rpms/opencryptoki
7
0
Fork 0
Code Issues Pull Requests Releases Activity
86274e8523
opencryptoki/opencryptoki-openssl3-5377d25a6cbe3d07afcd08276ad7e90f62cad0c9.patch
Than Ngo 86274e8523 Resolves: #1989138, Support for OpenSSL 3.0
2021-08-23 13:00:44 +02:00

175 lines
5.4 KiB
Diff
Raw Blame History

commit 5377d25a6cbe3d07afcd08276ad7e90f62cad0c9
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed Jun 30 13:51:02 2021 +0200
COMMON: mech_sha: Remove deprecated OpenSSL functions
All low level SHA functions are deprecated in OpenSSL 3.0.
Update the code to not use any of those.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
diff --git a/usr/lib/common/h_extern.h b/usr/lib/common/h_extern.h
index 314613a5..b3b965bf 100644
--- a/usr/lib/common/h_extern.h
+++ b/usr/lib/common/h_extern.h
@@ -1543,7 +1543,7 @@ CK_RV aes_cfb_decrypt_final(STDLL_TokData_t *tokdata, SESSION *sess,
// SHA mechanisms
//
-void sw_sha1_init(DIGEST_CONTEXT *ctx);
+CK_RV sw_sha1_init(DIGEST_CONTEXT *ctx);
CK_RV sw_sha1_hash(DIGEST_CONTEXT *ctx, CK_BYTE *in_data,
CK_ULONG in_data_len, CK_BYTE *out_data,
diff --git a/usr/lib/common/mech_sha.c b/usr/lib/common/mech_sha.c
index 0b9b7b28..1c81abe2 100644
--- a/usr/lib/common/mech_sha.c
+++ b/usr/lib/common/mech_sha.c
@@ -38,30 +38,49 @@
#include "tok_spec_struct.h"
#include "trace.h"
-#include <openssl/sha.h>
+#include <openssl/evp.h>
#include <openssl/crypto.h>
//
// Software SHA-1 implementation (OpenSSL based)
//
-void sw_sha1_init(DIGEST_CONTEXT *ctx)
+static void sw_sha1_free(STDLL_TokData_t *tokdata, SESSION *sess,
+ CK_BYTE *context, CK_ULONG context_len)
{
- ctx->context_len = sizeof(SHA_CTX);
- ctx->context = (CK_BYTE *) malloc(sizeof(SHA_CTX));
+ UNUSED(tokdata);
+ UNUSED(sess);
+ UNUSED(context_len);
+
+ EVP_MD_CTX_free((EVP_MD_CTX *)context);
+}
+
+CK_RV sw_sha1_init(DIGEST_CONTEXT *ctx)
+{
+ ctx->context_len = 1;
+ ctx->context = (CK_BYTE *)EVP_MD_CTX_new();
if (ctx->context == NULL) {
TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));
- // TODO: propagate error up?
- return;
+ return CKR_HOST_MEMORY;
+ }
+
+ if (!EVP_DigestInit_ex((EVP_MD_CTX *)ctx->context, EVP_sha1(), NULL)) {
+ TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));
+ EVP_MD_CTX_free((EVP_MD_CTX *)ctx->context);
+ return CKR_FUNCTION_FAILED;
}
- SHA1_Init((SHA_CTX *)ctx->context);
+ ctx->state_unsaveable = CK_TRUE;
+ ctx->context_free_func = sw_sha1_free;
+
+ return CKR_OK;
}
CK_RV sw_sha1_hash(DIGEST_CONTEXT *ctx, CK_BYTE *in_data,
CK_ULONG in_data_len, CK_BYTE *out_data,
CK_ULONG *out_data_len)
{
+ unsigned int len;
if (!ctx || !out_data_len) {
TRACE_ERROR("%s received bad argument(s)\n", __func__);
@@ -76,43 +95,60 @@ CK_RV sw_sha1_hash(DIGEST_CONTEXT *ctx, CK_BYTE *in_data,
if (ctx->context == NULL)
return CKR_OPERATION_NOT_INITIALIZED;
- SHA1_Update((SHA_CTX *)ctx->context, in_data, in_data_len);
- SHA1_Final(out_data, (SHA_CTX *)ctx->context);
- *out_data_len = SHA1_HASH_SIZE;
+ len = *out_data_len;
+ if (!EVP_DigestUpdate((EVP_MD_CTX *)ctx->context, in_data, in_data_len) ||
+ !EVP_DigestFinal((EVP_MD_CTX *)ctx->context, out_data, &len)) {
+ TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));
+ return CKR_FUNCTION_FAILED;
+ }
+
+ *out_data_len = len;
- if (ctx->context_free_func != NULL)
- ctx->context_free_func(ctx->context, ctx->context_len);
- else
- free(ctx->context);
+ EVP_MD_CTX_free((EVP_MD_CTX *)ctx->context);
ctx->context = NULL;
+ ctx->context_free_func = NULL;
return CKR_OK;
}
-CK_RV sw_sha1_update(DIGEST_CONTEXT *ctx, CK_BYTE *in_data,
- CK_ULONG in_data_len)
+static CK_RV sw_sha1_update(DIGEST_CONTEXT *ctx, CK_BYTE *in_data,
+ CK_ULONG in_data_len)
{
if (ctx->context == NULL)
return CKR_OPERATION_NOT_INITIALIZED;
- SHA1_Update((SHA_CTX *)ctx->context, in_data, in_data_len);
+ if (!EVP_DigestUpdate((EVP_MD_CTX *)ctx->context, in_data, in_data_len)) {
+ TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));
+ return CKR_FUNCTION_FAILED;
+ }
+
return CKR_OK;
}
-CK_RV sw_sha1_final(DIGEST_CONTEXT *ctx, CK_BYTE *out_data,
- CK_ULONG *out_data_len)
+static CK_RV sw_sha1_final(DIGEST_CONTEXT *ctx, CK_BYTE *out_data,
+ CK_ULONG *out_data_len)
{
+ unsigned int len;
+
if (ctx->context == NULL)
return CKR_OPERATION_NOT_INITIALIZED;
- SHA1_Final(out_data, (SHA_CTX *)ctx->context);
- *out_data_len = SHA1_HASH_SIZE;
+ if (*out_data_len < SHA1_HASH_SIZE) {
+ TRACE_ERROR("%s\n", ock_err(ERR_BUFFER_TOO_SMALL));
+ return CKR_BUFFER_TOO_SMALL;
+ }
+
+ len = *out_data_len;
+ if (!EVP_DigestFinal((EVP_MD_CTX *)ctx->context, out_data, &len)) {
+ TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));
+ return CKR_FUNCTION_FAILED;
+ }
+
+ *out_data_len = len;
- if (ctx->context_free_func != NULL)
- ctx->context_free_func(ctx->context, ctx->context_len);
- else
- free(ctx->context);
+ EVP_MD_CTX_free((EVP_MD_CTX *)ctx->context);
ctx->context = NULL;
+ ctx->context_free_func = NULL;
return CKR_OK;
}
@@ -134,8 +170,7 @@ CK_RV sha_init(STDLL_TokData_t *tokdata, SESSION *sess, DIGEST_CONTEXT *ctx,
* supported. JML
*/
if (mech->mechanism == CKM_SHA_1) {
- sw_sha1_init(ctx);
- return CKR_OK;
+ return sw_sha1_init(ctx);
} else {
return CKR_MECHANISM_INVALID;
}
Reference in New Issue View Git Blame Copy Permalink