static int do_evp_enc_engine(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl) { if(impl) { if (!ENGINE_init(impl)) { EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR); return 0; } } else /* Ask if an ENGINE is reserved for this job */ impl = ENGINE_get_cipher_engine((*pcipher)->nid); if(impl) { /* There's an ENGINE for this job ... (apparently) */ const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid); if(!c) { /* One positive side-effect of US's export * control history, is that we should at least * be able to avoid using US mispellings of * "initialisation"? */ EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR); return 0; } /* We'll use the ENGINE's private cipher definition */ *pcipher = c; /* Store the ENGINE functional reference so we know * 'cipher' came from an ENGINE and we need to release * it when done. */ ctx->engine = impl; } else ctx->engine = NULL; return 1; }
EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8) { EVP_PKEY *pkey = NULL; const ASN1_OBJECT *algoid; char obj_tmp[80]; if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8)) return NULL; if ((pkey = EVP_PKEY_new()) == NULL) { EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); return NULL; } if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); i2t_ASN1_OBJECT(obj_tmp, 80, algoid); ERR_add_error_data(2, "TYPE=", obj_tmp); goto error; } if (pkey->ameth->priv_decode) { if (!pkey->ameth->priv_decode(pkey, p8)) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_PRIVATE_KEY_DECODE_ERROR); goto error; } } else { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_METHOD_NOT_SUPPORTED); goto error; } return pkey; error: EVP_PKEY_free(pkey); return NULL; }
int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey) { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; int i,ok=0,v; MS_STATIC EVP_MD_CTX tmp_ctx; for (i=0; i<4; i++) { v=ctx->digest->required_pkey_type[i]; if (v == 0) break; if (pkey->type == v) { ok=1; break; } } if (!ok) { EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE); return(-1); } EVP_MD_CTX_init(&tmp_ctx); EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); EVP_MD_CTX_cleanup(&tmp_ctx); if (ctx->digest->verify == NULL) { EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); return(0); } return(ctx->digest->verify(ctx->digest->type,m,m_len, sigbuf,siglen,pkey->pkey.ptr)); }
/* The subkey for Camellia is generated. */ static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { int ret; ret=Camellia_set_key(key, ctx->key_len * 8, ctx->cipher_data); if(ret < 0) { EVPerr(EVP_F_CAMELLIA_INIT_KEY,EVP_R_CAMELLIA_KEY_SETUP_FAILED); return 0; } return 1; }
static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey, int ver) { if (ctx->pctx == NULL) ctx->pctx = EVP_PKEY_CTX_new(pkey, e); if (ctx->pctx == NULL) return 0; if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) { if (type == NULL) { int def_nid; if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0) type = EVP_get_digestbynid(def_nid); } if (type == NULL) { EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST); return 0; } } if (ver) { if (ctx->pctx->pmeth->verifyctx_init) { if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0) return 0; ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX; } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) return 0; } else { if (ctx->pctx->pmeth->signctx_init) { if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0) { return 0; } ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX; } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) return 0; } if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0) return 0; if (pctx) *pctx = ctx->pctx; if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) return 1; if (!EVP_DigestInit_ex(ctx, type, e)) return 0; return 1; }
int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx) { int ret; if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) { EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } ctx->operation = EVP_PKEY_OP_VERIFYRECOVER; if (!ctx->pmeth->verify_recover_init) return 1; ret = ctx->pmeth->verify_recover_init(ctx); if (ret <= 0) ctx->operation = EVP_PKEY_OP_UNDEFINED; return ret; }
int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx) { int ret; if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) { EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } ctx->operation = EVP_PKEY_OP_DECRYPT; if (!ctx->pmeth->decrypt_init) return 1; ret = ctx->pmeth->decrypt_init(ctx); if (ret <= 0) ctx->operation = EVP_PKEY_OP_UNDEFINED; return ret; }
