From 34adffffdb13b88c5117c27f6785c0184f9179a1 Mon Sep 17 00:00:00 2001 From: Konrad Lipinski Date: Wed, 29 May 2019 15:47:48 +0200 Subject: Migrate to openssl 1.1 Change-Id: I43ac640debc91648e0d314e90f4c9b42ef0bf5a3 --- CMakeLists.txt | 2 +- packaging/libwebappenc.spec | 2 +- srcs/crypto_service.c | 15 --------------- srcs/decrypt_migrated_wgt.c | 22 ++++++++++++---------- 4 files changed, 14 insertions(+), 27 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 2d1f806..0bca399 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -71,7 +71,7 @@ CONFIGURE_FILE(packaging/lib${PROJECT_NAME}.manifest.in lib${PROJECT_NAME}.manif CONFIGURE_FILE(packaging/lib${PROJECT_NAME}-test.manifest.in lib${PROJECT_NAME}-test.manifest @ONLY) ################# common configurations for srcs and test ###################### -SET(DEPENDENTS "openssl dlog key-manager libtzplatform-config") +SET(DEPENDENTS "openssl1.1 dlog key-manager libtzplatform-config") PKG_CHECK_MODULES(WEB_APP_ENC_DEPS REQUIRED ${DEPENDENTS} diff --git a/packaging/libwebappenc.spec b/packaging/libwebappenc.spec index 8b0bea6..de8dd70 100644 --- a/packaging/libwebappenc.spec +++ b/packaging/libwebappenc.spec @@ -11,7 +11,7 @@ Requires(postun): /sbin/ldconfig BuildRequires: cmake BuildRequires: pkgconfig(dlog) -BuildRequires: pkgconfig(openssl) +BuildRequires: pkgconfig(openssl1.1) BuildRequires: pkgconfig(key-manager) BuildRequires: pkgconfig(libtzplatform-config) diff --git a/srcs/crypto_service.c b/srcs/crypto_service.c index dcc172e..a5a91f9 100644 --- a/srcs/crypto_service.c +++ b/srcs/crypto_service.c @@ -41,17 +41,6 @@ crypto_element_s *dek_kek = NULL; -static bool __initialized = false; - -void _initialize() -{ - if (!__initialized) { - ERR_load_crypto_strings(); - OpenSSL_add_all_algorithms(); - __initialized = true; - } -} - int _generate_dek_kek() { int ret = WAE_ERROR_NONE; @@ -131,8 +120,6 @@ int encrypt_aes_cbc(const crypto_element_s *ce, const raw_buffer_s *data, raw_buffer_s *encrypted_data = NULL; int ret = WAE_ERROR_NONE; - _initialize(); - WAE_SLOGI("Encryption Started. size=%zu", data->size); /* check input paramter */ @@ -215,8 +202,6 @@ int decrypt_aes_cbc(const crypto_element_s *ce, const raw_buffer_s *encrypted_da raw_buffer_s *data = NULL; int ret = WAE_ERROR_NONE; - _initialize(); - WAE_SLOGI("Decryption Started. size=%zu", encrypted_data->size); /* check input paramter */ diff --git a/srcs/decrypt_migrated_wgt.c b/srcs/decrypt_migrated_wgt.c index 6dbc627..8d4bc29 100644 --- a/srcs/decrypt_migrated_wgt.c +++ b/srcs/decrypt_migrated_wgt.c @@ -113,34 +113,36 @@ static int _decrypt(const crypto_element_s *ce, const raw_buffer_s *data, int in_len = data->size; int out_len = 0; int final_len = 0; + int ret = WAE_ERROR_NONE; raw_buffer_s *decrypted = buffer_create( - (in_len / algo->block_size + 1) * algo->block_size); + (in_len / EVP_CIPHER_block_size(algo) + 1) * EVP_CIPHER_block_size(algo)); if (decrypted == NULL) return WAE_ERROR_MEMORY; - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - - int ret = WAE_ERROR_NONE; + EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); + if (!ctx) { + ret = WAE_ERROR_MEMORY; + goto error; + } - if (EVP_CipherInit(&ctx, algo, ce->dek->buf, ce->iv->buf, 0) != 1) { + if (EVP_CipherInit(ctx, algo, ce->dek->buf, ce->iv->buf, 0) != 1) { ret = WAE_ERROR_CRYPTO; goto error; } - if (EVP_CIPHER_CTX_set_padding(&ctx, 1) != 1) { + if (EVP_CIPHER_CTX_set_padding(ctx, 1) != 1) { ret = WAE_ERROR_CRYPTO; goto error; } - if (EVP_CipherUpdate(&ctx, decrypted->buf, &out_len, data->buf, in_len) != 1) { + if (EVP_CipherUpdate(ctx, decrypted->buf, &out_len, data->buf, in_len) != 1) { ret = WAE_ERROR_CRYPTO; goto error; } - if (EVP_CipherFinal(&ctx, decrypted->buf + out_len, &final_len) != 1) { + if (EVP_CipherFinal(ctx, decrypted->buf + out_len, &final_len) != 1) { ret = WAE_ERROR_CRYPTO; goto error; } @@ -150,7 +152,7 @@ static int _decrypt(const crypto_element_s *ce, const raw_buffer_s *data, *pdecrypted = decrypted; error: - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_free(ctx); if (ret != WAE_ERROR_NONE) buffer_destroy(decrypted); -- cgit v1.2.3