCHED_CALL
# endif
@@ -128,7 +78,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH))
return 0;
- if (ctx->encrypt) {
+ if (EVP_CIPHER_CTX_encrypting(ctx)) {
if (plen == NO_PAYLOAD_LENGTH)
plen = len;
# if defined(STITCHED_CALL)
@@ -268,7 +218,7 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
len = p[arg - 2] << 8 | p[arg - 1];
- if (!ctx->encrypt) {
+ if (!EVP_CIPHER_CTX_encrypting(ctx)) {
if (len < MD5_DIGEST_LENGTH)
return -1;
len -= MD5_DIGEST_LENGTH;
@@ -307,6 +257,6 @@ static EVP_CIPHER r4_hmac_md5_cipher = {
const EVP_CIPHER *EVP_rc4_hmac_md5(void)
{
- return (&r4_hmac_md5_cipher);
+ return &r4_hmac_md5_cipher;
}
#endif
diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c
index f17e99d0c5c1..a2f26d8c5f23 100644
--- a/crypto/evp/e_rc5.c
+++ b/crypto/evp/e_rc5.c
@@ -1,67 +1,19 @@
-/* crypto/evp/e_rc5.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#ifndef OPENSSL_NO_RC5
# include <openssl/evp.h>
+# include "internal/evp_int.h"
# include <openssl/objects.h>
# include "evp_locl.h"
# include <openssl/rc5.h>
@@ -102,7 +54,7 @@ static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
return 1;
default:
- EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
+ EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS);
return 0;
}
diff --git a/crypto/evp/e_seed.c b/crypto/evp/e_seed.c
index 3d01eacac06e..40aec5fc6ac0 100644
--- a/crypto/evp/e_seed.c
+++ b/crypto/evp/e_seed.c
@@ -1,66 +1,22 @@
-/* crypto/evp/e_seed.c */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
*
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_SEED
+#ifdef OPENSSL_NO_SEED
+NON_EMPTY_TRANSLATION_UNIT
+#else
# include <openssl/evp.h>
# include <openssl/err.h>
# include <string.h>
# include <assert.h>
# include <openssl/seed.h>
-# include "evp_locl.h"
+# include "internal/evp_int.h"
static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
@@ -76,7 +32,7 @@ IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed,
static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
- SEED_set_key(key, ctx->cipher_data);
+ SEED_set_key(key, &EVP_C_DATA(EVP_SEED_KEY,ctx)->ks);
return 1;
}
diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c
new file mode 100644
index 000000000000..79deb6563646
--- /dev/null
+++ b/crypto/evp/e_sm4.c
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#ifndef OPENSSL_NO_SM4
+# include <openssl/evp.h>
+# include <openssl/modes.h>
+# include "internal/sm4.h"
+# include "internal/evp_int.h"
+
+typedef struct {
+ SM4_KEY ks;
+} EVP_SM4_KEY;
+
+static int sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ SM4_set_key(key, EVP_CIPHER_CTX_get_cipher_data(ctx));
+ return 1;
+}
+
+static void sm4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const SM4_KEY *key,
+ unsigned char *ivec, const int enc)
+{
+ if (enc)
+ CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
+ (block128_f)SM4_encrypt);
+ else
+ CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
+ (block128_f)SM4_decrypt);
+}
+
+static void sm4_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const SM4_KEY *key,
+ unsigned char *ivec, int *num, const int enc)
+{
+ CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
+ (block128_f)SM4_encrypt);
+}
+
+static void sm4_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const SM4_KEY *key, const int enc)
+{
+ if (enc)
+ SM4_encrypt(in, out, key);
+ else
+ SM4_decrypt(in, out, key);
+}
+
+static void sm4_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const SM4_KEY *key,
+ unsigned char *ivec, int *num)
+{
+ CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
+ (block128_f)SM4_encrypt);
+}
+
+IMPLEMENT_BLOCK_CIPHER(sm4, ks, sm4, EVP_SM4_KEY, NID_sm4,
+ 16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1,
+ sm4_init_key, 0, 0, 0, 0)
+
+static int sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ unsigned int num = EVP_CIPHER_CTX_num(ctx);
+ EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx);
+
+ CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
+ EVP_CIPHER_CTX_iv_noconst(ctx),
+ EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+ (block128_f)SM4_encrypt);
+ EVP_CIPHER_CTX_set_num(ctx, num);
+ return 1;
+}
+
+static const EVP_CIPHER sm4_ctr_mode = {
+ NID_sm4_ctr, 1, 16, 16,
+ EVP_CIPH_CTR_MODE,
+ sm4_init_key,
+ sm4_ctr_cipher,
+ NULL,
+ sizeof(EVP_SM4_KEY),
+ NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_sm4_ctr(void)
+{
+ return &sm4_ctr_mode;
+}
+
+#endif
diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c
index 3430df9e8ec1..57ce813da824 100644
--- a/crypto/evp/e_xcbc_d.c
+++ b/crypto/evp/e_xcbc_d.c
@@ -1,69 +1,20 @@
-/* crypto/evp/e_xcbc_d.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#ifndef OPENSSL_NO_DES
# include <openssl/evp.h>
# include <openssl/objects.h>
-# include "evp_locl.h"
+# include "internal/evp_int.h"
# include <openssl/des.h>
static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -77,7 +28,7 @@ typedef struct {
DES_cblock outw;
} DESX_CBC_KEY;
-# define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data)
+# define data(ctx) EVP_C_DATA(DESX_CBC_KEY,ctx)
static const EVP_CIPHER d_xcbc_cipher = {
NID_desx_cbc,
@@ -95,7 +46,7 @@ static const EVP_CIPHER d_xcbc_cipher = {
const EVP_CIPHER *EVP_desx_cbc(void)
{
- return (&d_xcbc_cipher);
+ return &d_xcbc_cipher;
}
static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -115,16 +66,18 @@ static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
{
while (inl >= EVP_MAXCHUNK) {
DES_xcbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks,
- (DES_cblock *)&(ctx->iv[0]),
- &data(ctx)->inw, &data(ctx)->outw, ctx->encrypt);
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ &data(ctx)->inw, &data(ctx)->outw,
+ EVP_CIPHER_CTX_encrypting(ctx));
inl -= EVP_MAXCHUNK;
in += EVP_MAXCHUNK;
out += EVP_MAXCHUNK;
}
if (inl)
DES_xcbc_encrypt(in, out, (long)inl, &data(ctx)->ks,
- (DES_cblock *)&(ctx->iv[0]),
- &data(ctx)->inw, &data(ctx)->outw, ctx->encrypt);
+ (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+ &data(ctx)->inw, &data(ctx)->outw,
+ EVP_CIPHER_CTX_encrypting(ctx));
return 1;
}
#endif
diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index c6c775e0a0cd..da32d4fd1973 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -1,69 +1,28 @@
-/* crypto/evp/encode.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <limits.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/evp.h>
+#include "evp_locl.h"
+#include "internal/evp_int.h"
+
+static unsigned char conv_ascii2bin(unsigned char a,
+ const unsigned char *table);
+static int evp_encodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
+ const unsigned char *f, int dlen);
+static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
+ const unsigned char *f, int n);
-static unsigned char conv_ascii2bin(unsigned char a);
#ifndef CHARSET_EBCDIC
-# define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f])
+# define conv_bin2ascii(a, table) ((table)[(a)&0x3f])
#else
/*
* We assume that PEM encoded files are EBCDIC files (i.e., printable text
@@ -71,7 +30,7 @@ static unsigned char conv_ascii2bin(unsigned char a);
* (text) format again. (No need for conversion in the conv_bin2ascii macro,
* as the underlying textstring data_bin2ascii[] is already EBCDIC)
*/
-# define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f])
+# define conv_bin2ascii(a, table) ((table)[(a)&0x3f])
#endif
/*-
@@ -86,8 +45,13 @@ static unsigned char conv_ascii2bin(unsigned char a);
#define CHUNKS_PER_LINE (64/4)
#define CHAR_PER_LINE (64+1)
-static const unsigned char data_bin2ascii[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ\
-abcdefghijklmnopqrstuvwxyz0123456789+/";
+static const unsigned char data_bin2ascii[65] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+/* SRP uses a different base64 alphabet */
+static const unsigned char srpdata_bin2ascii[65] =
+ "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
+
/*-
* 0xF0 is a EOLN
@@ -103,7 +67,7 @@ abcdefghijklmnopqrstuvwxyz0123456789+/";
#define B64_WS 0xE0
#define B64_ERROR 0xFF
#define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3)
-#define B64_BASE64(a) !B64_NOT_BASE64(a)
+#define B64_BASE64(a) (!B64_NOT_BASE64(a))
static const unsigned char data_ascii2bin[128] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
@@ -124,31 +88,78 @@ static const unsigned char data_ascii2bin[128] = {
0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
};
+static const unsigned char srpdata_ascii2bin[128] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xF2, 0x3E, 0x3F,
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF,
+ 0xFF, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+ 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
+ 0x21, 0x22, 0x23, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A,
+ 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32,
+ 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A,
+ 0x3B, 0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
#ifndef CHARSET_EBCDIC
-static unsigned char conv_ascii2bin(unsigned char a)
+static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table)
{
if (a & 0x80)
return B64_ERROR;
- return data_ascii2bin[a];
+ return table[a];
}
#else
-static unsigned char conv_ascii2bin(unsigned char a)
+static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table)
{
a = os_toascii[a];
if (a & 0x80)
return B64_ERROR;
- return data_ascii2bin[a];
+ return table[a];
}
#endif
+EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void)
+{
+ return OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX));
+}
+
+void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx)
+{
+ OPENSSL_free(ctx);
+}
+
+int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx)
+{
+ memcpy(dctx, sctx, sizeof(EVP_ENCODE_CTX));
+
+ return 1;
+}
+
+int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx)
+{
