Adapt all EVP_CIPHER_CTX users for it becoming opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
parent
936166aff2
commit
846ec07d90
40
apps/speed.c
40
apps/speed.c
@ -1654,7 +1654,7 @@ int speed_main(int argc, char **argv)
|
||||
#endif
|
||||
for (j = 0; j < SIZE_NUM; j++) {
|
||||
if (evp_cipher) {
|
||||
EVP_CIPHER_CTX ctx;
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
int outl;
|
||||
|
||||
names[D_EVP] = OBJ_nid2ln(evp_cipher->nid);
|
||||
@ -1664,30 +1664,30 @@ int speed_main(int argc, char **argv)
|
||||
*/
|
||||
print_message(names[D_EVP], save_count, lengths[j]);
|
||||
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
if (decrypt)
|
||||
EVP_DecryptInit_ex(&ctx, evp_cipher, NULL, key16, iv);
|
||||
EVP_DecryptInit_ex(ctx, evp_cipher, NULL, key16, iv);
|
||||
else
|
||||
EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, key16, iv);
|
||||
EVP_CIPHER_CTX_set_padding(&ctx, 0);
|
||||
EVP_EncryptInit_ex(ctx, evp_cipher, NULL, key16, iv);
|
||||
EVP_CIPHER_CTX_set_padding(ctx, 0);
|
||||
|
||||
Time_F(START);
|
||||
if (decrypt)
|
||||
for (count = 0, run = 1;
|
||||
COND(save_count * 4 * lengths[0] / lengths[j]);
|
||||
count++)
|
||||
EVP_DecryptUpdate(&ctx, buf, &outl, buf, lengths[j]);
|
||||
EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[j]);
|
||||
else
|
||||
for (count = 0, run = 1;
|
||||
COND(save_count * 4 * lengths[0] / lengths[j]);
|
||||
count++)
|
||||
EVP_EncryptUpdate(&ctx, buf, &outl, buf, lengths[j]);
|
||||
EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[j]);
|
||||
if (decrypt)
|
||||
EVP_DecryptFinal_ex(&ctx, buf, &outl);
|
||||
EVP_DecryptFinal_ex(ctx, buf, &outl);
|
||||
else
|
||||
EVP_EncryptFinal_ex(&ctx, buf, &outl);
|
||||
EVP_EncryptFinal_ex(ctx, buf, &outl);
|
||||
d = Time_F(STOP);
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
}
|
||||
if (evp_md) {
|
||||
names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md));
|
||||
@ -2438,14 +2438,14 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher)
|
||||
int j, count, num = OSSL_NELEM(lengths);
|
||||
const char *alg_name;
|
||||
unsigned char *inp, *out, no_key[32], no_iv[16];
|
||||
EVP_CIPHER_CTX ctx;
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
double d = 0.0;
|
||||
|
||||
inp = app_malloc(mblengths[num - 1], "multiblock input buffer");
|
||||
out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer");
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, no_key, no_iv);
|
||||
EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key),
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
EVP_EncryptInit_ex(ctx, evp_cipher, NULL, no_key, no_iv);
|
||||
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key),
|
||||
no_key);
|
||||
alg_name = OBJ_nid2ln(evp_cipher->nid);
|
||||
|
||||
@ -2469,16 +2469,14 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher)
|
||||
mb_param.len = len;
|
||||
mb_param.interleave = 8;
|
||||
|
||||
packlen = EVP_CIPHER_CTX_ctrl(&ctx,
|
||||
EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
|
||||
packlen = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
|
||||
sizeof(mb_param), &mb_param);
|
||||
|
||||
if (packlen > 0) {
|
||||
mb_param.out = out;
|
||||
mb_param.inp = inp;
|
||||
mb_param.len = len;
|
||||
EVP_CIPHER_CTX_ctrl(&ctx,
|
||||
EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
|
||||
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
|
||||
sizeof(mb_param), &mb_param);
|
||||
} else {
|
||||
int pad;
|
||||
@ -2487,10 +2485,9 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher)
|
||||
len += 16;
|
||||
aad[11] = len >> 8;
|
||||
aad[12] = len;
|
||||
pad = EVP_CIPHER_CTX_ctrl(&ctx,
|
||||
EVP_CTRL_AEAD_TLS1_AAD,
|
||||
pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD,
|
||||
EVP_AEAD_TLS1_AAD_LEN, aad);
|
||||
EVP_Cipher(&ctx, out, inp, len + pad);
|
||||
EVP_Cipher(ctx, out, inp, len + pad);
|
||||
}
|
||||
}
|
||||
d = Time_F(STOP);
|
||||
@ -2528,4 +2525,5 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher)
|
||||
|
||||
OPENSSL_free(inp);
|
||||
OPENSSL_free(out);
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
}
|
||||
|
@ -93,7 +93,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
|
||||
{
|
||||
X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
|
||||
int alg_nid, keylen;
|
||||
EVP_CIPHER_CTX ctx;
|
||||
EVP_CIPHER_CTX *ctx = NULL;
|
||||
unsigned char iv[EVP_MAX_IV_LENGTH];
|
||||
PBE2PARAM *pbe2 = NULL;
|
||||
ASN1_OBJECT *obj;
|
||||
@ -123,14 +123,15 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
|
||||
goto err;
|
||||
}
|
||||
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
if (ctx == NULL)
|
||||
goto merr;
|
||||
|
||||
/* Dummy cipherinit to just setup the IV, and PRF */
|
||||
if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
|
||||
if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0))
|
||||
goto err;
|
||||
if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
|
||||
if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) {
|
||||
ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
goto err;
|
||||
}
|
||||
/*
|
||||
@ -138,11 +139,12 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
|
||||
* here: just means use default PRF.
