summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/hx509/crypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/lib/hx509/crypto.c')
-rw-r--r--source4/heimdal/lib/hx509/crypto.c219
1 files changed, 107 insertions, 112 deletions
diff --git a/source4/heimdal/lib/hx509/crypto.c b/source4/heimdal/lib/hx509/crypto.c
index 77be4413ac..c2e5e70748 100644
--- a/source4/heimdal/lib/hx509/crypto.c
+++ b/source4/heimdal/lib/hx509/crypto.c
@@ -149,11 +149,6 @@ const AlgorithmIdentifier _hx509_signature_md5_data = {
{ 6, rk_UNCONST(md5_oid_tree) }, rk_UNCONST(&null_entry_oid)
};
-static const unsigned md2_oid_tree[] = { 1, 2, 840, 113549, 2, 2 };
-const AlgorithmIdentifier _hx509_signature_md2_data = {
- { 6, rk_UNCONST(md2_oid_tree) }, rk_UNCONST(&null_entry_oid)
-};
-
static const unsigned ecPublicKey[] ={ 1, 2, 840, 10045, 2, 1 };
const AlgorithmIdentifier _hx509_signature_ecPublicKey = {
{ 6, rk_UNCONST(ecPublicKey) }, NULL
@@ -194,11 +189,6 @@ const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data = {
{ 7, rk_UNCONST(rsa_with_md5_oid) }, NULL
};
-static const unsigned rsa_with_md2_oid[] ={ 1, 2, 840, 113549, 1, 1, 2 };
-const AlgorithmIdentifier _hx509_signature_rsa_with_md2_data = {
- { 7, rk_UNCONST(rsa_with_md2_oid) }, NULL
-};
-
static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 };
const AlgorithmIdentifier _hx509_signature_rsa_data = {
{ 7, rk_UNCONST(rsa_oid) }, NULL
@@ -283,11 +273,11 @@ heim_oid2ecnid(heim_oid *oid)
* Now map to openssl OID fun
*/
- if (der_heim_oid_cmp(oid, &asn1_oid_id_ec_group_secp256r1) == 0)
+ if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP256R1) == 0)
return NID_X9_62_prime256v1;
- else if (der_heim_oid_cmp(oid, &asn1_oid_id_ec_group_secp160r1) == 0)
+ else if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP160R1) == 0)
return NID_secp160r1;
- else if (der_heim_oid_cmp(oid, &asn1_oid_id_ec_group_secp160r2) == 0)
+ else if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP160R2) == 0)
return NID_secp160r2;
return -1;
@@ -370,7 +360,7 @@ ecdsa_verify_signature(hx509_context context,
/* set up EC KEY */
spi = &signer->tbsCertificate.subjectPublicKeyInfo;
- if (der_heim_oid_cmp(&spi->algorithm.algorithm, &asn1_oid_id_ecPublicKey) != 0)
+ if (der_heim_oid_cmp(&spi->algorithm.algorithm, ASN1_OID_ID_ECPUBLICKEY) != 0)
return HX509_CRYPTO_SIG_INVALID_FORMAT;
#ifdef HAVE_OPENSSL
@@ -431,7 +421,7 @@ ecdsa_create_signature(hx509_context context,
unsigned int siglen;
int ret;
- if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, &asn1_oid_id_ecPublicKey) != 0)
+ if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) != 0)
_hx509_abort("internal error passing private key to wrong ops");
sig_oid = sig_alg->sig_oid;
@@ -661,7 +651,7 @@ rsa_create_signature(hx509_context context,
size_t size;
int ret;
- if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, &asn1_oid_id_pkcs1_rsaEncryption) != 0)
+ if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) != 0)
return HX509_ALG_NOT_SUPP;
if (alg)
@@ -669,19 +659,19 @@ rsa_create_signature(hx509_context context,
else
sig_oid = signer->signature_alg;
- if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_pkcs1_sha256WithRSAEncryption) == 0) {
+ if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION) == 0) {