+ return ctx->num;
+}
+
+void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags)
+{
+ ctx->flags = flags;
+}
+
void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
{
ctx->length = 48;
ctx->num = 0;
ctx->line_num = 0;
+ ctx->flags = 0;
}
-void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
int i, j;
@@ -156,43 +167,51 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
*outl = 0;
if (inl <= 0)
- return;
+ return 0;
OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
if (ctx->length - ctx->num > inl) {
memcpy(&(ctx->enc_data[ctx->num]), in, inl);
ctx->num += inl;
- return;
+ return 1;
}
if (ctx->num != 0) {
i = ctx->length - ctx->num;
memcpy(&(ctx->enc_data[ctx->num]), in, i);
in += i;
inl -= i;
- j = EVP_EncodeBlock(out, ctx->enc_data, ctx->length);
+ j = evp_encodeblock_int(ctx, out, ctx->enc_data, ctx->length);
ctx->num = 0;
out += j;
- *(out++) = '\n';
+ total = j;
+ if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0) {
+ *(out++) = '\n';
+ total++;
+ }
*out = '\0';
- total = j + 1;
}
while (inl >= ctx->length && total <= INT_MAX) {
- j = EVP_EncodeBlock(out, in, ctx->length);
+ j = evp_encodeblock_int(ctx, out, in, ctx->length);
in += ctx->length;
inl -= ctx->length;
out += j;
- *(out++) = '\n';
+ total += j;
+ if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0) {
+ *(out++) = '\n';
+ total++;
+ }
*out = '\0';
- total += j + 1;
}
if (total > INT_MAX) {
/* Too much output data! */
*outl = 0;
- return;
+ return 0;
}
if (inl != 0)
memcpy(&(ctx->enc_data[0]), in, inl);
ctx->num = inl;
*outl = total;
+
+ return 1;
}
void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
@@ -200,35 +219,43 @@ void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
unsigned int ret = 0;
if (ctx->num != 0) {
- ret = EVP_EncodeBlock(out, ctx->enc_data, ctx->num);
- out[ret++] = '\n';
+ ret = evp_encodeblock_int(ctx, out, ctx->enc_data, ctx->num);
+ if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0)
+ out[ret++] = '\n';
out[ret] = '\0';
ctx->num = 0;
}
*outl = ret;
}
-int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
+static int evp_encodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
+ const unsigned char *f, int dlen)
{
int i, ret = 0;
unsigned long l;
+ const unsigned char *table;
+
+ if (ctx != NULL && (ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0)
+ table = srpdata_bin2ascii;
+ else
+ table = data_bin2ascii;
for (i = dlen; i > 0; i -= 3) {
if (i >= 3) {
l = (((unsigned long)f[0]) << 16L) |
(((unsigned long)f[1]) << 8L) | f[2];
- *(t++) = conv_bin2ascii(l >> 18L);
- *(t++) = conv_bin2ascii(l >> 12L);
- *(t++) = conv_bin2ascii(l >> 6L);
- *(t++) = conv_bin2ascii(l);
+ *(t++) = conv_bin2ascii(l >> 18L, table);
+ *(t++) = conv_bin2ascii(l >> 12L, table);
+ *(t++) = conv_bin2ascii(l >> 6L, table);
+ *(t++) = conv_bin2ascii(l, table);
} else {
l = ((unsigned long)f[0]) << 16L;
if (i == 2)
l |= ((unsigned long)f[1] << 8L);
- *(t++) = conv_bin2ascii(l >> 18L);
- *(t++) = conv_bin2ascii(l >> 12L);
- *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L);
+ *(t++) = conv_bin2ascii(l >> 18L, table);
+ *(t++) = conv_bin2ascii(l >> 12L, table);
+ *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L, table);
*(t++) = '=';
}
ret += 4;
@@ -236,16 +263,21 @@ int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
}
*t = '\0';
- return (ret);
+ return ret;
+}
+
+int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
+{
+ return evp_encodeblock_int(NULL, t, f, dlen);
}
void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
{
- /* Only ctx->num is used during decoding. */
+ /* Only ctx->num and ctx->flags are used during decoding. */
ctx->num = 0;
ctx->length = 0;
ctx->line_num = 0;
- ctx->expect_nl = 0;
+ ctx->flags = 0;
}
/*-
@@ -273,6 +305,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
{
int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len;
unsigned char *d;
+ const unsigned char *table;
n = ctx->num;
d = ctx->enc_data;
@@ -289,9 +322,14 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
goto end;
}
+ if ((ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0)
+ table = srpdata_ascii2bin;
+ else
+ table = data_ascii2bin;
+
for (i = 0; i < inl; i++) {
tmp = *(in++);
- v = conv_ascii2bin(tmp);
+ v = conv_ascii2bin(tmp, table);
if (v == B64_ERROR) {
rv = -1;
goto end;
@@ -331,7 +369,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
}
if (n == 64) {
- decoded_len = EVP_DecodeBlock(out, d, n);
+ decoded_len = evp_decodeblock_int(ctx, out, d, n);
n = 0;
if (decoded_len < 0 || eof > decoded_len) {
rv = -1;
@@ -350,7 +388,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
tail:
if (n > 0) {
if ((n & 3) == 0) {
- decoded_len = EVP_DecodeBlock(out, d, n);
+ decoded_len = evp_decodeblock_int(ctx, out, d, n);
n = 0;
if (decoded_len < 0 || eof > decoded_len) {
rv = -1;
@@ -369,16 +407,23 @@ end:
/* Legacy behaviour. This should probably rather be zeroed on error. */
*outl = ret;
ctx->num = n;
- return (rv);
+ return rv;
}
-int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
+static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
+ const unsigned char *f, int n)
{
int i, ret = 0, a, b, c, d;
unsigned long l;
+ const unsigned char *table;
+
+ if (ctx != NULL && (ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0)
+ table = srpdata_ascii2bin;
+ else
+ table = data_ascii2bin;
/* trim white space from the start of the line. */
- while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) {
+ while ((conv_ascii2bin(*f, table) == B64_WS) && (n > 0)) {
f++;
n--;
}
@@ -387,19 +432,19 @@ int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
* strip off stuff at the end of the line ascii2bin values B64_WS,
* B64_EOLN, B64_EOLN and B64_EOF
*/
- while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1]))))
+ while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1], table))))
n--;
if (n % 4 != 0)
- return (-1);
+ return -1;
for (i = 0; i < n; i += 4) {
- a = conv_ascii2bin(*(f++));
- b = conv_ascii2bin(*(f++));
- c = conv_ascii2bin(*(f++));
- d = conv_ascii2bin(*(f++));
+ a = conv_ascii2bin(*(f++), table);
+ b = conv_ascii2bin(*(f++), table);
+ c = conv_ascii2bin(*(f++), table);
+ d = conv_ascii2bin(*(f++), table);
if ((a & 0x80) || (b & 0x80) || (c & 0x80) || (d & 0x80))
- return (-1);
+ return -1;
l = ((((unsigned long)a) << 18L) |
(((unsigned long)b) << 12L) |
(((unsigned long)c) << 6L) | (((unsigned long)d)));
@@ -408,7 +453,12 @@ int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
*(t++) = (unsigned char)(l) & 0xff;
ret += 3;
}
- return (ret);
+ return ret;
+}
+
+int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
+{
+ return evp_decodeblock_int(NULL, t, f, n);
}
int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
@@ -417,44 +467,12 @@ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
*outl = 0;
if (ctx->num != 0) {
- i = EVP_DecodeBlock(out, ctx->enc_data, ctx->num);
+ i = evp_decodeblock_int(ctx, out, ctx->enc_data, ctx->num);
if (i < 0)
- return (-1);
+ return -1;
ctx->num = 0;
*outl = i;
- return (1);
+ return 1;
} else
- return (1);
+ return 1;
}
-
-#ifdef undef
-int EVP_DecodeValid(unsigned char *buf, int len)
-{
- int i, num = 0, bad = 0;
-
- if (len == 0)
- return (-1);
- while (conv_ascii2bin(*buf) == B64_WS) {
- buf++;
- len--;
- if (len == 0)
- return (-1);
- }
-
- for (i = len; i >= 4; i -= 4) {
- if ((conv_ascii2bin(buf[0]) >= 0x40) ||
- (conv_ascii2bin(buf[1]) >= 0x40) ||
- (conv_ascii2bin(buf[2]) >= 0x40) ||
- (conv_ascii2bin(buf[3]) >= 0x40))
- return (-1);
- buf += 4;
- num += 1 + (buf[2] != '=') + (buf[3] != '=');
- }
- if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN))
- return (num);
- if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) &&
- (conv_ascii2bin(buf[0]) == B64_EOLN))
- return (num);
- return (1);
-}
-#endif
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
deleted file mode 100644
index cf1de15e6d03..000000000000
--- a/crypto/evp/evp.h
+++ /dev/null
@@ -1,1628 +0,0 @@
-/* crypto/evp/evp.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_ENVELOPE_H
-# define HEADER_ENVELOPE_H
-
-# ifdef OPENSSL_ALGORITHM_DEFINES
-# include <openssl/opensslconf.h>
-# else
-# define OPENSSL_ALGORITHM_DEFINES
-# include <openssl/opensslconf.h>
-# undef OPENSSL_ALGORITHM_DEFINES
-# endif
-
-# include <openssl/ossl_typ.h>
-
-# include <openssl/symhacks.h>
-
-# ifndef OPENSSL_NO_BIO
-# include <openssl/bio.h>
-# endif
-
-/*-
-#define EVP_RC2_KEY_SIZE 16
-#define EVP_RC4_KEY_SIZE 16
-#define EVP_BLOWFISH_KEY_SIZE 16
-#define EVP_CAST5_KEY_SIZE 16
-#define EVP_RC5_32_12_16_KEY_SIZE 16
-*/
-# define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */
-# define EVP_MAX_KEY_LENGTH 64
-# define EVP_MAX_IV_LENGTH 16
-# define EVP_MAX_BLOCK_LENGTH 32
-
-# define PKCS5_SALT_LEN 8
-/* Default PKCS#5 iteration count */
-# define PKCS5_DEFAULT_ITER 2048
-
-# include <openssl/objects.h>
-
-# define EVP_PK_RSA 0x0001
-# define EVP_PK_DSA 0x0002
-# define EVP_PK_DH 0x0004
-# define EVP_PK_EC 0x0008
-# define EVP_PKT_SIGN 0x0010
-# define EVP_PKT_ENC 0x0020
-# define EVP_PKT_EXCH 0x0040
-# define EVP_PKS_RSA 0x0100
-# define EVP_PKS_DSA 0x0200
-# define EVP_PKS_EC 0x0400
-
-# define EVP_PKEY_NONE NID_undef
-# define EVP_PKEY_RSA NID_rsaEncryption
-# define EVP_PKEY_RSA2 NID_rsa
-# define EVP_PKEY_DSA NID_dsa
-# define EVP_PKEY_DSA1 NID_dsa_2
-# define EVP_PKEY_DSA2 NID_dsaWithSHA
-# define EVP_PKEY_DSA3 NID_dsaWithSHA1
-# define EVP_PKEY_DSA4 NID_dsaWithSHA1_2
-# define EVP_PKEY_DH NID_dhKeyAgreement
-# define EVP_PKEY_DHX NID_dhpublicnumber
-# define EVP_PKEY_EC NID_X9_62_id_ecPublicKey
-# define EVP_PKEY_HMAC NID_hmac
-# define EVP_PKEY_CMAC NID_cmac
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Type needs to be a bit field Sub-type needs to be for variations on the
- * method, as in, can it do arbitrary encryption....
