Hon Ching(Vicky) Lo
2016-11-17 19:00:01 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Trousers".
The branch, master has been updated
via 19fe8f9a8d75ec339d152137f1649c853466a22b (commit)
via 05411ea68746acbaf4e69295be50b9a47cddb2fd (commit)
from 2a67037ecdee750dd1d1a529bd42f9b72e31aef7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commitdiff;h=19fe8f9a8d75ec339d152137f1649c853466a22b
commit 19fe8f9a8d75ec339d152137f1649c853466a22b
Merge: 2a67037 05411ea
Author: Hon Ching(Vicky) Lo <***@linux.vnet.ibm.com>
Date: Thu Nov 17 13:59:45 2016 -0500
Merge branch 'dev'
http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commitdiff;h=05411ea68746acbaf4e69295be50b9a47cddb2fd
commit 05411ea68746acbaf4e69295be50b9a47cddb2fd
Author: Hon Ching(Vicky) Lo <***@linux.vnet.ibm.com>
Date: Wed Nov 16 20:04:09 2016 -0500
[PATCH] support OpenSSL 1.1.0
The patch supports OpenSSL 1.1.0. It was then modified to keep function
calls such as EVP_MD_CTX_create and EVP_MD_CTX_destroy, as opposed to
EVP_MD_CTX_new and EVP_MD_CTX_free, in order to retain the backward
compatibility of the package.
Signed-off-by: Daiki Ueno <***@redhat.com>
Signed-off-by: Hon Ching(Vicky) Lo <***@linux.vnet.ibm.com>
diff --git a/src/trspi/crypto/openssl/rsa.c b/src/trspi/crypto/openssl/rsa.c
index 0bd1e89..2b1205f 100644
--- a/src/trspi/crypto/openssl/rsa.c
+++ b/src/trspi/crypto/openssl/rsa.c
@@ -38,6 +38,25 @@
#define DEBUG_print_openssl_errors()
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100001L
+static int
+RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
+{
+ if (n != NULL) {
+ BN_free(r->n);
+ r->n = n;
+ }
+ if (e != NULL) {
+ BN_free(r->e);
+ r->e = e;
+ }
+ if (d != NULL) {
+ BN_free(r->d);
+ r->d = d;
+ }
+ return 1;
+}
+#endif
/*
* Hopefully this will make the code clearer since
@@ -61,6 +80,7 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */
RSA *rsa = RSA_new();
BYTE encodedData[256];
int encodedDataLen;
+ BIGNUM *rsa_n = NULL, *rsa_e = NULL;
if (rsa == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
@@ -68,12 +88,20 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */
}
/* set the public key value in the OpenSSL object */
- rsa->n = BN_bin2bn(publicKey, keysize, rsa->n);
+ rsa_n = BN_bin2bn(publicKey, keysize, NULL);
/* set the public exponent */
- rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e);
+ rsa_e = BN_bin2bn(exp, sizeof(exp), NULL);
- if (rsa->n == NULL || rsa->e == NULL) {
+ if (rsa_n == NULL || rsa_e == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
+ goto err;
+ }
+ if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
+ rv = TSPERR(TSS_E_FAIL);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
goto err;
}
@@ -123,6 +151,7 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength,
unsigned char exp[] = { 0x01, 0x00, 0x01 }; /* The default public exponent for the TPM */
unsigned char buf[256];
RSA *rsa = RSA_new();
+ BIGNUM *rsa_n = NULL, *rsa_e = NULL;
if (rsa == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
@@ -146,12 +175,20 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength,
}
/* set the public key value in the OpenSSL object */
- rsa->n = BN_bin2bn(pModulus, iKeyLength, rsa->n);
+ rsa_n = BN_bin2bn(pModulus, iKeyLength, NULL);
/* set the public exponent */
- rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e);
+ rsa_e = BN_bin2bn(exp, sizeof(exp), NULL);
- if (rsa->n == NULL || rsa->e == NULL) {
+ if (rsa_n == NULL || rsa_e == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
+ goto err;
+ }
+ if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
+ rv = TSPERR(TSS_E_FAIL);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
goto err;
}
@@ -195,6 +232,7 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen,
int rv, e_size = 3;
unsigned char exp[] = { 0x01, 0x00, 0x01 };
RSA *rsa = RSA_new();
+ BIGNUM *rsa_n = NULL, *rsa_e = NULL;
if (rsa == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
@@ -237,12 +275,20 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen,
}
/* set the public key value in the OpenSSL object */
- rsa->n = BN_bin2bn(pubkey, pubsize, rsa->n);
+ rsa_n = BN_bin2bn(pubkey, pubsize, NULL);
/* set the public exponent */
- rsa->e = BN_bin2bn(exp, e_size, rsa->e);
+ rsa_e = BN_bin2bn(exp, e_size, NULL);
- if (rsa->n == NULL || rsa->e == NULL) {
+ if (rsa_n == NULL || rsa_e == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
+ goto err;
+ }
+ if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
+ rv = TSPERR(TSS_E_FAIL);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
goto err;
}
diff --git a/src/trspi/crypto/openssl/symmetric.c b/src/trspi/crypto/openssl/symmetric.c
index f5c3836..3101d51 100644
--- a/src/trspi/crypto/openssl/symmetric.c
+++ b/src/trspi/crypto/openssl/symmetric.c
@@ -40,7 +40,6 @@
#define DEBUG_print_openssl_errors()
#endif
-
/*
* Hopefully this will make the code clearer since
* OpenSSL returns 1 on success
@@ -52,7 +51,7 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
UINT32 *out_len)
{
TSS_RESULT result = TSS_SUCCESS;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
UINT32 tmp;
switch (alg) {
@@ -64,33 +63,33 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
break;
}
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
- if (!EVP_EncryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) {
+ if (!EVP_EncryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (*out_len < in_len + EVP_CIPHER_CTX_block_size(&ctx) - 1) {
+ if (*out_len < in_len + EVP_CIPHER_CTX_block_size(ctx) - 1) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
goto done;
}
- if (!EVP_EncryptUpdate(&ctx, out, (int *)out_len, in, in_len)) {
+ if (!EVP_EncryptUpdate(ctx, out, (int *)out_len, in, in_len)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_EncryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
+ if (!EVP_EncryptFinal(ctx, out + *out_len, (int *)&tmp)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
*out_len += tmp;
done:
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return result;
}
@@ -99,7 +98,7 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
UINT32 *out_len)
{
TSS_RESULT result = TSS_SUCCESS;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
UINT32 tmp;
switch (alg) {
@@ -111,28 +110,28 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
break;
}
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
- if (!EVP_DecryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) {
+ if (!EVP_DecryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, in, in_len)) {
+ if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, in, in_len)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
+ if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
*out_len += tmp;
done:
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return result;
}
@@ -255,7 +254,7 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
UINT32 *out_len)
{
TSS_RESULT result = TSS_SUCCESS;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
EVP_CIPHER *cipher;
BYTE *def_iv = NULL, *outiv_ptr;
UINT32 tmp;
@@ -269,7 +268,7 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
if ((cipher = get_openssl_cipher(alg, mode)) == NULL)
return TSPERR(TSS_E_INTERNAL_ERROR);
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
/* If the iv passed in is NULL, create a new random iv and prepend it to the ciphertext */
iv_len = EVP_CIPHER_iv_length(cipher);
@@ -289,25 +288,25 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
outiv_ptr = out;
}
- if (!EVP_EncryptInit(&ctx, (const EVP_CIPHER *)cipher, key, def_iv)) {
+ if (!EVP_EncryptInit(ctx, (const EVP_CIPHER *)cipher, key, def_iv)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(&ctx) * 2) - 1) {
+ if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(ctx) * 2) - 1) {
LogDebug("Not enough space to do symmetric encryption");
result = TSPERR(TSS_E_INTERNAL_ERROR);
goto done;
}
- if (!EVP_EncryptUpdate(&ctx, outiv_ptr, &outiv_len, in, in_len)) {
+ if (!EVP_EncryptUpdate(ctx, outiv_ptr, &outiv_len, in, in_len)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_EncryptFinal(&ctx, outiv_ptr + outiv_len, (int *)&tmp)) {
+ if (!EVP_EncryptFinal(ctx, outiv_ptr + outiv_len, (int *)&tmp)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
@@ -320,7 +319,7 @@ done:
*out_len += iv_len;
free(def_iv);
}
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return result;
}
@@ -329,7 +328,7 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
UINT32 *out_len)
{
TSS_RESULT result = TSS_SUCCESS;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
EVP_CIPHER *cipher;
BYTE *def_iv = NULL, *iniv_ptr;
UINT32 tmp;
@@ -341,7 +340,7 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
if ((cipher = get_openssl_cipher(alg, mode)) == NULL)
return TSPERR(TSS_E_INTERNAL_ERROR);
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
/* If the iv is NULL, assume that its prepended to the ciphertext */
if (iv == NULL) {
@@ -361,19 +360,19 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
iniv_len = in_len;
}
- if (!EVP_DecryptInit(&ctx, cipher, key, def_iv)) {
+ if (!EVP_DecryptInit(ctx, cipher, key, def_iv)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, iniv_ptr, iniv_len)) {
+ if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, iniv_ptr, iniv_len)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
+ if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
@@ -383,6 +382,6 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
done:
if (def_iv != iv)
free(def_iv);
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return result;
}
-----------------------------------------------------------------------
Summary of changes:
src/trspi/crypto/openssl/rsa.c | 64 +++++++++++++++++++++++++++++-----
src/trspi/crypto/openssl/symmetric.c | 53 ++++++++++++++--------------
2 files changed, 81 insertions(+), 36 deletions(-)
hooks/post-receive
generated because a ref change was pushed to the repository containing
the project "Trousers".
The branch, master has been updated
via 19fe8f9a8d75ec339d152137f1649c853466a22b (commit)
via 05411ea68746acbaf4e69295be50b9a47cddb2fd (commit)
from 2a67037ecdee750dd1d1a529bd42f9b72e31aef7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commitdiff;h=19fe8f9a8d75ec339d152137f1649c853466a22b
commit 19fe8f9a8d75ec339d152137f1649c853466a22b
Merge: 2a67037 05411ea
Author: Hon Ching(Vicky) Lo <***@linux.vnet.ibm.com>
Date: Thu Nov 17 13:59:45 2016 -0500
Merge branch 'dev'
http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commitdiff;h=05411ea68746acbaf4e69295be50b9a47cddb2fd
commit 05411ea68746acbaf4e69295be50b9a47cddb2fd
Author: Hon Ching(Vicky) Lo <***@linux.vnet.ibm.com>
Date: Wed Nov 16 20:04:09 2016 -0500
[PATCH] support OpenSSL 1.1.0
The patch supports OpenSSL 1.1.0. It was then modified to keep function
calls such as EVP_MD_CTX_create and EVP_MD_CTX_destroy, as opposed to
EVP_MD_CTX_new and EVP_MD_CTX_free, in order to retain the backward
compatibility of the package.
Signed-off-by: Daiki Ueno <***@redhat.com>
Signed-off-by: Hon Ching(Vicky) Lo <***@linux.vnet.ibm.com>
diff --git a/src/trspi/crypto/openssl/rsa.c b/src/trspi/crypto/openssl/rsa.c
index 0bd1e89..2b1205f 100644
--- a/src/trspi/crypto/openssl/rsa.c
+++ b/src/trspi/crypto/openssl/rsa.c
@@ -38,6 +38,25 @@
#define DEBUG_print_openssl_errors()
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100001L
+static int
+RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
+{
+ if (n != NULL) {
+ BN_free(r->n);
+ r->n = n;
+ }
+ if (e != NULL) {
+ BN_free(r->e);
+ r->e = e;
+ }
+ if (d != NULL) {
+ BN_free(r->d);
+ r->d = d;
+ }
+ return 1;
+}
+#endif
/*
* Hopefully this will make the code clearer since
@@ -61,6 +80,7 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */
RSA *rsa = RSA_new();
BYTE encodedData[256];
int encodedDataLen;
+ BIGNUM *rsa_n = NULL, *rsa_e = NULL;
if (rsa == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
@@ -68,12 +88,20 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */
}
/* set the public key value in the OpenSSL object */
- rsa->n = BN_bin2bn(publicKey, keysize, rsa->n);
+ rsa_n = BN_bin2bn(publicKey, keysize, NULL);
/* set the public exponent */
- rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e);
+ rsa_e = BN_bin2bn(exp, sizeof(exp), NULL);
- if (rsa->n == NULL || rsa->e == NULL) {
+ if (rsa_n == NULL || rsa_e == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
+ goto err;
+ }
+ if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
+ rv = TSPERR(TSS_E_FAIL);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
goto err;
}
@@ -123,6 +151,7 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength,
unsigned char exp[] = { 0x01, 0x00, 0x01 }; /* The default public exponent for the TPM */
unsigned char buf[256];
RSA *rsa = RSA_new();
+ BIGNUM *rsa_n = NULL, *rsa_e = NULL;
if (rsa == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
@@ -146,12 +175,20 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength,
}
/* set the public key value in the OpenSSL object */
- rsa->n = BN_bin2bn(pModulus, iKeyLength, rsa->n);
+ rsa_n = BN_bin2bn(pModulus, iKeyLength, NULL);
/* set the public exponent */
- rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e);
+ rsa_e = BN_bin2bn(exp, sizeof(exp), NULL);
- if (rsa->n == NULL || rsa->e == NULL) {
+ if (rsa_n == NULL || rsa_e == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
+ goto err;
+ }
+ if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
+ rv = TSPERR(TSS_E_FAIL);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
goto err;
}
@@ -195,6 +232,7 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen,
int rv, e_size = 3;
unsigned char exp[] = { 0x01, 0x00, 0x01 };
RSA *rsa = RSA_new();
+ BIGNUM *rsa_n = NULL, *rsa_e = NULL;
if (rsa == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
@@ -237,12 +275,20 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen,
}
/* set the public key value in the OpenSSL object */
- rsa->n = BN_bin2bn(pubkey, pubsize, rsa->n);
+ rsa_n = BN_bin2bn(pubkey, pubsize, NULL);
/* set the public exponent */
- rsa->e = BN_bin2bn(exp, e_size, rsa->e);
+ rsa_e = BN_bin2bn(exp, e_size, NULL);
- if (rsa->n == NULL || rsa->e == NULL) {
+ if (rsa_n == NULL || rsa_e == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
+ goto err;
+ }
+ if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
+ rv = TSPERR(TSS_E_FAIL);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
goto err;
}
diff --git a/src/trspi/crypto/openssl/symmetric.c b/src/trspi/crypto/openssl/symmetric.c
index f5c3836..3101d51 100644
--- a/src/trspi/crypto/openssl/symmetric.c
+++ b/src/trspi/crypto/openssl/symmetric.c
@@ -40,7 +40,6 @@
#define DEBUG_print_openssl_errors()
#endif
-
/*
* Hopefully this will make the code clearer since
* OpenSSL returns 1 on success
@@ -52,7 +51,7 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
UINT32 *out_len)
{
TSS_RESULT result = TSS_SUCCESS;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
UINT32 tmp;
switch (alg) {
@@ -64,33 +63,33 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
break;
}
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
- if (!EVP_EncryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) {
+ if (!EVP_EncryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (*out_len < in_len + EVP_CIPHER_CTX_block_size(&ctx) - 1) {
+ if (*out_len < in_len + EVP_CIPHER_CTX_block_size(ctx) - 1) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
