449 lines
13 KiB
Diff
449 lines
13 KiB
Diff
@@ -, +, @@
|
|
---
|
|
src/tcs/crypto/openssl/crypto.c | 15 ++++++---
|
|
src/trspi/crypto/openssl/hash.c | 17 ++++++----
|
|
src/trspi/crypto/openssl/rsa.c | 64 ++++++++++++++++++++++++++++++-----
|
|
src/trspi/crypto/openssl/symmetric.c | 65 +++++++++++++++++++++---------------
|
|
4 files changed, 115 insertions(+), 46 deletions(-)
|
|
--- a/src/tcs/crypto/openssl/crypto.c
|
|
+++ a/src/tcs/crypto/openssl/crypto.c
|
|
@@ -31,13 +31,17 @@
|
|
TSS_RESULT
|
|
Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
|
|
{
|
|
- EVP_MD_CTX md_ctx;
|
|
+ EVP_MD_CTX *md_ctx;
|
|
unsigned int result_size;
|
|
int rv;
|
|
|
|
+ md_ctx = EVP_MD_CTX_new();
|
|
+ if (md_ctx == NULL)
|
|
+ return TSPERR(TSS_E_OUTOFMEMORY);
|
|
+
|
|
switch (HashType) {
|
|
case TSS_HASH_SHA1:
|
|
- rv = EVP_DigestInit(&md_ctx, EVP_sha1());
|
|
+ rv = EVP_DigestInit(md_ctx, EVP_sha1());
|
|
break;
|
|
default:
|
|
rv = TCSERR(TSS_E_BAD_PARAMETER);
|
|
@@ -50,19 +54,20 @@ Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
|
|
goto out;
|
|
}
|
|
|
|
- rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize);
|
|
+ rv = EVP_DigestUpdate(md_ctx, Buf, BufSize);
|
|
if (rv != EVP_SUCCESS) {
|
|
rv = TCSERR(TSS_E_INTERNAL_ERROR);
|
|
goto out;
|
|
}
|
|
|
|
- result_size = EVP_MD_CTX_size(&md_ctx);
|
|
- rv = EVP_DigestFinal(&md_ctx, Digest, &result_size);
|
|
+ result_size = EVP_MD_CTX_size(md_ctx);
|
|
+ rv = EVP_DigestFinal(md_ctx, Digest, &result_size);
|
|
if (rv != EVP_SUCCESS) {
|
|
rv = TCSERR(TSS_E_INTERNAL_ERROR);
|
|
} else
|
|
rv = TSS_SUCCESS;
|
|
|
|
out:
|
|
+ EVP_MD_CTX_free(md_ctx);
|
|
return rv;
|
|
}
|
|
--- a/src/trspi/crypto/openssl/hash.c
|
|
+++ a/src/trspi/crypto/openssl/hash.c
|
|
@@ -56,13 +56,17 @@ int MGF1(unsigned char *, long, const unsigned char *, long);
|
|
TSS_RESULT
|
|
Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
|
|
{
|
|
- EVP_MD_CTX md_ctx;
|
|
+ EVP_MD_CTX *md_ctx;
|
|
unsigned int result_size;
|
|
int rv;
|
|
|
|
+ md_ctx = EVP_MD_CTX_new();
|
|
+ if (md_ctx == NULL)
|
|
+ return TSPERR(TSS_E_OUTOFMEMORY);
|
|
+
|
|
switch (HashType) {
|
|
case TSS_HASH_SHA1:
|
|
- rv = EVP_DigestInit(&md_ctx, EVP_sha1());
|
|
+ rv = EVP_DigestInit(md_ctx, EVP_sha1());
|
|
break;
|
|
default:
|
|
rv = TSPERR(TSS_E_BAD_PARAMETER);
|
|
@@ -75,14 +79,14 @@ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
|
|
goto err;
|
|
}
|
|
|
|
- rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize);
|
|
+ rv = EVP_DigestUpdate(md_ctx, Buf, BufSize);
|
|
if (rv != EVP_SUCCESS) {
|
|
rv = TSPERR(TSS_E_INTERNAL_ERROR);
|
|
goto err;
|
|
}
|
|
|
|
- result_size = EVP_MD_CTX_size(&md_ctx);
|
|
- rv = EVP_DigestFinal(&md_ctx, Digest, &result_size);
|
|
+ result_size = EVP_MD_CTX_size(md_ctx);
|
|
