diff options
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/prov/openssl/openssl_block.cpp | 67 | ||||
-rw-r--r-- | src/lib/prov/openssl/openssl_ec.cpp | 33 | ||||
-rw-r--r-- | src/lib/prov/openssl/openssl_hash.cpp | 47 | ||||
-rw-r--r-- | src/lib/prov/openssl/openssl_mode.cpp | 35 | ||||
-rw-r--r-- | src/lib/prov/openssl/openssl_rsa.cpp | 22 |
5 files changed, 130 insertions, 74 deletions
diff --git a/src/lib/prov/openssl/openssl_block.cpp b/src/lib/prov/openssl/openssl_block.cpp index 15d3bdc56..5d5cf0b47 100644 --- a/src/lib/prov/openssl/openssl_block.cpp +++ b/src/lib/prov/openssl/openssl_block.cpp @@ -37,14 +37,14 @@ class OpenSSL_BlockCipher : public BlockCipher void encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const override { int out_len = 0; - if(!EVP_EncryptUpdate(&m_encrypt, out, &out_len, in, blocks * m_block_sz)) + if(!EVP_EncryptUpdate(m_encrypt, out, &out_len, in, blocks * m_block_sz)) throw OpenSSL_Error("EVP_EncryptUpdate"); } void decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const override { int out_len = 0; - if(!EVP_DecryptUpdate(&m_decrypt, out, &out_len, in, blocks * m_block_sz)) + if(!EVP_DecryptUpdate(m_decrypt, out, &out_len, in, blocks * m_block_sz)) throw OpenSSL_Error("EVP_DecryptUpdate"); } @@ -53,7 +53,8 @@ class OpenSSL_BlockCipher : public BlockCipher size_t m_block_sz; Key_Length_Specification m_cipher_key_spec; std::string m_cipher_name; - mutable EVP_CIPHER_CTX m_encrypt, m_decrypt; + mutable EVP_CIPHER_CTX *m_encrypt; + mutable EVP_CIPHER_CTX *m_decrypt; }; OpenSSL_BlockCipher::OpenSSL_BlockCipher(const std::string& algo_name, @@ -65,17 +66,19 @@ OpenSSL_BlockCipher::OpenSSL_BlockCipher(const std::string& algo_name, if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE) throw Invalid_Argument("OpenSSL_BlockCipher: Non-ECB EVP was passed in"); - EVP_CIPHER_CTX_init(&m_encrypt); - EVP_CIPHER_CTX_init(&m_decrypt); + m_encrypt = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX_init(m_encrypt); + m_decrypt = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX_init(m_decrypt); - if(!EVP_EncryptInit_ex(&m_encrypt, algo, nullptr, nullptr, nullptr)) + if(!EVP_EncryptInit_ex(m_encrypt, algo, nullptr, nullptr, nullptr)) throw OpenSSL_Error("EVP_EncryptInit_ex"); - if(!EVP_DecryptInit_ex(&m_decrypt, algo, nullptr, nullptr, nullptr)) + if(!EVP_DecryptInit_ex(m_decrypt, algo, nullptr, nullptr, nullptr)) throw OpenSSL_Error("EVP_DecryptInit_ex"); - if(!EVP_CIPHER_CTX_set_padding(&m_encrypt, 0)) + if(!EVP_CIPHER_CTX_set_padding(m_encrypt, 0)) throw OpenSSL_Error("EVP_CIPHER_CTX_set_padding encrypt"); - if(!EVP_CIPHER_CTX_set_padding(&m_decrypt, 0)) + if(!EVP_CIPHER_CTX_set_padding(m_decrypt, 0)) throw OpenSSL_Error("EVP_CIPHER_CTX_set_padding decrypt"); } @@ -91,24 +94,26 @@ OpenSSL_BlockCipher::OpenSSL_BlockCipher(const