3 * Wrapper for OpenSSL library.
5 * Copyright (c) 2001 Marko Kreen
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * contrib/pgcrypto/openssl.c
36 #include <openssl/evp.h>
37 #include <openssl/blowfish.h>
38 #include <openssl/cast.h>
39 #include <openssl/des.h>
40 #include <openssl/rand.h>
41 #include <openssl/err.h>
44 * Max lengths we might want to handle.
46 #define MAX_KEY (512/8)
47 #define MAX_IV (128/8)
50 * Compatibility with OpenSSL 0.9.6
52 * It needs AES and newer DES and digest API.
54 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
57 * Nothing needed for OpenSSL 0.9.7+
60 #include <openssl/aes.h>
61 #else /* old OPENSSL */
64 * Emulate OpenSSL AES.
71 #define AES_KEY rijndael_ctx
74 AES_set_encrypt_key(const uint8 *key, int kbits, AES_KEY *ctx)
76 aes_set_key(ctx, key, kbits, 1);
81 AES_set_decrypt_key(const uint8 *key, int kbits, AES_KEY *ctx)
83 aes_set_key(ctx, key, kbits, 0);
88 AES_ecb_encrypt(const uint8 *src, uint8 *dst, AES_KEY *ctx, int enc)
92 aes_ecb_encrypt(ctx, dst, 16);
94 aes_ecb_decrypt(ctx, dst, 16);
98 AES_cbc_encrypt(const uint8 *src, uint8 *dst, int len, AES_KEY *ctx, uint8 *iv, int enc)
100 memcpy(dst, src, len);
103 aes_cbc_encrypt(ctx, iv, dst, len);
104 memcpy(iv, dst + len - 16, 16);
108 aes_cbc_decrypt(ctx, iv, dst, len);
109 memcpy(iv, src + len - 16, 16);
117 #define DES_key_schedule des_key_schedule
118 #define DES_cblock des_cblock
119 #define DES_set_key(k, ks) \
120 des_set_key((k), *(ks))
121 #define DES_ecb_encrypt(i, o, k, e) \
122 des_ecb_encrypt((i), (o), *(k), (e))
123 #define DES_ncbc_encrypt(i, o, l, k, iv, e) \
124 des_ncbc_encrypt((i), (o), (l), *(k), (iv), (e))
125 #define DES_ecb3_encrypt(i, o, k1, k2, k3, e) \
126 des_ecb3_encrypt((des_cblock *)(i), (des_cblock *)(o), \
127 *(k1), *(k2), *(k3), (e))
128 #define DES_ede3_cbc_encrypt(i, o, l, k1, k2, k3, iv, e) \
129 des_ede3_cbc_encrypt((i), (o), \
130 (l), *(k1), *(k2), *(k3), (iv), (e))
133 * Emulate newer digest API.
137 EVP_MD_CTX_init(EVP_MD_CTX *ctx)
139 memset(ctx, 0, sizeof(*ctx));
143 EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
145 memset(ctx, 0, sizeof(*ctx));
150 EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, void *engine)
152 EVP_DigestInit(ctx, md);
157 EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *res, unsigned int *len)
159 EVP_DigestFinal(ctx, res, len);
162 #endif /* old OpenSSL */
165 * Provide SHA2 for older OpenSSL < 0.9.8
167 #if OPENSSL_VERSION_NUMBER < 0x00908000L
170 #include "internal-sha2.c"
172 typedef void (*init_f) (PX_MD *md);
175 compat_find_digest(const char *name, PX_MD **res)
179 if (pg_strcasecmp(name, "sha224") == 0)
181 else if (pg_strcasecmp(name, "sha256") == 0)
183 else if (pg_strcasecmp(name, "sha384") == 0)
185 else if (pg_strcasecmp(name, "sha512") == 0)
190 *res = px_alloc(sizeof(PX_MD));
195 #define compat_find_digest(name, res) (PXE_NO_HASH)
202 typedef struct OSSLDigest
209 digest_result_size(PX_MD *h)
211 OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
213 return EVP_MD_CTX_size(&digest->ctx);
217 digest_block_size(PX_MD *h)
219 OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
221 return EVP_MD_CTX_block_size(&digest->ctx);
225 digest_reset(PX_MD *h)
227 OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
229 EVP_DigestInit_ex(&digest->ctx, digest->algo, NULL);
233 digest_update(PX_MD *h, const uint8 *data, unsigned dlen)
235 OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
237 EVP_DigestUpdate(&digest->ctx, data, dlen);
241 digest_finish(PX_MD *h, uint8 *dst)
243 OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
245 EVP_DigestFinal_ex(&digest->ctx, dst, NULL);
249 digest_free(PX_MD *h)
251 OSSLDigest *digest = (OSSLDigest *) h->p.ptr;
253 EVP_MD_CTX_cleanup(&digest->ctx);
259 static int px_openssl_initialized = 0;
261 /* PUBLIC functions */
264 px_find_digest(const char *name, PX_MD **res)
270 if (!px_openssl_initialized)
272 px_openssl_initialized = 1;
273 OpenSSL_add_all_algorithms();
276 md = EVP_get_digestbyname(name);
278 return compat_find_digest(name, res);
280 digest = px_alloc(sizeof(*digest));
283 EVP_MD_CTX_init(&digest->ctx);
284 if (EVP_DigestInit_ex(&digest->ctx, digest->algo, NULL) == 0)
287 h = px_alloc(sizeof(*h));
288 h->result_size = digest_result_size;
289 h->block_size = digest_block_size;
290 h->reset = digest_reset;
291 h->update = digest_update;
292 h->finish = digest_finish;
293 h->free = digest_free;
294 h->p.ptr = (void *) digest;
303 * The problem with OpenSSL is that the EVP* family
304 * of functions does not allow enough flexibility
305 * and forces some of the parameters (keylen,
306 * padding) to SSL defaults.
