updated openssl.c to work with OpenSSL-1.1.0
diff --git a/src/openssl.c b/src/openssl.c
index f00547d..fc1f615 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -2,9 +2,11 @@
#include "configure.h"
#include "cose_int.h"
#include "crypto.h"
+#include "../build/dist/include/cn-cbor/cn-cbor.h"
#include <assert.h>
#include <memory.h>
+#include <stdbool.h>
#ifdef USE_OPEN_SSL
@@ -22,7 +24,8 @@
bool AES_CCM_Decrypt(COSE_Enveloped * pcose, int TSize, int LSize, const byte * pbKey, size_t cbKey, const byte * pbCrypto, size_t cbCrypto, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
- EVP_CIPHER_CTX ctx;
+ // EVP_CIPHER_CTX ctx; // OpenSSL-1.0.1
+ EVP_CIPHER_CTX *ctx; // OpenSSL-1.1.0
int cbOut;
byte * rgbOut = NULL;
int NSize = 15 - (LSize/8);
@@ -34,7 +37,8 @@
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
- EVP_CIPHER_CTX_init(&ctx);
+ // EVP_CIPHER_CTX_init(&ctx); // OpenSSL-1.0.1
+ ctx = EVP_CIPHER_CTX_new(); // OpenSSL-1.1.0
// Setup the IV/Nonce and put it into the message
@@ -44,7 +48,8 @@
errorReturn:
if (rgbOut != NULL) COSE_FREE(rgbOut, context);
- EVP_CIPHER_CTX_cleanup(&ctx);
+ // EVP_CIPHER_CTX_cleanup(&ctx); // OpenSSL-1.0.1
+ EVP_CIPHER_CTX_free(ctx); // OpenSSL-1.1.0
return false;
}
@@ -70,27 +75,28 @@
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
break;
}
- CHECK_CONDITION(EVP_DecryptInit_ex(&ctx, cipher, NULL, NULL, NULL), COSE_ERR_DECRYPT_FAILED);
+ CHECK_CONDITION(EVP_DecryptInit_ex(ctx, cipher, NULL, NULL, NULL), COSE_ERR_DECRYPT_FAILED);
TSize /= 8; // Comes in in bits not bytes.
- CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_L, (LSize/8), 0), COSE_ERR_DECRYPT_FAILED);
+ CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, (LSize/8), 0), COSE_ERR_DECRYPT_FAILED);
// CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, NSize, 0), COSE_ERR_DECRYPT_FAILED);
- CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, TSize, (void *) &pbCrypto[cbCrypto - TSize]), COSE_ERR_DECRYPT_FAILED);
-
- CHECK_CONDITION(EVP_DecryptInit(&ctx, 0, pbKey, rgbIV), COSE_ERR_DECRYPT_FAILED);
+ CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, TSize, (void *) &pbCrypto[cbCrypto - TSize]), COSE_ERR_DECRYPT_FAILED);
+
+ CHECK_CONDITION(EVP_DecryptInit_ex(ctx, 0, NULL, pbKey, rgbIV), COSE_ERR_DECRYPT_FAILED);
- CHECK_CONDITION(EVP_DecryptUpdate(&ctx, NULL, &cbOut, NULL, (int) cbCrypto - TSize), COSE_ERR_DECRYPT_FAILED);
-
+ CHECK_CONDITION(EVP_DecryptUpdate(ctx, NULL, &cbOut, NULL, (int) cbCrypto - TSize), COSE_ERR_DECRYPT_FAILED);
+
cbOut = (int) cbCrypto - TSize;
rgbOut = (byte *)COSE_CALLOC(cbOut, 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
- CHECK_CONDITION(EVP_DecryptUpdate(&ctx, NULL, &outl, pbAuthData, (int) cbAuthData), COSE_ERR_DECRYPT_FAILED);
+ CHECK_CONDITION(EVP_DecryptUpdate(ctx, NULL, &outl, pbAuthData, (int) cbAuthData), COSE_ERR_DECRYPT_FAILED);
- CHECK_CONDITION(EVP_DecryptUpdate(&ctx, rgbOut, &cbOut, pbCrypto, (int) cbCrypto - TSize), COSE_ERR_DECRYPT_FAILED);
+ CHECK_CONDITION(EVP_DecryptUpdate(ctx, rgbOut, &cbOut, pbCrypto, (int) cbCrypto - TSize), COSE_ERR_DECRYPT_FAILED);
- EVP_CIPHER_CTX_cleanup(&ctx);
+ // EVP_CIPHER_CTX_cleanup(&ctx); // OpenSSL-1.0.1
+ EVP_CIPHER_CTX_free(ctx); // OpenSSL-1.1.0
pcose->pbContent = rgbOut;
pcose->cbContent = cbOut;
@@ -101,7 +107,8 @@
bool AES_CCM_Encrypt(COSE_Enveloped * pcose, int TSize, int LSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
- EVP_CIPHER_CTX ctx;
+ // EVP_CIPHER_CTX ctx; // OpenSSL-1.0.1
+ EVP_CIPHER_CTX *ctx; // OpenSSL-1.1.0
int cbOut;
byte * rgbOut = NULL;
int NSize = 15 - (LSize/8);
@@ -117,7 +124,8 @@
byte * pbIV = NULL;
cn_cbor_errback cbor_error;
- EVP_CIPHER_CTX_init(&ctx);
+ //EVP_CIPHER_CTX_init(ctx); // OpenSSl-1.0.1
+ ctx = EVP_CIPHER_CTX_new(); // OpenSSL-1.1.0
switch (cbKey*8) {
case 128:
@@ -136,7 +144,8 @@
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
}
- // Setup the IV/Nonce and put it into the message
+ // Setup the IV/Nonce and put it into the message
+
cbor_iv = _COSE_map_get_int(&pcose->m_message, COSE_Header_IV, COSE_BOTH, perr);
if (cbor_iv == NULL) {
pbIV = COSE_CALLOC(NSize, 1, context);
@@ -158,27 +167,27 @@
// Setup and run the OpenSSL code
- CHECK_CONDITION(EVP_EncryptInit_ex(&ctx, cipher, NULL, NULL, NULL), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL), COSE_ERR_CRYPTO_FAIL);
TSize /= 8; // Comes in in bits not bytes.
- CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_L, (LSize/8), 0), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, (LSize/8), 0), COSE_ERR_CRYPTO_FAIL);
// CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, NSize, 0), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, TSize, NULL), COSE_ERR_CRYPTO_FAIL); // Say we are doing an 8 byte tag
+ CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, TSize, NULL), COSE_ERR_CRYPTO_FAIL); // Say we are doing an 8 byte tag
- CHECK_CONDITION(EVP_EncryptInit(&ctx, 0, pbKey, rgbIV), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptInit_ex(ctx, 0, NULL, pbKey, rgbIV), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(EVP_EncryptUpdate(&ctx, 0, &cbOut, 0, (int) pcose->cbContent), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptUpdate(ctx, 0, &cbOut, 0, (int) pcose->cbContent), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(EVP_EncryptUpdate(&ctx, NULL, &outl, pbAuthData, (int) cbAuthData), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptUpdate(ctx, NULL, &outl, pbAuthData, (int) cbAuthData), COSE_ERR_CRYPTO_FAIL);
rgbOut = (byte *)COSE_CALLOC(cbOut+TSize, 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
- CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, pcose->pbContent, (int) pcose->cbContent), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptUpdate(ctx, rgbOut, &cbOut, pcose->pbContent, (int) pcose->cbContent), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(EVP_EncryptFinal_ex(&ctx, &rgbOut[cbOut], &cbOut), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptFinal_ex(ctx, &rgbOut[cbOut], &cbOut), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, TSize, &rgbOut[pcose->cbContent]), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, TSize, &rgbOut[pcose->cbContent]), COSE_ERR_CRYPTO_FAIL);
cnTmp = cn_cbor_data_create(rgbOut, (int)pcose->cbContent + TSize, CBOR_CONTEXT_PARAM_COMMA NULL);
CHECK_CONDITION(cnTmp != NULL, COSE_ERR_CBOR);
@@ -186,8 +195,8 @@
CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cnTmp, INDEX_BODY, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR);
cnTmp = NULL;
-
- EVP_CIPHER_CTX_cleanup(&ctx);
+ //EVP_CIPHER_CTX_cleanup(&ctx); // OpenSSL-1.0.1
+ EVP_CIPHER_CTX_free(ctx); // OpenSSL-1.1.0
return true;
errorReturn:
@@ -195,13 +204,15 @@
if (cbor_iv_t != NULL) COSE_FREE(cbor_iv_t, context);
if (rgbOut != NULL) COSE_FREE(rgbOut, context);
if (cnTmp != NULL) COSE_FREE(cnTmp, context);
- EVP_CIPHER_CTX_cleanup(&ctx);
+ // EVP_CIPHER_CTX_cleanup(&ctx); // OpenSSL-1.0.1
+ EVP_CIPHER_CTX_free(ctx); // OpenSSL-1.1.0
return false;
}
bool AES_GCM_Decrypt(COSE_Enveloped * pcose, const byte * pbKey, size_t cbKey, const byte * pbCrypto, size_t cbCrypto, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
- EVP_CIPHER_CTX ctx;
+ // EVP_CIPHER_CTX ctx; // OpenSSL-1.0.1
+ EVP_CIPHER_CTX *ctx; // OpenSSL-1.1.0
int cbOut;
byte * rgbOut = NULL;
int outl = 0;
@@ -213,7 +224,8 @@
#endif
int TSize = 128 / 8;
- EVP_CIPHER_CTX_init(&ctx);
+ // EVP_CIPHER_CTX_init(&ctx); // OpenSSL-1.0.1
+ ctx = EVP_CIPHER_CTX_new(); // OpenSSL-1.1.0
// Setup the IV/Nonce and put it into the message
@@ -223,7 +235,8 @@
errorReturn:
if (rgbOut != NULL) COSE_FREE(rgbOut, context);
- EVP_CIPHER_CTX_cleanup(&ctx);
+ // EVP_CIPHER_CTX_cleanup(&ctx); // OpenSSL-1.0.1
+ EVP_CIPHER_CTX_free(ctx); // OpenSSL-1.1.0
