|
 |
2c1758 |
commit 5cceead028ec8e0c244b01d38c9096c96d98f96b
|
|
|
2c1758 |
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
2c1758 |
Date: Mon Jul 5 10:46:52 2021 +0200
|
|
|
2c1758 |
|
|
|
2c1758 |
ICSF: Remove support for OpenSSL < v1.1.1
|
|
|
2c1758 |
|
|
|
2c1758 |
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
2c1758 |
|
|
|
2c1758 |
diff --git a/usr/lib/icsf_stdll/pbkdf.c b/usr/lib/icsf_stdll/pbkdf.c
|
|
|
2c1758 |
index 4ddd0fd7..6ec4128a 100644
|
|
|
2c1758 |
--- a/usr/lib/icsf_stdll/pbkdf.c
|
|
|
2c1758 |
+++ b/usr/lib/icsf_stdll/pbkdf.c
|
|
|
2c1758 |
@@ -82,7 +82,6 @@ CK_RV encrypt_aes(CK_BYTE * inbuf, int inbuflen, CK_BYTE * dkey,
|
|
|
2c1758 |
const EVP_CIPHER *cipher = EVP_aes_256_cbc();
|
|
|
2c1758 |
int tmplen;
|
|
|
2c1758 |
|
|
|
2c1758 |
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
|
2c1758 |
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
|
|
|
2c1758 |
|
|
|
2c1758 |
EVP_EncryptInit_ex(ctx, cipher, NULL, dkey, iv);
|
|
|
2c1758 |
@@ -98,24 +97,6 @@ CK_RV encrypt_aes(CK_BYTE * inbuf, int inbuflen, CK_BYTE * dkey,
|
|
|
2c1758 |
*outbuflen = (*outbuflen) + tmplen;
|
|
|
2c1758 |
EVP_CIPHER_CTX_free(ctx);
|
|
|
2c1758 |
|
|
|
2c1758 |
-#else
|
|
|
2c1758 |
- EVP_CIPHER_CTX ctx;
|
|
|
2c1758 |
- EVP_CIPHER_CTX_init(&ctx;;
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- EVP_EncryptInit_ex(&ctx, cipher, NULL, dkey, iv);
|
|
|
2c1758 |
- if (!EVP_EncryptUpdate(&ctx, outbuf, outbuflen, inbuf, inbuflen)) {
|
|
|
2c1758 |
- TRACE_ERROR("EVP_EncryptUpdate failed.\n");
|
|
|
2c1758 |
- return CKR_FUNCTION_FAILED;
|
|
|
2c1758 |
- }
|
|
|
2c1758 |
- if (!EVP_EncryptFinal_ex(&ctx, outbuf + (*outbuflen), &tmplen)) {
|
|
|
2c1758 |
- TRACE_ERROR("EVP_EncryptFinal failed.\n");
|
|
|
2c1758 |
- return CKR_FUNCTION_FAILED;
|
|
|
2c1758 |
- }
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- *outbuflen = (*outbuflen) + tmplen;
|
|
|
2c1758 |
- EVP_CIPHER_CTX_cleanup(&ctx;;
|
|
|
2c1758 |
-#endif
|
|
|
2c1758 |
-
|
|
|
2c1758 |
return CKR_OK;
|
|
|
2c1758 |
}
|
|
|
2c1758 |
|
|
|
2c1758 |
@@ -125,7 +106,6 @@ CK_RV decrypt_aes(CK_BYTE * inbuf, int inbuflen, CK_BYTE * dkey,
|
|
|
2c1758 |
int size;
|
|
|
2c1758 |
const EVP_CIPHER *cipher = EVP_aes_256_cbc();
|
|
|
2c1758 |
|
|
|
2c1758 |
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
|
2c1758 |
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
|
|
|
2c1758 |
|
|
|
2c1758 |
EVP_DecryptInit_ex(ctx, cipher, NULL, dkey, iv);
|
|
|
2c1758 |
@@ -147,30 +127,6 @@ CK_RV decrypt_aes(CK_BYTE * inbuf, int inbuflen, CK_BYTE * dkey,
|
|
|
2c1758 |
|
|
|
2c1758 |
EVP_CIPHER_CTX_free(ctx);
|
|
|
2c1758 |
|
|
|
2c1758 |
-#else
|
|
|
2c1758 |
- EVP_CIPHER_CTX ctx;
|
|
|
2c1758 |
- EVP_CIPHER_CTX_init(&ctx;;
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- EVP_DecryptInit_ex(&ctx, cipher, NULL, dkey, iv);
|
|
|
2c1758 |
- if (!EVP_DecryptUpdate(&ctx, outbuf, outbuflen, inbuf, inbuflen)) {
|
|
|
2c1758 |
- TRACE_ERROR("EVP_DecryptUpdate failed.\n");
|
|
|
2c1758 |
- return CKR_FUNCTION_FAILED;
|
|
|
2c1758 |
- }
|
|
|
2c1758 |
- if (!EVP_DecryptFinal_ex(&ctx, outbuf + (*outbuflen), &size)) {
|
|
|
2c1758 |
- TRACE_ERROR("EVP_DecryptFinal failed.\n");
|
|
|
2c1758 |
- return CKR_FUNCTION_FAILED;
|
|
|
2c1758 |
- }
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- /* total length of the decrypted data */
|
|
|
2c1758 |
- *outbuflen = (*outbuflen) + size;
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- /* EVP_DecryptFinal removes any padding. The final length
|
|
|
2c1758 |
- * is the length of the decrypted data without padding.
|
|
|
2c1758 |
- */
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- EVP_CIPHER_CTX_cleanup(&ctx;;
|
|
|
2c1758 |
-#endif
|
|
|
2c1758 |
-
|
|
|
2c1758 |
return CKR_OK;
|
|
|
2c1758 |
}
|
|
|
2c1758 |
|