42 #include <openssl/bio.h>
43 #include <openssl/pem.h>
44 #include <openssl/dh.h>
45 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
46 #include <openssl/core_names.h>
47 #include <openssl/param_build.h>
57 -----BEGIN DH PARAMETERS-----
58 MIIBiAKCAYEAzcEAf3ZCkm0FxJLgKd1YoT16Hietl7QV8VgJNc5CYKmRu/gKylxT
59 MVZJqtUmoh2IvFHCfbTGEmZM5LdVaZfMLQf7yXjecg0nSGklYZeQQ3P0qshFLbI9
60 u3z1XhEeCbEZPq84WWwXacSAAxwwRRrN5nshgAavqvyDiGNi+GqYpqGPb9JE38R3
61 GJ51FTPutZlvQvEycjCbjyajhpItBB+XvIjWj2GQyvi+cqB0WrPQAsxCOPrBTCZL
62 OjM0NfJ7PQfllw3RDQev2u1Q+Rt8QyScJQCFUj/SWoxpw2ydpWdgAkrqTmdVYrev
63 x5AoXE52cVIC8wfOxaaJ4cBpnJui3Y0jZcOQj0FtC0wf4WcBpHnLLBzKSOQwbxts
64 WE8LkskPnwwrup/HqWimFFg40bC9F5Lm3CTDCb45mtlBxi3DydIbRLFhGAjlKzV3
65 s9G3opHwwfgXpFf3+zg7NPV3g1//HLgWCvooOvMqaO+X7+lXczJJLMafEaarcAya
67 -----END DH PARAMETERS-----
76 #if OPENSSL_VERSION_NUMBER < 0x10100000L
79 if (pkey->type != EVP_PKEY_DH) {
86 const BIGNUM **p,
const BIGNUM **q,
const BIGNUM **g)
96 static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
101 if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL))
116 dh->length = BN_num_bits(q);
122 const BIGNUM **pub_key,
const BIGNUM **priv_key)
125 *pub_key = dh->pub_key;
126 if (priv_key != NULL)
127 *priv_key = dh->priv_key;
136 if (dh->pub_key == NULL && pub_key == NULL)
138 if (pub_key != NULL) {
139 BN_free(dh->pub_key);
140 dh->pub_key = pub_key;
142 if (priv_key != NULL) {
143 BN_free(dh->priv_key);
144 dh->priv_key = priv_key;
155 if (d->pub_key == NULL && pub_key == NULL)
157 if (pub_key != NULL) {
159 d->pub_key = pub_key;
161 if (priv_key != NULL) {
162 BN_free(d->priv_key);
163 d->priv_key = priv_key;
170 static EVP_PKEY *dhparms = [] {
171 EVP_PKEY *dhParam = 0;
173 BIO *biop = BIO_new(BIO_s_mem());
175 PEM_read_bio_Parameters(biop, &dhParam);
189 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
190 const bool skipcheck = EVP_PKEY_parameters_eq(pkey, dhparms);
192 const bool skipcheck = EVP_PKEY_cmp_parameters(pkey, dhparms);
194 if (skipcheck)
return 1;
197 #if OPENSSL_VERSION_NUMBER < 0x10101000L
201 rc = (rc == 0 ? 1 : 0);
207 EVP_PKEY_CTX *ckctx = EVP_PKEY_CTX_new(pkey, 0);
208 rc = EVP_PKEY_param_check(ckctx);
209 EVP_PKEY_CTX_free(ckctx);
219 return (EVP_get_cipherbyname(cip) != 0);
239 char cipnam[64] = {
"bf-cbc"};
240 if (t && strcmp(t,
"default")) {
244 cipher = EVP_get_cipherbyname(cipnam);
248 l = (l > EVP_MAX_KEY_LENGTH) ? EVP_MAX_KEY_LENGTH : l;
249 int ldef = EVP_CIPHER_key_length(cipher);
250 int lgen = (l > ldef) ? l : ldef;
255 ctx = EVP_CIPHER_CTX_new();
259 if (l && l != ldef) {
260 EVP_CipherInit_ex(ctx, cipher, 0, 0, 0, 1);
261 EVP_CIPHER_CTX_set_key_length(ctx,l);
262 EVP_CipherInit_ex(ctx, 0, 0, (
unsigned char *)ktmp, 0, 1);
263 if (l == EVP_CIPHER_CTX_key_length(ctx)) {
270 EVP_CipherInit_ex(ctx, cipher, 0, (
unsigned char *)ktmp, 0, 1);
288 const char *k,
int liv,
const char *iv)
303 char cipnam[64] = {
