int
px_find_digest(const char *name, PX_MD ** res)
{
const EVP_MD *md;
EVP_MD_CTX *ctx;
PX_MD *h;
if (!px_openssl_initialized)
{
px_openssl_initialized = 1;
OpenSSL_add_all_algorithms();
}
md = EVP_get_digestbyname(name);
if (md == NULL)
return PXE_NO_HASH;
ctx = px_alloc(sizeof(*ctx));
EVP_DigestInit(ctx, md);
h = px_alloc(sizeof(*h));
h->result_size = digest_result_size;
h->block_size = digest_block_size;
h->reset = digest_reset;
h->update = digest_update;
h->finish = digest_finish;
h->free = digest_free;
h->p.ptr = (void *) ctx;
*res = h;
return 0;
}
int
px_find_combo(const char *name, PX_Combo **res)
{
int err;
char *buf,
*s_cipher,
*s_pad;
PX_Combo *cx;
cx = px_alloc(sizeof(*cx));
memset(cx, 0, sizeof(*cx));
buf = px_alloc(strlen(name) + 1);
strcpy(buf, name);
err = parse_cipher_name(buf, &s_cipher, &s_pad);
if (err)
{
px_free(buf);
px_free(cx);
return err;
}
err = px_find_cipher(s_cipher, &cx->cipher);
if (err)
goto err1;
if (s_pad != NULL)
{
if (strcmp(s_pad, "pkcs") == 0)
cx->padding = 1;
else if (strcmp(s_pad, "none") == 0)
cx->padding = 0;
else
goto err1;
}
else
cx->padding = 1;
cx->init = combo_init;
cx->encrypt = combo_encrypt;
cx->decrypt = combo_decrypt;
cx->encrypt_len = combo_encrypt_len;
cx->decrypt_len = combo_decrypt_len;
cx->free = combo_free;
px_free(buf);
*res = cx;
return 0;
err1:
if (cx->cipher)
px_cipher_free(cx->cipher);
px_free(cx);
px_free(buf);
return PXE_NO_CIPHER;
}
int
px_find_cipher(const char *name, PX_Cipher **res)
{
const struct ossl_cipher_lookup *i;
PX_Cipher *c = NULL;
ossldata *od;
name = px_resolve_alias(ossl_aliases, name);
for (i = ossl_cipher_types; i->name; i++)
if (!strcmp(i->name, name))
break;
if (i->name == NULL)
return PXE_NO_CIPHER;
od = px_alloc(sizeof(*od));
memset(od, 0, sizeof(*od));
od->ciph = i->ciph;
c = px_alloc(sizeof(*c));
c->block_size = gen_ossl_block_size;
c->key_size = gen_ossl_key_size;
c->iv_size = gen_ossl_iv_size;
c->free = gen_ossl_free;
c->init = od->ciph->init;
c->encrypt = od->ciph->encrypt;
c->decrypt = od->ciph->decrypt;
c->ptr = od;
*res = c;
return 0;
}
int
px_find_digest(const char *name, PX_MD ** res)
{
PX_MD *h;
MHASH mh;
int i;
i = find_hashid(name);
if (i < 0)
return -1;
mh = mhash_init(i);
h = px_alloc(sizeof(*h));
h->p.ptr = (void *) mh;
h->result_size = digest_result_size;
h->block_size = digest_block_size;
h->reset = digest_reset;
h->update = digest_update;
h->finish = digest_finish;
h->free = digest_free;
*res = h;
return 0;
}
static int
compress_init(PushFilter *next, void *init_arg, void **priv_p)
{
int res;
struct ZipStat *st;
PGP_Context *ctx = init_arg;
uint8 type = ctx->compress_algo;
if (type != PGP_COMPR_ZLIB && type != PGP_COMPR_ZIP)
return PXE_PGP_UNSUPPORTED_COMPR;
/*
* init
*/
st = px_alloc(sizeof(*st));
memset(st, 0, sizeof(*st));
st->buf_len = ZIP_OUT_BUF;
st->stream.zalloc = z_alloc;
st->stream.zfree = z_free;
if (type == PGP_COMPR_ZIP)
