crypto/evp: add e_chacha20_poly1305.c. (bd989745) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/evp/Makefile

+24 −2

Original line number	Diff line number	Diff line
		@@ -26,7 +26,8 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \
		c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
		evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c scrypt.c \
		e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
		e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c
		e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
		e_chacha20_poly1305.c

		LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
		e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\
		@@ -39,7 +40,8 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
		c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
		evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o scrypt.o \
		e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o \
		e_aes_cbc_hmac_sha1.o e_aes_cbc_hmac_sha256.o e_rc4_hmac_md5.o
		e_aes_cbc_hmac_sha1.o e_aes_cbc_hmac_sha256.o e_rc4_hmac_md5.o \
		e_chacha20_poly1305.o

		SRC= $(LIBSRC)

		@@ -248,6 +250,26 @@ e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
		e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
		e_cast.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h
		e_cast.o: e_cast.c evp_locl.h
		e_chacha20_poly1305.o: ../../e_os.h ../../include/openssl/asn1.h
		e_chacha20_poly1305.o: ../../include/openssl/bio.h
		e_chacha20_poly1305.o: ../../include/openssl/buffer.h
		e_chacha20_poly1305.o: ../../include/openssl/crypto.h
		e_chacha20_poly1305.o: ../../include/openssl/e_os2.h
		e_chacha20_poly1305.o: ../../include/openssl/err.h ../../include/openssl/evp.h
		e_chacha20_poly1305.o: ../../include/openssl/lhash.h
		e_chacha20_poly1305.o: ../../include/openssl/obj_mac.h
		e_chacha20_poly1305.o: ../../include/openssl/objects.h
		e_chacha20_poly1305.o: ../../include/openssl/opensslconf.h
		e_chacha20_poly1305.o: ../../include/openssl/opensslv.h
		e_chacha20_poly1305.o: ../../include/openssl/ossl_typ.h
		e_chacha20_poly1305.o: ../../include/openssl/safestack.h
		e_chacha20_poly1305.o: ../../include/openssl/stack.h
		e_chacha20_poly1305.o: ../../include/openssl/symhacks.h
		e_chacha20_poly1305.o: ../include/internal/chacha.h
		e_chacha20_poly1305.o: ../include/internal/cryptlib.h
		e_chacha20_poly1305.o: ../include/internal/evp_int.h
		e_chacha20_poly1305.o: ../include/internal/poly1305.h e_chacha20_poly1305.c
		e_chacha20_poly1305.o: evp_locl.h
		e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
		e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
		e_des.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h

crypto/evp/e_chacha20_poly1305.c

0 → 100644

+490 −0

Original line number	Diff line number	Diff line
		/* ====================================================================
		* Copyright (c) 2014 The OpenSSL Project. All rights reserved.
		*
		* Redistribution and use in source and binary forms, with or without
		* modification, are permitted provided that the following conditions
		* are met:
		*
		* 1. Redistributions of source code must retain the above copyright
		* notice, this list of conditions and the following disclaimer.
		*
		* 2. Redistributions in binary form must reproduce the above copyright
		* notice, this list of conditions and the following disclaimer in
		* the documentation and/or other materials provided with the
		* distribution.
		*
		* 3. All advertising materials mentioning features or use of this
		* software must display the following acknowledgment:
		* "This product includes software developed by the OpenSSL Project
		* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
		*
		* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
		* endorse or promote products derived from this software without
		* prior written permission. For written permission, please contact
		* openssl-core@openssl.org.
		*
		* 5. Products derived from this software may not be called "OpenSSL"
		* nor may "OpenSSL" appear in their names without prior written
		* permission of the OpenSSL Project.
		*
		* 6. Redistributions of any form whatsoever must retain the following
		* acknowledgment:
		* "This product includes software developed by the OpenSSL Project
		* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
		*
		* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
		* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
		* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
		* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
		* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
		* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
		* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
		* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
		* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
		* OF THE POSSIBILITY OF SUCH DAMAGE.
		* ====================================================================
		*
		*/

