Permalink
Browse files

lib/libdmsg: Unbreak using new API EVP_CIPHER_CTX_new()

The upstream OpenSSL no longer publicly expose definition of
EVP_CIPHER_CTX (struct evp_cipher_ctx_st).

Due to this change clients need to have it as a pointer instead
of as a value, and allocate or free EVP_CIPHER_CTX instance by
EVP_CIPHER_CTX_new()/EVP_CIPHER_CTX_free().

openssl/openssl#962 (comment)

Above APIs are available in our OpenSSL too, so we should move
on to use these, otherwise upgrading OpenSSL will break libdmsg
compilation at some point in the future. This also makes it more
portable against systems using newer version of OpenSSL.

Note that this diff is missing EVP_CIPHER_CTX_free() (was not
sure where it should be freed at).
  • Loading branch information...
kusumi committed Jul 8, 2018
1 parent dec3d4e commit e6833c80bc898c2674e180828fe62cd0b53226e7
Showing with 15 additions and 14 deletions.
  1. +14 −13 lib/libdmsg/crypto.c
  2. +1 −1 lib/libdmsg/dmsg.h
View
@@ -114,13 +114,14 @@ dmsg_crypto_gcm_init(dmsg_ioq_t *ioq, char *key, int klen,
dmx_printf(6, "%02x", (unsigned char)iv_fixed[i]);
dmx_printf(6, "%s\n", " (fixed part only)");
EVP_CIPHER_CTX_init(&ioq->ctx);
ioq->ctx = EVP_CIPHER_CTX_new();
EVP_CIPHER_CTX_init(ioq->ctx);
if (enc)
ok = EVP_EncryptInit_ex(&ioq->ctx, EVP_aes_256_gcm(), NULL,
ok = EVP_EncryptInit_ex(ioq->ctx, EVP_aes_256_gcm(), NULL,
key, NULL);
else
ok = EVP_DecryptInit_ex(&ioq->ctx, EVP_aes_256_gcm(), NULL,
ok = EVP_DecryptInit_ex(ioq->ctx, EVP_aes_256_gcm(), NULL,
key, NULL);
if (!ok)
goto fail;
@@ -143,7 +144,7 @@ dmsg_crypto_gcm_init(dmsg_ioq_t *ioq, char *key, int klen,
* With a chunk size of 64 bytes, this adds up to 1 zettabyte of
* traffic.
*/
ok = EVP_CIPHER_CTX_ctrl(&ioq->ctx, EVP_CTRL_GCM_SET_IVLEN,
ok = EVP_CIPHER_CTX_ctrl(ioq->ctx, EVP_CTRL_GCM_SET_IVLEN,
DMSG_CRYPTO_GCM_IV_SIZE, NULL);
if (!ok)
goto fail;
@@ -159,7 +160,7 @@ dmsg_crypto_gcm_init(dmsg_ioq_t *ioq, char *key, int klen,
* as GCM, will cause an error in _finish if the pt/ct size is not
* a multiple of the cipher block size.
*/
EVP_CIPHER_CTX_set_padding(&ioq->ctx, 0);
EVP_CIPHER_CTX_set_padding(ioq->ctx, 0);
return 0;
@@ -203,22 +204,22 @@ dmsg_crypto_gcm_encrypt_chunk(dmsg_ioq_t *ioq, char *ct, char *pt,
*out_size = 0;
/* Re-initialize with new IV (but without redoing the key schedule) */
ok = EVP_EncryptInit_ex(&ioq->ctx, NULL, NULL, NULL, ioq->iv);
ok = EVP_EncryptInit_ex(ioq->ctx, NULL, NULL, NULL, ioq->iv);
if (!ok)
goto fail;
u_len = 0; /* safety */
ok = EVP_EncryptUpdate(&ioq->ctx, ct, &u_len, pt, in_size);
ok = EVP_EncryptUpdate(ioq->ctx, ct, &u_len, pt, in_size);
if (!ok)
goto fail;
f_len = 0; /* safety */
ok = EVP_EncryptFinal(&ioq->ctx, ct + u_len, &f_len);
ok = EVP_EncryptFinal(ioq->ctx, ct + u_len, &f_len);
if (!ok)
goto fail;
/* Retrieve auth tag */
ok = EVP_CIPHER_CTX_ctrl(&ioq->ctx, EVP_CTRL_GCM_GET_TAG,
ok = EVP_CIPHER_CTX_ctrl(ioq->ctx, EVP_CTRL_GCM_GET_TAG,
DMSG_CRYPTO_GCM_TAG_SIZE,
ct + u_len + f_len);
if (!ok)
@@ -252,25 +253,25 @@ dmsg_crypto_gcm_decrypt_chunk(dmsg_ioq_t *ioq, char *ct, char *pt,
*consume_size = 0;
/* Re-initialize with new IV (but without redoing the key schedule) */
ok = EVP_DecryptInit_ex(&ioq->ctx, NULL, NULL, NULL, ioq->iv);
ok = EVP_DecryptInit_ex(ioq->ctx, NULL, NULL, NULL, ioq->iv);
if (!ok) {
ioq->error = DMSG_IOQ_ERROR_ALGO;
goto fail_out;
}
ok = EVP_CIPHER_CTX_ctrl(&ioq->ctx, EVP_CTRL_GCM_SET_TAG,
ok = EVP_CIPHER_CTX_ctrl(ioq->ctx, EVP_CTRL_GCM_SET_TAG,
DMSG_CRYPTO_GCM_TAG_SIZE,
ct + out_size);
if (!ok) {
ioq->error = DMSG_IOQ_ERROR_ALGO;
goto fail_out;
}
ok = EVP_DecryptUpdate(&ioq->ctx, pt, &u_len, ct, out_size);
ok = EVP_DecryptUpdate(ioq->ctx, pt, &u_len, ct, out_size);
if (!ok)
goto fail;
ok = EVP_DecryptFinal(&ioq->ctx, pt + u_len, &f_len);
ok = EVP_DecryptFinal(ioq->ctx, pt + u_len, &f_len);
if (!ok)
goto fail;
View
@@ -251,7 +251,7 @@ struct dmsg_ioq {
int error;
int seq; /* salt sequencer */
int msgcount;
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx;
char iv[DMSG_MAX_IV_SIZE]; /* encrypt or decrypt iv[] */
dmsg_msg_t *msg;
dmsg_msg_queue_t msgq;

0 comments on commit e6833c8

Please sign in to comment.