int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx) { int ret; if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) { EVPerr(EVP_F_EVP_PKEY_SIGN_INIT, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } ctx->operation = EVP_PKEY_OP_SIGN; if (!ctx->pmeth->sign_init) return 1; ret = ctx->pmeth->sign_init(ctx); if (ret <= 0) ctx->operation = EVP_PKEY_OP_UNDEFINED; return ret; }
int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, EVP_PBE_KEYGEN *keygen) { EVP_PBE_CTL *pbe_tmp; if (!pbe_algs) pbe_algs = sk_new(pbe_cmp); if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) { EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE); return 0; } pbe_tmp->pbe_nid = nid; pbe_tmp->cipher = cipher; pbe_tmp->md = md; pbe_tmp->keygen = keygen; sk_push (pbe_algs, (char *)pbe_tmp); return 1; }
int EVP_PKEY_encrypt_old (unsigned char *ek, const unsigned char *key, int key_len, EVP_PKEY * pubk) { int ret = 0; #ifndef OPENSSL_NO_RSA if (pubk->type != EVP_PKEY_RSA) { #endif EVPerr (EVP_F_EVP_PKEY_ENCRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA); #ifndef OPENSSL_NO_RSA goto err; } ret = RSA_public_encrypt (key_len, key, ek, pubk->pkey.rsa, RSA_PKCS1_PADDING); err: #endif return (ret); }
EVP_PKEY *EVP_PKEY_new(void) { EVP_PKEY *ret; ret=(EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY)); if (ret == NULL) { EVPerr(EVP_F_EVP_PKEY_NEW,ERR_R_MALLOC_FAILURE); return(NULL); } ret->type=EVP_PKEY_NONE; ret->references=1; ret->pkey.ptr=NULL; ret->attributes=NULL; ret->save_parameters=1; return(ret); }
int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) { EVP_MD_CTX_init(ctx); if (ctx->digest != type) { if (ctx->digest && ctx->digest->ctx_size) free(ctx->md_data); ctx->digest=type; if (type->ctx_size) { ctx->md_data = malloc(type->ctx_size); if (!ctx->md_data) { EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE); return 0; } } } return ctx->digest->init(ctx); }
int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey) { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len = 0; int i = 0; size_t sltmp; EVP_PKEY_CTX *pkctx = NULL; *siglen = 0; if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) { if (!EVP_DigestFinal_ex(ctx, m, &m_len)) goto err; } else { int rv = 0; EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); if (tmp_ctx == NULL) { EVPerr(EVP_F_EVP_SIGNFINAL, ERR_R_MALLOC_FAILURE); return 0; } rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx); if (rv) rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len); EVP_MD_CTX_free(tmp_ctx); if (!rv) return 0; } sltmp = (size_t)EVP_PKEY_size(pkey); i = 0; pkctx = EVP_PKEY_CTX_new(pkey, NULL); if (pkctx == NULL) goto err; if (EVP_PKEY_sign_init(pkctx) <= 0) goto err; if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0) goto err; if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; i = 1; err: EVP_PKEY_CTX_free(pkctx); return i; }
static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len) { const EVP_PKEY_ASN1_METHOD *ameth; ENGINE *e = NULL; if (pkey) { if (pkey->pkey.ptr) EVP_PKEY_free_it(pkey); /* If key type matches and a method exists then this * lookup has succeeded once so just indicate success. */ if ((type == pkey->save_type) && pkey->ameth) return 1; #ifndef OPENSSL_NO_ENGINE /* If we have an ENGINE release it */ if (pkey->engine) { ENGINE_finish(pkey->engine); pkey->engine = NULL; } #endif } if (str) ameth = EVP_PKEY_asn1_find_str(&e, str, len); else ameth = EVP_PKEY_asn1_find(&e, type); #ifndef OPENSSL_NO_ENGINE if (!pkey && e) ENGINE_finish(e); #endif if (!ameth) { EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM); return 0; } if (pkey) { pkey->ameth = ameth; pkey->engine = e; pkey->type = pkey->ameth->pkey_id; pkey->save_type=type; } return 1; }
PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) { switch (broken) { case PKCS8_OK: p8->broken = PKCS8_OK; return p8; case PKCS8_NO_OCTET: p8->broken = PKCS8_NO_OCTET; p8->pkey->type = V_ASN1_SEQUENCE; return p8; default: EVPerr(EVP_F_PKCS8_SET_BROKEN, EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); return NULL; } }
/* The subkey for ARIA is generated. */ static int aria_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { int ret; int mode = EVP_CIPHER_CTX_mode(ctx); if (enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE)) ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, EVP_CIPHER_CTX_get_cipher_data(ctx)); else ret = aria_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, EVP_CIPHER_CTX_get_cipher_data(ctx)); if (ret < 0) { EVPerr(EVP_F_ARIA_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED); return 0; } return 1; }
