Algorithm parameter support.
authorDr. Stephen Henson <steve@openssl.org>
Mon, 5 Aug 2013 14:40:50 +0000 (15:40 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 5 Aug 2013 14:45:00 +0000 (15:45 +0100)
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.

crypto/ec/ec_ameth.c
crypto/evp/e_aes.c
crypto/evp/e_des3.c
crypto/evp/evp_lib.c

index ff0870d..d757fd6 100644 (file)
@@ -857,6 +857,8 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
                goto err;
        if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL))
                goto err;
+       if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0)
+               goto err;
 
        keylen = EVP_CIPHER_CTX_key_length(kekctx);
        if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0)
@@ -1003,7 +1005,17 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
        wrap_alg = X509_ALGOR_new();
        if (!wrap_alg)
                goto err;
-       X509_ALGOR_set0(wrap_alg, OBJ_nid2obj(wrap_nid), V_ASN1_UNDEF, NULL);
+       wrap_alg->algorithm = OBJ_nid2obj(wrap_nid);
+       wrap_alg->parameter = ASN1_TYPE_new();
+       if (!wrap_alg->parameter)
+               goto err;
+       if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0)
+               goto err;
+       if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef)
+               {
+               ASN1_TYPE_free(wrap_alg->parameter);
+               wrap_alg->parameter = NULL;
+               }
 
        if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0)
                goto err;
index fbf47ac..d1972a7 100644 (file)
@@ -1943,7 +1943,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
 #define WRAP_FLAGS     (EVP_CIPH_WRAP_MODE \
                | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
-               | EVP_CIPH_ALWAYS_CALL_INIT)
+               | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1)
 
 static const EVP_CIPHER aes_128_wrap = {
        NID_id_aes128_wrap,
index cfd49bb..dd44ac3 100644 (file)
@@ -468,7 +468,8 @@ static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static const EVP_CIPHER des3_wrap = {
        NID_id_smime_alg_CMS3DESwrap,
        8, 24, 0,
-       EVP_CIPH_WRAP_MODE|EVP_CIPH_CUSTOM_IV|EVP_CIPH_FLAG_CUSTOM_CIPHER,
+       EVP_CIPH_WRAP_MODE|EVP_CIPH_CUSTOM_IV|EVP_CIPH_FLAG_CUSTOM_CIPHER
+               |EVP_CIPH_FLAG_DEFAULT_ASN1,
        des_ede3_init_key, des_ede3_wrap_cipher,
        NULL,   
        sizeof(DES_EDE_KEY),
index b180e48..2a87570 100644 (file)
@@ -68,7 +68,15 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
        if (c->cipher->set_asn1_parameters != NULL)
                ret=c->cipher->set_asn1_parameters(c,type);
        else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
-               ret=EVP_CIPHER_set_asn1_iv(c, type);
+               {
+               if (EVP_CIPHER_CTX_mode(c) == EVP_CIPH_WRAP_MODE)
+                       {
+                       ASN1_TYPE_set(type, V_ASN1_NULL, NULL);
+                       ret = 1;
+                       }
+               else
+                       ret=EVP_CIPHER_set_asn1_iv(c, type);
+               }
        else
                ret=-1;
        return(ret);
@@ -81,7 +89,11 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
        if (c->cipher->get_asn1_parameters != NULL)
                ret=c->cipher->get_asn1_parameters(c,type);
        else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
+               {
+               if (EVP_CIPHER_CTX_mode(c) == EVP_CIPH_WRAP_MODE)
+                       return 1;
                ret=EVP_CIPHER_get_asn1_iv(c, type);
+               }
        else
                ret=-1;
        return(ret);