diff options
author | Dmitry Eremin-Solenikov <deremin-solenikov@cavium.com> | 2019-04-06 12:28:30 +0300 |
---|---|---|
committer | Matias Elo <matias.elo@nokia.com> | 2019-04-16 08:42:13 +0300 |
commit | b3cacf62c188e2d2696bb6993a9328127274b9b0 (patch) | |
tree | 70a121a23ca8f203d203b72d6de2a8a5cf1a1709 | |
parent | 6811aabac773f935d5eedcd7d781eeb3cf06056f (diff) |
linux-gen: crypto: fix AES-GMAC with OpenSSL 1.1.1b
OpenSSL 1.1.1b (and master branches) have changed semantics of
EVP_En/Decrypt operations by diallowing now to call EVP_Decrypt on the
context initialized with EVP_EncryptInit_ex (which was allowed before).
Fix this by calling corresponding function for data processing.
Signed-off-by: Dmitry Eremin-Solenikov <deremin-solenikov@cavium.com>
Reviewed-by: Matias Elo <matias.elo@nokia.com>
-rw-r--r-- | platform/linux-generic/odp_crypto_openssl.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/platform/linux-generic/odp_crypto_openssl.c b/platform/linux-generic/odp_crypto_openssl.c index 7507f1aa8..b7cce4a39 100644 --- a/platform/linux-generic/odp_crypto_openssl.c +++ b/platform/linux-generic/odp_crypto_openssl.c @@ -621,7 +621,8 @@ odp_crypto_alg_err_t auth_cmac_check(odp_packet_t pkt, static int internal_aad(EVP_CIPHER_CTX *ctx, odp_packet_t pkt, - const odp_crypto_packet_op_param_t *param) + const odp_crypto_packet_op_param_t *param, + odp_bool_t encrypt) { uint32_t offset = param->auth_range.offset; uint32_t len = param->auth_range.length; @@ -635,12 +636,18 @@ int internal_aad(EVP_CIPHER_CTX *ctx, void *mapaddr = odp_packet_offset(pkt, offset, &seglen, NULL); uint32_t maclen = len > seglen ? seglen : len; - EVP_EncryptUpdate(ctx, NULL, &dummy_len, mapaddr, maclen); + if (encrypt) + EVP_EncryptUpdate(ctx, NULL, &dummy_len, mapaddr, maclen); + else + EVP_DecryptUpdate(ctx, NULL, &dummy_len, mapaddr, maclen); offset += maclen; len -= maclen; } - ret = EVP_EncryptFinal_ex(ctx, NULL, &dummy_len); + if (encrypt) + ret = EVP_EncryptFinal_ex(ctx, NULL, &dummy_len); + else + ret = EVP_DecryptFinal_ex(ctx, NULL, &dummy_len); return ret; } @@ -1019,7 +1026,7 @@ odp_crypto_alg_err_t aes_gmac_gen(odp_packet_t pkt, EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); - ret = internal_aad(ctx, pkt, param); + ret = internal_aad(ctx, pkt, param, true); EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, session->p.auth_digest_len, block); @@ -1068,7 +1075,7 @@ odp_crypto_alg_err_t aes_gmac_check(odp_packet_t pkt, _odp_packet_set_data(pkt, param->hash_result_offset, 0, session->p.auth_digest_len); - ret = internal_aad(ctx, pkt, param); + ret = internal_aad(ctx, pkt, param, false); return ret <= 0 ? ODP_CRYPTO_ALG_ERR_ICV_CHECK : ODP_CRYPTO_ALG_ERR_NONE; |