From b1858f6b5fa33b9ef9eeea1f6152185d54bba323 Mon Sep 17 00:00:00 2001 From: Wim Taymans Date: Mon, 3 Sep 2018 13:19:44 +0200 Subject: [PATCH] Changes for OpenSSL 1.1.0 compatibility --- crypto/cipher/aes_gcm_ossl.c | 36 +++++---- crypto/cipher/aes_icm_ossl.c | 18 +++-- crypto/hash/hmac_ossl.c | 135 ++++++++++++---------------------- crypto/include/aes_gcm_ossl.h | 2 +- crypto/include/aes_icm_ossl.h | 2 +- crypto/include/sha1.h | 14 ++-- 6 files changed, 89 insertions(+), 118 deletions(-) diff --git a/crypto/cipher/aes_gcm_ossl.c b/crypto/cipher/aes_gcm_ossl.c index dce2a33..943dbd5 100644 --- a/crypto/cipher/aes_gcm_ossl.c +++ b/crypto/cipher/aes_gcm_ossl.c @@ -116,6 +116,13 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen) (*c)->state = allptr + sizeof(cipher_t); gcm = (aes_gcm_ctx_t *)(*c)->state; + gcm->ctx = EVP_CIPHER_CTX_new(); + if (gcm->ctx == NULL) { + crypto_free(*c); + *c = NULL; + return (err_status_alloc_fail); + } + /* increment ref_count */ switch (key_len) { case AES_128_GCM_KEYSIZE_WSALT: @@ -136,7 +143,6 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen) /* set key size */ (*c)->key_len = key_len; - EVP_CIPHER_CTX_init(&gcm->ctx); return (err_status_ok); } @@ -151,7 +157,7 @@ err_status_t aes_gcm_openssl_dealloc (cipher_t *c) ctx = (aes_gcm_ctx_t*)c->state; if (ctx) { - EVP_CIPHER_CTX_cleanup(&ctx->ctx); + EVP_CIPHER_CTX_free(ctx->ctx); /* decrement ref_count for the appropriate engine */ switch (ctx->key_size) { case AES_256_KEYSIZE: @@ -197,7 +203,7 @@ err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key) debug_print(mod_aes_gcm, "key: %s", v128_hex_string((v128_t*)&c->key)); - EVP_CIPHER_CTX_cleanup(&c->ctx); + EVP_CIPHER_CTX_cleanup(c->ctx); return (err_status_ok); } @@ -231,19 +237,19 @@ err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv, break; } - if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, (const unsigned char*)&c->key.v8, + if (!EVP_CipherInit_ex(c->ctx, evp, NULL, (const unsigned char*)&c->key.v8, NULL, (c->dir == direction_encrypt ? 1 : 0))) { return (err_status_init_fail); } /* set IV len and the IV value, the followiong 3 calls are required */ - if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) { + if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) { return (err_status_init_fail); } - if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) { + if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) { return (err_status_init_fail); } - if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) { + if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) { return (err_status_init_fail); } @@ -267,9 +273,9 @@ err_status_t aes_gcm_openssl_set_aad (aes_gcm_ctx_t *c, unsigned char *aad, * Set dummy tag, OpenSSL requires the Tag to be set before * processing AAD */ - EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad); + EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad); - rv = EVP_Cipher(&c->ctx, NULL, aad, aad_len); + rv = EVP_Cipher(c->ctx, NULL, aad, aad_len); if (rv != aad_len) { return (err_status_algo_fail); } else { @@ -295,7 +301,7 @@ err_status_t aes_gcm_openssl_encrypt (aes_gcm_ctx_t *c, unsigned char *buf, /* * Encrypt the data */ - EVP_Cipher(&c->ctx, buf, buf, *enc_len); + EVP_Cipher(c->ctx, buf, buf, *enc_len); return (err_status_ok); } @@ -317,12 +323,12 @@ err_status_t aes_gcm_openssl_get_tag (aes_gcm_ctx_t *c, unsigned char *buf, /* * Calculate the tag */ - EVP_Cipher(&c->ctx, NULL, NULL, 