|
||||
*/
|
||||
if ((prf_nid == -1) &&
|
||||
EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
|
||||
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
|
||||
ERR_clear_error();
|
||||
prf_nid = NID_hmacWithSHA1;
|
||||
}
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
ctx = NULL;
|
||||
|
||||
/* If its RC2 then we'd better setup the key length */
|
||||
|
||||
@ -182,6 +184,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
|
||||
ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE);
|
||||
|
||||
err:
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
PBE2PARAM_free(pbe2);
|
||||
/* Note 'scheme' is freed as part of pbe2 */
|
||||
X509_ALGOR_free(kalg);
|
||||
|
@ -103,7 +103,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
|
||||
X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
|
||||
int alg_nid;
|
||||
size_t keylen = 0;
|
||||
EVP_CIPHER_CTX ctx;
|
||||
EVP_CIPHER_CTX *ctx = NULL;
|
||||
unsigned char iv[EVP_MAX_IV_LENGTH];
|
||||
PBE2PARAM *pbe2 = NULL;
|
||||
ASN1_OBJECT *obj;
|
||||
@ -146,18 +146,20 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
|
||||
goto err;
|
||||
}
|
||||
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
if (ctx == NULL)
|
||||
goto merr;
|
||||
|
||||
/* Dummy cipherinit to just setup the IV */
|
||||
if (EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0) == 0)
|
||||
if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0) == 0)
|
||||
goto err;
|
||||
if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
|
||||
if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) {
|
||||
ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT,
|
||||
ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
goto err;
|
||||
}
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
ctx = NULL;
|
||||
|
||||
/* If its RC2 then we'd better setup the key length */
|
||||
|
||||
@ -199,6 +201,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
|
||||
PBE2PARAM_free(pbe2);
|
||||
X509_ALGOR_free(kalg);
|
||||
X509_ALGOR_free(ret);
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
|
||||
return NULL;
|
||||
|
||||
|
@ -60,7 +60,7 @@
|
||||
|
||||
struct CMAC_CTX_st {
|
||||
/* Cipher context to use */
|
||||
EVP_CIPHER_CTX cctx;
|
||||
EVP_CIPHER_CTX *cctx;
|
||||
/* Keys k1 and k2 */
|
||||
unsigned char k1[EVP_MAX_BLOCK_LENGTH];
|
||||
unsigned char k2[EVP_MAX_BLOCK_LENGTH];
|
||||
@ -94,14 +94,18 @@ CMAC_CTX *CMAC_CTX_new(void)
|
||||
ctx = OPENSSL_malloc(sizeof(*ctx));
|
||||
if (ctx == NULL)
|
||||
return NULL;
|
||||
EVP_CIPHER_CTX_init(&ctx->cctx);
|
||||
ctx->cctx = EVP_CIPHER_CTX_new();
|
||||
if (ctx->cctx == NULL) {
|
||||
OPENSSL_free(ctx);
|
||||
return NULL;
|
||||
}
|
||||
ctx->nlast_block = -1;
|
||||
return ctx;
|
||||
}
|
||||
|
||||
void CMAC_CTX_cleanup(CMAC_CTX *ctx)
|
||||
{
|
||||
EVP_CIPHER_CTX_cleanup(&ctx->cctx);
|
||||
EVP_CIPHER_CTX_free(ctx->cctx);
|
||||
OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
|
||||
OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
|
||||
OPENSSL_cleanse(ctx->k2, EVP_MAX_BLOCK_LENGTH);
|
||||
@ -111,7 +115,7 @@ void CMAC_CTX_cleanup(CMAC_CTX *ctx)
|
||||
|
||||
EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx)
|
||||
{
|
||||
return &ctx->cctx;
|
||||
return ctx->cctx;
|
||||
}
|
||||
|
||||
void CMAC_CTX_free(CMAC_CTX *ctx)
|
||||
@ -127,9 +131,9 @@ int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in)
|
||||
int bl;
|
||||
if (in->nlast_block == -1)
|
||||
return 0;
|
||||
if (!EVP_CIPHER_CTX_copy(&out->cctx, &in->cctx))
|
||||
if (!EVP_CIPHER_CTX_copy(out->cctx, in->cctx))
|
||||
return 0;
|
||||
bl = M_EVP_CIPHER_CTX_block_size(&in->cctx);
|
||||
bl = EVP_CIPHER_CTX_block_size(in->cctx);
|
||||
memcpy(out->k1, in->k1, bl);
|
||||
memcpy(out->k2, in->k2, bl);
|
||||
memcpy(out->tbl, in->tbl, bl);
|
||||
@ -147,32 +151,32 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
|
||||
/* Not initialised */
|
||||
if (ctx->nlast_block == -1)
|
||||
return 0;
|
||||
if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
|
||||
if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv))
|
||||
return 0;
|
||||
memset(ctx->tbl, 0, M_EVP_CIPHER_CTX_block_size(&ctx->cctx));
|
||||
memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(ctx->cctx));
|
||||
ctx->nlast_block = 0;
|
||||
return 1;
|
||||
}
|
||||
/* Initialiase context */
|
||||
if (cipher && !M_EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL))
|
||||
if (cipher && !EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL))
|
||||
return 0;
|
||||
/* Non-NULL key means initialisation complete */
|
||||
if (key) {
|
||||
int bl;
|
||||
if (!M_EVP_CIPHER_CTX_cipher(&ctx->cctx))
|
||||
if (!EVP_CIPHER_CTX_cipher(ctx->cctx))
|
||||
return 0;
|
||||
if (!EVP_CIPHER_CTX_set_key_length(&ctx->cctx, keylen))
|
||||
if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen))
|
||||
return 0;
|
||||
if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv))
|
||||
if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv))
|
||||
return 0;
|
||||
bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx);
|
||||
if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl))
|
||||
bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
|
||||
if (!EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl))
|
||||
return 0;
|
||||
make_kn(ctx->k1, ctx->tbl, bl);
|
||||
make_kn(ctx->k2, ctx->k1, bl);
|
||||
OPENSSL_cleanse(ctx->tbl, bl);
|
||||
/* Reset context again ready for first data block */
|
||||
if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
|
||||
if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv))
|
||||
return 0;
|
||||
/* Zero tbl so resume works */
|
||||
memset(ctx->tbl, 0, bl);
|
||||
@ -189,7 +193,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
|
||||
return 0;
|
||||
if (dlen == 0)
|
||||
return 1;
|
||||
bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx);
|
||||
bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
|
||||
/* Copy into partial block if we need to */
|
||||
if (ctx->nlast_block > 0) {
|
||||
size_t nleft;
|
||||
@ -204,12 +208,12 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
|
||||
return 1;
|
||||
data += nleft;
|
||||
/* Else not final block so encrypt it */
|
||||
if (!EVP_Cipher(&ctx->cctx, ctx->tbl, ctx->last_block, bl))
|
||||
if (!EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl))
|
||||
return 0;
|
||||
}
|
||||
/* Encrypt all but one of the complete blocks left */
|
||||
while (dlen > bl) {
|
||||
if (!EVP_Cipher(&ctx->cctx, ctx->tbl, data, bl))
|
||||
if (!EVP_Cipher(ctx->cctx, ctx->tbl, data, bl))
|
||||
return 0;
|
||||
dlen -= bl;
|
||||
data += bl;
|
||||
@ -226,7 +230,7 @@ int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
|
||||
int i, bl, lb;
|
||||
if (ctx->nlast_block == -1)
|
||||
return 0;
|
||||
bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx);
|
||||
bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
|
||||
*poutlen = (size_t)bl;
|
||||
if (!out)
|
||||
return 1;
|
||||
@ -242,7 +246,7 @@ int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
|
||||
for (i = 0; i < bl; i++)
|
||||
out[i] = ctx->last_block[i] ^ ctx->k2[i];
|
||||
}
|
||||
if (!EVP_Cipher(&ctx->cctx, out, out, bl)) {
|
||||
if (!EVP_Cipher(ctx->cctx, out, out, bl)) {
|
||||
OPENSSL_cleanse(out, bl);
|
||||
return 0;
|
||||
}
|
||||
@ -260,5 +264,5 @@ int CMAC_resume(CMAC_CTX *ctx)
|
||||
* decrypted block will allow CMAC to continue after calling
|
||||
* CMAC_Final().
