void Context::initECDH(const std::string& curve)
{
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
#ifndef OPENSSL_NO_ECDH
int nid = 0;
if (!curve.empty())
{
nid = OBJ_sn2nid(curve.c_str());
}
else
{
nid = OBJ_sn2nid("prime256v1");
}
if (nid == 0)
{
throw SSLContextException("Unknown ECDH curve name", curve);
}
EC_KEY* ecdh = EC_KEY_new_by_curve_name(nid);
if (!ecdh)
{
throw SSLContextException("Cannot create ECDH curve");
}
SSL_CTX_set_tmp_ecdh(_pSSLContext, ecdh);
SSL_CTX_set_options(_pSSLContext, SSL_OP_SINGLE_ECDH_USE);
EC_KEY_free(ecdh);
#endif
#endif
}
void
ssl_set_ecdh_curve(SSL_CTX *ctx, const char *curve)
{
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
#ifndef OPENSSL_NO_ECDH
int nid;
EC_KEY *ecdh;
if (curve == NULL)
curve = SSL_ECDH_CURVE;
if ((nid = OBJ_sn2nid(curve)) == 0) {
ssl_error("ssl_set_ecdh_curve");
fatal("ssl_set_ecdh_curve: unknown curve name %s", curve);
}
if ((ecdh = EC_KEY_new_by_curve_name(nid)) == NULL) {
ssl_error("ssl_set_ecdh_curve");
fatal("ssl_set_ecdh_curve: unable to create curve %s", curve);
}
SSL_CTX_set_tmp_ecdh(ctx, ecdh);
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
EC_KEY_free(ecdh);
#endif
#endif
}
int
tls_config_set_ecdhecurves(struct tls_config *config, const char *curves)
{
int *curves_list = NULL, *curves_new;
size_t curves_num = 0;
char *cs = NULL;
char *p, *q;
int rv = -1;
int nid;
free(config->ecdhecurves);
config->ecdhecurves = NULL;
config->ecdhecurves_len = 0;
if (curves == NULL || strcasecmp(curves, "default") == 0)
curves = TLS_ECDHE_CURVES;
if ((cs = strdup(curves)) == NULL) {
tls_config_set_errorx(config, "out of memory");
goto err;
}
q = cs;
while ((p = strsep(&q, ",:")) != NULL) {
while (*p == ' ' || *p == '\t')
p++;
nid = OBJ_sn2nid(p);
if (nid == NID_undef)
nid = OBJ_ln2nid(p);
if (nid == NID_undef)
nid = EC_curve_nist2nid(p);
if (nid == NID_undef) {
tls_config_set_errorx(config,
"invalid ecdhe curve '%s'", p);
goto err;
}
if ((curves_new = reallocarray(curves_list, curves_num + 1,
sizeof(int))) == NULL) {
tls_config_set_errorx(config, "out of memory");
goto err;
}
curves_list = curves_new;
curves_list[curves_num] = nid;
curves_num++;
}
config->ecdhecurves = curves_list;
config->ecdhecurves_len = curves_num;
curves_list = NULL;
rv = 0;
err:
free(cs);
free(curves_list);
return (rv);
}
static void *construct_method(const char *algorithm_name,
const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov,
void *data)
{
struct method_data_st *methdata = data;
void *method = NULL;
int nid = OBJ_sn2nid(algorithm_name);
if (nid == NID_undef) {
/* Create a new NID for that name on the fly */
ASN1_OBJECT tmpobj;
/* This is the same as OBJ_create() but without requiring a OID */
tmpobj.nid = OBJ_new_nid(1);
tmpobj.sn = tmpobj.ln = methdata->name;
tmpobj.flags = ASN1_OBJECT_FLAG_DYNAMIC;
tmpobj.length = 0;
tmpobj.data = NULL;
nid = OBJ_add_object(&tmpobj);
}
if (nid == NID_undef)
return NULL;
method = methdata->method_from_dispatch(nid, fns, prov);
if (method == NULL)
return NULL;
return method;
}
/*
* keytype_from_text returns OpenSSL NID for digest by name, and
* optionally the associated digest length.