		#include <stdio.h>
		#include "internal/cryptlib.h"

		#ifndef OPENSSL_NO_CHACHA

		# include <openssl/evp.h>
		# include <openssl/objects.h>
		# include "evp_locl.h"
		# include "internal/evp_int.h"
		# include "internal/chacha.h"

		typedef struct {
		union {
		double align; /* this ensures even sizeof(EVP_CHACHA_KEY)%8==0 */
		unsigned int d[CHACHA_KEY_SIZE / 4];
		} key;
		unsigned int counter[CHACHA_CTR_SIZE / 4];
		unsigned char buf[CHACHA_BLK_SIZE];
		unsigned int partial_len;
		} EVP_CHACHA_KEY;

		#define data(ctx) ((EVP_CHACHA_KEY *)(ctx)->cipher_data)

		static int chacha_init_key(EVP_CIPHER_CTX *ctx,
		const unsigned char user_key[CHACHA_KEY_SIZE],
		const unsigned char iv[CHACHA_CTR_SIZE], int enc)
		{
		EVP_CHACHA_KEY *key = data(ctx);
		unsigned int i;

		if (user_key)
		for (i = 0; i < CHACHA_KEY_SIZE; i+=4) {
		key->key.d[i/4] = CHACHA_U8TOU32(user_key+i);
		}

		if (iv)
		for (i = 0; i < CHACHA_CTR_SIZE; i+=4) {
		key->counter[i/4] = CHACHA_U8TOU32(iv+i);
		}

		key->partial_len = 0;

		return 1;
		}

		static int chacha_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
		const unsigned char *inp, size_t len)
		{
		EVP_CHACHA_KEY *key = data(ctx);
		unsigned int n, rem, ctr32;

		if ((n = key->partial_len)) {
		while (len && n < CHACHA_BLK_SIZE) {
		out++ = inp++ ^ key->buf[n++];
		len--;
		}
		key->partial_len = n;

		if (len == 0)
		return 1;

		if (n == CHACHA_BLK_SIZE) {
		key->partial_len = 0;
		key->counter[0]++;
		if (key->counter[0] == 0)
		key->counter[1]++;
		}
		}

		rem = (unsigned int)(len % CHACHA_BLK_SIZE);
		len -= rem;
		ctr32 = key->counter[0];
		while (len >= CHACHA_BLK_SIZE) {
		size_t blocks = len / CHACHA_BLK_SIZE;
		/*
		* 1<<28 is just a not-so-small yet not-so-large number...
		* Below condition is practically never met, but it has to
		* be checked for code correctness.
		*/
		if (sizeof(size_t)>sizeof(unsigned int) && blocks>(1U<<28))
		blocks = (1U<<28);

		/*
		* As ChaCha20_ctr32 operates on 32-bit counter, caller
		* has to handle overflow. 'if' below detects the
		* overflow, which is then handled by limiting the
		* amount of blocks to the exact overflow point...
		*/
		ctr32 += (unsigned int)blocks;
		if (ctr32 < blocks) {
		blocks -= ctr32;
		ctr32 = 0;
		}
		blocks *= CHACHA_BLK_SIZE;
		ChaCha20_ctr32(out, inp, blocks, key->key.d, key->counter);
		len -= blocks;
		inp += blocks;
		out += blocks;

		key->counter[0] = ctr32;
		if (ctr32 == 0) key->counter[1]++;
		}

		if (rem) {
		memset(key->buf, 0, sizeof(key->buf));
		ChaCha20_ctr32(key->buf, key->buf, CHACHA_BLK_SIZE,
		key->key.d, key->counter);
		for (n = 0; n < rem; n++)
		out[n] = inp[n] ^ key->buf[n];
		key->partial_len = rem;
		}