return false;
}
@@ -252,15 +265,15 @@
// Do the setup for OpenSSL
- CHECK_CONDITION(EVP_DecryptInit_ex(&ctx, cipher, NULL, NULL, NULL), COSE_ERR_DECRYPT_FAILED);
+ CHECK_CONDITION(EVP_DecryptInit_ex(ctx, cipher, NULL, NULL, NULL), COSE_ERR_DECRYPT_FAILED);
- CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, TSize, (void *)&pbCrypto[cbCrypto - TSize]), COSE_ERR_DECRYPT_FAILED);
+ CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, TSize, (void *)&pbCrypto[cbCrypto - TSize]), COSE_ERR_DECRYPT_FAILED);
- CHECK_CONDITION(EVP_DecryptInit(&ctx, 0, pbKey, rgbIV), COSE_ERR_DECRYPT_FAILED);
+ CHECK_CONDITION(EVP_DecryptInit_ex(ctx, 0, NULL, pbKey, rgbIV), COSE_ERR_DECRYPT_FAILED);
// Pus in the AAD
- CHECK_CONDITION(EVP_DecryptUpdate(&ctx, NULL, &outl, pbAuthData, (int) cbAuthData), COSE_ERR_DECRYPT_FAILED);
+ CHECK_CONDITION(EVP_DecryptUpdate(ctx, NULL, &outl, pbAuthData, (int) cbAuthData), COSE_ERR_DECRYPT_FAILED);
//
@@ -270,17 +283,18 @@
// Process content
- CHECK_CONDITION(EVP_DecryptUpdate(&ctx, rgbOut, &cbOut, pbCrypto, (int)cbCrypto - TSize), COSE_ERR_DECRYPT_FAILED);
+ CHECK_CONDITION(EVP_DecryptUpdate(ctx, rgbOut, &cbOut, pbCrypto, (int)cbCrypto - TSize), COSE_ERR_DECRYPT_FAILED);
// Process Tag
- CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, TSize, (byte *)pbCrypto + cbCrypto - TSize), COSE_ERR_DECRYPT_FAILED);
+ CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, TSize, (byte *)pbCrypto + cbCrypto - TSize), COSE_ERR_DECRYPT_FAILED);
// Check the result
- CHECK_CONDITION(EVP_DecryptFinal(&ctx, rgbOut + cbOut, &cbOut), COSE_ERR_DECRYPT_FAILED);
+ CHECK_CONDITION(EVP_DecryptFinal(ctx, rgbOut + cbOut, &cbOut), COSE_ERR_DECRYPT_FAILED);
- EVP_CIPHER_CTX_cleanup(&ctx);
+ // EVP_CIPHER_CTX_cleanup(&ctx); // OpenSSL-1.0.1
+ EVP_CIPHER_CTX_free(ctx); // OpenSSL-1.1.0
pcose->pbContent = rgbOut;
pcose->cbContent = cbOut;
@@ -290,7 +304,8 @@
bool AES_GCM_Encrypt(COSE_Enveloped * pcose, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
- EVP_CIPHER_CTX ctx;
+ // EVP_CIPHER_CTX ctx; // OpenSSL-1.0.1
+ EVP_CIPHER_CTX *ctx; // OpenSSL-1.1.0
int cbOut;
byte * rgbOut = NULL;
int outl = 0;
@@ -305,7 +320,8 @@
cn_cbor_errback cbor_error;
// Make it first so we can clean it up
- EVP_CIPHER_CTX_init(&ctx);
+ // EVP_CIPHER_CTX_init(&ctx); // OpenSSL-1.0.1
+ ctx = EVP_CIPHER_CTX_new(); // OpenSSL-1.1.0
// Setup the IV/Nonce and put it into the message
@@ -349,34 +365,36 @@
// Setup and run the OpenSSL code
- CHECK_CONDITION(EVP_EncryptInit_ex(&ctx, cipher, NULL, NULL, NULL), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(EVP_EncryptInit(&ctx, 0, pbKey, rgbIV), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptInit_ex(ctx, 0, NULL, pbKey, rgbIV), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(EVP_EncryptUpdate(&ctx, NULL, &outl, pbAuthData, (int) cbAuthData), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptUpdate(ctx, NULL, &outl, pbAuthData, (int) cbAuthData), COSE_ERR_CRYPTO_FAIL);
rgbOut = (byte *)COSE_CALLOC(pcose->cbContent + 128/8, 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
- CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, pcose->pbContent, (int)pcose->cbContent), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptUpdate(ctx, rgbOut, &cbOut, pcose->pbContent, (int)pcose->cbContent), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(EVP_EncryptFinal_ex(&ctx, &rgbOut[cbOut], &cbOut), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptFinal_ex(ctx, &rgbOut[cbOut], &cbOut), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 128/8, &rgbOut[pcose->cbContent]), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 128/8, &rgbOut[pcose->cbContent]), COSE_ERR_CRYPTO_FAIL);
cn_cbor * cnTmp = cn_cbor_data_create(rgbOut, (int)pcose->cbContent + 128/8, CBOR_CONTEXT_PARAM_COMMA NULL);
CHECK_CONDITION(cnTmp != NULL, COSE_ERR_CBOR);
rgbOut = NULL;
CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cnTmp, INDEX_BODY, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR);
- EVP_CIPHER_CTX_cleanup(&ctx);
+ // EVP_CIPHER_CTX_cleanup(&ctx); // OpenSSl-1.0.1
+ EVP_CIPHER_CTX_free(ctx); // OpenSSL-1.1.0
return true;
errorReturn:
if (pbIV != NULL) COSE_FREE(pbIV, context);
if (cbor_iv_t != NULL) COSE_FREE(cbor_iv_t, context);
if (rgbOut != NULL) COSE_FREE(rgbOut, context);
- EVP_CIPHER_CTX_cleanup(&ctx);
+ // EVP_CIPHER_CTX_cleanup(&ctx); // OpenSSL-1.0.1
+ EVP_CIPHER_CTX_free(ctx); // OpenSSL-1.1.0
return false;
}
@@ -384,7 +402,8 @@
bool AES_CBC_MAC_Create(COSE_MacMessage * pcose, int TSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
const EVP_CIPHER * pcipher = NULL;
- EVP_CIPHER_CTX ctx;
+ // EVP_CIPHER_CTX ctx; // OpenSSL-1.0.1
+ EVP_CIPHER_CTX *ctx; // OpenSSL-1.1.0
int cbOut;
byte rgbIV[16] = { 0 };
byte * rgbOut = NULL;
@@ -395,7 +414,8 @@
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
- EVP_CIPHER_CTX_init(&ctx);
+ // EVP_CIPHER_CTX_init(&ctx); // OpenSSL-1.0.1
+ ctx = EVP_CIPHER_CTX_new(); // OpenSSL-1.1.0
rgbOut = COSE_CALLOC(16, 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
@@ -415,14 +435,14 @@
// Setup and run the OpenSSL code
- CHECK_CONDITION(EVP_EncryptInit_ex(&ctx, pcipher, NULL, pbKey, rgbIV), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptInit_ex(ctx, pcipher, NULL, pbKey, rgbIV), COSE_ERR_CRYPTO_FAIL);
for (i = 0; i < (unsigned int)cbAuthData / 16; i++) {
- CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, pbAuthData + (i * 16), 16), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptUpdate(ctx, rgbOut, &cbOut, pbAuthData + (i * 16), 16), COSE_ERR_CRYPTO_FAIL);
}
if (cbAuthData % 16 != 0) {
- CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, pbAuthData + (i * 16), cbAuthData % 16), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, rgbIV, 16 - (cbAuthData % 16)), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptUpdate(ctx, rgbOut, &cbOut, pbAuthData + (i * 16), cbAuthData % 16), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptUpdate(ctx, rgbOut, &cbOut, rgbIV, 16 - (cbAuthData % 16)), COSE_ERR_CRYPTO_FAIL);
}
cn = cn_cbor_data_create(rgbOut, TSize / 8, CBOR_CONTEXT_PARAM_COMMA NULL);
@@ -432,20 +452,23 @@
CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cn, INDEX_MAC_TAG, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR);
cn = NULL;
- EVP_CIPHER_CTX_cleanup(&ctx);
+ // EVP_CIPHER_CTX_cleanup(&ctx); // OpenSSL-1.0.1
+ EVP_CIPHER_CTX_free(ctx); // OpenSSL-1.1.0
return !f;
errorReturn:
if (rgbOut != NULL) COSE_FREE(rgbOut, context);
if (cn != NULL) CN_CBOR_FREE(cn, context);
- EVP_CIPHER_CTX_cleanup(&ctx);
+ // EVP_CIPHER_CTX_cleanup(&ctx); // OpenSSL-1.0.1
+ EVP_CIPHER_CTX_free(ctx); // OpenSSL-1.1.0
return false;
}
