to digests to retain compatibility.
*) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
+) applies to 0.9.7 only
+ +) Modify the behaviour of EVP cipher functions in similar way to digests
+ to retain compatibility with existing code.
+ [Steve Henson]
+
+) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain
compatibility with existing code. In particular the 'ctx' parameter is
not assumed to be valid before the call to EVP_DigestInit() and it is tidied
print_message(names[D_EVP],save_count,
lengths[j]);
if(decrypt)
- EVP_DecryptInit(&ctx,evp,key16,iv);
+ EVP_DecryptInit_ex(&ctx,evp,NULL,key16,iv);
else
- EVP_EncryptInit(&ctx,evp,key16,iv);
+ EVP_EncryptInit_ex(&ctx,evp,NULL,key16,iv);
Time_F(START,usertime);
if(decrypt)
for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
EVP_EncryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
if(decrypt)
- EVP_DecryptFinal(&ctx,buf,&outl);
+ EVP_DecryptFinal_ex(&ctx,buf,&outl);
else
- EVP_EncryptFinal(&ctx,buf,&outl);
+ EVP_EncryptFinal_ex(&ctx,buf,&outl);
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_EVP],d);
/* Encrypt private key in place */
zz = enckey->enckey->digest->data;
EVP_CIPHER_CTX_init(&ctx);
- EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
+ EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
- EVP_EncryptFinal(&ctx,zz + i,&j);
+ EVP_EncryptFinal_ex(&ctx,zz + i,&j);
EVP_CIPHER_CTX_cleanup(&ctx);
ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
memset(buf,0,256);
EVP_CIPHER_CTX_init(&ctx);
- EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
+ EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
- EVP_DecryptFinal(&ctx,&(os->data[i]),&j);
+ EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
EVP_CIPHER_CTX_cleanup(&ctx);
os->length=i+j;
goto err;
/* Dummy cipherinit to just setup the IV */
- EVP_CipherInit(&ctx, cipher, NULL, iv, 0);
+ EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
ASN1err(ASN1_F_PKCS5_PBE2_SET,
ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
if (!BIO_should_retry(b->next_bio))
{
ctx->cont=i;
- i=EVP_CipherFinal(&(ctx->cipher),
+ i=EVP_CipherFinal_ex(&(ctx->cipher),
(unsigned char *)ctx->buf,
&(ctx->buf_len));
ctx->ok=i;
case BIO_CTRL_RESET:
ctx->ok=1;
ctx->finished=0;
- EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL,
+ EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
ctx->cipher.encrypt);
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
{
ctx->finished=1;
ctx->buf_off=0;
- ret=EVP_CipherFinal(&(ctx->cipher),
+ ret=EVP_CipherFinal_ex(&(ctx->cipher),
(unsigned char *)ctx->buf,
&(ctx->buf_len));
ctx->ok=(int)ret;
b->init=1;
ctx=(BIO_ENC_CTX *)b->ptr;
- EVP_CipherInit(&(ctx->cipher),c,k,i,e);
+ EVP_CipherInit_ex(&(ctx->cipher),c,NULL, k,i,e);
if (b->callback != NULL)
b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L);
key_bits =rc2_magic_to_meth((int)num);
if (!key_bits)
return(-1);
- if(i > 0) EVP_CipherInit(c, NULL, NULL, iv, -1);
+ if(i > 0) EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1);
EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
}
const unsigned char *key, const unsigned char *iv);
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, const unsigned char *in, int inl);
+int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, const unsigned char *in, int inl);
int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
int EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
const unsigned char *key,const unsigned char *iv,
int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, const unsigned char *in, int inl);
