|
|
2c1758 |
commit ab3fceae6194e8213e9d3ffb7447ccd04d469b9d
|
|
|
2c1758 |
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
2c1758 |
Date: Mon Jul 5 10:45:04 2021 +0200
|
|
|
2c1758 |
|
|
|
2c1758 |
COMMON: sw_crypt.c: Remove support for OpenSSL < v1.1.1
|
|
|
2c1758 |
|
|
|
2c1758 |
Remove support for OpenSSL < v1.1.1. This code used low level
|
|
|
2c1758 |
DES/AES functions.
|
|
|
2c1758 |
|
|
|
2c1758 |
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
2c1758 |
|
|
|
2c1758 |
diff --git a/usr/lib/common/sw_crypt.c b/usr/lib/common/sw_crypt.c
|
|
|
2c1758 |
index 906a41ab..253b3c26 100644
|
|
|
2c1758 |
--- a/usr/lib/common/sw_crypt.c
|
|
|
2c1758 |
+++ b/usr/lib/common/sw_crypt.c
|
|
|
2c1758 |
@@ -32,51 +32,6 @@ CK_RV sw_des3_cbc(CK_BYTE *in_data,
|
|
|
2c1758 |
CK_ULONG *out_data_len,
|
|
|
2c1758 |
CK_BYTE *init_v, CK_BYTE *key_value, CK_BYTE encrypt)
|
|
|
2c1758 |
{
|
|
|
2c1758 |
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
|
2c1758 |
- DES_key_schedule des_key1;
|
|
|
2c1758 |
- DES_key_schedule des_key2;
|
|
|
2c1758 |
- DES_key_schedule des_key3;
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- const_DES_cblock key_SSL1, key_SSL2, key_SSL3;
|
|
|
2c1758 |
- DES_cblock ivec;
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- // the des decrypt will only fail if the data length is not evenly divisible
|
|
|
2c1758 |
- // by DES_BLOCK_SIZE
|
|
|
2c1758 |
- if (in_data_len % DES_BLOCK_SIZE) {
|
|
|
2c1758 |
- TRACE_ERROR("%s\n", ock_err(ERR_DATA_LEN_RANGE));
|
|
|
2c1758 |
- return CKR_DATA_LEN_RANGE;
|
|
|
2c1758 |
- }
|
|
|
2c1758 |
- // The key as passed in is a 24 byte string containing 3 keys
|
|
|
2c1758 |
- // pick it apart and create the key schedules
|
|
|
2c1758 |
- memcpy(&key_SSL1, key_value, (size_t) 8);
|
|
|
2c1758 |
- memcpy(&key_SSL2, key_value + 8, (size_t) 8);
|
|
|
2c1758 |
- memcpy(&key_SSL3, key_value + 16, (size_t) 8);
|
|
|
2c1758 |
- DES_set_key_unchecked(&key_SSL1, &des_key1);
|
|
|
2c1758 |
- DES_set_key_unchecked(&key_SSL2, &des_key2);
|
|
|
2c1758 |
- DES_set_key_unchecked(&key_SSL3, &des_key3);
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- memcpy(ivec, init_v, sizeof(ivec));
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- // Encrypt or decrypt the data
|
|
|
2c1758 |
- if (encrypt) {
|
|
|
2c1758 |
- DES_ede3_cbc_encrypt(in_data,
|
|
|
2c1758 |
- out_data,
|
|
|
2c1758 |
- in_data_len,
|
|
|
2c1758 |
- &des_key1,
|
|
|
2c1758 |
- &des_key2, &des_key3, &ivec, DES_ENCRYPT);
|
|
|
2c1758 |
- *out_data_len = in_data_len;
|
|
|
2c1758 |
- } else {
|
|
|
2c1758 |
- DES_ede3_cbc_encrypt(in_data,
|
|
|
2c1758 |
- out_data,
|
|
|
2c1758 |
- in_data_len,
|
|
|
2c1758 |
- &des_key1,
|
|
|
2c1758 |
- &des_key2, &des_key3, &ivec, DES_DECRYPT);
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- *out_data_len = in_data_len;
|
|
|
2c1758 |
- }
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- return CKR_OK;
|
|
|
2c1758 |
-#else
|
|
|
2c1758 |
CK_RV rc;
|
|
|
2c1758 |
int outlen;
|
|
|
2c1758 |
const EVP_CIPHER *cipher = EVP_des_ede3_cbc();
|
|
|
2c1758 |
@@ -109,7 +64,6 @@ CK_RV sw_des3_cbc(CK_BYTE *in_data,
|
|
|
2c1758 |
done:
|
|
|
2c1758 |
EVP_CIPHER_CTX_free(ctx);
|
|
|
2c1758 |
return rc;
|
|
|
2c1758 |
-#endif
|
|
|
2c1758 |
}
|
|
|
2c1758 |
|
|
|
2c1758 |
CK_RV sw_aes_cbc(CK_BYTE *in_data,
|
|
|
2c1758 |
@@ -119,33 +73,6 @@ CK_RV sw_aes_cbc(CK_BYTE *in_data,
|
|
|
2c1758 |
CK_BYTE *init_v, CK_BYTE *key_value, CK_ULONG keylen,
|
|
|
2c1758 |
CK_BYTE encrypt)
|
|
|
2c1758 |
{
|
|
|
2c1758 |
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
|
2c1758 |
- AES_KEY aes_key;
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- UNUSED(out_data_len); //XXX can this parameter be removed ?
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- memset(&aes_key, 0, sizeof(aes_key));
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- // the aes decrypt will only fail if the data length is not evenly divisible
|
|
|
2c1758 |
- // by AES_BLOCK_SIZE
|
|
|
2c1758 |
- if (in_data_len % AES_BLOCK_SIZE) {
|
|
|
2c1758 |
- TRACE_ERROR("%s\n", ock_err(ERR_DATA_LEN_RANGE));
|
|
|
2c1758 |
- return CKR_DATA_LEN_RANGE;
|
|
|
2c1758 |
- }
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- // Encrypt or decrypt the data
|
|
|
2c1758 |
- if (encrypt) {
|
|
|
2c1758 |
- AES_set_encrypt_key(key_value, keylen * 8, &aes_key);
|
|
|
2c1758 |
- AES_cbc_encrypt(in_data, out_data, in_data_len, &aes_key,
|
|
|
2c1758 |
- init_v, AES_ENCRYPT);
|
|
|
2c1758 |
- } else {
|
|
|
2c1758 |
- AES_set_decrypt_key(key_value, keylen * 8, &aes_key);
|
|
|
2c1758 |
- AES_cbc_encrypt(in_data, out_data, in_data_len, &aes_key,
|
|
|
2c1758 |
- init_v, AES_DECRYPT);
|
|
|
2c1758 |
- }
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- return CKR_OK;
|
|
|
2c1758 |
-#else
|
|
|
2c1758 |
CK_RV rc;
|
|
|
2c1758 |
int outlen;
|
|
|
2c1758 |
const EVP_CIPHER *cipher = NULL;
|
|
|
2c1758 |
@@ -187,5 +114,4 @@ CK_RV sw_aes_cbc(CK_BYTE *in_data,
|
|
|
2c1758 |
done:
|
|
|
2c1758 |
EVP_CIPHER_CTX_free(ctx);
|
|
|
2c1758 |
return rc;
|
|
|
2c1758 |
-#endif
|
|
|
2c1758 |
}
|