Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
d91f4568
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
d91f4568
编写于
11月 05, 2017
作者:
K
Kurt Roeckx
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Tell the ciphers which DRBG to use for generating random bytes.
Reviewed-by:
N
Richard Levitte
<
levitte@openssl.org
>
GH: #4672
上级
b3f9064c
变更
15
隐藏空白更改
内联
并排
Showing
15 changed file
with
114 addition
and
21 deletion
+114
-21
crypto/evp/e_aes.c
crypto/evp/e_aes.c
+17
-5
crypto/evp/e_aes_cbc_hmac_sha1.c
crypto/evp/e_aes_cbc_hmac_sha1.c
+12
-3
crypto/evp/e_aes_cbc_hmac_sha256.c
crypto/evp/e_aes_cbc_hmac_sha256.c
+12
-3
crypto/evp/e_aria.c
crypto/evp/e_aria.c
+9
-3
crypto/evp/e_des.c
crypto/evp/e_des.c
+7
-1
crypto/evp/e_des3.c
crypto/evp/e_des3.c
+11
-2
crypto/evp/evp_enc.c
crypto/evp/evp_enc.c
+15
-1
crypto/evp/evp_locl.h
crypto/evp/evp_locl.h
+1
-0
crypto/evp/p_seal.c
crypto/evp/p_seal.c
+10
-3
doc/man3/EVP_EncryptInit.pod
doc/man3/EVP_EncryptInit.pod
+14
-0
include/openssl/evp.h
include/openssl/evp.h
+2
-0
ssl/s3_enc.c
ssl/s3_enc.c
+1
-0
ssl/statem/statem_srvr.c
ssl/statem/statem_srvr.c
+1
-0
ssl/t1_enc.c
ssl/t1_enc.c
+1
-0
ssl/tls13_enc.c
ssl/tls13_enc.c
+1
-0
未找到文件。
crypto/evp/e_aes.c
浏览文件 @
d91f4568
...
...
@@ -17,6 +17,7 @@
#include "internal/evp_int.h"
#include "modes_lcl.h"
#include <openssl/rand.h>
#include <internal/rand.h>
#include "evp_locl.h"
typedef
struct
{
...
...
@@ -1404,8 +1405,14 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
memcpy
(
gctx
->
iv
,
ptr
,
arg
);
enc
=
EVP_CIPHER_CTX_encrypting
(
c
);
if
(
enc
&&
RAND_bytes
(
gctx
->
iv
+
arg
,
gctx
->
ivlen
-
arg
)
<=
0
)
return
0
;
if
(
enc
)
{
if
(
c
->
drbg
!=
NULL
)
{
if
(
RAND_DRBG_bytes
(
c
->
drbg
,
gctx
->
iv
+
arg
,
gctx
->
ivlen
-
arg
)
==
0
)
return
0
;
}
else
if
(
RAND_bytes
(
gctx
->
iv
+
arg
,
gctx
->
ivlen
-
arg
)
<=
0
)
{
return
0
;
}
}
gctx
->
iv_gen
=
1
;
return
1
;
...
...
@@ -2632,9 +2639,14 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
return
0
;
if
(
arg
)
memcpy
(
gctx
->
iv
,
ptr
,
arg
);
if
(
EVP_CIPHER_CTX_encrypting
(
c
)
&&
RAND_bytes
(
gctx
->
iv
+
arg
,
gctx
->
ivlen
-
arg
)
<=
0
)
return
0
;
if
(
EVP_CIPHER_CTX_encrypting
(
c
))
{
if
(
c
->
drbg
!=
NULL
)
{
if
(
RAND_DRBG_bytes
(
c
->
drbg
,
gctx
->
iv
+
arg
,
gctx
->
ivlen
-
arg
)
==
0
)
return
0
;
}
else
if
(
RAND_bytes
(
gctx
->
iv
+
arg
,
gctx
->
ivlen
-
arg
)
<=
0
)
{
return
0
;
}
}
gctx
->
iv_gen
=
1
;
return
1
;
...