int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
EVP_PKEY *pkey);
/* ctx->cipher=NULL; */
}
+
int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
const unsigned char *key, const unsigned char *iv, int enc)
{
+ EVP_CIPHER_CTX_init(ctx);
return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
}
+
int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
const unsigned char *key, const unsigned char *iv, int enc)
{
else return EVP_DecryptUpdate(ctx,out,outl,in,inl);
}
+int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+ {
+ if (ctx->encrypt)
+ return EVP_EncryptFinal_ex(ctx,out,outl);
+ else return EVP_DecryptFinal_ex(ctx,out,outl);
+ }
+
int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
if (ctx->encrypt)
int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
const unsigned char *key, const unsigned char *iv)
{
- return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1);
+ return EVP_CipherInit(ctx, cipher, key, iv, 1);
}
int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
}
int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+ {
+ int ret;
+ ret = EVP_EncryptFinal_ex(ctx, out, outl);
+ EVP_CIPHER_CTX_cleanup(ctx);
+ return ret;
+ }
+
+int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
int i,n,b,bl,ret;
}
int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+ {
+ int ret;
+ ret = EVP_DecryptFinal_ex(ctx, out, outl);
+ EVP_CIPHER_CTX_cleanup(ctx);
+ return ret;
+ }
+
+int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
int i,b;
int n;
exit(5);
}
EVP_CIPHER_CTX_init(&ctx);
- if(!EVP_EncryptInit(&ctx,c,key,iv))
+ if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv))
{
fprintf(stderr,"EncryptInit failed\n");
exit(10);
fprintf(stderr,"Encrypt failed\n");
exit(6);
}
- if(!EVP_EncryptFinal(&ctx,out+outl,&outl2))
+ if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2))
{
fprintf(stderr,"EncryptFinal failed\n");
exit(7);
exit(9);
}
- if(!EVP_DecryptInit(&ctx,c,key,iv))
+ if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv))
{
fprintf(stderr,"DecryptInit failed\n");
exit(11);
fprintf(stderr,"Decrypt failed\n");
exit(6);
}
- if(!EVP_DecryptFinal(&ctx,out+outl,&outl2))
+ if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2))
{
fprintf(stderr,"DecryptFinal failed\n");
exit(7);
memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
EVP_CIPHER_iv_length(cipher));
- EVP_CipherInit(cctx, cipher, key, iv, en_de);
+ EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
memset(md_tmp, 0, EVP_MAX_MD_SIZE);
memset(key, 0, EVP_MAX_KEY_LENGTH);
memset(iv, 0, EVP_MAX_IV_LENGTH);
}
/* Fixup cipher based on AlgorithmIdentifier */
- EVP_CipherInit(ctx, cipher, NULL, NULL, en_de);
+ EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de);
if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
EVP_R_CIPHER_PARAMETER_ERROR);
saltlen = kdf->salt->value.octet_string->length;
iter = ASN1_INTEGER_get(kdf->iter);
PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
- EVP_CipherInit(ctx, NULL, key, NULL, en_de);
+ EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
memset(key, 0, keylen);
PBKDF2PARAM_free(kdf);
return 1;
if(type) {
EVP_CIPHER_CTX_init(ctx);
- if(!EVP_DecryptInit(ctx,type,NULL,NULL)) return 0;
+ if(!EVP_DecryptInit_ex(ctx,type,NULL, NULL,NULL)) return 0;
}
if(!priv) return 1;
/* ERROR */
goto err;
}
- if(!EVP_DecryptInit(ctx,NULL,key,iv)) goto err;
+ if(!EVP_DecryptInit_ex(ctx,NULL,NULL,key,iv)) goto err;
ret=1;
err:
{
int i;
- i=EVP_DecryptFinal(ctx,out,outl);
- EVP_DecryptInit(ctx,NULL,NULL,NULL);
+ i=EVP_DecryptFinal_ex(ctx,out,outl);
+ EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL);
return(i);
}
#else /* !OPENSSL_NO_RSA */
if(type) {
EVP_CIPHER_CTX_init(ctx);
- if(!EVP_EncryptInit(ctx,type,NULL,NULL)) return 0;
+ if(!EVP_EncryptInit_ex(ctx,type,NULL,NULL,NULL)) return 0;
}
if (npubk <= 0) return(0);
if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0)
if (EVP_CIPHER_CTX_iv_length(ctx))
RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx));
- if(!EVP_EncryptInit(ctx,NULL,key,iv)) return 0;
+ if(!EVP_EncryptInit_ex(ctx,NULL,NULL,key,iv)) return 0;
for (i=0; i<npubk; i++)
{
void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
- EVP_EncryptFinal(ctx,out,outl);
- EVP_EncryptInit(ctx,NULL,NULL,NULL);
+ EVP_EncryptFinal_ex(ctx,out,outl);
+ EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL);
}
PEM_dek_info(buf,objstr,8,(char *)iv);
/* k=strlen(buf); */
- EVP_EncryptInit(&ctx,enc,key,iv);
+ EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
EVP_EncryptUpdate(&ctx,data,&j,data,i);
- EVP_EncryptFinal(&ctx,&(data[j]),&i);
+ EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
i+=j;
ret=1;
}
(unsigned char *)buf,klen,1,key,NULL);
j=(int)len;
- EVP_DecryptInit(&ctx,cipher->cipher,key,&(cipher->iv[0]));
+ EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
EVP_DecryptUpdate(&ctx,data,&i,data,j);
- o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
+ o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
EVP_CIPHER_CTX_cleanup(&ctx);
memset((char *)buf,0,sizeof(buf));
memset((char *)key,0,sizeof(key));
goto err;
}
- EVP_EncryptFinal(&ctx->cipher,s,(int *)&i);
+ EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
*outl=j;
out+=j;
return 0;
}
PBEPARAM_free(pbe);
- EVP_CipherInit(ctx, cipher, key, iv, en_de);
+ EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
memset(key, 0, EVP_MAX_KEY_LENGTH);
memset(iv, 0, EVP_MAX_IV_LENGTH);
return 1;
EVP_CipherUpdate (&ctx, out, &i, in, inlen);
outlen = i;
- if(!EVP_CipherFinal (&ctx, out + i, &i)) {
+ if(!EVP_CipherFinal_ex (&ctx, out + i, &i)) {
OPENSSL_free (out);
PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
return NULL;
case BIO_CTRL_RESET:
ctx->ok=1;
ctx->finished=0;
- EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL,
+ EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
ctx->cipher.berrypt);
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
{
ctx->finished=1;
ctx->buf_off=0;
- ret=EVP_CipherFinal(&(ctx->cipher),
+ ret=EVP_CipherFinal_ex(&(ctx->cipher),
(unsigned char *)ctx->buf,
&(ctx->buf_len));
ctx->ok=(int)ret;
b->init=1;
ctx=(BIO_ENC_CTX *)b->ptr;
- EVP_CipherInit(&(ctx->cipher),c,k,i,e);
+ EVP_CipherInit_ex(&(ctx->cipher),c,NULL,k,i,e);
if (b->callback != NULL)
b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
goto err;
xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen);
- EVP_CipherInit(ctx, evp_cipher, key, iv, 1);
+ EVP_CipherInit_ex(ctx, evp_cipher, NULL, key, iv, 1);
if (ivlen > 0) {
if (xalg->parameter == NULL)
evp_ctx=NULL;
BIO_get_cipher_ctx(etmp,&evp_ctx);
- EVP_CipherInit(evp_ctx,evp_cipher,NULL,NULL,0);
+ EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0);
if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
goto err;
goto err;
}
}
- EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
+ EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
memset(tmp,0,jj);
void main_decrypt(void)
{
- char buf[512];
+ char buf[520];
char ebuf[512];
unsigned int buflen;
EVP_CIPHER_CTX ectx;
read(STDIN, encryptKey, ekeylen);
read(STDIN, iv, sizeof(iv));
-
EVP_OpenInit(&ectx,
EVP_des_ede3_cbc(),
encryptKey,
}
EVP_OpenUpdate(&ectx, buf, &buflen, ebuf, readlen);
