kris
/
boringssl
1
0
Forkuj 0
Kod Zgłoszenia 0 Oczekujące zmiany 0 Wydania 0 Wiki Aktywność
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.
3598 Commity
12 Gałęzie
38 MiB
 
 
 
 
 
 
Drzewo: 97db926cf7
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z '97db926cf7'
${ noResults }
boringssl/crypto/evp/evp_ctx.c

449 wiersze
13 KiB
Czysty Wina Historia 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.] */

  56. 

  57. #include <openssl/evp.h>

  58. 

  59. #include <string.h>

  60. 

  61. #include <openssl/err.h>

  62. #include <openssl/mem.h>

  63. 

  64. #include "internal.h"

  65. 

  66. 

  67. static const EVP_PKEY_METHOD *const evp_methods[] = {

  68.   &rsa_pkey_meth,

  69.   &ec_pkey_meth,

  70. };

  71. 

  72. static const EVP_PKEY_METHOD *evp_pkey_meth_find(int type) {

  73.   unsigned i;

  74. 

  75.   for (i = 0; i < sizeof(evp_methods)/sizeof(EVP_PKEY_METHOD*); i++) {

  76.     if (evp_methods[i]->pkey_id == type) {

  77.       return evp_methods[i];

  78.     }

  79.   }

  80. 

  81.   return NULL;

  82. }

  83. 

  84. static EVP_PKEY_CTX *evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) {

  85.   EVP_PKEY_CTX *ret;

  86.   const EVP_PKEY_METHOD *pmeth;

  87. 

  88.   if (id == -1) {

  89.     if (!pkey || !pkey->ameth) {

  90.       return NULL;

  91.     }

  92.     id = pkey->ameth->pkey_id;

  93.   }

  94. 

  95.   pmeth = evp_pkey_meth_find(id);

  96. 

  97.   if (pmeth == NULL) {

  98.     OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);

  99.     ERR_add_error_dataf("algorithm %d", id);

  100.     return NULL;

  101.   }

  102. 

  103.   ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX));

  104.   if (!ret) {

  105.     OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);

  106.     return NULL;

  107.   }

  108.   memset(ret, 0, sizeof(EVP_PKEY_CTX));

  109. 

  110.   ret->engine = e;

  111.   ret->pmeth = pmeth;

  112.   ret->operation = EVP_PKEY_OP_UNDEFINED;

  113. 

  114.   if (pkey) {

  115.     EVP_PKEY_up_ref(pkey);

  116.     ret->pkey = pkey;

  117.   }

  118. 

  119.   if (pmeth->init) {

  120.     if (pmeth->init(ret) <= 0) {

  121.       EVP_PKEY_free(ret->pkey);

  122.       OPENSSL_free(ret);

  123.       return NULL;

  124.     }

  125.   }

  126. 

  127.   return ret;

  128. }

  129. 

  130. EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e) {

  131.   return evp_pkey_ctx_new(pkey, e, -1);

  132. }

  133. 

  134. EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e) {

  135.   return evp_pkey_ctx_new(NULL, e, id);

  136. }

  137. 

  138. void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) {

  139.   if (ctx == NULL) {

  140.     return;

  141.   }

  142.   if (ctx->pmeth && ctx->pmeth->cleanup) {

  143.     ctx->pmeth->cleanup(ctx);

  144.   }

  145.   EVP_PKEY_free(ctx->pkey);

  146.   EVP_PKEY_free(ctx->peerkey);

  147.   OPENSSL_free(ctx);

  148. }

  149. 

  150. EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) {

  151.   EVP_PKEY_CTX *rctx;

  152. 

  153.   if (!pctx->pmeth || !pctx->pmeth->copy) {

  154.     return NULL;

  155.   }

  156. 

  157.   rctx = OPENSSL_malloc(sizeof(EVP_PKEY_CTX));

  158.   if (!rctx) {

  159.     return NULL;

  160.   }

  161. 

  162.   memset(rctx, 0, sizeof(EVP_PKEY_CTX));

  163. 

  164.   rctx->pmeth = pctx->pmeth;

  165.   rctx->engine = pctx->engine;

  166.   rctx->operation = pctx->operation;

  167. 

  168.   if (pctx->pkey) {

  169.     EVP_PKEY_up_ref(pctx->pkey);

  170.     rctx->pkey = pctx->pkey;

  171.     if (rctx->pkey == NULL) {

  172.       goto err;

  173.     }

  174.   }

  175. 

