You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by bl...@apache.org on 2003/10/15 09:54:54 UTC
cvs commit: xml-security/c/src/enc/WinCAPI WinCAPICryptoSymmetricKey.cpp WinCAPICryptoSymmetricKey.hpp
blautenb 2003/10/15 00:54:54
Modified: c/src/enc/OpenSSL OpenSSLCryptoSymmetricKey.cpp
OpenSSLCryptoSymmetricKey.hpp
c/src/enc/WinCAPI WinCAPICryptoSymmetricKey.cpp
WinCAPICryptoSymmetricKey.hpp
Log:
Clean up of OpenSSL code
Revision Changes Path
1.6 +46 -40 xml-security/c/src/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp
Index: OpenSSLCryptoSymmetricKey.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- OpenSSLCryptoSymmetricKey.cpp 12 Oct 2003 01:29:46 -0000 1.5
+++ OpenSSLCryptoSymmetricKey.cpp 15 Oct 2003 07:54:53 -0000 1.6
@@ -175,15 +175,9 @@
}
EVP_DecryptInit_ex(&m_ctx, EVP_des_ede3_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
- // Turn off padding
- EVP_CIPHER_CTX_set_padding(&m_ctx, 0);
- // That means we have to handle padding, so we always hold back
- // 8 bytes of data.
m_blockSize = 8;
- m_bytesInLastBlock = 0;
-
- return 8; // 3DEC_CBC uses a 64 bit IV
+ m_ivSize = 8;
break;
@@ -197,17 +191,10 @@
}
- EVP_CIPHER_CTX_init(&m_ctx);
EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
- // Turn off padding
- EVP_CIPHER_CTX_set_padding(&m_ctx, 0);
- // That means we have to handle padding, so we always hold back
- // 8 bytes of data.
- m_blockSize = 8;
- m_bytesInLastBlock = 0;
-
- return 8; // AES uses a 64 bit IV
+ m_blockSize = 16;
+ m_ivSize = 16;
break;
@@ -215,15 +202,10 @@
// An AES key
- EVP_CIPHER_CTX_init(&m_ctx);
EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
- // Turn off padding
- EVP_CIPHER_CTX_set_padding(&m_ctx, 0);
- m_blockSize = 0;
- m_bytesInLastBlock = 0;
-
- return 0; // ECB - no key
+ m_blockSize = 16;
+ m_ivSize = 0;
break;
@@ -235,7 +217,15 @@
}
- return 0;
+ // Reset some parameters
+ m_initialised = true;
+ m_bytesInLastBlock = 0;
+
+ // Disable OpenSSL padding - The interop samples have broken PKCS padding - AARGHH
+ EVP_CIPHER_CTX_set_padding(&m_ctx, 0);
+
+ // Return number of bytes chewed up by IV
+ return m_ivSize;
}
@@ -268,6 +258,11 @@
int outl = maxOutLength;
+ if (inLength - offset > maxOutLength) {
+ throw XSECCryptoException(XSECCryptoException::SymmetricError,
+ "OpenSSLSymmetricKey::decrypt - Not enough space in output buffer");
+ }
+
if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl, &inBuf[offset], inLength - m_bytesInLastBlock - offset) == 0) {
throw XSECCryptoException(XSECCryptoException::SymmetricError,
@@ -332,6 +327,11 @@
}
+ if ((unsigned int) outl > maxOutLength) {
+ throw XSECCryptoException(XSECCryptoException::SymmetricError,
+ "OpenSSLSymmetricKey::decryptFinish - **WARNING** - Plaintext output > maxOutLength!");
+ }
+
return outl;
}
@@ -340,10 +340,12 @@
// Encrypt
// --------------------------------------------------------------------------------
-bool OpenSSLCryptoSymmetricKey::encryptInit(const unsigned char * iv) {
+bool OpenSSLCryptoSymmetricKey::encryptInit(bool doPad, const unsigned char * iv) {
if (m_initialised == true)
return true;
+
+ m_doPad = doPad;
if (m_keyLen == 0) {
@@ -352,7 +354,9 @@
}
+ // Do some parameter initialisation
m_initialised = true;
+ m_bytesInLastBlock = 0;
// Set up the context according to the required cipher type
@@ -371,29 +375,22 @@
if (iv == NULL) {
- bool res = ((RAND_status() == 1) && (RAND_bytes(genIV, 256) == 1));
+ bool res = ((RAND_status() == 1) && (RAND_bytes(genIV, 8) == 1));
if (res == false) {
throw XSECCryptoException(XSECCryptoException::SymmetricError,
"OpenSSL:SymmetricKey - Error generating random IV");
}
usedIV = genIV;
- //return 0; // Cannot initialise without an IV
}
else
usedIV = iv;
EVP_EncryptInit_ex(&m_ctx, EVP_des_ede3_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
- // Turn off padding
- // EVP_CIPHER_CTX_set_padding(&m_ctx, 0);
-
- // That means we have to handle padding, so we always hold back
- // 8 bytes of data.
