*/
# include <openssl/rc4.h>
# define TEST_RC4_KEY_SIZE 16
-static const int test_cipher_nids[] = { NID_rc4, NID_rc4_40 };
-
-static const int test_cipher_nids_number = 2;
typedef struct {
unsigned char key[TEST_RC4_KEY_SIZE];
RC4_KEY ks;
return 1;
}
-static const EVP_CIPHER test_r4_cipher = {
- NID_rc4,
- 1, TEST_RC4_KEY_SIZE, 0,
- EVP_CIPH_VARIABLE_LENGTH,
- test_rc4_init_key,
- test_rc4_cipher,
- NULL,
- sizeof(TEST_RC4_KEY),
- NULL,
- NULL,
- NULL,
- NULL
-};
-
-static const EVP_CIPHER test_r4_40_cipher = {
- NID_rc4_40,
- 1, 5 /* 40 bit */ , 0,
- EVP_CIPH_VARIABLE_LENGTH,
- test_rc4_init_key,
- test_rc4_cipher,
- NULL,
- sizeof(TEST_RC4_KEY),
- NULL,
- NULL,
- NULL,
- NULL
-};
+static EVP_CIPHER *r4_cipher = NULL;
+static const EVP_CIPHER *test_r4_cipher(void)
+{
+ if (r4_cipher == NULL) {
+ EVP_CIPHER *cipher;
+
+ if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, TEST_RC4_KEY_SIZE)) == NULL
+ || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
+ || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
+ || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
+ || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
+ || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
+ EVP_CIPHER_meth_free(cipher);
+ cipher = NULL;
+ }
+ r4_cipher = cipher;
+ }
+ return r4_cipher;
+}
+static void test_r4_cipher_destroy(void)
+{
+ EVP_CIPHER_meth_free(r4_cipher);
+ r4_cipher = NULL;
+}
+
+static EVP_CIPHER *r4_40_cipher = NULL;
+static const EVP_CIPHER *test_r4_40_cipher(void)
+{
+ if (r4_40_cipher == NULL) {
+ EVP_CIPHER *cipher;
+
+ if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 5 /* 40 bits */)) == NULL
+ || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
+ || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
+ || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
+ || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
+ || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
+ EVP_CIPHER_meth_free(cipher);
+ cipher = NULL;
+ }
+ r4_40_cipher = cipher;
+ }
+ return r4_40_cipher;
+}
+static void test_r4_40_cipher_destroy(void)
+{
+ EVP_CIPHER_meth_free(r4_40_cipher);
+ r4_40_cipher = NULL;
+}
+static int test_cipher_nids(const int **nids)
+{
+ static int cipher_nids[4] = { 0, 0, 0 };
+ static int pos = 0;
+ static int init = 0;
+
+ if (!init) {
+ const EVP_CIPHER *cipher;
+ if ((cipher = test_r4_cipher()) != NULL)
+ cipher_nids[pos++] = EVP_CIPHER_nid(cipher);
+ if ((cipher = test_r4_40_cipher()) != NULL)
+ cipher_nids[pos++] = EVP_CIPHER_nid(cipher);
+ cipher_nids[pos] = 0;
+ init = 1;
+ }
+ *nids = cipher_nids;
+ return pos;
+}
static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid)
{
if (!cipher) {
/* We are returning a list of supported nids */
- *nids = test_cipher_nids;
- return test_cipher_nids_number;
+ return test_cipher_nids(nids);
}
/* We are being asked for a specific cipher */
if (nid == NID_rc4)
- *cipher = &test_r4_cipher;
+ *cipher = test_r4_cipher();
else if (nid == NID_rc4_40)
- *cipher = &test_r4_40_cipher;
+ *cipher = test_r4_40_cipher();
else {
# ifdef TEST_ENG_OPENSSL_RC4_OTHERS
fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