std::string& algo_name, if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE) throw Invalid_Argument("OpenSSL_BlockCipher: Non-ECB EVP was passed in"); - EVP_CIPHER_CTX_init(&m_encrypt); - EVP_CIPHER_CTX_init(&m_decrypt); + m_encrypt = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX_init(m_encrypt); + m_decrypt = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX_init(m_decrypt); - if(!EVP_EncryptInit_ex(&m_encrypt, algo, nullptr, nullptr, nullptr)) + if(!EVP_EncryptInit_ex(m_encrypt, algo, nullptr, nullptr, nullptr)) throw OpenSSL_Error("EVP_EncryptInit_ex"); - if(!EVP_DecryptInit_ex(&m_decrypt, algo, nullptr, nullptr, nullptr)) + if(!EVP_DecryptInit_ex(m_decrypt, algo, nullptr, nullptr, nullptr)) throw OpenSSL_Error("EVP_DecryptInit_ex"); - if(!EVP_CIPHER_CTX_set_padding(&m_encrypt, 0)) + if(!EVP_CIPHER_CTX_set_padding(m_encrypt, 0)) throw OpenSSL_Error("EVP_CIPHER_CTX_set_padding encrypt"); - if(!EVP_CIPHER_CTX_set_padding(&m_decrypt, 0)) + if(!EVP_CIPHER_CTX_set_padding(m_decrypt, 0)) throw OpenSSL_Error("EVP_CIPHER_CTX_set_padding decrypt"); } OpenSSL_BlockCipher::~OpenSSL_BlockCipher() { - EVP_CIPHER_CTX_cleanup(&m_encrypt); - EVP_CIPHER_CTX_cleanup(&m_decrypt); + EVP_CIPHER_CTX_cleanup(m_encrypt); + EVP_CIPHER_CTX_cleanup(m_decrypt); } /* @@ -123,14 +128,14 @@ void OpenSSL_BlockCipher::key_schedule(const uint8_t key[], size_t length) full_key += std::make_pair(key, 8); } else - if(EVP_CIPHER_CTX_set_key_length(&m_encrypt, length) == 0 || - EVP_CIPHER_CTX_set_key_length(&m_decrypt, length) == 0) + if(EVP_CIPHER_CTX_set_key_length(m_encrypt, length) == 0 || + EVP_CIPHER_CTX_set_key_length(m_decrypt, length) == 0) throw Invalid_Argument("OpenSSL_BlockCipher: Bad key length for " + m_cipher_name); - if(!EVP_EncryptInit_ex(&m_encrypt, nullptr, nullptr, full_key.data(), nullptr)) + if(!EVP_EncryptInit_ex(m_encrypt, nullptr, nullptr, full_key.data(), nullptr)) throw OpenSSL_Error("EVP_EncryptInit_ex"); - if(!EVP_DecryptInit_ex(&m_decrypt, nullptr, nullptr, full_key.data(), nullptr)) + if(!EVP_DecryptInit_ex(m_decrypt, nullptr, nullptr, full_key.data(), nullptr)) throw OpenSSL_Error("EVP_DecryptInit_ex"); } @@ -140,7 +145,7 @@ void OpenSSL_BlockCipher::key_schedule(const uint8_t key[], size_t length) BlockCipher* OpenSSL_BlockCipher::clone() const { return new OpenSSL_BlockCipher(m_cipher_name, - EVP_CIPHER_CTX_cipher(&m_encrypt), + EVP_CIPHER_CTX_cipher(m_encrypt), m_cipher_key_spec.minimum_keylength(), m_cipher_key_spec.maximum_keylength(), m_cipher_key_spec.keylength_multiple()); @@ -151,21 +156,21 @@ BlockCipher* OpenSSL_BlockCipher::clone() const */ void OpenSSL_BlockCipher::clear() { - const EVP_CIPHER* algo = EVP_CIPHER_CTX_cipher(&m_encrypt); + const EVP_CIPHER* algo = EVP_CIPHER_CTX_cipher(m_encrypt); - if(!EVP_CIPHER_CTX_cleanup(&m_encrypt)) + if(!EVP_CIPHER_CTX_cleanup(m_encrypt)) throw