aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDmitry Eremin-Solenikov <deremin-solenikov@cavium.com>2019-04-06 12:28:30 +0300
committerMatias Elo <matias.elo@nokia.com>2019-04-16 08:42:13 +0300
commitb3cacf62c188e2d2696bb6993a9328127274b9b0 (patch)
tree70a121a23ca8f203d203b72d6de2a8a5cf1a1709
parent6811aabac773f935d5eedcd7d781eeb3cf06056f (diff)
downloadodp-b3cacf62c188e2d2696bb6993a9328127274b9b0.tar.gz
linux-gen: crypto: fix AES-GMAC with OpenSSL 1.1.1b
OpenSSL 1.1.1b (and master branches) have changed semantics of EVP_En/Decrypt operations by diallowing now to call EVP_Decrypt on the context initialized with EVP_EncryptInit_ex (which was allowed before). Fix this by calling corresponding function for data processing. Signed-off-by: Dmitry Eremin-Solenikov <deremin-solenikov@cavium.com> Reviewed-by: Matias Elo <matias.elo@nokia.com>
-rw-r--r--platform/linux-generic/odp_crypto_openssl.c17
1 files changed, 12 insertions, 5 deletions
diff --git a/platform/linux-generic/odp_crypto_openssl.c b/platform/linux-generic/odp_crypto_openssl.c
index 7507f1aa8..b7cce4a39 100644
--- a/platform/linux-generic/odp_crypto_openssl.c
+++ b/platform/linux-generic/odp_crypto_openssl.c
@@ -621,7 +621,8 @@ odp_crypto_alg_err_t auth_cmac_check(odp_packet_t pkt,
static
int internal_aad(EVP_CIPHER_CTX *ctx,
odp_packet_t pkt,
- const odp_crypto_packet_op_param_t *param)
+ const odp_crypto_packet_op_param_t *param,
+ odp_bool_t encrypt)
{
uint32_t offset = param->auth_range.offset;
uint32_t len = param->auth_range.length;
@@ -635,12 +636,18 @@ int internal_aad(EVP_CIPHER_CTX *ctx,
void *mapaddr = odp_packet_offset(pkt, offset, &seglen, NULL);
uint32_t maclen = len > seglen ? seglen : len;
- EVP_EncryptUpdate(ctx, NULL, &dummy_len, mapaddr, maclen);
+ if (encrypt)
+ EVP_EncryptUpdate(ctx, NULL, &dummy_len, mapaddr, maclen);
+ else
+ EVP_DecryptUpdate(ctx, NULL, &dummy_len, mapaddr, maclen);
offset += maclen;
len -= maclen;
}
- ret = EVP_EncryptFinal_ex(ctx, NULL, &dummy_len);
+ if (encrypt)
+ ret = EVP_EncryptFinal_ex(ctx, NULL, &dummy_len);
+ else
+ ret = EVP_DecryptFinal_ex(ctx, NULL, &dummy_len);
return ret;
}
@@ -1019,7 +1026,7 @@ odp_crypto_alg_err_t aes_gmac_gen(odp_packet_t pkt,
EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
- ret = internal_aad(ctx, pkt, param);
+ ret = internal_aad(ctx, pkt, param, true);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG,
session->p.auth_digest_len, block);
@@ -1068,7 +1075,7 @@ odp_crypto_alg_err_t aes_gmac_check(odp_packet_t pkt,
_odp_packet_set_data(pkt, param->hash_result_offset,
0, session->p.auth_digest_len);
- ret = internal_aad(ctx, pkt, param);
+ ret = internal_aad(ctx, pkt, param, false);
return ret <= 0 ? ODP_CRYPTO_ALG_ERR_ICV_CHECK :
ODP_CRYPTO_ALG_ERR_NONE;