|
 |
2c1758 |
commit 533cdea6897d1bc0af13490f1c89248c52e7a73b
|
|
|
2c1758 |
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
2c1758 |
Date: Wed Jun 30 11:30:00 2021 +0200
|
|
|
2c1758 |
|
|
|
2c1758 |
COMMON: utilities.c: Remove deprecated OpenSSL functions
|
|
|
2c1758 |
|
|
|
2c1758 |
Rework functions compute_sha(), compute_sha1(), and compute_md5() to
|
|
|
2c1758 |
no longer use the mech_sha and mech_md5 routines, but to use the
|
|
|
2c1758 |
OpenSSL EVP interface directly.
|
|
|
2c1758 |
|
|
|
2c1758 |
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
2c1758 |
|
|
|
2c1758 |
diff --git a/usr/lib/common/utility.c b/usr/lib/common/utility.c
|
|
|
2c1758 |
index bcdc15bf..5fc68938 100644
|
|
|
2c1758 |
--- a/usr/lib/common/utility.c
|
|
|
2c1758 |
+++ b/usr/lib/common/utility.c
|
|
|
2c1758 |
@@ -849,66 +849,89 @@ CK_RV get_hmac_digest(CK_ULONG mech, CK_ULONG *digest_mech, CK_BBOOL *general)
|
|
|
2c1758 |
return CKR_OK;
|
|
|
2c1758 |
}
|
|
|
2c1758 |
|
|
|
2c1758 |
-/* Compute specified SHA using either software or token implementation */
|
|
|
2c1758 |
+/* Compute specified SHA or MD5 using software */
|
|
|
2c1758 |
CK_RV compute_sha(STDLL_TokData_t *tokdata, CK_BYTE *data, CK_ULONG len,
|
|
|
2c1758 |
CK_BYTE *hash, CK_ULONG mech)
|
|
|
2c1758 |
{
|
|
|
2c1758 |
- DIGEST_CONTEXT ctx;
|
|
|
2c1758 |
- CK_ULONG hash_len;
|
|
|
2c1758 |
- CK_RV rv;
|
|
|
2c1758 |
+ const EVP_MD *md;
|
|
|
2c1758 |
+ unsigned int hash_len;
|
|
|
2c1758 |
|
|
|
2c1758 |
- memset(&ctx, 0x0, sizeof(ctx));
|
|
|
2c1758 |
- ctx.mech.mechanism = mech;
|
|
|
2c1758 |
+ UNUSED(tokdata);
|
|
|
2c1758 |
|
|
|
2c1758 |
- rv = get_sha_size(mech, &hash_len);
|
|
|
2c1758 |
- if (rv != CKR_OK)
|
|
|
2c1758 |
- return rv;
|
|
|
2c1758 |
+ switch (mech) {
|
|
|
2c1758 |
+ case CKM_MD5:
|
|
|
2c1758 |
+ hash_len = MD5_HASH_SIZE;
|
|
|
2c1758 |
+ md = EVP_md5();
|
|
|
2c1758 |
+ break;
|
|
|
2c1758 |
+ case CKM_SHA_1:
|
|
|
2c1758 |
+ hash_len = SHA1_HASH_SIZE;
|
|
|
2c1758 |
+ md = EVP_sha1();
|
|
|
2c1758 |
+ break;
|
|
|
2c1758 |
+ case CKM_SHA224:
|
|
|
2c1758 |
+ case CKM_SHA512_224:
|
|
|
2c1758 |
+ hash_len = SHA224_HASH_SIZE;
|
|
|
2c1758 |
+ md = EVP_sha224();
|
|
|
2c1758 |
+ break;
|
|
|
2c1758 |
+ case CKM_SHA256:
|
|
|
2c1758 |
+ case CKM_SHA512_256:
|
|
|
2c1758 |
+ hash_len = SHA256_HASH_SIZE;
|
|
|
2c1758 |
+ md = EVP_sha256();
|
|
|
2c1758 |
+ break;
|
|
|
2c1758 |
+ case CKM_SHA384:
|
|
|
2c1758 |
+ hash_len = SHA384_HASH_SIZE;
|
|
|
2c1758 |
+ md = EVP_sha384();
|
|
|
2c1758 |
+ break;
|
|
|
2c1758 |
+ case CKM_SHA512:
|
|
|
2c1758 |
+ hash_len = SHA512_HASH_SIZE;
|
|
|
2c1758 |
+ md = EVP_sha512();
|
|
|
2c1758 |
+ break;
|
|
|
2c1758 |
+#ifdef NID_sha3_224
|
|
|
2c1758 |
+ case CKM_IBM_SHA3_224:
|
|
|
2c1758 |
+ hash_len = SHA3_224_HASH_SIZE;
|
|
|
2c1758 |
+ md = EVP_sha3_224();
|
|
|
2c1758 |
+ break;
|
|
|
2c1758 |
+#endif
|
|
|
2c1758 |
+#ifdef NID_sha3_256
|
|
|
2c1758 |
+ case CKM_IBM_SHA3_256:
|
|
|
2c1758 |
