commit ab3fceae6194e8213e9d3ffb7447ccd04d469b9d
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date:   Mon Jul 5 10:45:04 2021 +0200

    COMMON: sw_crypt.c: Remove support for OpenSSL < v1.1.1
    
    Remove support for OpenSSL < v1.1.1. This code used low level
    DES/AES functions.
    
    Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

diff --git a/usr/lib/common/sw_crypt.c b/usr/lib/common/sw_crypt.c
index 906a41ab..253b3c26 100644
--- a/usr/lib/common/sw_crypt.c
+++ b/usr/lib/common/sw_crypt.c
@@ -32,51 +32,6 @@ CK_RV sw_des3_cbc(CK_BYTE *in_data,
                   CK_ULONG *out_data_len,
                   CK_BYTE *init_v, CK_BYTE *key_value, CK_BYTE encrypt)
 {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-    DES_key_schedule des_key1;
-    DES_key_schedule des_key2;
-    DES_key_schedule des_key3;
-
-    const_DES_cblock key_SSL1, key_SSL2, key_SSL3;
-    DES_cblock ivec;
-
-    // the des decrypt will only fail if the data length is not evenly divisible
-    // by DES_BLOCK_SIZE
-    if (in_data_len % DES_BLOCK_SIZE) {
-        TRACE_ERROR("%s\n", ock_err(ERR_DATA_LEN_RANGE));
-        return CKR_DATA_LEN_RANGE;
-    }
-    // The key as passed in is a 24 byte string containing 3 keys
-    // pick it apart and create the key schedules
-    memcpy(&key_SSL1, key_value, (size_t) 8);
-    memcpy(&key_SSL2, key_value + 8, (size_t) 8);
-    memcpy(&key_SSL3, key_value + 16, (size_t) 8);
-    DES_set_key_unchecked(&key_SSL1, &des_key1);
-    DES_set_key_unchecked(&key_SSL2, &des_key2);
-    DES_set_key_unchecked(&key_SSL3, &des_key3);
-
-    memcpy(ivec, init_v, sizeof(ivec));
-
-    // Encrypt or decrypt the data
-    if (encrypt) {
-        DES_ede3_cbc_encrypt(in_data,
-                             out_data,
-                             in_data_len,
-                             &des_key1,
-                             &des_key2, &des_key3, &ivec, DES_ENCRYPT);
-        *out_data_len = in_data_len;
-    } else {
-        DES_ede3_cbc_encrypt(in_data,
-                             out_data,
-                             in_data_len,
-                             &des_key1,
-                             &des_key2, &des_key3, &ivec, DES_DECRYPT);
-
-        *out_data_len = in_data_len;
-    }
-
-    return CKR_OK;
-#else
     CK_RV rc;
     int outlen;
     const EVP_CIPHER *cipher = EVP_des_ede3_cbc();
@@ -109,7 +64,6 @@ CK_RV sw_des3_cbc(CK_BYTE *in_data,
 done:
     EVP_CIPHER_CTX_free(ctx);
     return rc;
-#endif
 }
 
 CK_RV sw_aes_cbc(CK_BYTE *in_data,
@@ -119,33 +73,6 @@ CK_RV sw_aes_cbc(CK_BYTE *in_data,
                  CK_BYTE *init_v, CK_BYTE *key_value, CK_ULONG keylen,
                  CK_BYTE encrypt)
 {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-    AES_KEY aes_key;
-
-    UNUSED(out_data_len); //XXX can this parameter be removed ?
-
-    memset(&aes_key, 0, sizeof(aes_key));
-
-    // the aes decrypt will only fail if the data length is not evenly divisible
-    // by AES_BLOCK_SIZE
-    if (in_data_len % AES_BLOCK_SIZE) {
-        TRACE_ERROR("%s\n", ock_err(ERR_DATA_LEN_RANGE));
-        return CKR_DATA_LEN_RANGE;
-    }
-
-    // Encrypt or decrypt the data
-    if (encrypt) {
-        AES_set_encrypt_key(key_value, keylen * 8, &aes_key);
-        AES_cbc_encrypt(in_data, out_data, in_data_len, &aes_key,
-                        init_v, AES_ENCRYPT);
-    } else {
-        AES_set_decrypt_key(key_value, keylen * 8, &aes_key);
-        AES_cbc_encrypt(in_data,  out_data, in_data_len, &aes_key,
-                        init_v, AES_DECRYPT);
-    }
-
-    return CKR_OK;
-#else
     CK_RV rc;
     int outlen;
     const EVP_CIPHER *cipher = NULL;
@@ -187,5 +114,4 @@ CK_RV sw_aes_cbc(CK_BYTE *in_data,
 done:
     EVP_CIPHER_CTX_free(ctx);
     return rc;
-#endif
 }