|
||||
*/
|
||||
return M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, ctx->tbl);
|
||||
return M_EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, ctx->tbl);
|
||||
}
|
||||
|
@ -194,12 +194,14 @@ static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
|
||||
{
|
||||
CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval;
|
||||
if (operation == ASN1_OP_NEW_POST) {
|
||||
EVP_CIPHER_CTX_init(&kari->ctx);
|
||||
EVP_CIPHER_CTX_set_flags(&kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
|
||||
kari->ctx = EVP_CIPHER_CTX_new();
|
||||
if (kari->ctx == NULL)
|
||||
return 0;
|
||||
EVP_CIPHER_CTX_set_flags(kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
|
||||
kari->pctx = NULL;
|
||||
} else if (operation == ASN1_OP_FREE_POST) {
|
||||
EVP_PKEY_CTX_free(kari->pctx);
|
||||
EVP_CIPHER_CTX_cleanup(&kari->ctx);
|
||||
EVP_CIPHER_CTX_free(kari->ctx);
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
@ -220,7 +220,7 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
|
||||
EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri)
|
||||
{
|
||||
if (ri->type == CMS_RECIPINFO_AGREE)
|
||||
return &ri->d.kari->ctx;
|
||||
return ri->d.kari->ctx;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -239,22 +239,22 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,
|
||||
int rv = 0;
|
||||
unsigned char *out = NULL;
|
||||
int outlen;
|
||||
keklen = EVP_CIPHER_CTX_key_length(&kari->ctx);
|
||||
keklen = EVP_CIPHER_CTX_key_length(kari->ctx);
|
||||
if (keklen > EVP_MAX_KEY_LENGTH)
|
||||
return 0;
|
||||
/* Derive KEK */
|
||||
if (EVP_PKEY_derive(kari->pctx, kek, &keklen) <= 0)
|
||||
goto err;
|
||||
/* Set KEK in context */
|
||||
if (!EVP_CipherInit_ex(&kari->ctx, NULL, NULL, kek, NULL, enc))
|
||||
if (!EVP_CipherInit_ex(kari->ctx, NULL, NULL, kek, NULL, enc))
|
||||
goto err;
|
||||
/* obtain output length of ciphered key */
|
||||
if (!EVP_CipherUpdate(&kari->ctx, NULL, &outlen, in, inlen))
|
||||
if (!EVP_CipherUpdate(kari->ctx, NULL, &outlen, in, inlen))
|
||||
goto err;
|
||||
out = OPENSSL_malloc(outlen);
|
||||
if (out == NULL)
|
||||
goto err;
|
||||
if (!EVP_CipherUpdate(&kari->ctx, out, &outlen, in, inlen))
|
||||
if (!EVP_CipherUpdate(kari->ctx, out, &outlen, in, inlen))
|
||||
goto err;
|
||||
*pout = out;
|
||||
*poutlen = (size_t)outlen;
|
||||
@ -264,7 +264,8 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,
|
||||
OPENSSL_cleanse(kek, keklen);
|
||||
if (!rv)
|
||||
OPENSSL_free(out);
|
||||
EVP_CIPHER_CTX_cleanup(&kari->ctx);
|
||||
EVP_CIPHER_CTX_reset(kari->ctx);
|
||||
/* FIXME: WHY IS kari->pctx freed here? /RL */
|
||||
EVP_PKEY_CTX_free(kari->pctx);
|
||||
kari->pctx = NULL;
|
||||
return rv;
|
||||
@ -374,7 +375,7 @@ int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
|
||||
static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,
|
||||
const EVP_CIPHER *cipher)
|
||||
{
|
||||
EVP_CIPHER_CTX *ctx = &kari->ctx;
|
||||
EVP_CIPHER_CTX *ctx = kari->ctx;
|
||||
const EVP_CIPHER *kekcipher;
|
||||
int keylen = EVP_CIPHER_key_length(cipher);
|
||||
/* If a suitable wrap algorithm is already set nothing to do */
|
||||
|
@ -210,7 +210,7 @@ struct CMS_KeyAgreeRecipientInfo_st {
|
||||
/* Public key context associated with current operation */
|
||||
EVP_PKEY_CTX *pctx;
|
||||
/* Cipher context for CEK wrapping */
|
||||
EVP_CIPHER_CTX ctx;
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
};
|
||||
|
||||
struct CMS_OriginatorIdentifierOrKey_st {
|
||||
|
@ -90,7 +90,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
|
||||
CMS_RecipientInfo *ri = NULL;
|
||||
CMS_EnvelopedData *env;
|
||||
CMS_PasswordRecipientInfo *pwri;
|
||||
EVP_CIPHER_CTX ctx;
|
||||
EVP_CIPHER_CTX *ctx = NULL;
|
||||
X509_ALGOR *encalg = NULL;
|
||||
unsigned char iv[EVP_MAX_IV_LENGTH];
|
||||
int ivlen;
|
||||
@ -124,19 +124,19 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
|
||||
if (encalg == NULL) {
|
||||
goto merr;
|
||||
}
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
|
||||
if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) {
|
||||
if (EVP_EncryptInit_ex(ctx, kekciph, NULL, NULL, NULL) <= 0) {
|
||||
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
ivlen = EVP_CIPHER_CTX_iv_length(&ctx);
|
||||
ivlen = EVP_CIPHER_CTX_iv_length(ctx);
|
||||
|
||||
if (ivlen > 0) {
|
||||
if (RAND_bytes(iv, ivlen) <= 0)
|
||||
goto err;
|
||||
if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) {
|
||||
if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) {
|
||||
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
@ -145,16 +145,17 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
|
||||
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
if (EVP_CIPHER_param_to_asn1(&ctx, encalg->parameter) <= 0) {
|
||||
if (EVP_CIPHER_param_to_asn1(ctx, encalg->parameter) <= 0) {
|
||||
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
|
||||
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(&ctx));
|
||||
encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
|
||||
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
ctx = NULL;
|
||||
|
||||
/* Initialize recipient info */
|
||||
ri = M_ASN1_new_of(CMS_RecipientInfo);
|
||||
@ -204,7 +205,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
|
||||
merr:
|
||||
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
|
||||
err:
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
if (ri)
|
||||
M_ASN1_free_of(ri, CMS_RecipientInfo);
|
||||
X509_ALGOR_free(encalg);
|
||||
@ -323,7 +324,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
|
||||
CMS_PasswordRecipientInfo *pwri;
|
||||
int r = 0;
|
||||
X509_ALGOR *algtmp, *kekalg = NULL;
|
||||
EVP_CIPHER_CTX kekctx;
|
||||
EVP_CIPHER_CTX *kekctx;
|
||||
const EVP_CIPHER *kekcipher;
|
||||
unsigned char *key = NULL;
|
||||
size_t keylen;
|
||||
@ -331,7 +332,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
|
||||
ec = cms->d.envelopedData->encryptedContentInfo;
|
||||
|
||||
pwri = ri->d.pwri;
|
||||
EVP_CIPHER_CTX_init(&kekctx);
|
||||
kekctx = EVP_CIPHER_CTX_new();
|
||||
|
||||
if (!pwri->pass) {
|
||||
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
|
||||
@ -362,10 +363,10 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
|
||||
}
|
||||
|
||||
/* Fixup cipher based on AlgorithmIdentifier to set IV etc */
|
||||
if (!EVP_CipherInit_ex(&kekctx, kekcipher, NULL, NULL, NULL, en_de))
|
||||
if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))
|
||||
goto err;
|
||||
EVP_CIPHER_CTX_set_padding(&kekctx, 0);
|
||||
if (EVP_CIPHER_asn1_to_param(&kekctx, kekalg->parameter) < 0) {
|
||||
EVP_CIPHER_CTX_set_padding(kekctx, 0);
|
||||
if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) < 0) {
|
||||
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
|
||||
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
|
||||
goto err;
|
||||
@ -377,7 +378,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
|
||||
|
||||
if (EVP_PBE_CipherInit(algtmp->algorithm,
|
||||
(char *)pwri->pass, pwri->passlen,
|
||||
algtmp->parameter, &kekctx, en_de) < 0) {
|
||||
algtmp->parameter, kekctx, en_de) < 0) {
|
||||
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
@ -386,7 +387,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
|
||||
|
||||
if (en_de) {
|
||||
|
||||
if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, &kekctx))
|
||||
if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, kekctx))
|
||||
goto err;
|
||||
|
||||
key = OPENSSL_malloc(keylen);
|
||||
@ -394,7 +395,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
|
||||
if (key == NULL)
|
||||
goto err;
|
||||
|
||||
if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, &kekctx))
|
||||
if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, kekctx))
|
||||
goto err;
|
||||
pwri->encryptedKey->data = key;
|
||||
pwri->encryptedKey->length = keylen;
|
||||
@ -407,7 +408,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
|
||||
}
|
||||
if (!kek_unwrap_key(key, &keylen,
|
||||
pwri->encryptedKey->data,
|
||||
pwri->encryptedKey->length, &kekctx)) {
|
||||
pwri->encryptedKey->length, kekctx)) {
|
||||
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNWRAP_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
@ -421,7 +422,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
|
||||
|
||||
err:
|
||||
|
||||
EVP_CIPHER_CTX_cleanup(&kekctx);
|
||||
EVP_CIPHER_CTX_free(kekctx);
|
||||
|
||||
if (!r)
|
||||
OPENSSL_free(key);
|
||||
|
@ -83,7 +83,7 @@ typedef struct enc_struct {
|
||||
int cont; /* <= 0 when finished */
|
||||
int finished;
|
||||
int ok; /* bad decrypt */
|
||||
EVP_CIPHER_CTX cipher;
|
||||
EVP_CIPHER_CTX *cipher;
|
||||
/*
|
||||
* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return
|
||||
* up to a block more data than is presented to it
|
||||
@ -114,15 +114,19 @@ static int enc_new(BIO *bi)
|
||||
|
||||
ctx = OPENSSL_zalloc(sizeof(*ctx));
|
||||
if (ctx == NULL)
|
||||
return (0);
|
||||
return 0;
|
||||
|
||||
EVP_CIPHER_CTX_init(&ctx->cipher);
|
||||
ctx->cipher = EVP_CIPHER_CTX_new();
|
||||
if (ctx->cipher == NULL) {
|
||||
OPENSSL_free(ctx);
|
||||
return 0;
|
||||
}
|
||||
ctx->cont = 1;
|
||||
ctx->ok = 1;
|
||||
bi->init = 0;
|
||||
bi->ptr = (char *)ctx;
|
||||
bi->flags = 0;
|
||||
return (1);
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int enc_free(BIO *a)
|
||||
@ -132,7 +136,7 @@ static int enc_free(BIO *a)
|
||||
if (a == NULL)
|
||||
return (0);
|
||||
b = (BIO_ENC_CTX *)a->ptr;
|
||||
EVP_CIPHER_CTX_cleanup(&(b->cipher));
|
||||
EVP_CIPHER_CTX_free(b->cipher);
|
||||
OPENSSL_clear_free(a->ptr, sizeof(BIO_ENC_CTX));
|
||||
a->ptr = NULL;
|
||||
a->init = 0;
|
||||
@ -186,7 +190,7 @@ static int enc_read(BIO *b, char *out, int outl)
|
||||
/* Should be continue next time we are called? */
|
||||
if (!BIO_should_retry(b->next_bio)) {
|
||||
ctx->cont = i;
|
||||
i = EVP_CipherFinal_ex(&(ctx->cipher),
|
||||
i = EVP_CipherFinal_ex(ctx->cipher,
|
||||
(unsigned char *)ctx->buf,
|
||||
&(ctx->buf_len));
|
||||
ctx->ok = i;
|
||||
@ -196,7 +200,7 @@ static int enc_read(BIO *b, char *out, int outl)
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
if (!EVP_CipherUpdate(&(ctx->cipher),
|
||||
if (!EVP_CipherUpdate(ctx->cipher,
|
||||
(unsigned char *)ctx->buf, &ctx->buf_len,
|
||||
(unsigned char *)&(ctx->buf[BUF_OFFSET]),
|
||||
i)) {
|
||||
@ -259,7 +263,7 @@ static int enc_write(BIO *b, const char *in, int inl)
|
||||
ctx->buf_off = 0;
|
||||
while (inl > 0) {
|
||||
n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl;
|
||||
if (!EVP_CipherUpdate(&(ctx->cipher),
|
||||
if (!EVP_CipherUpdate(ctx->cipher,
|
||||
(unsigned char *)ctx->buf, &ctx->buf_len,
|
||||
(unsigned char *)in, n)) {
|
||||
BIO_clear_retry_flags(b);
|
||||
@ -300,8 +304,8 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
case BIO_CTRL_RESET:
|
||||
ctx->ok = 1;
|
||||
ctx->finished = 0;
|
||||
if (!EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL,
|
||||
ctx->cipher.encrypt))
|
||||
if (!EVP_CipherInit_ex(ctx->cipher, NULL, NULL, NULL, NULL,
|
||||
EVP_CIPHER_CTX_encrypting(ctx->cipher)))
|
||||
return 0;
|
||||
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
|
||||
break;
|
||||
@ -333,7 +337,7 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