308 * So need to manage ciphers ourselves.
313 int (*init) (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv);
314 int (*encrypt) (PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res);
315 int (*decrypt) (PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res);
333 DES_key_schedule key_schedule;
348 const struct ossl_cipher *ciph;
354 gen_ossl_block_size(PX_Cipher *c)
356 ossldata *od = (ossldata *) c->ptr;
358 return od->ciph->block_size;
362 gen_ossl_key_size(PX_Cipher *c)
364 ossldata *od = (ossldata *) c->ptr;
366 return od->ciph->max_key_size;
370 gen_ossl_iv_size(PX_Cipher *c)
373 ossldata *od = (ossldata *) c->ptr;
375 ivlen = od->ciph->block_size;
380 gen_ossl_free(PX_Cipher *c)
382 ossldata *od = (ossldata *) c->ptr;
384 memset(od, 0, sizeof(*od));
392 * Check if strong crypto is supported. Some openssl installations
393 * support only short keys and unfortunately BF_set_key does not return any
394 * error value. This function tests if is possible to use strong key.
397 bf_check_supported_key_len(void)
399 static const uint8 key[56] = {
400 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87, 0x78, 0x69,
401 0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f, 0x00, 0x11, 0x22, 0x33,
402 0x44, 0x55, 0x66, 0x77, 0x04, 0x68, 0x91, 0x04, 0xc2, 0xfd,
403 0x3b, 0x2f, 0x58, 0x40, 0x23, 0x64, 0x1a, 0xba, 0x61, 0x76,
404 0x1f, 0x1f, 0x1f, 0x1f, 0x0e, 0x0e, 0x0e, 0x0e, 0xff, 0xff,
405 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
408 static const uint8 data[8] = {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
409 static const uint8 res[8] = {0xc0, 0x45, 0x04, 0x01, 0x2e, 0x4e, 0x1f, 0x53};
414 /* encrypt with 448bits key and verify output */
415 BF_set_key(&bf_key, 56, key);
416 BF_ecb_encrypt(data, out, &bf_key, BF_ENCRYPT);
418 if (memcmp(out, res, 8) != 0)
419 return 0; /* Output does not match -> strong cipher is
425 bf_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
427 ossldata *od = c->ptr;
428 static int bf_is_strong = -1;
431 * Test if key len is supported. BF_set_key silently cut large keys and it
432 * could be be a problem when user transfer crypted data from one server
436 if (bf_is_strong == -1)
437 bf_is_strong = bf_check_supported_key_len();
439 if (!bf_is_strong && klen > 16)
440 return PXE_KEY_TOO_BIG;
442 /* Key len is supported. We can use it. */
443 BF_set_key(&od->u.bf.key, klen, key);
445 memcpy(od->iv, iv, BF_BLOCK);
447 memset(od->iv, 0, BF_BLOCK);
453 bf_ecb_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
455 unsigned bs = gen_ossl_block_size(c);
457 ossldata *od = c->ptr;
459 for (i = 0; i < dlen / bs; i++)
460 BF_ecb_encrypt(data + i * bs, res + i * bs, &od->u.bf.key, BF_ENCRYPT);
465 bf_ecb_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
467 unsigned bs = gen_ossl_block_size(c),
469 ossldata *od = c->ptr;
471 for (i = 0; i < dlen / bs; i++)
472 BF_ecb_encrypt(data + i * bs, res + i * bs, &od->u.bf.key, BF_DECRYPT);
477 bf_cbc_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
479 ossldata *od = c->ptr;
481 BF_cbc_encrypt(data, res, dlen, &od->u.bf.key, od->iv, BF_ENCRYPT);
486 bf_cbc_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
488 ossldata *od = c->ptr;
490 BF_cbc_encrypt(data, res, dlen, &od->u.bf.key, od->iv, BF_DECRYPT);