+ rv = EVP_DigestFinal(md_ctx, Digest, &result_size);
|
|
if (rv != EVP_SUCCESS) {
|
|
rv = TSPERR(TSS_E_INTERNAL_ERROR);
|
|
goto err;
|
|
@@ -94,6 +98,7 @@ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
|
|
err:
|
|
DEBUG_print_openssl_errors();
|
|
out:
|
|
+ EVP_MD_CTX_free(md_ctx);
|
|
return rv;
|
|
}
|
|
|
|
@@ -112,7 +117,7 @@ Trspi_HashInit(Trspi_HashCtx *ctx, UINT32 HashType)
|
|
break;
|
|
}
|
|
|
|
- if ((ctx->ctx = malloc(sizeof(EVP_MD_CTX))) == NULL)
|
|
+ if ((ctx->ctx = EVP_MD_CTX_new()) == NULL)
|
|
return TSPERR(TSS_E_OUTOFMEMORY);
|
|
|
|
rv = EVP_DigestInit((EVP_MD_CTX *)ctx->ctx, (const EVP_MD *)md);
|
|
--- a/src/trspi/crypto/openssl/rsa.c
|
|
+++ a/src/trspi/crypto/openssl/rsa.c
|
|
@@ -38,6 +38,25 @@
|
|
#define DEBUG_print_openssl_errors()
|
|
#endif
|
|
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100001L
|
|
+static int
|
|
+RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
|
|
+{
|
|
+ if (n != NULL) {
|
|
+ BN_free(r->n);
|
|
+ r->n = n;
|
|
+ }
|
|
+ if (e != NULL) {
|
|
+ BN_free(r->e);
|
|
+ r->e = e;
|
|
+ }
|
|
+ if (d != NULL) {
|
|
+ BN_free(r->d);
|
|
+ r->d = d;
|
|
+ }
|
|
+ return 1;
|
|
+}
|
|
+#endif
|
|
|
|
/*
|
|
* Hopefully this will make the code clearer since
|
|
@@ -61,6 +80,7 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */
|
|
RSA *rsa = RSA_new();
|
|
BYTE encodedData[256];
|
|
int encodedDataLen;
|
|
+ BIGNUM *rsa_n = NULL, *rsa_e = NULL;
|
|
|
|
if (rsa == NULL) {
|
|
rv = TSPERR(TSS_E_OUTOFMEMORY);
|
|
@@ -68,12 +88,20 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */
|
|
}
|
|
|
|
/* set the public key value in the OpenSSL object */
|
|
- rsa->n = BN_bin2bn(publicKey, keysize, rsa->n);
|
|
+ rsa_n = BN_bin2bn(publicKey, keysize, NULL);
|
|
/* set the public exponent */
|
|
- rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e);
|
|
+ rsa_e = BN_bin2bn(exp, sizeof(exp), NULL);
|
|
|
|
- if (rsa->n == NULL || rsa->e == NULL) {
|
|
+ if (rsa_n == NULL || rsa_e == NULL) {
|
|
rv = TSPERR(TSS_E_OUTOFMEMORY);
|
|
+ BN_free(rsa_n);
|
|
+ BN_free(rsa_e);
|
|
+ goto err;
|
|
+ }
|
|
+ if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
|
|
+ rv = TSPERR(TSS_E_FAIL);
|
|
+ BN_free(rsa_n);
|
|
+ BN_free(rsa_e);
|
|
goto err;
|
|
}
|
|
|
|
@@ -123,6 +151,7 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength,
|
|
unsigned char exp[] = { 0x01, 0x00, 0x01 }; /* The default public exponent for the TPM */
|
|
unsigned char buf[256];
|
|
RSA *rsa = RSA_new();
|
|
+ BIGNUM *rsa_n = NULL, *rsa_e = NULL;
|
|
|
|
if (rsa == NULL) {
|
|
rv = TSPERR(TSS_E_OUTOFMEMORY);
|
|
@@ -146,12 +175,20 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength,
|
|
}
|
|
|
|
/* set the public key value in the OpenSSL object */
|
|
- rsa->n = BN_bin2bn(pModulus, iKeyLength, rsa->n);