digest_alg = hx509_signature_sha256();
- } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_pkcs1_sha1WithRSAEncryption) == 0) {
+ } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION) == 0) {
digest_alg = hx509_signature_sha1();
- } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_pkcs1_md5WithRSAEncryption) == 0) {
+ } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION) == 0) {
digest_alg = hx509_signature_md5();
- } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_pkcs1_md5WithRSAEncryption) == 0) {
+ } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION) == 0) {
digest_alg = hx509_signature_md5();
- } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_dsa_with_sha1) == 0) {
+ } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_DSA_WITH_SHA1) == 0) {
digest_alg = hx509_signature_sha1();
- } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_pkcs1_rsaEncryption) == 0) {
+ } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0) {
digest_alg = hx509_signature_sha1();
- } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_heim_rsa_pkcs1_x509) == 0) {
+ } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_HEIM_RSA_PKCS1_X509) == 0) {
digest_alg = NULL;
} else
return HX509_ALG_NOT_SUPP;
@@ -767,7 +757,7 @@ rsa_private_key_import(hx509_context context,
"Failed to parse RSA key");
return HX509_PARSING_KEY_FAILED;
}
- private_key->signature_alg = &asn1_oid_id_pkcs1_sha1WithRSAEncryption;
+ private_key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION;
return 0;
}
@@ -790,7 +780,7 @@ rsa_private_key2SPKI(hx509_context context,
}
spki->subjectPublicKey.length = len * 8;
- ret = set_digest_alg(&spki->algorithm, &asn1_oid_id_pkcs1_rsaEncryption,
+ ret = set_digest_alg(&spki->algorithm, ASN1_OID_ID_PKCS1_RSAENCRYPTION,
"\x05\x00", 2);
if (ret) {
hx509_set_error_string(context, 0, ret, "malloc - out of memory");
@@ -844,7 +834,7 @@ rsa_generate_private_key(hx509_context context,
"Failed to generate RSA key");
return HX509_PARSING_KEY_FAILED;
}
- private_key->signature_alg = &asn1_oid_id_pkcs1_sha1WithRSAEncryption;
+ private_key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION;
return 0;
}
@@ -900,7 +890,7 @@ rsa_get_internal(hx509_context context,
static hx509_private_key_ops rsa_private_key_ops = {
"RSA PRIVATE KEY",
- &asn1_oid_id_pkcs1_rsaEncryption,
+ ASN1_OID_ID_PKCS1_RSAENCRYPTION,
NULL,
rsa_private_key2SPKI,
rsa_private_key_export,
@@ -973,7 +963,7 @@ ecdsa_private_key_import(hx509_context context,
"Failed to parse EC private key");
return HX509_PARSING_KEY_FAILED;
}
- private_key->signature_alg = &asn1_oid_id_ecdsa_with_SHA256;
+ private_key->signature_alg = ASN1_OID_ID_ECDSA_WITH_SHA256;
return 0;
}
@@ -997,7 +987,7 @@ ecdsa_get_internal(hx509_context context,
static hx509_private_key_ops ecdsa_private_key_ops = {
"EC PRIVATE KEY",
- &asn1_oid_id_ecPublicKey,
+ ASN1_OID_ID_ECPUBLICKEY,
ecdsa_available,
ecdsa_private_key2SPKI,
ecdsa_private_key_export,
@@ -1110,7 +1100,7 @@ dsa_parse_private_key(hx509_context context,
d2i_DSAPrivateKey(NULL, &p, len);
if (private_key->private_key.dsa == NULL)
return EINVAL;
- private_key->signature_alg = &asn1_oid_id_dsa_with_sha1;
+ private_key->signature_alg = ASN1_OID_ID_DSA_WITH_SHA1;
return 0;
/* else */
@@ -1197,9 +1187,9 @@ evp_md_verify_signature(hx509_context context,