495 bf_cfb64_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
497 ossldata *od = c->ptr;
499 BF_cfb64_encrypt(data, res, dlen, &od->u.bf.key, od->iv,
500 &od->u.bf.num, BF_ENCRYPT);
505 bf_cfb64_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
507 ossldata *od = c->ptr;
509 BF_cfb64_encrypt(data, res, dlen, &od->u.bf.key, od->iv,
510 &od->u.bf.num, BF_DECRYPT);
517 ossl_des_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
519 ossldata *od = c->ptr;
522 memset(&xkey, 0, sizeof(xkey));
523 memcpy(&xkey, key, klen > 8 ? 8 : klen);
524 DES_set_key(&xkey, &od->u.des.key_schedule);
525 memset(&xkey, 0, sizeof(xkey));
528 memcpy(od->iv, iv, 8);
530 memset(od->iv, 0, 8);
535 ossl_des_ecb_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
538 unsigned bs = gen_ossl_block_size(c);
540 ossldata *od = c->ptr;
542 for (i = 0; i < dlen / bs; i++)
543 DES_ecb_encrypt((DES_cblock *) (data + i * bs),
544 (DES_cblock *) (res + i * bs),
545 &od->u.des.key_schedule, 1);
550 ossl_des_ecb_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
553 unsigned bs = gen_ossl_block_size(c);
555 ossldata *od = c->ptr;
557 for (i = 0; i < dlen / bs; i++)
558 DES_ecb_encrypt((DES_cblock *) (data + i * bs),
559 (DES_cblock *) (res + i * bs),
560 &od->u.des.key_schedule, 0);
565 ossl_des_cbc_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
568 ossldata *od = c->ptr;
570 DES_ncbc_encrypt(data, res, dlen, &od->u.des.key_schedule,
571 (DES_cblock *) od->iv, 1);
576 ossl_des_cbc_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
579 ossldata *od = c->ptr;
581 DES_ncbc_encrypt(data, res, dlen, &od->u.des.key_schedule,
582 (DES_cblock *) od->iv, 0);
589 ossl_des3_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
591 ossldata *od = c->ptr;
596 memset(&xkey1, 0, sizeof(xkey1));
597 memset(&xkey2, 0, sizeof(xkey2));
598 memset(&xkey3, 0, sizeof(xkey3));
599 memcpy(&xkey1, key, klen > 8 ? 8 : klen);
601 memcpy(&xkey2, key + 8, (klen - 8) > 8 ? 8 : (klen - 8));
603 memcpy(&xkey3, key + 16, (klen - 16) > 8 ? 8 : (klen - 16));
605 DES_set_key(&xkey1, &od->u.des3.k1);
606 DES_set_key(&xkey2, &od->u.des3.k2);
607 DES_set_key(&xkey3, &od->u.des3.k3);
608 memset(&xkey1, 0, sizeof(xkey1));
609 memset(&xkey2, 0, sizeof(xkey2));
610 memset(&xkey3, 0, sizeof(xkey3));
613 memcpy(od->iv, iv, 8);
615 memset(od->iv, 0, 8);
620 ossl_des3_ecb_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
623 unsigned bs = gen_ossl_block_size(c);
625 ossldata *od = c->ptr;
627 for (i = 0; i < dlen / bs; i++)
628 DES_ecb3_encrypt((void *) (data + i * bs), (void *) (res + i * bs),
629 &od->u.des3.k1, &od->u.des3.k2, &od->u.des3.k3, 1);
634 ossl_des3_ecb_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
637 unsigned bs = gen_ossl_block_size(c);
639 ossldata *od = c->ptr;
641 for (i = 0; i < dlen / bs; i++)
642 DES_ecb3_encrypt((void *) (data + i * bs), (void *) (res + i * bs),
643 &od->u.des3.k1, &od->u.des3.k2, &od->u.des3.k3, 0);
648 ossl_des3_cbc_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
651 ossldata *od = c->ptr;
653 DES_ede3_cbc_encrypt(data, res, dlen,
654 &od->u.des3.k1, &od->u.des3.k2, &od->u.des3.k3,
655 (DES_cblock *) od->iv, 1);
660 ossl_des3_cbc_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
663 ossldata *od = c->ptr;
665 DES_ede3_cbc_encrypt(data, res, dlen,