		return 1;
		}

		static const EVP_CIPHER chacha20 = {
		NID_chacha20,
		1, /* block_size */
		CHACHA_KEY_SIZE, /* key_len */
		CHACHA_CTR_SIZE, /* iv_len, 128-bit counter in the context */
		0, /* flags */
		chacha_init_key,
		chacha_cipher,
		NULL,
		sizeof(EVP_CHACHA_KEY),
		NULL,
		NULL,
		NULL,
		NULL
		};

		const EVP_CIPHER *EVP_chacha20(void)
		{
		return (&chacha20);
		}

		# ifndef OPENSSL_NO_POLY1305
		# include "internal/poly1305.h"

		typedef struct {
		EVP_CHACHA_KEY key;
		unsigned int nonce[12/4];
		unsigned char tag[POLY1305_BLOCK_SIZE];
		struct { uint64_t aad, text; } len;
		int aad, mac_inited, tag_len, nonce_len;
		size_t tls_payload_length;
		} EVP_CHACHA_AEAD_CTX;

		# define NO_TLS_PAYLOAD_LENGTH ((size_t)-1)
		# define aead_data(ctx) ((EVP_CHACHA_AEAD_CTX *)(ctx)->cipher_data)
		# define POLY1305_ctx(actx) ((POLY1305 *)(actx + 1))

		static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
		const unsigned char *inkey,
		const unsigned char *iv, int enc)
		{
		EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
		unsigned char temp[CHACHA_CTR_SIZE];

		if (!inkey && !iv)
		return 1;

		actx->len.aad = 0;
		actx->len.text = 0;
		actx->aad = 0;
		actx->mac_inited = 0;
		actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;

		/* pad on the left */
		memset(temp, 0, sizeof(temp));
		if (actx->nonce_len <= CHACHA_CTR_SIZE)
		memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len);

		chacha_init_key(ctx, inkey, temp, enc);

		actx->nonce[0] = actx->key.counter[1];
		actx->nonce[1] = actx->key.counter[2];
		actx->nonce[2] = actx->key.counter[3];

		return 1;
		}

		static int chacha20_poly1305_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
		const unsigned char *in, size_t len)
		{
		EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
		size_t rem, plen = actx->tls_payload_length;
		static const unsigned char zero[POLY1305_BLOCK_SIZE] = { 0 };

		if (!actx->mac_inited) {
		actx->key.counter[0] = 0;
		memset(actx->key.buf, 0, sizeof(actx->key.buf));
		ChaCha20_ctr32(actx->key.buf, actx->key.buf, CHACHA_BLK_SIZE,
		actx->key.key.d, actx->key.counter);
		Poly1305_Init(POLY1305_ctx(actx), actx->key.buf);
		actx->key.counter[0] = 1;
		actx->mac_inited = 1;
		}

		if (in) { /* aad or text */
		if (out == NULL) { /* aad */
		Poly1305_Update(POLY1305_ctx(actx), in, len);
		actx->len.aad += len;
		actx->aad = 1;
		return len;
		} else { /* plain- or ciphertext */
		if (actx->aad) { /* wrap up aad */
		if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
		Poly1305_Update(POLY1305_ctx(actx), zero,
		POLY1305_BLOCK_SIZE - rem);
		actx->aad = 0;
		}

		actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
		if (plen == NO_TLS_PAYLOAD_LENGTH)
		plen = len;
		else if (len != plen + POLY1305_BLOCK_SIZE)
		return -1;

		if (ctx->encrypt) { /* plaintext */
		chacha_cipher(ctx, out, in, plen);
		Poly1305_Update(POLY1305_ctx(actx), out, plen);
		in += plen;
		out += plen;
		actx->len.text += plen;
		} else { /* ciphertext */
		Poly1305_Update(POLY1305_ctx(actx), in, plen);
		chacha_cipher(ctx, out, in, plen);
		in += plen;
		out += plen;
		actx->len.text += plen;
		}
		}
		}
		if (in == NULL /* explicit final */
		\|\| plen != len) { /* or tls mode */
		const union {
		long one;
		char little;
		} is_endian = { 1 };
		unsigned char temp[POLY1305_BLOCK_SIZE];