int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type) { if (pkey->type == type) { return 1; /* it already is that type */ } /* * The application is requesting to alias this to a different pkey type, * but not one that resolves to the base type. */ if (EVP_PKEY_type(type) != EVP_PKEY_base_id(pkey)) { EVPerr(EVP_F_EVP_PKEY_SET_ALIAS_TYPE, EVP_R_UNSUPPORTED_ALGORITHM); return 0; } pkey->type = type; return 1; }
int EVP_PKEY_decrypt(unsigned char *key, unsigned char *ek, int ekl, EVP_PKEY *priv) { int ret= -1; #ifndef NO_RSA if (priv->type != EVP_PKEY_RSA) { #endif EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA); #ifndef NO_RSA goto err; } ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING); err: #endif return(ret); }
int EVP_PBE_scrypt(const char *pass, size_t passlen, const unsigned char *salt, size_t saltlen, uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, unsigned char *key, size_t keylen) { const char *empty = ""; int rv = 1; EVP_KDF_CTX *kctx; if (r > UINT32_MAX || p > UINT32_MAX) { EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE); return 0; } /* Maintain existing behaviour. */ if (pass == NULL) { pass = empty; passlen = 0; } if (salt == NULL) { salt = (const unsigned char *)empty; saltlen = 0; } if (maxmem == 0) maxmem = SCRYPT_MAX_MEM; kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT); if (kctx == NULL) return 0; if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, pass, (size_t)passlen) != 1 || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, salt, (size_t)saltlen) != 1 || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N, N) != 1 || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R, (uint32_t)r) != 1 || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P, (uint32_t)p) != 1 || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, maxmem) != 1 || EVP_KDF_derive(kctx, key, keylen) != 1) rv = 0; EVP_KDF_CTX_free(kctx); return rv; }
int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid, EVP_PBE_KEYGEN *keygen) { EVP_PBE_CTL *pbe_tmp; if (!pbe_algs) pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp); if (!(pbe_tmp = (EVP_PBE_CTL *)OPENSSL_malloc(sizeof(EVP_PBE_CTL)))) { EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE); return 0; } pbe_tmp->pbe_type = pbe_type; pbe_tmp->pbe_nid = pbe_nid; pbe_tmp->cipher_nid = cipher_nid; pbe_tmp->md_nid = md_nid; pbe_tmp->keygen = keygen; sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp); return 1; }
EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) { EVP_PKEY_CTX *rctx; if (!pctx->pmeth || !pctx->pmeth->copy) return NULL; #ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a pkey context using an ENGINE */ if (pctx->engine && !ENGINE_init(pctx->engine)) { EVPerr(EVP_F_EVP_PKEY_CTX_DUP,ERR_R_ENGINE_LIB); return 0; } #endif rctx = (EVP_PKEY_CTX *)OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); if (!rctx) return NULL; rctx->pmeth = pctx->pmeth; #ifndef OPENSSL_NO_ENGINE rctx->engine = pctx->engine; #endif if (pctx->pkey) CRYPTO_add(&pctx->pkey->references,1,CRYPTO_LOCK_EVP_PKEY); rctx->pkey = pctx->pkey; if (pctx->peerkey) CRYPTO_add(&pctx->peerkey->references,1,CRYPTO_LOCK_EVP_PKEY); rctx->peerkey = pctx->peerkey; rctx->data = NULL; rctx->app_data = NULL; rctx->operation = pctx->operation; if (pctx->pmeth->copy(rctx, pctx) > 0) return rctx; EVP_PKEY_CTX_free(rctx); return NULL; }
static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { int ret; if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE || enc) ret=AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); else ret=AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); if(ret < 0) { EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED); return 0; } return 1; }
int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, EVP_PKEY *priv) { int ret = -1; #ifndef OPENSSL_NO_RSA if (EVP_PKEY_id(priv) != EVP_PKEY_RSA) { #endif EVPerr(EVP_F_EVP_PKEY_DECRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA); #ifndef OPENSSL_NO_RSA goto err; } ret = RSA_private_decrypt(ekl, ek, key, EVP_PKEY_get0_RSA(priv), RSA_PKCS1_PADDING); err: #endif return ret; }
static int ok_new(BIO *bi) { BIO_OK_CTX *ctx; if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { EVPerr(EVP_F_OK_NEW, ERR_R_MALLOC_FAILURE); return 0; } ctx->cont = 1; ctx->sigio = 1; ctx->md = EVP_MD_CTX_new(); if (ctx->md == NULL) { OPENSSL_free(ctx); return 0; } BIO_set_init(bi, 0); BIO_set_data(bi, ctx); return 1; }
