DES, idea, seed, rc2, rc4, rc5, cast and blowfish have been moved out of the default provider. Code shared between desx and tdes has been moved into a seperate file (cipher_tdes_common.c). 3 test recipes failed due to using app/openssl calls that used legacy ciphers. These calls have been updated to supply both the default and legacy providers. Fixed openssl app '-provider' memory leak Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11419)master
parent
cc45a884bd
commit
f5056577ba
@ -1,3 +1,10 @@
|
||||
LIBS=../../libcrypto
|
||||
SOURCE[../../libcrypto]=\
|
||||
i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
|
||||
$ALL=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
|
||||
|
||||
SOURCE[../../libcrypto]=$ALL
|
||||
|
||||
# When all deprecated symbols are removed, libcrypto doesn't export the
|
||||
# idea functions, so we must include them directly in liblegacy.a
|
||||
IF[{- $disabled{'deprecated-3.0'} -}]
|
||||
SOURCE[../../providers/liblegacy.a]=$ALL
|
||||
ENDIF
|
||||
|
@ -1,3 +1,11 @@
|
||||
LIBS=../../libcrypto
|
||||
SOURCE[../../libcrypto]=\
|
||||
rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
|
||||
|
||||
$ALL=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
|
||||
|
||||
SOURCE[../../libcrypto]=$ALL
|
||||
|
||||
# When all deprecated symbols are removed, libcrypto doesn't export the
|
||||
# rc2 functions, so we must include them directly in liblegacy.a
|
||||
IF[{- $disabled{'deprecated-3.0'} -}]
|
||||
SOURCE[../../providers/liblegacy.a]=$ALL
|
||||
ENDIF
|
||||
|
@ -1,2 +1,10 @@
|
||||
LIBS=../../libcrypto
|
||||
SOURCE[../../libcrypto]=seed.c seed_ecb.c seed_cbc.c seed_cfb.c seed_ofb.c
|
||||
$ALL=seed.c seed_ecb.c seed_cbc.c seed_cfb.c seed_ofb.c
|
||||
|
||||
SOURCE[../../libcrypto]=$ALL
|
||||
|
||||
# When all deprecated symbols are removed, libcrypto doesn't export the
|
||||
# seed functions, so we must include them directly in liblegacy.a
|
||||
IF[{- $disabled{'deprecated-3.0'} -}]
|
||||
SOURCE[../../providers/liblegacy.a]=$ALL
|
||||
ENDIF
|
||||
|
@ -0,0 +1,110 @@
|
||||
/*
|
||||
* Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
/*
|
||||
* DES low level APIs are deprecated for public use, but still ok for internal
|
||||
* use.
|
||||
*/
|
||||
#include "internal/deprecated.h"
|
||||
|
||||
#include "prov/ciphercommon.h"
|
||||
#include "cipher_tdes.h"
|
||||
#include <openssl/rand.h>
|
||||
#include "prov/implementations.h"
|
||||
#include "prov/providercommonerr.h"
|
||||
|
||||
void *tdes_newctx(void *provctx, int mode, size_t kbits, size_t blkbits,
|
||||
size_t ivbits, uint64_t flags, const PROV_CIPHER_HW *hw)
|
||||
{
|
||||
PROV_TDES_CTX *tctx = OPENSSL_zalloc(sizeof(*tctx));
|
||||
|
||||
if (tctx != NULL)
|
||||
cipher_generic_initkey(tctx, kbits, blkbits, ivbits, mode, flags, hw,
|
||||
provctx);
|
||||
return tctx;
|
||||
}
|
||||
|
||||
void tdes_freectx(void *vctx)
|
||||
{
|
||||
PROV_TDES_CTX *ctx = (PROV_TDES_CTX *)vctx;
|
||||
|
||||
OPENSSL_clear_free(ctx, sizeof(*ctx));
|
||||
}
|
||||
|
||||
static int tdes_init(void *vctx, const unsigned char *key, size_t keylen,
|
||||
const unsigned char *iv, size_t ivlen, int enc)
|
||||
{
|
||||
PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
|
||||
|
||||
ctx->enc = enc;
|
||||
|
||||
if (iv != NULL) {
|
||||
if (!cipher_generic_initiv(ctx, iv, ivlen))
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (key != NULL) {
|
||||
if (keylen != ctx->keylen) {
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN);
|
||||
return 0;
|
||||
}
|
||||
return ctx->hw->init(ctx, key, ctx->keylen);
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
int tdes_einit(void *vctx, const unsigned char *key, size_t keylen,
|
||||
const unsigned char *iv, size_t ivlen)
|
||||
{
|
||||
return tdes_init(vctx, key, keylen, iv, ivlen, 1);
|
||||
}
|
||||
|
||||
int tdes_dinit(void *vctx, const unsigned char *key, size_t keylen,
|
||||
const unsigned char *iv, size_t ivlen)
|
||||
{
|
||||
return tdes_init(vctx, key, keylen, iv, ivlen, 0);
|
||||
}
|
||||
|
||||
CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(tdes)
|
||||
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY, NULL, 0),
|
||||
CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(tdes)
|
||||
|
||||
static int tdes_generatekey(PROV_CIPHER_CTX *ctx, void *ptr)
|
||||
{
|
||||
|
||||
DES_cblock *deskey = ptr;
|
||||
size_t kl = ctx->keylen;
|
||||
|
||||
if (kl == 0 || RAND_priv_bytes_ex(ctx->libctx, ptr, kl) <= 0)
|
||||
return 0;
|
||||
DES_set_odd_parity(deskey);
|
||||
if (kl >= 16)
|
||||
DES_set_odd_parity(deskey + 1);
|
||||
if (kl >= 24) {
|
||||
DES_set_odd_parity(deskey + 2);
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
int tdes_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
||||
{
|
||||
PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
|
||||
OSSL_PARAM *p;
|
||||
|
||||
if (!cipher_generic_get_ctx_params(vctx, params))
|
||||
return 0;
|
||||
|
||||
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_RANDOM_KEY);
|
||||
if (p != NULL && !tdes_generatekey(ctx, p->data)) {
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GENERATE_KEY);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
Loading…
Reference in new issue