OpenSSL_Error("EVP_CIPHER_CTX_cleanup encrypt"); - if(!EVP_CIPHER_CTX_cleanup(&m_decrypt)) + if(!EVP_CIPHER_CTX_cleanup(m_decrypt)) throw OpenSSL_Error("EVP_CIPHER_CTX_cleanup decrypt"); - EVP_CIPHER_CTX_init(&m_encrypt); - EVP_CIPHER_CTX_init(&m_decrypt); - if(!EVP_EncryptInit_ex(&m_encrypt, algo, nullptr, nullptr, nullptr)) + EVP_CIPHER_CTX_init(m_encrypt); + EVP_CIPHER_CTX_init(m_decrypt); + if(!EVP_EncryptInit_ex(m_encrypt, algo, nullptr, nullptr, nullptr)) throw OpenSSL_Error("EVP_EncryptInit_ex"); - if(!EVP_DecryptInit_ex(&m_decrypt, algo, nullptr, nullptr, nullptr)) + if(!EVP_DecryptInit_ex(m_decrypt, algo, nullptr, nullptr, nullptr)) throw OpenSSL_Error("EVP_DecryptInit_ex"); - if(!EVP_CIPHER_CTX_set_padding(&m_encrypt, 0)) + if(!EVP_CIPHER_CTX_set_padding(m_encrypt, 0)) throw OpenSSL_Error("EVP_CIPHER_CTX_set_padding encrypt"); - if(!EVP_CIPHER_CTX_set_padding(&m_decrypt, 0)) + if(!EVP_CIPHER_CTX_set_padding(m_decrypt, 0)) throw OpenSSL_Error("EVP_CIPHER_CTX_set_padding decrypt"); } diff --git a/src/lib/prov/openssl/openssl_ec.cpp b/src/lib/prov/openssl/openssl_ec.cpp index 4b8afb5ed..0b23fa5e3 100644 --- a/src/lib/prov/openssl/openssl_ec.cpp +++ b/src/lib/prov/openssl/openssl_ec.cpp @@ -148,13 +148,18 @@ class OpenSSL_ECDSA_Verification_Operation : public PK_Ops::Verification_with_EM std::unique_ptr<ECDSA_SIG, std::function<void (ECDSA_SIG*)>> sig(nullptr, ECDSA_SIG_free); sig.reset(::ECDSA_SIG_new()); - sig->r = BN_bin2bn(sig_bytes , sig_len / 2, nullptr); - if(!sig->r) - throw OpenSSL_Error("BN_bin2bn sig r"); - sig->s = BN_bin2bn(sig_bytes + sig_len / 2, sig_len / 2, nullptr); - if(!sig->s) + BIGNUM* r = BN_bin2bn(sig_bytes , sig_len / 2, nullptr); + BIGNUM* s = BN_bin2bn(sig_bytes + sig_len / 2, sig_len / 2, nullptr); + if(r == nullptr || s == nullptr) throw OpenSSL_Error("BN_bin2bn sig s"); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + sig->r = r; + sig->s = s; +#else + ECDSA_SIG_set0(sig.get(), r, s); +#endif + const int res = ECDSA_do_verify(msg, msg_len, sig.get(), m_ossl_ec.get()); if(res < 0) throw OpenSSL_Error("ECDSA_do_verify"); @@ -193,11 +198,21 @@ class OpenSSL_ECDSA_Signing_Operation : public PK_Ops::Signature_with_EMSA throw OpenSSL_Error("ECDSA_do_sign"); const size_t order_bytes = (m_order_bits + 7) / 8; - const size_t r_bytes = BN_num_bytes(sig->r); - const size_t s_bytes = BN_num_bytes(sig->s); + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + const BIGNUM* r = sig->r; + const BIGNUM* s = sig->s; +#else + const BIGNUM* r; + const BIGNUM* s; + ECDSA_SIG_get0(sig.get(), &r, &s); +#endif + + const size_t r_bytes = BN_num_bytes(r); + const size_t s_bytes = BN_num_bytes(s); secure_vector<uint8_t> sigval(2*order_bytes); - BN_bn2bin(sig->r, &sigval[order_bytes - r_bytes]); - BN_bn2bin(sig->s, &sigval[2*order_bytes - s_bytes]); + BN_bn2bin(r, &sigval[order_bytes - r_bytes]); + BN_bn2bin(s, &sigval[2*order_bytes - s_bytes]); return sigval; } diff --git a/src/lib/prov/openssl/openssl_hash.cpp b/src/lib/prov/openssl/openssl_hash.cpp index 05e97a4e3..4b3e01ac5 100644 --- a/src/lib/prov/openssl/openssl_hash.cpp +++ b/src/lib/prov/openssl/openssl_hash.cpp @@ -19,8 +19,8 @@ class OpenSSL_HashFunction : public HashFunction public: void clear() override { - const EVP_MD* algo = EVP_MD_CTX_md(&m_md); - if(!EVP_DigestInit_ex(&m_md, algo, nullptr)) + const EVP_MD* algo = EVP_MD_CTX_md(m_md); + if(!EVP_DigestInit_ex(m_md, algo, nullptr)) throw OpenSSL_Error("EVP_DigestInit_ex"); } @@ -29,50 +29,71 @@ class OpenSSL_HashFunction : public HashFunction HashFunction* clone() const override { - const EVP_MD* algo = EVP_MD_CTX_md(&m_md); + const EVP_MD* algo = EVP_MD_CTX_md(m_md); return new OpenSSL_HashFunction(name(), algo); } + std::unique_ptr<HashFunction> copy_state() const override + { + std::unique_ptr<OpenSSL_HashFunction> copy(new OpenSSL_HashFunction(m_name, nullptr)); + EVP_MD_CTX_copy(copy->m_md, m_md); + return std::move(copy); + } + size_t output_length() const override { - return EVP_MD_size(EVP_MD_CTX_md(&m_md)); + return EVP_MD_size(EVP_MD_CTX_md(m_md)); } size_t hash_block_size() const override { - return EVP_MD_block_size(EVP_MD_CTX_md(&m_md)); + return EVP_MD_block_size(EVP_MD_CTX_md(m_md)); } OpenSSL_HashFunction(const std::string& name, const EVP_MD* md) : m_name(name) { - EVP_MD_CTX_init(&m_md); - if(!EVP_DigestInit_ex(&m_md, md, nullptr)) +#if OPENSSL_VERSION_NUMBER < 0x10100000L + m_md = EVP_MD_CTX_create(); +#else + m_md = EVP_MD_CTX_new(); +#endif + + EVP_MD_CTX_init(m_md); + if(md && !EVP_DigestInit_ex(m_md, md, nullptr)) throw OpenSSL_Error("EVP_DigestInit_ex"); } + OpenSSL_HashFunction(EVP_MD_CTX* ctx) : m_md(ctx) + { + } + ~OpenSSL_HashFunction() { - EVP_MD_CTX_cleanup(&m_md); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_MD_CTX_destroy(m_md); +#else + EVP_MD_CTX_free(m_md); +#endif } private: void add_data(const uint8_t input[], size_t length) override { - if(!EVP_DigestUpdate(&m_md, input, length)) + if(!EVP_DigestUpdate(m_md, input, length)) throw OpenSSL_Error("EVP_DigestUpdate"); } void final_result(uint8_t output[]) override { - if(!EVP_DigestFinal_ex(&m_md, output, nullptr)) + if(!EVP_DigestFinal_ex(m_md, output, nullptr)) throw OpenSSL_Error("EVP_DigestFinal_ex"); - const EVP_MD* algo = EVP_MD_CTX_md(&m_md); - if(!EVP_DigestInit_ex(&m_md, algo, nullptr)) + const EVP_MD* algo = EVP_MD_CTX_md(m_md); + if(!EVP_DigestInit_ex(m_md, algo, nullptr)) throw OpenSSL_Error("EVP_DigestInit_ex"); } std::string m_name; - EVP_MD_CTX m_md; + EVP_MD_CTX* m_md; }; } diff --git a/src/lib/prov/openssl/openssl_mode.cpp b/src/lib/prov/openssl/openssl_mode.cpp index 184bdada7..36f19eaec 100644 --- a/src/lib/prov/openssl/openssl_mode.cpp +++ b/src/lib/prov/openssl/openssl_mode.cpp @@ -44,7 +44,7 @@ class BOTAN_DLL OpenSSL_Cipher_Mode : public Cipher_Mode const std::string m_mode_name; const Cipher_Dir m_direction; size_t m_block_size; - EVP_CIPHER_CTX m_cipher; + EVP_CIPHER_CTX* m_cipher; }; OpenSSL_Cipher_Mode::OpenSSL_Cipher_Mode(const std::string& name, @@ -58,17 +58,18 @@ OpenSSL_Cipher_Mode::OpenSSL_Cipher_Mode(const std::string& name, if(EVP_CIPHER_mode(algo) != EVP_CIPH_CBC_MODE) throw Invalid_Argument("OpenSSL_BlockCipher: Non-CBC EVP was passed in"); - EVP_CIPHER_CTX_init(&m_cipher); - if(!EVP_CipherInit_ex(&m_cipher, algo, nullptr, nullptr, nullptr, + m_cipher = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX_init(m_cipher); + if(!EVP_CipherInit_ex(m_cipher, algo, nullptr, nullptr, nullptr, m_direction == ENCRYPTION ? 1 : 0)) throw OpenSSL_Error("EVP_CipherInit_ex"); - if(!EVP_CIPHER_CTX_set_padding(&m_cipher, 0)) + if(!EVP_CIPHER_CTX_set_padding(m_cipher, 0)) throw OpenSSL_Error("EVP_CIPHER_CTX_set_padding"); } OpenSSL_Cipher_Mode::~OpenSSL_Cipher_Mode() { - EVP_CIPHER_CTX_cleanup(&m_cipher); + EVP_CIPHER_CTX_free(m_cipher); } void OpenSSL_Cipher_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) @@ -77,7 +78,7 @@ void OpenSSL_Cipher_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) throw Invalid_IV_Length(name(), nonce_len); if(nonce_len) { - if(!EVP_CipherInit_ex(&m_cipher, nullptr, nullptr, nullptr, nonce, -1)) + if(!EVP_CipherInit_ex(m_cipher, nullptr, nullptr, nullptr, nonce, -1)) throw OpenSSL_Error("EVP_CipherInit_ex nonce"); } } @@ -91,7 +92,7 @@ size_t OpenSSL_Cipher_Mode::process(uint8_t msg[], size_t msg_len) int outl = msg_len; secure_vector<uint8_t> out(outl); - if(!EVP_CipherUpdate(&m_cipher, out.data(), &outl, msg, msg_len)) + if(!EVP_CipherUpdate(m_cipher, out.data(), &outl, msg, msg_len)) throw OpenSSL_Error("EVP_CipherUpdate"); memcpy(msg, out.data(), outl); return outl; @@ -108,7 +109,7 @@ void OpenSSL_Cipher_Mode::finish(secure_vector<uint8_t>& buffer, int outl = buf_size - written; secure_vector<uint8_t> out(outl); - if(!EVP_CipherFinal_ex(&m_cipher, out.data(), &outl)) + if(!EVP_CipherFinal_ex(m_cipher, out.data(), &outl)) throw OpenSSL_Error("EVP_CipherFinal_ex"); memcpy(buf + written, out.data(), outl); written += outl; @@ -145,34 +146,34 @@ size_t OpenSSL_Cipher_Mode::output_length(size_t input_length) const void OpenSSL_Cipher_Mode::clear() { - const EVP_CIPHER* algo = EVP_CIPHER_CTX_cipher(&m_cipher); + const EVP_CIPHER* algo = EVP_CIPHER_CTX_cipher(m_cipher); - if(!EVP_CIPHER_CTX_cleanup(&m_cipher)) + if(!EVP_CIPHER_CTX_cleanup(m_cipher)) throw OpenSSL_Error("EVP_CIPHER_CTX_cleanup"); - EVP_CIPHER_CTX_init(&m_cipher); - if(!EVP_CipherInit_ex(&m_cipher, algo, nullptr, nullptr, nullptr, + EVP_CIPHER_CTX_init(m_cipher); + if(!EVP_CipherInit_ex(m_cipher, algo, nullptr, nullptr, nullptr, m_direction == ENCRYPTION ? 