From 926cd095fc01cadd4fd139b55df6f0c139207a01 Mon Sep 17 00:00:00 2001 From: Jay Sorg Date: Thu, 20 Feb 2014 23:15:24 -0800 Subject: common: added des3 calls for fips --- common/ssl_calls.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 78 insertions(+), 1 deletion(-) (limited to 'common/ssl_calls.c') diff --git a/common/ssl_calls.c b/common/ssl_calls.c index 4cb706f3..0c7e3f0d 100644 --- a/common/ssl_calls.c +++ b/common/ssl_calls.c @@ -1,7 +1,7 @@ /** * xrdp: A Remote Desktop Protocol server. * - * Copyright (C) Jay Sorg 2004-2012 + * Copyright (C) Jay Sorg 2004-2014 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,6 +24,7 @@ #include #include #include +#include #include #include @@ -157,6 +158,82 @@ ssl_md5_complete(void *md5_info, char *data) MD5_Final((tui8 *)data, (MD5_CTX *)md5_info); } +/*****************************************************************************/ +void *APP_CC +ssl_des3_encrypt_info_create(const char *key, const char* ivec) +{ + EVP_CIPHER_CTX *des3_ctx; + const tui8 *lkey; + const tui8 *livec; + + des3_ctx = (EVP_CIPHER_CTX *) g_malloc(sizeof(EVP_CIPHER_CTX), 1); + EVP_CIPHER_CTX_init(des3_ctx); + lkey = (const tui8 *) key; + livec = (const tui8 *) ivec; + EVP_EncryptInit_ex(des3_ctx, EVP_des_ede3_cbc(), NULL, lkey, livec); + EVP_CIPHER_CTX_set_padding(des3_ctx, 0); + return des3_ctx; +} + +/*****************************************************************************/ +void *APP_CC +ssl_des3_decrypt_info_create(const char *key, const char* ivec) +{ + EVP_CIPHER_CTX *des3_ctx; + const tui8 *lkey; + const tui8 *livec; + + des3_ctx = g_malloc(sizeof(EVP_CIPHER_CTX), 1); + EVP_CIPHER_CTX_init(des3_ctx); + lkey = (const tui8 *) key; + livec = (const tui8 *) ivec; + EVP_DecryptInit_ex(des3_ctx, EVP_des_ede3_cbc(), NULL, lkey, livec); + EVP_CIPHER_CTX_set_padding(des3_ctx, 0); + return des3_ctx; +} + +/*****************************************************************************/ +void APP_CC +ssl_des3_info_delete(void *des3) +{ + EVP_CIPHER_CTX *des3_ctx; + + des3_ctx = (EVP_CIPHER_CTX *) des3; + EVP_CIPHER_CTX_cleanup(des3_ctx); +} + +/*****************************************************************************/ +int APP_CC +ssl_des3_encrypt(void *des3, int length, const char *in_data, char *out_data) +{ + EVP_CIPHER_CTX *des3_ctx; + int len; + const tui8 *lin_data; + tui8 *lout_data; + + des3_ctx = (EVP_CIPHER_CTX *) des3; + lin_data = (const tui8 *) in_data; + lout_data = (tui8 *) out_data; + EVP_EncryptUpdate(des3_ctx, lout_data, &len, lin_data, length); + return 0; +} + +/*****************************************************************************/ +int APP_CC +ssl_des3_decrypt(void *des3, int length, const char *in_data, char *out_data) +{ + EVP_CIPHER_CTX *des3_ctx; + int len; + const tui8 *lin_data; + tui8 *lout_data; + + des3_ctx = (EVP_CIPHER_CTX *) des3; + lin_data = (const tui8 *) in_data; + lout_data = (tui8 *) out_data; + EVP_DecryptUpdate(des3_ctx, lout_data, &len, lin_data, length); + return 0; +} + /*****************************************************************************/ static void APP_CC ssl_reverse_it(char *p, int len) -- cgit v1.2.3 From 2921400083fc4fe873c483c99326daec398c68fe Mon Sep 17 00:00:00 2001 From: Jay Sorg Date: Sun, 23 Feb 2014 12:27:41 -0800 Subject: common: check for nil in fips cleanup --- common/ssl_calls.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'common/ssl_calls.c') diff --git a/common/ssl_calls.c b/common/ssl_calls.c index 0c7e3f0d..92569be5 100644 --- a/common/ssl_calls.c +++ b/common/ssl_calls.c @@ -199,7 +199,10 @@ ssl_des3_info_delete(void *des3) EVP_CIPHER_CTX *des3_ctx; des3_ctx = (EVP_CIPHER_CTX *) des3; - EVP_CIPHER_CTX_cleanup(des3_ctx); + if (des3_ctx != 0) + { + EVP_CIPHER_CTX_cleanup(des3_ctx); + } } /*****************************************************************************/ -- cgit v1.2.3 From 25ad4d8a36b35277e7547484eb4ffe7fc4c1a698 Mon Sep 17 00:00:00 2001 From: Jay Sorg Date: Sun, 23 Feb 2014 20:40:13 -0800 Subject: common: add more fips ssl calls --- common/ssl_calls.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ common/ssl_calls.h | 10 +++++++++ 2 files changed, 76 insertions(+) (limited to 'common/ssl_calls.c') diff --git a/common/ssl_calls.c b/common/ssl_calls.c index 92569be5..a187edc9 100644 --- a/common/ssl_calls.c +++ b/common/ssl_calls.c @@ -158,6 +158,8 @@ ssl_md5_complete(void *md5_info, char *data) MD5_Final((tui8 *)data, (MD5_CTX *)md5_info); } +/* FIPS stuff */ + /*****************************************************************************/ void *APP_CC ssl_des3_encrypt_info_create(const char *key, const char* ivec) @@ -202,6 +204,7 @@ ssl_des3_info_delete(void *des3) if (des3_ctx != 0) { EVP_CIPHER_CTX_cleanup(des3_ctx); + g_free(des3_ctx); } } @@ -217,6 +220,7 @@ ssl_des3_encrypt(void *des3, int length, const char *in_data, char *out_data) des3_ctx = (EVP_CIPHER_CTX *) des3; lin_data = (const tui8 *) in_data; lout_data = (tui8 *) out_data; + len = 0; EVP_EncryptUpdate(des3_ctx, lout_data, &len, lin_data, length); return 0; } @@ -233,10 +237,72 @@ ssl_des3_decrypt(void *des3, int length, const char *in_data, char *out_data) des3_ctx = (EVP_CIPHER_CTX *) des3; lin_data = (const tui8 *) in_data; lout_data = (tui8 *) out_data; + len = 0; EVP_DecryptUpdate(des3_ctx, lout_data, &len, lin_data, length); return 0; } +/*****************************************************************************/ +void * APP_CC +ssl_hmac_info_create(void) +{ + HMAC_CTX *hmac_ctx; + + hmac_ctx = (HMAC_CTX *) g_malloc(sizeof(HMAC_CTX), 1); + HMAC_CTX_init(hmac_ctx); + return hmac_ctx; +} + +/*****************************************************************************/ +void APP_CC +ssl_hmac_info_delete(void *hmac) +{ + HMAC_CTX *hmac_ctx; + + hmac_ctx = (HMAC_CTX *) hmac; + if (hmac_ctx != 0) + { + HMAC_CTX_cleanup(hmac_ctx); + g_free(hmac_ctx); + } +} + +/*****************************************************************************/ +void APP_CC +ssl_hmac_sha1_init(void *hmac, const char *data, int len) +{ + HMAC_CTX *hmac_ctx; + + hmac_ctx = (HMAC_CTX *) hmac; + HMAC_Init_ex(hmac_ctx, data, len, EVP_sha1(), NULL); +} + +/*****************************************************************************/ +void APP_CC +ssl_hmac_transform(void *hmac, const char *data, int len) +{ + HMAC_CTX *hmac_ctx; + const tui8 *ldata; + + hmac_ctx = (HMAC_CTX *) hmac; + ldata = (const tui8*) data; + HMAC_Update(hmac_ctx, ldata, len); +} + +/*****************************************************************************/ +void APP_CC +ssl_hmac_complete(void *hmac, char *data, int len) +{ + HMAC_CTX *hmac_ctx; + tui8* ldata; + tui32 llen; + + hmac_ctx = (HMAC_CTX *) hmac; + ldata = (tui8 *) data; + llen = len; + HMAC_Final(hmac_ctx, ldata, &llen); +} + /*****************************************************************************/ static void APP_CC ssl_reverse_it(char *p, int len) diff --git a/common/ssl_calls.h b/common/ssl_calls.h index ab29675c..40acfb5b 100644 --- a/common/ssl_calls.h +++ b/common/ssl_calls.h @@ -63,6 +63,16 @@ int APP_CC ssl_des3_encrypt(void *des3, int length, const char *in_data, char *out_data); int APP_CC ssl_des3_decrypt(void *des3, int length, const char *in_data, char *out_data); +void * APP_CC +ssl_hmac_info_create(void); +void APP_CC +ssl_hmac_info_delete(void *hmac); +void APP_CC +ssl_hmac_sha1_init(void *hmac, const char *data, int len); +void APP_CC +ssl_hmac_transform(void *hmac, const char *data, int len); +void APP_CC +ssl_hmac_complete(void *hmac, char *data, int len); int APP_CC ssl_mod_exp(char* out, int out_len, char* in, int in_len, char* mod, int mod_len, char* exp, int exp_len); -- cgit v1.2.3