- */
-struct evp_pkey_st {
- int type;
- int save_type;
- int references;
- const EVP_PKEY_ASN1_METHOD *ameth;
- ENGINE *engine;
- union {
- char *ptr;
-# ifndef OPENSSL_NO_RSA
- struct rsa_st *rsa; /* RSA */
-# endif
-# ifndef OPENSSL_NO_DSA
- struct dsa_st *dsa; /* DSA */
-# endif
-# ifndef OPENSSL_NO_DH
- struct dh_st *dh; /* DH */
-# endif
-# ifndef OPENSSL_NO_EC
- struct ec_key_st *ec; /* ECC */
-# endif
- } pkey;
- int save_parameters;
- STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
-} /* EVP_PKEY */ ;
-
-# define EVP_PKEY_MO_SIGN 0x0001
-# define EVP_PKEY_MO_VERIFY 0x0002
-# define EVP_PKEY_MO_ENCRYPT 0x0004
-# define EVP_PKEY_MO_DECRYPT 0x0008
-
-# ifndef EVP_MD
-struct env_md_st {
- int type;
- int pkey_type;
- int md_size;
- unsigned long flags;
- int (*init) (EVP_MD_CTX *ctx);
- int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
- int (*final) (EVP_MD_CTX *ctx, unsigned char *md);
- int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from);
- int (*cleanup) (EVP_MD_CTX *ctx);
- /* FIXME: prototype these some day */
- int (*sign) (int type, const unsigned char *m, unsigned int m_length,
- unsigned char *sigret, unsigned int *siglen, void *key);
- int (*verify) (int type, const unsigned char *m, unsigned int m_length,
- const unsigned char *sigbuf, unsigned int siglen,
- void *key);
- int required_pkey_type[5]; /* EVP_PKEY_xxx */
- int block_size;
- int ctx_size; /* how big does the ctx->md_data need to be */
- /* control function */
- int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
-} /* EVP_MD */ ;
-
-typedef int evp_sign_method(int type, const unsigned char *m,
- unsigned int m_length, unsigned char *sigret,
- unsigned int *siglen, void *key);
-typedef int evp_verify_method(int type, const unsigned char *m,
- unsigned int m_length,
- const unsigned char *sigbuf,
- unsigned int siglen, void *key);
-
-/* digest can only handle a single block */
-# define EVP_MD_FLAG_ONESHOT 0x0001
-
-/*
- * digest is a "clone" digest used
- * which is a copy of an existing
- * one for a specific public key type.
- * EVP_dss1() etc
- */
-# define EVP_MD_FLAG_PKEY_DIGEST 0x0002
-
-/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */
-
-# define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004
-
-/* DigestAlgorithmIdentifier flags... */
-
-# define EVP_MD_FLAG_DIGALGID_MASK 0x0018
-
-/* NULL or absent parameter accepted. Use NULL */
-
-# define EVP_MD_FLAG_DIGALGID_NULL 0x0000
-
-/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */
-
-# define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008
-
-/* Custom handling via ctrl */
-
-# define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018
-
-/* Note if suitable for use in FIPS mode */
-# define EVP_MD_FLAG_FIPS 0x0400
-
-/* Digest ctrls */
-
-# define EVP_MD_CTRL_DIGALGID 0x1
-# define EVP_MD_CTRL_MICALG 0x2
-
-/* Minimum Algorithm specific ctrl value */
-
-# define EVP_MD_CTRL_ALG_CTRL 0x1000
-
-# define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0}
-
-# ifndef OPENSSL_NO_DSA
-# define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \
- (evp_verify_method *)DSA_verify, \
- {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \
- EVP_PKEY_DSA4,0}
-# else
-# define EVP_PKEY_DSA_method EVP_PKEY_NULL_method
-# endif
-
-# ifndef OPENSSL_NO_ECDSA
-# define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \
- (evp_verify_method *)ECDSA_verify, \
- {EVP_PKEY_EC,0,0,0}
-# else
-# define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method
-# endif
-
-# ifndef OPENSSL_NO_RSA
-# define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \
- (evp_verify_method *)RSA_verify, \
- {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
-# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \
- (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \
- (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \
- {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
-# else
-# define EVP_PKEY_RSA_method EVP_PKEY_NULL_method
-# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method
-# endif
-
-# endif /* !EVP_MD */
-
-struct env_md_ctx_st {
- const EVP_MD *digest;
- ENGINE *engine; /* functional reference if 'digest' is
- * ENGINE-provided */
- unsigned long flags;
- void *md_data;
- /* Public key context for sign/verify */
- EVP_PKEY_CTX *pctx;
- /* Update function: usually copied from EVP_MD */
- int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
-} /* EVP_MD_CTX */ ;
-
-/* values for EVP_MD_CTX flags */
-
-# define EVP_MD_CTX_FLAG_ONESHOT 0x0001/* digest update will be
- * called once only */
-# define EVP_MD_CTX_FLAG_CLEANED 0x0002/* context has already been
- * cleaned */
-# define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data
- * in EVP_MD_CTX_cleanup */
-/*
- * FIPS and pad options are ignored in 1.0.0, definitions are here so we
- * don't accidentally reuse the values for other purposes.
- */
-
-# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS
- * digest in FIPS mode */
-
-/*
- * The following PAD options are also currently ignored in 1.0.0, digest
- * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*()
- * instead.
- */
-# define EVP_MD_CTX_FLAG_PAD_MASK 0xF0/* RSA mode to use */
-# define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00/* PKCS#1 v1.5 mode */
-# define EVP_MD_CTX_FLAG_PAD_X931 0x10/* X9.31 mode */
-# define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */
-
-# define EVP_MD_CTX_FLAG_NO_INIT 0x0100/* Don't initialize md_data */
-
-struct evp_cipher_st {
- int nid;
- int block_size;
- /* Default value for variable length ciphers */
- int key_len;
- int iv_len;
- /* Various flags */
- unsigned long flags;
- /* init key */
- int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc);
- /* encrypt/decrypt data */
- int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, size_t inl);
- /* cleanup ctx */
- int (*cleanup) (EVP_CIPHER_CTX *);
- /* how big ctx->cipher_data needs to be */
- int ctx_size;
- /* Populate a ASN1_TYPE with parameters */
- int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
- /* Get parameters from a ASN1_TYPE */
- int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
- /* Miscellaneous operations */
- int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr);
- /* Application data */
- void *app_data;
-} /* EVP_CIPHER */ ;
-
-/* Values for cipher flags */
-
-/* Modes for ciphers */
-
-# define EVP_CIPH_STREAM_CIPHER 0x0
-# define EVP_CIPH_ECB_MODE 0x1
-# define EVP_CIPH_CBC_MODE 0x2
-# define EVP_CIPH_CFB_MODE 0x3
-# define EVP_CIPH_OFB_MODE 0x4
-# define EVP_CIPH_CTR_MODE 0x5
-# define EVP_CIPH_GCM_MODE 0x6
-# define EVP_CIPH_CCM_MODE 0x7
-# define EVP_CIPH_XTS_MODE 0x10001
-# define EVP_CIPH_WRAP_MODE 0x10002
-# define EVP_CIPH_MODE 0xF0007
-/* Set if variable length cipher */
-# define EVP_CIPH_VARIABLE_LENGTH 0x8
-/* Set if the iv handling should be done by the cipher itself */
-# define EVP_CIPH_CUSTOM_IV 0x10
-/* Set if the cipher's init() function should be called if key is NULL */
-# define EVP_CIPH_ALWAYS_CALL_INIT 0x20
-/* Call ctrl() to init cipher parameters */
-# define EVP_CIPH_CTRL_INIT 0x40
-/* Don't use standard key length function */
-# define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80
-/* Don't use standard block padding */
-# define EVP_CIPH_NO_PADDING 0x100
-/* cipher handles random key generation */
-# define EVP_CIPH_RAND_KEY 0x200
-/* cipher has its own additional copying logic */
-# define EVP_CIPH_CUSTOM_COPY 0x400
-/* Allow use default ASN1 get/set iv */
-# define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000
-/* Buffer length in bits not bytes: CFB1 mode only */
-# define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
-/* Note if suitable for use in FIPS mode */
-# define EVP_CIPH_FLAG_FIPS 0x4000
-/* Allow non FIPS cipher in FIPS mode */
-# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000
-/*
- * Cipher handles any and all padding logic as well as finalisation.
- */
-# define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000
-# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
-# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000
-
-/*
- * Cipher context flag to indicate we can handle wrap mode: if allowed in
- * older applications it could overflow buffers.
- */
-
-# define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0x1
-
-/* ctrl() values */
-
-# define EVP_CTRL_INIT 0x0
-# define EVP_CTRL_SET_KEY_LENGTH 0x1
-# define EVP_CTRL_GET_RC2_KEY_BITS 0x2
-# define EVP_CTRL_SET_RC2_KEY_BITS 0x3
-# define EVP_CTRL_GET_RC5_ROUNDS 0x4
-# define EVP_CTRL_SET_RC5_ROUNDS 0x5
-# define EVP_CTRL_RAND_KEY 0x6
-# define EVP_CTRL_PBE_PRF_NID 0x7
-# define EVP_CTRL_COPY 0x8
-# define EVP_CTRL_GCM_SET_IVLEN 0x9
-# define EVP_CTRL_GCM_GET_TAG 0x10
-# define EVP_CTRL_GCM_SET_TAG 0x11
-# define EVP_CTRL_GCM_SET_IV_FIXED 0x12
-# define EVP_CTRL_GCM_IV_GEN 0x13
-# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN
-# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_GCM_GET_TAG
-# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_GCM_SET_TAG
-# define EVP_CTRL_CCM_SET_L 0x14
-# define EVP_CTRL_CCM_SET_MSGLEN 0x15
-/*
- * AEAD cipher deduces payload length and returns number of bytes required to
- * store MAC and eventual padding. Subsequent call to EVP_Cipher even
- * appends/verifies MAC.
