@@ -, +, @@
---
src/tcs/crypto/openssl/crypto.c | 15 ++++++---
src/trspi/crypto/openssl/hash.c | 17 ++++++----
src/trspi/crypto/openssl/rsa.c | 64 ++++++++++++++++++++++++++++++-----
src/trspi/crypto/openssl/symmetric.c | 65 +++++++++++++++++++++---------------
4 files changed, 115 insertions(+), 46 deletions(-)
--- a/src/tcs/crypto/openssl/crypto.c
+++ a/src/tcs/crypto/openssl/crypto.c
@@ -31,13 +31,17 @@
TSS_RESULT
Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
{
- EVP_MD_CTX md_ctx;
+ EVP_MD_CTX *md_ctx;
unsigned int result_size;
int rv;
+ md_ctx = EVP_MD_CTX_new();
+ if (md_ctx == NULL)
+ return TSPERR(TSS_E_OUTOFMEMORY);
+
switch (HashType) {
case TSS_HASH_SHA1:
- rv = EVP_DigestInit(&md_ctx, EVP_sha1());
+ rv = EVP_DigestInit(md_ctx, EVP_sha1());
break;
default:
rv = TCSERR(TSS_E_BAD_PARAMETER);
@@ -50,19 +54,20 @@ Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
goto out;
}
- rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize);
+ rv = EVP_DigestUpdate(md_ctx, Buf, BufSize);
if (rv != EVP_SUCCESS) {
rv = TCSERR(TSS_E_INTERNAL_ERROR);
goto out;
}
- result_size = EVP_MD_CTX_size(&md_ctx);
- rv = EVP_DigestFinal(&md_ctx, Digest, &result_size);
+ result_size = EVP_MD_CTX_size(md_ctx);
+ rv = EVP_DigestFinal(md_ctx, Digest, &result_size);
if (rv != EVP_SUCCESS) {
rv = TCSERR(TSS_E_INTERNAL_ERROR);
} else
rv = TSS_SUCCESS;
out:
+ EVP_MD_CTX_free(md_ctx);
return rv;
}
--- a/src/trspi/crypto/openssl/hash.c
+++ a/src/trspi/crypto/openssl/hash.c
@@ -56,13 +56,17 @@ int MGF1(unsigned char *, long, const unsigned char *, long);
TSS_RESULT
Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
{
- EVP_MD_CTX md_ctx;
+ EVP_MD_CTX *md_ctx;
unsigned int result_size;
int rv;
+ md_ctx = EVP_MD_CTX_new();
+ if (md_ctx == NULL)
+ return TSPERR(TSS_E_OUTOFMEMORY);
+
switch (HashType) {
case TSS_HASH_SHA1:
- rv = EVP_DigestInit(&md_ctx, EVP_sha1());
+ rv = EVP_DigestInit(md_ctx, EVP_sha1());
break;
default:
rv = TSPERR(TSS_E_BAD_PARAMETER);
@@ -75,14 +79,14 @@ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
goto err;
}
- rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize);
+ rv = EVP_DigestUpdate(md_ctx, Buf, BufSize);
if (rv != EVP_SUCCESS) {
rv = TSPERR(TSS_E_INTERNAL_ERROR);
goto err;
}
- result_size = EVP_MD_CTX_size(&md_ctx);
- rv = EVP_DigestFinal(&md_ctx, Digest, &result_size);
+ result_size = EVP_MD_CTX_size(md_ctx);
+ rv = EVP_DigestFinal(md_ctx, Digest, &result_size);
if (rv != EVP_SUCCESS) {
rv = TSPERR(TSS_E_INTERNAL_ERROR);
goto err;
@@ -94,6 +98,7 @@ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
err:
DEBUG_print_openssl_errors();
out:
+ EVP_MD_CTX_free(md_ctx);
return rv;
}
@@ -112,7 +117,7 @@ Trspi_HashInit(Trspi_HashCtx *ctx, UINT32 HashType)
break;
}
- if ((ctx->ctx = malloc(sizeof(EVP_MD_CTX))) == NULL)
+ if ((ctx->ctx = EVP_MD_CTX_new()) == NULL)
return TSPERR(TSS_E_OUTOFMEMORY);
rv = EVP_DigestInit((EVP_MD_CTX *)ctx->ctx, (const EVP_MD *)md);
--- a/src/trspi/crypto/openssl/rsa.c
+++ a/src/trspi/crypto/openssl/rsa.c
@@ -38,6 +38,25 @@
#define DEBUG_print_openssl_errors()
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100001L
+static int
+RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
+{
+ if (n != NULL) {
+ BN_free(r->n);
+ r->n = n;
+ }
+ if (e != NULL) {
+ BN_free(r->e);
+ r->e = e;
+ }
+ if (d != NULL) {
+ BN_free(r->d);
+ r->d = d;
+ }
+ return 1;
+}
+#endif
/*
* Hopefully this will make the code clearer since
@@ -61,6 +80,7 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */
RSA *rsa = RSA_new();
BYTE encodedData[256];
int encodedDataLen;
+ BIGNUM *rsa_n = NULL, *rsa_e = NULL;
if (rsa == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
@@ -68,12 +88,20 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */
}
/* set the public key value in the OpenSSL object */
- rsa->n = BN_bin2bn(publicKey, keysize, rsa->n);
+ rsa_n = BN_bin2bn(publicKey, keysize, NULL);
/* set the public exponent */
- rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e);
+ rsa_e = BN_bin2bn(exp, sizeof(exp), NULL);
- if (rsa->n == NULL || rsa->e == NULL) {
+ if (rsa_n == NULL || rsa_e == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
+ goto err;
+ }
+ if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
+ rv = TSPERR(TSS_E_FAIL);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
goto err;
}
@@ -123,6 +151,7 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength,
unsigned char exp[] = { 0x01, 0x00, 0x01 }; /* The default public exponent for the TPM */
unsigned char buf[256];
RSA *rsa = RSA_new();
+ BIGNUM *rsa_n = NULL, *rsa_e = NULL;
if (rsa == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
@@ -146,12 +175,20 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength,
}
/* set the public key value in the OpenSSL object */
- rsa->n = BN_bin2bn(pModulus, iKeyLength, rsa->n);
+ rsa_n = BN_bin2bn(pModulus, iKeyLength, NULL);
/* set the public exponent */
- rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e);
+ rsa_e = BN_bin2bn(exp, sizeof(exp), NULL);
- if (rsa->n == NULL || rsa->e == NULL) {
+ if (rsa_n == NULL || rsa_e == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
+ goto err;
+ }
+ if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
+ rv = TSPERR(TSS_E_FAIL);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
goto err;
}
@@ -195,6 +232,7 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen,
int rv, e_size = 3;
unsigned char exp[] = { 0x01, 0x00, 0x01 };
RSA *rsa = RSA_new();
+ BIGNUM *rsa_n = NULL, *rsa_e = NULL;
if (rsa == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
@@ -237,12 +275,20 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen,
}
/* set the public key value in the OpenSSL object */
- rsa->n = BN_bin2bn(pubkey, pubsize, rsa->n);
+ rsa_n = BN_bin2bn(pubkey, pubsize, NULL);
/* set the public exponent */
- rsa->e = BN_bin2bn(exp, e_size, rsa->e);
+ rsa_e = BN_bin2bn(exp, e_size, NULL);
- if (rsa->n == NULL || rsa->e == NULL) {
+ if (rsa_n == NULL || rsa_e == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
+ goto err;
+ }
+ if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
+ rv = TSPERR(TSS_E_FAIL);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
goto err;
}
--- a/src/trspi/crypto/openssl/symmetric.c
+++ a/src/trspi/crypto/openssl/symmetric.c
@@ -52,7 +52,7 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
UINT32 *out_len)
{
TSS_RESULT result = TSS_SUCCESS;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
UINT32 tmp;
switch (alg) {
@@ -64,33 +64,37 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
break;
}
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL) {
+ result = TSPERR(TSS_E_OUTOFMEMORY);
+ goto done;
+ }
- if (!EVP_EncryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) {
+ if (!EVP_EncryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (*out_len < in_len + EVP_CIPHER_CTX_block_size(&ctx) - 1) {
+ if (*out_len < in_len + EVP_CIPHER_CTX_block_size(ctx) - 1) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
goto done;
}
- if (!EVP_EncryptUpdate(&ctx, out, (int *)out_len, in, in_len)) {
+ if (!EVP_EncryptUpdate(ctx, out, (int *)out_len, in, in_len)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_EncryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
+ if (!EVP_EncryptFinal(ctx, out + *out_len, (int *)&tmp)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
*out_len += tmp;
done:
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return result;
}
@@ -99,7 +103,7 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
UINT32 *out_len)
{
TSS_RESULT result = TSS_SUCCESS;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
UINT32 tmp;
switch (alg) {
@@ -111,28 +115,32 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
break;
}
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL) {
+ result = TSPERR(TSS_E_OUTOFMEMORY);
+ goto done;
+ }
- if (!EVP_DecryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) {
+ if (!EVP_DecryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, in, in_len)) {
+ if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, in, in_len)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
+ if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
*out_len += tmp;
done:
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return result;
}
@@ -255,7 +263,7 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
UINT32 *out_len)
{
TSS_RESULT result = TSS_SUCCESS;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx;
EVP_CIPHER *cipher;
BYTE *def_iv = NULL, *outiv_ptr;
UINT32 tmp;
@@ -269,7 +277,9 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
if ((cipher = get_openssl_cipher(alg, mode)) == NULL)
return TSPERR(TSS_E_INTERNAL_ERROR);
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL)
+ return TSPERR(TSS_E_OUTOFMEMORY);
/* If the iv passed in is NULL, create a new random iv and prepend it to the ciphertext */
iv_len = EVP_CIPHER_iv_length(cipher);
@@ -289,25 +299,25 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
outiv_ptr = out;
}
- if (!EVP_EncryptInit(&ctx, (const EVP_CIPHER *)cipher, key, def_iv)) {
+ if (!EVP_EncryptInit(ctx, (const EVP_CIPHER *)cipher, key, def_iv)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(&ctx) * 2) - 1) {
+ if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(ctx) * 2) - 1) {
LogDebug("Not enough space to do symmetric encryption");
result = TSPERR(TSS_E_INTERNAL_ERROR);
goto done;
}
- if (!EVP_EncryptUpdate(&ctx, outiv_ptr, &outiv_len, in, in_len)) {
+ if (!EVP_EncryptUpdate(ctx, outiv_ptr, &outiv_len, in, in_len)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_EncryptFinal(&ctx, outiv_ptr + outiv_len, (int *)&tmp)) {
+ if (!EVP_EncryptFinal(ctx, outiv_ptr + outiv_len, (int *)&tmp)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
@@ -320,7 +330,7 @@ done:
*out_len += iv_len;
free(def_iv);
}
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return result;
}
@@ -329,7 +339,7 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
UINT32 *out_len)
{
TSS_RESULT result = TSS_SUCCESS;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
EVP_CIPHER *cipher;
BYTE *def_iv = NULL, *iniv_ptr;
UINT32 tmp;
@@ -341,7 +351,10 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
if ((cipher = get_openssl_cipher(alg, mode)) == NULL)
return TSPERR(TSS_E_INTERNAL_ERROR);
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL) {
+ return TSPERR(TSS_E_OUTOFMEMORY);
+ }
/* If the iv is NULL, assume that its prepended to the ciphertext */
if (iv == NULL) {
@@ -361,19 +374,19 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
iniv_len = in_len;
}
- if (!EVP_DecryptInit(&ctx, cipher, key, def_iv)) {
+ if (!EVP_DecryptInit(ctx, cipher, key, def_iv)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, iniv_ptr, iniv_len)) {
+ if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, iniv_ptr, iniv_len)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
+ if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
@@ -383,6 +396,6 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
done:
if (def_iv != iv)
free(def_iv);
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return result;
}
--