  176.   if (pctx->peerkey) {

  177.     EVP_PKEY_up_ref(pctx->peerkey);

  178.     rctx->peerkey = pctx->peerkey;

  179.     if (rctx->peerkey == NULL) {

  180.       goto err;

  181.     }

  182.   }

  183. 

  184.   if (pctx->pmeth->copy(rctx, pctx) > 0) {

  185.     return rctx;

  186.   }

  187. 

  188. err:

  189.   EVP_PKEY_CTX_free(rctx);

  190.   OPENSSL_PUT_ERROR(EVP, ERR_LIB_EVP);

  191.   return NULL;

  192. }

  193. 

  194. EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx) { return ctx->pkey; }

  195. 

  196. int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd,

  197.                       int p1, void *p2) {

  198.   if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) {

  199.     OPENSSL_PUT_ERROR(EVP, EVP_R_COMMAND_NOT_SUPPORTED);

  200.     return 0;

  201.   }

  202.   if (keytype != -1 && ctx->pmeth->pkey_id != keytype) {

  203.     return 0;

  204.   }

  205. 

  206.   if (ctx->operation == EVP_PKEY_OP_UNDEFINED) {

  207.     OPENSSL_PUT_ERROR(EVP, EVP_R_NO_OPERATION_SET);

  208.     return 0;

  209.   }

  210. 

  211.   if (optype != -1 && !(ctx->operation & optype)) {

  212.     OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_OPERATION);

  213.     return 0;

  214.   }

  215. 

  216.   return ctx->pmeth->ctrl(ctx, cmd, p1, p2);

  217. }

  218. 

  219. int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx) {

  220.   if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) {

  221.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  222.     return 0;

  223.   }

  224. 

  225.   ctx->operation = EVP_PKEY_OP_SIGN;

  226.   return 1;

  227. }

  228. 

  229. int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *sig_len,

  230.                   const uint8_t *data, size_t data_len) {

  231.   if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) {

  232.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  233.     return 0;

  234.   }

  235.   if (ctx->operation != EVP_PKEY_OP_SIGN) {

  236.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATON_NOT_INITIALIZED);

  237.     return 0;

  238.   }

  239.   return ctx->pmeth->sign(ctx, sig, sig_len, data, data_len);

  240. }

  241. 

  242. int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx) {

  243.   if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) {

  244.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  245.     return 0;

  246.   }

  247.   ctx->operation = EVP_PKEY_OP_VERIFY;

  248.   return 1;

  249. }

  250. 

  251. int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t sig_len,

  252.                     const uint8_t *data, size_t data_len) {

  253.   if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) {

  254.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  255.     return 0;

  256.   }

  257.   if (ctx->operation != EVP_PKEY_OP_VERIFY) {

  258.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATON_NOT_INITIALIZED);

  259.     return 0;

  260.   }

  261.   return ctx->pmeth->verify(ctx, sig, sig_len, data, data_len);

  262. }

  263. 

  264. int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx) {

  265.   if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) {

  266.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  267.     return 0;

  268.   }

  269.   ctx->operation = EVP_PKEY_OP_ENCRYPT;

  270.   return 1;

  271. }

  272. 

  273. int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen,

  274.                      const uint8_t *in, size_t inlen) {

  275.   if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) {

  276.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  277.     return 0;

  278.   }

  279.   if (ctx->operation != EVP_PKEY_OP_ENCRYPT) {

  280.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATON_NOT_INITIALIZED);

  281.     return 0;

  282.   }

  283.   return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen);

  284. }

  285. 

  286. int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx) {

  287.   if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) {

  288.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  289.     return 0;

  290.   }

  291.   ctx->operation = EVP_PKEY_OP_DECRYPT;

  292.   return 1;

  293. }

  294. 

  295. int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen,

  296.                      const uint8_t *in, size_t inlen) {

  297.   if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) {

  298.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  299.     return 0;

  300.   }

  301.   if (ctx->operation != EVP_PKEY_OP_DECRYPT) {

  302.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATON_NOT_INITIALIZED);

  303.     return 0;

  304.   }

  305.   return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);

  306. }

  307. 

  308. int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx) {

  309.   if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) {

  310.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  311.     return 0;

  312.   }

  313.   ctx->operation = EVP_PKEY_OP_VERIFYRECOVER;

  314.   return 1;

  315. }

  316. 

