Migrate to openssl 1.1

author Konrad Lipinski <k.lipinski2@partner.samsung.com>

Wed, 29 May 2019 13:47:48 +0000 (15:47 +0200)

committer Dariusz Michaluk <d.michaluk@samsung.com>

Mon, 8 Jul 2019 11:46:09 +0000 (13:46 +0200)
author Konrad Lipinski <k.lipinski2@partner.samsung.com>
Wed, 29 May 2019 13:47:48 +0000 (15:47 +0200)
committer Dariusz Michaluk <d.michaluk@samsung.com>
Mon, 8 Jul 2019 11:46:09 +0000 (13:46 +0200)
diff --git a/CMakeLists.txt b/CMakeLists.txt

index 2d1f806..0bca399 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -71,7 +71,7 @@ CONFIGURE_FILE(packaging/lib${PROJECT_NAME}.manifest.in lib${PROJECT_NAME}.manif
  CONFIGURE_FILE(packaging/lib${PROJECT_NAME}-test.manifest.in lib${PROJECT_NAME}-test.manifest @ONLY)
  
  ################# common configurations for srcs and test ######################
-SET(DEPENDENTS "openssl dlog key-manager libtzplatform-config")
+SET(DEPENDENTS "openssl1.1 dlog key-manager libtzplatform-config")
  PKG_CHECK_MODULES(WEB_APP_ENC_DEPS
         REQUIRED
         ${DEPENDENTS}
diff --git a/packaging/libwebappenc.spec b/packaging/libwebappenc.spec

index 8b0bea6..de8dd70 100644 (file)
--- a/packaging/libwebappenc.spec
+++ b/packaging/libwebappenc.spec
@@ -11,7 +11,7 @@ Requires(postun): /sbin/ldconfig
  
  BuildRequires: cmake
  BuildRequires: pkgconfig(dlog)
-BuildRequires: pkgconfig(openssl)
+BuildRequires: pkgconfig(openssl1.1)
  BuildRequires: pkgconfig(key-manager)
  BuildRequires: pkgconfig(libtzplatform-config)
  
diff --git a/srcs/crypto_service.c b/srcs/crypto_service.c

index dcc172e..a5a91f9 100644 (file)
--- a/srcs/crypto_service.c
+++ b/srcs/crypto_service.c
@@ -41,17 +41,6 @@
  
  crypto_element_s *dek_kek = NULL;
  
-static bool __initialized = false;
-
-void _initialize()
-{
-       if (!__initialized) {
-               ERR_load_crypto_strings();
-               OpenSSL_add_all_algorithms();
-               __initialized = true;
-       }
-}
-
  int _generate_dek_kek()
  {
         int ret = WAE_ERROR_NONE;
@@ -131,8 +120,6 @@ int encrypt_aes_cbc(const crypto_element_s *ce, const raw_buffer_s *data,
         raw_buffer_s *encrypted_data = NULL;
         int ret = WAE_ERROR_NONE;
  
-       _initialize();
-
         WAE_SLOGI("Encryption Started. size=%zu", data->size);
  
         /* check input paramter */
@@ -215,8 +202,6 @@ int decrypt_aes_cbc(const crypto_element_s *ce, const raw_buffer_s *encrypted_da
         raw_buffer_s *data = NULL;
         int ret = WAE_ERROR_NONE;
  
-       _initialize();
-
         WAE_SLOGI("Decryption Started. size=%zu", encrypted_data->size);
  
         /* check input paramter */
diff --git a/srcs/decrypt_migrated_wgt.c b/srcs/decrypt_migrated_wgt.c

index 6dbc627..8d4bc29 100644 (file)
--- a/srcs/decrypt_migrated_wgt.c
+++ b/srcs/decrypt_migrated_wgt.c
@@ -113,34 +113,36 @@ static int _decrypt(const crypto_element_s *ce, const raw_buffer_s *data,
         int in_len = data->size;
         int out_len = 0;
         int final_len = 0;
+       int ret = WAE_ERROR_NONE;
  
         raw_buffer_s *decrypted = buffer_create(
-                       (in_len / algo->block_size + 1) * algo->block_size);
+                       (in_len / EVP_CIPHER_block_size(algo) + 1) * EVP_CIPHER_block_size(algo));
  
         if (decrypted == NULL)
                 return WAE_ERROR_MEMORY;
  
-       EVP_CIPHER_CTX ctx;
-       EVP_CIPHER_CTX_init(&ctx);
-
-       int ret = WAE_ERROR_NONE;
+       EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+       if (!ctx) {
+               ret = WAE_ERROR_MEMORY;
+               goto error;
+       }
  
-       if (EVP_CipherInit(&ctx, algo, ce->dek->buf, ce->iv->buf, 0) != 1) {
+       if (EVP_CipherInit(ctx, algo, ce->dek->buf, ce->iv->buf, 0) != 1) {
                 ret = WAE_ERROR_CRYPTO;
                 goto error;
         }
  
-       if (EVP_CIPHER_CTX_set_padding(&ctx, 1) != 1) {
+       if (EVP_CIPHER_CTX_set_padding(ctx, 1) != 1) {
                 ret = WAE_ERROR_CRYPTO;
                 goto error;
         }
  
-       if (EVP_CipherUpdate(&ctx, decrypted->buf, &out_len, data->buf, in_len) != 1) {
+       if (EVP_CipherUpdate(ctx, decrypted->buf, &out_len, data->buf, in_len) != 1) {
                 ret = WAE_ERROR_CRYPTO;
                 goto error;
         }
  
-       if (EVP_CipherFinal(&ctx, decrypted->buf + out_len, &final_len) != 1) {
+       if (EVP_CipherFinal(ctx, decrypted->buf + out_len, &final_len) != 1) {
                 ret = WAE_ERROR_CRYPTO;
                 goto error;
         }
@@ -150,7 +152,7 @@ static int _decrypt(const crypto_element_s *ce, const raw_buffer_s *data,
         *pdecrypted = decrypted;
  
  error:
-       EVP_CIPHER_CTX_cleanup(&ctx);
+       EVP_CIPHER_CTX_free(ctx);
  
         if (ret != WAE_ERROR_NONE)
                 buffer_destroy(decrypted);
author	Konrad Lipinski <k.lipinski2@partner.samsung.com>
	Wed, 29 May 2019 13:47:48 +0000 (15:47 +0200)
committer	Dariusz Michaluk <d.michaluk@samsung.com>
	Mon, 8 Jul 2019 11:46:09 +0000 (13:46 +0200)
CMakeLists.txt		patch \| blob \| history
packaging/libwebappenc.spec		patch \| blob \| history
srcs/crypto_service.c		patch \| blob \| history
srcs/decrypt_migrated_wgt.c		patch \| blob \| history