#include "internal.h"
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-static pthread_mutex_t *mutexes = NULL;
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
-
static __thread bool current_thread_initialized = false;
static size_t threads_cnt = 0;
static pthread_mutex_t init_mutex = PTHREAD_MUTEX_INITIALIZER;
return 1;
}
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-
static int RAND_METHOD_seed(UNUSED const void *buf, UNUSED int num)
{
return 1;
return 1;
}
-#else /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
-
-static void RAND_METHOD_seed(UNUSED const void *buf, UNUSED int num)
-{
-}
-
-static void RAND_METHOD_add(UNUSED const void *buf, UNUSED int num, UNUSED double entropy)
-{
-}
-
-#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
-
static int RAND_METHOD_bytes(unsigned char *buf, int num)
{
return getrandom_wrapper(buf, num);
RAND_METHOD_status,
};
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-
-static void locking_callback(int mode, int type, UNUSED const char *file, UNUSED int line)
-{
- /* Ignore NULL mutexes and lock/unlock error codes as we can't do anything
- * about them. */
-
- if (mutexes == NULL)
- return;
-
- if (mode & CRYPTO_LOCK)
- pthread_mutex_lock(&mutexes[type]);
- else if (mode & CRYPTO_UNLOCK)
- pthread_mutex_unlock(&mutexes[type]);
-}
-
-static unsigned long thread_id_callback()
-{
- return pthread_self();
-}
-
-static void destroy_mutexes(int count)
-{
- if (mutexes != NULL) {
- for (int i = 0; i < count; i++) {
- /* Ignore returned value as we can't do anything about it */
- pthread_mutex_destroy(&mutexes[i]);
- }
- yaca_free(mutexes);
- mutexes = NULL;
- }
-}
-
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
-
API int yaca_initialize(void)
{
int ret = YACA_ERROR_NONE;
OpenSSL_add_all_digests();
OpenSSL_add_all_ciphers();
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- /* enable threads support */
- assert(mutexes == NULL);
-
- if (CRYPTO_num_locks() > 0) {
- ret = yaca_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t),
- (void**)&mutexes);
-
- if (ret != YACA_ERROR_NONE)
- goto exit;
-
- for (int i = 0; i < CRYPTO_num_locks(); i++) {
- if (pthread_mutex_init(&mutexes[i], NULL) != 0) {
- ret = YACA_ERROR_NONE;
- switch (errno) {
- case ENOMEM:
- ret = YACA_ERROR_OUT_OF_MEMORY;
- break;
- case EAGAIN:
- case EPERM:
- case EBUSY:
- case EINVAL:
- default:
- ret = YACA_ERROR_INTERNAL;
- }
- destroy_mutexes(i);
-
- goto exit;
- }
- }
-
- CRYPTO_set_id_callback(thread_id_callback);
- CRYPTO_set_locking_callback(locking_callback);
- }
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
-
/*
* TODO:
* - We should also decide on OpenSSL config.
current_thread_initialized = true;
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || !defined SYS_getrandom
+#if !defined SYS_getrandom
exit:
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L || !defined SYS_getrandom */
+#endif /* !defined SYS_getrandom */
pthread_mutex_unlock(&init_mutex);
return;
/* per thread cleanup */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- ERR_remove_thread_state(NULL);
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
CRYPTO_cleanup_all_ex_data();
pthread_mutex_lock(&init_mutex);
urandom_fd = -2;
#endif /* SYS_getrandom */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- /* threads support cleanup */
- CRYPTO_set_id_callback(NULL);
- CRYPTO_set_locking_callback(NULL);
-
- destroy_mutexes(CRYPTO_num_locks());
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
}
assert(threads_cnt > 0);
/* known errors */
switch (err) {
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN):
case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN):
case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_DATA_TOO_LARGE_FOR_MODULUS):
case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_DATA_TOO_LARGE_FOR_MODULUS):
case ERR_PACK(ERR_LIB_PEM, PEM_F_GET_NAME, PEM_R_NO_START_LINE):
case ERR_PACK(ERR_LIB_PEM, PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE):
-#else /* OPENSSL_VERSION_NUMBER > 0x10100000L */
- case ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS):
- case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN):
- case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN):
-#endif /* OPENSSL_VERSION_NUMBER > 0x10100000L */
case ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL):
case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED):
case ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE):
if (ret != YACA_ERROR_NONE)
return ret;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- /* Fix for OpenSSL error in 3DES CFB1 */
- int nid = EVP_CIPHER_CTX_nid(c->cipher_ctx);
- if (nid == NID_des_ede3_cfb1)
- EVP_CIPHER_CTX_set_flags(c->cipher_ctx, EVP_CIPH_FLAG_LENGTH_BITS);
-#endif
-
if (liv != NULL)
iv_data = (unsigned char*)liv->d;
}
}
- /* Fix for OpenSSL error in 3DES CFB1 */
- if (EVP_CIPHER_CTX_test_flags(c->cipher_ctx, EVP_CIPH_FLAG_LENGTH_BITS) != 0) {
- if (input_len > INT_MAX / 8)
- return YACA_ERROR_INVALID_PARAMETER;
- input_len *= 8;
- }
-
ret = EVP_CipherUpdate(c->cipher_ctx, output, &loutput_len, input, input_len);
if (ret != 1 || loutput_len < 0) {
if (mode == EVP_CIPH_CCM_MODE && (op_type == OP_DECRYPT || op_type == OP_OPEN)) {
*output_len = loutput_len;
c->state = target_state;
-
- /* Fix for OpenSSL error in 3DES CFB1 */
- if (EVP_CIPHER_CTX_test_flags(c->cipher_ctx, EVP_CIPH_FLAG_LENGTH_BITS) != 0)
- *output_len /= 8;
-
return YACA_ERROR_NONE;
}
*output_len = loutput_len;
- /* Fix for OpenSSL error in 3DES CFB1 */
- if (EVP_CIPHER_CTX_test_flags(c->cipher_ctx, EVP_CIPH_FLAG_LENGTH_BITS) != 0)
- *output_len /= 8;
-
c->state = ENC_CTX_FINALIZED;
return YACA_ERROR_NONE;
}
#define API __attribute__ ((visibility("default")))
#define UNUSED __attribute__((unused))
-/* Functions that handle the hidden nature of internal
- * OpenSSL structures that don't exist in OpenSSL < 1.1.0
- */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-
-static inline EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx)
-{
- return ctx->pctx;
-}
-
-static inline int EVP_PKEY_up_ref(EVP_PKEY *pkey)
-{
- if (CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY) <= 0)
- return 0;
- return 1;
-}
-
-static inline RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
-{
- if (pkey->type != EVP_PKEY_RSA)
- return NULL;
- return pkey->pkey.rsa;
-}
-
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
enum yaca_context_type_e {
YACA_CONTEXT_INVALID = 0,
projects / platform / core / security / yaca.git / commitdiff