res = deflateInit2(&st->stream, ctx->compress_level,
Z_DEFLATED, -15, 8, Z_DEFAULT_STRATEGY);
else
res = deflateInit(&st->stream, ctx->compress_level);
if (res != Z_OK)
{
px_free(st);
return PXE_PGP_COMPRESSION_ERROR;
}
*priv_p = st;
return ZIP_IN_BLOCK;
}
static int
decompress_init(void **priv_p, void *arg, PullFilter *src)
{
PGP_Context *ctx = arg;
struct DecomprData *dec;
int res;
if (ctx->compress_algo != PGP_COMPR_ZLIB
&& ctx->compress_algo != PGP_COMPR_ZIP)
return PXE_PGP_UNSUPPORTED_COMPR;
dec = px_alloc(sizeof(*dec));
memset(dec, 0, sizeof(*dec));
dec->buf_len = ZIP_OUT_BUF;
*priv_p = dec;
dec->stream.zalloc = z_alloc;
dec->stream.zfree = z_free;
if (ctx->compress_algo == PGP_COMPR_ZIP)
res = inflateInit2(&dec->stream, -15);
else
res = inflateInit(&dec->stream);
if (res != Z_OK)
{
px_free(dec);
px_debug("decompress_init: inflateInit error");
return PXE_PGP_COMPRESSION_ERROR;
}
return 0;
}
static void
hmac_init(PX_HMAC *h, const uint8 *key, unsigned klen)
{
unsigned bs,
hlen,
i;
uint8 *keybuf;
PX_MD *md = h->md;
bs = px_md_block_size(md);
hlen = px_md_result_size(md);
keybuf = px_alloc(bs);
memset(keybuf, 0, bs);
if (klen > bs)
{
px_md_update(md, key, klen);
px_md_finish(md, keybuf);
px_md_reset(md);
}
else
memcpy(keybuf, key, klen);
for (i = 0; i < bs; i++)
{
h->p.ipad[i] = keybuf[i] ^ HMAC_IPAD;
h->p.opad[i] = keybuf[i] ^ HMAC_OPAD;
}
memset(keybuf, 0, bs);
px_free(keybuf);
px_md_update(md, h->p.ipad, bs);
}
int
pgp_cfb_create(PGP_CFB **ctx_p, int algo, const uint8 *key, int key_len,
int resync, uint8 *iv)
{
int res;
PX_Cipher *ciph;
PGP_CFB *ctx;
res = pgp_load_cipher(algo, &ciph);
if (res < 0)
return res;
res = px_cipher_init(ciph, key, key_len, NULL);
if (res < 0)
{
px_cipher_free(ciph);
return res;
}
ctx = px_alloc(sizeof(*ctx));
memset(ctx, 0, sizeof(*ctx));
ctx->ciph = ciph;
ctx->block_size = px_cipher_block_size(ciph);
ctx->resync = resync;
if (iv)
memcpy(ctx->fr, iv, ctx->block_size);
*ctx_p = ctx;
return 0;
}
int
pgp_key_alloc(PGP_PubKey **pk_p)
{
PGP_PubKey *pk;
pk = px_alloc(sizeof(*pk));
memset(pk, 0, sizeof(*pk));
*pk_p = pk;
return 0;
}
MBuf *
mbuf_create(int len)
{
MBuf *mbuf;
if (!len)
len = 8192;
mbuf = px_alloc(sizeof *mbuf);
mbuf->data = px_alloc(len);
mbuf->buf_end = mbuf->data + len;
mbuf->data_end = mbuf->data;
mbuf->read_pos = mbuf->data;
mbuf->no_write = false;
mbuf->own_data = true;
return mbuf;
}
static int
combo_init(PX_Combo *cx, const uint8 *key, unsigned klen,
const uint8 *iv, unsigned ivlen)
{
int err;
unsigned bs,
ks,
ivs;
PX_Cipher *c = cx->cipher;
uint8 *ivbuf = NULL;
uint8 *keybuf;
bs = px_cipher_block_size(c);
ks = px_cipher_key_size(c);
ivs = px_cipher_iv_size(c);
if (ivs > 0)
{
ivbuf = px_alloc(ivs);
memset(ivbuf, 0, ivs);
if (ivlen > ivs)
memcpy(ivbuf, iv, ivs);
else
memcpy(ivbuf, iv, ivlen);
}
if (klen > ks)
klen = ks;
keybuf = px_alloc(ks);
memset(keybuf, 0, ks);
memcpy(keybuf, key, klen);
