diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2013-08-05 15:40:50 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2013-10-01 14:01:18 +0100 |
| commit | e1e6c4dae7c84e5a77c66e5cd8cd894aed5820bf (patch) | |
| tree | 535b3a4da078ceb40ccc884f5a5e793bfff6d65b | |
| parent | 1747fd1cc66f2e7a38dfc623d0e6bea7b1707c24 (diff) | |
| download | openssl-new-e1e6c4dae7c84e5a77c66e5cd8cd894aed5820bf.tar.gz | |
Algorithm parameter support.
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.
(cherry picked from commit e61f5d55bc0072e75023be8971ae6e849643f466)
| -rw-r--r-- | crypto/ec/ec_ameth.c | 14 | ||||
| -rw-r--r-- | crypto/evp/e_aes.c | 2 | ||||
| -rw-r--r-- | crypto/evp/e_des3.c | 3 | ||||
| -rw-r--r-- | crypto/evp/evp_lib.c | 14 |
4 files changed, 29 insertions, 4 deletions
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index ff0870d7bb..d757fd61ef 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -857,6 +857,8 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) goto err; if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL)) goto err; + if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) + goto err; keylen = EVP_CIPHER_CTX_key_length(kekctx); if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0) @@ -1003,7 +1005,17 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) wrap_alg = X509_ALGOR_new(); if (!wrap_alg) goto err; - X509_ALGOR_set0(wrap_alg, OBJ_nid2obj(wrap_nid), V_ASN1_UNDEF, NULL); + wrap_alg->algorithm = OBJ_nid2obj(wrap_nid); + wrap_alg->parameter = ASN1_TYPE_new(); + if (!wrap_alg->parameter) + goto err; + if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0) + goto err; + if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) + { + ASN1_TYPE_free(wrap_alg->parameter); + wrap_alg->parameter = NULL; + } if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0) goto err; diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 66507f8935..5278001a21 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1936,7 +1936,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, #define WRAP_FLAGS (EVP_CIPH_WRAP_MODE \ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ - | EVP_CIPH_ALWAYS_CALL_INIT) + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) static const EVP_CIPHER aes_128_wrap = { NID_id_aes128_wrap, diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 6fe6453be1..157d0d515e 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -466,7 +466,8 @@ static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static const EVP_CIPHER des3_wrap = { NID_id_smime_alg_CMS3DESwrap, 8, 24, 0, - EVP_CIPH_WRAP_MODE|EVP_CIPH_CUSTOM_IV|EVP_CIPH_FLAG_CUSTOM_CIPHER, + EVP_CIPH_WRAP_MODE|EVP_CIPH_CUSTOM_IV|EVP_CIPH_FLAG_CUSTOM_CIPHER + |EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, des_ede3_wrap_cipher, NULL, sizeof(DES_EDE_KEY), diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index b180e4828a..2a87570b9e 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -68,7 +68,15 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->set_asn1_parameters != NULL) ret=c->cipher->set_asn1_parameters(c,type); else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) - ret=EVP_CIPHER_set_asn1_iv(c, type); + { + if (EVP_CIPHER_CTX_mode(c) == EVP_CIPH_WRAP_MODE) + { + ASN1_TYPE_set(type, V_ASN1_NULL, NULL); + ret = 1; + } + else + ret=EVP_CIPHER_set_asn1_iv(c, type); + } else ret=-1; return(ret); @@ -81,7 +89,11 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->get_asn1_parameters != NULL) ret=c->cipher->get_asn1_parameters(c,type); else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) + { + if (EVP_CIPHER_CTX_mode(c) == EVP_CIPH_WRAP_MODE) + return 1; ret=EVP_CIPHER_get_asn1_iv(c, type); + } else ret=-1; return(ret); |