		if (actx->aad) { /* wrap up aad */
		if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
		Poly1305_Update(POLY1305_ctx(actx), zero,
		POLY1305_BLOCK_SIZE - rem);
		actx->aad = 0;
		}

		if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE))
		Poly1305_Update(POLY1305_ctx(actx), zero,
		POLY1305_BLOCK_SIZE - rem);

		if (is_endian.little) {
		Poly1305_Update(POLY1305_ctx(actx),
		(unsigned char *)&actx->len, POLY1305_BLOCK_SIZE);
		} else {
		temp[0] = (unsigned char)(actx->len.aad);
		temp[1] = (unsigned char)(actx->len.aad>>8);
		temp[2] = (unsigned char)(actx->len.aad>>16);
		temp[3] = (unsigned char)(actx->len.aad>>24);
		temp[4] = (unsigned char)(actx->len.aad>>32);
		temp[5] = (unsigned char)(actx->len.aad>>40);
		temp[6] = (unsigned char)(actx->len.aad>>48);
		temp[7] = (unsigned char)(actx->len.aad>>56);

		temp[8] = (unsigned char)(actx->len.text);
		temp[9] = (unsigned char)(actx->len.text>>8);
		temp[10] = (unsigned char)(actx->len.text>>16);
		temp[11] = (unsigned char)(actx->len.text>>24);
		temp[12] = (unsigned char)(actx->len.text>>32);
		temp[13] = (unsigned char)(actx->len.text>>40);
		temp[14] = (unsigned char)(actx->len.text>>48);
		temp[15] = (unsigned char)(actx->len.text>>56);

		Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE);
		}
		Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag
		: temp);
		actx->mac_inited = 0;

		if (in != NULL && len != plen) { /* tls mode */
		if (ctx->encrypt) {
		memcpy(out, actx->tag, POLY1305_BLOCK_SIZE);
		} else {
		if (CRYPTO_memcmp(temp, in, POLY1305_BLOCK_SIZE)) {
		memset(out, 0, plen);
		return -1;
		}
		}
		}
		else if (!ctx->encrypt) {
		if (CRYPTO_memcmp(temp, actx->tag, actx->tag_len))
		return -1;
		}
		}
		return len;
		}

		static int chacha20_poly1305_cleanup(EVP_CIPHER_CTX *ctx)
		{
		EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
		if (actx)
		OPENSSL_cleanse(ctx->cipher_data, sizeof(*ctx) + Poly1305_ctx_size());
		return 1;
		}

		static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
		void *ptr)
		{
		EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);

		switch(type) {
		case EVP_CTRL_INIT:
		if (actx == NULL)
		actx = ctx->cipher_data
		= OPENSSL_zalloc(sizeof(*actx) + Poly1305_ctx_size());
		if (actx == NULL) {
		EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_INITIALIZATION_ERROR);
		return 0;
		}
		actx->len.aad = 0;
		actx->len.text = 0;
		actx->aad = 0;
		actx->mac_inited = 0;
		actx->tag_len = 0;
		actx->nonce_len = 12;
		actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
		return 1;

		case EVP_CTRL_COPY:
		if (actx) {
		if ((((EVP_CIPHER_CTX *)ptr)->cipher_data =
		BUF_memdup(actx,sizeof(*actx) + Poly1305_ctx_size()))
		== NULL) {
		EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_COPY_ERROR);
		return 0;
		}
		}
		return 1;

		case EVP_CTRL_AEAD_SET_IVLEN:
		if (arg <= 0 \|\| arg > CHACHA_CTR_SIZE)
		return 0;
		actx->nonce_len = arg;
		return 1;

		case EVP_CTRL_AEAD_SET_IV_FIXED:
		if (arg != 12)
		return 0;
		actx->nonce[0] = actx->key.counter[1]
		= CHACHA_U8TOU32((unsigned char *)ptr);
		actx->nonce[1] = actx->key.counter[2]
		= CHACHA_U8TOU32((unsigned char *)ptr+4);
		actx->nonce[2] = actx->key.counter[3]
		= CHACHA_U8TOU32((unsigned char *)ptr+8);
		return 1;

		case EVP_CTRL_AEAD_SET_TAG:
		if (arg <= 0 \|\| arg > POLY1305_BLOCK_SIZE)
		return 0;
		if (ptr != NULL) {
		memcpy(actx->tag, ptr, arg);
		actx->tag_len = arg;
		}
		return 1;

		case EVP_CTRL_AEAD_GET_TAG:
		if (arg <= 0 \|\| arg > POLY1305_BLOCK_SIZE \|\| !ctx->encrypt)
		return 0;
		memcpy(ptr, actx->tag, arg);
		return 1;

		case EVP_CTRL_AEAD_TLS1_AAD:
		if (arg != EVP_AEAD_TLS1_AAD_LEN)
		return 0;
		{
		unsigned int len;
		unsigned char temp[POLY1305_BLOCK_SIZE];

		/*
		* compose padded aad
		*/
		memset(temp, 0, sizeof(temp));
		memcpy(temp, ptr, EVP_AEAD_TLS1_AAD_LEN);

		len = temp[EVP_AEAD_TLS1_AAD_LEN - 2] << 8 \|
		temp[EVP_AEAD_TLS1_AAD_LEN - 1];
		if (!ctx->encrypt) {
		len -= POLY1305_BLOCK_SIZE; /* discount attached tag */
		temp[EVP_AEAD_TLS1_AAD_LEN - 2] = (unsigned char)(len >> 8);
		temp[EVP_AEAD_TLS1_AAD_LEN - 1] = (unsigned char)len;
		}
		actx->tls_payload_length = len;

		/*
		* merge record sequence number as per
		* draft-ietf-tls-chacha20-poly1305-03
		*/
		actx->key.counter[1] = actx->nonce[0];
		actx->key.counter[2] = actx->nonce[1] ^ CHACHA_U8TOU32(temp);
		actx->key.counter[3] = actx->nonce[2] ^ CHACHA_U8TOU32(temp+4);
		actx->mac_inited = 0;
		chacha20_poly1305_cipher(ctx, NULL, temp, POLY1305_BLOCK_SIZE);
		return POLY1305_BLOCK_SIZE; /* tag length */
		}

		case EVP_CTRL_AEAD_SET_MAC_KEY:
		/* no-op */
		return 1;

		default:
		return -1;
		}
		}

		static EVP_CIPHER chacha20_poly1305 = {
		NID_chacha20_poly1305,
		1, /* block_size */
		CHACHA_KEY_SIZE, /* key_len */
		12, /* iv_len, 96-bit nonce in the context */
		EVP_CIPH_FLAG_AEAD_CIPHER \| EVP_CIPH_CUSTOM_IV \|
		EVP_CIPH_ALWAYS_CALL_INIT \| EVP_CIPH_CTRL_INIT \|
		EVP_CIPH_CUSTOM_COPY \| EVP_CIPH_FLAG_CUSTOM_CIPHER,
		chacha20_poly1305_init_key,
		chacha20_poly1305_cipher,
		chacha20_poly1305_cleanup,
		0, /* 0 moves context-specific structure allocation to ctrl */
		NULL, /* set_asn1_parameters */
		NULL, /* get_asn1_parameters */
		chacha20_poly1305_ctrl,
		NULL /* app_data */
		};

		const EVP_CIPHER *EVP_chacha20_poly1305(void)
		{
		return(&chacha20_poly1305);
		}
		# endif
		#endif