-
write(STDOUT, buf, buflen);
}
EVP_BytesToKey(ALG, EVP_md5(), "salu", pw, strlen(pw), 1, key, iv);
- EVP_CipherInit(&ectx, ALG, key, iv, operation);
+ EVP_CIPHER_CTX_init(&ectx);
+ EVP_CipherInit_ex(&ectx, ALG, NULL, key, iv, operation);
while(1)
{
write(STDOUT, ebuf, ebuflen);
}
- EVP_CipherFinal(&ectx, ebuf, &ebuflen);
+ EVP_CipherFinal_ex(&ectx, ebuf, &ebuflen);
+ EVP_CIPHER_CTX_cleanup(&ectx);
write(STDOUT, ebuf, ebuflen);
}
*/
goto err;
}
- if (!EVP_DecryptInit(&ciph_ctx, enc, kssl_ctx->key, iv))
+ if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv))
{
kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "EVP_DecryptInit error decrypting authenticator.\n");
+ "EVP_DecryptInit_ex error decrypting authenticator.\n");
krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
goto err;
}
krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
goto err;
}
- if (!EVP_DecryptFinal(&ciph_ctx, &(unenc_authent[outl]), &padl))
+ if (!EVP_DecryptFinal_ex(&ciph_ctx, &(unenc_authent[outl]), &padl))
{
kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "EVP_DecryptFinal error decrypting authenticator.\n");
+ "EVP_DecryptFinal_ex error decrypting authenticator.\n");
krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
goto err;
}
ssl2_generate_key_material(s);
- EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]),
+ EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
s->session->key_arg);
- EVP_DecryptInit(rs,c,&(s->s2->key_material[(client)?0:num]),
+ EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]),
s->session->key_arg);
s->s2->read_key= &(s->s2->key_material[(client)?0:num]);
s->s2->write_key= &(s->s2->key_material[(client)?num:0]);
goto err;
/* 20010420 VRS. Tried it this way; failed.
- ** EVP_EncryptInit(&ciph_ctx,enc, NULL,NULL);
+ ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
** EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
** kssl_ctx->length);
- ** EVP_EncryptInit(&ciph_ctx,NULL, key,iv);
+ ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
*/
memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */
- EVP_EncryptInit(&ciph_ctx,enc, kssl_ctx->key,iv);
+ EVP_EncryptInit_ex(&ciph_ctx,enc, kssl_ctx->key,iv);
EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
SSL_MAX_MASTER_KEY_LENGTH);
- EVP_EncryptFinal(&ciph_ctx,&(epms[outl]),&padl);
+ EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
outl += padl;
EVP_CIPHER_CTX_cleanup(&ciph_ctx);
s->session->key_arg_length=0;
- EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+ EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
memset(&(exp_key[0]),0,sizeof(exp_key));
memset(&(exp_iv[0]),0,sizeof(exp_iv));
memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */
- if (!EVP_DecryptInit(&ciph_ctx,enc,kssl_ctx->key,iv))
+ if (!EVP_DecryptInit_ex(&ciph_ctx,enc,kssl_ctx->key,iv))
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DECRYPTION_FAILED);
SSL_R_DATA_LENGTH_TOO_LONG);
goto err;
}
- if (!EVP_DecryptFinal(&ciph_ctx,&(pms[outl]),&padl))
+ if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DECRYPTION_FAILED);
#ifdef KSSL_DEBUG
{
int i;
- printf("EVP_CipherInit(dd,c,key=,iv=,which)\n");
+ printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
printf("\n");
printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
}
#endif /* KSSL_DEBUG */
- EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+ EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
#ifdef TLS_DEBUG
printf("which = %04X\nkey=",which);
{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
projects / openssl.git / commitdiff