bool AES_CBC_MAC_Validate(COSE_MacMessage * pcose, int TSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
const EVP_CIPHER * pcipher = NULL;
- EVP_CIPHER_CTX ctx;
+ // EVP_CIPHER_CTX ctx; // OpenSSL-1.0.1
+ EVP_CIPHER_CTX *ctx; // OpenSSL-1.1.0
int cbOut;
byte rgbIV[16] = { 0 };
byte rgbTag[16] = { 0 };
@@ -467,17 +490,18 @@
// Setup and run the OpenSSL code
- EVP_CIPHER_CTX_init(&ctx);
- CHECK_CONDITION(EVP_EncryptInit_ex(&ctx, pcipher, NULL, pbKey, rgbIV), COSE_ERR_CRYPTO_FAIL);
+ // EVP_CIPHER_CTX_init(&ctx); // OpenSSL-1.0.1
+ ctx = EVP_CIPHER_CTX_new(); // OpenSSL-1.1.0
+ CHECK_CONDITION(EVP_EncryptInit_ex(ctx, pcipher, NULL, pbKey, rgbIV), COSE_ERR_CRYPTO_FAIL);
TSize /= 8;
for (i = 0; i < (unsigned int) cbAuthData / 16; i++) {
- CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbTag, &cbOut, pbAuthData+(i*16), 16), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptUpdate(ctx, rgbTag, &cbOut, pbAuthData+(i*16), 16), COSE_ERR_CRYPTO_FAIL);
}
if (cbAuthData % 16 != 0) {
- CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbTag, &cbOut, pbAuthData + (i * 16), cbAuthData % 16), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbTag, &cbOut, rgbIV, 16 - (cbAuthData % 16)), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptUpdate(ctx, rgbTag, &cbOut, pbAuthData + (i * 16), cbAuthData % 16), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptUpdate(ctx, rgbTag, &cbOut, rgbIV, 16 - (cbAuthData % 16)), COSE_ERR_CRYPTO_FAIL);
}
cn_cbor * cn = _COSE_arrayget_int(&pcose->m_message, INDEX_MAC_TAG);
@@ -485,11 +509,13 @@
for (i = 0; i < (unsigned int)TSize; i++) f |= (cn->v.bytes[i] != rgbTag[i]);
- EVP_CIPHER_CTX_cleanup(&ctx);
+ // EVP_CIPHER_CTX_cleanup(&ctx); // OpenSSL-1.0.1
+ EVP_CIPHER_CTX_free(ctx); // OpenSSL-1.1.0
return !f;
errorReturn:
- EVP_CIPHER_CTX_cleanup(&ctx);
+ // EVP_CIPHER_CTX_cleanup(&ctx); // OpenSSL-1.0.1
+ EVP_CIPHER_CTX_free(ctx); // OpenSSL-1.1.0
return false;
}
@@ -545,7 +571,8 @@
bool HKDF_AES_Expand(COSE * pcose, size_t cbitKey, const byte * pbPRK, size_t cbPRK, const byte * pbInfo, size_t cbInfo, byte * pbOutput, size_t cbOutput, cose_errback * perr)
{
const EVP_CIPHER * pcipher = NULL;
- EVP_CIPHER_CTX ctx;
+ // EVP_CIPHER_CTX ctx; // OpenSSL-1.0.1
+ EVP_CIPHER_CTX *ctx; // OpenSSL-1.1.0
int cbOut;
byte rgbIV[16] = { 0 };
byte bCount = 1;
@@ -556,7 +583,8 @@
UNUSED(pcose);
- EVP_CIPHER_CTX_init(&ctx);
+ // EVP_CIPHER_CTX_init(&ctx); // OpenSSL-1.0.1
+ ctx = EVP_CIPHER_CTX_new(); // OpenSSL-1.1.0
switch (cbitKey) {
case 128:
@@ -578,26 +606,28 @@
for (ib = 0; ib < cbOutput; ib += 16, bCount += 1) {
size_t ib2;
- CHECK_CONDITION(EVP_EncryptInit_ex(&ctx, pcipher, NULL, pbPRK, rgbIV), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptInit_ex(ctx, pcipher, NULL, pbPRK, rgbIV), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, rgbDigest, cbDigest), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptUpdate(ctx, rgbOut, &cbOut, rgbDigest, cbDigest), COSE_ERR_CRYPTO_FAIL);
for (ib2 = 0; ib2 < cbInfo; ib2+=16) {
- CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, pbInfo+ib2, (int) MIN(16, cbInfo-ib2)), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptUpdate(ctx, rgbOut, &cbOut, pbInfo+ib2, (int) MIN(16, cbInfo-ib2)), COSE_ERR_CRYPTO_FAIL);
}
- CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, &bCount, 1), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptUpdate(ctx, rgbOut, &cbOut, &bCount, 1), COSE_ERR_CRYPTO_FAIL);