666 &od->u.des3.k1, &od->u.des3.k2, &od->u.des3.k3,
667 (DES_cblock *) od->iv, 0);
674 ossl_cast_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
676 ossldata *od = c->ptr;
677 unsigned bs = gen_ossl_block_size(c);
679 CAST_set_key(&od->u.cast_key, klen, key);
681 memcpy(od->iv, iv, bs);
683 memset(od->iv, 0, bs);
688 ossl_cast_ecb_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
690 unsigned bs = gen_ossl_block_size(c);
691 ossldata *od = c->ptr;
692 const uint8 *end = data + dlen - bs;
694 for (; data <= end; data += bs, res += bs)
695 CAST_ecb_encrypt(data, res, &od->u.cast_key, CAST_ENCRYPT);
700 ossl_cast_ecb_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
702 unsigned bs = gen_ossl_block_size(c);
703 ossldata *od = c->ptr;
704 const uint8 *end = data + dlen - bs;
706 for (; data <= end; data += bs, res += bs)
707 CAST_ecb_encrypt(data, res, &od->u.cast_key, CAST_DECRYPT);
712 ossl_cast_cbc_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
714 ossldata *od = c->ptr;
716 CAST_cbc_encrypt(data, res, dlen, &od->u.cast_key, od->iv, CAST_ENCRYPT);
721 ossl_cast_cbc_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
723 ossldata *od = c->ptr;
725 CAST_cbc_encrypt(data, res, dlen, &od->u.cast_key, od->iv, CAST_DECRYPT);
732 ossl_aes_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
734 ossldata *od = c->ptr;
735 unsigned bs = gen_ossl_block_size(c);
739 else if (klen <= 192 / 8)
741 else if (klen <= 256 / 8)
744 return PXE_KEY_TOO_BIG;
746 memcpy(od->key, key, klen);
749 memcpy(od->iv, iv, bs);
751 memset(od->iv, 0, bs);
756 ossl_aes_key_init(ossldata *od, int type)
761 * Strong key support could be missing on some openssl installations. We
762 * must check return value from set key function.
764 if (type == AES_ENCRYPT)
765 err = AES_set_encrypt_key(od->key, od->klen * 8, &od->u.aes_key);
767 err = AES_set_decrypt_key(od->key, od->klen * 8, &od->u.aes_key);
775 return PXE_KEY_TOO_BIG;
779 ossl_aes_ecb_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
782 unsigned bs = gen_ossl_block_size(c);
783 ossldata *od = c->ptr;
784 const uint8 *end = data + dlen - bs;
788 if ((err = ossl_aes_key_init(od, AES_ENCRYPT)) != 0)
791 for (; data <= end; data += bs, res += bs)
792 AES_ecb_encrypt(data, res, &od->u.aes_key, AES_ENCRYPT);
797 ossl_aes_ecb_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
800 unsigned bs = gen_ossl_block_size(c);
801 ossldata *od = c->ptr;
802 const uint8 *end = data + dlen - bs;
806 if ((err = ossl_aes_key_init(od, AES_DECRYPT)) != 0)
809 for (; data <= end; data += bs, res += bs)
810 AES_ecb_encrypt(data, res, &od->u.aes_key, AES_DECRYPT);
815 ossl_aes_cbc_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
818 ossldata *od = c->ptr;
822 if ((err = ossl_aes_key_init(od, AES_ENCRYPT)) != 0)
825 AES_cbc_encrypt(data, res, dlen, &od->u.aes_key, od->iv, AES_ENCRYPT);
830 ossl_aes_cbc_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
833 ossldata *od = c->ptr;
837 if ((err = ossl_aes_key_init(od, AES_DECRYPT)) != 0)
840 AES_cbc_encrypt(data, res, dlen, &od->u.aes_key, od->iv, AES_DECRYPT);
848 static PX_Alias ossl_aliases[] = {
850 {"blowfish", "bf-cbc"},
851 {"blowfish-cbc", "bf-cbc"},
852 {"blowfish-ecb", "bf-ecb"},
853 {"blowfish-cfb", "bf-cfb"},
