oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Use EVP for AES

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23558 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2008-08-16 23:02:40 +00:00
parent d9d708753c
commit 72d753aec4
1 changed files with 33 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
lib/krb5/crypto.c
View File

@@ -40,6 +40,11 @@ RCSID("$Id$");
static void krb5_crypto_debug(krb5_context, int, size_t, krb5_keyblock*); static void krb5_crypto_debug(krb5_context, int, size_t, krb5_keyblock*);
#endif #endif
#ifdef HAVE_OPENSSL /* XXX forward decl for hcrypto glue */
const EVP_CIPHER * EVP_hcrypto_aes_128_cts(void);
const EVP_CIPHER * EVP_hcrypto_aes_192_cts(void);
const EVP_CIPHER * EVP_hcrypto_aes_256_cts(void);
#endif
struct key_data { struct key_data {
krb5_keyblock *key; krb5_keyblock *key;
@@ -672,8 +677,8 @@ AES_string_to_key(krb5_context context,
} }
struct krb5_aes_schedule { struct krb5_aes_schedule {
AES_KEY ekey; EVP_CIPHER_CTX ectx;
AES_KEY dkey; EVP_CIPHER_CTX dctx;
}; };
static void static void
@@ -681,11 +686,23 @@ AES_schedule(krb5_context context,
struct key_data *kd) struct key_data *kd)
{ {
struct krb5_aes_schedule *key = kd->schedule->data; struct krb5_aes_schedule *key = kd->schedule->data;
int bits = kd->key->keyvalue.length * 8; const EVP_CIPHER *c;
if (kd->key->keyvalue.length == 16)
c = EVP_hcrypto_aes_128_cts();
else if (kd->key->keyvalue.length == 24)
c = EVP_hcrypto_aes_192_cts();
else if (kd->key->keyvalue.length == 32)
c = EVP_hcrypto_aes_256_cts();
else
abort();
memset(key, 0, sizeof(*key)); memset(key, 0, sizeof(*key));
AES_set_encrypt_key(kd->key->keyvalue.data, bits, &key->ekey); EVP_CIPHER_CTX_init(&key->ectx);
AES_set_decrypt_key(kd->key->keyvalue.data, bits, &key->dkey); EVP_CIPHER_CTX_init(&key->dctx);
EVP_CipherInit_ex(&key->ectx, c, NULL, kd->key->keyvalue.data, NULL, 1);
EVP_CipherInit_ex(&key->dctx, c, NULL, kd->key->keyvalue.data, NULL, 0);
} }
/* /*
@@ -2293,28 +2310,23 @@ AES_CTS_encrypt(krb5_context context,
{ {
struct krb5_aes_schedule *aeskey = key->schedule->data; struct krb5_aes_schedule *aeskey = key->schedule->data;
char local_ivec[AES_BLOCK_SIZE]; char local_ivec[AES_BLOCK_SIZE];
AES_KEY *k; EVP_CIPHER_CTX *k;
if (encryptp) if (encryptp)
k = &aeskey->ekey; k = &aeskey->ectx;
else else
k = &aeskey->dkey; k = &aeskey->dctx;
if (len < AES_BLOCK_SIZE) if(ivec == NULL) {
krb5_abortx(context, "invalid use of AES_CTS_encrypt"); memset(local_ivec, 0, sizeof(local_ivec));
if (len == AES_BLOCK_SIZE) { ivec = local_ivec;
if (encryptp)
AES_encrypt(data, data, k);
else
AES_decrypt(data, data, k);
} else {
if(ivec == NULL) {
memset(local_ivec, 0, sizeof(local_ivec));
ivec = local_ivec;
}
_krb5_aes_cts_encrypt(data, data, len, k, ivec, encryptp);
} }
EVP_CipherInit_ex(k, NULL, NULL, NULL, ivec, -1);
if (EVP_Cipher(k, data, data, len) != 1)
krb5_abortx(context, "EVP_Cipher failed for aes-cts");
return 0; return 0;
} }