|
|
+ rsa_n = BN_bin2bn(pModulus, iKeyLength, NULL);
|
|
/* set the public exponent */
|
|
- rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e);
|
|
+ rsa_e = BN_bin2bn(exp, sizeof(exp), NULL);
|
|
|
|
- if (rsa->n == NULL || rsa->e == NULL) {
|
|
+ if (rsa_n == NULL || rsa_e == NULL) {
|
|
rv = TSPERR(TSS_E_OUTOFMEMORY);
|
|
+ BN_free(rsa_n);
|
|
+ BN_free(rsa_e);
|
|
+ goto err;
|
|
+ }
|
|
+ if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
|
|
+ rv = TSPERR(TSS_E_FAIL);
|
|
+ BN_free(rsa_n);
|
|
+ BN_free(rsa_e);
|
|
goto err;
|
|
}
|
|
|
|
@@ -195,6 +232,7 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen,
|
|
int rv, e_size = 3;
|
|
unsigned char exp[] = { 0x01, 0x00, 0x01 };
|
|
RSA *rsa = RSA_new();
|
|
+ BIGNUM *rsa_n = NULL, *rsa_e = NULL;
|
|
|
|
if (rsa == NULL) {
|
|
rv = TSPERR(TSS_E_OUTOFMEMORY);
|
|
@@ -237,12 +275,20 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen,
|
|
}
|
|
|
|
/* set the public key value in the OpenSSL object */
|
|
- rsa->n = BN_bin2bn(pubkey, pubsize, rsa->n);
|
|
+ rsa_n = BN_bin2bn(pubkey, pubsize, NULL);
|
|
/* set the public exponent */
|
|
- rsa->e = BN_bin2bn(exp, e_size, rsa->e);
|
|
+ rsa_e = BN_bin2bn(exp, e_size, NULL);
|
|
|
|
- if (rsa->n == NULL || rsa->e == NULL) {
|
|
+ if (rsa_n == NULL || rsa_e == NULL) {
|
|
rv = TSPERR(TSS_E_OUTOFMEMORY);
|
|
+ BN_free(rsa_n);
|
|
+ BN_free(rsa_e);
|
|
+ goto err;
|
|
+ }
|
|
+ if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
|
|
+ rv = TSPERR(TSS_E_FAIL);
|
|
+ BN_free(rsa_n);
|
|
+ BN_free(rsa_e);
|
|
goto err;
|
|
}
|
|
|
|
--- a/src/trspi/crypto/openssl/symmetric.c
|
|
+++ a/src/trspi/crypto/openssl/symmetric.c
|
|
@@ -52,7 +52,7 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
|
|
UINT32 *out_len)
|
|
{
|
|
TSS_RESULT result = TSS_SUCCESS;
|
|
- EVP_CIPHER_CTX ctx;
|
|
+ EVP_CIPHER_CTX *ctx = NULL;
|
|
UINT32 tmp;
|
|
|
|
switch (alg) {
|
|
@@ -64,33 +64,37 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
|
|
break;
|
|
}
|
|
|
|
- EVP_CIPHER_CTX_init(&ctx);
|
|
+ ctx = EVP_CIPHER_CTX_new();
|
|
+ if (ctx == NULL) {
|
|
+ result = TSPERR(TSS_E_OUTOFMEMORY);
|
|
+ goto done;
|
|
+ }
|
|
|
|
- if (!EVP_EncryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) {
|
|
+ if (!EVP_EncryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) {
|
|
result = TSPERR(TSS_E_INTERNAL_ERROR);
|
|
DEBUG_print_openssl_errors();
|
|
goto done;
|
|
}
|
|
|
|
- if (*out_len < in_len + EVP_CIPHER_CTX_block_size(&ctx) - 1) {
|
|
+ if (*out_len < in_len + EVP_CIPHER_CTX_block_size(ctx) - 1) {
|
|
result = TSPERR(TSS_E_INTERNAL_ERROR);
|
|
goto done;
|
|
}
|
|
|
|
- if (!EVP_EncryptUpdate(&ctx, out, (int *)out_len, in, in_len)) {
|
|
+ if (!EVP_EncryptUpdate(ctx, out, (int *)out_len, in, in_len)) {
|
|