if ((cbInfo + 1) % 16 != 0) {
- CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, rgbIV, (int) 16-(cbInfo+1)%16), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(EVP_EncryptUpdate(ctx, rgbOut, &cbOut, rgbIV, (int) 16-(cbInfo+1)%16), COSE_ERR_CRYPTO_FAIL);
}
memcpy(rgbDigest, rgbOut, cbOut);
cbDigest = cbOut;
memcpy(pbOutput + ib, rgbDigest, MIN(16, cbOutput - ib));
}
- EVP_CIPHER_CTX_cleanup(&ctx);
+ // EVP_CIPHER_CTX_cleanup(&ctx); // OpenSSL-1.0.1
+ EVP_CIPHER_CTX_free(ctx); // OpenSSL-1.1.0
return true;
errorReturn:
- EVP_CIPHER_CTX_cleanup(&ctx);
+ // EVP_CIPHER_CTX_cleanup(&ctx); // OpenSSL-1.0.1
+ EVP_CIPHER_CTX_free(ctx); // OpenSSL-1.1.0
return false;
}
@@ -607,15 +637,18 @@
byte rgbSalt[EVP_MAX_MD_SIZE] = { 0 };
int cbSalt;
cn_cbor * cnSalt;
- HMAC_CTX ctx;
+ // HMAC_CTX ctx; // OpenSSL-1.0.1
+ HMAC_CTX *ctx; // OpenSSL-1.1.0
const EVP_MD * pmd = NULL;
unsigned int cbDigest;
- HMAC_CTX_init(&ctx);
+ // HMAC_CTX_init(&ctx); // OpenSSL-1.0.1
+ ctx = HMAC_CTX_new(); // OpenSSL-1.1.0
if (0) {
errorReturn:
- HMAC_cleanup(&ctx);
+ // HMAC_cleanup(&ctx); // OpenSSL-1.0.1
+ HMAC_CTX_free(ctx); // OpenSSL-1.1.0
return false;
}
@@ -629,21 +662,23 @@
cnSalt = _COSE_map_get_int(pcose, COSE_Header_HKDF_salt, COSE_BOTH, perr);
if (cnSalt != NULL) {
- CHECK_CONDITION(HMAC_Init(&ctx, cnSalt->v.bytes, (int) cnSalt->length, pmd), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(HMAC_Init_ex(ctx, cnSalt->v.bytes, (int) cnSalt->length, pmd, NULL), COSE_ERR_CRYPTO_FAIL); // OpenSSL-1.1.0
}
else {
- CHECK_CONDITION(HMAC_Init(&ctx, rgbSalt, cbSalt, pmd), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(HMAC_Init_ex(ctx, rgbSalt, cbSalt, pmd, NULL), COSE_ERR_CRYPTO_FAIL); // OpenSSL-1.1.0
}
- CHECK_CONDITION(HMAC_Update(&ctx, pbKey, (int)cbKey), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(HMAC_Final(&ctx, rgbDigest, &cbDigest), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(HMAC_Update(ctx, pbKey, (int)cbKey), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(HMAC_Final(ctx, rgbDigest, &cbDigest), COSE_ERR_CRYPTO_FAIL);
*pcbDigest = cbDigest;
- HMAC_cleanup(&ctx);
+ // HMAC_cleanup(&ctx); // OpenSSL-1.0.1
+ HMAC_CTX_free(ctx); // OpenSSL-1.1.0
return true;
}
bool HKDF_Expand(COSE * pcose, size_t cbitDigest, const byte * pbPRK, size_t cbPRK, const byte * pbInfo, size_t cbInfo, byte * pbOutput, size_t cbOutput, cose_errback * perr)
{
- HMAC_CTX ctx;
+ // HMAC_CTX ctx; // OpenSSL-1.0.1
+ HMAC_CTX *ctx; // OpenSSL-1.1.0
const EVP_MD * pmd = NULL;
size_t ib;
unsigned int cbDigest = 0;
@@ -652,11 +687,13 @@
UNUSED(pcose);
- HMAC_CTX_init(&ctx);
+ // HMAC_CTX_init(&ctx); // OpenSSL-1.1.0
+ ctx = HMAC_CTX_new();
if (0) {
errorReturn:
- HMAC_cleanup(&ctx);
+ // HMAC_cleanup(&ctx); // OpenSSL-1.0.1
+ HMAC_CTX_free(ctx); // OpenSSL-1.1.0
return false;
}
@@ -669,23 +706,25 @@
for (ib = 0; ib < cbOutput; ib += cbDigest, bCount += 1) {