"bf-cbc"};
304 if (t && strcmp(t,
"default")) {
308 cipher = EVP_get_cipherbyname(cipnam);
312 ctx = EVP_CIPHER_CTX_new();
316 if (l != EVP_CIPHER_key_length(cipher))
332 EVP_CipherInit_ex(ctx, cipher, 0, (
unsigned char *)
Buffer(), 0, 1);
334 EVP_CipherInit_ex(ctx, cipher, 0, 0, 0, 1);
335 EVP_CIPHER_CTX_set_key_length(ctx,
Length());
336 EVP_CipherInit_ex(ctx, 0, 0, (
unsigned char *)
Buffer(), 0, 1);
355 if (bck && bck->
size > 0) {
384 char *buf =
new char[ltyp+1];
386 memcpy(buf,bp+cur,ltyp);
388 cipher = EVP_get_cipherbyname(buf);
390 cipher = EVP_get_cipherbyname(
"bf-cbc");
404 char *buf =
new char[livc];
406 memcpy(buf,bp+cur,livc);
417 char *buf =
new char[lbuf];
419 memcpy(buf,bp+cur,lbuf);
422 if (cipher && lbuf != EVP_CIPHER_key_length(cipher))
429 if (lp > 0 || lg > 0 || lpub > 0 || lpri > 0) {
431 BIGNUM *p = NULL, *g = NULL;
432 BIGNUM *pub = NULL, *pri = NULL;
435 buf =
new char[lp+1];
437 memcpy(buf,bp+cur,lp);
447 buf =
new char[lg+1];
449 memcpy(buf,bp+cur,lg);
459 buf =
new char[lpub+1];
461 memcpy(buf,bp+cur,lpub);
471 buf =
new char[lpri+1];
473 memcpy(buf,bp+cur,lpri);
481 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
482 OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new();
483 if (p) OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p);
484 if (g) OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g);
485 if (pub) OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub);
486 if (pri) OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, pri);
487 OSSL_PARAM *params = OSSL_PARAM_BLD_to_param(bld);
488 OSSL_PARAM_BLD_free(bld);
491 if (pub) BN_free(pub);
492 if (pri) BN_free(pri);
493 EVP_PKEY_CTX *pkctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, 0);
494 EVP_PKEY_fromdata_init(pkctx);
495 EVP_PKEY_fromdata(pkctx, &fDH, EVP_PKEY_KEYPAIR, params);
496 EVP_PKEY_CTX_free(pkctx);
497 OSSL_PARAM_free(params);
502 fDH = EVP_PKEY_new();
503 EVP_PKEY_assign_DH(fDH, dh);
513 ctx = EVP_CIPHER_CTX_new();
516 EVP_CipherInit_ex(ctx, cipher, 0, (
unsigned char *)
Buffer(), 0, 1);
518 EVP_CipherInit_ex(ctx, cipher, 0, 0, 0, 1);
519 EVP_CIPHER_CTX_set_key_length(ctx,
Length());
520 EVP_CipherInit_ex(ctx, 0, 0, (
unsigned char *)
Buffer(), 0, 1);
532 int lpub,
const char *t)
542 EPNAME(
"sslCipher::XrdCryptosslCipher");
554 DEBUG(
"generate DH parameters");
587 DEBUG(
"configure DH parameters");
590 EVP_PKEY_CTX *pkctx = EVP_PKEY_CTX_new(dhparms, 0);
591 EVP_PKEY_keygen_init(pkctx);
592 EVP_PKEY_keygen(pkctx, &fDH);
593 EVP_PKEY_CTX_free(pkctx);
596 ctx = EVP_CIPHER_CTX_new();
602 DEBUG(
"initialize cipher from key-agreement buffer");
608 char *pb = strstr(pub,
"---BPUB---");
609 char *pe = strstr(pub,
"---EPUB--");
611 lpub = (int)(pb-pub);
614 BN_hex2bn(&bnpub, pb);
620 BIO *biop = BIO_new(BIO_s_mem());
624 BIO_write(biop,pub,lpub);
627 EVP_PKEY *dhParam = 0;
628 PEM_read_bio_Parameters(biop, &dhParam);