- */
-# define EVP_CTRL_AEAD_TLS1_AAD 0x16
-/* Used by composite AEAD ciphers, no-op in GCM, CCM... */
-# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17
-/* Set the GCM invocation field, decrypt only */
-# define EVP_CTRL_GCM_SET_IV_INV 0x18
-
-# define EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 0x19
-# define EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 0x1a
-# define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b
-# define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c
-
-/* RFC 5246 defines additional data to be 13 bytes in length */
-# define EVP_AEAD_TLS1_AAD_LEN 13
-
-typedef struct {
- unsigned char *out;
- const unsigned char *inp;
- size_t len;
- unsigned int interleave;
-} EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM;
-
-/* GCM TLS constants */
-/* Length of fixed part of IV derived from PRF */
-# define EVP_GCM_TLS_FIXED_IV_LEN 4
-/* Length of explicit part of IV part of TLS records */
-# define EVP_GCM_TLS_EXPLICIT_IV_LEN 8
-/* Length of tag for TLS */
-# define EVP_GCM_TLS_TAG_LEN 16
-
-typedef struct evp_cipher_info_st {
- const EVP_CIPHER *cipher;
- unsigned char iv[EVP_MAX_IV_LENGTH];
-} EVP_CIPHER_INFO;
-
-struct evp_cipher_ctx_st {
- const EVP_CIPHER *cipher;
- ENGINE *engine; /* functional reference if 'cipher' is
- * ENGINE-provided */
- int encrypt; /* encrypt or decrypt */
- int buf_len; /* number we have left */
- unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */
- unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */
- unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */
- int num; /* used by cfb/ofb/ctr mode */
- void *app_data; /* application stuff */
- int key_len; /* May change for variable length cipher */
- unsigned long flags; /* Various flags */
- void *cipher_data; /* per EVP data */
- int final_used;
- int block_mask;
- unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
-} /* EVP_CIPHER_CTX */ ;
-
-typedef struct evp_Encode_Ctx_st {
- /* number saved in a partial encode/decode */
- int num;
- /*
- * The length is either the output line length (in input bytes) or the
- * shortest input line length that is ok. Once decoding begins, the
- * length is adjusted up each time a longer line is decoded
- */
- int length;
- /* data to encode */
- unsigned char enc_data[80];
- /* number read on current line */
- int line_num;
- int expect_nl;
-} EVP_ENCODE_CTX;
-
-/* Password based encryption function */
-typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass,
- int passlen, ASN1_TYPE *param,
- const EVP_CIPHER *cipher, const EVP_MD *md,
- int en_de);
-
-# ifndef OPENSSL_NO_RSA
-# define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
- (char *)(rsa))
-# endif
-
-# ifndef OPENSSL_NO_DSA
-# define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
- (char *)(dsa))
-# endif
-
-# ifndef OPENSSL_NO_DH
-# define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
- (char *)(dh))
-# endif
-
-# ifndef OPENSSL_NO_EC
-# define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\
- (char *)(eckey))
-# endif
-
-/* Add some extra combinations */
-# define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
-# define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
-# define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
-# define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
-
-int EVP_MD_type(const EVP_MD *md);
-# define EVP_MD_nid(e) EVP_MD_type(e)
-# define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e))
-int EVP_MD_pkey_type(const EVP_MD *md);
-int EVP_MD_size(const EVP_MD *md);
-int EVP_MD_block_size(const EVP_MD *md);
-unsigned long EVP_MD_flags(const EVP_MD *md);
-
-const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
-# define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e))
-# define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e))
-# define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e))
-
-int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
-# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
-int EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
-int EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
-int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
-unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher);
-# define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE)
-
-const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
-void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
-void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
-# define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
-unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
-# define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)
-
-# define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80)
-# define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80)
-
-# define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c)
-# define EVP_SignInit(a,b) EVP_DigestInit(a,b)
-# define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
-# define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c)
-# define EVP_VerifyInit(a,b) EVP_DigestInit(a,b)
-# define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
-# define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e)
-# define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e)
-# define EVP_DigestSignUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
-# define EVP_DigestVerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
-
-# ifdef CONST_STRICT
-void BIO_set_md(BIO *, const EVP_MD *md);
-# else
-# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md)
-# endif
-# define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp)
-# define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp)
-# define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp)
-# define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
-# define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)
-
-int EVP_Cipher(EVP_CIPHER_CTX *c,
- unsigned char *out, const unsigned char *in, unsigned int inl);
-
-# define EVP_add_cipher_alias(n,alias) \
- OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n))
-# define EVP_add_digest_alias(n,alias) \
- OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n))
-# define EVP_delete_cipher_alias(alias) \
- OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS);
-# define EVP_delete_digest_alias(alias) \
- OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
-
-void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
-int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
-EVP_MD_CTX *EVP_MD_CTX_create(void);
-void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
-int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
-void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
-void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
-int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
-int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
-int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
-int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
-int EVP_Digest(const void *data, size_t count,
- unsigned char *md, unsigned int *size, const EVP_MD *type,
- ENGINE *impl);
-
-int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
-int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
-int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
-
-int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify);
-int EVP_read_pw_string_min(char *buf, int minlen, int maxlen,
- const char *prompt, int verify);
-void EVP_set_pw_prompt(const char *prompt);
-char *EVP_get_pw_prompt(void);
-
-int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
- const unsigned char *salt, const unsigned char *data,
- int datal, int count, unsigned char *key,
- unsigned char *iv);
-
-void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
-void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
-int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
-
-int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
- const unsigned char *key, const unsigned char *iv);
-int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
- ENGINE *impl, const unsigned char *key,
- const unsigned char *iv);
-int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
- const unsigned char *in, int inl);
-int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-
-int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
- const unsigned char *key, const unsigned char *iv);
-int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
- ENGINE *impl, const unsigned char *key,
- const unsigned char *iv);
-int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
- const unsigned char *in, int inl);
-int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-
-int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
- const unsigned char *key, const unsigned char *iv,
- int enc);
-int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
- ENGINE *impl, const unsigned char *key,
- const unsigned char *iv, int enc);
-int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
- const unsigned char *in, int inl);
-int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-
-int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
- EVP_PKEY *pkey);
-
-int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
- unsigned int siglen, EVP_PKEY *pkey);
-
-int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
- const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
-int EVP_DigestSignFinal(EVP_MD_CTX *ctx,
- unsigned char *sigret, size_t *siglen);
-
-int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
- const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
-int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx,
- const unsigned char *sig, size_t siglen);
-
-int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- const unsigned char *ek, int ekl, const unsigned char *iv,
- EVP_PKEY *priv);
-int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-
-int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- unsigned char **ek, int *ekl, unsigned char *iv,
- EVP_PKEY **pubk, int npubk);
-int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-
-void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
-void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
- const unsigned char *in, int inl);
-void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
-int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
-
-void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
-int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
- const unsigned char *in, int inl);
-int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
- char *out, int *outl);
-int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
-
-void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
-int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
-EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
-void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a);
-int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
-int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
-int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
-int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
-
-# ifndef OPENSSL_NO_BIO
-BIO_METHOD *BIO_f_md(void);
-BIO_METHOD *BIO_f_base64(void);
-BIO_METHOD *BIO_f_cipher(void);
-BIO_METHOD *BIO_f_reliable(void);
-void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
- const unsigned char *i, int enc);
-# endif
-
-const EVP_MD *EVP_md_null(void);
-# ifndef OPENSSL_NO_MD2
-const EVP_MD *EVP_md2(void);
-# endif
-# ifndef OPENSSL_NO_MD4
-const EVP_MD *EVP_md4(void);
-# endif
-# ifndef OPENSSL_NO_MD5
-const EVP_MD *EVP_md5(void);
-# endif
-# ifndef OPENSSL_NO_SHA
-const EVP_MD *EVP_sha(void);
-const EVP_MD *EVP_sha1(void);
-const EVP_MD *EVP_dss(void);
-const EVP_MD *EVP_dss1(void);
-const EVP_MD *EVP_ecdsa(void);
-# endif
-# ifndef OPENSSL_NO_SHA256
-const EVP_MD *EVP_sha224(void);
-const EVP_MD *EVP_sha256(void);
-# endif
-# ifndef OPENSSL_NO_SHA512
-const EVP_MD *EVP_sha384(void);
-const EVP_MD *EVP_sha512(void);
-# endif
-# ifndef OPENSSL_NO_MDC2
-const EVP_MD *EVP_mdc2(void);
-# endif
-# ifndef OPENSSL_NO_RIPEMD
-const EVP_MD *EVP_ripemd160(void);
-# endif
-# ifndef OPENSSL_NO_WHIRLPOOL
-const EVP_MD *EVP_whirlpool(void);
-# endif
-const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */
-# ifndef OPENSSL_NO_DES
-const EVP_CIPHER *EVP_des_ecb(void);
-const EVP_CIPHER *EVP_des_ede(void);
-const EVP_CIPHER *EVP_des_ede3(void);
-const EVP_CIPHER *EVP_des_ede_ecb(void);
-const EVP_CIPHER *EVP_des_ede3_ecb(void);
-const EVP_CIPHER *EVP_des_cfb64(void);
-# define EVP_des_cfb EVP_des_cfb64
-const EVP_CIPHER *EVP_des_cfb1(void);
-const EVP_CIPHER *EVP_des_cfb8(void);
-const EVP_CIPHER *EVP_des_ede_cfb64(void);
-# define EVP_des_ede_cfb EVP_des_ede_cfb64
-# if 0
-const EVP_CIPHER *EVP_des_ede_cfb1(void);
-const EVP_CIPHER *EVP_des_ede_cfb8(void);
-# endif
-const EVP_CIPHER *EVP_des_ede3_cfb64(void);
-# define EVP_des_ede3_cfb EVP_des_ede3_cfb64
-const EVP_CIPHER *EVP_des_ede3_cfb1(void);
-const EVP_CIPHER *EVP_des_ede3_cfb8(void);
-const EVP_CIPHER *EVP_des_ofb(void);
-const EVP_CIPHER *EVP_des_ede_ofb(void);
-const EVP_CIPHER *EVP_des_ede3_ofb(void);
-const EVP_CIPHER *EVP_des_cbc(void);
-const EVP_CIPHER *EVP_des_ede_cbc(void);
-const EVP_CIPHER *EVP_des_ede3_cbc(void);
-const EVP_CIPHER *EVP_desx_cbc(void);
-const EVP_CIPHER *EVP_des_ede3_wrap(void);
-/*
- * This should now be supported through the dev_crypto ENGINE. But also, why
- * are rc4 and md5 declarations made here inside a "NO_DES" precompiler
- * branch?