1 : 0)) throw OpenSSL_Error("EVP_CipherInit_ex clear"); - if(!EVP_CIPHER_CTX_set_padding(&m_cipher, 0)) + if(!EVP_CIPHER_CTX_set_padding(m_cipher, 0)) throw OpenSSL_Error("EVP_CIPHER_CTX_set_padding clear"); } void OpenSSL_Cipher_Mode::reset() { - if(!EVP_CipherInit_ex(&m_cipher, nullptr, nullptr, nullptr, nullptr, -1)) + if(!EVP_CipherInit_ex(m_cipher, nullptr, nullptr, nullptr, nullptr, -1)) throw OpenSSL_Error("EVP_CipherInit_ex clear"); } Key_Length_Specification OpenSSL_Cipher_Mode::key_spec() const { - return Key_Length_Specification(EVP_CIPHER_CTX_key_length(&m_cipher)); + return Key_Length_Specification(EVP_CIPHER_CTX_key_length(m_cipher)); } void OpenSSL_Cipher_Mode::key_schedule(const uint8_t key[], size_t length) { - if(!EVP_CIPHER_CTX_set_key_length(&m_cipher, length)) + if(!EVP_CIPHER_CTX_set_key_length(m_cipher, length)) throw OpenSSL_Error("EVP_CIPHER_CTX_set_key_length"); - if(!EVP_CipherInit_ex(&m_cipher, nullptr, nullptr, key, nullptr, -1)) + if(!EVP_CipherInit_ex(m_cipher, nullptr, nullptr, key, nullptr, -1)) throw OpenSSL_Error("EVP_CipherInit_ex key"); } diff --git a/src/lib/prov/openssl/openssl_rsa.cpp b/src/lib/prov/openssl/openssl_rsa.cpp index 8c25d00ef..f8b2b82d6 100644 --- a/src/lib/prov/openssl/openssl_rsa.cpp +++ b/src/lib/prov/openssl/openssl_rsa.cpp @@ -152,7 +152,14 @@ class OpenSSL_RSA_Verification_Operation : public PK_Ops::Verification_with_EMSA throw OpenSSL_Error("d2i_RSAPublicKey"); } - size_t max_input_bits() const override { return ::BN_num_bits(m_openssl_rsa->n) - 1; } + size_t max_input_bits() const override + { +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return ::BN_num_bits(m_openssl_rsa->n) - 1; +#else + return ::RSA_bits(m_openssl_rsa.get()) - 1; +#endif + } bool with_recovery() const override { return true; } @@ -215,7 +222,14 @@ class OpenSSL_RSA_Signing_Operation : public PK_Ops::Signature_with_EMSA return outbuf; } - size_t max_input_bits() const override { return ::BN_num_bits(m_openssl_rsa->n) - 1; } + size_t max_input_bits() const override + { +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return ::BN_num_bits(m_openssl_rsa->n) - 1; +#else + return ::RSA_bits(m_openssl_rsa.get()) - 1; +#endif + } private: std::unique_ptr<RSA, std::function<void (RSA*)>> m_openssl_rsa; @@ -269,10 +283,10 @@ make_openssl_rsa_private_key(RandomNumberGenerator& rng, size_t rsa_bits) std::unique_ptr<RSA, std::function<void (RSA*)>> rsa(RSA_new(), RSA_free); if(!rsa) throw OpenSSL_Error("RSA_new"); - if(!RSA_generate_key_ex(rsa.get(), rsa_bits, bn.get(), NULL)) + if(!RSA_generate_key_ex(rsa.get(), rsa_bits, bn.get(), nullptr)) throw OpenSSL_Error("RSA_generate_key_ex"); - uint8_t* der = NULL; + uint8_t* der = nullptr; int bytes = i2d_RSAPrivateKey(rsa.get(), &der); if(bytes < 0) throw OpenSSL_Error("i2d_RSAPrivateKey"); |