diff options
Diffstat (limited to 'crypto/evp')
52 files changed, 173 insertions, 110 deletions
diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c index 288dee01b220..fed4cf1eb1ff 100644 --- a/crypto/evp/bio_md.c +++ b/crypto/evp/bio_md.c @@ -12,8 +12,8 @@ #include "internal/cryptlib.h" #include <openssl/buffer.h> #include <openssl/evp.h> -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" #include "internal/bio.h" /* diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index 300db6cd320d..a77cfb1552de 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -76,7 +76,7 @@ #include "internal/bio.h" #include <openssl/evp.h> #include <openssl/rand.h> -#include "internal/evp_int.h" +#include "crypto/evp.h" static int ok_write(BIO *h, const char *buf, int num); static int ok_read(BIO *h, char *buf, int size); diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 086b3c4d51b4..22fdcc409c16 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -10,7 +10,7 @@ #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/evp.h> -#include "internal/evp_int.h" +#include "crypto/evp.h" #include <openssl/pkcs12.h> #include <openssl/objects.h> diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c index 1267531a7d23..16ac1b67f465 100644 --- a/crypto/evp/c_alld.c +++ b/crypto/evp/c_alld.c @@ -10,7 +10,7 @@ #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/evp.h> -#include "internal/evp_int.h" +#include "crypto/evp.h" #include <openssl/pkcs12.h> #include <openssl/objects.h> diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c index e2295c4dc589..272e48249e42 100644 --- a/crypto/evp/cmeth_lib.c +++ b/crypto/evp/cmeth_lib.c @@ -10,8 +10,8 @@ #include <string.h> #include <openssl/evp.h> -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len) { diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 6693f270b694..d1bfa274ca81 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -12,8 +12,8 @@ #include <openssl/objects.h> #include <openssl/evp.h> #include <openssl/engine.h> -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" /* This call frees resources associated with the context */ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 1db346fc864b..405ddbf9bf09 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,10 +14,10 @@ #include <string.h> #include <assert.h> #include <openssl/aes.h> -#include "internal/evp_int.h" -#include "modes_lcl.h" +#include "crypto/evp.h" +#include "modes_local.h" #include <openssl/rand.h> -#include "evp_locl.h" +#include "evp_local.h" typedef struct { union { @@ -176,7 +176,7 @@ static void ctr64_inc(unsigned char *counter) # define HWAES_xts_decrypt aes_p8_xts_decrypt #endif -#if !defined(OPENSSL_NO_ASM) && ( \ +#if defined(OPENSSL_CPUID_OBJ) && ( \ ((defined(__i386) || defined(__i386__) || \ defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ defined(__x86_64) || defined(__x86_64__) || \ @@ -1127,7 +1127,7 @@ typedef struct { } icv; unsigned char k[32]; } kmac_param; - /* KMAC-AES paramater block - end */ + /* KMAC-AES parameter block - end */ union { unsigned long long g[2]; @@ -1414,7 +1414,7 @@ static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, (OPENSSL_s390xcap_P.kma[0] & \ S390X_CAPBIT(S390X_AES_256))) -/* iv + padding length for iv lenghts != 12 */ +/* iv + padding length for iv lengths != 12 */ # define S390X_gcm_ivpadlen(i) ((((i) + 15) >> 4 << 4) + 16) /*- diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index 09d24dc3d02a..27c36b46e7a4 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -17,9 +17,9 @@ #include <openssl/aes.h> #include <openssl/sha.h> #include <openssl/rand.h> -#include "modes_lcl.h" -#include "internal/evp_int.h" -#include "internal/constant_time_locl.h" +#include "modes_local.h" +#include "crypto/evp.h" +#include "internal/constant_time.h" typedef struct { AES_KEY ks; @@ -33,7 +33,7 @@ typedef struct { #define NO_PAYLOAD_LENGTH ((size_t)-1) -#if defined(AES_ASM) && ( \ +#if defined(AESNI_ASM) && ( \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined(_M_X64) ) diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index caac0c9d3da2..cc622b6faa8c 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -18,9 +18,9 @@ #include <openssl/aes.h> #include <openssl/sha.h> #include <openssl/rand.h> -#include "modes_lcl.h" -#include "internal/constant_time_locl.h" -#include "internal/evp_int.h" +#include "modes_local.h" +#include "internal/constant_time.h" +#include "crypto/evp.h" typedef struct { AES_KEY ks; @@ -34,7 +34,7 @@ typedef struct { # define NO_PAYLOAD_LENGTH ((size_t)-1) -#if defined(AES_ASM) && ( \ +#if defined(AESNI_ASM) && ( \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined(_M_X64) ) @@ -947,4 +947,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void) { return NULL; } -#endif +#endif /* AESNI_ASM */ diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c index fcaceb3bcadf..1cc6dd91a95a 100644 --- a/crypto/evp/e_aria.c +++ b/crypto/evp/e_aria.c @@ -14,10 +14,10 @@ # include <openssl/modes.h> # include <openssl/rand.h> # include <openssl/rand_drbg.h> -# include "internal/aria.h" -# include "internal/evp_int.h" -# include "modes_lcl.h" -# include "evp_locl.h" +# include "crypto/aria.h" +# include "crypto/evp.h" +# include "modes_local.h" +# include "evp_local.h" /* ARIA subkey Structure */ typedef struct { @@ -695,8 +695,6 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (!cctx->iv_set) return -1; - if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set) - return -1; if (!out) { if (!in) { if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), @@ -711,6 +709,11 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, CRYPTO_ccm128_aad(ccm, in, len); return len; } + + /* The tag must be set before actually decrypting data */ + if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set) + return -1; + /* If not set length yet do it */ if (!cctx->len_set) { if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c index dc386905c5cb..9a065582c6c8 100644 --- a/crypto/evp/e_bf.c +++ b/crypto/evp/e_bf.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #ifndef OPENSSL_NO_BF # include <openssl/evp.h> -# include "internal/evp_int.h" +# include "crypto/evp.h" # include <openssl/objects.h> # include <openssl/blowfish.h> diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c index 2df4a6e3e011..502d6936cc13 100644 --- a/crypto/evp/e_camellia.c +++ b/crypto/evp/e_camellia.c @@ -17,8 +17,8 @@ NON_EMPTY_TRANSLATION_UNIT # include <string.h> # include <assert.h> # include <openssl/camellia.h> -# include "internal/evp_int.h" -# include "modes_lcl.h" +# include "crypto/evp.h" +# include "modes_local.h" static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c index 259d44059b20..df9f445bd0a2 100644 --- a/crypto/evp/e_cast.c +++ b/crypto/evp/e_cast.c @@ -13,7 +13,7 @@ #ifndef OPENSSL_NO_CAST # include <openssl/evp.h> # include <openssl/objects.h> -# include "internal/evp_int.h" +# include "crypto/evp.h" # include <openssl/cast.h> static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c index 435a38d3658d..bdc406bb69dc 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -14,9 +14,9 @@ # include <openssl/evp.h> # include <openssl/objects.h> -# include "evp_locl.h" -# include "internal/evp_int.h" -# include "internal/chacha.h" +# include "evp_local.h" +# include "crypto/evp.h" +# include "crypto/chacha.h" typedef struct { union { @@ -146,7 +146,7 @@ const EVP_CIPHER *EVP_chacha20(void) } # ifndef OPENSSL_NO_POLY1305 -# include "internal/poly1305.h" +# include "crypto/poly1305.h" typedef struct { EVP_CHACHA_KEY key; diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c index c13fb3e25a9b..6d6e919af696 100644 --- a/crypto/evp/e_des.c +++ b/crypto/evp/e_des.c @@ -12,7 +12,7 @@ #ifndef OPENSSL_NO_DES # include <openssl/evp.h> # include <openssl/objects.h> -# include "internal/evp_int.h" +# include "crypto/evp.h" # include <openssl/des.h> # include <openssl/rand.h> diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 6b492ce47023..2a5597fee527 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -12,10 +12,10 @@ #ifndef OPENSSL_NO_DES # include <openssl/evp.h> # include <openssl/objects.h> -# include "internal/evp_int.h" +# include "crypto/evp.h" # include <openssl/des.h> # include <openssl/rand.h> -# include "evp_locl.h" +# include "evp_local.h" typedef struct { union { diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c index 93f6a4131fa8..1068378ddc75 100644 --- a/crypto/evp/e_idea.c +++ b/crypto/evp/e_idea.c @@ -13,7 +13,7 @@ #ifndef OPENSSL_NO_IDEA # include <openssl/evp.h> # include <openssl/objects.h> -# include "internal/evp_int.h" +# include "crypto/evp.h" # include <openssl/idea.h> /* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */ diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c index 18a8468216a0..0725454a3a4a 100644 --- a/crypto/evp/e_null.c +++ b/crypto/evp/e_null.