[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Fri Dec 11 16:40:37 UTC 2015
The branch master has been updated
via 6ebe8dac3e6101c00b973ec8abc3cf405c9070d5 (commit)
via 254b26af2003c49958b52215f9fec03b4c7eed03 (commit)
via 601ab3151f4e17739465533fc159169f54f43a02 (commit)
via b518d2d5f8bad3fd4bb630acae2dafd5b68da9ff (commit)
via a0be4fd17b1c7f5ab8f8e11c71d71a5dd20158f4 (commit)
from 1ee3b17fa0efc0505c157f537c976d188bfa25b3 (commit)
- Log -----------------------------------------------------------------
commit 6ebe8dac3e6101c00b973ec8abc3cf405c9070d5
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Dec 11 16:16:32 2015 +0100
make update
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 254b26af2003c49958b52215f9fec03b4c7eed03
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Dec 11 16:10:53 2015 +0100
Adapt EVP tests to the opaque EVP_ENCODE_CTX
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 601ab3151f4e17739465533fc159169f54f43a02
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Dec 11 16:10:38 2015 +0100
Adapt PEM routines to the opaque EVP_ENCODE_CTX
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit b518d2d5f8bad3fd4bb630acae2dafd5b68da9ff
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Dec 11 16:09:52 2015 +0100
Adapt BIO_f_base64 to the opaque EVP_ENCODE_CTX
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit a0be4fd17b1c7f5ab8f8e11c71d71a5dd20158f4
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Dec 11 16:07:48 2015 +0100
Make EVP_ENCODE_CTX opaque
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/Makefile | 2 +-
crypto/evp/bio_b64.c | 25 ++++++++++++++-----------
crypto/evp/encode.c | 15 +++++++++++++++
crypto/evp/evp_locl.h | 16 ++++++++++++++++
crypto/pem/pem_lib.c | 39 ++++++++++++++++++++++++---------------
crypto/pem/pem_seal.c | 10 ++++++----
include/openssl/evp.h | 19 +++----------------
include/openssl/ossl_typ.h | 2 ++
include/openssl/pem.h | 2 +-
test/evp_test.c | 24 ++++++++++++++++--------
10 files changed, 98 insertions(+), 56 deletions(-)
diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile
index 4120158..df86026 100644
--- a/crypto/evp/Makefile
+++ b/crypto/evp/Makefile
@@ -378,7 +378,7 @@ encode.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
encode.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
encode.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
encode.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-encode.o: ../include/internal/cryptlib.h encode.c
+encode.o: ../include/internal/cryptlib.h encode.c evp_locl.h
evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h
evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c
index 00febc7..8df0d3f 100644
--- a/crypto/evp/bio_b64.c
+++ b/crypto/evp/bio_b64.c
@@ -89,7 +89,7 @@ typedef struct b64_struct {
int encode;
int start; /* have we started decoding yet? */
int cont; /* <= 0 when finished */
- EVP_ENCODE_CTX base64;
+ EVP_ENCODE_CTX *base64;
char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE) + 10];
char tmp[B64_BLOCK_SIZE];
} BIO_B64_CTX;
@@ -121,6 +121,7 @@ static int b64_new(BIO *bi)
ctx->cont = 1;
ctx->start = 1;
+ ctx->base64 = EVP_ENCODE_CTX_new();
bi->init = 1;
bi->ptr = (char *)ctx;
bi->flags = 0;
@@ -132,6 +133,7 @@ static int b64_free(BIO *a)
{
if (a == NULL)
return (0);
+ EVP_ENCODE_CTX_free(((BIO_B64_CTX *)a->ptr)->base64);
OPENSSL_free(a->ptr);
a->ptr = NULL;
a->init = 0;
@@ -159,7 +161,7 @@ static int b64_read(BIO *b, char *out, int outl)
ctx->buf_len = 0;
ctx->buf_off = 0;
ctx->tmp_len = 0;
- EVP_DecodeInit(&(ctx->base64));
+ EVP_DecodeInit(ctx->base64);
}
/* First check if there are bytes decoded/encoded */
@@ -238,11 +240,11 @@ static int b64_read(BIO *b, char *out, int outl)
continue;
}
- k = EVP_DecodeUpdate(&(ctx->base64),
+ k = EVP_DecodeUpdate(ctx->base64,
(unsigned char *)ctx->buf,
&num, p, q - p);
if ((k <= 0) && (num == 0) && (ctx->start))