static const struct signature_alg ecdsa_with_sha256_alg = {
"ecdsa-with-sha256",
- &asn1_oid_id_ecdsa_with_SHA256,
+ ASN1_OID_ID_ECDSA_WITH_SHA256,
&_hx509_signature_ecdsa_with_sha256_data,
- &asn1_oid_id_ecPublicKey,
+ ASN1_OID_ID_ECPUBLICKEY,
&_hx509_signature_sha256_data,
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
0,
@@ -1211,9 +1201,9 @@ static const struct signature_alg ecdsa_with_sha256_alg = {
static const struct signature_alg ecdsa_with_sha1_alg = {
"ecdsa-with-sha1",
- &asn1_oid_id_ecdsa_with_SHA1,
+ ASN1_OID_ID_ECDSA_WITH_SHA1,
&_hx509_signature_ecdsa_with_sha1_data,
- &asn1_oid_id_ecPublicKey,
+ ASN1_OID_ID_ECPUBLICKEY,
&_hx509_signature_sha1_data,
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
0,
@@ -1227,9 +1217,9 @@ static const struct signature_alg ecdsa_with_sha1_alg = {
static const struct signature_alg heim_rsa_pkcs1_x509 = {
"rsa-pkcs1-x509",
- &asn1_oid_id_heim_rsa_pkcs1_x509,
+ ASN1_OID_ID_HEIM_RSA_PKCS1_X509,
&_hx509_signature_rsa_pkcs1_x509_data,
- &asn1_oid_id_pkcs1_rsaEncryption,
+ ASN1_OID_ID_PKCS1_RSAENCRYPTION,
NULL,
PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
0,
@@ -1240,9 +1230,9 @@ static const struct signature_alg heim_rsa_pkcs1_x509 = {
static const struct signature_alg pkcs1_rsa_sha1_alg = {
"rsa",
- &asn1_oid_id_pkcs1_rsaEncryption,
+ ASN1_OID_ID_PKCS1_RSAENCRYPTION,
&_hx509_signature_rsa_with_sha1_data,
- &asn1_oid_id_pkcs1_rsaEncryption,
+ ASN1_OID_ID_PKCS1_RSAENCRYPTION,
NULL,
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
0,
@@ -1253,9 +1243,9 @@ static const struct signature_alg pkcs1_rsa_sha1_alg = {
static const struct signature_alg rsa_with_sha256_alg = {
"rsa-with-sha256",
- &asn1_oid_id_pkcs1_sha256WithRSAEncryption,
+ ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION,
&_hx509_signature_rsa_with_sha256_data,
- &asn1_oid_id_pkcs1_rsaEncryption,
+ ASN1_OID_ID_PKCS1_RSAENCRYPTION,
&_hx509_signature_sha256_data,
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
0,
@@ -1266,9 +1256,9 @@ static const struct signature_alg rsa_with_sha256_alg = {
static const struct signature_alg rsa_with_sha1_alg = {
"rsa-with-sha1",
- &asn1_oid_id_pkcs1_sha1WithRSAEncryption,
+ ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION,
&_hx509_signature_rsa_with_sha1_data,
- &asn1_oid_id_pkcs1_rsaEncryption,
+ ASN1_OID_ID_PKCS1_RSAENCRYPTION,
&_hx509_signature_sha1_data,
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
0,
@@ -1277,25 +1267,25 @@ static const struct signature_alg rsa_with_sha1_alg = {
rsa_create_signature
};
-static const struct signature_alg rsa_with_md5_alg = {
- "rsa-with-md5",
- &asn1_oid_id_pkcs1_md5WithRSAEncryption,
- &_hx509_signature_rsa_with_md5_data,
- &asn1_oid_id_pkcs1_rsaEncryption,
- &_hx509_signature_md5_data,
- PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
- 1230739889,
+static const struct signature_alg rsa_with_sha1_alg_secsig = {
+ "rsa-with-sha1",
+ ASN1_OID_ID_SECSIG_SHA_1WITHRSAENCRYPTION,
+ &_hx509_signature_rsa_with_sha1_data,
+ ASN1_OID_ID_PKCS1_RSAENCRYPTION,
+ &_hx509_signature_sha1_data,
+ PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
+ 0,
NULL,
rsa_verify_signature,
rsa_create_signature
};
-static const struct signature_alg rsa_with_md2_alg = {
- "rsa-with-md2",
- &asn1_oid_id_pkcs1_md2WithRSAEncryption,
