Browse Source

Adapt to EVP_MD new API to support openssl-1.1

Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
master
Eduardo Barretto 5 years ago
committed by Eduardo Barretto
parent
commit
8b0e45bc38
1 changed files with 89 additions and 6 deletions
  1. +89
    -6
      src/e_pkcs11.c

+ 89
- 6
src/e_pkcs11.c View File

@ -138,7 +138,7 @@ static inline int pkcs11_sha256_init(EVP_MD_CTX *ctx);
static inline int pkcs11_sha384_init(EVP_MD_CTX *ctx);
static inline int pkcs11_sha512_init(EVP_MD_CTX *ctx);
static inline int pkcs11_md5_init(EVP_MD_CTX *ctx);
static inline int pkcs11_ripemd_init(EVP_MD_CTX *ctx);
static inline int pkcs11_ripemd160_init(EVP_MD_CTX *ctx);
/* End digest function prototypes */
static int pre_init_pkcs11(ENGINE *e);
@ -276,6 +276,7 @@ const EVP_CIPHER pkcs11_des_cbc = {
NULL /* app data (ctx->cipher_data) */
};
#else
#define DECLARE_DES_EVP(lmode, umode) \
static EVP_CIPHER *des_##lmode = NULL; \
static const EVP_CIPHER *pkcs11_des_##lmode(void) \
@ -346,6 +347,7 @@ const EVP_CIPHER pkcs11_tdes_cbc = {
NULL /* app data (ctx->cipher_data) */
};
#else
#define DECLARE_TDES_EVP(lmode, umode) \
static EVP_CIPHER *tdes_##lmode = NULL; \
static const EVP_CIPHER *pkcs11_tdes_##lmode(void) \
@ -482,6 +484,7 @@ const EVP_CIPHER pkcs11_aes_256_cbc = {
NULL /* app data (ctx->cipher_data) */
};
#else
#define EVP_CIPHER_keylen_AES_128 16
#define EVP_CIPHER_keylen_AES_192 24
#define EVP_CIPHER_keylen_AES_256 32
@ -528,6 +531,7 @@ DECLARE_AES_EVP(192, ecb, ECB)
DECLARE_AES_EVP(256, ecb, ECB)
#endif
#ifdef OLDER_OPENSSL
/* Message Digests */
const EVP_MD pkcs11_sha1 = {
NID_sha1,
@ -543,6 +547,7 @@ const EVP_MD pkcs11_sha1 = {
SHA_CBLOCK,
sizeof(struct pkcs11_digest_ctx)
};
const EVP_MD pkcs11_sha224 = {
NID_sha224,
NID_sha224WithRSAEncryption,
@ -557,6 +562,7 @@ const EVP_MD pkcs11_sha224 = {
SHA256_CBLOCK,
sizeof(struct pkcs11_digest_ctx)
};
const EVP_MD pkcs11_sha256 = {
NID_sha256,
NID_sha256WithRSAEncryption,
@ -571,6 +577,7 @@ const EVP_MD pkcs11_sha256 = {
SHA256_CBLOCK,
sizeof(struct pkcs11_digest_ctx)
};
const EVP_MD pkcs11_sha384 = {
NID_sha384,
NID_sha384WithRSAEncryption,
@ -585,6 +592,7 @@ const EVP_MD pkcs11_sha384 = {
SHA512_CBLOCK,
sizeof(struct pkcs11_digest_ctx)
};
const EVP_MD pkcs11_sha512 = {
NID_sha512,
NID_sha512WithRSAEncryption,
@ -615,12 +623,12 @@ const EVP_MD pkcs11_md5 = {
sizeof(struct pkcs11_digest_ctx)
};
const EVP_MD pkcs11_ripemd = {
const EVP_MD pkcs11_ripemd160 = {
NID_ripemd160,
NID_ripemd160WithRSA,
RIPEMD160_DIGEST_LENGTH,
0, /* flags */
pkcs11_ripemd_init,
pkcs11_ripemd160_init,
pkcs11_digest_update,
pkcs11_digest_finish, /* final */
pkcs11_digest_copy,
@ -629,10 +637,50 @@ const EVP_MD pkcs11_ripemd = {
RIPEMD160_CBLOCK,
sizeof(struct pkcs11_digest_ctx)
};
#else
/********/
#define DECLARE_DIGEST_EVP(dig, len, enc) \
static EVP_MD *dig##_md = NULL; \
static const EVP_MD *pkcs11_##dig(void) \
{ \
if (dig##_md == NULL) { \
EVP_MD *md; \
if (( md = EVP_MD_meth_new(NID_##dig, \
NID_##dig##WithRSA##enc)) == NULL \
|| !EVP_MD_meth_set_result_size(md, len##_DIGEST_LENGTH) \
|| !EVP_MD_meth_set_input_blocksize(md, len##_CBLOCK) \
|| !EVP_MD_meth_set_app_datasize(md, \
sizeof(struct pkcs11_digest_ctx)) \
|| !EVP_MD_meth_set_flags(md, 0) \
|| !EVP_MD_meth_set_init(md, pkcs11_##dig##_init) \
|| !EVP_MD_meth_set_update(md, pkcs11_digest_update) \
|| !EVP_MD_meth_set_final(md, pkcs11_digest_finish) \
|| !EVP_MD_meth_set_copy(md, pkcs11_digest_copy) \
|| !EVP_MD_meth_set_cleanup(md, pkcs11_digest_cleanup)) { \
EVP_MD_meth_free(md); \
md = NULL; \
} \
dig##_md = md; \
} \
return dig##_md; \
} \
\
static void pkcs11_##dig##_destroy(void) \
{ \
EVP_MD_meth_free(dig##_md); \
dig##_md = NULL; \
}
DECLARE_DIGEST_EVP(sha1, SHA, Encryption)
DECLARE_DIGEST_EVP(sha224, SHA256, Encryption)
DECLARE_DIGEST_EVP(sha256, SHA256, Encryption)
DECLARE_DIGEST_EVP(sha384, SHA512, Encryption)
DECLARE_DIGEST_EVP(sha512, SHA512, Encryption)
DECLARE_DIGEST_EVP(md5, MD5, Encryption)
DECLARE_DIGEST_EVP(ripemd160, RIPEMD160,)
#endif
/********/
#ifndef OPENSSL_NO_RSA
#ifdef OLDER_OPENSSL
static RSA_METHOD pkcs11_rsa =
@ -1047,25 +1095,53 @@ static int pkcs11_engine_digests(ENGINE * e, const EVP_MD ** digest,
if (pkcs11_token->pkcs11_implemented_digests[nid]) {
switch (nid) {
case NID_ripemd160:
*digest = &pkcs11_ripemd;
#ifdef OLDER_OPENSSL
*digest = &pkcs11_ripemd160;
#else
*digest = pkcs11_ripemd160();
#endif
break;
case NID_md5:
#ifdef OLDER_OPENSSL
*digest = &pkcs11_md5;
#else
*digest = pkcs11_md5();
#endif
break;
case NID_sha1:
#ifdef OLDER_OPENSSL
*digest = &pkcs11_sha1;
#else
*digest = pkcs11_sha1();
#endif
break;
case NID_sha224:
#ifdef OLDER_OPENSSL
*digest = &pkcs11_sha224;
#else
*digest = pkcs11_sha224();
#endif
break;
case NID_sha256:
#ifdef OLDER_OPENSSL
*digest = &pkcs11_sha256;
#else
*digest = pkcs11_sha256();
#endif
break;
case NID_sha384:
#ifdef OLDER_OPENSSL
*digest = &pkcs11_sha384;
#else
*digest = pkcs11_sha384();
#endif
break;
case NID_sha512:
#ifdef OLDER_OPENSSL
*digest = &pkcs11_sha512;
#else
*digest = pkcs11_sha512();
#endif
break;
default:
*digest = NULL;
@ -1632,6 +1708,13 @@ static int pkcs11_destroy(ENGINE *e)
pkcs11_aes_128_ecb_destroy();
pkcs11_aes_192_ecb_destroy();
pkcs11_aes_256_ecb_destroy();
pkcs11_sha1_destroy();
pkcs11_sha224_destroy();
pkcs11_sha256_destroy();
pkcs11_sha384_destroy();
pkcs11_sha512_destroy();
pkcs11_md5_destroy();
pkcs11_ripemd160_destroy();
#endif
free_PKCS11_LIBNAME();
@ -3287,7 +3370,7 @@ pkcs11_md5_init(EVP_MD_CTX *ctx)
}
static inline int
pkcs11_ripemd_init(EVP_MD_CTX *ctx)
pkcs11_ripemd160_init(EVP_MD_CTX *ctx)
{
return pkcs11_digest_init(ctx, alg_ripemd);
}


Loading…
Cancel
Save