- EVP_DecodeInit(&ctx->base64);
+ EVP_DecodeInit(ctx->base64);
else {
if (p != (unsigned char *)
&(ctx->tmp[0])) {
@@ -251,7 +253,7 @@ static int b64_read(BIO *b, char *out, int outl)
for (x = 0; x < i; x++)
ctx->tmp[x] = p[x];
}
- EVP_DecodeInit(&ctx->base64);
+ EVP_DecodeInit(ctx->base64);
ctx->start = 0;
break;
}
@@ -315,7 +317,7 @@ static int b64_read(BIO *b, char *out, int outl)
}
i = z;
} else {
- i = EVP_DecodeUpdate(&(ctx->base64),
+ i = EVP_DecodeUpdate(ctx->base64,
(unsigned char *)ctx->buf, &ctx->buf_len,
(unsigned char *)ctx->tmp, i);
ctx->tmp_len = 0;
@@ -362,7 +364,7 @@ static int b64_write(BIO *b, const char *in, int inl)
ctx->buf_len = 0;
ctx->buf_off = 0;
ctx->tmp_len = 0;
- EVP_EncodeInit(&(ctx->base64));
+ EVP_EncodeInit(ctx->base64);
}
OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf));
@@ -431,7 +433,7 @@ static int b64_write(BIO *b, const char *in, int inl)
ret += n;
}
} else {
- EVP_EncodeUpdate(&(ctx->base64),
+ EVP_EncodeUpdate(ctx->base64,
(unsigned char *)ctx->buf, &ctx->buf_len,
(unsigned char *)in, n);
OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
@@ -486,7 +488,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
ret = ctx->buf_len - ctx->buf_off;
if ((ret == 0) && (ctx->encode != B64_NONE)
- && (ctx->base64.num != 0))
+ && (EVP_ENCODE_CTX_num(ctx->base64) != 0))
ret = 1;
else if (ret <= 0)
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
@@ -514,9 +516,10 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
ctx->tmp_len = 0;
goto again;
}
- } else if (ctx->encode != B64_NONE && ctx->base64.num != 0) {
+ } else if (ctx->encode != B64_NONE
+ && EVP_ENCODE_CTX_num(ctx->base64) != 0) {
ctx->buf_off = 0;
- EVP_EncodeFinal(&(ctx->base64),
+ EVP_EncodeFinal(ctx->base64,
(unsigned char *)ctx->buf, &(ctx->buf_len));
/* push out the bytes */
goto again;
diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index ccfd84b..91160ad 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -59,6 +59,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
+#include "evp_locl.h"
static unsigned char conv_ascii2bin(unsigned char a);
#ifndef CHARSET_EBCDIC
@@ -140,6 +141,20 @@ static unsigned char conv_ascii2bin(unsigned char a)
}
#endif
+EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void)
+{
+ return (EVP_ENCODE_CTX *)OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX));
+}
+
+void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx)
+{
+ OPENSSL_free(ctx);
+}
+int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx)
+{
+ return ctx->num;
+}
+
void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
{
ctx->length = 48;
diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h
index 918ff0a..89ac37e 100644
--- a/crypto/evp/evp_locl.h
+++ b/crypto/evp/evp_locl.h
@@ -279,3 +279,19 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
int passlen, ASN1_TYPE *param,
const EVP_CIPHER *c, const EVP_MD *md,
int en_de);
+
+struct evp_Encode_Ctx_st {
+ /* number saved in a partial encode/decode */
+ int num;
+ /*
+ * The length is either the output line length (in input bytes) or the
+ * shortest input line length that is ok. Once decoding begins, the
+ * length is adjusted up each time a longer line is decoded
+ */
+ int length;
+ /* data to encode */
+ unsigned char enc_data[80];
+ /* number read on current line */
+ int line_num;
+ int expect_nl;
+};
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 23b347f..42a8583 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -600,10 +600,15 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header,
{
int nlen, n, i, j, outl;
unsigned char *buf = NULL;
- EVP_ENCODE_CTX ctx;
+ EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
int reason = ERR_R_BUF_LIB;
- EVP_EncodeInit(&ctx);
+ if (ctx == NULL) {
+ reason = ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+
+ EVP_EncodeInit(ctx);
nlen = strlen(name);
