aboutsummaryrefslogtreecommitdiff
path: root/openssl/crypto/evp
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/crypto/evp')
-rw-r--r--openssl/crypto/evp/Makefile2
-rw-r--r--openssl/crypto/evp/digest.c7
-rw-r--r--openssl/crypto/evp/e_aes.c16
-rw-r--r--openssl/crypto/evp/e_aes_cbc_hmac_sha1.c5
-rw-r--r--openssl/crypto/evp/e_des3.c6
-rw-r--r--openssl/crypto/evp/p5_crpt2.c40
6 files changed, 54 insertions, 22 deletions
diff --git a/openssl/crypto/evp/Makefile b/openssl/crypto/evp/Makefile
index 1e46cebf5..5d0c6b7db 100644
--- a/openssl/crypto/evp/Makefile
+++ b/openssl/crypto/evp/Makefile
@@ -67,7 +67,7 @@ files:
links:
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
- [ ! -f $(TESTDATA) ] || cp $(TESTDATA) ../../test
+ @[ -f $(TESTDATA) ] && cp $(TESTDATA) ../../test && echo "$(TESTDATA) -> ../../test/$(TESTDATA)"
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
install:
diff --git a/openssl/crypto/evp/digest.c b/openssl/crypto/evp/digest.c
index 6fc469f9c..d14e8e48d 100644
--- a/openssl/crypto/evp/digest.c
+++ b/openssl/crypto/evp/digest.c
@@ -366,8 +366,11 @@ int EVP_Digest(const void *data, size_t count,
void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
{
- EVP_MD_CTX_cleanup(ctx);
- OPENSSL_free(ctx);
+ if (ctx)
+ {
+ EVP_MD_CTX_cleanup(ctx);
+ OPENSSL_free(ctx);
+ }
}
/* This call frees resources associated with the context */
diff --git a/openssl/crypto/evp/e_aes.c b/openssl/crypto/evp/e_aes.c
index 1bfb5d92b..c7869b69e 100644
--- a/openssl/crypto/evp/e_aes.c
+++ b/openssl/crypto/evp/e_aes.c
@@ -842,7 +842,10 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
gctx->ctr = NULL;
break;
}
+ else
#endif
+ (void)0; /* terminate potentially open 'else' */
+
AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt);
#ifdef AES_CTR_ASM
@@ -1083,14 +1086,17 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
xctx->xts.block1 = (block128_f)vpaes_decrypt;
}
- vpaes_set_encrypt_key(key + ctx->key_len/2,
+ vpaes_set_encrypt_key(key + ctx->key_len/2,
ctx->key_len * 4, &xctx->ks2);
- xctx->xts.block2 = (block128_f)vpaes_encrypt;
+ xctx->xts.block2 = (block128_f)vpaes_encrypt;
- xctx->xts.key1 = &xctx->ks1;
- break;
- }
+ xctx->xts.key1 = &xctx->ks1;
+ break;
+ }
+ else
#endif
+ (void)0; /* terminate potentially open 'else' */
+
if (enc)
{
AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
diff --git a/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c b/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
index 483e04b60..fb2c884a7 100644
--- a/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (res!=SHA_CBLOCK) continue;
- mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1));
+ /* j is not incremented yet */
+ mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1));
data->u[SHA_LBLOCK-1] |= bitlen&mask;
sha1_block_data_order(&key->md,data,1);
- mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1));
+ mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1));
pmac->u[0] |= key->md.h0 & mask;
pmac->u[1] |= key->md.h1 & mask;
pmac->u[2] |= key->md.h2 & mask;
diff --git a/openssl/crypto/evp/e_des3.c b/openssl/crypto/evp/e_des3.c
index 1e6997266..8d7b7de29 100644
--- a/openssl/crypto/evp/e_des3.c
+++ b/openssl/crypto/evp/e_des3.c
@@ -101,7 +101,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
- if (inl>=EVP_MAXCHUNK)
+ while (inl>=EVP_MAXCHUNK)
{
DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
&data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
@@ -132,7 +132,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
printf("\n");
}
#endif /* KSSL_DEBUG */
- if (inl>=EVP_MAXCHUNK)
+ while (inl>=EVP_MAXCHUNK)
{
DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
&data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
@@ -151,7 +151,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
- if (inl>=EVP_MAXCHUNK)
+ while (inl>=EVP_MAXCHUNK)
{
DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
&data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
diff --git a/openssl/crypto/evp/p5_crpt2.c b/openssl/crypto/evp/p5_crpt2.c
index 975d004df..fe3c6c881 100644
--- a/openssl/crypto/evp/p5_crpt2.c
+++ b/openssl/crypto/evp/p5_crpt2.c
@@ -85,19 +85,24 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
int cplen, j, k, tkeylen, mdlen;
unsigned long i = 1;
- HMAC_CTX hctx;
+ HMAC_CTX hctx_tpl, hctx;
mdlen = EVP_MD_size(digest);
if (mdlen < 0)
return 0;
- HMAC_CTX_init(&hctx);
+ HMAC_CTX_init(&hctx_tpl);
p = out;
tkeylen = keylen;
if(!pass)
passlen = 0;
else if(passlen == -1)
passlen = strlen(pass);
+ if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL))
+ {
+ HMAC_CTX_cleanup(&hctx_tpl);
+ return 0;
+ }
while(tkeylen)
{
if(tkeylen > mdlen)
@@ -111,19 +116,36 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
itmp[1] = (unsigned char)((i >> 16) & 0xff);
itmp[2] = (unsigned char)((i >> 8) & 0xff);
itmp[3] = (unsigned char)(i & 0xff);
- if (!HMAC_Init_ex(&hctx, pass, passlen, digest, NULL)
- || !HMAC_Update(&hctx, salt, saltlen)
- || !HMAC_Update(&hctx, itmp, 4)
- || !HMAC_Final(&hctx, digtmp, NULL))
+ if (!HMAC_CTX_copy(&hctx, &hctx_tpl))
{
+ HMAC_CTX_cleanup(&hctx_tpl);
+ return 0;
+ }
+ if (!HMAC_Update(&hctx, salt, saltlen)
+ || !HMAC_Update(&hctx, itmp, 4)
+ || !HMAC_Final(&hctx, digtmp, NULL))
+ {
+ HMAC_CTX_cleanup(&hctx_tpl);
HMAC_CTX_cleanup(&hctx);
return 0;
}
+ HMAC_CTX_cleanup(&hctx);
memcpy(p, digtmp, cplen);
for(j = 1; j < iter; j++)
{
- HMAC(digest, pass, passlen,
- digtmp, mdlen, digtmp, NULL);
+ if (!HMAC_CTX_copy(&hctx, &hctx_tpl))
+ {
+ HMAC_CTX_cleanup(&hctx_tpl);
+ return 0;
+ }
+ if (!HMAC_Update(&hctx, digtmp, mdlen)
+ || !HMAC_Final(&hctx, digtmp, NULL))
+ {
+ HMAC_CTX_cleanup(&hctx_tpl);
+ HMAC_CTX_cleanup(&hctx);
+ return 0;
+ }
+ HMAC_CTX_cleanup(&hctx);
for(k = 0; k < cplen; k++)
p[k] ^= digtmp[k];
}
@@ -131,7 +153,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
i++;
p+= cplen;
}
- HMAC_CTX_cleanup(&hctx);
+ HMAC_CTX_cleanup(&hctx_tpl);
#ifdef DEBUG_PKCS5V2
fprintf(stderr, "Password:\n");
h__dump (pass, passlen);