err = px_cipher_init(c, keybuf, klen, ivbuf);
if (ivbuf)
px_free(ivbuf);
px_free(keybuf);
return err;
}
int
pushf_create(PushFilter **mp_p, const PushFilterOps *op, void *init_arg, PushFilter *next)
{
PushFilter *mp;
void *priv;
int res;
if (op->init != NULL)
{
res = op->init(next, init_arg, &priv);
if (res < 0)
return res;
}
else
{
priv = init_arg;
res = 0;
}
mp = px_alloc(sizeof(*mp));
memset(mp, 0, sizeof(*mp));
mp->block_size = res;
mp->op = op;
mp->priv = priv;
mp->next = next;
if (mp->block_size > 0)
{
mp->buf = px_alloc(mp->block_size);
mp->pos = 0;
}
else
{
mp->buf = NULL;
mp->pos = 0;
}
*mp_p = mp;
return 0;
}
int
pullf_create(PullFilter **pf_p, const PullFilterOps *op, void *init_arg, PullFilter *src)
{
PullFilter *pf;
void *priv;
int res;
if (op->init != NULL)
{
res = op->init(&priv, init_arg, src);
if (res < 0)
return res;
}
else
{
priv = init_arg;
res = 0;
}
pf = px_alloc(sizeof(*pf));
memset(pf, 0, sizeof(*pf));
pf->buflen = res;
pf->op = op;
pf->priv = priv;
pf->src = src;
if (pf->buflen > 0)
{
pf->buf = px_alloc(pf->buflen);
pf->pos = 0;
}
else
{
pf->buf = NULL;
pf->pos = 0;
}
*pf_p = pf;
return 0;
}
static PX_Cipher *
bf_load(int mode)
{
PX_Cipher *c;
struct int_ctx *cx;
c = px_alloc(sizeof *c);
memset(c, 0, sizeof *c);
c->block_size = bf_block_size;
c->key_size = bf_key_size;
c->iv_size = bf_iv_size;
c->init = bf_init;
c->encrypt = bf_encrypt;
c->decrypt = bf_decrypt;
c->free = intctx_free;
cx = px_alloc(sizeof *cx);
memset(cx, 0, sizeof *cx);
cx->mode = mode;
c->ptr = cx;
return c;
}
int
px_find_hmac(const char *name, PX_HMAC **res)
{
int err;
PX_MD *md;
PX_HMAC *h;
unsigned bs;
err = px_find_digest(name, &md);
if (err)
return err;
bs = px_md_block_size(md);
if (bs < 2)
{
px_md_free(md);
return PXE_HASH_UNUSABLE_FOR_HMAC;
}
h = px_alloc(sizeof(*h));
h->p.ipad = px_alloc(bs);
h->p.opad = px_alloc(bs);
h->md = md;
h->result_size = hmac_result_size;
h->block_size = hmac_block_size;
h->reset = hmac_reset;
h->update = hmac_update;
h->finish = hmac_finish;
h->free = hmac_free;
h->init = hmac_init;
*res = h;
return 0;
}
int
px_find_digest(const char *name, PX_MD **res)
{
const EVP_MD *md;
PX_MD *h;
OSSLDigest *digest;
if (!px_openssl_initialized)
{
px_openssl_initialized = 1;
OpenSSL_add_all_algorithms();
}
md = EVP_get_digestbyname(name);
if (md == NULL)
return compat_find_digest(name, res);
digest = px_alloc(sizeof(*digest));
digest->algo = md;
EVP_MD_CTX_init(&digest->ctx);
if (EVP_DigestInit_ex(&digest->ctx, digest->algo, NULL) == 0)
return -1;
h = px_alloc(sizeof(*h));
h->result_size = digest_result_size;
h->block_size = digest_block_size;
h->reset = digest_reset;
h->update = digest_update;
h->finish = digest_finish;
h->free = digest_free;
h->p.ptr = (void *) digest;
*res = h;
return 0;
}
MBuf *
mbuf_create_from_data(uint8 *data, int len)
{
MBuf *mbuf;
mbuf = px_alloc(sizeof *mbuf);
mbuf->data = (uint8 *) data;
