X-Git-Url: http://www.average.org/gitweb/?p=pam_pcsc_cr.git;a=blobdiff_plain;f=ossl_crypto.c;h=51594d3ddddf364e7384aa4e596ea600de3269c5;hp=a7fc515b5db6f5642c77fd756f8f28d7d286799f;hb=ec614a7e3bc846cf9d3477303901759609c8f12f;hpb=740b870a7a4d1936991d856f5427e4c10c2c849a diff --git a/ossl_crypto.c b/ossl_crypto.c index a7fc515..51594d3 100644 --- a/ossl_crypto.c +++ b/ossl_crypto.c @@ -1,45 +1,38 @@ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif #include +#include #include -#include #include #include "crypto_if.h" +static const char *ossl_init(void) +{ + ERR_load_crypto_strings(); + return "openssl"; +} + static unsigned long ossl_encrypt(void *key, int keylen, void *iv, void *pt, void *ct, int tlen) { - EVP_CIPHER_CTX ctx; - int outlen1, outlen2; - unsigned char hkey[16]; + AES_KEY akey; - if (EVP_BytesToKey(EVP_aes_128_cbc(), EVP_sha1(), - NULL, key, keylen, 5, hkey, NULL) != 16) return 1UL; - if (!EVP_EncryptInit(&ctx, EVP_aes_128_cbc(), hkey, iv)) - return ERR_get_error(); - if (!EVP_EncryptUpdate(&ctx, ct, &outlen1, pt, tlen)) - return ERR_get_error(); - if (!EVP_EncryptFinal(&ctx, ct + outlen1, &outlen2)) + if (AES_set_encrypt_key(key, keylen*8, &akey)) return ERR_get_error(); - if (outlen1 + outlen2 != tlen) return 1UL; + AES_cbc_encrypt(pt, ct, tlen, &akey, iv, AES_ENCRYPT); return 0UL; } static unsigned long ossl_decrypt(void *key, int keylen, void *iv, void *ct, void *pt, int tlen) { - EVP_CIPHER_CTX ctx; - int outlen1, outlen2; - unsigned char hkey[16]; + AES_KEY akey; - if (EVP_BytesToKey(EVP_aes_128_cbc(), EVP_sha1(), - NULL, key, keylen, 5, hkey, NULL) != 16) return 1UL; - if (!EVP_DecryptInit(&ctx, EVP_aes_128_cbc(), hkey, iv)) + if (AES_set_decrypt_key(key, keylen*8, &akey)) return ERR_get_error(); - if (!EVP_DecryptUpdate(&ctx, ct, &outlen1, pt, tlen)) - return ERR_get_error(); - if (!EVP_DecryptFinal(&ctx, ct + outlen1, &outlen2)) - return ERR_get_error(); - if (outlen1 + outlen2 != tlen) return 1UL; + AES_cbc_encrypt(ct, pt, tlen, &akey, iv, AES_DECRYPT); return 0UL; } @@ -50,21 +43,28 @@ static unsigned long ossl_hash(void *pt, int tlen, void *tag, int *taglen) if (!SHA1_Init(&sctx)) return ERR_get_error(); if (!SHA1_Update(&sctx, pt, tlen)) return ERR_get_error(); if (!SHA1_Final(tag, &sctx)) return ERR_get_error(); - *taglen = 160; + *taglen = SHA_DIGEST_LENGTH; return 0UL; } -static unsigned long ossl_hmac(void *pt, int tlen, void *key, int keylen, +static unsigned long ossl_hmac(void *key, int keylen, void *pt, int tlen, void *tag, int *taglen) { +#if 1 HMAC_CTX hctx; HMAC_CTX_init(&hctx); - if (!HMAC_Init(&hctx, key, keylen, EVP_sha1())) return ERR_get_error(); + if (!HMAC_Init_ex(&hctx, key, keylen, EVP_sha1(), NULL)) + return ERR_get_error(); if (!HMAC_Update(&hctx, pt, tlen)) return ERR_get_error(); if (!HMAC_Final(&hctx, tag, (unsigned int *)taglen)) return ERR_get_error(); HMAC_CTX_cleanup(&hctx); +#else + if (HMAC(EVP_sha1(), key, keylen, pt, tlen, + tag, (unsigned int *)taglen) != tag) + return ERR_get_error(); +#endif return 0UL; } @@ -74,7 +74,7 @@ static const char *ossl_errstr(unsigned long err) } struct crypto_interface ossl_crypto_if = { - .name = "openssl", + .init = ossl_init, .encrypt = ossl_encrypt, .decrypt = ossl_decrypt, .hash = ossl_hash,