+ hash_len = SHA3_256_HASH_SIZE;
|
|
|
2c1758 |
+ md = EVP_sha3_256();
|
|
|
2c1758 |
+ break;
|
|
|
2c1758 |
+#endif
|
|
|
2c1758 |
+#ifdef NID_sha3_384
|
|
|
2c1758 |
+ case CKM_IBM_SHA3_384:
|
|
|
2c1758 |
+ hash_len = SHA3_384_HASH_SIZE;
|
|
|
2c1758 |
+ md = EVP_sha3_384();
|
|
|
2c1758 |
+ break;
|
|
|
2c1758 |
+#endif
|
|
|
2c1758 |
+#ifdef NID_sha3_512
|
|
|
2c1758 |
+ case CKM_IBM_SHA3_512:
|
|
|
2c1758 |
+ hash_len = SHA3_512_HASH_SIZE;
|
|
|
2c1758 |
+ md = EVP_sha3_512();
|
|
|
2c1758 |
+ break;
|
|
|
2c1758 |
+#endif
|
|
|
2c1758 |
+ default:
|
|
|
2c1758 |
+ return CKR_MECHANISM_INVALID;
|
|
|
2c1758 |
+ }
|
|
|
2c1758 |
|
|
|
2c1758 |
- rv = sha_init(tokdata, NULL, &ctx, &ctx.mech);
|
|
|
2c1758 |
- if (rv != CKR_OK) {
|
|
|
2c1758 |
- TRACE_DEBUG("failed to create digest.\n");
|
|
|
2c1758 |
- return rv;
|
|
|
2c1758 |
+ if (EVP_Digest(data, len, hash, &hash_len, md, NULL) != 1) {
|
|
|
2c1758 |
+ TRACE_ERROR("%s EVP_Digest failed\n", __func__);
|
|
|
2c1758 |
+ return CKR_FUNCTION_FAILED;
|
|
|
2c1758 |
}
|
|
|
2c1758 |
- rv = sha_hash(tokdata, NULL, FALSE, &ctx, data, len, hash, &hash_len);
|
|
|
2c1758 |
|
|
|
2c1758 |
- digest_mgr_cleanup(&ctx;;
|
|
|
2c1758 |
- return rv;
|
|
|
2c1758 |
+ return CKR_OK;
|
|
|
2c1758 |
}
|
|
|
2c1758 |
|
|
|
2c1758 |
/* Compute SHA1 using software implementation */
|
|
|
2c1758 |
CK_RV compute_sha1(STDLL_TokData_t *tokdata, CK_BYTE *data, CK_ULONG len,
|
|
|
2c1758 |
CK_BYTE *hash)
|
|
|
2c1758 |
{
|
|
|
2c1758 |
- // XXX KEY
|
|
|
2c1758 |
- DIGEST_CONTEXT ctx;
|
|
|
2c1758 |
- CK_ULONG hash_len = SHA1_HASH_SIZE;
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- UNUSED(tokdata);
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- memset(&ctx, 0x0, sizeof(ctx));
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- sw_sha1_init(&ctx;;
|
|
|
2c1758 |
- if (ctx.context == NULL)
|
|
|
2c1758 |
- return CKR_HOST_MEMORY;
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- return sw_sha1_hash(&ctx, data, len, hash, &hash_len);
|
|
|
2c1758 |
+ return compute_sha(tokdata, data, len, hash, CKM_SHA_1);
|
|
|
2c1758 |
}
|
|
|
2c1758 |
|
|
|
2c1758 |
CK_RV compute_md5(STDLL_TokData_t *tokdata, CK_BYTE *data, CK_ULONG len,
|
|
|
2c1758 |
CK_BYTE *hash)
|
|
|
2c1758 |
{
|
|
|
2c1758 |
- DIGEST_CONTEXT ctx;
|
|
|
2c1758 |
- CK_ULONG hash_len = MD5_HASH_SIZE;
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- UNUSED(tokdata);
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- memset(&ctx, 0x0, sizeof(ctx));
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- sw_md5_init(&ctx;;
|
|
|
2c1758 |
- if (ctx.context == NULL)
|
|
|
2c1758 |
- return CKR_HOST_MEMORY;
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- return sw_md5_hash(&ctx, data, len, hash, &hash_len);
|
|
|
2c1758 |
+ return compute_sha(tokdata, data, len, hash, CKM_MD5);
|
|
|
2c1758 |
}
|
|
|
2c1758 |
|
|
|
2c1758 |
CK_RV get_keytype(STDLL_TokData_t *tokdata, CK_OBJECT_HANDLE hkey,
|