From: Eugene Crosser <crosser@average.org>
Date: Thu, 31 Oct 2013 08:19:44 +0000 (+0400)
Subject: use ssl aes directly
X-Git-Url: http://www.average.org/gitweb/?p=pam_pcsc_cr.git;a=commitdiff_plain;h=3a6f66a41cbe4e700bf244a3a734536752126620;hp=724570ad4aaaa5eb67fe0e808d638321d522eba7

use ssl aes directly
---

diff --git a/ossl_crypto.c b/ossl_crypto.c
index 4b475a4..b1f3aec 100644
--- a/ossl_crypto.c
+++ b/ossl_crypto.c
@@ -2,8 +2,8 @@
 # include "config.h"
 #endif
 #include <openssl/err.h>
+#include <openssl/aes.h>
 #include <openssl/sha.h>
-#include <openssl/evp.h>
 #include <openssl/hmac.h>
 
 #include "crypto_if.h"
@@ -17,46 +17,22 @@ static const char *ossl_init(void)
 static unsigned long ossl_encrypt(void *key, int keylen, void *iv,
 			void *pt, void *ct, int tlen)
 {
-	EVP_CIPHER_CTX ctx;
-	int outlen1, outlen2;
-	unsigned char hkey[16];
+	AES_KEY akey;
 
-	if (EVP_BytesToKey(EVP_aes_128_cbc(), EVP_sha1(),
-			NULL, key, keylen, 5, hkey, NULL) != 16) return 1UL;
-	if (!EVP_EncryptInit(&ctx, EVP_aes_128_cbc(), hkey, iv))
+	if (AES_set_encrypt_key(key, keylen*8, &akey))
 		return ERR_get_error();
-	if (!EVP_EncryptUpdate(&ctx, ct, &outlen1, pt, tlen))
-		return ERR_get_error();
-	if (!EVP_EncryptFinal(&ctx, ct + outlen1, &outlen2))
-		return ERR_get_error();
-	if (outlen1 + outlen2 != tlen) {
-		printf("enc tlen =%d outlen1=%d outlen2=%d\n",
-			tlen, outlen1, outlen2);
-		// return 1UL;
-	}
+	AES_cbc_encrypt(pt, ct, tlen, &akey, iv, AES_ENCRYPT);
 	return 0UL;
 }
 
 static unsigned long ossl_decrypt(void *key, int keylen, void *iv,
 			void *ct, void *pt, int tlen)
 {
-	EVP_CIPHER_CTX ctx;
-	int outlen1, outlen2;
-	unsigned char hkey[16];
+	AES_KEY akey;
 
-	if (EVP_BytesToKey(EVP_aes_128_cbc(), EVP_sha1(),
-			NULL, key, keylen, 5, hkey, NULL) != 16) return 1UL;
-	if (!EVP_DecryptInit(&ctx, EVP_aes_128_cbc(), hkey, iv))
-		return ERR_get_error();
-	if (!EVP_DecryptUpdate(&ctx, ct, &outlen1, pt, tlen))
-		return ERR_get_error();
-	if (!EVP_DecryptFinal(&ctx, ct + outlen1, &outlen2))
+	if (AES_set_decrypt_key(key, keylen*8, &akey))
 		return ERR_get_error();
-	if (outlen1 + outlen2 != tlen) {
-		printf("dec tlen =%d outlen1=%d outlen2=%d\n",
-			tlen, outlen1, outlen2);
-		// return 1UL;
-	}
+	AES_cbc_encrypt(ct, pt, tlen, &akey, iv, AES_DECRYPT);
 	return 0UL;
 }
 
@@ -67,7 +43,7 @@ static unsigned long ossl_hash(void *pt, int tlen, void *tag, int *taglen)
 	if (!SHA1_Init(&sctx)) return ERR_get_error();
 	if (!SHA1_Update(&sctx, pt, tlen)) return ERR_get_error();
 	if (!SHA1_Final(tag, &sctx)) return ERR_get_error();
-	*taglen = 20;
+	*taglen = SHA_DIGEST_LENGTH;
 	return 0UL;
 }