- CHECK_CONDITION(HMAC_Init_ex(&ctx, pbPRK, (int)cbPRK, pmd, NULL), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(HMAC_Update(&ctx, rgbDigest, cbDigest), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(HMAC_Update(&ctx, pbInfo, cbInfo), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(HMAC_Update(&ctx, &bCount, 1), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(HMAC_Final(&ctx, rgbDigest, &cbDigest), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(HMAC_Init_ex(ctx, pbPRK, (int)cbPRK, pmd, NULL), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(HMAC_Update(ctx, rgbDigest, cbDigest), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(HMAC_Update(ctx, pbInfo, cbInfo), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(HMAC_Update(ctx, &bCount, 1), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(HMAC_Final(ctx, rgbDigest, &cbDigest), COSE_ERR_CRYPTO_FAIL);
memcpy(pbOutput + ib, rgbDigest, MIN(cbDigest, cbOutput - ib));
}
- HMAC_cleanup(&ctx);
+ // HMAC_cleanup(&ctx); // OpenSSL-1.0.1
+ HMAC_CTX_free(ctx); // OpenSSL-1.1.0
return true;
}
bool HMAC_Create(COSE_MacMessage * pcose, int HSize, int TSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
- HMAC_CTX ctx;
+ // HMAC_CTX ctx; // OpenSSL-1.0.1
+ HMAC_CTX *ctx; // OpenSSL-1.1.0
const EVP_MD * pmd = NULL;
byte * rgbOut = NULL;
unsigned int cbOut;
@@ -693,12 +732,14 @@
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
- HMAC_CTX_init(&ctx);
+ // HMAC_CTX_init(&ctx); // OpenSSL-1.0.1
+ ctx = HMAC_CTX_new(); // OpenSSL-1.1.0
if (0) {
errorReturn:
COSE_FREE(rgbOut, context);
- HMAC_cleanup(&ctx);
+ // HMAC_cleanup(&ctx); // OpenSSL-1.0.1
+ HMAC_CTX_free(ctx); // OpenSSL-1.1.0
return false;
}
@@ -712,19 +753,21 @@
rgbOut = COSE_CALLOC(EVP_MAX_MD_SIZE, 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
- CHECK_CONDITION(HMAC_Init(&ctx, pbKey, (int) cbKey, pmd), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(HMAC_Update(&ctx, pbAuthData, cbAuthData), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(HMAC_Final(&ctx, rgbOut, &cbOut), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(HMAC_Init_ex(ctx, pbKey, (int) cbKey, pmd, NULL), COSE_ERR_CRYPTO_FAIL); // OpenSSL-1.1.0
+ CHECK_CONDITION(HMAC_Update(ctx, pbAuthData, cbAuthData), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(HMAC_Final(ctx, rgbOut, &cbOut), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cn_cbor_data_create(rgbOut, TSize / 8, CBOR_CONTEXT_PARAM_COMMA NULL), INDEX_MAC_TAG, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR);
- HMAC_cleanup(&ctx);
+ // HMAC_cleanup(&ctx); // OpenSSL-1.0.1
+ HMAC_CTX_free(ctx); // OpenSSL-1.1.0
return true;
}
bool HMAC_Validate(COSE_MacMessage * pcose, int HSize, int TSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
- HMAC_CTX ctx;
+ // HMAC_CTX ctx; // OpenSSL-1.0.1
+ HMAC_CTX *ctx; // OpenSSL-1.1.0
const EVP_MD * pmd = NULL;
byte * rgbOut = NULL;
unsigned int cbOut;
@@ -734,7 +777,8 @@
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
- HMAC_CTX_init(&ctx);
+ // HMAC_CTX_init(&ctx); // OpenSSL-1.0.1
+ ctx = HMAC_CTX_new(); // OpenSSL-1.1.0
switch (HSize) {
case 256: pmd = EVP_sha256(); break;
@@ -746,9 +790,9 @@
rgbOut = COSE_CALLOC(EVP_MAX_MD_SIZE, 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
- CHECK_CONDITION(HMAC_Init(&ctx, pbKey, (int) cbKey, pmd), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(HMAC_Update(&ctx, pbAuthData, cbAuthData), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(HMAC_Final(&ctx, rgbOut, &cbOut), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(HMAC_Init_ex(ctx, pbKey, (int) cbKey, pmd, NULL), COSE_ERR_CRYPTO_FAIL); // OpenSSL-1.1.0
+ CHECK_CONDITION(HMAC_Update(ctx, pbAuthData, cbAuthData), COSE_ERR_CRYPTO_FAIL);