result = TSPERR(TSS_E_INTERNAL_ERROR);
|
|
DEBUG_print_openssl_errors();
|
|
goto done;
|
|
}
|
|
|
|
- if (!EVP_EncryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
|
|
+ if (!EVP_EncryptFinal(ctx, out + *out_len, (int *)&tmp)) {
|
|
result = TSPERR(TSS_E_INTERNAL_ERROR);
|
|
DEBUG_print_openssl_errors();
|
|
goto done;
|
|
}
|
|
*out_len += tmp;
|
|
done:
|
|
- EVP_CIPHER_CTX_cleanup(&ctx);
|
|
+ EVP_CIPHER_CTX_free(ctx);
|
|
return result;
|
|
}
|
|
|
|
@@ -99,7 +103,7 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
|
|
UINT32 *out_len)
|
|
{
|
|
TSS_RESULT result = TSS_SUCCESS;
|
|
- EVP_CIPHER_CTX ctx;
|
|
+ EVP_CIPHER_CTX *ctx = NULL;
|
|
UINT32 tmp;
|
|
|
|
switch (alg) {
|
|
@@ -111,28 +115,32 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
|
|
break;
|
|
}
|
|
|
|
- EVP_CIPHER_CTX_init(&ctx);
|
|
+ ctx = EVP_CIPHER_CTX_new();
|
|
+ if (ctx == NULL) {
|
|
+ result = TSPERR(TSS_E_OUTOFMEMORY);
|
|
+ goto done;
|
|
+ }
|
|
|
|
- if (!EVP_DecryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) {
|
|
+ if (!EVP_DecryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) {
|
|
result = TSPERR(TSS_E_INTERNAL_ERROR);
|
|
DEBUG_print_openssl_errors();
|
|
goto done;
|
|
}
|
|
|
|
- if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, in, in_len)) {
|
|
+ if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, in, in_len)) {
|
|
result = TSPERR(TSS_E_INTERNAL_ERROR);
|
|
DEBUG_print_openssl_errors();
|
|
goto done;
|
|
}
|
|
|
|
- if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
|
|
+ if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) {
|
|
result = TSPERR(TSS_E_INTERNAL_ERROR);
|
|
DEBUG_print_openssl_errors();
|
|
goto done;
|
|
}
|
|
*out_len += tmp;
|
|
done:
|
|
- EVP_CIPHER_CTX_cleanup(&ctx);
|
|
+ EVP_CIPHER_CTX_free(ctx);
|
|
return result;
|
|
}
|
|
|
|
@@ -255,7 +263,7 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
|
|
UINT32 *out_len)
|
|
{
|
|
TSS_RESULT result = TSS_SUCCESS;
|
|
- EVP_CIPHER_CTX ctx;
|
|
+ EVP_CIPHER_CTX *ctx;
|
|
EVP_CIPHER *cipher;
|
|
BYTE *def_iv = NULL, *outiv_ptr;
|
|
UINT32 tmp;
|
|
@@ -269,7 +277,9 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
|
|
if ((cipher = get_openssl_cipher(alg, mode)) == NULL)
|
|
return TSPERR(TSS_E_INTERNAL_ERROR);
|
|
|
|
- EVP_CIPHER_CTX_init(&ctx);
|
|
+ ctx = EVP_CIPHER_CTX_new();
|
|
+ if (ctx == NULL)
|
|
+ return TSPERR(TSS_E_OUTOFMEMORY);
|
|
|
|
/* If the iv passed in is NULL, create a new random iv and prepend it to the ciphertext */
|
|
iv_len = EVP_CIPHER_iv_length(cipher);
|
|
@@ -289,25 +299,25 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
|
|
outiv_ptr = out;
|
|
}
|
|
|
|
- if (!EVP_EncryptInit(&ctx, (const EVP_CIPHER *)cipher, key, def_iv)) {
|
|
+ if (!EVP_EncryptInit(ctx, (const EVP_CIPHER *)cipher, key, def_iv)) {