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include <openssl/evp.h> #include <openssl/objects.h> -#include "internal/evp_int.h" +#include "crypto/evp.h" static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index aa0d14018687..4d8a0ee4b015 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -14,7 +14,7 @@ # include <openssl/evp.h> # include <openssl/objects.h> -# include "internal/evp_int.h" +# include "crypto/evp.h" # include <openssl/rc2.h> static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c index d16abdd0d2d7..c24bc8fe5982 100644 --- a/crypto/evp/e_rc4.c +++ b/crypto/evp/e_rc4.c @@ -16,7 +16,7 @@ # include <openssl/objects.h> # include <openssl/rc4.h> -# include "internal/evp_int.h" +# include "crypto/evp.h" typedef struct { RC4_KEY ks; /* working key */ diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c index b1e8ccd6ddca..201ce443435c 100644 --- a/crypto/evp/e_rc4_hmac_md5.c +++ b/crypto/evp/e_rc4_hmac_md5.c @@ -19,7 +19,7 @@ # include <openssl/objects.h> # include <openssl/rc4.h> # include <openssl/md5.h> -# include "internal/evp_int.h" +# include "crypto/evp.h" typedef struct { RC4_KEY ks; diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c index dc5589b68813..c86e87b65ab4 100644 --- a/crypto/evp/e_rc5.c +++ b/crypto/evp/e_rc5.c @@ -13,9 +13,9 @@ #ifndef OPENSSL_NO_RC5 # include <openssl/evp.h> -# include "internal/evp_int.h" +# include "crypto/evp.h" # include <openssl/objects.h> -# include "evp_locl.h" +# include "evp_local.h" # include <openssl/rc5.h> static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/crypto/evp/e_seed.c b/crypto/evp/e_seed.c index 40aec5fc6ac0..aeb2363beade 100644 --- a/crypto/evp/e_seed.c +++ b/crypto/evp/e_seed.c @@ -16,7 +16,7 @@ NON_EMPTY_TRANSLATION_UNIT # include <string.h> # include <assert.h> # include <openssl/seed.h> -# include "internal/evp_int.h" +# include "crypto/evp.h" static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c index 79deb6563646..fce32794fc51 100644 --- a/crypto/evp/e_sm4.c +++ b/crypto/evp/e_sm4.c @@ -13,8 +13,8 @@ #ifndef OPENSSL_NO_SM4 # include <openssl/evp.h> # include <openssl/modes.h> -# include "internal/sm4.h" -# include "internal/evp_int.h" +# include "crypto/sm4.h" +# include "crypto/evp.h" typedef struct { SM4_KEY ks; diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c index 57ce813da824..b73077542264 100644 --- a/crypto/evp/e_xcbc_d.c +++ b/crypto/evp/e_xcbc_d.c @@ -14,7 +14,7 @@ # include <openssl/evp.h> # include <openssl/objects.h> -# include "internal/evp_int.h" +# include "crypto/evp.h" # include <openssl/des.h> static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index da32d4fd1973..9307ff046424 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -11,8 +11,8 @@ #include <limits.h> #include "internal/cryptlib.h" #include <openssl/evp.h> -#include "evp_locl.h" -#include "internal/evp_int.h" +#include "evp_local.h" +#include "crypto/evp.h" static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table); diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 05dd791b6cb0..b9b6490fe069 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -15,8 +15,8 @@ #include <openssl/rand.h> #include <openssl/rand_drbg.h> #include <openssl/engine.h> -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c) { @@ -305,6 +305,17 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, bl = ctx->cipher->block_size; + /* + * CCM mode needs to know about the case where inl == 0 && in == NULL - it + * means the plaintext/ciphertext length is 0 + */ + if (inl < 0 + || (inl == 0 + && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)) { + *outl = 0; + return inl == 0; + } + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { /* If block size > 1 then the cipher will have to do this check */ if (bl == 1 && is_partially_overlapping(out, in, cmpl)) { @@ -320,10 +331,6 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, return 1; } - if (inl <= 0) { - *outl = 0; - return inl == 0; - } if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) { EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); return 0; @@ -457,6 +464,17 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) cmpl = (cmpl + 7) / 8; + /* + * CCM mode needs to know about the case where inl == 0 - it means the + * plaintext/ciphertext length is 0 + */ + if (inl < 0 + || (inl == 0 + && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)) { + *outl = 0; + return inl == 0; + } + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { if (b == 1 && is_partially_overlapping(out, in, cmpl)) { EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); @@ -472,11 +490,6 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return 1; } - if (inl <= 0) { - *outl = 0; - return inl == 0; - } - if (ctx->flags & EVP_CIPH_NO_PADDING) return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl); diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 84bd3c2dab27..05481d827fb4 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -213,6 +213,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { "input not initialized"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST), "invalid digest"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_FIPS_MODE), "invalid fips mode"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_IV_LENGTH), "invalid iv length"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_OPERATION), "invalid operation"}, diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 4935c2a94a1a..45cde0da8bfc 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -11,8 +11,8 @@ #include "internal/cryptlib.h" #include <openssl/evp.h> #include <openssl/objects.h> -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_local.h index f1589d682894..f1589d682894 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_local.h diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 5a88817b4aa9..967203f373c9 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -12,7 +12,7 @@ #include <openssl/evp.h> #include <openssl/pkcs12.h> #include <openssl/x509.h> -#include "evp_locl.h" +#include "evp_local.h" /* Password based encryption (PBE) functions */ diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index e61a8761a92d..586b74605cbd 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -12,9 +12,9 @@ #include "internal/cryptlib.h" #include <openssl/x509.h> #include <openssl/rand.h> -#include "internal/asn1_int.h" -#include "internal/evp_int.h" -#include "internal/x509_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" +#include "crypto/x509.h" /* Extract a private key from a PKCS8 structure */ diff --git a/crypto/evp/m_md2.c b/crypto/evp/m_md2.c index c4e28ae17af2..1aec5185239d 100644 --- a/crypto/evp/m_md2.c +++ b/crypto/evp/m_md2.c @@ -18,7 +18,7 @@ # include <openssl/md2.h> # include <openssl/rsa.h> -#include "internal/evp_int.h" +#include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c index 0efc586dbaff..45d2cafee101 100644 --- a/crypto/evp/m_md4.c +++ b/crypto/evp/m_md4.c @@ -17,7 +17,7 @@ # include <openssl/x509.h> # include <openssl/md4.h> # include <openssl/rsa.h> -# include "internal/evp_int.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c index 3d96ae93b6c4..d26b5a4d31dc 100644 --- a/crypto/evp/m_md5.c +++ b/crypto/evp/m_md5.c @@ -17,7 +17,7 @@ # include <openssl/x509.h> # include <openssl/md5.h> # include <openssl/rsa.h> -# include "internal/evp_int.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_md5_sha1.c b/crypto/evp/m_md5_sha1.c index 2d98886ba0e7..eeec2b13e9ed 100644 --- a/crypto/evp/m_md5_sha1.c +++ b/crypto/evp/m_md5_sha1.c @@ -15,7 +15,7 @@ # include <openssl/md5.h> # include <openssl/sha.h> # include "internal/cryptlib.h" -# include "internal/evp_int.h" +# include "crypto/evp.h" # include <openssl/rsa.h> struct md5_sha1_ctx { diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c index 1051a9070f97..fffa751efd18 100644 --- a/crypto/evp/m_mdc2.c +++ b/crypto/evp/m_mdc2.c @@ -17,7 +17,7 @@ # include <openssl/x509.h> # include <openssl/mdc2.h> # include <openssl/rsa.h> -# include "internal/evp_int.