static int aria_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { int ret; EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx); if (!iv && !key) return 1; if (key) { ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aria_encrypt); if (ret < 0) { EVPerr(EVP_F_ARIA_GCM_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED); return 0; } /* * If we have an iv can set it directly, otherwise use saved IV. */ if (iv == NULL && gctx->iv_set) iv = gctx->iv; if (iv) { CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); gctx->iv_set = 1; } gctx->key_set = 1; } else { /* If key set use IV, otherwise copy */ if (gctx->key_set) CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); else memcpy(gctx->iv, iv, gctx->ivlen); gctx->iv_set = 1; gctx->iv_gen = 0; } return 1; }
int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey) { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len = 0; int i = 0; EVP_PKEY_CTX *pkctx = NULL; if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) { if (!EVP_DigestFinal_ex(ctx, m, &m_len)) goto err; } else { int rv = 0; EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); if (tmp_ctx == NULL) { EVPerr(EVP_F_EVP_VERIFYFINAL, ERR_R_MALLOC_FAILURE); return 0; } rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx); if (rv) rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len); EVP_MD_CTX_free(tmp_ctx); if (!rv) return 0; } i = -1; pkctx = EVP_PKEY_CTX_new(pkey, NULL); if (pkctx == NULL) goto err; if (EVP_PKEY_verify_init(pkctx) <= 0) goto err; if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0) goto err; i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); return i; }
static int aes_xts_cipher (EVP_CIPHER_CTX * ctx, unsigned char *out, const unsigned char *in, size_t len) { EVP_AES_XTS_CTX *xctx = ctx->cipher_data; if (!xctx->xts.key1 || !xctx->xts.key2) return 0; if (!out || !in || len < AES_BLOCK_SIZE) return 0; #ifdef OPENSSL_FIPS /* Requirement of SP800-38E */ if (FIPS_module_mode () && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && (len > (1UL << 20) * 16)) { EVPerr (EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE); return 0; } #endif if (xctx->stream) (*xctx->stream) (in, out, len, xctx->xts.key1, xctx->xts.key2, ctx->iv); else if (CRYPTO_xts128_encrypt (&xctx->xts, ctx->iv, in, out, len, ctx->encrypt)) return 0; return 1; }
int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth) { EVP_PKEY_ASN1_METHOD tmp = { 0, }; if (app_methods == NULL) { app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp); if (app_methods == NULL) return 0; } tmp.pkey_id = ameth->pkey_id; if (sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp) >= 0) { EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0, EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED); return 0; } if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth)) return 0; sk_EVP_PKEY_ASN1_METHOD_sort(app_methods); return 1; }
int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) { PBEPARAM *pbe; int saltlen, iter, ret; unsigned char *salt, *pbuf; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; /* Extract useful info from parameter */ pbuf = param->value.sequence->data; if (!param || (param->type != V_ASN1_SEQUENCE) || !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) { EVPerr(PKCS12_F_PKCS12_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); return 0; } if (!pbe->iter) iter = 1; else iter = ASN1_INTEGER_get (pbe->iter); salt = pbe->salt->data; saltlen = pbe->salt->length; if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID, iter, EVP_CIPHER_key_length(cipher), key, md)) { PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_KEY_GEN_ERROR); PBEPARAM_free(pbe); return 0; } if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID, iter, EVP_CIPHER_iv_length(cipher), iv, md)) { PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_IV_GEN_ERROR); PBEPARAM_free(pbe); return 0; } PBEPARAM_free(pbe); ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); return ret; }
static int aead_aes_gcm_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len, size_t max_out_len, const unsigned char *nonce, size_t nonce_len, const unsigned char *in, size_t in_len, const unsigned char *ad, size_t ad_len) { const struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state; GCM128_CONTEXT gcm; size_t bulk = 0; if (max_out_len < in_len + gcm_ctx->tag_len) { EVPerr(EVP_F_AEAD_AES_GCM_SEAL, EVP_R_BUFFER_TOO_SMALL); return 0; } memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm)); CRYPTO_gcm128_setiv(&gcm, nonce, nonce_len); if (ad_len > 0 && CRYPTO_gcm128_aad(&gcm, ad, ad_len)) return 0; if (gcm_ctx->ctr) { if (CRYPTO_gcm128_encrypt_ctr32(&gcm, in + bulk, out + bulk, in_len - bulk, gcm_ctx->ctr)) return 0; } else { if (CRYPTO_gcm128_encrypt(&gcm, in + bulk, out + bulk, in_len - bulk)) return 0; } CRYPTO_gcm128_tag(&gcm, out + in_len, gcm_ctx->tag_len); *out_len = in_len + gcm_ctx->tag_len; return 1; }