*
* Used by ntpd authreadkeys(), ntpq keytype()
*/
int
keytype_from_text(
const char *text,
size_t *pdigest_len
)
{
int key_type;
u_int digest_len;
#ifdef HAVE_OPENSSL
const u_long max_digest_len = MAX_MAC_LEN - sizeof(keyid_t);
uint8_t digest[EVP_MAX_MD_SIZE];
char * upcased;
char * pch;
EVP_MD_CTX ctx;
/*
* OpenSSL digest short names are capitalized, so uppercase the
* digest name before passing to OBJ_sn2nid(). If it is not
* recognized but begins with 'M' use NID_md5 to be consistent
* with past behavior.
*/
INIT_SSL();
LIB_GETBUF(upcased);
strlcpy(upcased, text, LIB_BUFLENGTH);
for (pch = upcased; '\0' != *pch; pch++)
*pch = (char)toupper((unsigned char)*pch);
key_type = OBJ_sn2nid(upcased);
#else
key_type = 0;
#endif
if (!key_type && 'm' == tolower((unsigned char)text[0]))
key_type = NID_md5;
if (!key_type)
return 0;
if (NULL != pdigest_len) {
#ifdef HAVE_OPENSSL
EVP_DigestInit(&ctx, EVP_get_digestbynid(key_type));
EVP_DigestFinal(&ctx, digest, &digest_len);
if (digest_len > max_digest_len) {
fprintf(stderr,
"key type %s %u octet digests are too big, max %lu\n",
keytype_name(key_type), digest_len,
max_digest_len);
msyslog(LOG_ERR,
"key type %s %u octet digests are too big, max %lu",
keytype_name(key_type), digest_len,
max_digest_len);
return 0;
}
#else
digest_len = 16;
#endif
*pdigest_len = digest_len;
}
return key_type;
}
blob WSService::pubkey_from_cert(X509* x509) {
std::runtime_error e("Certificate error");
EC_GROUP* ec_group = EC_GROUP_new_by_curve_name(OBJ_sn2nid("prime256v1"));
BN_CTX* bn_ctx = BN_CTX_new();
std::vector<uint8_t> raw_public(33);
try {
if(ec_group == NULL || bn_ctx == NULL) throw e;
EVP_PKEY* remote_pkey = X509_get_pubkey(x509); if(remote_pkey == NULL) throw e;
EC_KEY* remote_eckey = EVP_PKEY_get1_EC_KEY(remote_pkey); if(remote_eckey == NULL) throw e;
const EC_POINT* remote_pubkey = EC_KEY_get0_public_key(remote_eckey); if(remote_pubkey == NULL) throw e;
EC_POINT_point2oct(ec_group, remote_pubkey, POINT_CONVERSION_COMPRESSED, raw_public.data(), raw_public.size(), bn_ctx);
}catch(...){
BN_CTX_free(bn_ctx); EC_GROUP_free(ec_group);
bn_ctx = NULL; ec_group = NULL;
throw;
}
BN_CTX_free(bn_ctx); EC_GROUP_free(ec_group);
return raw_public;
}
/* ECDH temporary parameters */
static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
{
int rv = 1;
EC_KEY *ecdh;
int nid;
/* Ignore values supported by 1.0.2 for the automatic selection */
if ((cctx->flags & SSL_CONF_FLAG_FILE) &&
strcasecmp(value, "+automatic") == 0)
return 1;
if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) &&
strcmp(value, "auto") == 0)
return 1;
nid = EC_curve_nist2nid(value);
if (nid == NID_undef)
nid = OBJ_sn2nid(value);
if (nid == 0)
return 0;
ecdh = EC_KEY_new_by_curve_name(nid);
if (!ecdh)
return 0;
if (cctx->ctx)
rv = SSL_CTX_set_tmp_ecdh(cctx->ctx, ecdh);
else if (cctx->ssl)
rv = SSL_set_tmp_ecdh(cctx->ssl, ecdh);
EC_KEY_free(ecdh);
return rv > 0;
}
static int swSSL_set_ecdh_curve(SSL_CTX* ssl_context)
{
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh;
/*
* Elliptic-Curve Diffie-Hellman parameters are either "named curves"
* from RFC 4492 section 5.1.1, or explicitly described curves over
* binary fields. OpenSSL only supports the "named curves", which provide
* maximum interoperability.
*/
int nid = OBJ_sn2nid(SW_SSL_ECDH_CURVE);
if (nid == 0)
{
swWarn("Unknown curve name \"%s\"", SW_SSL_ECDH_CURVE);
return SW_ERR;
}
ecdh = EC_KEY_new_by_curve_name(nid);
if (ecdh == NULL)
{
swWarn("Unable to create curve \"%s\"", SW_SSL_ECDH_CURVE);
return SW_ERR;
}
SSL_CTX_set_options(ssl_context, SSL_OP_SINGLE_ECDH_USE);
SSL_CTX_set_tmp_ecdh(ssl_context, ecdh);
EC_KEY_free(ecdh);
#endif
#endif
return SW_OK;
}
void SSLContext::setServerECCurve(const std::string& curveName) {
bool validCall = false;
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
#ifndef OPENSSL_NO_ECDH
validCall = true;
#endif
#endif
if (!validCall) {
throw std::runtime_error("Elliptic curve encryption not allowed");
}
EC_KEY* ecdh = nullptr;
int nid;
/*
* Elliptic-Curve Diffie-Hellman parameters are either "named curves"
* from RFC 4492 section 5.1.1, or explicitly described curves over
* binary fields. OpenSSL only supports the "named curves", which provide
* maximum interoperability.
*/
nid = OBJ_sn2nid(curveName.c_str());
if (nid == 0) {
LOG(FATAL) << "Unknown curve name:" << curveName.c_str();
return;
}
ecdh = EC_KEY_new_by_curve_name(nid);
if (ecdh == nullptr) {
LOG(FATAL) << "Unable to create curve:" << curveName.c_str();
return;
}
SSL_CTX_set_tmp_ecdh(ctx_, ecdh);
EC_KEY_free(ecdh);
}
static int tls_init_ecdh_curve(void)
{
#ifdef SSL_CTRL_SET_ECDH_AUTO
SSL_CTX_ctrl(tls_ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL);
return 0;
#else
# ifndef SSL_OP_SINGLE_ECDH_USE
errno = ENOTSUP;
return -1;
# else
const char *curve_name;
EC_KEY *curve;
int nid;
curve_name = TLS_DEFAULT_ECDH_CURVE;
if ((nid = OBJ_sn2nid(curve_name)) == NID_undef) {
logfile(LOG_INFO, "Curve [%s] not supported", curve_name);
errno = ENOTSUP;
return -1;
}
if ((curve = EC_KEY_new_by_curve_name(nid)) == NULL) {
logfile(LOG_INFO, "Curve [%s] is not usable", curve_name);
errno = ENOTSUP;
return -1;
}
SSL_CTX_set_options(tls_ctx, SSL_OP_SINGLE_ECDH_USE);
SSL_CTX_set_tmp_ecdh(tls_ctx, curve);
EC_KEY_free(curve);
return 0;
# endif
#endif
}
void ecies_test(void)
{
int r;
EC_GROUP *ec_group = NULL;
EC_KEY *ec_key = NULL;
ECIES_PARAMS params;
ECIES_PARAMS *param2 = NULL;
ECIES_CIPHERTEXT_VALUE *cv = NULL;
unsigned char buffer1[1024];
unsigned char buffer2[1024];
unsigned char buffer3[1024];
unsigned char *der = NULL;
int derlen;
unsigned char *p;
const unsigned char *cp;
ec_key = EC_KEY_new_by_curve_name(OBJ_sn2nid("secp192k1"));
OPENSSL_assert(ec_key);
r = EC_KEY_generate_key(ec_key);
assert(r);
/* set ECIESParameters */
params.kdf_md = EVP_sha1();
params.sym_cipher = EVP_aes_128_cbc();
params.mac_md = EVP_sha1();
derlen = i2d_ECIESParameters(¶ms, NULL);
printf("ECIESParameters DER length = %d\n", derlen);
memset(buffer1, 0, sizeof(buffer1));