if (!ctx->finished) {
|
||||
ctx->finished = 1;
|
||||
ctx->buf_off = 0;
|
||||
ret = EVP_CipherFinal_ex(&(ctx->cipher),
|
||||
ret = EVP_CipherFinal_ex(ctx->cipher,
|
||||
(unsigned char *)ctx->buf,
|
||||
&(ctx->buf_len));
|
||||
ctx->ok = (int)ret;
|
||||
@ -357,14 +361,16 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
break;
|
||||
case BIO_C_GET_CIPHER_CTX:
|
||||
c_ctx = (EVP_CIPHER_CTX **)ptr;
|
||||
(*c_ctx) = &(ctx->cipher);
|
||||
*c_ctx = ctx->cipher;
|
||||
b->init = 1;
|
||||
break;
|
||||
case BIO_CTRL_DUP:
|
||||
dbio = (BIO *)ptr;
|
||||
dctx = (BIO_ENC_CTX *)dbio->ptr;
|
||||
EVP_CIPHER_CTX_init(&dctx->cipher);
|
||||
ret = EVP_CIPHER_CTX_copy(&dctx->cipher, &ctx->cipher);
|
||||
dctx->cipher = EVP_CIPHER_CTX_new();
|
||||
if (dctx->cipher == NULL)
|
||||
return 0;
|
||||
ret = EVP_CIPHER_CTX_copy(dctx->cipher, ctx->cipher);
|
||||
if (ret)
|
||||
dbio->init = 1;
|
||||
break;
|
||||
@ -424,7 +430,7 @@ int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
|
||||
|
||||
b->init = 1;
|
||||
ctx = (BIO_ENC_CTX *)b->ptr;
|
||||
if (!EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e))
|
||||
if (!EVP_CipherInit_ex(ctx->cipher, c, NULL, k, i, e))
|
||||
return 0;
|
||||
|
||||
if (b->callback != NULL)
|
||||
|
@ -74,7 +74,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
|
||||
int i, size = 0, ret = 0;
|
||||
|
||||
if (type) {
|
||||
EVP_CIPHER_CTX_init(ctx);
|
||||
EVP_CIPHER_CTX_reset(ctx);
|
||||
if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL))
|
||||
return 0;
|
||||
}
|
||||
|
@ -74,7 +74,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
|
||||
int i;
|
||||
|
||||
if (type) {
|
||||
EVP_CIPHER_CTX_init(ctx);
|
||||
EVP_CIPHER_CTX_reset(ctx);
|
||||
if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
|
||||
return 0;
|
||||
}
|
||||
|
@ -301,7 +301,6 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
|
||||
unsigned char *kstr, int klen,
|
||||
pem_password_cb *cb, void *u)
|
||||
{
|
||||
EVP_CIPHER_CTX ctx;
|
||||
int i, ret = 0;
|
||||
unsigned char *data = NULL;
|
||||
const char *objstr = NULL;
|
||||
@ -381,7 +380,6 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
|
||||
OPENSSL_cleanse(buf, PEM_BUFSIZE);
|
||||
return (ret);
|
||||
}
|
||||
|
@ -340,7 +340,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
|
||||
void *x, const EVP_CIPHER *enc, unsigned char *kstr,
|
||||
int klen, pem_password_cb *callback, void *u)
|
||||
{
|
||||
EVP_CIPHER_CTX ctx;
|
||||
EVP_CIPHER_CTX *ctx = NULL;
|
||||
int dsize = 0, i = 0, j = 0, ret = 0;
|
||||
unsigned char *p, *data = NULL;
|
||||
const char *objstr = NULL;
|
||||
@ -409,13 +409,12 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
|
||||
PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
|
||||
/* k=strlen(buf); */
|
||||
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
ret = 1;
|
||||
if (!EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv)
|
||||
|| !EVP_EncryptUpdate(&ctx, data, &j, data, i)
|
||||
|| !EVP_EncryptFinal_ex(&ctx, &(data[j]), &i))
|
||||
if ((ctx = EVP_CIPHER_CTX_new()) == NULL
|
||||
|| !EVP_EncryptInit_ex(ctx, enc, NULL, key, iv)
|
||||
|| !EVP_EncryptUpdate(ctx, data, &j, data, i)
|
||||
|| !EVP_EncryptFinal_ex(ctx, &(data[j]), &i))
|
||||
ret = 0;
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
if (ret == 0)
|
||||
goto err;
|
||||
i += j;
|
||||
@ -429,7 +428,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
|
||||
err:
|
||||
OPENSSL_cleanse(key, sizeof(key));
|
||||
OPENSSL_cleanse(iv, sizeof(iv));
|
||||
OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
OPENSSL_cleanse(buf, PEM_BUFSIZE);
|
||||
OPENSSL_clear_free(data, (unsigned int)dsize);
|
||||
return (ret);
|
||||
@ -440,7 +439,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
|
||||
{
|
||||
int i = 0, j, o, klen;
|
||||
long len;
|
||||
EVP_CIPHER_CTX ctx;
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
unsigned char key[EVP_MAX_KEY_LENGTH];
|
||||
char buf[PEM_BUFSIZE];
|
||||
|
||||
@ -466,13 +465,15 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
|
||||
return 0;
|
||||
|
||||
j = (int)len;
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
if (ctx == NULL)
|
||||
return 0;
|
||||
o = EVP_DecryptInit_ex(ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
|
||||
if (o)
|
||||
o = EVP_DecryptUpdate(&ctx, data, &i, data, j);
|
||||
o = EVP_DecryptUpdate(ctx, data, &i, data, j);
|
||||
if (o)
|
||||
o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j);
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
o = EVP_DecryptFinal_ex(ctx, &(data[i]), &j);
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
OPENSSL_cleanse((char *)buf, sizeof(buf));
|
||||
OPENSSL_cleanse((char *)key, sizeof(key));
|
||||
if (o)
|
||||
|
@ -672,8 +672,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
|
||||
unsigned int magic;
|
||||
unsigned char *enctmp = NULL, *q;
|
||||
|
||||
EVP_CIPHER_CTX cctx;
|
||||
EVP_CIPHER_CTX_init(&cctx);
|
||||
EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
|
||||
if (saltlen) {
|
||||
char psbuf[PEM_BUFSIZE];
|
||||
unsigned char keybuf[20];
|
||||
@ -704,22 +703,22 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
|
||||
}
|
||||
inlen = keylen - 8;
|
||||
q = enctmp + 8;
|
||||
if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
|
||||
if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
|
||||
goto err;
|
||||
if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
|
||||
if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
|
||||
goto err;
|
||||
if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen))
|
||||