855 {"3des", "des3-cbc"},
856 {"3des-ecb", "des3-ecb"},
857 {"3des-cbc", "des3-cbc"},
858 {"cast5", "cast5-cbc"},
860 {"rijndael", "aes-cbc"},
861 {"rijndael-cbc", "aes-cbc"},
862 {"rijndael-ecb", "aes-ecb"},
866 static const struct ossl_cipher ossl_bf_cbc = {
867 bf_init, bf_cbc_encrypt, bf_cbc_decrypt,
871 static const struct ossl_cipher ossl_bf_ecb = {
872 bf_init, bf_ecb_encrypt, bf_ecb_decrypt,
876 static const struct ossl_cipher ossl_bf_cfb = {
877 bf_init, bf_cfb64_encrypt, bf_cfb64_decrypt,
881 static const struct ossl_cipher ossl_des_ecb = {
882 ossl_des_init, ossl_des_ecb_encrypt, ossl_des_ecb_decrypt,
886 static const struct ossl_cipher ossl_des_cbc = {
887 ossl_des_init, ossl_des_cbc_encrypt, ossl_des_cbc_decrypt,
891 static const struct ossl_cipher ossl_des3_ecb = {
892 ossl_des3_init, ossl_des3_ecb_encrypt, ossl_des3_ecb_decrypt,
896 static const struct ossl_cipher ossl_des3_cbc = {
897 ossl_des3_init, ossl_des3_cbc_encrypt, ossl_des3_cbc_decrypt,
901 static const struct ossl_cipher ossl_cast_ecb = {
902 ossl_cast_init, ossl_cast_ecb_encrypt, ossl_cast_ecb_decrypt,
906 static const struct ossl_cipher ossl_cast_cbc = {
907 ossl_cast_init, ossl_cast_cbc_encrypt, ossl_cast_cbc_decrypt,
911 static const struct ossl_cipher ossl_aes_ecb = {
912 ossl_aes_init, ossl_aes_ecb_encrypt, ossl_aes_ecb_decrypt,
916 static const struct ossl_cipher ossl_aes_cbc = {
917 ossl_aes_init, ossl_aes_cbc_encrypt, ossl_aes_cbc_decrypt,
924 struct ossl_cipher_lookup
927 const struct ossl_cipher *ciph;
930 static const struct ossl_cipher_lookup ossl_cipher_types[] = {
931 {"bf-cbc", &ossl_bf_cbc},
932 {"bf-ecb", &ossl_bf_ecb},
933 {"bf-cfb", &ossl_bf_cfb},
934 {"des-ecb", &ossl_des_ecb},
935 {"des-cbc", &ossl_des_cbc},
936 {"des3-ecb", &ossl_des3_ecb},
937 {"des3-cbc", &ossl_des3_cbc},
938 {"cast5-ecb", &ossl_cast_ecb},
939 {"cast5-cbc", &ossl_cast_cbc},
940 {"aes-ecb", &ossl_aes_ecb},
941 {"aes-cbc", &ossl_aes_cbc},
945 /* PUBLIC functions */
948 px_find_cipher(const char *name, PX_Cipher **res)
950 const struct ossl_cipher_lookup *i;
954 name = px_resolve_alias(ossl_aliases, name);
955 for (i = ossl_cipher_types; i->name; i++)
956 if (!strcmp(i->name, name))
959 return PXE_NO_CIPHER;
961 od = px_alloc(sizeof(*od));
962 memset(od, 0, sizeof(*od));
965 c = px_alloc(sizeof(*c));
966 c->block_size = gen_ossl_block_size;
967 c->key_size = gen_ossl_key_size;
968 c->iv_size = gen_ossl_iv_size;
969 c->free = gen_ossl_free;
970 c->init = od->ciph->init;
971 c->encrypt = od->ciph->encrypt;
972 c->decrypt = od->ciph->decrypt;
980 static int openssl_random_init = 0;
983 * OpenSSL random should re-feeded occasionally. From /dev/urandom
987 init_openssl_rand(void)
989 if (RAND_get_rand_method() == NULL)
990 RAND_set_rand_method(RAND_SSLeay());
991 openssl_random_init = 1;
995 px_get_random_bytes(uint8 *dst, unsigned count)
999 if (!openssl_random_init)
1000 init_openssl_rand();
1002 res = RAND_bytes(dst, count);
1006 return PXE_OSSL_RAND_ERROR;
1010 px_get_pseudo_random_bytes(uint8 *dst, unsigned count)
1014 if (!openssl_random_init)
1015 init_openssl_rand();
1017 res = RAND_pseudo_bytes(dst, count);
1018 if (res == 0 || res == 1)
1021 return PXE_OSSL_RAND_ERROR;
1025 px_add_entropy(const uint8 *data, unsigned count)
1030 RAND_add(data, count, 0);
OSDN Git Service
