diff --git a/winpr/include/winpr/crypto.h b/winpr/include/winpr/crypto.h index 1ac44b084..e24a9dd1d 100644 --- a/winpr/include/winpr/crypto.h +++ b/winpr/include/winpr/crypto.h @@ -854,5 +854,119 @@ WINPR_API void winpr_RC4_Final(WINPR_RC4_CTX* ctx); } #endif -#endif /* WINPR_CRYPTO_H */ +/** + * Generic Cipher API + */ +/* cipher operation types */ +#define WINPR_ENCRYPT 0 +#define WINPR_DECRYPT 1 + +/* cipher types */ +#define WINPR_CIPHER_NONE 0 +#define WINPR_CIPHER_NULL 1 +#define WINPR_CIPHER_AES_128_ECB 2 +#define WINPR_CIPHER_AES_192_ECB 3 +#define WINPR_CIPHER_AES_256_ECB 4 +#define WINPR_CIPHER_AES_128_CBC 5 +#define WINPR_CIPHER_AES_192_CBC 6 +#define WINPR_CIPHER_AES_256_CBC 7 +#define WINPR_CIPHER_AES_128_CFB128 8 +#define WINPR_CIPHER_AES_192_CFB128 9 +#define WINPR_CIPHER_AES_256_CFB128 10 +#define WINPR_CIPHER_AES_128_CTR 11 +#define WINPR_CIPHER_AES_192_CTR 12 +#define WINPR_CIPHER_AES_256_CTR 13 +#define WINPR_CIPHER_AES_128_GCM 14 +#define WINPR_CIPHER_AES_192_GCM 15 +#define WINPR_CIPHER_AES_256_GCM 16 +#define WINPR_CIPHER_CAMELLIA_128_ECB 17 +#define WINPR_CIPHER_CAMELLIA_192_ECB 18 +#define WINPR_CIPHER_CAMELLIA_256_ECB 19 +#define WINPR_CIPHER_CAMELLIA_128_CBC 20 +#define WINPR_CIPHER_CAMELLIA_192_CBC 21 +#define WINPR_CIPHER_CAMELLIA_256_CBC 22 +#define WINPR_CIPHER_CAMELLIA_128_CFB128 23 +#define WINPR_CIPHER_CAMELLIA_192_CFB128 24 +#define WINPR_CIPHER_CAMELLIA_256_CFB128 25 +#define WINPR_CIPHER_CAMELLIA_128_CTR 26 +#define WINPR_CIPHER_CAMELLIA_192_CTR 27 +#define WINPR_CIPHER_CAMELLIA_256_CTR 28 +#define WINPR_CIPHER_CAMELLIA_128_GCM 29 +#define WINPR_CIPHER_CAMELLIA_192_GCM 30 +#define WINPR_CIPHER_CAMELLIA_256_GCM 31 +#define WINPR_CIPHER_DES_ECB 32 +#define WINPR_CIPHER_DES_CBC 33 +#define WINPR_CIPHER_DES_EDE_ECB 34 +#define WINPR_CIPHER_DES_EDE_CBC 35 +#define WINPR_CIPHER_DES_EDE3_ECB 36 +#define WINPR_CIPHER_DES_EDE3_CBC 37 +#define WINPR_CIPHER_BLOWFISH_ECB 38 +#define WINPR_CIPHER_BLOWFISH_CBC 39 +#define WINPR_CIPHER_BLOWFISH_CFB64 40 +#define WINPR_CIPHER_BLOWFISH_CTR 41 +#define WINPR_CIPHER_ARC4_128 42 +#define WINPR_CIPHER_AES_128_CCM 43 +#define WINPR_CIPHER_AES_192_CCM 44 +#define WINPR_CIPHER_AES_256_CCM 45 +#define WINPR_CIPHER_CAMELLIA_128_CCM 46 +#define WINPR_CIPHER_CAMELLIA_192_CCM 47 +#define WINPR_CIPHER_CAMELLIA_256_CCM 48 + +struct _OPENSSL_CIPHER_CTX +{ + const void* cipher; + void* engine; + int encrypt; + int buf_len; + BYTE oiv[16]; + BYTE iv[16]; + BYTE buf[32]; + int num; + void* app_data; + int key_len; + unsigned long flags; + void* cipher_data; + int final_used; + int block_mask; + BYTE final[32]; + BYTE winpr_pad[32]; +}; +typedef struct _OPENSSL_CIPHER_CTX OPENSSL_CIPHER_CTX; + +struct _MBEDTLS_CIPHER_CTX +{ + const void* cipher_info; + int key_bitlen; + int operation; + void* add_padding; + int* get_padding; + BYTE unprocessed_data[16]; + size_t unprocessed_len; + BYTE iv[16]; + size_t iv_size; + void* cipher_ctx; + BYTE winpr_pad[32]; +}; +typedef struct _MBEDTLS_CIPHER_CTX MBEDTLS_CIPHER_CTX; + +union _WINPR_CIPHER_CTX +{ + OPENSSL_CIPHER_CTX openssl; + MBEDTLS_CIPHER_CTX mbedtls; +}; +typedef union _WINPR_CIPHER_CTX WINPR_CIPHER_CTX; + +#ifdef __cplusplus +extern "C" { +#endif + +WINPR_API void winpr_Cipher_Init(WINPR_CIPHER_CTX* ctx, int cipher, int op, const BYTE* key, const BYTE* iv); +WINPR_API int winpr_Cipher_Update(WINPR_CIPHER_CTX* ctx, const BYTE* input, size_t ilen, BYTE* output, size_t* olen); +WINPR_API void winpr_Cipher_Final(WINPR_CIPHER_CTX* ctx, BYTE* output, size_t* olen); + +#ifdef __cplusplus +} +#endif + +#endif /* WINPR_CRYPTO_H */ diff --git a/winpr/libwinpr/crypto/cipher.c b/winpr/libwinpr/crypto/cipher.c index ea776343d..3194e42cd 100644 --- a/winpr/libwinpr/crypto/cipher.c +++ b/winpr/libwinpr/crypto/cipher.c @@ -28,12 +28,14 @@ #include #include #include +#include #endif #ifdef WITH_MBEDTLS #include #include #include +#include #endif /** @@ -68,3 +70,439 @@ void winpr_RC4_Final(WINPR_RC4_CTX* ctx) mbedtls_arc4_free((mbedtls_arc4_context*) ctx); #endif } + +/** + * Generic Cipher API + */ + +#if defined(WITH_OPENSSL) +const EVP_CIPHER* winpr_openssl_get_evp_cipher(int cipher) +{ + const EVP_CIPHER* evp = NULL; + + switch (cipher) + { + case WINPR_CIPHER_NULL: + evp = EVP_enc_null(); + break; + +#ifndef OPENSSL_NO_AES + case WINPR_CIPHER_AES_128_ECB: + evp = EVP_aes_128_ecb(); + break; + + case WINPR_CIPHER_AES_192_ECB: + evp = EVP_aes_192_ecb(); + break; + + case WINPR_CIPHER_AES_256_ECB: + evp = EVP_aes_256_ecb(); + break; + + case WINPR_CIPHER_AES_128_CBC: + evp = EVP_aes_128_cbc(); + break; + + case WINPR_CIPHER_AES_192_CBC: + evp = EVP_aes_192_cbc(); + break; + + case WINPR_CIPHER_AES_256_CBC: + evp = EVP_aes_256_cbc(); + break; + + case WINPR_CIPHER_AES_128_CFB128: + evp = EVP_aes_128_cfb128(); + break; + + case WINPR_CIPHER_AES_192_CFB128: + evp = EVP_aes_192_cfb128(); + break; + + case WINPR_CIPHER_AES_256_CFB128: + evp = EVP_aes_256_cfb128(); + break; + + case WINPR_CIPHER_AES_128_CTR: + evp = EVP_aes_128_ctr(); + break; + + case WINPR_CIPHER_AES_192_CTR: + evp = EVP_aes_192_ctr(); + break; + + case WINPR_CIPHER_AES_256_CTR: + evp = EVP_aes_256_ctr(); + break; + + case WINPR_CIPHER_AES_128_GCM: + evp = EVP_aes_128_gcm(); + break; + + case WINPR_CIPHER_AES_192_GCM: + evp = EVP_aes_192_gcm(); + break; + + case WINPR_CIPHER_AES_256_GCM: + evp = EVP_aes_256_gcm(); + break; + + case WINPR_CIPHER_AES_128_CCM: + evp = EVP_aes_128_ccm(); + break; + + case WINPR_CIPHER_AES_192_CCM: + evp = EVP_aes_192_ccm(); + break; + + case WINPR_CIPHER_AES_256_CCM: + evp = EVP_aes_256_ccm(); + break; +#endif + +#ifndef OPENSSL_NO_CAMELLIA + case WINPR_CIPHER_CAMELLIA_128_ECB: + evp = EVP_camellia_128_ecb(); + break; + + case WINPR_CIPHER_CAMELLIA_192_ECB: + evp = EVP_camellia_192_ecb(); + break; + + case WINPR_CIPHER_CAMELLIA_256_ECB: + evp = EVP_camellia_256_ecb(); + break; + + case WINPR_CIPHER_CAMELLIA_128_CBC: + evp = EVP_camellia_128_cbc(); + break; + + case WINPR_CIPHER_CAMELLIA_192_CBC: + evp = EVP_camellia_192_cbc(); + break; + + case WINPR_CIPHER_CAMELLIA_256_CBC: + evp = EVP_camellia_256_cbc(); + break; + + case WINPR_CIPHER_CAMELLIA_128_CFB128: + evp = EVP_camellia_128_cfb128(); + break; + + case WINPR_CIPHER_CAMELLIA_192_CFB128: + evp = EVP_camellia_192_cfb128(); + break; + + case WINPR_CIPHER_CAMELLIA_256_CFB128: + evp = EVP_camellia_256_cfb128(); + break; + + case WINPR_CIPHER_CAMELLIA_128_CTR: + case WINPR_CIPHER_CAMELLIA_192_CTR: + case WINPR_CIPHER_CAMELLIA_256_CTR: + case WINPR_CIPHER_CAMELLIA_128_GCM: + case WINPR_CIPHER_CAMELLIA_192_GCM: + case WINPR_CIPHER_CAMELLIA_256_GCM: + case WINPR_CIPHER_CAMELLIA_128_CCM: + case WINPR_CIPHER_CAMELLIA_192_CCM: + case WINPR_CIPHER_CAMELLIA_256_CCM: + break; +#endif + +#ifndef OPENSSL_NO_DES + case WINPR_CIPHER_DES_ECB: + evp = EVP_des_ecb(); + break; + + case WINPR_CIPHER_DES_CBC: + evp = EVP_des_cbc(); + break; + + case WINPR_CIPHER_DES_EDE_ECB: + evp = EVP_des_ede_ecb(); + break; + + case WINPR_CIPHER_DES_EDE_CBC: + evp = EVP_des_ede_cbc(); + break; + + case WINPR_CIPHER_DES_EDE3_ECB: + evp = EVP_des_ede3_ecb(); + break; + + case WINPR_CIPHER_DES_EDE3_CBC: + evp = EVP_des_ede3_cbc(); + break; +#endif + +#ifndef OPENSSL_NO_RC4 + case WINPR_CIPHER_ARC4_128: + evp = EVP_rc4(); + break; +#endif + + case WINPR_CIPHER_BLOWFISH_ECB: + case WINPR_CIPHER_BLOWFISH_CBC: + case WINPR_CIPHER_BLOWFISH_CFB64: + case WINPR_CIPHER_BLOWFISH_CTR: + break; + } + + return evp; +} +#elif defined(WITH_MBEDTLS) +mbedtls_cipher_type_t winpr_mbedtls_get_cipher_type(int cipher) +{ + mbedtls_cipher_type_t type = MBEDTLS_CIPHER_NONE; + + switch (cipher) + { + case WINPR_CIPHER_NONE: + type = MBEDTLS_CIPHER_NONE; + break; + + case WINPR_CIPHER_NULL: + type = MBEDTLS_CIPHER_NULL; + break; + + case WINPR_CIPHER_AES_128_ECB: + type = MBEDTLS_CIPHER_AES_128_ECB; + break; + + case WINPR_CIPHER_AES_192_ECB: + type = MBEDTLS_CIPHER_AES_192_ECB; + break; + + case WINPR_CIPHER_AES_256_ECB: + type = MBEDTLS_CIPHER_AES_256_ECB; + break; + + case WINPR_CIPHER_AES_128_CBC: + type = MBEDTLS_CIPHER_AES_128_CBC; + break; + + case WINPR_CIPHER_AES_192_CBC: + type = MBEDTLS_CIPHER_AES_192_CBC; + break; + + case