633 EVP_PKEY_CTX *pkctx = EVP_PKEY_CTX_new(dhParam, 0);
634 EVP_PKEY_keygen_init(pkctx);
635 EVP_PKEY_keygen(pkctx, &fDH);
636 EVP_PKEY_CTX_free(pkctx);
639 ltmp = EVP_PKEY_size(fDH);
640 ktmp =
new char[ltmp];
641 memset(ktmp, 0, ltmp);
644 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
646 OSSL_PARAM *params1 = 0;
647 EVP_PKEY_todata( dhParam, EVP_PKEY_KEY_PARAMETERS, ¶ms1 );
648 OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new();
649 OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, bnpub);
650 OSSL_PARAM *params2 = OSSL_PARAM_BLD_to_param(bld);
651 OSSL_PARAM_BLD_free(bld);
652 OSSL_PARAM *params = OSSL_PARAM_merge( params1, params2 );
653 pkctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, 0);
654 EVP_PKEY_fromdata_init(pkctx);
655 EVP_PKEY_fromdata(pkctx, &peer, EVP_PKEY_KEYPAIR, params);
656 EVP_PKEY_CTX_free(pkctx);
657 OSSL_PARAM_free(params);
658 OSSL_PARAM_free(params1);
659 OSSL_PARAM_free(params2);
663 EVP_PKEY *peer = EVP_PKEY_new();
664 EVP_PKEY_assign_DH(peer, dh);
667 pkctx = EVP_PKEY_CTX_new(fDH, 0);
668 EVP_PKEY_derive_init(pkctx);
669 #if OPENSSL_VERSION_NUMBER >= 0x10101000L
670 EVP_PKEY_CTX_set_dh_pad(pkctx, padded);
672 EVP_PKEY_derive_set_peer(pkctx, peer);
673 EVP_PKEY_derive(pkctx, (
unsigned char *)ktmp, <mp);
674 EVP_PKEY_CTX_free(pkctx);
677 #if OPENSSL_VERSION_NUMBER < 0x10101000L
679 int pad = EVP_PKEY_size(fDH) - ltmp;
681 memmove(ktmp + pad, ktmp, ltmp);
682 memset(ktmp, 0, pad);
692 EVP_PKEY_free(dhParam);
702 ctx = EVP_CIPHER_CTX_new();
705 char cipnam[64] = {
"bf-cbc"};
706 if (t && strcmp(t,
"default")) {
710 if ((cipher = EVP_get_cipherbyname(cipnam))) {
712 ltmp = (ltmp > EVP_MAX_KEY_LENGTH) ? EVP_MAX_KEY_LENGTH : ltmp;
713 int ldef = EVP_CIPHER_key_length(cipher);
715 if ((
int)ltmp != ldef) {
716 EVP_CipherInit_ex(ctx, cipher, 0, 0, 0, 1);
717 EVP_CIPHER_CTX_set_key_length(ctx,ltmp);
718 EVP_CipherInit_ex(ctx, 0, 0, (
unsigned char *)ktmp, 0, 1);
719 if ((
int)ltmp == EVP_CIPHER_CTX_key_length(ctx)) {
726 EVP_CipherInit_ex(ctx, cipher, 0, (
unsigned char *)ktmp, 0, 1);
736 if (ktmp) {
delete[] ktmp; ktmp = 0;}
751 deflength = c.deflength;
767 if (valid && c.fDH) {
769 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
770 BIGNUM *p = BN_new();
771 BIGNUM *g = BN_new();
772 BIGNUM *pub = BN_new();
773 BIGNUM *pri = BN_new();
774 OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new();
775 if (EVP_PKEY_get_bn_param(c.fDH, OSSL_PKEY_PARAM_FFC_P, &p) == 1)
776 OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p);
777 if (EVP_PKEY_get_bn_param(c.fDH, OSSL_PKEY_PARAM_FFC_G, &g) == 1)
778 OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g);
779 if (EVP_PKEY_get_bn_param(c.fDH, OSSL_PKEY_PARAM_PUB_KEY, &pub) == 1)
780 OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub);
781 if (EVP_PKEY_get_bn_param(c.fDH, OSSL_PKEY_PARAM_PRIV_KEY, &pri) == 1)