if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
|
||||
goto err;
|
||||
magic = read_ledword((const unsigned char **)&q);
|
||||
if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
|
||||
q = enctmp + 8;
|
||||
memset(keybuf + 5, 0, 11);
|
||||
if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
|
||||
if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
|
||||
goto err;
|
||||
OPENSSL_cleanse(keybuf, 20);
|
||||
if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
|
||||
if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
|
||||
goto err;
|
||||
if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen))
|
||||
if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
|
||||
goto err;
|
||||
magic = read_ledword((const unsigned char **)&q);
|
||||
if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
|
||||
@ -733,7 +732,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
|
||||
|
||||
ret = b2i_PrivateKey(&p, keylen);
|
||||
err:
|
||||
EVP_CIPHER_CTX_cleanup(&cctx);
|
||||
EVP_CIPHER_CTX_free(cctx);
|
||||
OPENSSL_free(enctmp);
|
||||
return ret;
|
||||
}
|
||||
@ -776,8 +775,7 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
|
||||
{
|
||||
int outlen = 24, pklen;
|
||||
unsigned char *p, *salt = NULL;
|
||||
EVP_CIPHER_CTX cctx;
|
||||
EVP_CIPHER_CTX_init(&cctx);
|
||||
EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
|
||||
if (enclevel)
|
||||
outlen += PVK_SALTLEN;
|
||||
pklen = do_i2b(NULL, pk, 0);
|
||||
@ -833,19 +831,19 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
|
||||
if (enclevel == 1)
|
||||
memset(keybuf + 5, 0, 11);
|
||||
p = salt + PVK_SALTLEN + 8;
|
||||
if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
|
||||
if (!EVP_EncryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
|
||||
goto error;
|
||||
OPENSSL_cleanse(keybuf, 20);
|
||||
if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8))
|
||||
if (!EVP_DecryptUpdate(cctx, p, &enctmplen, p, pklen - 8))
|
||||
goto error;
|
||||
if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen))
|
||||
if (!EVP_DecryptFinal_ex(cctx, p + enctmplen, &enctmplen))
|
||||
goto error;
|
||||
}
|
||||
EVP_CIPHER_CTX_cleanup(&cctx);
|
||||
EVP_CIPHER_CTX_free(cctx);
|
||||
return outlen;
|
||||
|
||||
error:
|
||||
EVP_CIPHER_CTX_cleanup(&cctx);
|
||||
EVP_CIPHER_CTX_free(cctx);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
@ -77,24 +77,28 @@ unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
|
||||
{
|
||||
unsigned char *out = NULL;
|
||||
int outlen, i;
|
||||
EVP_CIPHER_CTX ctx;
|
||||
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
|
||||
|
||||
if (ctx == NULL) {
|
||||
PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
/* Decrypt data */
|
||||
if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
|
||||
algor->parameter, &ctx, en_de)) {
|
||||
algor->parameter, ctx, en_de)) {
|
||||
PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
|
||||
PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if ((out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))
|
||||
if ((out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(ctx)))
|
||||
== NULL) {
|
||||
PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) {
|
||||
if (!EVP_CipherUpdate(ctx, out, &i, in, inlen)) {
|
||||
OPENSSL_free(out);
|
||||
out = NULL;
|
||||
PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB);
|
||||
@ -102,7 +106,7 @@ unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
|
||||
}
|
||||
|
||||
outlen = i;
|
||||
if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
|
||||
if (!EVP_CipherFinal_ex(ctx, out + i, &i)) {
|
||||
OPENSSL_free(out);
|
||||
out = NULL;
|
||||
PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
|
||||
@ -115,7 +119,7 @@ unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
|
||||
if (data)
|
||||
*data = out;
|
||||
err:
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
return out;
|
||||
|
||||
}
|
||||
|
@ -498,7 +498,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
|
||||
u_len >= 4 * (max_send_fragment = s->max_send_fragment) &&
|
||||
s->compress == NULL && s->msg_callback == NULL &&
|
||||
!SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) &&
|
||||
EVP_CIPHER_flags(s->enc_write_ctx->cipher) &
|
||||
EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) &
|
||||
EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) {
|
||||
unsigned char aad[13];
|
||||
EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
|
||||
|
@ -587,7 +587,7 @@ int ssl3_enc(SSL *s, int send)
|
||||
rec->input = rec->data;
|
||||
} else {
|
||||
l = rec->length;
|
||||
bs = EVP_CIPHER_block_size(ds->cipher);
|
||||
bs = EVP_CIPHER_CTX_block_size(ds);
|
||||
|
||||
/* COMPRESS */
|
||||
|
||||
@ -690,9 +690,9 @@ int tls1_enc(SSL *s, int send)
|
||||
ret = 1;
|
||||
} else {
|
||||
l = rec->length;
|
||||
bs = EVP_CIPHER_block_size(ds->cipher);
|
||||
bs = EVP_CIPHER_CTX_block_size(ds);
|
||||
|
||||
if (EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
|
||||
if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds)) & EVP_CIPH_FLAG_AEAD_CIPHER) {
|
||||
unsigned char buf[EVP_AEAD_TLS1_AAD_LEN], *seq;
|
||||
|
||||
seq = send ? RECORD_LAYER_get_write_sequence(&s->rlayer)
|
||||
@ -746,7 +746,7 @@ int tls1_enc(SSL *s, int send)
|
||||
}
|
||||
|
||||
i = EVP_Cipher(ds, rec->data, rec->input, l);
|
||||
if ((EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_CUSTOM_CIPHER)
|
||||
if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds)) & EVP_CIPH_FLAG_CUSTOM_CIPHER)
|
||||
? (i < 0)
|
||||
: (i == 0))
|
||||
return -1; /* AEAD can fail to verify MAC */
|
||||