+ CHECK_CONDITION(HMAC_Final(ctx, rgbOut, &cbOut), COSE_ERR_CRYPTO_FAIL);
cn_cbor * cn = _COSE_arrayget_int(&pcose->m_message, INDEX_MAC_TAG);
CHECK_CONDITION(cn != NULL, COSE_ERR_CBOR);
@@ -756,12 +800,14 @@
if (cn->length > (int) cbOut) return false;
for (i = 0; i < (unsigned int) TSize/8; i++) f |= (cn->v.bytes[i] != rgbOut[i]);
- HMAC_cleanup(&ctx);
+ // HMAC_cleanup(&ctx); // OpenSSL-1.0.1
+ HMAC_CTX_free(ctx); // OpenSSL-1.1.0
return !f;
errorReturn:
COSE_FREE(rgbOut, context);
- HMAC_cleanup(&ctx);
+ // HMAC_cleanup(&ctx); // OpenSSL-1.0.1
+ HMAC_CTX_free(ctx); // OpenSSL-1.1.0
return false;
}
@@ -992,11 +1038,17 @@
pbSig = COSE_CALLOC(cbR, 2, context);
CHECK_CONDITION(pbSig != NULL, COSE_ERR_OUT_OF_MEMORY);
- cb = BN_bn2bin(psig->r, rgbSig);
+ // cb = BN_bn2bin(psig->r, rgbSig); // OpenSSL-1.0.1
+ const BIGNUM *r; // OpenSSL-1.1.0
+ ECDSA_SIG_get0(psig, &r, NULL); // OpenSSL-1.1.0
+ cb = BN_bn2bin(r, rgbSig); // OpenSSL-1.1.0
CHECK_CONDITION(cb <= cbR, COSE_ERR_INVALID_PARAMETER);
memcpy(pbSig + cbR - cb, rgbSig, cb);
- cb = BN_bn2bin(psig->s, rgbSig);
+ // cb = BN_bn2bin(psig->s, rgbSig); // OpenSSL-1.0.1
+ const BIGNUM *s; // OpenSSL-1.1.0
+ ECDSA_SIG_get0(psig, NULL, &s); // OpenSSL-1.1.0
+ cb = BN_bn2bin(s, rgbSig); // OpenSSL-1.1.0
CHECK_CONDITION(cb <= cbR, COSE_ERR_INVALID_PARAMETER);
memcpy(pbSig + 2*cbR - cb, rgbSig, cb);
@@ -1022,16 +1074,23 @@
cn_cbor_context * context = &pSigner->m_allocContext;
#endif
cn_cbor * p = NULL;
- ECDSA_SIG sig = { NULL, NULL };
+ // ECDSA_SIG sig = { NULL, NULL }; // OpenSSL-1.0.1
+ ECDSA_SIG *sig = NULL; // OpenSSL-1.1.0
+ sig = ECDSA_SIG_new(); // OpenSSL-1.1.0
int cbR;
cn_cbor * pSig;
size_t cbSignature;
+ const BIGNUM *r, *s; // OpenSSl-1.1.0
+ ECDSA_SIG_get0(sig, &r, &s); // OpenSSL-1.1.0
+
eckey = ECKey_From(pKey, &cbR, perr);
if (eckey == NULL) {
errorReturn:
- if (sig.r != NULL) BN_free(sig.r);
- if (sig.s != NULL) BN_free(sig.s);
+ // if (sig.r != NULL) BN_free(sig.r); // OpenSSL-1.0.1
+ if (r != NULL) BN_free(r); // OpenSSL-1.1.0
+ // if (sig.s != NULL) BN_free(sig.s); // OpenSSL-1.0.1
+ if (s != NULL) BN_free(s); // OpenSSL-1.1.0
if (p != NULL) CN_CBOR_FREE(p, context);
if (eckey != NULL) EC_KEY_free(eckey);
return false;
@@ -1051,13 +1110,18 @@
cbSignature = pSig->length;
CHECK_CONDITION(cbSignature / 2 == cbR, COSE_ERR_INVALID_PARAMETER);
- sig.r = BN_bin2bn(pSig->v.bytes,(int) cbSignature/2, NULL);
- sig.s = BN_bin2bn(pSig->v.bytes+cbSignature/2, (int) cbSignature/2, NULL);
+ //sig.r = BN_bin2bn(pSig->v.bytes,(int) cbSignature/2, NULL); // OpenSSL-1.0.1
+ r = BN_bin2bn(pSig->v.bytes,(int) cbSignature/2, NULL); // OpenSSL-1.1.0
+ //sig.s = BN_bin2bn(pSig->v.bytes+cbSignature/2, (int) cbSignature/2, NULL); //OpenSSL-1.0.1
+ s = BN_bin2bn(pSig->v.bytes+cbSignature/2, (int) cbSignature/2, NULL); // OpenSSL-1.1.0
- CHECK_CONDITION(ECDSA_do_verify(rgbDigest, cbDigest, &sig, eckey) == 1, COSE_ERR_CRYPTO_FAIL);
+ // CHECK_CONDITION(ECDSA_do_verify(rgbDigest, cbDigest, &sig, eckey) == 1, COSE_ERR_CRYPTO_FAIL); // OpenSSL-1.0.1
+ CHECK_CONDITION(ECDSA_do_verify(rgbDigest, cbDigest, sig, eckey) == 1, COSE_ERR_CRYPTO_FAIL); // OpenSSL-1.1.0
- BN_free(sig.r);
- BN_free(sig.s);
+ // BN_free(sig.r); // OpenSSL-1.0.1
+ BN_free(r); // OpenSSL-1.1.0
+ // BN_free(sig.s); // OpenSSL-1.0.1
+ BN_free(s); // OpenSSL-1.1.0
if (eckey != NULL) EC_KEY_free(eckey);
return true;