...
crypto/evp/e_aes_cbc_hmac_sha1.c
浏览文件 @
d91f4568
...
...
@@ -17,9 +17,11 @@
#include <openssl/aes.h>
#include <openssl/sha.h>
#include <openssl/rand.h>
#include <internal/rand.h>
#include "modes_lcl.h"
#include "internal/evp_int.h"
#include "internal/constant_time_locl.h"
#include "evp_locl.h"
typedef
struct
{
AES_KEY
ks
;
...
...
@@ -154,7 +156,8 @@ void aesni_multi_cbc_encrypt(CIPH_DESC *, void *, int);
static
size_t
tls1_1_multi_block_encrypt
(
EVP_AES_HMAC_SHA1
*
key
,
unsigned
char
*
out
,
const
unsigned
char
*
inp
,
size_t
inp_len
,
int
n4x
)
size_t
inp_len
,
int
n4x
,
RAND_DRBG
*
drbg
)
{
/* n4x is 1 or 2 */
HASH_DESC
hash_d
[
8
],
edges
[
8
];
CIPH_DESC
ciph_d
[
8
];
...
...
@@ -174,8 +177,13 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
# endif
/* ask for IVs in bulk */
if
(
RAND_bytes
((
IVs
=
blocks
[
0
].
c
),
16
*
x4
)
<=
0
)
IVs
=
blocks
[
0
].
c
;
if
(
drbg
!=
NULL
)
{
if
(
RAND_DRBG_bytes
(
drbg
,
IVs
,
16
*
x4
)
==
0
)
return
0
;
}
else
if
(
RAND_bytes
(
IVs
,
16
*
x4
)
<=
0
)
{
return
0
;
}
ctx
=
(
SHA1_MB_CTX
*
)
(
storage
+
32
-
((
size_t
)
storage
%
32
));
/* align */
...
...
@@ -893,7 +901,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
return
(
int
)
tls1_1_multi_block_encrypt
(
key
,
param
->
out
,
param
->
inp
,
param
->
len
,
param
->
interleave
/
4
);
param
->
interleave
/
4
,
ctx
->
drbg
);
}
case
EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT
:
# endif
...
...
crypto/evp/e_aes_cbc_hmac_sha256.c
浏览文件 @
d91f4568
...
...
@@ -18,9 +18,11 @@
#include <openssl/aes.h>
#include <openssl/sha.h>
#include <openssl/rand.h>
#include <internal/rand.h>
#include "modes_lcl.h"
#include "internal/constant_time_locl.h"
#include "internal/evp_int.h"
#include "evp_locl.h"
typedef
struct
{
AES_KEY
ks
;
...
...
@@ -150,7 +152,8 @@ void aesni_multi_cbc_encrypt(CIPH_DESC *, void *, int);
static
size_t
tls1_1_multi_block_encrypt
(
EVP_AES_HMAC_SHA256
*
key
,
unsigned
char
*
out
,
const
unsigned
char
*
inp
,
size_t
inp_len
,
int
n4x
)
size_t
inp_len
,
int
n4x
,
RAND_DRBG
*
drbg
)
{
/* n4x is 1 or 2 */
HASH_DESC
hash_d
[
8
],
edges
[
8
];
CIPH_DESC
ciph_d
[
8
];
...
...
@@ -170,8 +173,13 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
# endif
/* ask for IVs in bulk */
if
(
RAND_bytes
((
IVs
=
blocks
[
0
].
c
),
16
*
x4
)
<=
0
)
IVs
=
blocks
[
0
].
c
;
if
(
drbg
!=
NULL
)
{
if
(
RAND_DRBG_bytes
(
drbg
,
IVs
,
16
*
x4
)
==
0
)
return
0
;
}
else
if
(
RAND_bytes
(
IVs
,
16
*
x4
)
<=
0
)
{
return
0
;
}
/* align */
ctx
=
(
SHA256_MB_CTX
*
)
(
storage
+
32
-
((
size_t
)
storage
%
32
));
...
...
