Adapt EVP_CIPHER to new API for AES to support openssl-1.1

Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
5 years ago · dae346539e
--- a/src/e_pkcs11.c
+++ b/src/e_pkcs11.c
@ -381,9 +381,9 @@ static void pkcs11_tdes_##lmode##_destroy(void)				      \

 DECLARE_TDES_EVP(ecb, ECB)
 DECLARE_TDES_EVP(cbc, CBC)

 #endif

 #ifdef OLDER_OPENSSL
 /* AES ECB */
 const EVP_CIPHER pkcs11_aes_128_ecb = {
 	NID_aes_128_cbc,	/* NID */
@ -400,6 +400,7 @@ const EVP_CIPHER pkcs11_aes_128_ecb = {
 	NULL,			/* misc ctrl ops */
 	NULL			/* app data (ctx->cipher_data) */
 };

 const EVP_CIPHER pkcs11_aes_192_ecb = {
 	NID_aes_192_ecb,	/* NID */
 	16,			/* Block size */
@ -415,6 +416,7 @@ const EVP_CIPHER pkcs11_aes_192_ecb = {
 	NULL,			/* misc ctrl ops */
 	NULL			/* app data (ctx->cipher_data) */
 };

 const EVP_CIPHER pkcs11_aes_256_ecb = {
 	NID_aes_256_ecb,	/* NID */
 	16,			/* Block size */
@ -447,6 +449,7 @@ const EVP_CIPHER pkcs11_aes_128_cbc = {
 	NULL,			/* misc ctrl ops */
 	NULL			/* app data (ctx->cipher_data) */
 };

 const EVP_CIPHER pkcs11_aes_192_cbc = {
 	NID_aes_192_cbc,	/* NID */
 	16,			/* Block size */
@ -462,6 +465,7 @@ const EVP_CIPHER pkcs11_aes_192_cbc = {
 	NULL,			/* misc ctrl ops */
 	NULL			/* app data (ctx->cipher_data) */
 };

 const EVP_CIPHER pkcs11_aes_256_cbc = {
 	NID_aes_256_cbc,	/* NID */
 	16,			/* Block size */
@ -477,6 +481,52 @@ const EVP_CIPHER pkcs11_aes_256_cbc = {
 	NULL,			/* misc ctrl ops */
 	NULL			/* app data (ctx->cipher_data) */
 };
 #else
 #define EVP_CIPHER_keylen_AES_128 16
 #define EVP_CIPHER_keylen_AES_192 24
 #define EVP_CIPHER_keylen_AES_256 32

 #define DECLARE_AES_EVP(ksize, lmode, umode)				      \
 static EVP_CIPHER *aes_##ksize##_##lmode = NULL;			      \
 static const EVP_CIPHER *pkcs11_aes_##ksize##_##lmode(void)		      \
 {									      \
 	if (aes_##ksize##_##lmode == NULL) {				      \
 		EVP_CIPHER *cipher;					      \
 		if (( cipher = EVP_CIPHER_meth_new(NID_aes_##ksize##_##lmode, \
 				    8,					      \
 				    EVP_CIPHER_keylen_AES_##ksize)) == NULL   \
 		|| !EVP_CIPHER_meth_set_iv_length(cipher, 16)		      \
 		|| !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_##umode##_MODE)\
 		|| !EVP_CIPHER_meth_set_init(cipher, pkcs11_aes_init_key)     \
 		|| !EVP_CIPHER_meth_set_do_cipher(cipher, pkcs11_cipher)      \
 		|| !EVP_CIPHER_meth_set_cleanup(cipher, pkcs11_cipher_cleanup)\
 		|| !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(	      \
 							struct token_session))\
 		|| !EVP_CIPHER_meth_set_set_asn1_params(cipher,		      \
 						EVP_CIPHER_set_asn1_iv)       \
 		|| !EVP_CIPHER_meth_set_get_asn1_params(cipher,		      \
 						EVP_CIPHER_get_asn1_iv)) {    \
 			EVP_CIPHER_meth_free(cipher);			      \
 			cipher = NULL;					      \
 		}							      \
 		aes_##ksize##_##lmode = cipher;				      \
 	}								      \
 	return aes_##ksize##_##lmode;					      \
 }									      \
 									      \
 static void pkcs11_aes_##ksize##_##lmode##_destroy(void)		      \
 {									      \
 	EVP_CIPHER_meth_free(aes_##ksize##_##lmode);			      \
 	aes_##ksize##_##lmode = NULL;					      \
 }

 DECLARE_AES_EVP(128, cbc, CBC)
 DECLARE_AES_EVP(192, cbc, CBC)
 DECLARE_AES_EVP(256, cbc, CBC)
 DECLARE_AES_EVP(128, ecb, ECB)
 DECLARE_AES_EVP(192, ecb, ECB)
 DECLARE_AES_EVP(256, ecb, ECB)
 #endif

 /* Message Digests */
 const EVP_MD pkcs11_sha1 = {
@ -906,22 +956,46 @@ static int pkcs11_engine_ciphers(ENGINE * e, const EVP_CIPHER ** cipher,
 	if (pkcs11_token->pkcs11_implemented_ciphers[nid]) {
 		switch (nid) {
 			case NID_aes_128_ecb:
 #ifdef OLDER_OPENSSL
 				*cipher = &pkcs11_aes_128_ecb;
 #else
 				*cipher = pkcs11_aes_128_ecb();
 #endif
 				break;
 			case NID_aes_192_ecb:
 #ifdef OLDER_OPENSSL
 				*cipher = &pkcs11_aes_192_ecb;
 #else
 				*cipher = pkcs11_aes_192_ecb();
 #endif
 				break;
 			case NID_aes_256_ecb:
 #ifdef OLDER_OPENSSL
 				*cipher = &pkcs11_aes_256_ecb;
 #else
 				*cipher = pkcs11_aes_256_ecb();
 #endif
 				break;
 			case NID_aes_128_cbc:
 #ifdef OLDER_OPENSSL
 				*cipher = &pkcs11_aes_128_cbc;
 #else
 				*cipher = pkcs11_aes_128_cbc();
 #endif
 				break;
 			case NID_aes_192_cbc:
 #ifdef OLDER_OPENSSL
 				*cipher = &pkcs11_aes_192_cbc;
 #else
 				*cipher = pkcs11_aes_192_cbc();
 #endif
 				break;
 			case NID_aes_256_cbc:
 #ifdef OLDER_OPENSSL
 				*cipher = &pkcs11_aes_256_cbc;
 #else
 				*cipher = pkcs11_aes_256_cbc();
 #endif
 				break;
 			case NID_des_ecb:
 #ifdef OLDER_OPENSSL
@ -1552,6 +1626,12 @@ static int pkcs11_destroy(ENGINE *e)
 	pkcs11_des_cbc_destroy();
 	pkcs11_tdes_ecb_destroy();
 	pkcs11_tdes_cbc_destroy();
 	pkcs11_aes_128_cbc_destroy();
 	pkcs11_aes_192_cbc_destroy();
 	pkcs11_aes_256_cbc_destroy();
 	pkcs11_aes_128_ecb_destroy();
 	pkcs11_aes_192_ecb_destroy();
 	pkcs11_aes_256_ecb_destroy();
 #endif

 	free_PKCS11_LIBNAME();