From b1858f6b5fa33b9ef9eeea1f6152185d54bba323 Mon Sep 17 00:00:00 2001

From: Wim Taymans <wtaymans@redhat.com>

Date: Mon, 3 Sep 2018 13:19:44 +0200

Subject: [PATCH] Changes for OpenSSL 1.1.0 compatibility

---

 crypto/cipher/aes_gcm_ossl.c  |  36 +++++----

 crypto/cipher/aes_icm_ossl.c  |  18 +++--

 crypto/hash/hmac_ossl.c       | 135 ++++++++++++----------------------

 crypto/include/aes_gcm_ossl.h |   2 +-

 crypto/include/aes_icm_ossl.h |   2 +-

 crypto/include/sha1.h         |  14 ++--

 6 files changed, 89 insertions(+), 118 deletions(-)

diff --git a/crypto/cipher/aes_gcm_ossl.c b/crypto/cipher/aes_gcm_ossl.c

index dce2a33..943dbd5 100644

--- a/crypto/cipher/aes_gcm_ossl.c

+++ b/crypto/cipher/aes_gcm_ossl.c

@@ -116,6 +116,13 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen)

     (*c)->state = allptr + sizeof(cipher_t);

     gcm = (aes_gcm_ctx_t *)(*c)->state;

+    gcm->ctx = EVP_CIPHER_CTX_new();

+    if (gcm->ctx == NULL) {

+        crypto_free(*c);

+        *c = NULL;

+        return (err_status_alloc_fail);

+    }

+

     /* increment ref_count */

     switch (key_len) {

     case AES_128_GCM_KEYSIZE_WSALT:

@@ -136,7 +143,6 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen)

     /* set key size        */

     (*c)->key_len = key_len;

-    EVP_CIPHER_CTX_init(&gcm->ctx);

     return (err_status_ok);

 }

@@ -151,7 +157,7 @@ err_status_t aes_gcm_openssl_dealloc (cipher_t *c)

     ctx = (aes_gcm_ctx_t*)c->state;

     if (ctx) {

-	EVP_CIPHER_CTX_cleanup(&ctx->ctx);

+	EVP_CIPHER_CTX_free(ctx->ctx);

         /* decrement ref_count for the appropriate engine */

         switch (ctx->key_size) {

         case AES_256_KEYSIZE:

@@ -197,7 +203,7 @@ err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key)

     debug_print(mod_aes_gcm, "key:  %s", v128_hex_string((v128_t*)&c->key));

-    EVP_CIPHER_CTX_cleanup(&c->ctx);

+    EVP_CIPHER_CTX_cleanup(c->ctx);

     return (err_status_ok);

 }

@@ -231,19 +237,19 @@ err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv,

         break;

     }

-    if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, (const unsigned char*)&c->key.v8,

+    if (!EVP_CipherInit_ex(c->ctx, evp, NULL, (const unsigned char*)&c->key.v8,

                            NULL, (c->dir == direction_encrypt ? 1 : 0))) {

         return (err_status_init_fail);

     }

     /* set IV len  and the IV value, the followiong 3 calls are required */

-    if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {

+    if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {

         return (err_status_init_fail);

     }

-    if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) {

+    if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) {

         return (err_status_init_fail);

     }

-    if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) {

+    if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) {

         return (err_status_init_fail);

     }

@@ -267,9 +273,9 @@ err_status_t aes_gcm_openssl_set_aad (aes_gcm_ctx_t *c, unsigned char *aad,

      * Set dummy tag, OpenSSL requires the Tag to be set before

      * processing AAD

      */

-    EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad);

+    EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad);

-    rv = EVP_Cipher(&c->ctx, NULL, aad, aad_len);

+    rv = EVP_Cipher(c->ctx, NULL, aad, aad_len);

     if (rv != aad_len) {

         return (err_status_algo_fail);

     } else {

@@ -295,7 +301,7 @@ err_status_t aes_gcm_openssl_encrypt (aes_gcm_ctx_t *c, unsigned char *buf,

     /*

      * Encrypt the data

      */

-    EVP_Cipher(&c->ctx, buf, buf, *enc_len);

+    EVP_Cipher(c->ctx, buf, buf, *enc_len);

     return (err_status_ok);

 }

@@ -317,12 +323,12 @@ err_status_t aes_gcm_openssl_get_tag (aes_gcm_ctx_t *c, unsigned char *buf,

     /*

      * Calculate the tag

      */

-    EVP_Cipher(&c->ctx, NULL, NULL, 0);

+    EVP_Cipher(c->ctx, NULL, NULL, 0);

     /*

      * Retreive the tag

      */

-    EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);

+    EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);

     /*

      * Increase encryption length by desired tag size

@@ -351,14 +357,14 @@ err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c, unsigned char *buf,

     /*

      * Set the tag before decrypting

      */

-    EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, 

+    EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, 

 	                buf + (*enc_len - c->tag_len));

-    EVP_Cipher(&c->ctx, buf, buf, *enc_len - c->tag_len);

+    EVP_Cipher(c->ctx, buf, buf, *enc_len - c->tag_len);

     /*

      * Check the tag

      */

-    if (EVP_Cipher(&c->ctx, NULL, NULL, 0)) {

+    if (EVP_Cipher(c->ctx, NULL, NULL, 0)) {

         return (err_status_auth_fail);

     }

diff --git a/crypto/cipher/aes_icm_ossl.c b/crypto/cipher/aes_icm_ossl.c

index eb58539..1ddd39e 100644

--- a/crypto/cipher/aes_icm_ossl.c

+++ b/crypto/cipher/aes_icm_ossl.c

@@ -143,6 +143,13 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen)

     (*c)->state = allptr + sizeof(cipher_t);

     icm = (aes_icm_ctx_t*)(*c)->state;

+    icm->ctx = EVP_CIPHER_CTX_new();

+    if (icm->ctx == NULL) {

+        crypto_free(*c);

+        *c = NULL;

+        return err_status_alloc_fail;

+    }

+

     /* increment ref_count */

     switch (key_len) {

     case AES_128_KEYSIZE_WSALT:

@@ -169,7 +176,6 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen)

     /* set key size        */

     (*c)->key_len = key_len;

-    EVP_CIPHER_CTX_init(&icm->ctx);

     return err_status_ok;

 }

@@ -191,7 +197,7 @@ err_status_t aes_icm_openssl_dealloc (cipher_t *c)

      */

     ctx = (aes_icm_ctx_t*)c->state;

     if (ctx != NULL) {

-        EVP_CIPHER_CTX_cleanup(&ctx->ctx);

+        EVP_CIPHER_CTX_free(ctx->ctx);

         /* decrement ref_count for the appropriate engine */

         switch (ctx->key_size) {

         case AES_256_KEYSIZE:

@@ -271,7 +277,7 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key,

     debug_print(mod_aes_icm, "key:  %s", v128_hex_string((v128_t*)&c->key));

     debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));

-    EVP_CIPHER_CTX_cleanup(&c->ctx);

+    EVP_CIPHER_CTX_cleanup(c->ctx);

     return err_status_ok;

 }

@@ -312,7 +318,7 @@ err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir)

         break;

     }

-    if (!EVP_EncryptInit_ex(&c->ctx, evp,

+    if (!EVP_EncryptInit_ex(c->ctx, evp,

                             NULL, c->key.v8, c->counter.v8)) {

         return err_status_fail;

     } else {

@@ -334,12 +340,12 @@ err_status_t aes_icm_openssl_encrypt (aes_icm_ctx_t *c, unsigned char *buf, unsi

     debug_print(mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter));

-    if (!EVP_EncryptUpdate(&c->ctx, buf, &len, buf, *enc_len)) {

+    if (!EVP_EncryptUpdate(c->ctx, buf, &len, buf, *enc_len)) {

         return err_status_cipher_fail;

     }

     *enc_len = len;

-    if (!EVP_EncryptFinal_ex(&c->ctx, buf, &len)) {

+    if (!EVP_EncryptFinal_ex(c->ctx, buf, &len)) {

         return err_status_cipher_fail;

     }

     *enc_len += len;

diff --git a/crypto/hash/hmac_ossl.c b/crypto/hash/hmac_ossl.c

index f62ce57..3f6f97d 100644

--- a/crypto/hash/hmac_ossl.c

+++ b/crypto/hash/hmac_ossl.c

@@ -49,8 +49,10 @@

 #include "hmac.h"

 #include "alloc.h"

 #include <openssl/evp.h>

+#include <openssl/hmac.h>

-#define HMAC_KEYLEN_MAX		20

+#define HMAC_KEYLEN_MAX                20

+#define SHA1_DIGEST_SIZE               20

 /* the debug module for authentiation */

@@ -64,8 +66,6 @@ err_status_t

 hmac_alloc (auth_t **a, int key_len, int out_len)

 {

     extern auth_type_t hmac;

-    uint8_t *pointer;

-    hmac_ctx_t *new_hmac_ctx;

     debug_print(mod_hmac, "allocating auth func with key length %d", key_len);

     debug_print(mod_hmac, "                          tag length %d", out_len);

@@ -79,25 +79,28 @@ hmac_alloc (auth_t **a, int key_len, int out_len)

     }

     /* check output length - should be less than 20 bytes */

-    if (out_len > HMAC_KEYLEN_MAX) {

+    if (out_len > SHA1_DIGEST_SIZE) {

         return err_status_bad_param;

     }

     /* allocate memory for auth and hmac_ctx_t structures */

-    pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t));

-    if (pointer == NULL) {

+    *a = crypto_alloc(sizeof(auth_t));

+    if (*a == NULL) {

+        return err_status_alloc_fail;

+    }

+

+    (*a)->state = HMAC_CTX_new();

+    if ((*a)->state == NULL) {

+        crypto_free(*a);

+        *a = NULL;

         return err_status_alloc_fail;

     }

     /* set pointers */

-    *a = (auth_t*)pointer;

     (*a)->type = &hmac;

-    (*a)->state = pointer + sizeof(auth_t);

     (*a)->out_len = out_len;

     (*a)->key_len = key_len;

     (*a)->prefix_len = 0;

-    new_hmac_ctx = (hmac_ctx_t*)((*a)->state);

-    memset(new_hmac_ctx, 0, sizeof(hmac_ctx_t));

     /* increment global count of all hmac uses */

     hmac.ref_count++;

@@ -109,19 +112,14 @@ err_status_t

 hmac_dealloc (auth_t *a)

 {

     extern auth_type_t hmac;

-    hmac_ctx_t *hmac_ctx;

+    HMAC_CTX *hmac_ctx;

-    hmac_ctx = (hmac_ctx_t*)a->state;

-    if (hmac_ctx->ctx_initialized) {

-        EVP_MD_CTX_cleanup(&hmac_ctx->ctx);

-    }

-    if (hmac_ctx->init_ctx_initialized) {

-        EVP_MD_CTX_cleanup(&hmac_ctx->init_ctx);

-    }

+    hmac_ctx = (HMAC_CTX*)a->state;

+

+    HMAC_CTX_free(hmac_ctx);

     /* zeroize entire state*/

-    octet_string_set_to_zero((uint8_t*)a,

-                             sizeof(hmac_ctx_t) + sizeof(auth_t));

+    octet_string_set_to_zero((uint8_t*)a, sizeof(auth_t));

     /* free memory */

     crypto_free(a);

@@ -133,109 +131,68 @@ hmac_dealloc (auth_t *a)

 }

 err_status_t

-hmac_init (hmac_ctx_t *state, const uint8_t *key, int key_len)

+hmac_start (hmac_ctx_t *statev)

 {

-    int i;

-    uint8_t ipad[64];

-

-    /*

-     * check key length - note that we don't support keys larger

-     * than 20 bytes yet

-     */

-    if (key_len > HMAC_KEYLEN_MAX) {

-        return err_status_bad_param;

-    }

-

-    /*

-     * set values of ipad and opad by exoring the key into the

-     * appropriate constant values

-     */

-    for (i = 0; i < key_len; i++) {

-        ipad[i] = key[i] ^ 0x36;

-        state->opad[i] = key[i] ^ 0x5c;

-    }

-    /* set the rest of ipad, opad to constant values */

-    for (; i < sizeof(ipad); i++) {

-        ipad[i] = 0x36;

-        ((uint8_t*)state->opad)[i] = 0x5c;

-    }

-

-    debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, sizeof(ipad)));

+    HMAC_CTX *state = (HMAC_CTX *)statev;

-    /* initialize sha1 context */

-    sha1_init(&state->init_ctx);

-    state->init_ctx_initialized = 1;

+    if (HMAC_Init_ex(state, NULL, 0, NULL, NULL) == 0)

+        return err_status_auth_fail;

-    /* hash ipad ^ key */

-    sha1_update(&state->init_ctx, ipad, sizeof(ipad));

-    return (hmac_start(state));

+    return err_status_ok;

 }

 err_status_t

-hmac_start (hmac_ctx_t *state)

+hmac_init (hmac_ctx_t *statev, const uint8_t *key, int key_len)

 {

-    if (state->ctx_initialized) {

-        EVP_MD_CTX_cleanup(&state->ctx);

-    }

-    if (!EVP_MD_CTX_copy(&state->ctx, &state->init_ctx)) {

+    HMAC_CTX *state = (HMAC_CTX *)statev;

+

+    if (HMAC_Init_ex(state, key, key_len, EVP_sha1(), NULL) == 0)

         return err_status_auth_fail;

-    } else {

-        state->ctx_initialized = 1;

-        return err_status_ok;

-    }

+

+    return err_status_ok;

 }

 err_status_t

-hmac_update (hmac_ctx_t *state, const uint8_t *message, int msg_octets)

+hmac_update (hmac_ctx_t *statev, const uint8_t *message, int msg_octets)

 {

+    HMAC_CTX *state = (HMAC_CTX *)statev;

+

     debug_print(mod_hmac, "input: %s",

                 octet_string_hex_string(message, msg_octets));

-    /* hash message into sha1 context */

-    sha1_update(&state->ctx, message, msg_octets);

+    if (HMAC_Update(state, message, msg_octets) == 0)

+        return err_status_auth_fail;

     return err_status_ok;

 }

 err_status_t

-hmac_compute (hmac_ctx_t *state, const void *message,

+hmac_compute (hmac_ctx_t *statev, const void *message,

               int msg_octets, int tag_len, uint8_t *result)

 {

-    uint32_t hash_value[5];

-    uint32_t H[5];

+    HMAC_CTX *state = (HMAC_CTX *)statev;

+    uint8_t hash_value[SHA1_DIGEST_SIZE];

     int i;

+    unsigned int len;

     /* check tag length, return error if we can't provide the value expected */

-    if (tag_len > HMAC_KEYLEN_MAX) {

+    if (tag_len > SHA1_DIGEST_SIZE) {

         return err_status_bad_param;

     }

     /* hash message, copy output into H */

-    sha1_update(&state->ctx, message, msg_octets);

-    sha1_final(&state->ctx, H);

-

-    /*

-     * note that we don't need to debug_print() the input, since the

-     * function hmac_update() already did that for us

-     */

-    debug_print(mod_hmac, "intermediate state: %s",

-                octet_string_hex_string((uint8_t*)H, sizeof(H)));

-

-    /* re-initialize hash context */

-    sha1_init(&state->ctx);

-

-    /* hash opad ^ key  */

-    sha1_update(&state->ctx, (uint8_t*)state->opad, sizeof(state->opad));

+    if (HMAC_Update(state, message, msg_octets) == 0)

+        return err_status_auth_fail;

-    /* hash the result of the inner hash */

-    sha1_update(&state->ctx, (uint8_t*)H, sizeof(H));

+    if (HMAC_Final(state, hash_value, &len) == 0)

+        return err_status_auth_fail;

-    /* the result is returned in the array hash_value[] */

-    sha1_final(&state->ctx, hash_value);

+    if (len < tag_len)

+        return err_status_auth_fail;

     /* copy hash_value to *result */

     for (i = 0; i < tag_len; i++) {

-        result[i] = ((uint8_t*)hash_value)[i];

+        result[i] = hash_value[i];

     }

     debug_print(mod_hmac, "output: %s",

diff --git a/crypto/include/aes_gcm_ossl.h b/crypto/include/aes_gcm_ossl.h

index 8e7711d..4f49b51 100644

--- a/crypto/include/aes_gcm_ossl.h

+++ b/crypto/include/aes_gcm_ossl.h

@@ -55,7 +55,7 @@ typedef struct {

   v256_t   key;

   int      key_size;

   int      tag_len;

-  EVP_CIPHER_CTX ctx;

+  EVP_CIPHER_CTX* ctx;

   cipher_direction_t dir;

 } aes_gcm_ctx_t;

diff --git a/crypto/include/aes_icm_ossl.h b/crypto/include/aes_icm_ossl.h

index b4ec40a..af23320 100644

--- a/crypto/include/aes_icm_ossl.h

+++ b/crypto/include/aes_icm_ossl.h

@@ -72,7 +72,7 @@ typedef struct {

     v128_t offset;                 /* initial offset value             */

     v256_t key;

     int key_size;

-    EVP_CIPHER_CTX ctx;

+    EVP_CIPHER_CTX* ctx;

 } aes_icm_ctx_t;

 err_status_t aes_icm_openssl_set_iv(aes_icm_ctx_t *c, void *iv, int dir);

diff --git a/crypto/include/sha1.h b/crypto/include/sha1.h

index 2ce53e8..fb5bd95 100644

--- a/crypto/include/sha1.h

+++ b/crypto/include/sha1.h

@@ -56,8 +56,6 @@

 #include <openssl/evp.h>

 #include <stdint.h>

-typedef EVP_MD_CTX sha1_ctx_t;

-

 /*

  * sha1_init(&ctx) initializes the SHA1 context ctx

  *

@@ -72,23 +70,27 @@ typedef EVP_MD_CTX sha1_ctx_t;

  *

  */

+typedef EVP_MD_CTX* sha1_ctx_t;

+

 static inline void sha1_init (sha1_ctx_t *ctx)

 {

-    EVP_MD_CTX_init(ctx);

-    EVP_DigestInit(ctx, EVP_sha1());

+    *ctx = EVP_MD_CTX_new();

+    EVP_DigestInit(*ctx, EVP_sha1());

 }

 static inline void sha1_update (sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg)

 {

-    EVP_DigestUpdate(ctx, M, octets_in_msg);

+    EVP_DigestUpdate(*ctx, M, octets_in_msg);

 }

 static inline void sha1_final (sha1_ctx_t *ctx, uint32_t *output)

 {

     unsigned int len = 0;

-    EVP_DigestFinal(ctx, (unsigned char*)output, &len;;

+    EVP_DigestFinal(*ctx, (unsigned char*)output, &len;;

+    EVP_MD_CTX_free(*ctx);

 }

+

 #else

 #include "datatypes.h"

-- 

2.17.1