OpenSSL: Use EVP_CIPHER_CTX_new() to work with OpenSSL 1.1.0
The EVP_CIPHER_CTX structure will be made opaque in OpenSSL 1.1.0, so need to use EVP_CIPHER_CTX_new() with it instead of stack memory. The design here moves the older OpenSSL versions to use that dynamic allocation design as well to minimize maintenance effort. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
3fb3bea8e9
commit
1eb87ae48d
1 changed files with 72 additions and 63 deletions
|
@ -31,6 +31,14 @@
|
|||
#include "sha384.h"
|
||||
#include "crypto.h"
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
/* Compatibility wrapper for older versions. */
|
||||
static int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
|
||||
{
|
||||
return EVP_CIPHER_CTX_cleanup(ctx);
|
||||
}
|
||||
#endif /* OpenSSL version < 1.1.0 */
|
||||
|
||||
static BIGNUM * get_group5_prime(void)
|
||||
{
|
||||
#ifdef OPENSSL_IS_BORINGSSL
|
||||
|
@ -169,32 +177,34 @@ int rc4_skip(const u8 *key, size_t keylen, size_t skip,
|
|||
#ifdef OPENSSL_NO_RC4
|
||||
return -1;
|
||||
#else /* OPENSSL_NO_RC4 */
|
||||
EVP_CIPHER_CTX ctx;
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
int outl;
|
||||
int res = -1;
|
||||
unsigned char skip_buf[16];
|
||||
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
if (!EVP_CIPHER_CTX_set_padding(&ctx, 0) ||
|
||||
!EVP_CipherInit_ex(&ctx, EVP_rc4(), NULL, NULL, NULL, 1) ||
|
||||
!EVP_CIPHER_CTX_set_key_length(&ctx, keylen) ||
|
||||
!EVP_CipherInit_ex(&ctx, NULL, NULL, key, NULL, 1))
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
if (!ctx ||
|
||||
!EVP_CIPHER_CTX_set_padding(ctx, 0) ||
|
||||
!EVP_CipherInit_ex(ctx, EVP_rc4(), NULL, NULL, NULL, 1) ||
|
||||
!EVP_CIPHER_CTX_set_key_length(ctx, keylen) ||
|
||||
!EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, 1))
|
||||
goto out;
|
||||
|
||||
while (skip >= sizeof(skip_buf)) {
|
||||
size_t len = skip;
|
||||
if (len > sizeof(skip_buf))
|
||||
len = sizeof(skip_buf);
|
||||
if (!EVP_CipherUpdate(&ctx, skip_buf, &outl, skip_buf, len))
|
||||
if (!EVP_CipherUpdate(ctx, skip_buf, &outl, skip_buf, len))
|
||||
goto out;
|
||||
skip -= len;
|
||||
}
|
||||
|
||||
if (EVP_CipherUpdate(&ctx, data, &outl, data, data_len))
|
||||
if (EVP_CipherUpdate(ctx, data, &outl, data, data_len))
|
||||
res = 0;
|
||||
|
||||
out:
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
if (ctx)
|
||||
EVP_CIPHER_CTX_reset(ctx);
|
||||
return res;
|
||||
#endif /* OPENSSL_NO_RC4 */
|
||||
}
|
||||
|
@ -250,10 +260,9 @@ void * aes_encrypt_init(const u8 *key, size_t len)
|
|||
if (type == NULL)
|
||||
return NULL;
|
||||
|
||||
ctx = os_malloc(sizeof(*ctx));
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
if (ctx == NULL)
|
||||
return NULL;
|
||||
EVP_CIPHER_CTX_init(ctx);
|
||||
if (EVP_EncryptInit_ex(ctx, type, NULL, key, NULL) != 1) {
|
||||
os_free(ctx);
|
||||
return NULL;
|
||||
|
@ -287,8 +296,8 @@ void aes_encrypt_deinit(void *ctx)
|
|||
wpa_printf(MSG_ERROR, "OpenSSL: Unexpected padding length %d "
|
||||
"in AES encrypt", len);
|
||||
}
|
||||
EVP_CIPHER_CTX_cleanup(c);
|
||||
bin_clear_free(c, sizeof(*c));
|
||||
EVP_CIPHER_CTX_reset(c);
|
||||
EVP_CIPHER_CTX_free(c);
|
||||
}
|
||||
|
||||
|
||||
|
@ -301,12 +310,11 @@ void * aes_decrypt_init(const u8 *key, size_t len)
|
|||
if (type == NULL)
|
||||
return NULL;
|
||||
|
||||
ctx = os_malloc(sizeof(*ctx));
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
if (ctx == NULL)
|
||||
return NULL;
|
||||
EVP_CIPHER_CTX_init(ctx);
|
||||
if (EVP_DecryptInit_ex(ctx, type, NULL, key, NULL) != 1) {
|
||||
os_free(ctx);
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
return NULL;
|
||||
}
|
||||
EVP_CIPHER_CTX_set_padding(ctx, 0);
|
||||
|
@ -338,8 +346,8 @@ void aes_decrypt_deinit(void *ctx)
|
|||
wpa_printf(MSG_ERROR, "OpenSSL: Unexpected padding length %d "
|
||||
"in AES decrypt", len);
|
||||
}
|
||||
EVP_CIPHER_CTX_cleanup(c);
|
||||
bin_clear_free(c, sizeof(*c));
|
||||
EVP_CIPHER_CTX_reset(c);
|
||||
EVP_CIPHER_CTX_free(c);
|
||||
}
|
||||
|
||||
|
||||
|
@ -378,57 +386,56 @@ int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher,
|
|||
|
||||
int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
|
||||
{
|
||||
EVP_CIPHER_CTX ctx;
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
int clen, len;
|
||||
u8 buf[16];
|
||||
int res = -1;
|
||||
|
||||
if (TEST_FAIL())
|
||||
return -1;
|
||||
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
if (EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv) != 1)
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
if (!ctx)
|
||||
return -1;
|
||||
EVP_CIPHER_CTX_set_padding(&ctx, 0);
|
||||
|
||||
clen = data_len;
|
||||
if (EVP_EncryptUpdate(&ctx, data, &clen, data, data_len) != 1 ||
|
||||
clen != (int) data_len)
|
||||
return -1;
|
||||
|
||||
len = sizeof(buf);
|
||||
if (EVP_EncryptFinal_ex(&ctx, buf, &len) != 1 || len != 0)
|
||||
return -1;
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
if (EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv) == 1 &&
|
||||
EVP_CIPHER_CTX_set_padding(ctx, 0) == 1 &&
|
||||
EVP_EncryptUpdate(ctx, data, &clen, data, data_len) == 1 &&
|
||||
clen == (int) data_len &&
|
||||
EVP_EncryptFinal_ex(ctx, buf, &len) == 1 && len == 0)
|
||||
res = 0;
|
||||
EVP_CIPHER_CTX_reset(ctx);
|
||||
|
||||
return 0;
|
||||
return res;
|
||||
}
|
||||
|
||||
|
||||
int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
|
||||
{
|
||||
EVP_CIPHER_CTX ctx;
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
int plen, len;
|
||||
u8 buf[16];
|
||||
int res = -1;
|
||||
|
||||
if (TEST_FAIL())
|
||||
return -1;
|
||||
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
if (EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv) != 1)
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
if (!ctx)
|
||||
return -1;
|
||||
EVP_CIPHER_CTX_set_padding(&ctx, 0);
|
||||
|
||||
plen = data_len;
|
||||
if (EVP_DecryptUpdate(&ctx, data, &plen, data, data_len) != 1 ||
|
||||
plen != (int) data_len)
|
||||
return -1;
|
||||
|
||||
len = sizeof(buf);
|
||||
if (EVP_DecryptFinal_ex(&ctx, buf, &len) != 1 || len != 0)
|
||||
return -1;
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
if (EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv) == 1 &&
|
||||
EVP_CIPHER_CTX_set_padding(ctx, 0) == 1 &&
|
||||
EVP_DecryptUpdate(ctx, data, &plen, data, data_len) == 1 &&