WINPR_CIPHER_AES_256_CBC: + type = MBEDTLS_CIPHER_AES_256_CBC; + break; + + case WINPR_CIPHER_AES_128_CFB128: + type = MBEDTLS_CIPHER_AES_128_CFB128; + break; + + case WINPR_CIPHER_AES_192_CFB128: + type = MBEDTLS_CIPHER_AES_192_CFB128; + break; + + case WINPR_CIPHER_AES_256_CFB128: + type = MBEDTLS_CIPHER_AES_256_CFB128; + break; + + case WINPR_CIPHER_AES_128_CTR: + type = MBEDTLS_CIPHER_AES_128_CTR; + break; + + case WINPR_CIPHER_AES_192_CTR: + type = MBEDTLS_CIPHER_AES_192_CTR; + break; + + case WINPR_CIPHER_AES_256_CTR: + type = MBEDTLS_CIPHER_AES_256_CTR; + break; + + case WINPR_CIPHER_AES_128_GCM: + type = MBEDTLS_CIPHER_AES_128_GCM; + break; + + case WINPR_CIPHER_AES_192_GCM: + type = MBEDTLS_CIPHER_AES_192_GCM; + break; + + case WINPR_CIPHER_AES_256_GCM: + type = MBEDTLS_CIPHER_AES_256_GCM; + break; + + case WINPR_CIPHER_CAMELLIA_128_ECB: + type = MBEDTLS_CIPHER_CAMELLIA_128_ECB; + break; + + case WINPR_CIPHER_CAMELLIA_192_ECB: + type = MBEDTLS_CIPHER_CAMELLIA_192_ECB; + break; + + case WINPR_CIPHER_CAMELLIA_256_ECB: + type = MBEDTLS_CIPHER_CAMELLIA_256_ECB; + break; + + case WINPR_CIPHER_CAMELLIA_128_CBC: + type = MBEDTLS_CIPHER_CAMELLIA_128_CBC; + break; + + case WINPR_CIPHER_CAMELLIA_192_CBC: + type = MBEDTLS_CIPHER_CAMELLIA_192_CBC; + break; + + case WINPR_CIPHER_CAMELLIA_256_CBC: + type = MBEDTLS_CIPHER_CAMELLIA_256_CBC; + break; + + case WINPR_CIPHER_CAMELLIA_128_CFB128: + type = MBEDTLS_CIPHER_CAMELLIA_128_CFB128; + break; + + case WINPR_CIPHER_CAMELLIA_192_CFB128: + type = MBEDTLS_CIPHER_CAMELLIA_192_CFB128; + break; + + case WINPR_CIPHER_CAMELLIA_256_CFB128: + type = MBEDTLS_CIPHER_CAMELLIA_256_CFB128; + break; + + case WINPR_CIPHER_CAMELLIA_128_CTR: + type = MBEDTLS_CIPHER_CAMELLIA_128_CTR; + break; + + case WINPR_CIPHER_CAMELLIA_192_CTR: + type = MBEDTLS_CIPHER_CAMELLIA_192_CTR; + break; + + case WINPR_CIPHER_CAMELLIA_256_CTR: + type = MBEDTLS_CIPHER_CAMELLIA_256_CTR; + break; + + case WINPR_CIPHER_CAMELLIA_128_GCM: + type = MBEDTLS_CIPHER_CAMELLIA_128_GCM; + break; + + case WINPR_CIPHER_CAMELLIA_192_GCM: + type = MBEDTLS_CIPHER_CAMELLIA_192_GCM; + break; + + case WINPR_CIPHER_CAMELLIA_256_GCM: + type = MBEDTLS_CIPHER_CAMELLIA_256_GCM; + break; + + case WINPR_CIPHER_DES_ECB: + type = MBEDTLS_CIPHER_DES_ECB; + break; + + case WINPR_CIPHER_DES_CBC: + type = MBEDTLS_CIPHER_DES_CBC; + break; + + case WINPR_CIPHER_DES_EDE_ECB: + type = MBEDTLS_CIPHER_DES_EDE_ECB; + break; + + case WINPR_CIPHER_DES_EDE_CBC: + type = MBEDTLS_CIPHER_DES_EDE_CBC; + break; + + case WINPR_CIPHER_DES_EDE3_ECB: + type = MBEDTLS_CIPHER_DES_EDE3_ECB; + break; + + case WINPR_CIPHER_DES_EDE3_CBC: + type = MBEDTLS_CIPHER_DES_EDE3_CBC; + break; + + case WINPR_CIPHER_BLOWFISH_ECB: + type = MBEDTLS_CIPHER_BLOWFISH_ECB; + break; + + case WINPR_CIPHER_BLOWFISH_CBC: + type = MBEDTLS_CIPHER_BLOWFISH_CBC; + break; + + case WINPR_CIPHER_BLOWFISH_CFB64: + type = MBEDTLS_CIPHER_BLOWFISH_CFB64; + break; + + case WINPR_CIPHER_BLOWFISH_CTR: + type = MBEDTLS_CIPHER_BLOWFISH_CTR; + break; + + case WINPR_CIPHER_ARC4_128: + type = MBEDTLS_CIPHER_ARC4_128; + break; + + case WINPR_CIPHER_AES_128_CCM: + type = MBEDTLS_CIPHER_AES_128_CCM; + break; + + case WINPR_CIPHER_AES_192_CCM: + type = MBEDTLS_CIPHER_AES_192_CCM; + break; + + case WINPR_CIPHER_AES_256_CCM: + type = MBEDTLS_CIPHER_AES_256_CCM; + break; + + case WINPR_CIPHER_CAMELLIA_128_CCM: + type = MBEDTLS_CIPHER_CAMELLIA_128_CCM; + break; + + case WINPR_CIPHER_CAMELLIA_192_CCM: + type = MBEDTLS_CIPHER_CAMELLIA_192_CCM; + break; + + case WINPR_CIPHER_CAMELLIA_256_CCM: + type = MBEDTLS_CIPHER_CAMELLIA_256_CCM; + break; + } + + return type; +} +#endif + +void winpr_Cipher_Init(WINPR_CIPHER_CTX* ctx, int cipher, int op, const BYTE* key, const BYTE* iv) +{ +#if defined(WITH_OPENSSL) + int operation; + const EVP_CIPHER* evp; + evp = winpr_openssl_get_evp_cipher(cipher); + operation = (op == WINPR_ENCRYPT) ? 1 : 0; + EVP_CIPHER_CTX_init((EVP_CIPHER_CTX*) ctx); + EVP_CipherInit_ex((EVP_CIPHER_CTX*) ctx, evp, NULL, key, iv, operation); +#elif defined(WITH_MBEDTLS) + int key_bitlen; + mbedtls_operation_t operation; + mbedtls_cipher_type_t cipher_type; + const mbedtls_cipher_info_t* cipher_info; + cipher_type = winpr_mbedtls_get_cipher_type(cipher); + cipher_info = mbedtls_cipher_info_from_type(cipher_type); + operation = (op == WINPR_ENCRYPT) ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT; + mbedtls_cipher_init((mbedtls_cipher_context_t*) ctx); + mbedtls_cipher_setup((mbedtls_cipher_context_t*) ctx, cipher_info); + key_bitlen = mbedtls_cipher_get_key_bitlen((mbedtls_cipher_context_t*) ctx); + mbedtls_cipher_setkey((mbedtls_cipher_context_t*) ctx, key, key_bitlen, operation); +#endif +} + +int winpr_Cipher_Update(WINPR_CIPHER_CTX* ctx, const BYTE* input, size_t ilen, BYTE* output, size_t* olen) +{ +#if defined(WITH_OPENSSL) + int outl = (int) *olen; + EVP_CipherUpdate((EVP_CIPHER_CTX*) ctx, output, &outl, input, ilen); + *olen = (size_t) outl; +#elif defined(WITH_MBEDTLS) + mbedtls_cipher_update((mbedtls_cipher_context_t*) ctx, input, ilen, output, olen); +#endif + return 0; +} + +void winpr_Cipher_Final(WINPR_CIPHER_CTX* ctx, BYTE* output, size_t* olen) +{ +#if defined(WITH_OPENSSL) + int outl = (int) *olen; + EVP_CipherFinal_ex((EVP_CIPHER_CTX*) ctx, output, &outl); + EVP_CIPHER_CTX_cleanup((EVP_CIPHER_CTX*) ctx); + *olen = (size_t) outl; +#elif defined(WITH_MBEDTLS) + mbedtls_cipher_finish((mbedtls_cipher_context_t*) ctx, output, olen); + mbedtls_cipher_free((mbedtls_cipher_context_t*) ctx); +#endif +} diff --git a/winpr/libwinpr/crypto/crypto.c b/winpr/libwinpr/crypto/crypto.c index 6721111ea..6c692af5a 100644 --- a/winpr/libwinpr/crypto/crypto.c +++ b/winpr/libwinpr/crypto/crypto.c @@ -141,15 +141,21 @@ #include "crypto.h" #include +#include #include +#ifdef WITH_OPENSSL +#include +#include +#endif + static wListDictionary* g_ProtectedMemoryBlocks = NULL; BOOL CryptProtectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags) { -#ifdef WITH_OPENSSL BYTE* pCipherText; - int cbOut, cbFinal; + size_t cbOut, cbFinal; + WINPR_CIPHER_CTX enc; BYTE randomKey[256]; WINPR_PROTECTED_MEMORY_BLOCK* pMemBlock; @@ -172,27 +178,17 @@ BOOL CryptProtectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags) pMemBlock->cbData = cbData; pMemBlock->dwFlags = dwFlags; - /* AES Initialization */ + winpr_RAND(pMemBlock->salt, 8); + winpr_RAND(randomKey, sizeof(randomKey)); - RAND_bytes(pMemBlock->salt, 8); - RAND_bytes(randomKey, sizeof(randomKey)); - - EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), - pMemBlock->salt, - randomKey, sizeof(randomKey), - 4, pMemBlock->key, pMemBlock->iv); +#ifdef WITH_OPENSSL + EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), pMemBlock->salt, + randomKey, sizeof(randomKey), 4, pMemBlock->key, pMemBlock->iv); +#endif SecureZeroMemory(randomKey, sizeof(randomKey)); - EVP_CIPHER_CTX_init(&(pMemBlock->enc)); - EVP_EncryptInit_ex(&(pMemBlock->enc), EVP_aes_256_cbc(), NULL, pMemBlock->key, pMemBlock->iv); - - EVP_CIPHER_CTX_init(&(pMemBlock->dec)); - EVP_DecryptInit_ex(&(pMemBlock->dec), EVP_aes_256_cbc(), NULL, pMemBlock->key, pMemBlock->iv); - - /* AES Encryption */ - - cbOut = pMemBlock->cbData + AES_BLOCK_SIZE - 1; + cbOut = pMemBlock->cbData + 16 - 1; pCipherText = (BYTE*) malloc(cbOut); if (!pCipherText) @@ -201,24 +197,21 @@ BOOL CryptProtectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags) return FALSE; } - EVP_EncryptInit_ex(&(pMemBlock->enc), NULL, NULL, NULL, NULL); - EVP_EncryptUpdate(&(pMemBlock->enc), pCipherText, &cbOut, pMemBlock->pData, pMemBlock->cbData); - EVP_EncryptFinal_ex(&(pMemBlock->enc), pCipherText + cbOut, &cbFinal); + winpr_Cipher_Init(&enc, WINPR_CIPHER_AES_256_CBC, WINPR_ENCRYPT, pMemBlock->key, pMemBlock->iv); + winpr_Cipher_Update(&enc, pMemBlock->pData, pMemBlock->cbData, pCipherText, &cbOut); + winpr_Cipher_Final(&enc, pCipherText + cbOut, &cbFinal); CopyMemory(pMemBlock->pData, pCipherText, pMemBlock->cbData); free(pCipherText); return ListDictionary_Add(g_ProtectedMemoryBlocks, pData, pMemBlock); -#else - return TRUE; -#endif } BOOL CryptUnprotectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags) { -#ifdef WITH_OPENSSL BYTE* pPlainText; - int cbOut, cbFinal; + size_t cbOut, cbFinal; + WINPR_CIPHER_CTX dec; WINPR_PROTECTED_MEMORY_BLOCK* pMemBlock; if (dwFlags != CRYPTPROTECTMEMORY_SAME_PROCESS) @@ -232,18 +225,16 @@ BOOL CryptUnprotectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags) if (!pMemBlock) return FALSE; - /* AES Decryption */ - - cbOut = pMemBlock->cbData + AES_BLOCK_SIZE - 1; + cbOut = pMemBlock->cbData + 16 - 1; pPlainText = (BYTE*) malloc(cbOut); if (!pPlainText) return FALSE; - EVP_DecryptInit_ex(&(pMemBlock->dec), NULL, NULL, NULL, NULL); - EVP_DecryptUpdate(&(pMemBlock->dec), pPlainText, &cbOut, pMemBlock->pData, pMemBlock->cbData); - EVP_DecryptFinal_ex(&(pMemBlock->dec), pPlainText + cbOut, &cbFinal); + winpr_Cipher_Init(&dec, WINPR_CIPHER_AES_256_CBC, WINPR_DECRYPT, pMemBlock->key, pMemBlock->iv); + winpr_Cipher_Update(&dec, pMemBlock->pData, pMemBlock->cbData, pPlainText, &cbOut); + winpr_Cipher_Final(&dec, pPlainText + cbOut, &cbFinal); CopyMemory(pMemBlock->pData, pPlainText, pMemBlock->cbData); SecureZeroMemory(pPlainText, pMemBlock->cbData); @@ -251,17 +242,9 @@ BOOL CryptUnprotectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags) ListDictionary_Remove(g_ProtectedMemoryBlocks, pData); - /* AES Cleanup */ - - EVP_CIPHER_CTX_cleanup(&(pMemBlock->enc)); - EVP_CIPHER_CTX_cleanup(&(pMemBlock->dec)); - free(pMemBlock); return TRUE; -#else - return TRUE; -#endif } BOOL CryptProtectData(DATA_BLOB* pDataIn, LPCWSTR szDataDescr, DATA_BLOB* pOptionalEntropy, diff --git a/winpr/libwinpr/crypto/crypto.h b/winpr/libwinpr/crypto/crypto.h index 182efacaa..ddf1c38b2 100644 --- a/winpr/libwinpr/crypto/crypto.h +++ b/winpr/libwinpr/crypto/crypto.h @@ -22,12 +22,6 @@ #ifndef _WIN32 -#ifdef WITH_OPENSSL - -#include -#include -#include - struct _WINPR_PROTECTED_MEMORY_BLOCK { BYTE* pData; @@ -36,13 +30,9 @@ struct _WINPR_PROTECTED_MEMORY_BLOCK BYTE key[32]; BYTE iv[32]; BYTE salt[8]; - EVP_CIPHER_CTX enc; - EVP_CIPHER_CTX dec; }; typedef struct _WINPR_PROTECTED_MEMORY_BLOCK WINPR_PROTECTED_MEMORY_BLOCK; -#endif - struct _WINPR_CERTSTORE { LPCSTR lpszStoreProvider; diff --git a/winpr/tools/makecert/makecert.c b/winpr/tools/makecert/makecert.c index d75d5ed23..0f7257553 100644 --- a/winpr/tools/makecert/makecert.c +++ b/winpr/tools/makecert/makecert.c @@ -263,9 +263,9 @@ int makecert_print_command_line_help(int argc, char** argv) return 1; } +#ifdef WITH_OPENSSL int x509_add_ext(X509* cert, int nid, char* value) { -#ifdef WITH_OPENSSL X509V3_CTX ctx; X509_EXTENSION* ext; @@ -279,10 +279,10 @@ int x509_add_ext(X509* cert, int nid, char* value) X509_add_ext(cert, ext, -1); X509_EXTENSION_free(ext); -#endif return 1; } +#endif char* x509_name_parse(char* name, char* txt, int* length) {