mbuf->buf_end = mbuf->data + len;
mbuf->data_end = mbuf->data + len;
mbuf->read_pos = mbuf->data;
mbuf->no_write = true;
mbuf->own_data = false;
return mbuf;
}
int
px_find_digest(const char *name, PX_MD **res)
{
const struct int_digest *p;
PX_MD *h;
for (p = int_digest_list; p->name; p++)
if (pg_strcasecmp(p->name, name) == 0)
{
h = px_alloc(sizeof(*h));
p->init(h);
*res = h;
return 0;
}
return PXE_NO_HASH;
}
int
pgp_mpi_alloc(int bits, PGP_MPI ** mpi)
{
PGP_MPI *n;
int len = (bits + 7) / 8;
if (bits < 0 || bits > 0xFFFF)
{
px_debug("pgp_mpi_alloc: unreasonable request: bits=%d", bits);
return PXE_PGP_CORRUPT_DATA;
}
n = px_alloc(sizeof(*n) + len);
n->bits = bits;
n->bytes = len;
n->data = (uint8 *) (n) + sizeof(*n);
*mpi = n;
return 0;
}
void
init_sha512(PX_MD *md)
{
SHA512_CTX *ctx;
ctx = px_alloc(sizeof(*ctx));
memset(ctx, 0, sizeof(*ctx));
md->p.ptr = ctx;
md->result_size = int_sha512_len;
md->block_size = int_sha512_block_len;
md->reset = int_sha512_reset;
md->update = int_sha512_update;
md->finish = int_sha512_finish;
md->free = int_sha512_free;
md->reset(md);
}
static void
init_md5(PX_MD *md)
{
MD5_CTX *ctx;
ctx = px_alloc(sizeof(*ctx));
memset(ctx, 0, sizeof(*ctx));
md->p.ptr = ctx;
md->result_size = int_md5_len;
md->block_size = int_md5_block_len;
md->reset = int_md5_reset;
md->update = int_md5_update;
md->finish = int_md5_finish;
md->free = int_md5_free;
md->reset(md);
}
static int
compat_find_digest(const char *name, PX_MD **res)
{
init_f init = NULL;
if (pg_strcasecmp(name, "sha224") == 0)
init = init_sha224;
else if (pg_strcasecmp(name, "sha256") == 0)
init = init_sha256;
else if (pg_strcasecmp(name, "sha384") == 0)
init = init_sha384;
else if (pg_strcasecmp(name, "sha512") == 0)
init = init_sha512;
else
return PXE_NO_HASH;
*res = px_alloc(sizeof(PX_MD));
init(*res);
return 0;
}
static int
mp_px_rand(uint32 bits, mpz_t *res)
{
unsigned bytes = (bits + 7) / 8;
int last_bits = bits & 7;
uint8 *buf;
buf = px_alloc(bytes);
if (!pg_strong_random(buf, bytes))
{
px_free(buf);
return PXE_NO_RANDOM;
}
/* clear unnecessary bits and set last bit to one */
if (last_bits)
{
buf[0] >>= 8 - last_bits;
buf[0] |= 1 << (last_bits - 1);
}
else
int
pgp_init(PGP_Context **ctx_p)
{
PGP_Context *ctx;
ctx = px_alloc(sizeof *ctx);
memset(ctx, 0, sizeof *ctx);
ctx->cipher_algo = def_cipher_algo;
ctx->s2k_cipher_algo = def_s2k_cipher_algo;
ctx->s2k_mode = def_s2k_mode;
ctx->s2k_digest_algo = def_s2k_digest_algo;
ctx->compress_algo = def_compress_algo;
ctx->compress_level = def_compress_level;
ctx->disable_mdc = def_disable_mdc;
ctx->use_sess_key = def_use_sess_key;
ctx->unicode_mode = def_unicode_mode;
ctx->convert_crlf = def_convert_crlf;
ctx->text_mode = def_text_mode;
*ctx_p = ctx;
return 0;
}
static int
mp_px_rand(uint32 bits, mpz_t *res)
{
int err;
unsigned bytes = (bits + 7) / 8;
int last_bits = bits & 7;
uint8 *buf;
buf = px_alloc(bytes);