|
||||
plen == (int) data_len &&
|
||||
EVP_DecryptFinal_ex(ctx, buf, &len) == 1 && len == 0)
|
||||
res = 0;
|
||||
EVP_CIPHER_CTX_reset(ctx);
|
||||
|
||||
return res;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
@ -471,8 +478,8 @@ error:
|
|||
|
||||
|
||||
struct crypto_cipher {
|
||||
EVP_CIPHER_CTX enc;
|
||||
EVP_CIPHER_CTX dec;
|
||||
EVP_CIPHER_CTX *enc;
|
||||
EVP_CIPHER_CTX *dec;
|
||||
};
|
||||
|
||||
|
||||
|
@ -533,23 +540,25 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
|
|||
return NULL;
|
||||
}
|
||||
|
||||
EVP_CIPHER_CTX_init(&ctx->enc);
|
||||
EVP_CIPHER_CTX_set_padding(&ctx->enc, 0);
|
||||
if (!EVP_EncryptInit_ex(&ctx->enc, cipher, NULL, NULL, NULL) ||
|
||||
!EVP_CIPHER_CTX_set_key_length(&ctx->enc, key_len) ||
|
||||
!EVP_EncryptInit_ex(&ctx->enc, NULL, NULL, key, iv)) {
|
||||
EVP_CIPHER_CTX_cleanup(&ctx->enc);
|
||||
if (!(ctx->enc = EVP_CIPHER_CTX_new()) ||
|
||||
!EVP_CIPHER_CTX_set_padding(ctx->enc, 0) ||
|
||||
!EVP_EncryptInit_ex(ctx->enc, cipher, NULL, NULL, NULL) ||
|
||||
!EVP_CIPHER_CTX_set_key_length(ctx->enc, key_len) ||
|
||||
!EVP_EncryptInit_ex(ctx->enc, NULL, NULL, key, iv)) {
|
||||
if (ctx->enc)
|
||||
EVP_CIPHER_CTX_reset(ctx->enc);
|
||||
os_free(ctx);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
EVP_CIPHER_CTX_init(&ctx->dec);
|
||||
EVP_CIPHER_CTX_set_padding(&ctx->dec, 0);
|
||||
if (!EVP_DecryptInit_ex(&ctx->dec, cipher, NULL, NULL, NULL) ||
|
||||
!EVP_CIPHER_CTX_set_key_length(&ctx->dec, key_len) ||
|
||||
!EVP_DecryptInit_ex(&ctx->dec, NULL, NULL, key, iv)) {
|
||||
EVP_CIPHER_CTX_cleanup(&ctx->enc);
|
||||
EVP_CIPHER_CTX_cleanup(&ctx->dec);
|
||||
if (!(ctx->dec = EVP_CIPHER_CTX_new()) ||
|
||||
!EVP_CIPHER_CTX_set_padding(ctx->dec, 0) ||
|
||||
!EVP_DecryptInit_ex(ctx->dec, cipher, NULL, NULL, NULL) ||
|
||||
!EVP_CIPHER_CTX_set_key_length(ctx->dec, key_len) ||
|
||||
!EVP_DecryptInit_ex(ctx->dec, NULL, NULL, key, iv)) {
|
||||
EVP_CIPHER_CTX_reset(ctx->enc);
|
||||
if (ctx->dec)
|
||||
EVP_CIPHER_CTX_reset(ctx->dec);
|
||||
os_free(ctx);
|
||||
return NULL;
|
||||
}
|
||||
|
@ -562,7 +571,7 @@ int crypto_cipher_encrypt(struct crypto_cipher *ctx, const u8 *plain,
|
|||
u8 *crypt, size_t len)
|
||||
{
|
||||
int outl;
|
||||
if (!EVP_EncryptUpdate(&ctx->enc, crypt, &outl, plain, len))
|
||||
if (!EVP_EncryptUpdate(ctx->enc, crypt, &outl, plain, len))
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
||||
|
@ -573,7 +582,7 @@ int crypto_cipher_decrypt(struct crypto_cipher *ctx, const u8 *crypt,
|
|||
{
|
||||
int outl;
|
||||
outl = len;
|
||||
if (!EVP_DecryptUpdate(&ctx->dec, plain, &outl, crypt, len))
|
||||
if (!EVP_DecryptUpdate(ctx->dec, plain, &outl, crypt, len))
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
||||
|
@ -581,8 +590,8 @@ int crypto_cipher_decrypt(struct crypto_cipher *ctx, const u8 *crypt,
|
|||
|
||||
void crypto_cipher_deinit(struct crypto_cipher *ctx)
|
||||
{
|
||||
EVP_CIPHER_CTX_cleanup(&ctx->enc);
|
||||
EVP_CIPHER_CTX_cleanup(&ctx->dec);
|
||||
EVP_CIPHER_CTX_reset(ctx->enc);
|
||||
EVP_CIPHER_CTX_reset(ctx->dec);
|
||||
os_free(ctx);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue