|
 |
c7d609 |
diff -up db-5.3.28/dist/aclocal/options.m4.openssl db-5.3.28/dist/aclocal/options.m4
|
|
|
c7d609 |
--- db-5.3.28/dist/aclocal/options.m4.openssl 2013-09-09 17:35:02.000000000 +0200
|
|
|
c7d609 |
+++ db-5.3.28/dist/aclocal/options.m4 2018-10-22 11:02:08.037182417 +0200
|
|
|
c7d609 |
@@ -406,7 +406,7 @@ AC_ARG_WITH([cryptography],
|
|
|
c7d609 |
AC_HELP_STRING([--with-cryptography=yes|no|ipp], [Build database cryptography support @<:@default=yes@:>@.]),
|
|
|
c7d609 |
[], [with_cryptography=$enable_cryptography])
|
|
|
c7d609 |
case "$with_cryptography" in
|
|
|
c7d609 |
-yes|no|ipp) ;;
|
|
|
c7d609 |
+yes|no|ipp|openssl) ;;
|
|
|
c7d609 |
*) AC_MSG_ERROR([unknown --with-cryptography argument \'$with_cryptography\']) ;;
|
|
|
c7d609 |
esac
|
|
|
c7d609 |
db_cv_build_cryptography="$with_cryptography"
|
|
|
c7d609 |
diff -up db-5.3.28/dist/configure.ac.openssl db-5.3.28/dist/configure.ac
|
|
|
c7d609 |
--- db-5.3.28/dist/configure.ac.openssl 2018-10-22 11:02:08.019182151 +0200
|
|
|
c7d609 |
+++ db-5.3.28/dist/configure.ac 2018-10-22 14:40:52.467991248 +0200
|
|
|
c7d609 |
@@ -994,6 +994,18 @@ in the configured include path.]))
|
|
|
c7d609 |
AC_DEFINE(HAVE_CRYPTO_IPP)
|
|
|
c7d609 |
AH_TEMPLATE(HAVE_CRYPTO_IPP,
|
|
|
c7d609 |
[Define to 1 if using Intel IPP for cryptography.])
|
|
|
c7d609 |
+ else
|
|
|
c7d609 |
+ if test "$db_cv_build_cryptography" = "openssl"; then
|
|
|
c7d609 |
+ AC_CHECK_HEADERS(openssl/conf.h openssl/evp.h, [], AC_MSG_ERROR([\
|
|
|
c7d609 |
+Openssl header files required for OPENSSL cryptography support were not found \
|
|
|
c7d609 |
+in the configured include path.]))
|
|
|
c7d609 |
+ AC_DEFINE(HAVE_CRYPTO_OPENSSL)
|
|
|
c7d609 |
+ AC_CHECK_LIB(crypto, EVP_CIPHER_CTX_new,
|
|
|
c7d609 |
+ [LDFLAGS="-lcrypto $LDFLAGS"], AC_MSG_ERROR([\
|
|
|
c7d609 |
+Libcrypto was not found in the configured library path.]))
|
|
|
c7d609 |
+ AH_TEMPLATE(HAVE_CRYPTO_OPENSSL,
|
|
|
c7d609 |
+ [Define to 1 if using OpenSSL for cryptography.])
|
|
|
c7d609 |
+ fi
|
|
|
c7d609 |
fi
|
|
|
c7d609 |
else
|
|
|
c7d609 |
CRYPTO_OBJS="crypto_stub${o}"
|
|
|
c7d609 |
diff -up db-5.3.28/dist/Makefile.in.openssl db-5.3.28/dist/Makefile.in
|
|
|
c7d609 |
--- db-5.3.28/dist/Makefile.in.openssl 2018-10-22 11:02:07.997181825 +0200
|
|
|
c7d609 |
+++ db-5.3.28/dist/Makefile.in 2018-10-22 11:30:39.442854972 +0200
|
|
|
c7d609 |
@@ -305,9 +305,10 @@ CXX_OBJS=\
|
|
|
c7d609 |
cxx_except@o@ cxx_lock@o@ cxx_logc@o@ cxx_mpool@o@ cxx_multi@o@ \
|
|
|
c7d609 |
cxx_rid@o@ cxx_seq@o@ cxx_site@o@ cxx_txn@o@
|
|
|
c7d609 |
|
|
|
c7d609 |
+CRYPTO_OBJS_RIJNDAEL=\
|
|
|
c7d609 |
+ rijndael-alg-fst@o@ rijndael-api-fst@o@
|
|
|
c7d609 |
CRYPTO_OBJS=\
|
|
|
c7d609 |
- aes_method@o@ crypto@o@ mt19937db@o@ rijndael-alg-fst@o@ \
|
|
|
c7d609 |
- rijndael-api-fst@o@
|
|
|
c7d609 |
+ aes_method@o@ crypto@o@ mt19937db@o@
|
|
|
c7d609 |
|
|
|
c7d609 |
JAVA_OBJS=\
|
|
|
c7d609 |
db_java_wrap@o@
|
|
|
c7d609 |
diff -up db-5.3.28/src/crypto/aes_method.c.openssl db-5.3.28/src/crypto/aes_method.c
|
|
|
c7d609 |
--- db-5.3.28/src/crypto/aes_method.c.openssl 2013-09-09 17:35:07.000000000 +0200
|
|
|
c7d609 |
+++ db-5.3.28/src/crypto/aes_method.c 2018-10-22 17:54:53.439276678 +0200
|
|
|
c7d609 |
@@ -17,6 +17,10 @@
|
|
|
c7d609 |
|
|
|
c7d609 |
#ifdef HAVE_CRYPTO_IPP
|
|
|
c7d609 |
#include <ippcp.h>
|
|
|
c7d609 |
+#elif defined(HAVE_CRYPTO_OPENSSL)
|
|
|
c7d609 |
+#define OPENSSL_AES_ERROR -101
|
|
|
c7d609 |
+#include <openssl/conf.h>
|
|
|
c7d609 |
+#include <openssl/evp.h>
|
|
|
c7d609 |
#endif
|
|
|
c7d609 |
|
|
|
c7d609 |
static void __aes_err __P((ENV *, int));
|
|
|
c7d609 |
@@ -119,11 +123,13 @@ __aes_decrypt(env, aes_data, iv, cipher,
|
|
|
c7d609 |
AES_CIPHER *aes;
|
|
|
c7d609 |
#ifdef HAVE_CRYPTO_IPP
|
|
|
c7d609 |
IppStatus ipp_ret;
|
|
|
c7d609 |
+#elif defined(HAVE_CRYPTO_OPENSSL)
|
|
|
c7d609 |
+ EVP_CIPHER_CTX *ctx;
|
|
|
c7d609 |
+ int temp_len;
|
|
|
c7d609 |
#else
|
|
|
c7d609 |
cipherInstance c;
|
|
|
c7d609 |
-#endif
|
|
|
c7d609 |
int ret;
|
|
|
c7d609 |
-
|
|
|
c7d609 |
+#endif
|
|
|
c7d609 |
aes = (AES_CIPHER *)aes_data;
|
|
|
c7d609 |
if (iv == NULL || cipher == NULL)
|
|
|
c7d609 |
return (EINVAL);
|
|
|
c7d609 |
@@ -137,6 +143,32 @@ __aes_decrypt(env, aes_data, iv, cipher,
|
|
|
c7d609 |
__aes_err(env, (int)ipp_ret);
|
|
|
c7d609 |
return (EAGAIN);
|
|
|
c7d609 |
}
|
|
|
c7d609 |
+#elif defined(HAVE_CRYPTO_OPENSSL)
|
|
|
c7d609 |
+ if(!(ctx = EVP_CIPHER_CTX_new())) {
|
|
|
c7d609 |
+ __aes_err(env, OPENSSL_AES_ERROR);
|
|
|
c7d609 |
+ return (EAGAIN);
|
|
|
c7d609 |
+ }
|
|
|
c7d609 |
+ if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, aes->key,
|
|
|
c7d609 |
+ (unsigned char*)iv)) {
|
|
|
c7d609 |
+ __aes_err(env, OPENSSL_AES_ERROR);
|
|
|
c7d609 |
+ return (EAGAIN);
|
|
|
c7d609 |
+ }
|
|
|
c7d609 |
+
|
|
|
c7d609 |
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
|
|
|
c7d609 |
+
|
|
|
c7d609 |
+ if(1 != EVP_DecryptUpdate(ctx, (unsigned char*)cipher, &temp_len,
|
|
|
c7d609 |
+ (unsigned char*)cipher, cipher_len)) {
|
|
|
c7d609 |
+ __aes_err(env, OPENSSL_AES_ERROR);
|
|
|
c7d609 |
+ return (EAGAIN);
|
|
|
c7d609 |
+ }
|
|
|
c7d609 |
+ cipher_len = temp_len;
|
|
|
c7d609 |
+ if(1 != EVP_DecryptFinal_ex(ctx, ((unsigned char*)cipher) + temp_len,
|
|
|
c7d609 |
+ &temp_len)) {
|
|
|
c7d609 |
+ __aes_err(env, OPENSSL_AES_ERROR);
|
|
|
c7d609 |
+ return (EAGAIN);
|
|
|
c7d609 |
+ }
|
|
|
c7d609 |
+ cipher_len += temp_len;
|
|
|
c7d609 |
+ EVP_CIPHER_CTX_free(ctx);
|
|
|
c7d609 |
#else
|
|
|
c7d609 |
/*
|
|
|
c7d609 |
* Initialize the cipher
|
|
|
c7d609 |
@@ -174,6 +206,9 @@ __aes_encrypt(env, aes_data, iv, data, d
|
|
|
c7d609 |
AES_CIPHER *aes;
|
|
|
c7d609 |
#ifdef HAVE_CRYPTO_IPP
|
|
|
c7d609 |
IppStatus ipp_ret;
|
|
|
c7d609 |
+#elif defined(HAVE_CRYPTO_OPENSSL)
|
|
|
c7d609 |
+ EVP_CIPHER_CTX *ctx;
|
|
|
c7d609 |
+ int temp_len;
|
|
|
c7d609 |
#else
|
|
|
c7d609 |
cipherInstance c;
|
|
|
c7d609 |
#endif
|
|
|
c7d609 |
@@ -204,6 +239,32 @@ __aes_encrypt(env, aes_data, iv, data, d
|
|
|
c7d609 |
__aes_err(env, (int)ipp_ret);
|
|
|
c7d609 |
return (EAGAIN);
|
|
|
c7d609 |
}
|
|
|
c7d609 |
+#elif defined(HAVE_CRYPTO_OPENSSL)
|
|
|
c7d609 |
+ if(!(ctx = EVP_CIPHER_CTX_new())) {
|
|
|
c7d609 |
+ __aes_err(env, OPENSSL_AES_ERROR);
|
|
|
c7d609 |
+ return (EAGAIN);
|
|
|
c7d609 |
+ }
|
|
|
c7d609 |
+ if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, aes->key,
|
|
|
c7d609 |
+ (unsigned char*)tmp_iv)) {
|
|
|
c7d609 |
+ __aes_err(env, OPENSSL_AES_ERROR);
|
|
|
c7d609 |
+ return (EAGAIN);
|
|
|
c7d609 |
+ }
|
|
|
c7d609 |
+
|
|
|
c7d609 |
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
|
|
|
c7d609 |
+
|
|
|
c7d609 |
+ if(1 != EVP_EncryptUpdate(ctx, (unsigned char*)data, &temp_len,
|
|
|
c7d609 |
+ (unsigned char*)data, data_len)) {
|
|
|
c7d609 |
+ __aes_err(env, OPENSSL_AES_ERROR);
|
|
|
c7d609 |
+ return (EAGAIN);
|
|
|
c7d609 |
+ }
|
|
|
c7d609 |
+ data_len = temp_len;
|
|
|
c7d609 |
+ if(1 != EVP_EncryptFinal_ex(ctx, ((unsigned char*)data) + temp_len,
|
|
|
c7d609 |
+ &temp_len)) {
|
|
|
c7d609 |
+ __aes_err(env, OPENSSL_AES_ERROR);
|
|
|
c7d609 |
+ return (EAGAIN);
|
|
|
c7d609 |
+ }
|
|
|
c7d609 |
+ data_len += temp_len;
|
|
|
c7d609 |
+ EVP_CIPHER_CTX_free(ctx);
|
|
|
c7d609 |
#else
|
|
|
c7d609 |
/*
|
|
|
c7d609 |
* Initialize the cipher
|
|
|
c7d609 |
@@ -254,7 +315,7 @@ __aes_derivekeys(env, db_cipher, passwd,
|
|
|
c7d609 |
SHA1_CTX ctx;
|
|
|
c7d609 |
#ifdef HAVE_CRYPTO_IPP
|
|
|
c7d609 |
IppStatus ipp_ret;
|
|
|
c7d609 |
-#else
|
|
|
c7d609 |
+#elif !defined(HAVE_CRYPTO_OPENSSL)
|
|
|
c7d609 |
int ret;
|
|
|
c7d609 |
#endif
|
|
|
c7d609 |
u_int32_t temp[DB_MAC_KEY/4];
|
|
|
c7d609 |
@@ -278,6 +339,8 @@ __aes_derivekeys(env, db_cipher, passwd,
|
|
|
c7d609 |
__aes_err(env, (int)ipp_ret);
|
|
|
c7d609 |
return (EAGAIN);
|
|
|
c7d609 |
}
|
|
|
c7d609 |
+#elif defined(HAVE_CRYPTO_OPENSSL)
|
|
|
c7d609 |
+ memcpy(aes->key, (unsigned char*) temp, DB_AES_CHUNK);
|
|
|
c7d609 |
#else
|
|
|
c7d609 |
if ((ret = __db_makeKey(&aes->encrypt_ki, DIR_ENCRYPT,
|
|
|
c7d609 |
DB_AES_KEYLEN, (char *)temp)) != TRUE) {
|
|
|
c7d609 |
@@ -320,6 +383,10 @@ __aes_err(env, err)
|
|
|
c7d609 |
case ippStsUnderRunErr:
|
|
|
c7d609 |
errstr = DB_STR("0185", "IPP AES srclen size error");
|
|
|
c7d609 |
break;
|
|
|
c7d609 |
+#elif defined(HAVE_CRYPTO_OPENSSL)
|
|
|
c7d609 |
+ case OPENSSL_AES_ERROR:
|
|
|
c7d609 |
+ errstr = DB_STR("0193", "AES unknown error");
|
|
|
c7d609 |
+ break;
|
|
|
c7d609 |
#else
|
|
|
c7d609 |
case BAD_KEY_DIR:
|
|
|
c7d609 |
errstr = DB_STR("0186", "AES key direction is invalid");
|
|
|
c7d609 |
diff -up db-5.3.28/src/dbinc/crypto.h.openssl db-5.3.28/src/dbinc/crypto.h
|
|
|
c7d609 |
--- db-5.3.28/src/dbinc/crypto.h.openssl 2013-09-09 17:35:08.000000000 +0200
|
|
|
c7d609 |
+++ db-5.3.28/src/dbinc/crypto.h 2018-10-22 11:02:08.038182432 +0200
|
|
|
c7d609 |
@@ -59,7 +60,9 @@ struct __db_cipher {
|
|
|
c7d609 |
|
|
|
c7d609 |
#ifdef HAVE_CRYPTO
|
|
|
c7d609 |
|
|
|
c7d609 |
+#ifndef HAVE_CRYPTO_OPENSSL
|
|
|
c7d609 |
#include "crypto/rijndael/rijndael-api-fst.h"
|
|
|
c7d609 |
+#endif
|
|
|
c7d609 |
|
|
|
c7d609 |
/*
|
|
|
c7d609 |
* Shared ciphering structure
|
|
|
c7d609 |
@@ -77,6 +80,8 @@ typedef struct __cipher {
|
|
|
c7d609 |
typedef struct __aes_cipher {
|
|
|
c7d609 |
#ifdef HAVE_CRYPTO_IPP
|
|
|
c7d609 |
void *ipp_ctx; /* IPP key instance */
|
|
|
c7d609 |
+#elif defined(HAVE_CRYPTO_OPENSSL)
|
|
|
c7d609 |
+ unsigned char key[DB_AES_CHUNK];
|
|
|
c7d609 |
#else
|
|
|
c7d609 |
keyInstance decrypt_ki; /* Decryption key instance */
|
|
|
c7d609 |
keyInstance encrypt_ki; /* Encryption key instance */
|