0); + EVP_Cipher(c->ctx, NULL, NULL, 0); /* * Retreive the tag */ - EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf); + EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf); /* * Increase encryption length by desired tag size @@ -351,14 +357,14 @@ err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c, unsigned char *buf, /* * Set the tag before decrypting */ - EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, + EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, buf + (*enc_len - c->tag_len)); - EVP_Cipher(&c->ctx, buf, buf, *enc_len - c->tag_len); + EVP_Cipher(c->ctx, buf, buf, *enc_len - c->tag_len); /* * Check the tag */ - if (EVP_Cipher(&c->ctx, NULL, NULL, 0)) { + if (EVP_Cipher(c->ctx, NULL, NULL, 0)) { return (err_status_auth_fail); } diff --git a/crypto/cipher/aes_icm_ossl.c b/crypto/cipher/aes_icm_ossl.c index eb58539..1ddd39e 100644 --- a/crypto/cipher/aes_icm_ossl.c +++ b/crypto/cipher/aes_icm_ossl.c @@ -143,6 +143,13 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen) (*c)->state = allptr + sizeof(cipher_t); icm = (aes_icm_ctx_t*)(*c)->state; + icm->ctx = EVP_CIPHER_CTX_new(); + if (icm->ctx == NULL) { + crypto_free(*c); + *c = NULL; + return err_status_alloc_fail; + } + /* increment ref_count */ switch (key_len) { case AES_128_KEYSIZE_WSALT: @@ -169,7 +176,6 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen) /* set key size */ (*c)->key_len = key_len; - EVP_CIPHER_CTX_init(&icm->ctx); return err_status_ok; } @@ -191,7 +197,7 @@ err_status_t aes_icm_openssl_dealloc (cipher_t *c) */ ctx = (aes_icm_ctx_t*)c->state; if (ctx != NULL) { - EVP_CIPHER_CTX_cleanup(&ctx->ctx); + EVP_CIPHER_CTX_free(ctx->ctx); /* decrement ref_count for the appropriate engine */ switch (ctx->key_size) { case AES_256_KEYSIZE: @@ -271,7 +277,7 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key, debug_print(mod_aes_icm, "key: %s", v128_hex_string((v128_t*)&c->key)); debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset)); - EVP_CIPHER_CTX_cleanup(&c->ctx); + EVP_CIPHER_CTX_cleanup(c->ctx); return err_status_ok; } @@ -312,7 +318,7 @@ err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir) break; } - if (!EVP_EncryptInit_ex(&c->ctx, evp, + if (!EVP_EncryptInit_ex(c->ctx, evp, NULL, c->key.v8, c->counter.v8)) { return err_status_fail; } else { @@ -334,12 +340,12 @@ err_status_t aes_icm_openssl_encrypt (aes_icm_ctx_t *c, unsigned char *buf, unsi debug_print(mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter)); - if (!EVP_EncryptUpdate(&c->ctx, buf, &len, buf, *enc_len)) { + if (!EVP_EncryptUpdate(c->ctx, buf, &len, buf, *enc_len)) { return err_status_cipher_fail; } *enc_len = len; - if (!EVP_EncryptFinal_ex(&c->ctx, buf, &len)) { + if (!EVP_EncryptFinal_ex(c->ctx, buf, &len)) { return err_status_cipher_fail; } *enc_len += len; diff --git a/crypto/hash/hmac_ossl.c b/crypto/hash/hmac_ossl.c index f62ce57..3f6f97d 100644 --- a/crypto/hash/hmac_ossl.c +++ b/crypto/hash/hmac_ossl.c @@ -49,8 +49,10 @@ #include "hmac.h" #include "alloc.h" #include +#include -#define HMAC_KEYLEN_MAX 20 +#define HMAC_KEYLEN_MAX 20 +#define SHA1_DIGEST_SIZE 20 /* the debug module for authentiation */ @@ -64,8 +66,6 @@ err_status_t hmac_alloc (auth_t **a, int key_len, int out_len) { extern auth_type_t hmac; - uint8_t *pointer; - hmac_ctx_t *new_hmac_ctx; debug_print(mod_hmac, "allocating auth func with key length %d", key_len); debug_print(mod_hmac, " tag length %d", out_len); @@ -79,25 +79,28 @@ hmac_alloc (auth_t **a, int key_len, int out_len) } /* check output length - should be less than 20 bytes */ - if (out_len > HMAC_KEYLEN_MAX) { + if (out_len > SHA1_DIGEST_SIZE) { return err_status_bad_param; } /* allocate memory for auth and hmac_ctx_t structures */ - pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t)); - if (pointer == NULL) { + *a = crypto_alloc(sizeof(auth_t)); + if (*a == NULL) { + return err_status_alloc_fail; + } + + (*a)->state = HMAC_CTX_new(); + if ((*a)->state == NULL) { + crypto_free(*a); + *a = NULL; return err_status_alloc_fail; } /* set pointers */ - *a = (auth_t*)pointer; (*a)->type = &hmac; - (*a)->state = pointer + sizeof(auth_t); (*a)->out_len = out_len; (*a)->key_len = key_len; (*a)->prefix_len = 0; - new_hmac_ctx = (hmac_ctx_t*)((*a)->state); - memset(new_hmac_ctx, 0, sizeof(hmac_ctx_t)); /* increment global count of all hmac uses */ hmac.ref_count++; @@ -109,19 +112,14 @@ err_status_t hmac_dealloc (auth_t *a) { extern auth_type_t hmac; - hmac_ctx_t *hmac_ctx; + HMAC_CTX *hmac_ctx; - hmac_ctx = (hmac_ctx_t*)a->state; - if (hmac_ctx->ctx_initialized) { - EVP_MD_CTX_cleanup(&hmac_ctx->ctx); - } - if (hmac_ctx->init_ctx_initialized) { - EVP_MD_CTX_cleanup(&hmac_ctx->init_ctx); - } + hmac_ctx = (HMAC_CTX*)a->state; + + HMAC_CTX_free(hmac_ctx); /* zeroize entire state*/ - octet_string_set_to_zero((uint8_t*)a, - sizeof(hmac_ctx_t) + sizeof(auth_t)); + octet_string_set_to_zero((uint8_t*)a, sizeof(auth_t)); /* free memory */ crypto_free(a); @@ -133,109 +131,68 @@ hmac_dealloc (auth_t *a) } err_status_t -hmac_init (hmac_ctx_t *state, const uint8_t *key, int key_len) +hmac_start (hmac_ctx_t *statev) { - int i; - uint8_t ipad[64]; - - /* - * check key length - note that we don't support keys larger - * than 20 bytes yet - */ - if (key_len > HMAC_KEYLEN_MAX) { - return err_status_bad_param; - } - - /* - * set values of ipad and opad by exoring the key into the - * appropriate constant values - */ - for (i = 0; i < key_len; i++) { - ipad[i] = key[i] ^ 0x36; - state->opad[i] = key[i] ^ 0x5c; - } - /* set the rest of ipad, opad to constant values */ - for (; i < sizeof(ipad); i++) { - ipad[i] = 0x36; - ((uint8_t*)state->opad)[i] = 0x5c; - } - - debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, sizeof(ipad))); + HMAC_CTX *state = (HMAC_CTX *)statev; - /* initialize sha1 context */ - sha1_init(&state->init_ctx); - state->init_ctx_initialized = 1; + if (HMAC_Init_ex(state, NULL, 0, NULL, NULL) == 0) + return err_status_auth_fail; - /* hash ipad ^ key */ - sha1_update(&state->init_ctx, ipad, sizeof(ipad)); - return (hmac_start(state)); + return err_status_ok; } err_status_t -hmac_start (hmac_ctx_t *state) +hmac_init (hmac_ctx_t *statev, const uint8_t *key, int key_len) { - if (state->ctx_initialized) { - EVP_MD_CTX_cleanup(&state->ctx); - } - if (!EVP_MD_CTX_copy(&state->ctx, &state->init_ctx)) { + HMAC_CTX *state = (HMAC_CTX *)statev; + + if (HMAC_Init_ex(state, key, key_len, EVP_sha1(), NULL) == 0) return err_status_auth_fail; - } else { - state->ctx_initialized = 1; - return err_status_ok; - } + + return err_status_ok; } err_status_t -hmac_update (hmac_ctx_t *state, const uint8_t *message, int msg_octets) +hmac_update (hmac_ctx_t *statev, const uint8_t *message, int msg_octets) { + HMAC_CTX *state = (HMAC_CTX *)statev; + debug_print(mod_hmac, "input: %s", octet_string_hex_string(message, msg_octets)); - /* hash message into sha1 context */ - sha1_update(&state->ctx, message, msg_octets); + if (HMAC_Update(state, message, msg_octets) == 0) + return err_status_auth_fail; return err_status_ok; } err_status_t -hmac_compute (hmac_ctx_t *state, const void *message, +hmac_compute (hmac_ctx_t *statev, const void *message, int msg_octets, int tag_len, uint8_t *result) { - uint32_t hash_value[5]; - uint32_t H[5]; + HMAC_CTX *state = (HMAC_CTX *)statev; + uint8_t hash_value[SHA1_DIGEST_SIZE]; int i; + unsigned int len; /* check tag length, return error if we can't provide the value expected */ - if (tag_len > HMAC_KEYLEN_MAX) { + if (tag_len > SHA1_DIGEST_SIZE) { return err_status_bad_param; } /* hash message, copy output into H */ - sha1_update(&state->ctx, message, msg_octets); - sha1_final(&state->ctx, H); - - /* - * note that we don't need to debug_print() the input, since the - * function hmac_update() already did that for us - */ - debug_print(mod_hmac, "intermediate state: %s", - octet_string_hex_string((uint8_t*)H, sizeof(H))); - - /* re-initialize hash context */ - sha1_init(&state->ctx); - - /* hash opad ^ key */ - sha1_update(&state->ctx, (uint8_t*)state->opad, sizeof(state->opad)); + if (HMAC_Update(state, message, msg_octets) == 0) + return err_status_auth_fail; - /* hash the result of the inner hash */ - sha1_update(&state->ctx, (uint8_t*)H, sizeof(H)); + if (HMAC_Final(state, hash_value, &len) == 0) + return err_status_auth_fail; - /* the result is returned in the array hash_value[] */ - sha1_final(&state->ctx, hash_value); + if (len < tag_len) + return err_status_auth_fail; /* copy hash_value to *result */ for (i = 0; i < tag_len; i++) { - result[i] = ((uint8_t*)hash_value)[i]; + result[i] = hash_value[i]; } debug_print(mod_hmac, "output: %s", diff --git a/crypto/include/aes_gcm_ossl.h b/crypto/include/aes_gcm_ossl.h index 8e7711d..4f49b51 100644 --- a/crypto/include/aes_gcm_ossl.h +++ b/crypto/include/aes_gcm_ossl.h @@ -55,7 +55,7 @@ typedef struct { v256_t key; int key_size; int tag_len; - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX* ctx; cipher_direction_t dir; } aes_gcm_ctx_t; diff --git a/crypto/include/aes_icm_ossl.h b/crypto/include/aes_icm_ossl.h index b4ec40a..af23320 100644 --- a/crypto/include/aes_icm_ossl.h +++ b/crypto/include/aes_icm_ossl.h @@ -72,7 +72,7 @@ typedef struct { v128_t offset; /* initial offset value */ v256_t key; int key_size; - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX* ctx; } aes_icm_ctx_t; err_status_t aes_icm_openssl_set_iv(aes_icm_ctx_t *c, void *iv, int dir); diff --git a/crypto/include/sha1.h b/crypto/include/sha1.h index 2ce53e8..fb5bd95 100644 --- a/crypto/include/sha1.h +++ b/crypto/include/sha1.h @@ -56,8 +56,6 @@ #include #include -typedef EVP_MD_CTX sha1_ctx_t; - /* * sha1_init(&ctx) initializes the SHA1 context ctx * @@ -72,23 +70,27 @@ typedef EVP_MD_CTX sha1_ctx_t; * */ +typedef EVP_MD_CTX* sha1_ctx_t; + static inline void sha1_init (sha1_ctx_t *ctx) { - EVP_MD_CTX_init(ctx); - EVP_DigestInit(ctx, EVP_sha1()); + *ctx = EVP_MD_CTX_new(); + EVP_DigestInit(*ctx, EVP_sha1()); } static inline void sha1_update (sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg) { - EVP_DigestUpdate(ctx, M, octets_in_msg); + EVP_DigestUpdate(*ctx, M, octets_in_msg); } static inline void sha1_final (sha1_ctx_t *ctx, uint32_t *output) { unsigned int len = 0; - EVP_DigestFinal(ctx, (unsigned char*)output, &len); + EVP_DigestFinal(*ctx, (unsigned char*)output, &len); + EVP_MD_CTX_free(*ctx); } + #else #include "datatypes.h" -- 2.17.1