- */
-# if 0
-# ifdef OPENSSL_OPENBSD_DEV_CRYPTO
-const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void);
-const EVP_CIPHER *EVP_dev_crypto_rc4(void);
-const EVP_MD *EVP_dev_crypto_md5(void);
-# endif
-# endif
-# endif
-# ifndef OPENSSL_NO_RC4
-const EVP_CIPHER *EVP_rc4(void);
-const EVP_CIPHER *EVP_rc4_40(void);
-# ifndef OPENSSL_NO_MD5
-const EVP_CIPHER *EVP_rc4_hmac_md5(void);
-# endif
-# endif
-# ifndef OPENSSL_NO_IDEA
-const EVP_CIPHER *EVP_idea_ecb(void);
-const EVP_CIPHER *EVP_idea_cfb64(void);
-# define EVP_idea_cfb EVP_idea_cfb64
-const EVP_CIPHER *EVP_idea_ofb(void);
-const EVP_CIPHER *EVP_idea_cbc(void);
-# endif
-# ifndef OPENSSL_NO_RC2
-const EVP_CIPHER *EVP_rc2_ecb(void);
-const EVP_CIPHER *EVP_rc2_cbc(void);
-const EVP_CIPHER *EVP_rc2_40_cbc(void);
-const EVP_CIPHER *EVP_rc2_64_cbc(void);
-const EVP_CIPHER *EVP_rc2_cfb64(void);
-# define EVP_rc2_cfb EVP_rc2_cfb64
-const EVP_CIPHER *EVP_rc2_ofb(void);
-# endif
-# ifndef OPENSSL_NO_BF
-const EVP_CIPHER *EVP_bf_ecb(void);
-const EVP_CIPHER *EVP_bf_cbc(void);
-const EVP_CIPHER *EVP_bf_cfb64(void);
-# define EVP_bf_cfb EVP_bf_cfb64
-const EVP_CIPHER *EVP_bf_ofb(void);
-# endif
-# ifndef OPENSSL_NO_CAST
-const EVP_CIPHER *EVP_cast5_ecb(void);
-const EVP_CIPHER *EVP_cast5_cbc(void);
-const EVP_CIPHER *EVP_cast5_cfb64(void);
-# define EVP_cast5_cfb EVP_cast5_cfb64
-const EVP_CIPHER *EVP_cast5_ofb(void);
-# endif
-# ifndef OPENSSL_NO_RC5
-const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
-const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
-const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void);
-# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64
-const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
-# endif
-# ifndef OPENSSL_NO_AES
-const EVP_CIPHER *EVP_aes_128_ecb(void);
-const EVP_CIPHER *EVP_aes_128_cbc(void);
-const EVP_CIPHER *EVP_aes_128_cfb1(void);
-const EVP_CIPHER *EVP_aes_128_cfb8(void);
-const EVP_CIPHER *EVP_aes_128_cfb128(void);
-# define EVP_aes_128_cfb EVP_aes_128_cfb128
-const EVP_CIPHER *EVP_aes_128_ofb(void);
-const EVP_CIPHER *EVP_aes_128_ctr(void);
-const EVP_CIPHER *EVP_aes_128_ccm(void);
-const EVP_CIPHER *EVP_aes_128_gcm(void);
-const EVP_CIPHER *EVP_aes_128_xts(void);
-const EVP_CIPHER *EVP_aes_128_wrap(void);
-const EVP_CIPHER *EVP_aes_192_ecb(void);
-const EVP_CIPHER *EVP_aes_192_cbc(void);
-const EVP_CIPHER *EVP_aes_192_cfb1(void);
-const EVP_CIPHER *EVP_aes_192_cfb8(void);
-const EVP_CIPHER *EVP_aes_192_cfb128(void);
-# define EVP_aes_192_cfb EVP_aes_192_cfb128
-const EVP_CIPHER *EVP_aes_192_ofb(void);
-const EVP_CIPHER *EVP_aes_192_ctr(void);
-const EVP_CIPHER *EVP_aes_192_ccm(void);
-const EVP_CIPHER *EVP_aes_192_gcm(void);
-const EVP_CIPHER *EVP_aes_192_wrap(void);
-const EVP_CIPHER *EVP_aes_256_ecb(void);
-const EVP_CIPHER *EVP_aes_256_cbc(void);
-const EVP_CIPHER *EVP_aes_256_cfb1(void);
-const EVP_CIPHER *EVP_aes_256_cfb8(void);
-const EVP_CIPHER *EVP_aes_256_cfb128(void);
-# define EVP_aes_256_cfb EVP_aes_256_cfb128
-const EVP_CIPHER *EVP_aes_256_ofb(void);
-const EVP_CIPHER *EVP_aes_256_ctr(void);
-const EVP_CIPHER *EVP_aes_256_ccm(void);
-const EVP_CIPHER *EVP_aes_256_gcm(void);
-const EVP_CIPHER *EVP_aes_256_xts(void);
-const EVP_CIPHER *EVP_aes_256_wrap(void);
-# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
-const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void);
-# endif
-# ifndef OPENSSL_NO_SHA256
-const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void);
-const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void);
-# endif
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
-const EVP_CIPHER *EVP_camellia_128_ecb(void);
-const EVP_CIPHER *EVP_camellia_128_cbc(void);
-const EVP_CIPHER *EVP_camellia_128_cfb1(void);
-const EVP_CIPHER *EVP_camellia_128_cfb8(void);
-const EVP_CIPHER *EVP_camellia_128_cfb128(void);
-# define EVP_camellia_128_cfb EVP_camellia_128_cfb128
-const EVP_CIPHER *EVP_camellia_128_ofb(void);
-const EVP_CIPHER *EVP_camellia_192_ecb(void);
-const EVP_CIPHER *EVP_camellia_192_cbc(void);
-const EVP_CIPHER *EVP_camellia_192_cfb1(void);
-const EVP_CIPHER *EVP_camellia_192_cfb8(void);
-const EVP_CIPHER *EVP_camellia_192_cfb128(void);
-# define EVP_camellia_192_cfb EVP_camellia_192_cfb128
-const EVP_CIPHER *EVP_camellia_192_ofb(void);
-const EVP_CIPHER *EVP_camellia_256_ecb(void);
-const EVP_CIPHER *EVP_camellia_256_cbc(void);
-const EVP_CIPHER *EVP_camellia_256_cfb1(void);
-const EVP_CIPHER *EVP_camellia_256_cfb8(void);
-const EVP_CIPHER *EVP_camellia_256_cfb128(void);
-# define EVP_camellia_256_cfb EVP_camellia_256_cfb128
-const EVP_CIPHER *EVP_camellia_256_ofb(void);
-# endif
-
-# ifndef OPENSSL_NO_SEED
-const EVP_CIPHER *EVP_seed_ecb(void);
-const EVP_CIPHER *EVP_seed_cbc(void);
-const EVP_CIPHER *EVP_seed_cfb128(void);
-# define EVP_seed_cfb EVP_seed_cfb128
-const EVP_CIPHER *EVP_seed_ofb(void);
-# endif
-
-void OPENSSL_add_all_algorithms_noconf(void);
-void OPENSSL_add_all_algorithms_conf(void);
-
-# ifdef OPENSSL_LOAD_CONF
-# define OpenSSL_add_all_algorithms() \
- OPENSSL_add_all_algorithms_conf()
-# else
-# define OpenSSL_add_all_algorithms() \
- OPENSSL_add_all_algorithms_noconf()
-# endif
-
-void OpenSSL_add_all_ciphers(void);
-void OpenSSL_add_all_digests(void);
-# define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms()
-# define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers()
-# define SSLeay_add_all_digests() OpenSSL_add_all_digests()
-
-int EVP_add_cipher(const EVP_CIPHER *cipher);
-int EVP_add_digest(const EVP_MD *digest);
-
-const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
-const EVP_MD *EVP_get_digestbyname(const char *name);
-void EVP_cleanup(void);
-
-void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph,
- const char *from, const char *to, void *x),
- void *arg);
-void EVP_CIPHER_do_all_sorted(void (*fn)
- (const EVP_CIPHER *ciph, const char *from,
- const char *to, void *x), void *arg);
-
-void EVP_MD_do_all(void (*fn) (const EVP_MD *ciph,
- const char *from, const char *to, void *x),
- void *arg);
-void EVP_MD_do_all_sorted(void (*fn)
- (const EVP_MD *ciph, const char *from,
- const char *to, void *x), void *arg);
-
-int EVP_PKEY_decrypt_old(unsigned char *dec_key,
- const unsigned char *enc_key, int enc_key_len,
- EVP_PKEY *private_key);
-int EVP_PKEY_encrypt_old(unsigned char *enc_key,
- const unsigned char *key, int key_len,
- EVP_PKEY *pub_key);
-int EVP_PKEY_type(int type);
-int EVP_PKEY_id(const EVP_PKEY *pkey);
-int EVP_PKEY_base_id(const EVP_PKEY *pkey);
-int EVP_PKEY_bits(EVP_PKEY *pkey);
-int EVP_PKEY_size(EVP_PKEY *pkey);
-int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
-int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
-int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
-void *EVP_PKEY_get0(EVP_PKEY *pkey);
-
-# ifndef OPENSSL_NO_RSA
-struct rsa_st;
-int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
-struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
-# endif
-# ifndef OPENSSL_NO_DSA
-struct dsa_st;
-int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key);
-struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
-# endif
-# ifndef OPENSSL_NO_DH
-struct dh_st;
-int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key);
-struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
-# endif
-# ifndef OPENSSL_NO_EC
-struct ec_key_st;
-int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
-struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
-# endif
-
-EVP_PKEY *EVP_PKEY_new(void);
-void EVP_PKEY_free(EVP_PKEY *pkey);
-
-EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
- long length);
-int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
-
-EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
- long length);
-EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
- long length);
-int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
-
-int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
-int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
-int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode);
-int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
-
-int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
-
-int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
- int indent, ASN1_PCTX *pctx);
-int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
- int indent, ASN1_PCTX *pctx);
-int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
- int indent, ASN1_PCTX *pctx);
-
-int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
-
-int EVP_CIPHER_type(const EVP_CIPHER *ctx);
-
-/* calls methods */
-int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-
-/* These are used by EVP_CIPHER methods */
-int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-
-/* PKCS5 password based encryption */
-int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
- ASN1_TYPE *param, const EVP_CIPHER *cipher,
- const EVP_MD *md, int en_de);
-int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
- const unsigned char *salt, int saltlen, int iter,
- int keylen, unsigned char *out);
-int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
- const unsigned char *salt, int saltlen, int iter,
- const EVP_MD *digest, int keylen, unsigned char *out);
-int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
- ASN1_TYPE *param, const EVP_CIPHER *cipher,
- const EVP_MD *md, int en_de);
-
-void PKCS5_PBE_add(void);
-
-int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
- ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
-
-/* PBE type */
-
-/* Can appear as the outermost AlgorithmIdentifier */
-# define EVP_PBE_TYPE_OUTER 0x0
-/* Is an PRF type OID */
-# define EVP_PBE_TYPE_PRF 0x1
-
-int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid,
- int md_nid, EVP_PBE_KEYGEN *keygen);
-int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
- EVP_PBE_KEYGEN *keygen);
-int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid,
- EVP_PBE_KEYGEN **pkeygen);
-void EVP_PBE_cleanup(void);
-
-# define ASN1_PKEY_ALIAS 0x1
-# define ASN1_PKEY_DYNAMIC 0x2
-# define ASN1_PKEY_SIGPARAM_NULL 0x4
-
-# define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1
-# define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2
-# define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3
-# define ASN1_PKEY_CTRL_CMS_SIGN 0x5
-# define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7
-# define ASN1_PKEY_CTRL_CMS_RI_TYPE 0x8
-
-int EVP_PKEY_asn1_get_count(void);
-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type);
-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
- const char *str, int len);
-int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth);
-int EVP_PKEY_asn1_add_alias(int to, int from);
-int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id,
- int *ppkey_flags, const char **pinfo,
- const char **ppem_str,
- const EVP_PKEY_ASN1_METHOD *ameth);
-
-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(EVP_PKEY *pkey);
-EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
- const char *pem_str,
- const char *info);
-void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
- const EVP_PKEY_ASN1_METHOD *src);
-void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth);
-void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
- int (*pub_decode) (EVP_PKEY *pk,
- X509_PUBKEY *pub),
- int (*pub_encode) (X509_PUBKEY *pub,
- const EVP_PKEY *pk),
- int (*pub_cmp) (const EVP_PKEY *a,
- const EVP_PKEY *b),
- int (*pub_print) (BIO *out,
- const EVP_PKEY *pkey,
- int indent, ASN1_PCTX *pctx),
- int (*pkey_size) (const EVP_PKEY *pk),
- int (*pkey_bits) (const EVP_PKEY *pk));
-void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
- int (*priv_decode) (EVP_PKEY *pk,
- PKCS8_PRIV_KEY_INFO
- *p8inf),
- int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8,
- const EVP_PKEY *pk),
- int (*priv_print) (BIO *out,
- const EVP_PKEY *pkey,
- int indent,
- ASN1_PCTX *pctx));
-void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
- int (*param_decode) (EVP_PKEY *pkey,
- const unsigned char **pder,
- int derlen),
- int (*param_encode) (const EVP_PKEY *pkey,
- unsigned char **pder),
- int (*param_missing) (const EVP_PKEY *pk),
- int (*param_copy) (EVP_PKEY *to,
- const EVP_PKEY *from),
- int (*param_cmp) (const EVP_PKEY *a,
- const EVP_PKEY *b),
- int (*param_print) (BIO *out,
- const EVP_PKEY *pkey,
- int indent,
- ASN1_PCTX *pctx));
-
-void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
- void (*pkey_free) (EVP_PKEY *pkey));
-void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
- int (*pkey_ctrl) (EVP_PKEY *pkey, int op,
- long arg1, void *arg2));
-void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
- int (*item_verify) (EVP_MD_CTX *ctx,
- const ASN1_ITEM *it,
- void *asn,
- X509_ALGOR *a,
- ASN1_BIT_STRING *sig,
- EVP_PKEY *pkey),
- int (*item_sign) (EVP_MD_CTX *ctx,
- const ASN1_ITEM *it,
- void *asn,
- X509_ALGOR *alg1,
- X509_ALGOR *alg2,
- ASN1_BIT_STRING *sig));
-
-# define EVP_PKEY_OP_UNDEFINED 0
-# define EVP_PKEY_OP_PARAMGEN (1<<1)
-# define EVP_PKEY_OP_KEYGEN (1<<2)
-# define EVP_PKEY_OP_SIGN (1<<3)
-# define EVP_PKEY_OP_VERIFY (1<<4)
-# define EVP_PKEY_OP_VERIFYRECOVER (1<<5)
-# define EVP_PKEY_OP_SIGNCTX (1<<6)
-# define EVP_PKEY_OP_VERIFYCTX (1<<7)
-# define EVP_PKEY_OP_ENCRYPT (1<<8)
-# define EVP_PKEY_OP_DECRYPT (1<<9)
-# define EVP_PKEY_OP_DERIVE (1<<10)
-
-# define EVP_PKEY_OP_TYPE_SIG \
- (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \
- | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX)
-
-# define EVP_PKEY_OP_TYPE_CRYPT \
- (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)
-
-# define EVP_PKEY_OP_TYPE_NOGEN \
- (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE)
-
-# define EVP_PKEY_OP_TYPE_GEN \
- (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
-
-# define EVP_PKEY_CTX_set_signature_md(ctx, md) \
- EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \
- EVP_PKEY_CTRL_MD, 0, (void *)md)
-
-# define EVP_PKEY_CTX_get_signature_md(ctx, pmd) \
- EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \
- EVP_PKEY_CTRL_GET_MD, 0, (void *)pmd)
-
-# define EVP_PKEY_CTRL_MD 1
-# define EVP_PKEY_CTRL_PEER_KEY 2
-
-# define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3
-# define EVP_PKEY_CTRL_PKCS7_DECRYPT 4
-
-# define EVP_PKEY_CTRL_PKCS7_SIGN 5
-
-# define EVP_PKEY_CTRL_SET_MAC_KEY 6
-
-# define EVP_PKEY_CTRL_DIGESTINIT 7
-
-/* Used by GOST key encryption in TLS */
-# define EVP_PKEY_CTRL_SET_IV 8
-
-# define EVP_PKEY_CTRL_CMS_ENCRYPT 9
-# define EVP_PKEY_CTRL_CMS_DECRYPT 10
-# define EVP_PKEY_CTRL_CMS_SIGN 11
-
-# define EVP_PKEY_CTRL_CIPHER 12
-
-# define EVP_PKEY_CTRL_GET_MD 13
-
-# define EVP_PKEY_ALG_CTRL 0x1000
-
-# define EVP_PKEY_FLAG_AUTOARGLEN 2
-/*
- * Method handles all operations: don't assume any digest related defaults.
- */
-# define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4
-
-const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
-EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags);
-void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
- const EVP_PKEY_METHOD *meth);
-void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src);
-void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
-int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
-
-EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
-EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
-EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx);
-void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
-
-int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
- int cmd, int p1, void *p2);
-int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
- const char *value);
-
-int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx);
-void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
-
-EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
- const unsigned char *key, int keylen);
-
-void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data);
-void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx);
-EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx);
-
-EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx);
-
-void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
-void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
-
-int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
- unsigned char *sig, size_t *siglen,
- const unsigned char *tbs, size_t tbslen);
-int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
- const unsigned char *sig, size_t siglen,
- const unsigned char *tbs, size_t tbslen);
-int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
- unsigned char *rout, size_t *routlen,
- const unsigned char *sig, size_t siglen);
-int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
- unsigned char *out, size_t *outlen,
- const unsigned char *in, size_t inlen);
-int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
- unsigned char *out, size_t *outlen,
- const unsigned char *in, size_t inlen);
-
-int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
-int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
-
-typedef int EVP_PKEY_gen_cb (EVP_PKEY_CTX *ctx);
-
-int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
-int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
-
-void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
-EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
-
-int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
-
-void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
- int (*init) (EVP_PKEY_CTX *ctx));
-
-void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
- int (*copy) (EVP_PKEY_CTX *dst,
- EVP_PKEY_CTX *src));
-
-void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
- void (*cleanup) (EVP_PKEY_CTX *ctx));
-
-void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
- int (*paramgen_init) (EVP_PKEY_CTX *ctx),
- int (*paramgen) (EVP_PKEY_CTX *ctx,
- EVP_PKEY *pkey));
-
-void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
- int (*keygen_init) (EVP_PKEY_CTX *ctx),
- int (*keygen) (EVP_PKEY_CTX *ctx,
- EVP_PKEY *pkey));
-
-void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
- int (*sign_init) (EVP_PKEY_CTX *ctx),
- int (*sign) (EVP_PKEY_CTX *ctx,
- unsigned char *sig, size_t *siglen,
- const unsigned char *tbs,
- size_t tbslen));
-
-void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
- int (*verify_init) (EVP_PKEY_CTX *ctx),
- int (*verify) (EVP_PKEY_CTX *ctx,
- const unsigned char *sig,
- size_t siglen,
- const unsigned char *tbs,
- size_t tbslen));
-
-void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
- int (*verify_recover_init) (EVP_PKEY_CTX
- *ctx),
- int (*verify_recover) (EVP_PKEY_CTX
- *ctx,
- unsigned char
- *sig,
- size_t *siglen,
- const unsigned
- char *tbs,
- size_t tbslen));
-
-void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
- int (*signctx_init) (EVP_PKEY_CTX *ctx,
- EVP_MD_CTX *mctx),
- int (*signctx) (EVP_PKEY_CTX *ctx,
- unsigned char *sig,
- size_t *siglen,
- EVP_MD_CTX *mctx));
-
-void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
- int (*verifyctx_init) (EVP_PKEY_CTX *ctx,
- EVP_MD_CTX *mctx),
- int (*verifyctx) (EVP_PKEY_CTX *ctx,
- const unsigned char *sig,
- int siglen,
- EVP_MD_CTX *mctx));
-
-void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
- int (*encrypt_init) (EVP_PKEY_CTX *ctx),
- int (*encryptfn) (EVP_PKEY_CTX *ctx,
- unsigned char *out,
- size_t *outlen,
- const unsigned char *in,
- size_t inlen));
-
-void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
- int (*decrypt_init) (EVP_PKEY_CTX *ctx),
- int (*decrypt) (EVP_PKEY_CTX *ctx,
- unsigned char *out,
- size_t *outlen,
- const unsigned char *in,
- size_t inlen));
-
-void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
- int (*derive_init) (EVP_PKEY_CTX *ctx),
- int (*derive) (EVP_PKEY_CTX *ctx,
- unsigned char *key,
- size_t *keylen));
-
-void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
- int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
- void *p2),
- int (*ctrl_str) (EVP_PKEY_CTX *ctx,
- const char *type,
- const char *value));
-
-void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
- int (**pinit) (EVP_PKEY_CTX *ctx));
-
-void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth,
- int (**pcopy) (EVP_PKEY_CTX *dst,
- EVP_PKEY_CTX *src));
-
-void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth,
- void (**pcleanup) (EVP_PKEY_CTX *ctx));
-
-void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth,
- int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
- int (**pparamgen) (EVP_PKEY_CTX *ctx,
- EVP_PKEY *pkey));
-
-void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
- int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
- int (**pkeygen) (EVP_PKEY_CTX *ctx,
- EVP_PKEY *pkey));
-
-void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
- int (**psign_init) (EVP_PKEY_CTX *ctx),
- int (**psign) (EVP_PKEY_CTX *ctx,
- unsigned char *sig, size_t *siglen,
- const unsigned char *tbs,
- size_t tbslen));
-
-void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth,
- int (**pverify_init) (EVP_PKEY_CTX *ctx),
- int (**pverify) (EVP_PKEY_CTX *ctx,
- const unsigned char *sig,
- size_t siglen,
- const unsigned char *tbs,
- size_t tbslen));
-
-void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth,
- int (**pverify_recover_init) (EVP_PKEY_CTX
- *ctx),
- int (**pverify_recover) (EVP_PKEY_CTX
- *ctx,
- unsigned char
- *sig,
- size_t *siglen,
- const unsigned
- char *tbs,
- size_t tbslen));
-
-void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth,
- int (**psignctx_init) (EVP_PKEY_CTX *ctx,
- EVP_MD_CTX *mctx),
- int (**psignctx) (EVP_PKEY_CTX *ctx,
- unsigned char *sig,
- size_t *siglen,
- EVP_MD_CTX *mctx));
-
-void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth,
- int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
- EVP_MD_CTX *mctx),
- int (**pverifyctx) (EVP_PKEY_CTX *ctx,
- const unsigned char *sig,
- int siglen,
- EVP_MD_CTX *mctx));
-
-void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth,
- int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
- int (**pencryptfn) (EVP_PKEY_CTX *ctx,
- unsigned char *out,
- size_t *outlen,
- const unsigned char *in,
- size_t inlen));
-
-void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
- int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
- int (**pdecrypt) (EVP_PKEY_CTX *ctx,
- unsigned char *out,
- size_t *outlen,
- const unsigned char *in,
- size_t inlen));
-
-void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
- int (**pderive_init) (EVP_PKEY_CTX *ctx),
- int (**pderive) (EVP_PKEY_CTX *ctx,
- unsigned char *key,
- size_t *keylen));
-
-void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth,
- int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
- void *p2),
- int (**pctrl_str) (EVP_PKEY_CTX *ctx,
- const char *type,
- const char *value));
-
-void EVP_add_alg_module(void);
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-
-void ERR_load_EVP_strings(void);
-
-/* Error codes for the EVP functions. */
-
-/* Function codes. */
-# define EVP_F_AESNI_INIT_KEY 165
-# define EVP_F_AESNI_XTS_CIPHER 176
-# define EVP_F_AES_INIT_KEY 133
-# define EVP_F_AES_T4_INIT_KEY 178
-# define EVP_F_AES_XTS 172
-# define EVP_F_AES_XTS_CIPHER 175
-# define EVP_F_ALG_MODULE_INIT 177
-# define EVP_F_CAMELLIA_INIT_KEY 159
-# define EVP_F_CMAC_INIT 173
-# define EVP_F_CMLL_T4_INIT_KEY 179
-# define EVP_F_D2I_PKEY 100
-# define EVP_F_DO_SIGVER_INIT 161
-# define EVP_F_DSAPKEY2PKCS8 134
-# define EVP_F_DSA_PKEY2PKCS8 135
-# define EVP_F_ECDSA_PKEY2PKCS8 129
-# define EVP_F_ECKEY_PKEY2PKCS8 132
-# define EVP_F_EVP_CIPHERINIT_EX 123
-# define EVP_F_EVP_CIPHER_CTX_COPY 163
-# define EVP_F_EVP_CIPHER_CTX_CTRL 124
-# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
-# define EVP_F_EVP_DECRYPTFINAL_EX 101
-# define EVP_F_EVP_DIGESTINIT_EX 128
-# define EVP_F_EVP_ENCRYPTFINAL_EX 127
-# define EVP_F_EVP_MD_CTX_COPY_EX 110
-# define EVP_F_EVP_MD_SIZE 162
-# define EVP_F_EVP_OPENINIT 102
-# define EVP_F_EVP_PBE_ALG_ADD 115
-# define EVP_F_EVP_PBE_ALG_ADD_TYPE 160
-# define EVP_F_EVP_PBE_CIPHERINIT 116
-# define EVP_F_EVP_PKCS82PKEY 111
-# define EVP_F_EVP_PKCS82PKEY_BROKEN 136
-# define EVP_F_EVP_PKEY2PKCS8_BROKEN 113
-# define EVP_F_EVP_PKEY_COPY_PARAMETERS 103
-# define EVP_F_EVP_PKEY_CTX_CTRL 137
-# define EVP_F_EVP_PKEY_CTX_CTRL_STR 150
-# define EVP_F_EVP_PKEY_CTX_DUP 156
-# define EVP_F_EVP_PKEY_DECRYPT 104
-# define EVP_F_EVP_PKEY_DECRYPT_INIT 138
-# define EVP_F_EVP_PKEY_DECRYPT_OLD 151
-# define EVP_F_EVP_PKEY_DERIVE 153
-# define EVP_F_EVP_PKEY_DERIVE_INIT 154
-# define EVP_F_EVP_PKEY_DERIVE_SET_PEER 155
-# define EVP_F_EVP_PKEY_ENCRYPT 105
-# define EVP_F_EVP_PKEY_ENCRYPT_INIT 139
-# define EVP_F_EVP_PKEY_ENCRYPT_OLD 152
-# define EVP_F_EVP_PKEY_GET1_DH 119
-# define EVP_F_EVP_PKEY_GET1_DSA 120
-# define EVP_F_EVP_PKEY_GET1_ECDSA 130
-# define EVP_F_EVP_PKEY_GET1_EC_KEY 131
-# define EVP_F_EVP_PKEY_GET1_RSA 121
-# define EVP_F_EVP_PKEY_KEYGEN 146
-# define EVP_F_EVP_PKEY_KEYGEN_INIT 147
-# define EVP_F_EVP_PKEY_NEW 106
-# define EVP_F_EVP_PKEY_PARAMGEN 148
-# define EVP_F_EVP_PKEY_PARAMGEN_INIT 149
-# define EVP_F_EVP_PKEY_SIGN 140
-# define EVP_F_EVP_PKEY_SIGN_INIT 141
-# define EVP_F_EVP_PKEY_VERIFY 142
-# define EVP_F_EVP_PKEY_VERIFY_INIT 143
-# define EVP_F_EVP_PKEY_VERIFY_RECOVER 144
-# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145
-# define EVP_F_EVP_RIJNDAEL 126
-# define EVP_F_EVP_SIGNFINAL 107
-# define EVP_F_EVP_VERIFYFINAL 108
-# define EVP_F_FIPS_CIPHERINIT 166
-# define EVP_F_FIPS_CIPHER_CTX_COPY 170
-# define EVP_F_FIPS_CIPHER_CTX_CTRL 167
-# define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH 171
-# define EVP_F_FIPS_DIGESTINIT 168
-# define EVP_F_FIPS_MD_CTX_COPY 169
-# define EVP_F_HMAC_INIT_EX 174
-# define EVP_F_INT_CTX_NEW 157
-# define EVP_F_PKCS5_PBE_KEYIVGEN 117
-# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118
-# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164
-# define EVP_F_PKCS8_SET_BROKEN 112
-# define EVP_F_PKEY_SET_TYPE 158
-# define EVP_F_RC2_MAGIC_TO_METH 109
-# define EVP_F_RC5_CTRL 125
-
-/* Reason codes. */
-# define EVP_R_AES_IV_SETUP_FAILED 162
-# define EVP_R_AES_KEY_SETUP_FAILED 143
-# define EVP_R_ASN1_LIB 140
-# define EVP_R_BAD_BLOCK_LENGTH 136
-# define EVP_R_BAD_DECRYPT 100
-# define EVP_R_BAD_KEY_LENGTH 137
-# define EVP_R_BN_DECODE_ERROR 112
-# define EVP_R_BN_PUBKEY_ERROR 113
-# define EVP_R_BUFFER_TOO_SMALL 155
-# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157
-# define EVP_R_CIPHER_PARAMETER_ERROR 122
-# define EVP_R_COMMAND_NOT_SUPPORTED 147
-# define EVP_R_CTRL_NOT_IMPLEMENTED 132
-# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133
-# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
-# define EVP_R_DECODE_ERROR 114
-# define EVP_R_DIFFERENT_KEY_TYPES 101
-# define EVP_R_DIFFERENT_PARAMETERS 153
-# define EVP_R_DISABLED_FOR_FIPS 163
-# define EVP_R_ENCODE_ERROR 115
-# define EVP_R_ERROR_LOADING_SECTION 165
-# define EVP_R_ERROR_SETTING_FIPS_MODE 166
-# define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
-# define EVP_R_EXPECTING_AN_RSA_KEY 127
-# define EVP_R_EXPECTING_A_DH_KEY 128
-# define EVP_R_EXPECTING_A_DSA_KEY 129
-# define EVP_R_EXPECTING_A_ECDSA_KEY 141
-# define EVP_R_EXPECTING_A_EC_KEY 142
-# define EVP_R_FIPS_MODE_NOT_SUPPORTED 167
-# define EVP_R_INITIALIZATION_ERROR 134
-# define EVP_R_INPUT_NOT_INITIALIZED 111
-# define EVP_R_INVALID_DIGEST 152
-# define EVP_R_INVALID_FIPS_MODE 168
-# define EVP_R_INVALID_KEY 171
-# define EVP_R_INVALID_KEY_LENGTH 130
-# define EVP_R_INVALID_OPERATION 148
-# define EVP_R_IV_TOO_LARGE 102
-# define EVP_R_KEYGEN_FAILURE 120
-# define EVP_R_MESSAGE_DIGEST_IS_NULL 159
-# define EVP_R_METHOD_NOT_SUPPORTED 144
-# define EVP_R_MISSING_PARAMETERS 103
-# define EVP_R_NO_CIPHER_SET 131
-# define EVP_R_NO_DEFAULT_DIGEST 158
-# define EVP_R_NO_DIGEST_SET 139
-# define EVP_R_NO_DSA_PARAMETERS 116
-# define EVP_R_NO_KEY_SET 154
-# define EVP_R_NO_OPERATION_SET 149
-# define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104
-# define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105
-# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
-# define EVP_R_OPERATON_NOT_INITIALIZED 151
-# define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117
-# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
-# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
-# define EVP_R_PUBLIC_KEY_NOT_RSA 106
-# define EVP_R_TOO_LARGE 164
-# define EVP_R_UNKNOWN_CIPHER 160
-# define EVP_R_UNKNOWN_DIGEST 161
-# define EVP_R_UNKNOWN_OPTION 169
-# define EVP_R_UNKNOWN_PBE_ALGORITHM 121
-# define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135
-# define EVP_R_UNSUPPORTED_ALGORITHM 156
-# define EVP_R_UNSUPPORTED_CIPHER 107
-# define EVP_R_UNSUPPORTED_KEYLENGTH 123
-# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124
-# define EVP_R_UNSUPPORTED_KEY_SIZE 108
-# define EVP_R_UNSUPPORTED_PRF 125
-# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118
-# define EVP_R_UNSUPPORTED_SALT_TYPE 126
-# define EVP_R_WRAP_MODE_NOT_ALLOWED 170
-# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
-# define EVP_R_WRONG_PUBLIC_KEY_TYPE 110
-
-# ifdef __cplusplus
-}
-# endif
-#endif
diff --git a/crypto/evp/evp_acnf.c b/crypto/evp/evp_acnf.c
deleted file mode 100644
index 9703116e02c1..000000000000
--- a/crypto/evp/evp_acnf.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/* evp_acnf.c */
-/*
- * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/conf.h>
-
-/*
- * Load all algorithms and configure OpenSSL. This function is called
- * automatically when OPENSSL_LOAD_CONF is set.
- */
-
-void OPENSSL_add_all_algorithms_conf(void)
-{
- OPENSSL_add_all_algorithms_noconf();
- OPENSSL_config(NULL);
-}
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
index 6fd3a6da0b84..8df2c06e1f52 100644
--- a/crypto/evp/evp_cnf.c
+++ b/crypto/evp/evp_cnf.c
@@ -1,73 +1,18 @@
-/* evp_cnf.c */
/*
- * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project
- * 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2012-2017 The OpenSSL Project Authors. All Rights Reserved.
*
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include <ctype.h>
#include <openssl/crypto.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/conf.h>
-#include <openssl/dso.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
/* Algorithm configuration module. */
@@ -77,30 +22,23 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
const char *oid_section;
STACK_OF(CONF_VALUE) *sktmp;
CONF_VALUE *oval;
+
oid_section = CONF_imodule_get_value(md);
- if (!(sktmp = NCONF_get_section(cnf, oid_section))) {
+ if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) {
EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION);
return 0;
}
for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
oval = sk_CONF_VALUE_value(sktmp, i);
- if (!strcmp(oval->name, "fips_mode")) {
+ if (strcmp(oval->name, "fips_mode") == 0) {
int m;
if (!X509V3_get_value_bool(oval, &m)) {
EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE);
return 0;
}
if (m > 0) {
-#ifdef OPENSSL_FIPS
- if (!FIPS_mode() && !FIPS_mode_set(1)) {
- EVPerr(EVP_F_ALG_MODULE_INIT,
- EVP_R_ERROR_SETTING_FIPS_MODE);
- return 0;
- }
-#else
EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED);
return 0;
-#endif
}
} else {
EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION);
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 0c740d167902..38633410cd1a 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -1,101 +1,58 @@
-/* crypto/evp/evp_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "cryptlib.h"
+#include <assert.h>
+#include "internal/cryptlib.h"
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/rand.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
+#include <openssl/rand_drbg.h>
+#include <openssl/engine.h>
+#include "internal/evp_int.h"
#include "evp_locl.h"
-#ifdef OPENSSL_FIPS
-# define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
-#else
-# define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
+{
+ if (c == NULL)
+ return 1;
+ if (c->cipher != NULL) {
+ if (c->cipher->cleanup && !c->cipher->cleanup(c))
+ return 0;
+ /* Cleanse cipher context data */
+ if (c->cipher_data && c->cipher->ctx_size)
+ OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
+ }
+ OPENSSL_free(c->cipher_data);
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE_finish(c->engine);
#endif
+ memset(c, 0, sizeof(*c));
+ return 1;
+}
-const char EVP_version[] = "EVP" OPENSSL_VERSION_PTEXT;
-
-void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
{
- memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
- /* ctx->cipher=NULL; */
+ return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
}
-EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
{
- EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
- if (ctx)
- EVP_CIPHER_CTX_init(ctx);
- return ctx;
+ EVP_CIPHER_CTX_reset(ctx);
+ OPENSSL_free(ctx);
}
int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
const unsigned char *key, const unsigned char *iv, int enc)
{
- if (cipher)
- EVP_CIPHER_CTX_init(ctx);
+ if (cipher != NULL)
+ EVP_CIPHER_CTX_reset(ctx);
return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
}
@@ -115,12 +72,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
* Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
* this context may already have an ENGINE! Try to avoid releasing the
* previous handle, re-querying for an ENGINE, and having a
- * reinitialisation, when it may all be unecessary.