strcpy((char *)buffer1, "hello");
cv = ECIES_do_encrypt(¶ms, buffer1, strlen(buffer1) + 1, ec_key);
assert(cv);
memset(buffer3, 0, sizeof(buffer3));
if (!ECIES_do_decrypt(cv, ¶ms, buffer3, &derlen, ec_key)) {
ERR_print_errors_fp(stderr);
return;
}
printf("decrypted plaintext length = %d\n", derlen);
printf("%s\n", buffer3);
derlen = i2d_ECIES_CIPHERTEXT_VALUE(cv, NULL);
printf("ECIES Test: ECIES_CIPHERTEXT_VALUE DER encoding length = %d\n", derlen);
der = OPENSSL_malloc(derlen);
assert(der);
p = der;
i2d_ECIES_CIPHERTEXT_VALUE(cv, &p);
ECIES_CIPHERTEXT_VALUE_free(cv);
cv = NULL;
cp = der;
cv = d2i_ECIES_CIPHERTEXT_VALUE(NULL, &cp, derlen);
assert(cv);
ecies_test_ECIESParameters();
}
/*
* Creates a new EC_KEY on the EC group obj. arg can be an EC::Group or a String
* representing an OID.
*/
static EC_KEY *
ec_key_new_from_group(VALUE arg)
{
EC_KEY *ec;
if (rb_obj_is_kind_of(arg, cEC_GROUP)) {
EC_GROUP *group;
SafeRequire_EC_GROUP(arg, group);
if (!(ec = EC_KEY_new()))
ossl_raise(eECError, NULL);
if (!EC_KEY_set_group(ec, group)) {
EC_KEY_free(ec);
ossl_raise(eECError, NULL);
}
} else {
int nid = OBJ_sn2nid(StringValueCStr(arg));
if (nid == NID_undef)
ossl_raise(eECError, "invalid curve name");
if (!(ec = EC_KEY_new_by_curve_name(nid)))
ossl_raise(eECError, NULL);
EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED);
}
return ec;
}
int ribs_ssl_set_options(SSL_CTX *ssl_ctx, char *cipher_list) {
/* bugs */
SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL); /* almost all bugs */
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2); /* disable SSLv2 per RFC 6176 */
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3); /* disable SSLv3. goodbye IE6 */
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION);
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
/* ciphers */
if (!cipher_list)
cipher_list = _HTTP_SERVER_SSL_CIPHERS;
SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
if (0 == SSL_CTX_set_cipher_list(ssl_ctx, cipher_list))
return LOGGER_ERROR("failed to initialize SSL:cipher_list"), -1;
/* DH 2048 bits */
SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_DH_USE);
DH *dh = DH_new();
dh->p = get_rfc3526_prime_2048(NULL);
BN_dec2bn(&dh->g, "2");
if (0 == SSL_CTX_set_tmp_dh(ssl_ctx, dh))
return LOGGER_ERROR("failed to initialize SSL:dh"), -1;
DH_free(dh);
/* Ecliptic Curve DH */
SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
EC_KEY *ecdh = EC_KEY_new_by_curve_name(OBJ_sn2nid("prime256v1"));
if (ecdh == NULL)
return LOGGER_ERROR("failed to initialize SSL:edch"), -1;
SSL_CTX_set_tmp_ecdh(ssl_ctx, ecdh);
EC_KEY_free(ecdh);
return 0;
}
static int
lws_context_ssl_init_ecdh_curve(struct lws_context_creation_info *info,
struct lws_vhost *vhost)
{
#ifdef LWS_HAVE_OPENSSL_ECDH_H