m_blockSize = 8;
m_ivSize = 8;
memcpy(m_lastBlock, usedIV, m_ivSize);
- m_bytesInLastBlock = 0;
break;
@@ -403,14 +400,13 @@
if (iv == NULL) {
- bool res = ((RAND_status() == 1) && (RAND_bytes(genIV, 256) == 1));
+ bool res = ((RAND_status() == 1) && (RAND_bytes(genIV, 16) == 1));
if (res == false) {
throw XSECCryptoException(XSECCryptoException::SymmetricError,
"OpenSSL:SymmetricKey - Error generating random IV");
}
usedIV = genIV;
- //return 0; // Cannot initialise without an IV
}
else
@@ -421,7 +417,6 @@
m_blockSize = 16;
m_ivSize = 16;
memcpy(m_lastBlock, usedIV, m_ivSize);
- m_bytesInLastBlock = 0;
break;
@@ -430,11 +425,9 @@
// An AES key
EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
- EVP_CIPHER_CTX_set_padding(&m_ctx, 0);
m_blockSize = 16;
m_ivSize = 0;
- m_bytesInLastBlock = 0;
break;
@@ -446,6 +439,14 @@
}
+ // Setup padding
+ if (m_doPad) {
+ EVP_CIPHER_CTX_set_padding(&m_ctx, 1);
+ }
+ else {
+ EVP_CIPHER_CTX_set_padding(&m_ctx, 0);
+ }
+
return true;
}
@@ -502,8 +503,13 @@
if (EVP_EncryptFinal_ex(&m_ctx, cipherBuf, &outl) == 0) {
throw XSECCryptoException(XSECCryptoException::SymmetricError,
- "OpenSSL:SymmetricKey - Error during OpenSSL decrypt finalisation");
+ "OpenSSLSymmetricKey::encryptFinish - Error during OpenSSL decrypt finalisation");
+
+ }
+ if ((unsigned int) outl > maxOutLength) {
+ throw XSECCryptoException(XSECCryptoException::SymmetricError,
+ "OpenSSLSymmetricKey::encryptFinish - **WARNING** - Cipheroutput > maxOutLength!");
}
return outl;
1.5 +3 -2 xml-security/c/src/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp
Index: OpenSSLCryptoSymmetricKey.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- OpenSSLCryptoSymmetricKey.hpp 13 Oct 2003 11:07:17 -0000 1.4
+++ OpenSSLCryptoSymmetricKey.hpp 15 Oct 2003 07:54:53 -0000 1.5
@@ -244,12 +244,13 @@
* but the algorithm requires one (e.g. 3DES_CBC), then
* implementations are required to generate one.
*
+ * @param doPad By default, we perform padding for last block
* @param iv Initialisation Vector to be used. NULL if one is
* not required, or if IV is to be generated
* @returns true if the initialisation succeeded.
*/
- virtual bool encryptInit(const unsigned char * iv = NULL);
+ virtual bool encryptInit(bool doPad = true, const unsigned char * iv = NULL);
/**
* \brief Continue an encryption operation using this key.
1.2 +15 -4 xml-security/c/src/enc/WinCAPI/WinCAPICryptoSymmetricKey.cpp
Index: WinCAPICryptoSymmetricKey.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoSymmetricKey.cpp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- WinCAPICryptoSymmetricKey.cpp 13 Oct 2003 11:07:42 -0000 1.1
+++ WinCAPICryptoSymmetricKey.cpp 15 Oct 2003 07:54:54 -0000 1.2
@@ -131,7 +131,10 @@
if (m_k != 0) {
-#if (_WIN32_WINNT >= 0x0400)
+#if (_WIN32_WINNT > 0x0400)
+
+ // Only supported in Win2K and above
+
if (CryptDuplicateKey(m_k,
0,
0,
@@ -142,8 +145,9 @@
}
#else
- throw XSECCryptoException(XSECCryptoException::SymmetricError,
- "Unable to clone keys in Windows NT 4.0 and below");
+
+ ret->setKey(m_keyBuf.rawBuffer(), m_keyLen);
+
#endif
}
else
@@ -583,6 +587,13 @@
// Find out how long the output will be
DWORD outl = 0;
if (!CryptEncrypt(k, 0, TRUE, 0, 0, &outl, keyLen)) {
+ DWORD error = GetLastError();
+ if (error == NTE_BAD_KEY) {
+ // We throw either way, but this is *likely* to be an unsupported OS issue
+ throw XSECCryptoException(XSECCryptoException::SymmetricError,
+ "WinCAPI:SymmetricKey::createWindowsKey - Error encrypting a key - is this >= Windows 2000?");
+ }
+
throw XSECCryptoException(XSECCryptoException::SymmetricError,
"WinCAPI:SymmetricKey - Unable to determine space required to encrypt key");
}
1.2 +3 -3 xml-security/c/src/enc/WinCAPI/WinCAPICryptoSymmetricKey.hpp
Index: WinCAPICryptoSymmetricKey.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoSymmetricKey.hpp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- WinCAPICryptoSymmetricKey.hpp 13 Oct 2003 11:07:42 -0000 1.1
+++ WinCAPICryptoSymmetricKey.hpp 15 Oct 2003 07:54:54 -0000 1.2
@@ -85,7 +85,7 @@
#include <wincrypt.h>
-#define MAX_BLOCK_SIZE 32
+#define WINCAPI_MAX_BLOCK_SIZE 32
/**
* \ingroup wincapicrypto
@@ -356,7 +356,7 @@
bool m_initialised;
bool m_doPad;
- unsigned char m_lastBlock[MAX_BLOCK_SIZE];
+ unsigned char m_lastBlock[WINCAPI_MAX_BLOCK_SIZE];
unsigned int m_bytesInLastBlock;
unsigned int m_blockSize;
unsigned int m_ivSize;