Tree - rpms/opencryptoki - CentOS Git server

rpms / opencryptoki

Blame SOURCES/opencryptoki-openssl3-6fee37f08391415cdf8d8610c501516c3d3ed29c.patch

Blob History Raw

		2c1758	`commit 6fee37f08391415cdf8d8610c501516c3d3ed29c`
		2c1758	`Author: Ingo Franzki <ifranzki@linux.ibm.com>`
		2c1758	`Date: Wed Jun 30 13:41:57 2021 +0200`
		2c1758
		2c1758	`COMMON: mech_md5: Remove deprecated OpenSSL functions`
		2c1758
		2c1758	`All low level MD5 functions are deprecated in OpenSSL 3.0.`
		2c1758	`Update the code to not use any of those.`
		2c1758
		2c1758	`Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>`
		2c1758
		2c1758	`diff --git a/usr/lib/common/h_extern.h b/usr/lib/common/h_extern.h`
		2c1758	`index 47b96ba0..314613a5 100644`
		2c1758	`--- a/usr/lib/common/h_extern.h`
		2c1758	`+++ b/usr/lib/common/h_extern.h`
		2c1758	`@@ -1667,7 +1667,7 @@ CK_RV md5_hmac_verify(STDLL_TokData_t *tokdata,`
		2c1758	`CK_ULONG in_data_len,`
		2c1758	`CK_BYTE *signature, CK_ULONG sig_len);`
		2c1758
		2c1758	`-void sw_md5_init(DIGEST_CONTEXT *ctx);`
		2c1758	`+CK_RV sw_md5_init(DIGEST_CONTEXT *ctx);`
		2c1758
		2c1758	`CK_RV sw_md5_hash(DIGEST_CONTEXT ctx, CK_BYTE in_data,`
		2c1758	`CK_ULONG in_data_len, CK_BYTE *out_data,`
		2c1758	`diff --git a/usr/lib/common/mech_md5.c b/usr/lib/common/mech_md5.c`
		2c1758	`index 320e2549..65c11def 100644`
		2c1758	`--- a/usr/lib/common/mech_md5.c`
		2c1758	`+++ b/usr/lib/common/mech_md5.c`
		2c1758	`@@ -20,30 +20,50 @@`
		2c1758	`#include "tok_spec_struct.h"`
		2c1758	`#include "trace.h"`
		2c1758
		2c1758	`-#include <openssl/md5.h>`
		2c1758	`+#include <openssl/evp.h>`
		2c1758	`#include <openssl/crypto.h>`
		2c1758
		2c1758	`//`
		2c1758	`// Software MD5 implementation (OpenSSL based)`
		2c1758	`//`
		2c1758
		2c1758	`-void sw_md5_init(DIGEST_CONTEXT *ctx)`
		2c1758	`+static void sw_md5_free(STDLL_TokData_t tokdata, SESSION sess,`
		2c1758	`+ CK_BYTE *context, CK_ULONG context_len)`
		2c1758	`{`
		2c1758	`- ctx->context_len = sizeof(MD5_CTX);`
		2c1758	`- ctx->context = (CK_BYTE *) malloc(sizeof(MD5_CTX));`
		2c1758	`+ UNUSED(tokdata);`
		2c1758	`+ UNUSED(sess);`
		2c1758	`+ UNUSED(context_len);`
		2c1758	`+`
		2c1758	`+ EVP_MD_CTX_free((EVP_MD_CTX *)context);`
		2c1758	`+}`
		2c1758	`+`
		2c1758	`+CK_RV sw_md5_init(DIGEST_CONTEXT *ctx)`
		2c1758	`+{`
		2c1758	`+ ctx->context_len = 1;`
		2c1758	`+ ctx->context = (CK_BYTE *)EVP_MD_CTX_new();`
		2c1758	`if (ctx->context == NULL) {`
		2c1758	`TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));`
		2c1758	`- // TODO: propagate error up?`
		2c1758	`- return;`
		2c1758	`+ return CKR_HOST_MEMORY;`
		2c1758	`+ }`
		2c1758	`+`
		2c1758	`+ if (!EVP_DigestInit_ex((EVP_MD_CTX *)ctx->context, EVP_md5(), NULL)) {`
		2c1758	`+ TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));`
		2c1758	`+ EVP_MD_CTX_free((EVP_MD_CTX *)ctx->context);`
		2c1758	`+ return CKR_FUNCTION_FAILED;`
		2c1758	`}`
		2c1758
		2c1758	`- MD5_Init((MD5_CTX *)ctx->context);`
		2c1758	`+ ctx->state_unsaveable = CK_TRUE;`
		2c1758	`+ ctx->context_free_func = sw_md5_free;`
		2c1758	`+`
		2c1758	`+ return CKR_OK;`
		2c1758	`}`
		2c1758
		2c1758	`CK_RV sw_md5_hash(DIGEST_CONTEXT ctx, CK_BYTE in_data,`
		2c1758	`CK_ULONG in_data_len, CK_BYTE *out_data,`
		2c1758	`CK_ULONG *out_data_len)`
		2c1758	`{`
		2c1758	`+ unsigned int len;`
		2c1758	`+`
		2c1758	`if (!ctx \|\| !out_data_len) {`
		2c1758	`TRACE_ERROR("%s received bad argument(s)\n", __func__);`
		2c1758	`return CKR_FUNCTION_FAILED;`
		2c1758	`@@ -57,43 +77,60 @@ CK_RV sw_md5_hash(DIGEST_CONTEXT ctx, CK_BYTE in_data,`
		2c1758	`if (ctx->context == NULL)`
		2c1758	`return CKR_OPERATION_NOT_INITIALIZED;`
		2c1758
		2c1758	`- MD5_Update((MD5_CTX *)ctx->context, in_data, in_data_len);`
		2c1758	`- MD5_Final(out_data, (MD5_CTX *)ctx->context);`
		2c1758	`- *out_data_len = MD5_HASH_SIZE;`
		2c1758	`+ len = *out_data_len;`
		2c1758	`+ if (!EVP_DigestUpdate((EVP_MD_CTX *)ctx->context, in_data, in_data_len) \|\|`
		2c1758	`+ !EVP_DigestFinal((EVP_MD_CTX *)ctx->context, out_data, &len)) {`
		2c1758	`+ TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));`
		2c1758	`+ return CKR_FUNCTION_FAILED;`
		2c1758	`+ }`
		2c1758
		2c1758	`- if (ctx->context_free_func != NULL)`
		2c1758	`- ctx->context_free_func(ctx->context, ctx->context_len);`
		2c1758	`- else`
		2c1758	`- free(ctx->context);`
		2c1758	`+ *out_data_len = len;`
		2c1758	`+`
		2c1758	`+ EVP_MD_CTX_free((EVP_MD_CTX *)ctx->context);`
		2c1758	`ctx->context = NULL;`
		2c1758	`+ ctx->context_free_func = NULL;`
		2c1758
		2c1758	`return CKR_OK;`
		2c1758	`}`
		2c1758
		2c1758	`-CK_RV sw_MD5_Update(DIGEST_CONTEXT ctx, CK_BYTE in_data,`
		2c1758	`- CK_ULONG in_data_len)`
		2c1758	`+static CK_RV sw_md5_update(DIGEST_CONTEXT ctx, CK_BYTE in_data,`
		2c1758	`+ CK_ULONG in_data_len)`
		2c1758	`{`
		2c1758	`if (ctx->context == NULL)`
		2c1758	`return CKR_OPERATION_NOT_INITIALIZED;`
		2c1758
		2c1758	`- MD5_Update((MD5_CTX *)ctx->context, in_data, in_data_len);`
		2c1758	`+ if (!EVP_DigestUpdate((EVP_MD_CTX *)ctx->context, in_data, in_data_len)) {`
		2c1758	`+ TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));`
		2c1758	`+ return CKR_FUNCTION_FAILED;`
		2c1758	`+ }`
		2c1758	`+`
		2c1758	`return CKR_OK;`
		2c1758	`}`
		2c1758
		2c1758	`-CK_RV sw_MD5_Final(DIGEST_CONTEXT ctx, CK_BYTE out_data,`
		2c1758	`- CK_ULONG *out_data_len)`
		2c1758	`+static CK_RV sw_md5_final(DIGEST_CONTEXT ctx, CK_BYTE out_data,`
		2c1758	`+ CK_ULONG *out_data_len)`
		2c1758	`{`
		2c1758	`+ unsigned int len;`
		2c1758	`+`
		2c1758	`if (ctx->context == NULL)`
		2c1758	`return CKR_OPERATION_NOT_INITIALIZED;`
		2c1758
		2c1758	`- MD5_Final(out_data, (MD5_CTX *)ctx->context);`
		2c1758	`- *out_data_len = MD5_HASH_SIZE;`
		2c1758	`+ if (*out_data_len < MD5_HASH_SIZE) {`
		2c1758	`+ TRACE_ERROR("%s\n", ock_err(ERR_BUFFER_TOO_SMALL));`
		2c1758	`+ return CKR_BUFFER_TOO_SMALL;`
		2c1758	`+ }`
		2c1758
		2c1758	`- if (ctx->context_free_func != NULL)`
		2c1758	`- ctx->context_free_func(ctx->context, ctx->context_len);`
		2c1758	`- else`
		2c1758	`- free(ctx->context);`
		2c1758	`+ len = *out_data_len;`
		2c1758	`+ if (!EVP_DigestFinal((EVP_MD_CTX *)ctx->context, out_data, &len)) {`
		2c1758	`+ TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));`
		2c1758	`+ return CKR_FUNCTION_FAILED;`
		2c1758	`+ }`
		2c1758	`+`
		2c1758	`+ *out_data_len = len;`
		2c1758	`+`
		2c1758	`+ EVP_MD_CTX_free((EVP_MD_CTX *)ctx->context);`
		2c1758	`ctx->context = NULL;`
		2c1758	`+ ctx->context_free_func = NULL;`
		2c1758
		2c1758	`return CKR_OK;`
		2c1758	`}`
		2c1758	`@@ -105,8 +142,7 @@ CK_RV md5_init(STDLL_TokData_t tokdata, SESSION sess, DIGEST_CONTEXT *ctx,`
		2c1758	`UNUSED(sess);`
		2c1758
		2c1758	`if (mech->mechanism == CKM_MD5) {`
		2c1758	`- sw_md5_init(ctx);`
		2c1758	`- return CKR_OK;`
		2c1758	`+ return sw_md5_init(ctx);`
		2c1758	`} else {`
		2c1758	`return CKR_MECHANISM_INVALID;`
		2c1758	`}`
		2c1758	`@@ -159,7 +195,7 @@ CK_RV md5_hash_update(STDLL_TokData_t tokdata, SESSION sess,`
		2c1758	`return CKR_OK;`
		2c1758
		2c1758	`if (ctx->mech.mechanism == CKM_MD5)`
		2c1758	`- return sw_MD5_Update(ctx, in_data, in_data_len);`
		2c1758	`+ return sw_md5_update(ctx, in_data, in_data_len);`
		2c1758	`else`
		2c1758	`return CKR_MECHANISM_INVALID;`
		2c1758	`}`
		2c1758	`@@ -188,7 +224,7 @@ CK_RV md5_hash_final(STDLL_TokData_t tokdata, SESSION sess,`
		2c1758	`}`
		2c1758
		2c1758	`if (ctx->mech.mechanism == CKM_MD5)`
		2c1758	`- return sw_MD5_Final(ctx, out_data, out_data_len);`
		2c1758	`+ return sw_md5_final(ctx, out_data, out_data_len);`
		2c1758	`else`
		2c1758	`return CKR_MECHANISM_INVALID;`
		2c1758	`}`

rpms / opencryptoki

Source Code

Blame SOURCES/opencryptoki-openssl3-6fee37f08391415cdf8d8610c501516c3d3ed29c.patch