EC_KEY *ecdh;
int ecdh_nid;
const char *ecdh_curve = "prime256v1";
if (info->ecdh_curve)
ecdh_curve = info->ecdh_curve;
ecdh_nid = OBJ_sn2nid(ecdh_curve);
if (NID_undef == ecdh_nid) {
lwsl_err("SSL: Unknown curve name '%s'", ecdh_curve);
return 1;
}
ecdh = EC_KEY_new_by_curve_name(ecdh_nid);
if (NULL == ecdh) {
lwsl_err("SSL: Unable to create curve '%s'", ecdh_curve);
return 1;
}
SSL_CTX_set_tmp_ecdh(vhost->ssl_ctx, ecdh);
EC_KEY_free(ecdh);
SSL_CTX_set_options(vhost->ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
lwsl_notice(" SSL ECDH curve '%s'\n", ecdh_curve);
#else
lwsl_notice(" OpenSSL doesn't support ECDH\n");
#endif
return 0;
}
/*
* Set ECDH parameters for generating ephemeral Elliptic Curve DH
* keys. This is much simpler than the DH parameters, as we just
* need to provide the name of the curve to OpenSSL.
*/
static bool
initialize_ecdh(SSL_CTX *context, bool isServerStart)
{
#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh;
int nid;
nid = OBJ_sn2nid(SSLECDHCurve);
if (!nid)
{
ereport(isServerStart ? FATAL : LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("ECDH: unrecognized curve name: %s", SSLECDHCurve)));
return false;
}
ecdh = EC_KEY_new_by_curve_name(nid);
if (!ecdh)
{
ereport(isServerStart ? FATAL : LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("ECDH: could not create key")));
return false;
}
SSL_CTX_set_options(context, SSL_OP_SINGLE_ECDH_USE);
SSL_CTX_set_tmp_ecdh(context, ecdh);
EC_KEY_free(ecdh);
#endif
return true;
}
CAMLprim value ocaml_ssl_ctx_init_ec_from_named_curve(value context, value curve_name)
{
CAMLparam2(context, curve_name);
EC_KEY *ecdh = NULL;
int nid = 0;
SSL_CTX *ctx = Ctx_val(context);
char *ec_curve_name = String_val(curve_name);
if(*ec_curve_name == 0)
caml_raise_constant(*caml_named_value("ssl_exn_ec_curve_error"));
nid = OBJ_sn2nid(ec_curve_name);
if(nid == 0){
caml_raise_constant(*caml_named_value("ssl_exn_ec_curve_error"));
}
caml_enter_blocking_section();
ecdh = EC_KEY_new_by_curve_name(nid);
if(ecdh != NULL){
if(SSL_CTX_set_tmp_ecdh(ctx,ecdh) != 1){
caml_leave_blocking_section();
caml_raise_constant(*caml_named_value("ssl_exn_ec_curve_error"));
}
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
caml_leave_blocking_section();
EC_KEY_free(ecdh);
}
else{
caml_leave_blocking_section();
caml_raise_constant(*caml_named_value("ssl_exn_ec_curve_error"));
}
CAMLreturn(Val_unit);
}
static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx,
const char *type, const char *value)
{
if (strcmp(type, "ec_paramgen_curve") == 0) {
int nid;
nid = EC_curve_nist2nid(value);
if (nid == NID_undef)
nid = OBJ_sn2nid(value);
if (nid == NID_undef)
nid = OBJ_ln2nid(value);
if (nid == NID_undef) {
ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE);
return 0;
}
return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
#ifndef OPENSSL_NO_SM2
} else if (!strcmp(type, "ec_scheme")) {
int scheme;
if (!strcmp(value, "secg"))
scheme = NID_secg_scheme;
else if (!strcmp(value, "sm2"))
scheme = NID_sm_scheme;
else
return -2;
return EVP_PKEY_CTX_set_ec_scheme(ctx, scheme);
} else if (!strcmp(type, "signer_id")) {
return EVP_PKEY_CTX_set_signer_id(ctx, value);
} else if (!strcmp(type, "ec_encrypt_param")) {
int encrypt_param;
if (!(encrypt_param = OBJ_txt2nid(value))) {
ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_EC_ENCRYPT_PARAM);
return 0;
}
return EVP_PKEY_CTX_set_ec_encrypt_param(ctx, encrypt_param);
#endif
} else if (strcmp(type, "ec_param_enc") == 0) {
int param_enc;
if (strcmp(value, "explicit") == 0)
param_enc = 0;
else if (strcmp(value, "named_curve") == 0)
param_enc = OPENSSL_EC_NAMED_CURVE;
else
return -2;
return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc);
} else if (strcmp(type, "ecdh_kdf_md") == 0) {
const EVP_MD *md;
if ((md = EVP_get_digestbyname(value)) == NULL) {
ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_DIGEST);
return 0;
}
return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md);
} else if (strcmp(type, "ecdh_cofactor_mode") == 0) {
int co_mode;
co_mode = atoi(value);
return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, co_mode);
}
return -2;
}
/* ECDH temporary parameters */
static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
{
int onoff = -1, rv = 1;
if (!(cctx->flags & SSL_CONF_FLAG_SERVER))
return -2;
if (cctx->flags & SSL_CONF_FLAG_FILE)
{
if (*value == '+')
{
onoff = 1;
value++;
}
if (*value == '-')
{
onoff = 0;
value++;
}
if (!strcasecmp(value, "automatic"))
{
if (onoff == -1)
onoff = 1;
}
else if (onoff != -1)
return 0;
}
else if (cctx->flags & SSL_CONF_FLAG_CMDLINE)
{
if (!strcmp(value, "auto"))
onoff = 1;
}
if (onoff != -1)
{
if (cctx->ctx)
rv = SSL_CTX_set_ecdh_auto(cctx->ctx, onoff);
else if (cctx->ssl)
rv = SSL_set_ecdh_auto(cctx->ssl, onoff);
}
else
{
EC_KEY *ecdh;
int nid;
nid = EC_curve_nist2nid(value);
if (nid == NID_undef)
nid = OBJ_sn2nid(value);
if (nid == 0)
return 0;
ecdh = EC_KEY_new_by_curve_name(nid);
if (!ecdh)
return 0;
if (cctx->ctx)
rv = SSL_CTX_set_tmp_ecdh(cctx->ctx, ecdh);
else if (cctx->ssl)
rv = SSL_set_tmp_ecdh(cctx->ssl, ecdh);
EC_KEY_free(ecdh);
}
return rv > 0;
}
int setQatSmallPacketThreshold(unsigned char *cipher_name, int threshold)
{
if(threshold < 0)
threshold = 0;
else if (threshold > 16384)
threshold = 16384;
return qat_pkt_threshold_table_set_threshold(OBJ_sn2nid(cipher_name),threshold);
}
int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
{
int o;
const EVP_CIPHER *enc=NULL;
char *p,c;
char **header_pp = &header;
