@@ -, +, @@ --- src/tcs/crypto/openssl/crypto.c | 15 ++++++--- src/trspi/crypto/openssl/hash.c | 17 ++++++---- src/trspi/crypto/openssl/rsa.c | 64 ++++++++++++++++++++++++++++++----- src/trspi/crypto/openssl/symmetric.c | 65 +++++++++++++++++++++--------------- 4 files changed, 115 insertions(+), 46 deletions(-) --- a/src/tcs/crypto/openssl/crypto.c +++ a/src/tcs/crypto/openssl/crypto.c @@ -31,13 +31,17 @@ TSS_RESULT Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest) { - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx; unsigned int result_size; int rv; + md_ctx = EVP_MD_CTX_new(); + if (md_ctx == NULL) + return TSPERR(TSS_E_OUTOFMEMORY); + switch (HashType) { case TSS_HASH_SHA1: - rv = EVP_DigestInit(&md_ctx, EVP_sha1()); + rv = EVP_DigestInit(md_ctx, EVP_sha1()); break; default: rv = TCSERR(TSS_E_BAD_PARAMETER); @@ -50,19 +54,20 @@ Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest) goto out; } - rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize); + rv = EVP_DigestUpdate(md_ctx, Buf, BufSize); if (rv != EVP_SUCCESS) { rv = TCSERR(TSS_E_INTERNAL_ERROR); goto out; } - result_size = EVP_MD_CTX_size(&md_ctx); - rv = EVP_DigestFinal(&md_ctx, Digest, &result_size); + result_size = EVP_MD_CTX_size(md_ctx); + rv = EVP_DigestFinal(md_ctx, Digest, &result_size); if (rv != EVP_SUCCESS) { rv = TCSERR(TSS_E_INTERNAL_ERROR); } else rv = TSS_SUCCESS; out: + EVP_MD_CTX_free(md_ctx); return rv; } --- a/src/trspi/crypto/openssl/hash.c +++ a/src/trspi/crypto/openssl/hash.c @@ -56,13 +56,17 @@ int MGF1(unsigned char *, long, const unsigned char *, long); TSS_RESULT Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest) { - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx; unsigned int result_size; int rv; + md_ctx = EVP_MD_CTX_new(); + if (md_ctx == NULL) + return TSPERR(TSS_E_OUTOFMEMORY); + switch (HashType) { case TSS_HASH_SHA1: - rv = EVP_DigestInit(&md_ctx, EVP_sha1()); + rv = EVP_DigestInit(md_ctx, EVP_sha1()); break; default: rv = TSPERR(TSS_E_BAD_PARAMETER); @@ -75,14 +79,14 @@ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest) goto err; } - rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize); + rv = EVP_DigestUpdate(md_ctx, Buf, BufSize); if (rv != EVP_SUCCESS) { rv = TSPERR(TSS_E_INTERNAL_ERROR); goto err; } - result_size = EVP_MD_CTX_size(&md_ctx); - rv = EVP_DigestFinal(&md_ctx, Digest, &result_size); + result_size = EVP_MD_CTX_size(md_ctx); + rv = EVP_DigestFinal(md_ctx, Digest, &result_size); if (rv != EVP_SUCCESS) { rv = TSPERR(TSS_E_INTERNAL_ERROR); goto err; @@ -94,6 +98,7 @@ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest) err: DEBUG_print_openssl_errors(); out: + EVP_MD_CTX_free(md_ctx); return rv; } @@ -112,7 +117,7 @@ Trspi_HashInit(Trspi_HashCtx *ctx, UINT32 HashType) break; } - if ((ctx->ctx = malloc(sizeof(EVP_MD_CTX))) == NULL) + if ((ctx->ctx = EVP_MD_CTX_new()) == NULL) return TSPERR(TSS_E_OUTOFMEMORY); rv = EVP_DigestInit((EVP_MD_CTX *)ctx->ctx, (const EVP_MD *)md); --- a/src/trspi/crypto/openssl/rsa.c +++ a/src/trspi/crypto/openssl/rsa.c @@ -38,6 +38,25 @@ #define DEBUG_print_openssl_errors() #endif +#if OPENSSL_VERSION_NUMBER < 0x10100001L +static int +RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) +{ + if (n != NULL) { + BN_free(r->n); + r->n = n; + } + if (e != NULL) { + BN_free(r->e); + r->e = e; + } + if (d != NULL) { + BN_free(r->d); + r->d = d; + } + return 1; +} +#endif /* * Hopefully this will make the code clearer since @@ -61,6 +80,7 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */ RSA *rsa = RSA_new(); BYTE encodedData[256]; int encodedDataLen; + BIGNUM *rsa_n = NULL, *rsa_e = NULL; if (rsa == NULL) { rv = TSPERR(TSS_E_OUTOFMEMORY); @@ -68,12 +88,20 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */ } /* set the public key value in the OpenSSL object */ - rsa->n = BN_bin2bn(publicKey, keysize, rsa->n); + rsa_n = BN_bin2bn(publicKey, keysize, NULL); /* set the public exponent */ - rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e); + rsa_e = BN_bin2bn(exp, sizeof(exp), NULL); - if (rsa->n == NULL || rsa->e == NULL) { + if (rsa_n == NULL || rsa_e == NULL) { rv = TSPERR(TSS_E_OUTOFMEMORY); + BN_free(rsa_n); + BN_free(rsa_e); + goto err; + } + if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) { + rv = TSPERR(TSS_E_FAIL); + BN_free(rsa_n); + BN_free(rsa_e); goto err; } @@ -123,6 +151,7 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength, unsigned char exp[] = { 0x01, 0x00, 0x01 }; /* The default public exponent for the TPM */ unsigned char buf[256]; RSA *rsa = RSA_new(); + BIGNUM *rsa_n = NULL, *rsa_e = NULL; if (rsa == NULL) { rv = TSPERR(TSS_E_OUTOFMEMORY); @@ -146,12 +175,20 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength, } /* set the public key value in the OpenSSL object */ - rsa->n = BN_bin2bn(pModulus, iKeyLength, rsa->n); + rsa_n = BN_bin2bn(pModulus, iKeyLength, NULL); /* set the public exponent */ - rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e); + rsa_e = BN_bin2bn(exp, sizeof(exp), NULL); - if (rsa->n == NULL || rsa->e == NULL) { + if (rsa_n == NULL || rsa_e == NULL) { rv = TSPERR(TSS_E_OUTOFMEMORY); + BN_free(rsa_n); + BN_free(rsa_e); + goto err; + } + if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) { + rv = TSPERR(TSS_E_FAIL); + BN_free(rsa_n); + BN_free(rsa_e); goto err; } @@ -195,6 +232,7 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen, int rv, e_size = 3; unsigned char exp[] = { 0x01, 0x00, 0x01 }; RSA *rsa = RSA_new(); + BIGNUM *rsa_n = NULL, *rsa_e = NULL; if (rsa == NULL) { rv = TSPERR(TSS_E_OUTOFMEMORY); @@ -237,12 +275,20 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen, } /* set the public key value in the OpenSSL object */ - rsa->n = BN_bin2bn(pubkey, pubsize, rsa->n); + rsa_n = BN_bin2bn(pubkey, pubsize, NULL); /* set the public exponent */ - rsa->e = BN_bin2bn(exp, e_size, rsa->e); + rsa_e = BN_bin2bn(exp, e_size, NULL); - if (rsa->n == NULL || rsa->e == NULL) { + if (rsa_n == NULL || rsa_e == NULL) { rv = TSPERR(TSS_E_OUTOFMEMORY); + BN_free(rsa_n); + BN_free(rsa_e); + goto err; + } + if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) { + rv = TSPERR(TSS_E_FAIL); + BN_free(rsa_n); + BN_free(rsa_e); goto err; } --- a/src/trspi/crypto/openssl/symmetric.c +++ a/src/trspi/crypto/openssl/symmetric.c @@ -52,7 +52,7 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out, UINT32 *out_len) { TSS_RESULT result = TSS_SUCCESS; - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx = NULL; UINT32 tmp; switch (alg) { @@ -64,33 +64,37 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out, break; } - EVP_CIPHER_CTX_init(&ctx); + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) { + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } - if (!EVP_EncryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) { + if (!EVP_EncryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) { result = TSPERR(TSS_E_INTERNAL_ERROR); DEBUG_print_openssl_errors(); goto done; } - if (*out_len < in_len + EVP_CIPHER_CTX_block_size(&ctx) - 1) { + if (*out_len < in_len + EVP_CIPHER_CTX_block_size(ctx) - 1) { result = TSPERR(TSS_E_INTERNAL_ERROR); goto done; } - if (!EVP_EncryptUpdate(&ctx, out, (int *)out_len, in, in_len)) { + if (!EVP_EncryptUpdate(ctx, out, (int *)out_len, in, in_len)) { result = TSPERR(TSS_E_INTERNAL_ERROR); DEBUG_print_openssl_errors(); goto done; } - if (!EVP_EncryptFinal(&ctx, out + *out_len, (int *)&tmp)) { + if (!EVP_EncryptFinal(ctx, out + *out_len, (int *)&tmp)) { result = TSPERR(TSS_E_INTERNAL_ERROR); DEBUG_print_openssl_errors(); goto done; } *out_len += tmp; done: - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_free(ctx); return result; } @@ -99,7 +103,7 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out, UINT32 *out_len) { TSS_RESULT result = TSS_SUCCESS; - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx = NULL; UINT32 tmp; switch (alg) { @@ -111,28 +115,32 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out, break; } - EVP_CIPHER_CTX_init(&ctx); + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) { + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } - if (!EVP_DecryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) { + if (!EVP_DecryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) { result = TSPERR(TSS_E_INTERNAL_ERROR); DEBUG_print_openssl_errors(); goto done; } - if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, in, in_len)) { + if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, in, in_len)) { result = TSPERR(TSS_E_INTERNAL_ERROR); DEBUG_print_openssl_errors(); goto done; } - if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) { + if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) { result = TSPERR(TSS_E_INTERNAL_ERROR); DEBUG_print_openssl_errors(); goto done; } *out_len += tmp; done: - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_free(ctx); return result; } @@ -255,7 +263,7 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 UINT32 *out_len) { TSS_RESULT result = TSS_SUCCESS; - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; EVP_CIPHER *cipher; BYTE *def_iv = NULL, *outiv_ptr; UINT32 tmp; @@ -269,7 +277,9 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 if ((cipher = get_openssl_cipher(alg, mode)) == NULL) return TSPERR(TSS_E_INTERNAL_ERROR); - EVP_CIPHER_CTX_init(&ctx); + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) + return TSPERR(TSS_E_OUTOFMEMORY); /* If the iv passed in is NULL, create a new random iv and prepend it to the ciphertext */ iv_len = EVP_CIPHER_iv_length(cipher); @@ -289,25 +299,25 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 outiv_ptr = out; } - if (!EVP_EncryptInit(&ctx, (const EVP_CIPHER *)cipher, key, def_iv)) { + if (!EVP_EncryptInit(ctx, (const EVP_CIPHER *)cipher, key, def_iv)) { result = TSPERR(TSS_E_INTERNAL_ERROR); DEBUG_print_openssl_errors(); goto done; } - if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(&ctx) * 2) - 1) { + if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(ctx) * 2) - 1) { LogDebug("Not enough space to do symmetric encryption"); result = TSPERR(TSS_E_INTERNAL_ERROR); goto done; } - if (!EVP_EncryptUpdate(&ctx, outiv_ptr, &outiv_len, in, in_len)) { + if (!EVP_EncryptUpdate(ctx, outiv_ptr, &outiv_len, in, in_len)) { result = TSPERR(TSS_E_INTERNAL_ERROR); DEBUG_print_openssl_errors(); goto done; } - if (!EVP_EncryptFinal(&ctx, outiv_ptr + outiv_len, (int *)&tmp)) { + if (!EVP_EncryptFinal(ctx, outiv_ptr + outiv_len, (int *)&tmp)) { result = TSPERR(TSS_E_INTERNAL_ERROR); DEBUG_print_openssl_errors(); goto done; @@ -320,7 +330,7 @@ done: *out_len += iv_len; free(def_iv); } - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_free(ctx); return result; } @@ -329,7 +339,7 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 UINT32 *out_len) { TSS_RESULT result = TSS_SUCCESS; - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx = NULL; EVP_CIPHER *cipher; BYTE *def_iv = NULL, *iniv_ptr; UINT32 tmp; @@ -341,7 +351,10 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 if ((cipher = get_openssl_cipher(alg, mode)) == NULL) return TSPERR(TSS_E_INTERNAL_ERROR); - EVP_CIPHER_CTX_init(&ctx); + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) { + return TSPERR(TSS_E_OUTOFMEMORY); + } /* If the iv is NULL, assume that its prepended to the ciphertext */ if (iv == NULL) { @@ -361,19 +374,19 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 iniv_len = in_len; } - if (!EVP_DecryptInit(&ctx, cipher, key, def_iv)) { + if (!EVP_DecryptInit(ctx, cipher, key, def_iv)) { result = TSPERR(TSS_E_INTERNAL_ERROR); DEBUG_print_openssl_errors(); goto done; } - if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, iniv_ptr, iniv_len)) { + if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, iniv_ptr, iniv_len)) { result = TSPERR(TSS_E_INTERNAL_ERROR); DEBUG_print_openssl_errors(); goto done; } - if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) { + if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) { result = TSPERR(TSS_E_INTERNAL_ERROR); DEBUG_print_openssl_errors(); goto done; @@ -383,6 +396,6 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 done: if (def_iv != iv) free(def_iv); - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_free(ctx); return result; } --