  317. int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *out_len,

  318.                             const uint8_t *sig, size_t sig_len) {

  319.   if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) {

  320.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  321.     return 0;

  322.   }

  323.   if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {

  324.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATON_NOT_INITIALIZED);

  325.     return 0;

  326.   }

  327.   return ctx->pmeth->verify_recover(ctx, out, out_len, sig, sig_len);

  328. }

  329. 

  330. int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) {

  331.   if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {

  332.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  333.     return 0;

  334.   }

  335.   ctx->operation = EVP_PKEY_OP_DERIVE;

  336.   return 1;

  337. }

  338. 

  339. int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) {

  340.   int ret;

  341.   if (!ctx || !ctx->pmeth ||

  342.       !(ctx->pmeth->derive || ctx->pmeth->encrypt || ctx->pmeth->decrypt) ||

  343.       !ctx->pmeth->ctrl) {

  344.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  345.     return 0;

  346.   }

  347.   if (ctx->operation != EVP_PKEY_OP_DERIVE &&

  348.       ctx->operation != EVP_PKEY_OP_ENCRYPT &&

  349.       ctx->operation != EVP_PKEY_OP_DECRYPT) {

  350.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATON_NOT_INITIALIZED);

  351.     return 0;

  352.   }

  353. 

  354.   ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);

  355. 

  356.   if (ret <= 0) {

  357.     return 0;

  358.   }

  359. 

  360.   if (ret == 2) {

  361.     return 1;

  362.   }

  363. 

  364.   if (!ctx->pkey) {

  365.     OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET);

  366.     return 0;

  367.   }

  368. 

  369.   if (ctx->pkey->type != peer->type) {

  370.     OPENSSL_PUT_ERROR(EVP, EVP_R_DIFFERENT_KEY_TYPES);

  371.     return 0;

  372.   }

  373. 

  374.   /* ran@cryptocom.ru: For clarity.  The error is if parameters in peer are

  375.    * present (!missing) but don't match.  EVP_PKEY_cmp_parameters may return

  376.    * 1 (match), 0 (don't match) and -2 (comparison is not defined).  -1

  377.    * (different key types) is impossible here because it is checked earlier.

  378.    * -2 is OK for us here, as well as 1, so we can check for 0 only. */

  379.   if (!EVP_PKEY_missing_parameters(peer) &&

  380.       !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) {

  381.     OPENSSL_PUT_ERROR(EVP, EVP_R_DIFFERENT_PARAMETERS);

  382.     return 0;

  383.   }

  384. 

  385.   EVP_PKEY_free(ctx->peerkey);

  386.   ctx->peerkey = peer;

  387. 

  388.   ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);

  389. 

  390.   if (ret <= 0) {

  391.     ctx->peerkey = NULL;

  392.     return 0;

  393.   }

  394. 

  395.   EVP_PKEY_up_ref(peer);

  396.   return 1;

  397. }

  398. 

  399. int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, uint8_t *key, size_t *out_key_len) {

  400.   if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {

  401.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  402.     return 0;

  403.   }

  404.   if (ctx->operation != EVP_PKEY_OP_DERIVE) {

  405.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATON_NOT_INITIALIZED);

  406.     return 0;

  407.   }

  408.   return ctx->pmeth->derive(ctx, key, out_key_len);

  409. }

  410. 

  411. int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx) {

  412.   if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) {

  413.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  414.     return 0;

  415.   }

  416.   ctx->operation = EVP_PKEY_OP_KEYGEN;

  417.   return 1;

  418. }

  419. 

  420. int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) {

  421.   if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) {

  422.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  423.     return 0;

  424.   }

  425.   if (ctx->operation != EVP_PKEY_OP_KEYGEN) {

  426.     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATON_NOT_INITIALIZED);

  427.     return 0;

  428.   }

  429. 

  430.   if (!ppkey) {

  431.     return 0;

  432.   }

  433. 

  434.   if (!*ppkey) {

  435.     *ppkey = EVP_PKEY_new();

  436.     if (!*ppkey) {

  437.       OPENSSL_PUT_ERROR(EVP, ERR_LIB_EVP);

  438.       return 0;

  439.     }

  440.   }

  441. 

  442.   if (!ctx->pmeth->keygen(ctx, *ppkey)) {

  443.     EVP_PKEY_free(*ppkey);

  444.     *ppkey = NULL;

  445.     return 0;

  446.   }

  447.   return 1;

  448. }