@@ -877,7 +885,8 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
return
(
int
)
tls1_1_multi_block_encrypt
(
key
,
param
->
out
,
param
->
inp
,
param
->
len
,
param
->
interleave
/
4
);
param
->
interleave
/
4
,
ctx
->
drbg
);
}
case
EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT
:
# endif
...
...
crypto/evp/e_aria.c
浏览文件 @
d91f4568
...
...
@@ -15,6 +15,7 @@
# include <openssl/rand.h>
# include "internal/aria.h"
# include "internal/evp_int.h"
# include "internal/rand.h"
# include "modes_lcl.h"
# include "evp_locl.h"
...
...
@@ -301,9 +302,14 @@ static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
return
0
;
if
(
arg
)
memcpy
(
gctx
->
iv
,
ptr
,
arg
);
if
(
EVP_CIPHER_CTX_encrypting
(
c
)
&&
RAND_bytes
(
gctx
->
iv
+
arg
,
gctx
->
ivlen
-
arg
)
<=
0
)
return
0
;
if
(
EVP_CIPHER_CTX_encrypting
(
c
))
{
if
(
c
->
drbg
!=
NULL
)
{
if
(
RAND_DRBG_bytes
(
c
->
drbg
,
gctx
->
iv
+
arg
,
gctx
->
ivlen
-
arg
)
==
0
)
return
0
;
}
else
if
(
RAND_bytes
(
gctx
->
iv
+
arg
,
gctx
->
ivlen
-
arg
)
<=
0
)
{
return
0
;
}
}
gctx
->
iv_gen
=
1
;
return
1
;
...
...
crypto/evp/e_des.c
浏览文件 @
d91f4568
...
...
@@ -15,6 +15,8 @@
# include "internal/evp_int.h"
# include <openssl/des.h>
# include <openssl/rand.h>
# include <internal/rand.h>
# include "evp_locl.h"
typedef
struct
{
union
{
...
...
@@ -229,8 +231,12 @@ static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
switch
(
type
)
{
case
EVP_CTRL_RAND_KEY
:
if
(
RAND_bytes
(
ptr
,
8
)
<=
0
)
if
(
c
->
drbg
!=
NULL
)
{
if
(
RAND_DRBG_bytes
(
c
->
drbg
,
ptr
,
8
)
==
0
)
return
0
;
}
else
if
(
RAND_bytes
(
ptr
,
8
)
<=
0
)
{
return
0
;
}
DES_set_odd_parity
((
DES_cblock
*
)
ptr
);
return
1
;
...
...
crypto/evp/e_des3.c
浏览文件 @
d91f4568
...
...
@@ -15,6 +15,7 @@
# include "internal/evp_int.h"
# include <openssl/des.h>
# include <openssl/rand.h>
# include <internal/rand.h>
# include "evp_locl.h"
typedef
struct
{
...
...
@@ -283,8 +284,12 @@ static int des3_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
switch
(
type
)
{
case
EVP_CTRL_RAND_KEY
:
if
(
RAND_bytes
(
ptr
,
EVP_CIPHER_CTX_key_length
(
ctx
))
<=
0
)
if
(
ctx
->
drbg
!=
NULL
)
{
if
(
RAND_DRBG_bytes
(
ctx
->
drbg
,
ptr
,
EVP_CIPHER_CTX_key_length
(
ctx
))
==
0
)
return
0
;
}
else
if
(
RAND_bytes
(
ptr
,
EVP_CIPHER_CTX_key_length
(
ctx
))
<=
0
)
{
return
0
;
}
DES_set_odd_parity
(
deskey
);
if
(
EVP_CIPHER_CTX_key_length
(
ctx
)
>=
16
)
DES_set_odd_parity
(
deskey
+
1
);
...
...
