116 lines
3.7 KiB
Diff
116 lines
3.7 KiB
Diff
commit ab3fceae6194e8213e9d3ffb7447ccd04d469b9d
|
|
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
Date: Mon Jul 5 10:45:04 2021 +0200
|
|
|
|
COMMON: sw_crypt.c: Remove support for OpenSSL < v1.1.1
|
|
|
|
Remove support for OpenSSL < v1.1.1. This code used low level
|
|
DES/AES functions.
|
|
|
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
|
diff --git a/usr/lib/common/sw_crypt.c b/usr/lib/common/sw_crypt.c
|
|
index 906a41ab..253b3c26 100644
|
|
--- a/usr/lib/common/sw_crypt.c
|
|
+++ b/usr/lib/common/sw_crypt.c
|
|
@@ -32,51 +32,6 @@ CK_RV sw_des3_cbc(CK_BYTE *in_data,
|
|
CK_ULONG *out_data_len,
|
|
CK_BYTE *init_v, CK_BYTE *key_value, CK_BYTE encrypt)
|
|
{
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
- DES_key_schedule des_key1;
|
|
- DES_key_schedule des_key2;
|
|
- DES_key_schedule des_key3;
|
|
-
|
|
- const_DES_cblock key_SSL1, key_SSL2, key_SSL3;
|
|
- DES_cblock ivec;
|
|
-
|
|
- // the des decrypt will only fail if the data length is not evenly divisible
|
|
- // by DES_BLOCK_SIZE
|
|
- if (in_data_len % DES_BLOCK_SIZE) {
|
|
- TRACE_ERROR("%s\n", ock_err(ERR_DATA_LEN_RANGE));
|
|
- return CKR_DATA_LEN_RANGE;
|
|
- }
|
|
- // The key as passed in is a 24 byte string containing 3 keys
|
|
- // pick it apart and create the key schedules
|
|
- memcpy(&key_SSL1, key_value, (size_t) 8);
|
|
- memcpy(&key_SSL2, key_value + 8, (size_t) 8);
|
|
- memcpy(&key_SSL3, key_value + 16, (size_t) 8);
|
|
- DES_set_key_unchecked(&key_SSL1, &des_key1);
|
|
- DES_set_key_unchecked(&key_SSL2, &des_key2);
|
|
- DES_set_key_unchecked(&key_SSL3, &des_key3);
|
|
-
|
|
- memcpy(ivec, init_v, sizeof(ivec));
|
|
-
|
|
- // Encrypt or decrypt the data
|
|
- if (encrypt) {
|
|
- DES_ede3_cbc_encrypt(in_data,
|
|
- out_data,
|
|
- in_data_len,
|
|
- &des_key1,
|
|
- &des_key2, &des_key3, &ivec, DES_ENCRYPT);
|
|
- *out_data_len = in_data_len;
|
|
- } else {
|
|
- DES_ede3_cbc_encrypt(in_data,
|
|
- out_data,
|
|
- in_data_len,
|
|
- &des_key1,
|
|
- &des_key2, &des_key3, &ivec, DES_DECRYPT);
|
|
-
|
|
- *out_data_len = in_data_len;
|
|
- }
|
|
-
|
|
- return CKR_OK;
|
|
-#else
|
|
CK_RV rc;
|
|
int outlen;
|
|
const EVP_CIPHER *cipher = EVP_des_ede3_cbc();
|
|
@@ -109,7 +64,6 @@ CK_RV sw_des3_cbc(CK_BYTE *in_data,
|
|
done:
|
|
EVP_CIPHER_CTX_free(ctx);
|
|
return rc;
|
|
-#endif
|
|
}
|
|
|
|
CK_RV sw_aes_cbc(CK_BYTE *in_data,
|
|
@@ -119,33 +73,6 @@ CK_RV sw_aes_cbc(CK_BYTE *in_data,
|
|
CK_BYTE *init_v, CK_BYTE *key_value, CK_ULONG keylen,
|
|
CK_BYTE encrypt)
|
|
{
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
- AES_KEY aes_key;
|
|
-
|
|
- UNUSED(out_data_len); //XXX can this parameter be removed ?
|
|
-
|
|
- memset(&aes_key, 0, sizeof(aes_key));
|
|
-
|
|
- // the aes decrypt will only fail if the data length is not evenly divisible
|
|
- // by AES_BLOCK_SIZE
|
|
- if (in_data_len % AES_BLOCK_SIZE) {
|
|
- TRACE_ERROR("%s\n", ock_err(ERR_DATA_LEN_RANGE));
|
|
- return CKR_DATA_LEN_RANGE;
|
|
- }
|
|
-
|
|
- // Encrypt or decrypt the data
|
|
- if (encrypt) {
|
|
- AES_set_encrypt_key(key_value, keylen * 8, &aes_key);
|
|
- AES_cbc_encrypt(in_data, out_data, in_data_len, &aes_key,
|
|
- init_v, AES_ENCRYPT);
|
|
- } else {
|
|
- AES_set_decrypt_key(key_value, keylen * 8, &aes_key);
|
|
- AES_cbc_encrypt(in_data, out_data, in_data_len, &aes_key,
|
|
- init_v, AES_DECRYPT);
|
|
- }
|
|
-
|
|
- return CKR_OK;
|
|
-#else
|
|
CK_RV rc;
|
|
int outlen;
|
|
const EVP_CIPHER *cipher = NULL;
|
|
@@ -187,5 +114,4 @@ CK_RV sw_aes_cbc(CK_BYTE *in_data,
|
|
done:
|
|
EVP_CIPHER_CTX_free(ctx);
|
|
return rc;
|
|
-#endif
|
|
}
|