crypto/evp/evp_err.c

+5 −6

Original line number	Diff line number	Diff line
		@@ -78,6 +78,7 @@ static ERR_STRING_DATA EVP_str_functs[] = {
		{ERR_FUNC(EVP_F_AES_XTS_CIPHER), "AES_XTS_CIPHER"},
		{ERR_FUNC(EVP_F_ALG_MODULE_INIT), "alg_module_init"},
		{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "camellia_init_key"},
		{ERR_FUNC(EVP_F_CHACHA20_POLY1305_CTRL), "chacha20_poly1305_ctrl"},
		{ERR_FUNC(EVP_F_CMAC_INIT), "CMAC_INIT"},
		{ERR_FUNC(EVP_F_CMLL_T4_INIT_KEY), "cmll_t4_init_key"},
		{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
		@@ -167,10 +168,10 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
		{ERR_REASON(EVP_R_BN_DECODE_ERROR), "bn decode error"},
		{ERR_REASON(EVP_R_BN_PUBKEY_ERROR), "bn pubkey error"},
		{ERR_REASON(EVP_R_BUFFER_TOO_SMALL), "buffer too small"},
		{ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),
		"camellia key setup failed"},
		{ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED), "camellia key setup failed"},
		{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"},
		{ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED), "command not supported"},
		{ERR_REASON(EVP_R_COPY_ERROR), "copy error"},
		{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED), "ctrl not implemented"},
		{ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),
		"ctrl operation not implemented"},
		@@ -190,8 +191,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
		{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY), "expecting a ecdsa key"},
		{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"},
		{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"},
		{ERR_REASON(EVP_R_ILLEGAL_SCRYPT_PARAMETERS),
		"illegal scrypt parameters"},
		{ERR_REASON(EVP_R_ILLEGAL_SCRYPT_PARAMETERS), "illegal scrypt parameters"},
		{ERR_REASON(EVP_R_INITIALIZATION_ERROR), "initialization error"},
		{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"},
		{ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"},
		@@ -217,8 +217,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
		{ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
		"operation not supported for this keytype"},
		{ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"},
		{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),
		"pkcs8 unknown broken type"},
		{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), "pkcs8 unknown broken type"},
		{ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"},
		{ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"},
		{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},

include/openssl/evp.h

+8 −0

Original line number	Diff line number	Diff line
		@@ -911,6 +911,12 @@ const EVP_CIPHER *EVP_camellia_256_cfb128(void);
		const EVP_CIPHER *EVP_camellia_256_ofb(void);
		const EVP_CIPHER *EVP_camellia_256_ctr(void);
		# endif
		# ifndef OPENSSL_NO_CHACHA
		const EVP_CIPHER *EVP_chacha20(void);
		# ifndef OPENSSL_NO_POLY1305
		const EVP_CIPHER *EVP_chacha20_poly1305(void);
		# endif
		# endif

		# ifndef OPENSSL_NO_SEED
		const EVP_CIPHER *EVP_seed_ecb(void);
		@@ -1513,6 +1519,7 @@ void ERR_load_EVP_strings(void);
		# define EVP_F_AES_XTS_CIPHER 175
		# define EVP_F_ALG_MODULE_INIT 177
		# define EVP_F_CAMELLIA_INIT_KEY 159
		# define EVP_F_CHACHA20_POLY1305_CTRL 182
		# define EVP_F_CMAC_INIT 173
		# define EVP_F_CMLL_T4_INIT_KEY 179
		# define EVP_F_D2I_PKEY 100
		@@ -1600,6 +1607,7 @@ void ERR_load_EVP_strings(void);
		# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157
		# define EVP_R_CIPHER_PARAMETER_ERROR 122
		# define EVP_R_COMMAND_NOT_SUPPORTED 147
		# define EVP_R_COPY_ERROR 173
		# define EVP_R_CTRL_NOT_IMPLEMENTED 132
		# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133
		# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138

Admin message