+ * reinitialisation, when it may all be unnecessary.
*/
- if (ctx->engine && ctx->cipher && (!cipher ||
- (cipher
- && (cipher->nid ==
- ctx->cipher->nid))))
+ if (ctx->engine && ctx->cipher
+ && (cipher == NULL || cipher->nid == ctx->cipher->nid))
goto skip_to_init;
#endif
if (cipher) {
@@ -131,7 +86,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
*/
if (ctx->cipher) {
unsigned long flags = ctx->flags;
- EVP_CIPHER_CTX_cleanup(ctx);
+ EVP_CIPHER_CTX_reset(ctx);
/* Restore encrypt and flags */
ctx->encrypt = enc;
ctx->flags = flags;
@@ -152,7 +107,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
/*
* One positive side-effect of US's export control history,
* is that we should at least be able to avoid using US
- * mispellings of "initialisation"?
+ * misspellings of "initialisation"?
*/
EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
return 0;
@@ -168,20 +123,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
ctx->engine = NULL;
#endif
-#ifdef OPENSSL_FIPS
- if (FIPS_mode()) {
- const EVP_CIPHER *fcipher = NULL;
- if (cipher)
- fcipher = evp_get_fips_cipher(cipher);
- if (fcipher)
- cipher = fcipher;
- return FIPS_cipherinit(ctx, cipher, key, iv, enc);
- }
-#endif
ctx->cipher = cipher;
if (ctx->cipher->ctx_size) {
- ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size);
- if (!ctx->cipher_data) {
+ ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size);
+ if (ctx->cipher_data == NULL) {
ctx->cipher = NULL;
EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
return 0;
@@ -206,10 +151,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
#ifndef OPENSSL_NO_ENGINE
skip_to_init:
#endif
-#ifdef OPENSSL_FIPS
- if (FIPS_mode())
- return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#endif
/* we assume block size is a power of 2 in *cryptUpdate */
OPENSSL_assert(ctx->cipher->block_size == 1
|| ctx->cipher->block_size == 8
@@ -221,7 +162,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
return 0;
}
- if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
+ if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_CUSTOM_IV)) {
switch (EVP_CIPHER_CTX_mode(ctx)) {
case EVP_CIPH_STREAM_CIPHER:
@@ -252,7 +193,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
default:
return 0;
- break;
}
}
@@ -317,13 +257,61 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
}
+/*
+ * According to the letter of standard difference between pointers
+ * is specified to be valid only within same object. This makes
+ * it formally challenging to determine if input and output buffers
+ * are not partially overlapping with standard pointer arithmetic.
+ */
+#ifdef PTRDIFF_T
+# undef PTRDIFF_T
+#endif
+#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64
+/*
+ * Then we have VMS that distinguishes itself by adhering to
+ * sizeof(size_t)==4 even in 64-bit builds, which means that
+ * difference between two pointers might be truncated to 32 bits.
+ * In the context one can even wonder how comparison for
+ * equality is implemented. To be on the safe side we adhere to
+ * PTRDIFF_T even for comparison for equality.
+ */
+# define PTRDIFF_T uint64_t
+#else
+# define PTRDIFF_T size_t
+#endif
+
+int is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
+{
+ PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
+ /*
+ * Check for partially overlapping buffers. [Binary logical
+ * operations are used instead of boolean to minimize number
+ * of conditional branches.]
+ */
+ int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) |
+ (diff > (0 - (PTRDIFF_T)len)));
+
+ return overlapped;
+}
+
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
- int i, j, bl;
+ int i, j, bl, cmpl = inl;
+
+ if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
+ cmpl = (cmpl + 7) / 8;
+
+ bl = ctx->cipher->block_size;
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
- i = M_do_cipher(ctx, out, in, inl);
+ /* If block size > 1 then the cipher will have to do this check */
+ if (bl == 1 && is_partially_overlapping(out, in, cmpl)) {
+ EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+ return 0;
+ }
+
+ i = ctx->cipher->do_cipher(ctx, out, in, inl);
if (i < 0)
return 0;
else
@@ -335,9 +323,13 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
*outl = 0;
return inl == 0;
}
+ if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
+ EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+ return 0;
+ }
if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
- if (M_do_cipher(ctx, out, in, inl)) {
+ if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
*outl = inl;
return 1;
} else {
@@ -346,7 +338,6 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
}
}
i = ctx->buf_len;
- bl = ctx->cipher->block_size;
OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
if (i != 0) {
if (bl - i > inl) {
@@ -357,10 +348,10 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
} else {
j = bl - i;
memcpy(&(ctx->buf[i]), in, j);
- if (!M_do_cipher(ctx, out, ctx->buf, bl))
- return 0;
inl -= j;
in += j;
+ if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
+ return 0;
out += bl;
*outl = bl;
}
@@ -369,7 +360,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
i = inl & (bl - 1);
inl -= i;
if (inl > 0) {
- if (!M_do_cipher(ctx, out, in, inl))
+ if (!ctx->cipher->do_cipher(ctx, out, in, inl))
return 0;
*outl += inl;
}
@@ -393,7 +384,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
unsigned int i, b, bl;
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
- ret = M_do_cipher(ctx, out, NULL, 0);
+ ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
if (ret < 0)
return 0;
else
@@ -421,7 +412,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
n = b - bl;
for (i = bl; i < b; i++)
ctx->buf[i] = n;
- ret = M_do_cipher(ctx, out, ctx->buf, b);
+ ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b);
if (ret)
*outl = b;
@@ -432,11 +423,21 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
- int fix_len;
+ int fix_len, cmpl = inl;
unsigned int b;
+ b = ctx->cipher->block_size;
+
+ if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
+ cmpl = (cmpl + 7) / 8;
+
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
- fix_len = M_do_cipher(ctx, out, in, inl);
+ if (b == 1 && is_partially_overlapping(out, in, cmpl)) {
+ EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+ return 0;
+ }
+
+ fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
if (fix_len < 0) {
*outl = 0;
return 0;
@@ -453,10 +454,15 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
if (ctx->flags & EVP_CIPH_NO_PADDING)
return EVP_EncryptUpdate(ctx, out, outl, in, inl);
- b = ctx->cipher->block_size;
OPENSSL_assert(b <= sizeof(ctx->final));
if (ctx->final_used) {
+ /* see comment about PTRDIFF_T comparison above */
+ if (((PTRDIFF_T)out == (PTRDIFF_T)in)
+ || is_partially_overlapping(out, in, b)) {
+ EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+ return 0;
+ }
memcpy(out, ctx->final, b);
out += b;
fix_len = 1;
@@ -497,7 +503,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
*outl = 0;
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
- i = M_do_cipher(ctx, out, NULL, 0);
+ i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
if (i < 0)
return 0;
else
@@ -518,7 +524,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
if (b > 1) {
if (ctx->buf_len || !ctx->final_used) {
EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
- return (0);
+ return 0;
}
OPENSSL_assert(b <= sizeof(ctx->final));
@@ -529,12 +535,12 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
n = ctx->final[b - 1];
if (n == 0 || n > (int)b) {
EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
- return (0);
+ return 0;
}
for (i = 0; i < n; i++) {
if (ctx->final[--b] != n) {
EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
- return (0);
+ return 0;
}
}
n = ctx->cipher->block_size - n;
@@ -543,42 +549,6 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
*outl = n;
} else
*outl = 0;
- return (1);
-}
-
-void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
-{
- if (ctx) {
- EVP_CIPHER_CTX_cleanup(ctx);
- OPENSSL_free(ctx);
- }
-}
-
-int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
-{
-#ifndef OPENSSL_FIPS
- if (c->cipher != NULL) {
- if (c->cipher->cleanup && !c->cipher->cleanup(c))
- return 0;
- /* Cleanse cipher context data */
- if (c->cipher_data)
- OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
- }
- if (c->cipher_data)
- OPENSSL_free(c->cipher_data);
-#endif
-#ifndef OPENSSL_NO_ENGINE
- if (c->engine)
- /*
- * The EVP_CIPHER we used belongs to an ENGINE, release the
- * functional reference we held for this reason.
- */
- ENGINE_finish(c->engine);
-#endif
-#ifdef OPENSSL_FIPS
- FIPS_cipher_ctx_cleanup(c);
-#endif
- memset(c, 0, sizeof(EVP_CIPHER_CTX));
return 1;
}
@@ -608,6 +578,7 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
{
int ret;
+
if (!ctx->cipher) {
EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
return 0;
@@ -631,7 +602,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
{
if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
- if (RAND_bytes(key, ctx->key_len) <= 0)
+ if (RAND_priv_bytes(key, ctx->key_len) <= 0)
return 0;
return 1;
}
@@ -650,12 +621,12 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
}
#endif
- EVP_CIPHER_CTX_cleanup(out);
+ EVP_CIPHER_CTX_reset(out);
memcpy(out, in, sizeof(*out));
if (in->cipher_data && in->cipher->ctx_size) {
out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
- if (!out->cipher_data) {
+ if (out->cipher_data == NULL) {
out->cipher = NULL;
EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
return 0;
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index bcd841eb7792..3e14a7b50949 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -1,255 +1,281 @@
-/* crypto/evp/evp_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
/*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
-#include <stdio.h>
#include <openssl/err.h>
-#include <openssl/evp.h>
+#include <openssl/evperr.h>
-/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason)
-
-static ERR_STRING_DATA EVP_str_functs[] = {
- {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"},
- {ERR_FUNC(EVP_F_AESNI_XTS_CIPHER), "AESNI_XTS_CIPHER"},
- {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
- {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "AES_T4_INIT_KEY"},
- {ERR_FUNC(EVP_F_AES_XTS), "AES_XTS"},
- {ERR_FUNC(EVP_F_AES_XTS_CIPHER), "AES_XTS_CIPHER"},
- {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"},
- {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"},
- {ERR_FUNC(EVP_F_CMAC_INIT), "CMAC_INIT"},
- {ERR_FUNC(EVP_F_CMLL_T4_INIT_KEY), "CMLL_T4_INIT_KEY"},
- {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
- {ERR_FUNC(EVP_F_DO_SIGVER_INIT), "DO_SIGVER_INIT"},
- {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"},
- {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"},
- {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"},
- {ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"},
- {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"},
- {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_COPY), "EVP_CIPHER_CTX_copy"},
- {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
- {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH),
+static const ERR_STRING_DATA EVP_str_functs[] = {
+ {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_INIT_KEY, 0), "aesni_init_key"},
+ {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_GCM_CTRL, 0), "aes_gcm_ctrl"},
+ {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_INIT_KEY, 0), "aes_init_key"},
+ {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_OCB_CIPHER, 0), "aes_ocb_cipher"},
+ {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"},
+ {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_WRAP_CIPHER, 0), "aes_wrap_cipher"},
+ {ERR_PACK(ERR_LIB_EVP, EVP_F_ALG_MODULE_INIT, 0), "alg_module_init"},
+ {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_CCM_INIT_KEY, 0), "aria_ccm_init_ke