- &_hx509_signature_rsa_with_md2_data,
- &asn1_oid_id_pkcs1_rsaEncryption,
- &_hx509_signature_md2_data,
+static const struct signature_alg rsa_with_md5_alg = {
+ "rsa-with-md5",
+ ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION,
+ &_hx509_signature_rsa_with_md5_data,
+ ASN1_OID_ID_PKCS1_RSAENCRYPTION,
+ &_hx509_signature_md5_data,
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
1230739889,
NULL,
@@ -1305,9 +1295,9 @@ static const struct signature_alg rsa_with_md2_alg = {
static const struct signature_alg dsa_sha1_alg = {
"dsa-with-sha1",
- &asn1_oid_id_dsa_with_sha1,
+ ASN1_OID_ID_DSA_WITH_SHA1,
NULL,
- &asn1_oid_id_dsa,
+ ASN1_OID_ID_DSA,
&_hx509_signature_sha1_data,
PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
0,
@@ -1318,7 +1308,7 @@ static const struct signature_alg dsa_sha1_alg = {
static const struct signature_alg sha256_alg = {
"sha-256",
- &asn1_oid_id_sha256,
+ ASN1_OID_ID_SHA256,
&_hx509_signature_sha256_data,
NULL,
NULL,
@@ -1331,7 +1321,7 @@ static const struct signature_alg sha256_alg = {
static const struct signature_alg sha1_alg = {
"sha1",
- &asn1_oid_id_secsig_sha_1,
+ ASN1_OID_ID_SECSIG_SHA_1,
&_hx509_signature_sha1_data,
NULL,
NULL,
@@ -1344,7 +1334,7 @@ static const struct signature_alg sha1_alg = {
static const struct signature_alg md5_alg = {
"rsa-md5",
- &asn1_oid_id_rsa_digest_md5,
+ ASN1_OID_ID_RSA_DIGEST_MD5,
&_hx509_signature_md5_data,
NULL,
NULL,
@@ -1355,19 +1345,6 @@ static const struct signature_alg md5_alg = {
NULL
};
-static const struct signature_alg md2_alg = {
- "rsa-md2",
- &asn1_oid_id_rsa_digest_md2,
- &_hx509_signature_md2_data,
- NULL,
- NULL,
- SIG_DIGEST,
- 0,
- EVP_md2,
- evp_md_verify_signature,
- NULL
-};
-
/*
* Order matter in this structure, "best" first for each "key
* compatible" type (type is ECDSA, RSA, DSA, none, etc)
@@ -1380,15 +1357,14 @@ static const struct signature_alg *sig_algs[] = {
#endif
&rsa_with_sha256_alg,
&rsa_with_sha1_alg,
+ &rsa_with_sha1_alg_secsig,
&pkcs1_rsa_sha1_alg,
&rsa_with_md5_alg,
- &rsa_with_md2_alg,
&heim_rsa_pkcs1_x509,
&dsa_sha1_alg,
&sha256_alg,
&sha1_alg,
&md5_alg,
- &md2_alg,
NULL
};
@@ -1641,7 +1617,7 @@ _hx509_public_encrypt(hx509_context context,
ciphertext->length = ret;
ciphertext->data = to;
- ret = der_copy_oid(&asn1_oid_id_pkcs1_rsaEncryption, encryption_oid);
+ ret = der_copy_oid(ASN1_OID_ID_PKCS1_RSAENCRYPTION, encryption_oid);
if (ret) {
der_free_octet_string(ciphertext);
hx509_set_error_string(context, 0, ENOMEM, "out of memory");
@@ -1750,7 +1726,7 @@ _hx509_generate_private_key_init(hx509_context context,
{
*ctx = NULL;
- if (der_heim_oid_cmp(oid, &asn1_oid_id_pkcs1_rsaEncryption) != 0) {
+ if (der_heim_oid_cmp(oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) != 0) {
hx509_set_error_string(context, 0, EINVAL,
"private key not an RSA key");
return EINVAL;
@@ -1845,10 +1821,6 @@ hx509_signature_md5(void)
{ return &_hx509_signature_md5_data; }
const AlgorithmIdentifier *
-hx509_signature_md2(void)
-{ return &_hx509_signature_md2_data; }
-
-const AlgorithmIdentifier *
hx509_signature_ecPublicKey(void)
{ return &_hx509_signature_ecPublicKey; }
@@ -1881,10 +1853,6 @@ hx509_signature_rsa_with_md5(void)
{ return &_hx509_signature_rsa_with_md5_data; }
const AlgorithmIdentifier *
-hx509_signature_rsa_with_md2(void)