goto done;
}
- if (!EVP_EncryptUpdate(&ctx, out, (int *)out_len, in, in_len)) {
+ if (!EVP_EncryptUpdate(ctx, out, (int *)out_len, in, in_len)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_EncryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
+ if (!EVP_EncryptFinal(ctx, out + *out_len, (int *)&tmp)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
*out_len += tmp;
done:
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return result;
}
@@ -99,7 +98,7 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
UINT32 *out_len)
{
TSS_RESULT result = TSS_SUCCESS;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
UINT32 tmp;
switch (alg) {
@@ -111,28 +110,28 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
break;
}
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
- if (!EVP_DecryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) {
+ if (!EVP_DecryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, in, in_len)) {
+ if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, in, in_len)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
+ if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
*out_len += tmp;
done:
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return result;
}
@@ -255,7 +254,7 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
UINT32 *out_len)
{
TSS_RESULT result = TSS_SUCCESS;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
EVP_CIPHER *cipher;
BYTE *def_iv = NULL, *outiv_ptr;
UINT32 tmp;
@@ -269,7 +268,7 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
if ((cipher = get_openssl_cipher(alg, mode)) == NULL)
return TSPERR(TSS_E_INTERNAL_ERROR);
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
/* If the iv passed in is NULL, create a new random iv and prepend it to the ciphertext */
iv_len = EVP_CIPHER_iv_length(cipher);
@@ -289,25 +288,25 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
outiv_ptr = out;
}
- if (!EVP_EncryptInit(&ctx, (const EVP_CIPHER *)cipher, key, def_iv)) {
+ if (!EVP_EncryptInit(ctx, (const EVP_CIPHER *)cipher, key, def_iv)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(&ctx) * 2) - 1) {
+ if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(ctx) * 2) - 1) {
LogDebug("Not enough space to do symmetric encryption");
result = TSPERR(TSS_E_INTERNAL_ERROR);
goto done;
}
- if (!EVP_EncryptUpdate(&ctx, outiv_ptr, &outiv_len, in, in_len)) {
+ if (!EVP_EncryptUpdate(ctx, outiv_ptr, &outiv_len, in, in_len)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_EncryptFinal(&ctx, outiv_ptr + outiv_len, (int *)&tmp)) {
+ if (!EVP_EncryptFinal(ctx, outiv_ptr + outiv_len, (int *)&tmp)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
@@ -320,7 +319,7 @@ done:
*out_len += iv_len;
free(def_iv);
}
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return result;
}
@@ -329,7 +328,7 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
UINT32 *out_len)
{
TSS_RESULT result = TSS_SUCCESS;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
EVP_CIPHER *cipher;
BYTE *def_iv = NULL, *iniv_ptr;
UINT32 tmp;
@@ -341,7 +340,7 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
if ((cipher = get_openssl_cipher(alg, mode)) == NULL)
return TSPERR(TSS_E_INTERNAL_ERROR);
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
/* If the iv is NULL, assume that its prepended to the ciphertext */
if (iv == NULL) {
@@ -361,19 +360,19 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
iniv_len = in_len;
}
- if (!EVP_DecryptInit(&ctx, cipher, key, def_iv)) {
+ if (!EVP_DecryptInit(ctx, cipher, key, def_iv)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, iniv_ptr, iniv_len)) {
+ if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, iniv_ptr, iniv_len)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
+ if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
@@ -383,6 +382,6 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
done:
if (def_iv != iv)
free(def_iv);
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return result;
}
-----------------------------------------------------------------------
Summary of changes:
src/trspi/crypto/openssl/rsa.c | 64 +++++++++++++++++++++++++++++-----
src/trspi/crypto/openssl/symmetric.c | 53 ++++++++++++++--------------
2 files changed, 81 insertions(+), 36 deletions(-)
hooks/post-receive
--
Trousers
------------------------------------------------------------------------------
Trousers
------------------------------------------------------------------------------