|
|
result = TSPERR(TSS_E_INTERNAL_ERROR);
|
|
DEBUG_print_openssl_errors();
|
|
goto done;
|
|
}
|
|
|
|
- if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(&ctx) * 2) - 1) {
|
|
+ if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(ctx) * 2) - 1) {
|
|
LogDebug("Not enough space to do symmetric encryption");
|
|
result = TSPERR(TSS_E_INTERNAL_ERROR);
|
|
goto done;
|
|
}
|
|
|
|
- if (!EVP_EncryptUpdate(&ctx, outiv_ptr, &outiv_len, in, in_len)) {
|
|
+ if (!EVP_EncryptUpdate(ctx, outiv_ptr, &outiv_len, in, in_len)) {
|
|
result = TSPERR(TSS_E_INTERNAL_ERROR);
|
|
DEBUG_print_openssl_errors();
|
|
goto done;
|
|
}
|
|
|
|
- if (!EVP_EncryptFinal(&ctx, outiv_ptr + outiv_len, (int *)&tmp)) {
|
|
+ if (!EVP_EncryptFinal(ctx, outiv_ptr + outiv_len, (int *)&tmp)) {
|
|
result = TSPERR(TSS_E_INTERNAL_ERROR);
|
|
DEBUG_print_openssl_errors();
|
|
goto done;
|
|
@@ -320,7 +330,7 @@ done:
|
|
*out_len += iv_len;
|
|
free(def_iv);
|
|
}
|
|
- EVP_CIPHER_CTX_cleanup(&ctx);
|
|
+ EVP_CIPHER_CTX_free(ctx);
|
|
return result;
|
|
}
|
|
|
|
@@ -329,7 +339,7 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
|
|
UINT32 *out_len)
|
|
{
|
|
TSS_RESULT result = TSS_SUCCESS;
|
|
- EVP_CIPHER_CTX ctx;
|
|
+ EVP_CIPHER_CTX *ctx = NULL;
|
|
EVP_CIPHER *cipher;
|
|
BYTE *def_iv = NULL, *iniv_ptr;
|
|
UINT32 tmp;
|
|
@@ -341,7 +351,10 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
|
|
if ((cipher = get_openssl_cipher(alg, mode)) == NULL)
|
|
return TSPERR(TSS_E_INTERNAL_ERROR);
|
|
|
|
- EVP_CIPHER_CTX_init(&ctx);
|
|
+ ctx = EVP_CIPHER_CTX_new();
|
|
+ if (ctx == NULL) {
|
|
+ return TSPERR(TSS_E_OUTOFMEMORY);
|
|
+ }
|
|
|
|
/* If the iv is NULL, assume that its prepended to the ciphertext */
|
|
if (iv == NULL) {
|
|
@@ -361,19 +374,19 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
|
|
iniv_len = in_len;
|
|
}
|
|
|
|
- if (!EVP_DecryptInit(&ctx, cipher, key, def_iv)) {
|
|
+ if (!EVP_DecryptInit(ctx, cipher, key, def_iv)) {
|
|
result = TSPERR(TSS_E_INTERNAL_ERROR);
|
|
DEBUG_print_openssl_errors();
|
|
goto done;
|
|
}
|
|
|
|
- if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, iniv_ptr, iniv_len)) {
|
|
+ if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, iniv_ptr, iniv_len)) {
|
|
result = TSPERR(TSS_E_INTERNAL_ERROR);
|
|
DEBUG_print_openssl_errors();
|
|
goto done;
|
|
}
|
|
|
|
- if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
|
|
+ if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) {
|
|
result = TSPERR(TSS_E_INTERNAL_ERROR);
|
|
DEBUG_print_openssl_errors();
|
|
goto done;
|
|
@@ -383,6 +396,6 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
|
|
done:
|
|
if (def_iv != iv)
|
|
free(def_iv);
|
|
- EVP_CIPHER_CTX_cleanup(&ctx);
|
|
+ EVP_CIPHER_CTX_free(ctx);
|
|
return result;
|
|
}
|
|
--
|