int openssl_destroy(ENGINE *e)
{
test_sha_md_destroy();
+ test_r4_cipher_destroy();
+ test_r4_40_cipher_destroy();
return 1;
}
#include <openssl/rand.h>
#include "e_gost_err.h"
#include "gost_lcl.h"
+#include <openssl/evp.h>
#if !defined(CCGOST_DEBUG) && !defined(DEBUG)
# ifndef NDEBUG
/* Control function */
static int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
-EVP_CIPHER cipher_gost = {
- NID_id_Gost28147_89,
- 1, /* block_size */
- 32, /* key_size */
- 8, /* iv_len */
- EVP_CIPH_CFB_MODE | EVP_CIPH_NO_PADDING |
- EVP_CIPH_CUSTOM_IV | EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
- gost_cipher_init,
- gost_cipher_do_cfb,
- gost_cipher_cleanup,
- sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */
- gost89_set_asn1_parameters,
- gost89_get_asn1_parameters,
- gost_cipher_ctl,
- NULL,
-};
+static EVP_CIPHER *_hidden_Gost28147_89_cipher = NULL;
+const EVP_CIPHER *cipher_gost(void)
+{
+ if (_hidden_Gost28147_89_cipher == NULL
+ && ((_hidden_Gost28147_89_cipher =
+ EVP_CIPHER_meth_new(NID_id_Gost28147_89,
+ 1 /* block_size */,
+ 32 /* key_size */)) == NULL
+ || !EVP_CIPHER_meth_set_iv_length(_hidden_Gost28147_89_cipher, 8)
+ || !EVP_CIPHER_meth_set_flags(_hidden_Gost28147_89_cipher,
+ EVP_CIPH_CFB_MODE |
+ EVP_CIPH_NO_PADDING |
+ EVP_CIPH_CUSTOM_IV |
+ EVP_CIPH_RAND_KEY |
+ EVP_CIPH_ALWAYS_CALL_INIT)
+ || !EVP_CIPHER_meth_set_init(_hidden_Gost28147_89_cipher,
+ gost_cipher_init)
+ || !EVP_CIPHER_meth_set_do_cipher(_hidden_Gost28147_89_cipher,
+ gost_cipher_do_cfb)
+ || !EVP_CIPHER_meth_set_cleanup(_hidden_Gost28147_89_cipher,
+ gost_cipher_cleanup)
+ || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_Gost28147_89_cipher,
+ sizeof(struct ossl_gost_cipher_ctx))
+ || !EVP_CIPHER_meth_set_set_asn1_params(_hidden_Gost28147_89_cipher,
+ gost89_set_asn1_parameters)
+ || !EVP_CIPHER_meth_set_get_asn1_params(_hidden_Gost28147_89_cipher,
+ gost89_get_asn1_parameters)
+ || !EVP_CIPHER_meth_set_ctrl(_hidden_Gost28147_89_cipher,
+ gost_cipher_ctl))) {
+ EVP_CIPHER_meth_free(_hidden_Gost28147_89_cipher);
+ _hidden_Gost28147_89_cipher = NULL;
+ }
+ return _hidden_Gost28147_89_cipher;
+}
-EVP_CIPHER cipher_gost_cpacnt = {
- NID_gost89_cnt,
- 1, /* block_size */
- 32, /* key_size */
- 8, /* iv_len */
- EVP_CIPH_OFB_MODE | EVP_CIPH_NO_PADDING |
- EVP_CIPH_CUSTOM_IV | EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
- gost_cipher_init_cpa,
- gost_cipher_do_cnt,
- gost_cipher_cleanup,
- sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */
- gost89_set_asn1_parameters,
- gost89_get_asn1_parameters,
- gost_cipher_ctl,
- NULL,
-};
+static EVP_CIPHER *_hidden_gost89_cnt = NULL;
+const EVP_CIPHER *cipher_gost_cpacnt(void)
+{
+ if (_hidden_gost89_cnt == NULL
+ && ((_hidden_gost89_cnt =
+ EVP_CIPHER_meth_new(NID_gost89_cnt,
+ 1 /* block_size */,
+ 32 /* key_size */)) == NULL
+ || !EVP_CIPHER_meth_set_iv_length(_hidden_gost89_cnt, 8)
+ || !EVP_CIPHER_meth_set_flags(_hidden_gost89_cnt,
+ EVP_CIPH_OFB_MODE |
+ EVP_CIPH_NO_PADDING |
+ EVP_CIPH_CUSTOM_IV |
+ EVP_CIPH_RAND_KEY |
+ EVP_CIPH_ALWAYS_CALL_INIT)
+ || !EVP_CIPHER_meth_set_init(_hidden_gost89_cnt,
+ gost_cipher_init_cpa)