782 OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, pri);
783 OSSL_PARAM *params = OSSL_PARAM_BLD_to_param(bld);
784 OSSL_PARAM_BLD_free(bld);
789 EVP_PKEY_CTX *pkctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, 0);
790 EVP_PKEY_fromdata_init(pkctx);
791 EVP_PKEY_fromdata(pkctx, &fDH, EVP_PKEY_KEYPAIR, params);
792 EVP_PKEY_CTX_free(pkctx);
793 OSSL_PARAM_free(params);
799 DH_set0_pqg(dh, p ? BN_dup(p) : NULL, NULL, g ? BN_dup(g) : NULL);
800 const BIGNUM *pub, *pri;
802 DH_set0_key(dh, pub ? BN_dup(pub) : NULL, pri ? BN_dup(pri) : NULL);
803 fDH = EVP_PKEY_new();
804 EVP_PKEY_assign_DH(fDH, dh);
814 ctx = EVP_CIPHER_CTX_new();
834 EVP_CIPHER_CTX_free(ctx);
852 char *pub,
int lpub,
const char *t)
859 EPNAME(
"sslCipher::Finalize");
862 DEBUG(
"DH undefined: this cipher cannot be finalized"
874 char *pb =
static_cast<char*
>(memmem(pub, lpub,
"---BPUB---", 10));
875 char *pe =
static_cast<char*
>(memmem(pub, lpub,
"---EPUB--", 9));
880 BN_hex2bn(&bnpub, pb);
885 ltmp = EVP_PKEY_size(fDH);
886 ktmp =
new char[ltmp];
888 memset(ktmp, 0, ltmp);
891 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
892 EVP_PKEY *peer =
nullptr;
893 OSSL_PARAM *params1 =
nullptr;
894 EVP_PKEY_todata(fDH, EVP_PKEY_KEY_PARAMETERS, ¶ms1);
895 OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new();
896 OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, bnpub);
897 OSSL_PARAM *params2 = OSSL_PARAM_BLD_to_param(bld);
898 OSSL_PARAM_BLD_free(bld);
899 OSSL_PARAM *params = OSSL_PARAM_merge(params1, params2);
900 pkctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, 0);
901 EVP_PKEY_fromdata_init(pkctx);
902 EVP_PKEY_fromdata(pkctx, &peer, EVP_PKEY_PUBLIC_KEY, params);
903 OSSL_PARAM_free(params1);
904 OSSL_PARAM_free(params2);
905 OSSL_PARAM_free(params);
906 EVP_PKEY_CTX_free(pkctx);
910 EVP_PKEY *peer = EVP_PKEY_new();
911 EVP_PKEY_assign_DH(peer, dh);
914 pkctx = EVP_PKEY_CTX_new(fDH, 0);
915 EVP_PKEY_derive_init(pkctx);
916 #if OPENSSL_VERSION_NUMBER >= 0x10101000L
917 EVP_PKEY_CTX_set_dh_pad(pkctx, padded);
919 EVP_PKEY_derive_set_peer(pkctx, peer);
920 EVP_PKEY_derive(pkctx, (
unsigned char *)ktmp, <mp);
921 EVP_PKEY_CTX_free(pkctx);
924 #if OPENSSL_VERSION_NUMBER < 0x10101000L
926 int pad = EVP_PKEY_size(fDH) - ltmp;
928 memmove(ktmp + pad, ktmp, ltmp);
929 memset(ktmp, 0, pad);
944 char cipnam[64] = {
"bf-cbc"};
945 if (t && strcmp(t,
"default")) {
949 if ((cipher = EVP_get_cipherbyname(cipnam))) {
951 ltmp = (ltmp > EVP_MAX_KEY_LENGTH) ? EVP_MAX_KEY_LENGTH : ltmp;
952 int ldef = EVP_CIPHER_key_length(cipher);
954 if ((
int)ltmp != ldef) {
955 EVP_CipherInit_ex(ctx, cipher, 0, 0, 0, 1);
956 EVP_CIPHER_CTX_set_key_length(ctx,ltmp);
957 EVP_CipherInit_ex(ctx, 0, 0, (
unsigned char *)ktmp, 0, 1);
958 if ((
int)ltmp == EVP_CIPHER_CTX_key_length(ctx)) {
965 EVP_CipherInit_ex(ctx, cipher, 0, (
unsigned char *)ktmp, 0, 1);
973 if (ktmp) {
delete[] ktmp; ktmp = 0;}