@ -1064,7 +1064,7 @@ int tls1_cbc_remove_padding(const SSL *s,
|
||||
|
||||
padding_length = rec->data[rec->length - 1];
|
||||
|
||||
if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
|
||||
if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) {
|
||||
/* padding is already verified */
|
||||
rec->length -= padding_length + 1;
|
||||
return 1;
|
||||
|
12
ssl/s3_enc.c
12
ssl/s3_enc.c
@ -228,14 +228,13 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
||||
if (which & SSL3_CC_READ) {
|
||||
if (s->enc_read_ctx != NULL)
|
||||
reuse_dd = 1;
|
||||
else if ((s->enc_read_ctx =
|
||||
OPENSSL_malloc(sizeof(*s->enc_read_ctx))) == NULL)
|
||||
else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL)
|
||||
goto err;
|
||||
else
|
||||
/*
|
||||
* make sure it's intialized in case we exit later with an error
|
||||
*/
|
||||
EVP_CIPHER_CTX_init(s->enc_read_ctx);
|
||||
EVP_CIPHER_CTX_reset(s->enc_read_ctx);
|
||||
dd = s->enc_read_ctx;
|
||||
|
||||
if (ssl_replace_hash(&s->read_hash, m) == NULL) {
|
||||
@ -262,14 +261,13 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
||||
} else {
|
||||
if (s->enc_write_ctx != NULL)
|
||||
reuse_dd = 1;
|
||||
else if ((s->enc_write_ctx =
|
||||
OPENSSL_malloc(sizeof(*s->enc_write_ctx))) == NULL)
|
||||
else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL)
|
||||
goto err;
|
||||
else
|
||||
/*
|
||||
* make sure it's intialized in case we exit later with an error
|
||||
*/
|
||||
EVP_CIPHER_CTX_init(s->enc_write_ctx);
|
||||
EVP_CIPHER_CTX_reset(s->enc_write_ctx);
|
||||
dd = s->enc_write_ctx;
|
||||
if (ssl_replace_hash(&s->write_hash, m) == NULL) {
|
||||
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
|
||||
@ -293,7 +291,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
||||
}
|
||||
|
||||
if (reuse_dd)
|
||||
EVP_CIPHER_CTX_cleanup(dd);
|
||||
EVP_CIPHER_CTX_reset(dd);
|
||||
|
||||
p = s->s3->tmp.key_block;
|
||||
i = EVP_MD_size(m);
|
||||
|
@ -3119,13 +3119,11 @@ SSL *SSL_dup(SSL *s)
|
||||
void ssl_clear_cipher_ctx(SSL *s)
|
||||
{
|
||||
if (s->enc_read_ctx != NULL) {
|
||||
EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
|
||||
OPENSSL_free(s->enc_read_ctx);
|
||||
EVP_CIPHER_CTX_free(s->enc_read_ctx);
|
||||
s->enc_read_ctx = NULL;
|
||||
}
|
||||
if (s->enc_write_ctx != NULL) {
|
||||
EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
|
||||
OPENSSL_free(s->enc_write_ctx);
|
||||
EVP_CIPHER_CTX_free(s->enc_write_ctx);
|
||||
s->enc_write_ctx = NULL;
|
||||
}
|
||||
#ifndef OPENSSL_NO_COMP
|
||||
|
@ -235,7 +235,7 @@ int dtls1_do_write(SSL *s, int type)
|
||||
|
||||
if (s->write_hash) {
|
||||
if (s->enc_write_ctx
|
||||
&& (EVP_CIPHER_CTX_flags(s->enc_write_ctx) &
|
||||
&& (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) &
|
||||
EVP_CIPH_FLAG_AEAD_CIPHER) != 0)
|
||||
mac_size = 0;
|
||||
else
|
||||
@ -245,7 +245,7 @@ int dtls1_do_write(SSL *s, int type)
|
||||
|
||||
if (s->enc_write_ctx &&
|
||||
(EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE))
|
||||
blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
|
||||
blocksize = 2 * EVP_CIPHER_CTX_block_size(s->enc_write_ctx);
|
||||
else
|
||||
blocksize = 0;
|
||||
|
||||
|
@ -2926,7 +2926,7 @@ int tls_construct_server_certificate(SSL *s)
|
||||
int tls_construct_new_session_ticket(SSL *s)
|
||||
{
|
||||
unsigned char *senc = NULL;
|
||||
EVP_CIPHER_CTX ctx;
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
HMAC_CTX *hctx = NULL;
|
||||
unsigned char *p, *macstart;
|
||||
const unsigned char *const_p;
|
||||
@ -2953,7 +2953,7 @@ int tls_construct_new_session_ticket(SSL *s)
|
||||
return 0;
|
||||
}
|
||||
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
hctx = HMAC_CTX_new();
|
||||
|
||||
p = senc;
|
||||
@ -3000,12 +3000,12 @@ int tls_construct_new_session_ticket(SSL *s)
|
||||
* all the work otherwise use generated values from parent ctx.
|
||||
*/
|
||||
if (tctx->tlsext_ticket_key_cb) {
|
||||
if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, hctx, 1) < 0)
|
||||
if (tctx->tlsext_ticket_key_cb(s, key_name, iv, ctx, hctx, 1) < 0)
|
||||
goto err;
|
||||
} else {
|
||||
if (RAND_bytes(iv, 16) <= 0)
|
||||
goto err;
|
||||
if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
|
||||
if (!EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
|
||||
tctx->tlsext_tick_aes_key, iv))
|
||||
goto err;
|
||||
if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16,
|
||||
@ -3028,13 +3028,13 @@ int tls_construct_new_session_ticket(SSL *s)
|
||||
memcpy(p, key_name, 16);
|
||||
p += 16;
|
||||
/* output IV */
|
||||
memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
|
||||
p += EVP_CIPHER_CTX_iv_length(&ctx);
|
||||
memcpy(p, iv, EVP_CIPHER_CTX_iv_length(ctx));
|
||||
p += EVP_CIPHER_CTX_iv_length(ctx);
|
||||
/* Encrypt session data */
|
||||
if (!EVP_EncryptUpdate(&ctx, p, &len, senc, slen))
|
||||
if (!EVP_EncryptUpdate(ctx, p, &len, senc, slen))
|
||||
goto err;
|
||||
p += len;
|
||||
if (!EVP_EncryptFinal(&ctx, p, &len))
|
||||
if (!EVP_EncryptFinal(ctx, p, &len))
|
||||
goto err;
|
||||
p += len;
|
||||
|
||||
@ -3043,8 +3043,10 @@ int tls_construct_new_session_ticket(SSL *s)
|
||||
if (!HMAC_Final(hctx, p, &hlen))
|
||||
goto err;
|
||||
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
HMAC_CTX_free(hctx);
|
||||
ctx = NULL;
|
||||
hctx = NULL;
|
||||
|
||||
p += hlen;
|
||||
/* Now write out lengths: p points to end of data written */
|
||||
@ -3060,7 +3062,7 @@ int tls_construct_new_session_ticket(SSL *s)
|
||||
return 1;
|
||||
err:
|
||||
OPENSSL_free(senc);
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
HMAC_CTX_free(hctx);
|
||||