-{ return &_hx509_signature_rsa_with_md2_data; }
-
-const AlgorithmIdentifier *
hx509_signature_rsa(void)
{ return &_hx509_signature_rsa_data; }
@@ -1961,11 +1929,11 @@ _hx509_private_key_free(hx509_private_key *key)
if (--(*key)->ref > 0)
return 0;
- if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, &asn1_oid_id_pkcs1_rsaEncryption) == 0) {
+ if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0) {
if ((*key)->private_key.rsa)
RSA_free((*key)->private_key.rsa);
#ifdef HAVE_OPENSSL
- } else if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, &asn1_oid_id_ecPublicKey) == 0) {
+ } else if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) == 0) {
if ((*key)->private_key.ecdsa)
EC_KEY_free((*key)->private_key.ecdsa);
#endif
@@ -1982,7 +1950,7 @@ _hx509_private_key_assign_rsa(hx509_private_key key, void *ptr)
if (key->private_key.rsa)
RSA_free(key->private_key.rsa);
key->private_key.rsa = ptr;
- key->signature_alg = &asn1_oid_id_pkcs1_sha1WithRSAEncryption;
+ key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION;
key->md = &pkcs1_rsa_sha1_alg;
}
@@ -2048,7 +2016,11 @@ struct hx509cipher {
struct hx509_crypto_data {
char *name;
int flags;
-#define ALLOW_WEAK 1
+#define ALLOW_WEAK 1
+
+#define PADDING_NONE 2
+#define PADDING_PKCS7 4
+#define PADDING_FLAGS (2|4)
const struct hx509cipher *cipher;
const EVP_CIPHER *c;
heim_octet_string key;
@@ -2204,7 +2176,7 @@ static const struct hx509cipher ciphers[] = {
{
"rc2-cbc",
CIPHER_WEAK,
- &asn1_oid_id_pkcs3_rc2_cbc,
+ ASN1_OID_ID_PKCS3_RC2_CBC,
NULL,
EVP_rc2_cbc,
CMSRC2CBCParam_get,
@@ -2213,7 +2185,7 @@ static const struct hx509cipher ciphers[] = {
{
"rc2-cbc",
CIPHER_WEAK,
- &asn1_oid_id_rsadsi_rc2_cbc,
+ ASN1_OID_ID_RSADSI_RC2_CBC,
NULL,
EVP_rc2_cbc,
CMSRC2CBCParam_get,
@@ -2231,7 +2203,7 @@ static const struct hx509cipher ciphers[] = {
{
"des-ede3-cbc",
0,
- &asn1_oid_id_pkcs3_des_ede3_cbc,
+ ASN1_OID_ID_PKCS3_DES_EDE3_CBC,
NULL,
EVP_des_ede3_cbc,
CMSCBCParam_get,
@@ -2240,7 +2212,7 @@ static const struct hx509cipher ciphers[] = {
{
"des-ede3-cbc",
0,
- &asn1_oid_id_rsadsi_des_ede3_cbc,
+ ASN1_OID_ID_RSADSI_DES_EDE3_CBC,
hx509_crypto_des_rsdi_ede3_cbc,
EVP_des_ede3_cbc,
CMSCBCParam_get,
@@ -2249,7 +2221,7 @@ static const struct hx509cipher ciphers[] = {
{
"aes-128-cbc",
0,
- &asn1_oid_id_aes_128_cbc,
+ ASN1_OID_ID_AES_128_CBC,
hx509_crypto_aes128_cbc,
EVP_aes_128_cbc,
CMSCBCParam_get,
@@ -2258,7 +2230,7 @@ static const struct hx509cipher ciphers[] = {
{
"aes-192-cbc",
0,
- &asn1_oid_id_aes_192_cbc,
+ ASN1_OID_ID_AES_192_CBC,
NULL,
EVP_aes_192_cbc,
CMSCBCParam_get,
@@ -2267,7 +2239,7 @@ static const struct hx509cipher ciphers[] = {
{
"aes-256-cbc",
0,
- &asn1_oid_id_aes_256_cbc,
+ ASN1_OID_ID_AES_256_CBC,
hx509_crypto_aes256_cbc,
EVP_aes_256_cbc,
CMSCBCParam_get,
@@ -2334,6 +2306,7 @@ hx509_crypto_init(hx509_context context,
return ENOMEM;
}
+ (*crypto)->flags = PADDING_PKCS7;
(*crypto)->cipher = cipher;
(*crypto)->c = (*cipher->evp_func)();
@@ -2379,6 +2352,23 @@ hx509_crypto_allow_weak(hx509_crypto crypto)
crypto->flags |= ALLOW_WEAK;
}
+void
+hx509_crypto_set_padding(hx509_crypto crypto, int padding_type)
+{
+ switch (padding_type) {
+ case HX509_CRYPTO_PADDING_PKCS7:
+ crypto->flags &= ~PADDING_FLAGS;
+ crypto->flags |= PADDING_PKCS7;
+ break;