+ || !EVP_CIPHER_meth_set_do_cipher(_hidden_gost89_cnt,
+ gost_cipher_do_cnt)
+ || !EVP_CIPHER_meth_set_cleanup(_hidden_gost89_cnt,
+ gost_cipher_cleanup)
+ || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_gost89_cnt,
+ sizeof(struct ossl_gost_cipher_ctx))
+ || !EVP_CIPHER_meth_set_set_asn1_params(_hidden_gost89_cnt,
+ gost89_set_asn1_parameters)
+ || !EVP_CIPHER_meth_set_get_asn1_params(_hidden_gost89_cnt,
+ gost89_get_asn1_parameters)
+ || !EVP_CIPHER_meth_set_ctrl(_hidden_gost89_cnt,
+ gost_cipher_ctl))) {
+ EVP_CIPHER_meth_free(_hidden_gost89_cnt);
+ _hidden_gost89_cnt = NULL;
+ }
+ return _hidden_gost89_cnt;
+}
/* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */
/* Init functions which set specific parameters */
static int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr);
static EVP_MD *_hidden_Gost28147_89_MAC_md = NULL;
-EVP_MD *imit_gost_cpa(void)
+const EVP_MD *imit_gost_cpa(void)
{
if (_hidden_Gost28147_89_MAC_md == NULL) {
|| !ENGINE_register_digests(e)
|| !ENGINE_register_pkey_meths(e)
/* These two actually should go in LIST_ADD command */
- || !EVP_add_cipher(&cipher_gost)
- || !EVP_add_cipher(&cipher_gost_cpacnt)
+ || !EVP_add_cipher(cipher_gost())
+ || !EVP_add_cipher(cipher_gost_cpacnt())
|| !EVP_add_digest(digest_gost())
|| !EVP_add_digest(imit_gost_cpa())
) {
}
if (nid == NID_id_Gost28147_89) {
- *cipher = &cipher_gost;
+ *cipher = cipher_gost();
} else if (nid == NID_gost89_cnt) {
- *cipher = &cipher_gost_cpacnt;
+ *cipher = cipher_gost_cpacnt();
} else {
ok = 0;
*cipher = NULL;
EVP_MD *digest_gost(void);
void digest_gost_destroy(void);
/* EVP_MD structure for GOST 28147 in MAC mode */
-EVP_MD *imit_gost_cpa(void);
+const EVP_MD *imit_gost_cpa(void);
void imit_gost_cpa_destroy(void);
/* Cipher context used for EVP_CIPHER operation */
struct ossl_gost_cipher_ctx {
/* Find encryption params from ASN1_OBJECT */
const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj);
/* Implementation of GOST 28147-89 cipher in CFB and CNT modes */
-extern EVP_CIPHER cipher_gost;
-extern EVP_CIPHER cipher_gost_cpacnt;
+const EVP_CIPHER *cipher_gost(void);
+const EVP_CIPHER *cipher_gost_cpacnt(void);
# define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL+3)
# define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL+4)
/* EVP_PKEY_METHOD key encryption callbacks */
int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl);
-static const EVP_CIPHER ossltest_aes_128_cbc = { \
- NID_aes_128_cbc,
- 16, /* block size */
- 16, /* key len */
- 16, /* iv len */
- EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
- ossltest_aes128_init_key,
- ossltest_aes128_cbc_cipher,
- NULL, /* FIXME: when EVP_CIPHER goes opaque, this should be set to EVP_aes_128_cbc()->ctx_size */
- 0, /* We don't know the size of cipher_data at compile time */
- NULL,NULL,NULL,NULL
-};
-
+static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
+static const EVP_CIPHER *ossltest_aes_128_cbc(void)
+{
+ if (_hidden_aes_128_cbc == NULL
+ && ((_hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc,
+ 16 /* block size */,
+ 16 /* key len */)) == NULL
+ || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16)
+ || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
+ EVP_CIPH_FLAG_DEFAULT_ASN1
+ | EVP_CIPH_CBC_MODE)
+ || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
+ ossltest_aes128_init_key)
+ || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
+ ossltest_aes128_cbc_cipher)
+ || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
+ EVP_CIPHER_impl_ctx_size(EVP_aes_128_cbc())))) {
+ EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
+ _hidden_aes_128_cbc = NULL;
+ }
+ return _hidden_aes_128_cbc;
+}
+static void destroy_ciphers(void)
+{
+ EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
+ _hidden_aes_128_cbc = NULL;
+}
static int bind_ossltest(ENGINE *e)
{
static int ossltest_destroy(ENGINE *e)
{
destroy_digests();
+ destroy_ciphers();
ERR_unload_OSSLTEST_strings();
return 1;
}
/* We are being asked for a specific cipher */
switch (nid) {
case NID_aes_128_cbc:
- *cipher = &ossltest_aes_128_cbc;
+ *cipher = ossltest_aes_128_cbc();
break;
default:
ok = 0;
int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
- if (EVP_CIPHER_CTX_cipher_data(ctx) == NULL) {
- /*
- * Normally cipher_data is allocated automatically for an engine but
- * we don't know the ctx_size as compile time so we have to do it at
- * run time
- */
- /* FIXME: when EVP_CIPHER goes opaque, we won't need this trickery any more */
- EVP_CIPHER_CTX_new_cipher_data(ctx, EVP_aes_128_cbc()->ctx_size);
- if (EVP_CIPHER_CTX_cipher_data(ctx) == NULL) {
- OSSLTESTerr(OSSLTEST_F_OSSLTEST_AES128_INIT_KEY,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
- return EVP_aes_128_cbc()->init(ctx, key, iv, enc);
+ return EVP_CIPHER_meth_get_init(EVP_aes_128_cbc()) (ctx, key, iv, enc);
}
int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
memcpy(tmpbuf, in, inl);
/* Go through the motions of encrypting it */
- ret = EVP_aes_128_cbc()->do_cipher(ctx, out, in, inl);
+ ret = EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_cbc())(ctx, out, in, inl);
/* Throw it all away and just use the plaintext as the output */
memcpy(out, tmpbuf, inl);
* of preprocessor magic :-)
*/
# define DECLARE_AES_EVP(ksize,lmode,umode) \
-static const EVP_CIPHER padlock_aes_##ksize##_##lmode = { \
- NID_aes_##ksize##_##lmode, \
- EVP_CIPHER_block_size_##umode, \
- AES_KEY_SIZE_##ksize, \
- AES_BLOCK_SIZE, \
- 0 | EVP_CIPH_##umode##_MODE, \
- padlock_aes_init_key, \
- padlock_##lmode##_cipher, \
- NULL, \
- sizeof(struct padlock_cipher_data) + 16, \
- EVP_CIPHER_set_asn1_iv, \
- EVP_CIPHER_get_asn1_iv, \
- NULL, \
- NULL \
+static EVP_CIPHER *_hidden_aes_##ksize##_##lmode = NULL; \
+static const EVP_CIPHER *padlock_aes_##ksize##_##lmode(void) \
+{ \
+ if (_hidden_aes_##ksize##_##lmode == NULL \
+ && ((_hidden_aes_##ksize##_##lmode = \
+ EVP_CIPHER_meth_new(NID_aes_##ksize##_##lmode, \
+ EVP_CIPHER_block_size_##umode, \
+ AES_KEY_SIZE_##ksize)) == NULL \
+ || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_##ksize##_##lmode, \
+ AES_BLOCK_SIZE) \
+ || !EVP_CIPHER_meth_set_flags(_hidden_aes_##ksize##_##lmode, \
+ 0 | EVP_CIPH_##umode##_MODE) \
+ || !EVP_CIPHER_meth_set_init(_hidden_aes_##ksize##_##lmode, \
+ padlock_aes_init_key) \
+ || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_##ksize##_##lmode, \
+ padlock_##lmode##_cipher) \
+ || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_##ksize##_##lmode, \
+ sizeof(struct padlock_cipher_data) + 16) \
+ || !EVP_CIPHER_meth_set_set_asn1_params(_hidden_aes_##ksize##_##lmode, \
+ EVP_CIPHER_set_asn1_iv) \
+ || !EVP_CIPHER_meth_set_get_asn1_params(_hidden_aes_##ksize##_##lmode, \
+ EVP_CIPHER_get_asn1_iv))) { \
+ EVP_CIPHER_meth_free(_hidden_aes_##ksize##_##lmode); \
+ _hidden_aes_##ksize##_##lmode = NULL; \
+ } \
+ return _hidden_aes_##ksize##_##lmode; \
}
-DECLARE_AES_EVP(128, ecb, ECB);
-DECLARE_AES_EVP(128, cbc, CBC);
-DECLARE_AES_EVP(128, cfb, CFB);
-DECLARE_AES_EVP(128, ofb, OFB);
-DECLARE_AES_EVP(128, ctr, CTR);
+DECLARE_AES_EVP(128, ecb, ECB)
+DECLARE_AES_EVP(128, cbc, CBC)
+DECLARE_AES_EVP(128, cfb, CFB)
+DECLARE_AES_EVP(128, ofb, OFB)
+DECLARE_AES_EVP(128, ctr, CTR)
-DECLARE_AES_EVP(192, ecb, ECB);
-DECLARE_AES_EVP(192, cbc, CBC);
-DECLARE_AES_EVP(192, cfb, CFB);
-DECLARE_AES_EVP(192, ofb, OFB);
-DECLARE_AES_EVP(192, ctr, CTR);
+DECLARE_AES_EVP(192, ecb, ECB)
+DECLARE_AES_EVP(192, cbc, CBC)
+DECLARE_AES_EVP(192, cfb, CFB)
+DECLARE_AES_EVP(192, ofb, OFB)
+DECLARE_AES_EVP(192, ctr, CTR)
-DECLARE_AES_EVP(256, ecb, ECB);
-DECLARE_AES_EVP(256, cbc, CBC);
-DECLARE_AES_EVP(256, cfb, CFB);
-DECLARE_AES_EVP(256, ofb, OFB);
-DECLARE_AES_EVP(256, ctr, CTR);
+DECLARE_AES_EVP(256, ecb, ECB)
+DECLARE_AES_EVP(256, cbc, CBC)
+DECLARE_AES_EVP(256, cfb, CFB)
+DECLARE_AES_EVP(256, ofb, OFB)
+DECLARE_AES_EVP(256, ctr, CTR)
static int
padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids,
/* ... or the requested "cipher" otherwise */
switch (nid) {
case NID_aes_128_ecb:
- *cipher = &padlock_aes_128_ecb;
+ *cipher = padlock_aes_128_ecb();
break;
case NID_aes_128_cbc:
- *cipher = &padlock_aes_128_cbc;
+ *cipher = padlock_aes_128_cbc();
break;
case NID_aes_128_cfb:
- *cipher = &padlock_aes_128_cfb;
+ *cipher = padlock_aes_128_cfb();
break;
case NID_aes_128_ofb:
- *cipher = &padlock_aes_128_ofb;
+ *cipher = padlock_aes_128_ofb();
break;
case NID_aes_128_ctr:
- *cipher = &padlock_aes_128_ctr;
+ *cipher = padlock_aes_128_ctr();
break;
case NID_aes_192_ecb:
- *cipher = &padlock_aes_192_ecb;
+ *cipher = padlock_aes_192_ecb();
break;
case NID_aes_192_cbc:
- *cipher = &padlock_aes_192_cbc;
+ *cipher = padlock_aes_192_cbc();
break;
case NID_aes_192_cfb:
- *cipher = &padlock_aes_192_cfb;
+ *cipher = padlock_aes_192_cfb();
break;
case NID_aes_192_ofb:
- *cipher = &padlock_aes_192_ofb;
+ *cipher = padlock_aes_192_ofb();
break;
case NID_aes_192_ctr:
- *cipher = &padlock_aes_192_ctr;
+ *cipher = padlock_aes_192_ctr();
break;
case NID_aes_256_ecb:
- *cipher = &padlock_aes_256_ecb;
+ *cipher = padlock_aes_256_ecb();
break;
case NID_aes_256_cbc:
- *cipher = &padlock_aes_256_cbc;
+ *cipher = padlock_aes_256_cbc();
break;
case NID_aes_256_cfb:
- *cipher = &padlock_aes_256_cfb;
+ *cipher = padlock_aes_256_cfb();
break;
case NID_aes_256_ofb:
- *cipher = &padlock_aes_256_ofb;
+ *cipher = padlock_aes_256_ofb();
break;
case NID_aes_256_ctr:
- *cipher = &padlock_aes_256_ctr;
+ *cipher = padlock_aes_256_ctr();
break;
default: