Browse Source

Adapt EVP_CIPHER to new API for AES to support openssl-1.1

Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
master
Eduardo Barretto 5 years ago
committed by Eduardo Barretto
parent
commit
dae346539e
1 changed files with 81 additions and 1 deletions
  1. +81
    -1
      src/e_pkcs11.c

+ 81
- 1
src/e_pkcs11.c View File

@ -381,9 +381,9 @@ static void pkcs11_tdes_##lmode##_destroy(void) \
DECLARE_TDES_EVP(ecb, ECB)
DECLARE_TDES_EVP(cbc, CBC)
#endif
#ifdef OLDER_OPENSSL
/* AES ECB */
const EVP_CIPHER pkcs11_aes_128_ecb = {
NID_aes_128_cbc, /* NID */
@ -400,6 +400,7 @@ const EVP_CIPHER pkcs11_aes_128_ecb = {
NULL, /* misc ctrl ops */
NULL /* app data (ctx->cipher_data) */
};
const EVP_CIPHER pkcs11_aes_192_ecb = {
NID_aes_192_ecb, /* NID */
16, /* Block size */
@ -415,6 +416,7 @@ const EVP_CIPHER pkcs11_aes_192_ecb = {
NULL, /* misc ctrl ops */
NULL /* app data (ctx->cipher_data) */
};
const EVP_CIPHER pkcs11_aes_256_ecb = {
NID_aes_256_ecb, /* NID */
16, /* Block size */
@ -447,6 +449,7 @@ const EVP_CIPHER pkcs11_aes_128_cbc = {
NULL, /* misc ctrl ops */
NULL /* app data (ctx->cipher_data) */
};
const EVP_CIPHER pkcs11_aes_192_cbc = {
NID_aes_192_cbc, /* NID */
16, /* Block size */
@ -462,6 +465,7 @@ const EVP_CIPHER pkcs11_aes_192_cbc = {
NULL, /* misc ctrl ops */
NULL /* app data (ctx->cipher_data) */
};
const EVP_CIPHER pkcs11_aes_256_cbc = {
NID_aes_256_cbc, /* NID */
16, /* Block size */
@ -477,6 +481,52 @@ const EVP_CIPHER pkcs11_aes_256_cbc = {
NULL, /* misc ctrl ops */
NULL /* app data (ctx->cipher_data) */
};
#else
#define EVP_CIPHER_keylen_AES_128 16
#define EVP_CIPHER_keylen_AES_192 24
#define EVP_CIPHER_keylen_AES_256 32
#define DECLARE_AES_EVP(ksize, lmode, umode) \
static EVP_CIPHER *aes_##ksize##_##lmode = NULL; \
static const EVP_CIPHER *pkcs11_aes_##ksize##_##lmode(void) \
{ \
if (aes_##ksize##_##lmode == NULL) { \
EVP_CIPHER *cipher; \
if (( cipher = EVP_CIPHER_meth_new(NID_aes_##ksize##_##lmode, \
8, \
EVP_CIPHER_keylen_AES_##ksize)) == NULL \
|| !EVP_CIPHER_meth_set_iv_length(cipher, 16) \
|| !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_##umode##_MODE)\
|| !EVP_CIPHER_meth_set_init(cipher, pkcs11_aes_init_key) \
|| !EVP_CIPHER_meth_set_do_cipher(cipher, pkcs11_cipher) \
|| !EVP_CIPHER_meth_set_cleanup(cipher, pkcs11_cipher_cleanup)\
|| !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof( \
struct token_session))\
|| !EVP_CIPHER_meth_set_set_asn1_params(cipher, \
EVP_CIPHER_set_asn1_iv) \
|| !EVP_CIPHER_meth_set_get_asn1_params(cipher, \
EVP_CIPHER_get_asn1_iv)) { \
EVP_CIPHER_meth_free(cipher); \
cipher = NULL; \
} \
aes_##ksize##_##lmode = cipher; \
} \
return aes_##ksize##_##lmode; \
} \
\
static void pkcs11_aes_##ksize##_##lmode##_destroy(void) \
{ \
EVP_CIPHER_meth_free(aes_##ksize##_##lmode); \
aes_##ksize##_##lmode = NULL; \
}
DECLARE_AES_EVP(128, cbc, CBC)
DECLARE_AES_EVP(192, cbc, CBC)
DECLARE_AES_EVP(256, cbc, CBC)
DECLARE_AES_EVP(128, ecb, ECB)
DECLARE_AES_EVP(192, ecb, ECB)
DECLARE_AES_EVP(256, ecb, ECB)
#endif
/* Message Digests */
const EVP_MD pkcs11_sha1 = {
@ -906,22 +956,46 @@ static int pkcs11_engine_ciphers(ENGINE * e, const EVP_CIPHER ** cipher,
if (pkcs11_token->pkcs11_implemented_ciphers[nid]) {
switch (nid) {
case NID_aes_128_ecb:
#ifdef OLDER_OPENSSL
*cipher = &pkcs11_aes_128_ecb;
#else
*cipher = pkcs11_aes_128_ecb();
#endif
break;
case NID_aes_192_ecb:
#ifdef OLDER_OPENSSL
*cipher = &pkcs11_aes_192_ecb;
#else
*cipher = pkcs11_aes_192_ecb();
#endif
break;
case NID_aes_256_ecb:
#ifdef OLDER_OPENSSL
*cipher = &pkcs11_aes_256_ecb;
#else
*cipher = pkcs11_aes_256_ecb();
#endif
break;
case NID_aes_128_cbc:
#ifdef OLDER_OPENSSL
*cipher = &pkcs11_aes_128_cbc;
#else
*cipher = pkcs11_aes_128_cbc();
#endif
break;
case NID_aes_192_cbc:
#ifdef OLDER_OPENSSL
*cipher = &pkcs11_aes_192_cbc;
#else
*cipher = pkcs11_aes_192_cbc();
#endif
break;
case NID_aes_256_cbc:
#ifdef OLDER_OPENSSL
*cipher = &pkcs11_aes_256_cbc;
#else
*cipher = pkcs11_aes_256_cbc();
#endif
break;
case NID_des_ecb:
#ifdef OLDER_OPENSSL
@ -1552,6 +1626,12 @@ static int pkcs11_destroy(ENGINE *e)
pkcs11_des_cbc_destroy();
pkcs11_tdes_ecb_destroy();
pkcs11_tdes_cbc_destroy();
pkcs11_aes_128_cbc_destroy();
pkcs11_aes_192_cbc_destroy();
pkcs11_aes_256_cbc_destroy();
pkcs11_aes_128_ecb_destroy();
pkcs11_aes_192_ecb_destroy();
pkcs11_aes_256_ecb_destroy();
#endif
free_PKCS11_LIBNAME();


Loading…
Cancel
Save