cipher->cipher=NULL;
if ((header == NULL) || (*header == '\0') || (*header == '\n'))
return(1);
if (strncmp(header,"Proc-Type: ",11) != 0)
{ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_PROC_TYPE); return(0); }
header+=11;
if (*header != '4') return(0); header++;
if (*header != ',') return(0); header++;
if (strncmp(header,"ENCRYPTED",9) != 0)
{ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_ENCRYPTED); return(0); }
for (; (*header != '\n') && (*header != '\0'); header++)
;
if (*header == '\0')
{ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_SHORT_HEADER); return(0); }
header++;
if (strncmp(header,"DEK-Info: ",10) != 0)
{ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_DEK_INFO); return(0); }
header+=10;
p=header;
for (;;)
{
c= *header;
#ifndef CHARSET_EBCDIC
if (!( ((c >= 'A') && (c <= 'Z')) || (c == '-') ||
((c >= '0') && (c <= '9'))))
break;
#else
if (!( isupper(c) || (c == '-') ||
isdigit(c)))
break;
#endif
header++;
}
*header='\0';
o=OBJ_sn2nid(p);
cipher->cipher=enc=EVP_get_cipherbyname(p);
*header=c;
header++;
if (enc == NULL)
{
PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);
return(0);
}
if (!load_iv(header_pp,&(cipher->iv[0]),enc->iv_len))
return(0);
return(1);
}
static int do_tcreate(const char *value, const char *name)
{
char *eptr;
int nid, i, rv = 0;
long tbl_min = -1, tbl_max = -1;
unsigned long tbl_mask = 0, tbl_flags = 0;
STACK_OF(CONF_VALUE) *lst = NULL;
CONF_VALUE *cnf = NULL;
nid = OBJ_sn2nid(name);
if (nid == NID_undef)
nid = OBJ_ln2nid(name);
if (nid == NID_undef)
goto err;
lst = X509V3_parse_list(value);
if (!lst)
goto err;
for (i = 0; i < sk_CONF_VALUE_num(lst); i++) {
cnf = sk_CONF_VALUE_value(lst, i);
if (strcmp(cnf->name, "min") == 0) {
tbl_min = strtoul(cnf->value, &eptr, 0);
if (*eptr)
goto err;
} else if (strcmp(cnf->name, "max") == 0) {
tbl_max = strtoul(cnf->value, &eptr, 0);
if (*eptr)
goto err;
} else if (strcmp(cnf->name, "mask") == 0) {
if (!ASN1_str2mask(cnf->value, &tbl_mask) || !tbl_mask)
goto err;
} else if (strcmp(cnf->name, "flags") == 0) {
if (strcmp(cnf->value, "nomask") == 0)
tbl_flags = STABLE_NO_MASK;
else if (strcmp(cnf->value, "none") == 0)
tbl_flags = STABLE_FLAGS_CLEAR;
else
goto err;
} else
goto err;
}
rv = 1;
err:
if (rv == 0) {
ASN1err(ASN1_F_DO_TCREATE, ASN1_R_INVALID_STRING_TABLE_VALUE);
if (cnf)
ERR_add_error_data(4, "field=", cnf->name,
", value=", cnf->value);
else
ERR_add_error_data(4, "name=", name, ", value=", value);
} else {
rv = ASN1_STRING_TABLE_add(nid, tbl_min, tbl_max,
tbl_mask, tbl_flags);
if (!rv)
ASN1err(ASN1_F_DO_TCREATE, ERR_R_MALLOC_FAILURE);
}
sk_CONF_VALUE_pop_free(lst, X509V3_conf_free);
return rv;
}
/*
* Load an Elliptic Curve by name. If curvename is NULL, a default curve is
* loaded.