+ case HX509_CRYPTO_PADDING_NONE:
+ crypto->flags &= ~PADDING_FLAGS;
+ crypto->flags |= PADDING_NONE;
+ break;
+ default:
+ _hx509_abort("Invalid padding");
+ }
+}
+
int
hx509_crypto_set_key_data(hx509_crypto crypto, const void *data, size_t length)
{
@@ -2497,12 +2487,17 @@ hx509_crypto_encrypt(hx509_crypto crypto,
goto out;
}
- if (EVP_CIPHER_block_size(crypto->c) == 1) {
+ assert(crypto->flags & PADDING_FLAGS);
+ if (crypto->flags & PADDING_NONE) {
padsize = 0;
- } else {
- int bsize = EVP_CIPHER_block_size(crypto->c);
- padsize = bsize - (length % bsize);
+ } else if (crypto->flags & PADDING_PKCS7) {
+ if (EVP_CIPHER_block_size(crypto->c) == 1) {
+ } else {
+ int bsize = EVP_CIPHER_block_size(crypto->c);
+ padsize = bsize - (length % bsize);
+ }
}
+
(*ciphertext)->length = length + padsize;
(*ciphertext)->data = malloc(length + padsize);
if ((*ciphertext)->data == NULL) {
@@ -2592,7 +2587,7 @@ hx509_crypto_decrypt(hx509_crypto crypto,
}
EVP_CIPHER_CTX_cleanup(&evp);
- if (EVP_CIPHER_block_size(crypto->c) > 1) {
+ if ((crypto->flags & PADDING_PKCS7) && EVP_CIPHER_block_size(crypto->c) > 1) {
int padsize;
unsigned char *p;
int j, bsize = EVP_CIPHER_block_size(crypto->c);
@@ -2704,33 +2699,33 @@ find_string2key(const heim_oid *oid,
const EVP_MD **md,
PBE_string2key_func *s2k)
{
- if (der_heim_oid_cmp(oid, &asn1_oid_id_pbewithSHAAnd40BitRC2_CBC) == 0) {
+ if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND40BITRC2_CBC) == 0) {
*c = EVP_rc2_40_cbc();
*md = EVP_sha1();
*s2k = PBE_string2key;
return &asn1_oid_private_rc2_40;
- } else if (der_heim_oid_cmp(oid, &asn1_oid_id_pbeWithSHAAnd128BitRC2_CBC) == 0) {
+ } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND128BITRC2_CBC) == 0) {
*c = EVP_rc2_cbc();
*md = EVP_sha1();
*s2k = PBE_string2key;
- return &asn1_oid_id_pkcs3_rc2_cbc;
+ return ASN1_OID_ID_PKCS3_RC2_CBC;
#if 0
- } else if (der_heim_oid_cmp(oid, &asn1_oid_id_pbeWithSHAAnd40BitRC4) == 0) {
+ } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND40BITRC4) == 0) {
*c = EVP_rc4_40();
*md = EVP_sha1();
*s2k = PBE_string2key;
return NULL;
- } else if (der_heim_oid_cmp(oid, &asn1_oid_id_pbeWithSHAAnd128BitRC4) == 0) {
+ } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND128BITRC4) == 0) {
*c = EVP_rc4();
*md = EVP_sha1();
*s2k = PBE_string2key;
- return &asn1_oid_id_pkcs3_rc4;
+ return ASN1_OID_ID_PKCS3_RC4;
#endif
- } else if (der_heim_oid_cmp(oid, &asn1_oid_id_pbeWithSHAAnd3_KeyTripleDES_CBC) == 0) {
+ } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND3_KEYTRIPLEDES_CBC) == 0) {
*c = EVP_des_ede3_cbc();
*md = EVP_sha1();
*s2k = PBE_string2key;
- return &asn1_oid_id_pkcs3_des_ede3_cbc;
+ return ASN1_OID_ID_PKCS3_DES_EDE3_CBC;
}
return NULL;
@@ -2907,9 +2902,9 @@ match_keys_ec(hx509_cert c, hx509_private_key private_key)
int
_hx509_match_keys(hx509_cert c, hx509_private_key key)
{
- if (der_heim_oid_cmp(key->ops->key_oid, &asn1_oid_id_pkcs1_rsaEncryption) == 0)
+ if (der_heim_oid_cmp(key->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0)
return match_keys_rsa(c, key);
- if (der_heim_oid_cmp(key->ops->key_oid, &asn1_oid_id_ecPublicKey) == 0)
+ if (der_heim_oid_cmp(key->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) == 0)
return match_keys_ec(c, key);
return 0;
generated by cgit (git 2.34.1) at 2024-06-13 07:29:39 +0000