@@ -372,8 +377,12 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
memcpy
(
out
+
inl
+
8
,
sha1tmp
,
8
);
OPENSSL_cleanse
(
sha1tmp
,
SHA_DIGEST_LENGTH
);
/* Generate random IV */
if
(
RAND_bytes
(
EVP_CIPHER_CTX_iv_noconst
(
ctx
),
8
)
<=
0
)
if
(
ctx
->
drbg
!=
NULL
)
{
if
(
RAND_DRBG_bytes
(
ctx
->
drbg
,
EVP_CIPHER_CTX_iv_noconst
(
ctx
),
8
)
==
0
)
return
-
1
;
}
else
if
(
RAND_bytes
(
EVP_CIPHER_CTX_iv_noconst
(
ctx
),
8
)
<=
0
)
{
return
-
1
;
}
memcpy
(
out
,
EVP_CIPHER_CTX_iv_noconst
(
ctx
),
8
);
/* Encrypt everything after IV in place */
des_ede_cbc_cipher
(
ctx
,
out
+
8
,
out
+
8
,
inl
+
8
);
...
...
crypto/evp/evp_enc.c
浏览文件 @
d91f4568
...
...
@@ -15,6 +15,7 @@
#include <openssl/rand.h>
#include <openssl/engine.h>
#include "internal/evp_int.h"
#include "internal/rand.h"
#include "evp_locl.h"
int
EVP_CIPHER_CTX_reset
(
EVP_CIPHER_CTX
*
c
)
...
...
@@ -577,6 +578,15 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
int
EVP_CIPHER_CTX_ctrl
(
EVP_CIPHER_CTX
*
ctx
,
int
type
,
int
arg
,
void
*
ptr
)
{
int
ret
;
if
(
type
==
EVP_CTRL_GET_DRBG
)
{
*
(
RAND_DRBG
**
)
ptr
=
ctx
->
drbg
;
return
1
;
}
if
(
type
==
EVP_CTRL_SET_DRBG
)
{
ctx
->
drbg
=
ptr
;
return
1
;
}
if
(
!
ctx
->
cipher
)
{
EVPerr
(
EVP_F_EVP_CIPHER_CTX_CTRL
,
EVP_R_NO_CIPHER_SET
);
return
0
;
...
...
@@ -600,8 +610,12 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
{
if
(
ctx
->
cipher
->
flags
&
EVP_CIPH_RAND_KEY
)
return
EVP_CIPHER_CTX_ctrl
(
ctx
,
EVP_CTRL_RAND_KEY
,
0
,
key
);
if
(
RAND_bytes
(
key
,
ctx
->
key_len
)
<=
0
)
if
(
ctx
->
drbg
)
{
if
(
RAND_DRBG_bytes
(
ctx
->
drbg
,
key
,
ctx
->
key_len
)
==
0
)
return
0
;
}
else
if
(
RAND_bytes
(
key
,
ctx
->
key_len
)
<=
0
)
{
return
0
;
}
return
1
;
}
...
...
crypto/evp/evp_locl.h
浏览文件 @
d91f4568
...
...
@@ -39,6 +39,7 @@ struct evp_cipher_ctx_st {
int
final_used
;
int
block_mask
;
unsigned
char
final
[
EVP_MAX_BLOCK_LENGTH
];
/* possible final block */
RAND_DRBG
*
drbg
;
}
/* EVP_CIPHER_CTX */
;
int
PKCS5_v2_PBKDF2_keyivgen
(
EVP_CIPHER_CTX
*
ctx
,
const
char
*
pass
,
...
...
crypto/evp/p_seal.c
浏览文件 @
d91f4568
...
...
@@ -14,6 +14,8 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <internal/rand.h>
#include "evp_locl.h"
int
EVP_SealInit
(
EVP_CIPHER_CTX
*
ctx
,
const
EVP_CIPHER
*
type
,
unsigned
char
**
ek
,
int
*
ekl
,
unsigned
char
*
iv
,
...
...
@@ -31,9 +33,14 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
return
1
;
if
(
EVP_CIPHER_CTX_rand_key
(
ctx
,
key
)
<=
0
)
return
0
;
if
(
EVP_CIPHER_CTX_iv_length
(
ctx
)
&&
RAND_bytes
(
iv
,
EVP_CIPHER_CTX_iv_length
(
ctx
))
<=
0
)
return
0
;
if
(
EVP_CIPHER_CTX_iv_length
(
ctx
))
{
if
(
ctx
->
drbg
)
{
if
(
RAND_DRBG_bytes
(
ctx
->
drbg
,
iv
,
EVP_CIPHER_CTX_iv_length
(
ctx
))
==
0
)
return
0
;
}
else
if
(
RAND_bytes
(
iv
,
EVP_CIPHER_CTX_iv_length
(
ctx
))
<=
0
)
{
return
0
;
}
}
if
(
!
EVP_EncryptInit_ex
(
ctx
,
NULL
,
NULL
,
key
,
iv
))
return
0
;
...
...
doc/man3/EVP_EncryptInit.pod
浏览文件 @
d91f4568
...
...
@@ -457,6 +457,20 @@ This call is only valid when decrypting data.
=back
=head1 Random numbers
The following can be used to select the DRBG that is used to generate the random
numbers:
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_DRBG, 0, drbg)
The following can be used to get the DRBG:
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_DRBG, 0, &drbg)
By default it's set to NULL which results in RAND_bytes() being used.
=head1 NOTES
Where possible the B<EVP> interface to symmetric ciphers should be used in
...
...
include/openssl/evp.h
浏览文件 @
d91f4568
...
...
@@ -344,6 +344,8 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
# define EVP_CTRL_SET_PIPELINE_INPUT_BUFS 0x23
/* Set the input buffer lengths to use for a pipelined operation */
# define EVP_CTRL_SET_PIPELINE_INPUT_LENS 0x24
# define EVP_CTRL_GET_DRBG 0x25
# define EVP_CTRL_SET_DRBG 0x26
/* Padding modes */
#define EVP_PADDING_PKCS7 1
...
...
ssl/s3_enc.c
浏览文件 @
d91f4568
...
...
@@ -167,6 +167,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
*/
EVP_CIPHER_CTX_reset
(
s
->
enc_write_ctx
);
}
EVP_CIPHER_CTX_ctrl
(
s
->
enc_write_ctx
,
EVP_CTRL_SET_DRBG
,
0
,
s
->
drbg
);
dd
=
s
->
enc_write_ctx
;
if
(
ssl_replace_hash
(
&
s
->
write_hash
,
m
)
==
NULL
)
{
SSLfatal
(
s
,
SSL_AD_INTERNAL_ERROR
,
SSL_F_SSL3_CHANGE_CIPHER_STATE
,
...
...
ssl/statem/statem_srvr.c
浏览文件 @
d91f4568
...
...
@@ -3753,6 +3753,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET
,
ERR_R_MALLOC_FAILURE
);
goto
err
;
}
EVP_CIPHER_CTX_ctrl
(
ctx
,
EVP_CTRL_SET_DRBG
,
0
,
s
->
drbg
);
p
=
senc
;
if
(
!
i2d_SSL_SESSION
(
s
->
session
,
&
p
))
{
...
...
ssl/t1_enc.c
浏览文件 @
d91f4568
...
...
@@ -170,6 +170,7 @@ int tls1_change_cipher_state(SSL *s, int which)
ERR_R_MALLOC_FAILURE
);
goto
err
;
}
EVP_CIPHER_CTX_ctrl
(
s
->
enc_write_ctx
,
EVP_CTRL_SET_DRBG
,
0
,
s
->
drbg
);
dd
=
s
->
enc_write_ctx
;
if
(
SSL_IS_DTLS
(
s
))
{
mac_ctx
=
EVP_MD_CTX_new
();
...
...
ssl/tls13_enc.c
浏览文件 @
d91f4568
...
...
@@ -406,6 +406,7 @@ int tls13_change_cipher_state(SSL *s, int which)
SSL_F_TLS13_CHANGE_CIPHER_STATE
,
ERR_R_MALLOC_FAILURE
);
goto
err
;
}
EVP_CIPHER_CTX_ctrl
(
s
->
enc_write_ctx
,
EVP_CTRL_SET_DRBG
,
0
,
s
->
drbg
);
}
ciph_ctx
=
s
->
enc_write_ctx
;
iv
=
s
->
write_iv
;
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录