978 EVP_CIPHER_CTX_free(ctx);
987 int XrdCryptosslCipher::Publen()
990 static int lhdr = strlen(
"-----BEGIN DH PARAMETERS-----"
991 "-----END DH PARAMETERS-----") + 3;
994 int l = 2 * EVP_PKEY_size(fDH);
1010 static int lhend = strlen(
"-----END DH PARAMETERS-----");
1015 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
1016 BIGNUM *pub = BN_new();
1017 EVP_PKEY_get_bn_param(fDH, OSSL_PKEY_PARAM_PUB_KEY, &pub);
1018 char *phex = BN_bn2hex(pub);
1023 char *phex = BN_bn2hex(pub);
1025 int lhex = strlen(phex);
1028 BIO *biop = BIO_new(BIO_s_mem());
1030 int ltmp = Publen() + lhex + 20;
1031 char *pub =
new char[ltmp];
1034 PEM_write_bio_Parameters(biop, fDH);
1036 BIO_read(biop,(
void *)pub,ltmp);
1039 char *p = strstr(pub,
"-----END DH PARAMETERS-----");
1041 lpub = (int)(p - pub) + lhend + 1;
1046 memcpy(p,
"---BPUB---",10);
1049 memcpy(p,phex,lhex);
1053 memcpy(p,
"---EPUB---",10);
1055 lpub += (20 + lhex);
1057 if (phex) OPENSSL_free(phex);
1063 if (phex) OPENSSL_free(phex);
1072 void XrdCryptosslCipher::PrintPublic(BIGNUM *pub)
1078 BIO *biop = BIO_new(BIO_s_mem());
1081 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
1083 OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new();
1084 OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub);
1085 OSSL_PARAM *params = OSSL_PARAM_BLD_to_param(bld);
1086 OSSL_PARAM_BLD_free(bld);
1087 EVP_PKEY_CTX *pkctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, 0);
1088 EVP_PKEY_fromdata_init(pkctx);
1089 EVP_PKEY_fromdata(pkctx, &dsa, EVP_PKEY_PUBLIC_KEY, params);
1090 EVP_PKEY_CTX_free(pkctx);
1091 OSSL_PARAM_free(params);
1093 EVP_PKEY *dsa = EVP_PKEY_new();
1094 DSA *fdsa = DSA_new();
1096 EVP_PKEY_assign_DSA(dsa, fdsa);
1100 PEM_write_bio_PUBKEY(biop, dsa);
1102 int lpub = Publen();
1103 char *bpub =
new char[lpub];
1105 BIO_read(biop,(
void *)bpub,lpub);
1106 std::cerr << bpub << std::endl;
1130 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
1131 BIGNUM *p = BN_new();
1132 BIGNUM *g = BN_new();
1133 BIGNUM *pub = BN_new();
1134 BIGNUM *pri = BN_new();
1135 EVP_PKEY_get_bn_param(fDH, OSSL_PKEY_PARAM_FFC_P, &p);
1136 EVP_PKEY_get_bn_param(fDH, OSSL_PKEY_PARAM_FFC_G, &g);
1137 EVP_PKEY_get_bn_param(fDH, OSSL_PKEY_PARAM_PUB_KEY, &pub);
1138 EVP_PKEY_get_bn_param(fDH, OSSL_PKEY_PARAM_PRIV_KEY, &pri);
1140 const BIGNUM *p, *g;
1141 const BIGNUM *pub, *pri;
1145 char *cp = BN_bn2hex(p);
1146 char *cg = BN_bn2hex(g);
1147 char *cpub = BN_bn2hex(pub);
1148 char *cpri = BN_bn2hex(pri);
1149 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
1157 kXR_int32 lpub = cpub ? strlen(cpub) : 0;
1158 kXR_int32 lpri = cpri ? strlen(cpri) : 0;
1160 lp + lg + lpub + lpri;
1161 char *newbuf =
new char[ltot];
1164 memcpy(newbuf+cur,<yp,
sizeof(
kXR_int32));
1166 memcpy(newbuf+cur,&livc,
sizeof(
kXR_int32));
1168 memcpy(newbuf+cur,&lbuf,
sizeof(
kXR_int32));
1170 memcpy(newbuf+cur,&lp,
sizeof(
