commit ab3fceae6194e8213e9d3ffb7447ccd04d469b9d

Author: Ingo Franzki <ifranzki@linux.ibm.com>

Date:   Mon Jul 5 10:45:04 2021 +0200

    COMMON: sw_crypt.c: Remove support for OpenSSL < v1.1.1

    Remove support for OpenSSL < v1.1.1. This code used low level

    DES/AES functions.

    Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

diff --git a/usr/lib/common/sw_crypt.c b/usr/lib/common/sw_crypt.c

index 906a41ab..253b3c26 100644

--- a/usr/lib/common/sw_crypt.c

+++ b/usr/lib/common/sw_crypt.c

@@ -32,51 +32,6 @@ CK_RV sw_des3_cbc(CK_BYTE *in_data,

                   CK_ULONG *out_data_len,

                   CK_BYTE *init_v, CK_BYTE *key_value, CK_BYTE encrypt)

 {

-#if OPENSSL_VERSION_NUMBER < 0x10100000L

-    DES_key_schedule des_key1;

-    DES_key_schedule des_key2;

-    DES_key_schedule des_key3;

-

-    const_DES_cblock key_SSL1, key_SSL2, key_SSL3;

-    DES_cblock ivec;

-

-    // the des decrypt will only fail if the data length is not evenly divisible

-    // by DES_BLOCK_SIZE

-    if (in_data_len % DES_BLOCK_SIZE) {

-        TRACE_ERROR("%s\n", ock_err(ERR_DATA_LEN_RANGE));

-        return CKR_DATA_LEN_RANGE;

-    }

-    // The key as passed in is a 24 byte string containing 3 keys

-    // pick it apart and create the key schedules

-    memcpy(&key_SSL1, key_value, (size_t) 8);

-    memcpy(&key_SSL2, key_value + 8, (size_t) 8);

-    memcpy(&key_SSL3, key_value + 16, (size_t) 8);

-    DES_set_key_unchecked(&key_SSL1, &des_key1);

-    DES_set_key_unchecked(&key_SSL2, &des_key2);

-    DES_set_key_unchecked(&key_SSL3, &des_key3);

-

-    memcpy(ivec, init_v, sizeof(ivec));

-

-    // Encrypt or decrypt the data

-    if (encrypt) {

-        DES_ede3_cbc_encrypt(in_data,

-                             out_data,

-                             in_data_len,

-                             &des_key1,

-                             &des_key2, &des_key3, &ivec, DES_ENCRYPT);

-        *out_data_len = in_data_len;

-    } else {

-        DES_ede3_cbc_encrypt(in_data,

-                             out_data,

-                             in_data_len,

-                             &des_key1,

-                             &des_key2, &des_key3, &ivec, DES_DECRYPT);

-

-        *out_data_len = in_data_len;

-    }

-

-    return CKR_OK;

-#else

     CK_RV rc;

     int outlen;

     const EVP_CIPHER *cipher = EVP_des_ede3_cbc();

@@ -109,7 +64,6 @@ CK_RV sw_des3_cbc(CK_BYTE *in_data,

 done:

     EVP_CIPHER_CTX_free(ctx);

     return rc;

-#endif

 }

 CK_RV sw_aes_cbc(CK_BYTE *in_data,

@@ -119,33 +73,6 @@ CK_RV sw_aes_cbc(CK_BYTE *in_data,

                  CK_BYTE *init_v, CK_BYTE *key_value, CK_ULONG keylen,

                  CK_BYTE encrypt)

 {

-#if OPENSSL_VERSION_NUMBER < 0x10100000L

-    AES_KEY aes_key;

-

-    UNUSED(out_data_len); //XXX can this parameter be removed ?

-

-    memset(&aes_key, 0, sizeof(aes_key));

-

-    // the aes decrypt will only fail if the data length is not evenly divisible

-    // by AES_BLOCK_SIZE

-    if (in_data_len % AES_BLOCK_SIZE) {

-        TRACE_ERROR("%s\n", ock_err(ERR_DATA_LEN_RANGE));

-        return CKR_DATA_LEN_RANGE;

-    }

-

-    // Encrypt or decrypt the data

-    if (encrypt) {

-        AES_set_encrypt_key(key_value, keylen * 8, &aes_key);

-        AES_cbc_encrypt(in_data, out_data, in_data_len, &aes_key,

-                        init_v, AES_ENCRYPT);

-    } else {

-        AES_set_decrypt_key(key_value, keylen * 8, &aes_key);

-        AES_cbc_encrypt(in_data,  out_data, in_data_len, &aes_key,

-                        init_v, AES_DECRYPT);

-    }

-

-    return CKR_OK;

-#else

     CK_RV rc;

     int outlen;

     const EVP_CIPHER *cipher = NULL;

@@ -187,5 +114,4 @@ CK_RV sw_aes_cbc(CK_BYTE *in_data,

 done:

     EVP_CIPHER_CTX_free(ctx);

     return rc;

-#endif

 }