err = px_get_random_bytes(buf, bytes);
if (err < 0)
{
px_free(buf);
return err;
}
/* clear unnecessary bits and set last bit to one */
if (last_bits)
{
buf[0] >>= 8 - last_bits;
buf[0] |= 1 << (last_bits - 1);
}
else
static void
hmac_finish(PX_HMAC *h, uint8 *dst)
{
PX_MD *md = h->md;
unsigned bs,
hlen;
uint8 *buf;
bs = px_md_block_size(md);
hlen = px_md_result_size(md);
buf = px_alloc(hlen);
px_md_finish(md, buf);
px_md_reset(md);
px_md_update(md, h->p.opad, bs);
px_md_update(md, buf, hlen);
px_md_finish(md, dst);
memset(buf, 0, hlen);
px_free(buf);
}
static void *
z_alloc(void *priv, unsigned n_items, unsigned item_len)
{
return px_alloc(n_items * item_len);
}
static int
combo_encrypt(PX_Combo *cx, const uint8 *data, unsigned dlen,
uint8 *res, unsigned *rlen)
{
int err = 0;
uint8 *bbuf;
unsigned bs,
bpos,
i,
pad;
PX_Cipher *c = cx->cipher;
bbuf = NULL;
bs = px_cipher_block_size(c);
/* encrypt */
if (bs > 1)
{
bbuf = px_alloc(bs * 4);
bpos = dlen % bs;
*rlen = dlen - bpos;
memcpy(bbuf, data + *rlen, bpos);
/* encrypt full-block data */
if (*rlen)
{
err = px_cipher_encrypt(c, data, *rlen, res);
if (err)
goto out;
}
/* bbuf has now bpos bytes of stuff */
if (cx->padding)
{
pad = bs - (bpos % bs);
for (i = 0; i < pad; i++)
bbuf[bpos++] = pad;
}
else if (bpos % bs)
{
/* ERROR? */
pad = bs - (bpos % bs);
for (i = 0; i < pad; i++)
bbuf[bpos++] = 0;
}
/* encrypt the rest - pad */
if (bpos)
{
err = px_cipher_encrypt(c, bbuf, bpos, res + *rlen);
*rlen += bpos;
}
}
else
{
/* stream cipher/mode - no pad needed */
err = px_cipher_encrypt(c, data, dlen, res);
if (err)
goto out;
*rlen = dlen;
}
out:
if (bbuf)
px_free(bbuf);
return err;
}
int
px_find_digest(const char *name, PX_MD **res)
{
const EVP_MD *md;
EVP_MD_CTX *ctx;
PX_MD *h;
OSSLDigest *digest;
if (!px_openssl_initialized)
{
px_openssl_initialized = 1;
OpenSSL_add_all_algorithms();
}
if (!resowner_callback_registered)
{
RegisterResourceReleaseCallback(digest_free_callback, NULL);
resowner_callback_registered = true;
}
md = EVP_get_digestbyname(name);
if (md == NULL)
return PXE_NO_HASH;
/*
* Create an OSSLDigest object, an OpenSSL MD object, and a PX_MD object.
* The order is crucial, to make sure we don't leak anything on
* out-of-memory or other error.
*/
digest = MemoryContextAlloc(TopMemoryContext, sizeof(*digest));
ctx = EVP_MD_CTX_create();
if (!ctx)
{
pfree(digest);
return -1;
}
if (EVP_DigestInit_ex(ctx, md, NULL) == 0)
{
pfree(digest);
return -1;
}
digest->algo = md;
digest->ctx = ctx;
digest->owner = CurrentResourceOwner;
digest->next = open_digests;
digest->prev = NULL;
open_digests = digest;
/* The PX_MD object is allocated in the current memory context. */
h = px_alloc(sizeof(*h));
h->result_size = digest_result_size;
h->block_size = digest_block_size;
h->reset = digest_reset;
h->update = digest_update;
h->finish = digest_finish;
h->free = digest_free;
h->p.ptr = (void *) digest;
*res = h;
return 0;
}