kXR_int32));
1172 memcpy(newbuf+cur,&lg,
sizeof(
kXR_int32));
1174 memcpy(newbuf+cur,&lpub,
sizeof(
kXR_int32));
1176 memcpy(newbuf+cur,&lpri,
sizeof(
kXR_int32));
1179 memcpy(newbuf+cur,
Type(),ltyp);
1183 memcpy(newbuf+cur,fIV,livc);
1187 memcpy(newbuf+cur,
Buffer(),lbuf);
1191 memcpy(newbuf+cur,cp,lp);
1196 memcpy(newbuf+cur,cg,lg);
1201 memcpy(newbuf+cur,cpub,lpub);
1206 memcpy(newbuf+cur,cpri,lpri);
1232 if (fIV) memcpy(fIV,iv,l);
1252 void XrdCryptosslCipher::GenerateIV()
1266 lIV = EVP_MAX_IV_LENGTH;
1277 return EncDec(1, in, lin, out);
1288 return EncDec(0, in, lin, out);
1292 int XrdCryptosslCipher::EncDec(
int enc,
const char *in,
int lin,
char *out)
1298 EPNAME(
"Cipher::EncDec");
1302 const char *action = (enc == 1) ?
"encrypting" :
"decrypting";
1305 if (!in || lin <= 0 || !out) {
1306 DEBUG(
"wrong inputs arguments");
1307 if (!in)
DEBUG(
"in: NULL");
1308 if (lin <= 0)
DEBUG(
"lin: "<<lin);
1309 if (!out)
DEBUG(
"out: NULL");
1314 unsigned char iv[EVP_MAX_IV_LENGTH];
1316 memcpy((
void *)iv,fIV,EVP_MAX_IV_LENGTH);
1319 memset((
void *)iv,0,EVP_MAX_IV_LENGTH);
1325 if (!EVP_CipherInit_ex(ctx, cipher, 0, (
unsigned char *)
Buffer(), iv, enc)) {
1326 DEBUG(
"error initializing");
1331 if (!EVP_CipherInit_ex(ctx, cipher, 0, 0, 0, enc)) {
1332 DEBUG(
"error initializing - 1");
1336 EVP_CIPHER_CTX_set_key_length(ctx,
Length());
1338 if (!EVP_CipherInit_ex(ctx, 0, 0, (
unsigned char *)
Buffer(), iv, enc)) {
1339 DEBUG(
"error initializing - 2");
1346 if (!EVP_CipherUpdate(ctx, (
unsigned char *)&out[0], <mp,
1347 (
unsigned char *)in, lin)) {
1348 DEBUG(
"error " << action);
1352 if (!EVP_CipherFinal_ex(ctx, (
unsigned char *)&out[lout], <mp)) {
1353 DEBUG(
"error finalizing");
1367 return (l+EVP_CIPHER_CTX_block_size(ctx));
1375 int lout = l+EVP_CIPHER_CTX_block_size(ctx)+1;
1376 lout = (lout <= 0) ? l : lout;
1385 return (lIV > 0) ? lIV : EVP_MAX_IV_LENGTH;
static DH * EVP_PKEY_get0_DH(EVP_PKEY *pkey)
static EVP_PKEY * getFixedDHParams()
static void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
static void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
static const char dh_param_enc[]
static int XrdCheckDH(EVP_PKEY *pkey)
static int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
static int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
virtual int SetBuffer(int l, const char *b)
virtual int Length() const
virtual char * Type() const
virtual char * Buffer() const
virtual int SetType(const char *t)
virtual void UseBuffer(int l, const char *b)
void SetIV(int l, const char *iv)
virtual ~XrdCryptosslCipher()
XrdSutBucket * AsBucket()
int Encrypt(const char *bin, int lin, char *out)
XrdCryptosslCipher(const char *t, int l=0)
static bool IsSupported(const char *cip)
int Decrypt(const char *bin, int lin, char *out)
bool Finalize(bool padded, char *pub, int lpub, const char *t)
static char * GetBuffer(int len, int opt=-1)