if ((BIO_write(bp, "-----BEGIN ", 11) != 11) ||
@@ -626,25 +631,26 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header,
i = j = 0;
while (len > 0) {
n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len);
- EVP_EncodeUpdate(&ctx, buf, &outl, &(data[j]), n);
+ EVP_EncodeUpdate(ctx, buf, &outl, &(data[j]), n);
if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl))
goto err;
i += outl;
len -= n;
j += n;
}
- EVP_EncodeFinal(&ctx, buf, &outl);
+ EVP_EncodeFinal(ctx, buf, &outl);
if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl))
goto err;
- OPENSSL_clear_free(buf, PEM_BUFSIZE * 8);
- buf = NULL;
if ((BIO_write(bp, "-----END ", 9) != 9) ||
(BIO_write(bp, name, nlen) != nlen) ||
(BIO_write(bp, "-----\n", 6) != 6))
goto err;
+ OPENSSL_clear_free(buf, PEM_BUFSIZE * 8);
+ EVP_ENCODE_CTX_free(ctx);
return (i + outl);
err:
OPENSSL_clear_free(buf, PEM_BUFSIZE * 8);
+ EVP_ENCODE_CTX_free(ctx);
PEMerr(PEM_F_PEM_WRITE_BIO, reason);
return (0);
}
@@ -670,22 +676,23 @@ int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
long *len)
{
- EVP_ENCODE_CTX ctx;
+ EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
int end = 0, i, k, bl = 0, hl = 0, nohead = 0;
char buf[256];
BUF_MEM *nameB;
BUF_MEM *headerB;
BUF_MEM *dataB, *tmpB;
+ if (ctx == NULL) {
+ PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+
nameB = BUF_MEM_new();
headerB = BUF_MEM_new();
dataB = BUF_MEM_new();
if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) {
- BUF_MEM_free(nameB);
- BUF_MEM_free(headerB);
- BUF_MEM_free(dataB);
- PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
- return (0);
+ goto err;
}
buf[254] = '\0';
@@ -805,15 +812,15 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
goto err;
}
- EVP_DecodeInit(&ctx);
- i = EVP_DecodeUpdate(&ctx,
+ EVP_DecodeInit(ctx);
+ i = EVP_DecodeUpdate(ctx,
(unsigned char *)dataB->data, &bl,
(unsigned char *)dataB->data, bl);
if (i < 0) {
PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
goto err;
}
- i = EVP_DecodeFinal(&ctx, (unsigned char *)&(dataB->data[bl]), &k);
+ i = EVP_DecodeFinal(ctx, (unsigned char *)&(dataB->data[bl]), &k);
if (i < 0) {
PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
goto err;
@@ -829,11 +836,13 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
OPENSSL_free(nameB);
OPENSSL_free(headerB);
OPENSSL_free(dataB);
+ EVP_ENCODE_CTX_free(ctx);
return (1);
err:
BUF_MEM_free(nameB);
BUF_MEM_free(headerB);
BUF_MEM_free(dataB);
+ EVP_ENCODE_CTX_free(ctx);
return (0);
}
diff --git a/crypto/pem/pem_seal.c b/crypto/pem/pem_seal.c
index d0db777..f7c9e3f 100644
--- a/crypto/pem/pem_seal.c
+++ b/crypto/pem/pem_seal.c
@@ -91,7 +91,8 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
goto err;
}
- EVP_EncodeInit(&ctx->encode);
+ ctx->encode = EVP_ENCODE_CTX_new();
+ EVP_EncodeInit(ctx->encode);
ctx->md = EVP_MD_CTX_new();
if (!EVP_SignInit(ctx->md, md_type))
@@ -135,7 +136,7 @@ int PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
i = inl;
if (!EVP_EncryptUpdate(&ctx->cipher, buffer, &j, in, i))
return 0;
- EVP_EncodeUpdate(&ctx->encode, out, &j, buffer, j);
+ EVP_EncodeUpdate(ctx->encode, out, &j, buffer, j);
*outl += j;
out += j;
in += i;
@@ -166,10 +167,10 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
if (!EVP_EncryptFinal_ex(&ctx->cipher, s, (int *)&i))
goto err;
- EVP_EncodeUpdate(&ctx->encode, out, &j, s, i);
+ EVP_EncodeUpdate(ctx->encode, out, &j, s, i);
*outl = j;
out += j;
- EVP_EncodeFinal(&ctx->encode, out, &j);
+ EVP_EncodeFinal(ctx->encode, out, &j);
*outl += j;
if (!EVP_SignFinal(ctx->md, s, &i, priv))
@@ -178,6 +179,7 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
ret = 1;
err:
+ EVP_ENCODE_CTX_free(ctx->encode);
EVP_MD_CTX_free(ctx->md);
EVP_CIPHER_CTX_cleanup(&ctx->cipher);
OPENSSL_free(s);
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 5126803..40708f2 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -447,22 +447,6 @@ struct evp_cipher_ctx_st {
unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
} /* EVP_CIPHER_CTX */ ;
-typedef struct evp_Encode_Ctx_st {
- /* number saved in a partial encode/decode */
- int num;
- /*
- * The length is either the output line length (in input bytes) or the
- * shortest input line length that is ok. Once decoding begins, the
- * length is adjusted up each time a longer line is decoded
- */
- int length;
- /* data to encode */
- unsigned char enc_data[80];
- /* number read on current line */
- int line_num;
- int expect_nl;
-} EVP_ENCODE_CTX;
-
/* Password based encryption function */
typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass,
int passlen, ASN1_TYPE *param,
@@ -701,6 +685,9 @@ __owur int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
EVP_PKEY **pubk, int npubk);
__owur int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
+void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
+int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx);
void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl);
diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h
index a6d07a0..ed7c2a8 100644
--- a/include/openssl/ossl_typ.h
+++ b/include/openssl/ossl_typ.h
@@ -137,6 +137,8 @@ typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
+typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX;
+
typedef struct hmac_ctx_st HMAC_CTX;
typedef struct dh_st DH;
diff --git a/include/openssl/pem.h b/include/openssl/pem.h
index 2746e0e..fe2cf11 100644
--- a/include/openssl/pem.h
+++ b/include/openssl/pem.h
@@ -103,7 +103,7 @@ extern "C" {
* by PEM_SealFinal (at least for now)
*/
typedef struct PEM_Encode_Seal_st {
- EVP_ENCODE_CTX encode;
+ EVP_ENCODE_CTX *encode;
EVP_MD_CTX *md;
EVP_CIPHER_CTX cipher;
} PEM_ENCODE_SEAL_CTX;
diff --git a/test/evp_test.c b/test/evp_test.c
index ec2283a..f24494b 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1591,22 +1591,29 @@ static int encode_test_run(struct evp_test *t)
unsigned char *encode_out = NULL, *decode_out = NULL;
int output_len, chunk_len;
const char *err = "INTERNAL_ERROR";
- EVP_ENCODE_CTX decode_ctx;
+ EVP_ENCODE_CTX *decode_ctx = EVP_ENCODE_CTX_new();
+
+ if (decode_ctx == NULL)
+ goto err;
if (edata->encoding == BASE64_CANONICAL_ENCODING) {
- EVP_ENCODE_CTX encode_ctx;
+ EVP_ENCODE_CTX *encode_ctx = EVP_ENCODE_CTX_new();
+ if (encode_ctx == NULL)
+ goto err;
encode_out = OPENSSL_malloc(EVP_ENCODE_LENGTH(edata->input_len));
if (encode_out == NULL)
goto err;
- EVP_EncodeInit(&encode_ctx);
- EVP_EncodeUpdate(&encode_ctx, encode_out, &chunk_len,
+ EVP_EncodeInit(encode_ctx);
+ EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len,
edata->input, edata->input_len);
output_len = chunk_len;
- EVP_EncodeFinal(&encode_ctx, encode_out + chunk_len, &chunk_len);
+ EVP_EncodeFinal(encode_ctx, encode_out + chunk_len, &chunk_len);
output_len += chunk_len;
+ EVP_ENCODE_CTX_free(encode_ctx);
+
if (check_var_length_output(t, edata->output, edata->output_len,
encode_out, output_len)) {
err = "BAD_ENCODING";
@@ -1618,15 +1625,15 @@ static int encode_test_run(struct evp_test *t)
if (decode_out == NULL)
goto err;
- EVP_DecodeInit(&decode_ctx);
- if (EVP_DecodeUpdate(&decode_ctx, decode_out, &chunk_len, edata->output,
+ EVP_DecodeInit(decode_ctx);
+ if (EVP_DecodeUpdate(decode_ctx, decode_out, &chunk_len, edata->output,
edata->output_len) < 0) {
err = "DECODE_ERROR";
goto err;
}
output_len = chunk_len;
- if (EVP_DecodeFinal(&decode_ctx, decode_out + chunk_len, &chunk_len) != 1) {
+ if (EVP_DecodeFinal(decode_ctx, decode_out + chunk_len, &chunk_len) != 1) {
err = "DECODE_ERROR";
goto err;
}
@@ -1644,6 +1651,7 @@ static int encode_test_run(struct evp_test *t)
t->err = err;
OPENSSL_free(encode_out);
OPENSSL_free(decode_out);
+ EVP_ENCODE_CTX_free(decode_ctx);
return 1;
}
More information about the openssl-commits
mailing list