*/
EC_KEY *
ssl_ec_by_name(const char *curvename)
{
int nid;
if (!curvename)
curvename = SSL_EC_KEY_CURVE_DEFAULT;
if ((nid = OBJ_sn2nid(curvename)) == NID_undef) {
return NULL;
}
return EC_KEY_new_by_curve_name(nid);
}
__owur static int parse_expected_sign_hash(int *ptype, const char *value)
{
int nid;
if (value == NULL)
return 0;
nid = OBJ_sn2nid(value);
if (nid == NID_undef)
nid = OBJ_ln2nid(value);
if (nid == NID_undef)
return 0;
*ptype = nid;
return 1;
}
PKI_OID *PKI_OID_new( char *oid, char *name, char *descr ) {
PKI_OID *ret = NULL;
int nid = NID_undef;
if( !oid && !name && !descr ) return NULL;
/* Check if the object already exists */
if( ((nid = OBJ_sn2nid(name)) != NID_undef) ||
((nid = OBJ_ln2nid(name)) != NID_undef) )
ret = OBJ_nid2obj(nid);
if(!ret) {
/* If it does not exists, then create it */
(void) OBJ_create( oid, name, descr );
if( ((nid = OBJ_sn2nid(name)) != NID_undef) ||
((nid = OBJ_ln2nid(name)) != NID_undef) )
ret = OBJ_nid2obj(nid);
}
/* If successful it returns the new Object, otherwise it
return NULL */
return ( ret );
}
extern "C" const ASN1_OBJECT* GetObjectDefinitionByName(const char* friendlyName)
{
int nid = OBJ_ln2nid(friendlyName);
if (nid == NID_undef)
{
nid = OBJ_sn2nid(friendlyName);
}
if (nid == NID_undef)
{
return nullptr;
}
return OBJ_nid2obj(nid);
}
/* char *value: Value */
X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
char *value)
{
int crit;
int ext_type;
X509_EXTENSION *ret;
crit = v3_check_critical(&value);
if ((ext_type = v3_check_generic(&value)))
return v3_generic_extension(name, value, crit, ext_type, ctx);
ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
if (!ret) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_ERROR_IN_EXTENSION);
ERR_add_error_data(4, "name=", name, ", value=", value);
}
return ret;
}
const ASN1_OBJECT* CryptoNative_GetObjectDefinitionByName(const char* friendlyName)
{
int nid = OBJ_ln2nid(friendlyName);
if (nid == NID_undef)
{
nid = OBJ_sn2nid(friendlyName);
}
if (nid == NID_undef)
{
return NULL;
}
return OBJ_nid2obj(nid);
}
int
tls1_set_groups_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
const char *groups)
{
uint16_t *new_group_ids, *group_ids = NULL;
size_t ngroups = 0;
char *gs, *p, *q;
int nid;
if ((gs = strdup(groups)) == NULL)
return 0;
q = gs;
while ((p = strsep(&q, ":")) != NULL) {
nid = OBJ_sn2nid(p);
if (nid == NID_undef)
nid = OBJ_ln2nid(p);
if (nid == NID_undef)
nid = EC_curve_nist2nid(p);
if (nid == NID_undef)
goto err;
if ((new_group_ids = reallocarray(group_ids, ngroups + 1,
sizeof(uint16_t))) == NULL)
goto err;
group_ids = new_group_ids;
group_ids[ngroups] = tls1_ec_nid2curve_id(nid);
if (group_ids[ngroups] == 0)
goto err;
ngroups++;
}
free(gs);
free(*out_group_ids);
*out_group_ids = group_ids;
*out_group_ids_len = ngroups;
return 1;
err:
free(gs);
free(group_ids);
return 0;
}
static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx,
const char *type, const char *value)
{
if (!strcmp(type, "ec_paramgen_curve"))
{
int nid;
nid = OBJ_sn2nid(value);
if (nid == NID_undef)
nid = OBJ_ln2nid(value);
if (nid == NID_undef)
{
ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE);
return 0;
}
return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
}
return -2;
}
/* char *value: Value */
X509_EXTENSION *
X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value)
{
int crit;
int ext_type;
X509_EXTENSION *ret;
crit = v3_check_critical(&value);
if ((ext_type = v3_check_generic(&value)))
return v3_generic_extension(name, value, crit, ext_type, ctx);
ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
if (!ret) {
X509V3err(X509V3_F_X509V3_EXT_NCONF,
X509V3_R_ERROR_IN_EXTENSION);
ERR_asprintf_error_data("name=%s, value=%s", name, value);
}
return ret;
}