ossl_statem_set_error(s);
|
||||
return 0;
|
||||
|
@ -330,14 +330,13 @@ int tls1_change_cipher_state(SSL *s, int which)
|
||||
|
||||
if (s->enc_read_ctx != NULL)
|
||||
reuse_dd = 1;
|
||||
else if ((s->enc_read_ctx =
|
||||
OPENSSL_malloc(sizeof(*s->enc_read_ctx))) == NULL)
|
||||
else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL)
|
||||
goto err;
|
||||
else
|
||||
/*
|
||||
* make sure it's intialized in case we exit later with an error
|
||||
*/
|
||||
EVP_CIPHER_CTX_init(s->enc_read_ctx);
|
||||
EVP_CIPHER_CTX_reset(s->enc_read_ctx);
|
||||
dd = s->enc_read_ctx;
|
||||
mac_ctx = ssl_replace_hash(&s->read_hash, NULL);
|
||||
if (mac_ctx == NULL)
|
||||
@ -405,7 +404,7 @@ int tls1_change_cipher_state(SSL *s, int which)
|
||||
}
|
||||
|
||||
if (reuse_dd)
|
||||
EVP_CIPHER_CTX_cleanup(dd);
|
||||
EVP_CIPHER_CTX_reset(dd);
|
||||
|
||||
p = s->s3->tmp.key_block;
|
||||
i = *mac_secret_size = s->s3->tmp.new_mac_secret_size;
|
||||
|
27
ssl/t1_lib.c
27
ssl/t1_lib.c
@ -3060,7 +3060,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
|
||||
int slen, mlen, renew_ticket = 0;
|
||||
unsigned char tick_hmac[EVP_MAX_MD_SIZE];
|
||||
HMAC_CTX *hctx = NULL;
|
||||
EVP_CIPHER_CTX ctx;
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
SSL_CTX *tctx = s->initial_ctx;
|
||||
/* Need at least keyname + iv + some encrypted data */
|
||||
if (eticklen < 48)
|
||||
@ -3069,11 +3069,11 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
|
||||
hctx = HMAC_CTX_new();
|
||||
if (hctx == NULL)
|
||||
return -2;
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
if (tctx->tlsext_ticket_key_cb) {
|
||||
unsigned char *nctick = (unsigned char *)etick;
|
||||
int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
|
||||
&ctx, hctx, 0);
|
||||
ctx, hctx, 0);
|
||||
if (rv < 0)
|
||||
return -1;
|
||||
if (rv == 0)
|
||||
@ -3086,7 +3086,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
|
||||
return 2;
|
||||
if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16,
|
||||
EVP_sha256(), NULL) <= 0
|
||||
|| EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
|
||||
|| EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
|
||||
tctx->tlsext_tick_aes_key,
|
||||
etick + 16) <= 0) {
|
||||
goto err;
|
||||
@ -3108,26 +3108,27 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
|
||||
}
|
||||
HMAC_CTX_free(hctx);
|
||||
if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) {
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
return 2;
|
||||
}
|
||||
/* Attempt to decrypt session data */
|
||||
/* Move p after IV to start of encrypted ticket, update length */
|
||||
p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
|
||||
eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
|
||||
p = etick + 16 + EVP_CIPHER_CTX_iv_length(ctx);
|
||||
eticklen -= 16 + EVP_CIPHER_CTX_iv_length(ctx);
|
||||
sdec = OPENSSL_malloc(eticklen);
|
||||
if (sdec == NULL
|
||||
|| EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) {
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
|| EVP_DecryptUpdate(ctx, sdec, &slen, p, eticklen) <= 0) {
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
return -1;
|
||||
}
|
||||
if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) {
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
if (EVP_DecryptFinal(ctx, sdec + slen, &mlen) <= 0) {
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
OPENSSL_free(sdec);
|
||||
return 2;
|
||||
}
|
||||
slen += mlen;
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
ctx = NULL;
|
||||
p = sdec;
|
||||
|
||||
sess = d2i_SSL_SESSION(NULL, &p, slen);
|
||||
@ -3154,7 +3155,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
|
||||
*/
|
||||
return 2;
|
||||
err:
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
HMAC_CTX_free(hctx);
|
||||
return -1;
|
||||
}
|
||||
|
@ -1208,7 +1208,7 @@ int main(int argc, char *argv[])
|
||||
int ignore = 0;
|
||||
ENGINE *impl = NULL;
|
||||
EVP_MD_CTX *mctx;
|
||||
EVP_CIPHER_CTX ectx;
|
||||
EVP_CIPHER_CTX *ectx;
|
||||
EVP_PKEY *mac_key;
|
||||
byte bDerive[EVP_MAX_KEY_LENGTH];
|
||||
byte bTest[G89_MAX_TC_LEN];
|
||||
@ -1357,11 +1357,11 @@ int main(int argc, char *argv[])
|
||||
}
|
||||
ctype = cp_g89cnt;
|
||||
engine_cipher_check:
|
||||
EVP_CIPHER_CTX_init(&ectx);
|
||||
EVP_EncryptInit_ex(&ectx, ctype, impl, bDerive, tcs[t].bIV);
|
||||
ectx = EVP_CIPHER_CTX_new();
|
||||
EVP_EncryptInit_ex(ectx, ctype, impl, bDerive, tcs[t].bIV);
|
||||
if (G89_MAX_TC_LEN >= tcs[t].ullLen) {
|
||||
enlu = sizeof(bTest);
|
||||
EVP_EncryptUpdate(&ectx, bTest, &enlu,
|
||||
EVP_EncryptUpdate(ectx, bTest, &enlu,
|
||||
tcs[t].bIn, (int)tcs[t].ullLen);
|
||||
l = (size_t)tcs[t].ullLen;
|
||||
} else {
|
||||
@ -1370,18 +1370,18 @@ int main(int argc, char *argv[])
|
||||
printf("B");
|
||||
fflush(NULL);
|
||||
enlu = sizeof(bTS);
|
||||
EVP_EncryptUpdate(&ectx, bTS, &enlu, bZB, sizeof(bZB));
|
||||
EVP_EncryptUpdate(ectx, bTS, &enlu, bZB, sizeof(bZB));
|
||||
}
|
||||
printf("b" FMT64 "/" FMT64, ullLeft, tcs[t].ullLen);
|
||||
fflush(NULL);
|
||||
EVP_EncryptUpdate(&ectx, bTS, &enlu, bZB, (int)ullLeft);
|
||||
EVP_EncryptUpdate(ectx, bTS, &enlu, bZB, (int)ullLeft);
|
||||
memcpy(bTest, &bTS[enlu - 16], 16);
|
||||
enlu = (int)tcs[t].ullLen;
|
||||
l = 16;
|
||||
}
|
||||
enlf = sizeof(bTest1);
|
||||
EVP_EncryptFinal_ex(&ectx, bTest1, &enlf);
|
||||
EVP_CIPHER_CTX_cleanup(&ectx);
|
||||
EVP_EncryptFinal_ex(ectx, bTest1, &enlf);
|
||||
EVP_CIPHER_CTX_free(ectx);
|
||||
break;
|
||||
case G89_IMIT:
|
||||
if (0 != strcmp("id-Gost28147-89-CryptoPro-A-ParamSet",
|
||||
|
Loading…
x
Reference in New Issue
Block a user