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_null.c b/crypto/evp/m_null.c index 5dce1d510e28..0847139df17b 100644 --- a/crypto/evp/m_null.c +++ b/crypto/evp/m_null.c @@ -12,7 +12,7 @@ #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> -#include "internal/evp_int.h" +#include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c index 7ab320843cee..d93ad24fe58a 100644 --- a/crypto/evp/m_ripemd.c +++ b/crypto/evp/m_ripemd.c @@ -17,7 +17,7 @@ # include <openssl/objects.h> # include <openssl/x509.h> # include <openssl/rsa.h> -# include "internal/evp_int.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index ac52417855b3..22b9bbc7d861 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -14,8 +14,8 @@ #include <openssl/objects.h> #include <openssl/sha.h> #include <openssl/rsa.h> -#include "internal/evp_int.h" -#include "internal/sha.h" +#include "crypto/evp.h" +#include "crypto/sha.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_sha3.c b/crypto/evp/m_sha3.c index 01cf57d313d0..54c592a3cce2 100644 --- a/crypto/evp/m_sha3.c +++ b/crypto/evp/m_sha3.c @@ -12,8 +12,8 @@ #include <openssl/evp.h> #include <openssl/objects.h> -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len, size_t r); diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 94e37f02b22e..04643acc8837 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -12,8 +12,8 @@ #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) { diff --git a/crypto/evp/m_wp.c b/crypto/evp/m_wp.c index 27e2b3c5cab8..5ce15d2d5e57 100644 --- a/crypto/evp/m_wp.c +++ b/crypto/evp/m_wp.c @@ -16,7 +16,7 @@ # include <openssl/objects.h> # include <openssl/x509.h> # include <openssl/whrlpool.h> -# include "internal/evp_int.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/names.c b/crypto/evp/names.c index 077c2a6c4b9a..90c7b73b7a49 100644 --- a/crypto/evp/names.c +++ b/crypto/evp/names.c @@ -10,9 +10,9 @@ #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/evp.h> -#include "internal/objects.h" +#include "crypto/objects.h" #include <openssl/x509.h> -#include "internal/evp_int.h" +#include "crypto/evp.h" int EVP_add_cipher(const EVP_CIPHER *c) { diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index 7e55d0bfb817..6c5f45f73368 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -28,7 +28,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, EVP_MD_CTX *ctx; unsigned char md_tmp[EVP_MAX_MD_SIZE]; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; - int i; + int i, ivl, kl; PBEPARAM *pbe; int saltlen, iter; unsigned char *salt; @@ -48,6 +48,19 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, return 0; } + ivl = EVP_CIPHER_iv_length(cipher); + if (ivl < 0 || ivl > 16) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_IV_LENGTH); + PBEPARAM_free(pbe); + return 0; + } + kl = EVP_CIPHER_key_length(cipher); + if (kl < 0 || kl > (int)sizeof(md_tmp)) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_KEY_LENGTH); + PBEPARAM_free(pbe); + return 0; + } + if (!pbe->iter) iter = 1; else @@ -73,6 +86,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, if (!EVP_DigestUpdate(ctx, salt, saltlen)) goto err; PBEPARAM_free(pbe); + pbe = NULL; if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) goto err; mdsize = EVP_MD_size(md); @@ -86,11 +100,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) goto err; } - OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); - memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); - OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); - memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), - EVP_CIPHER_iv_length(cipher)); + memcpy(key, md_tmp, kl); + memcpy(iv, md_tmp + (16 - ivl), ivl); if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de)) goto err; OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); @@ -98,6 +109,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); rv = 1; err: + PBEPARAM_free(pbe); EVP_MD_CTX_free(ctx); return rv; } diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index e819eb9b47dc..7f625b3d57f3 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -13,7 +13,7 @@ # include <openssl/x509.h> # include <openssl/evp.h> # include <openssl/hmac.h> -# include "evp_locl.h" +# include "evp_local.h" /* set this to print out info about the keygen algorithm */ /* #define OPENSSL_DEBUG_PKCS5V2 */ diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 3cd7ca8d54ca..9f1a485a5b83 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -21,8 +21,8 @@ #include <openssl/cmac.h> #include <openssl/engine.h> -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" static void EVP_PKEY_free_it(EVP_PKEY *x); @@ -102,7 +102,7 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) { - if (pkey->ameth && pkey->ameth->param_missing) + if (pkey != NULL && pkey->ameth && pkey->ameth->param_missing) return pkey->ameth->param_missing(pkey); return 0; } @@ -465,7 +465,7 @@ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) { - if (pkey->type != EVP_PKEY_RSA) { + if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) { EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY); return NULL; } @@ -540,7 +540,9 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) { - int ret = EVP_PKEY_assign_DH(pkey, key); + int type = DH_get0_q(key) == NULL ? EVP_PKEY_DH : EVP_PKEY_DHX; + int ret = EVP_PKEY_assign(pkey, type, key); + if (ret) DH_up_ref(key); return ret; diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c index 6cb442e4f91d..0383294a87c8 100644 --- a/crypto/evp/p_sign.c +++ b/crypto/evp/p_sign.c @@ -12,7 +12,7 @@ #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> -#include "internal/evp_int.h" +#include "crypto/evp.h" int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey) diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c index 6e8c565dfd6b..e27196f7c2e6 100644 --- a/crypto/evp/p_verify.c +++ b/crypto/evp/p_verify.c @@ -12,7 +12,7 @@ #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> -#include "internal/evp_int.h" +#include "crypto/evp.h" int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey) diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c index de1c07e17114..02f4093461d8 100644 --- a/crypto/evp/pmeth_fn.c +++ b/crypto/evp/pmeth_fn.c @@ -12,7 +12,7 @@ #include "internal/cryptlib.h" #include <openssl/objects.h> #include <openssl/evp.h> -#include "internal/evp_int.h" +#include "crypto/evp.h" #define M_check_autoarg(ctx, arg, arglen, err) \ if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \ diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index e14965f33384..3ad6d5c7c7a0 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -12,9 +12,9 @@ #include "internal/cryptlib.h" #include <openssl/objects.h> #include <openssl/evp.h> -#include "internal/bn_int.h" -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/bn.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx) { diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 7fbf895e0732..603ccd835219 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -13,8 +13,8 @@ #include <openssl/engine.h> #include <openssl/evp.h> #include <openssl/x509v3.h> -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" #include "internal/numbers.h" typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); @@ -642,6 +642,21 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, pmeth->ctrl_str = ctrl_str; } +void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, + int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)) +{ + pmeth->digestsign = digestsign; +} + +void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, + int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen)) +{ + pmeth->digestverify = digestverify; +} + void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, int (*check) (EVP_PKEY *pkey)) { @@ -834,6 +849,23 @@ void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, *pctrl_str = pmeth->ctrl_str; } +void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, + int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)) +{ + if (digestsign) + *digestsign = pmeth->digestsign; +} + +void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, + int (**digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen)) +{ + if (digestverify) + *digestverify = pmeth->digestverify; +} + void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, int (**pcheck) (EVP_PKEY *pkey)) { |