|
 |
76b11c |
From 2aab18117a2b078dd0eb366f3766a1fef06da695 Mon Sep 17 00:00:00 2001
|
|
|
76b11c |
From: Tomas Korbar <tkorbar@redhat.com>
|
|
|
76b11c |
Date: Fri, 25 Jun 2021 11:55:46 +0200
|
|
|
76b11c |
Subject: [PATCH 1/7] Add possibility to use libcrypto for encryption
|
|
|
76b11c |
|
|
|
76b11c |
---
|
|
|
76b11c |
include/libhashkit-1.0/hashkit.h | 4 +-
|
|
|
76b11c |
src/libhashkit/CMakeLists.txt | 9 +++
|
|
|
76b11c |
src/libhashkit/aes.cc | 121 +++++++++++++++++++++++++++++--
|
|
|
76b11c |
src/libhashkit/aes.h | 22 ++++++
|
|
|
76b11c |
src/libhashkit/encrypt.cc | 42 +++++++++--
|
|
|
76b11c |
src/libhashkit/hashkit.cc | 43 +++++++++--
|
|
|
76b11c |
src/libhashkit/rijndael.hpp | 2 +-
|
|
|
76b11c |
src/libmemcached/is.h | 2 +-
|
|
|
76b11c |
8 files changed, 225 insertions(+), 20 deletions(-)
|
|
|
76b11c |
|
|
|
76b11c |
diff --git a/include/libhashkit-1.0/hashkit.h b/include/libhashkit-1.0/hashkit.h
|
|
|
76b11c |
index a05eb5f8..0f67e377 100644
|
|
|
76b11c |
--- a/include/libhashkit-1.0/hashkit.h
|
|
|
76b11c |
+++ b/include/libhashkit-1.0/hashkit.h
|
|
|
76b11c |
@@ -49,7 +49,7 @@ struct hashkit_st {
|
|
|
76b11c |
bool is_allocated : 1;
|
|
|
76b11c |
} options;
|
|
|
76b11c |
|
|
|
76b11c |
- void *_key;
|
|
|
76b11c |
+ void *_cryptographic_context;
|
|
|
76b11c |
};
|
|
|
76b11c |
|
|
|
76b11c |
#ifdef __cplusplus
|
|
|
76b11c |
@@ -75,7 +75,7 @@ HASHKIT_API
|
|
|
76b11c |
hashkit_string_st *hashkit_decrypt(hashkit_st *, const char *source, size_t source_length);
|
|
|
76b11c |
|
|
|
76b11c |
HASHKIT_API
|
|
|
76b11c |
-bool hashkit_key(hashkit_st *, const char *key, const size_t key_length);
|
|
|
76b11c |
+bool hashkit_key(hashkit_st *kit, const char *key, const size_t key_length);
|
|
|
76b11c |
|
|
|
76b11c |
#ifdef __cplusplus
|
|
|
76b11c |
} // extern "C"
|
|
|
76b11c |
diff --git a/src/libhashkit/CMakeLists.txt b/src/libhashkit/CMakeLists.txt
|
|
|
76b11c |
index 355afabb..d0e03d15 100644
|
|
|
76b11c |
--- a/src/libhashkit/CMakeLists.txt
|
|
|
76b11c |
+++ b/src/libhashkit/CMakeLists.txt
|
|
|
76b11c |
@@ -39,6 +39,15 @@ target_include_directories(libhashkit PUBLIC
|
|
|
76b11c |
$<BUILD_INTERFACE:${CMAKE_SOURCE_DIR}/include>
|
|
|
76b11c |
$<BUILD_INTERFACE:${CMAKE_BINARY_DIR}/include>
|
|
|
76b11c |
$<INSTALL_INTERFACE:include>)
|
|
|
76b11c |
+
|
|
|
76b11c |
+find_package(OpenSSL)
|
|
|
76b11c |
+if(NOT OPENSSL_FOUND)
|
|
|
76b11c |
+ message(WARNING "crypto library not found")
|
|
|
76b11c |
+else()
|
|
|
76b11c |
+ add_compile_definitions(WITH_OPENSSL)
|
|
|
76b11c |
+ target_link_libraries(libhashkit PUBLIC OpenSSL::Crypto)
|
|
|
76b11c |
+endif()
|
|
|
76b11c |
+
|
|
|
76b11c |
configure_file(hashkitcon.h.in hashkitcon.h @ONLY)
|
|
|
76b11c |
|
|
|
76b11c |
install(TARGETS libhashkit EXPORT libhashkit-targets
|
|
|
76b11c |
diff --git a/src/libhashkit/aes.cc b/src/libhashkit/aes.cc
|
|
|
76b11c |
index 0b2f73d8..d4fdad5a 100644
|
|
|
76b11c |
--- a/src/libhashkit/aes.cc
|
|
|
76b11c |
+++ b/src/libhashkit/aes.cc
|
|
|
76b11c |
@@ -15,12 +15,122 @@
|
|
|
76b11c |
|
|
|
76b11c |
#include "libhashkit/common.h"
|
|
|
76b11c |
|
|
|
76b11c |
-#include "libhashkit/rijndael.hpp"
|
|
|
76b11c |
-
|
|
|
76b11c |
#include <cstring>
|
|
|
76b11c |
|
|
|
76b11c |
-#define AES_KEY_LENGTH 256 /* 128, 192, 256 */
|
|
|
76b11c |
-#define AES_BLOCK_SIZE 16
|
|
|
76b11c |
+#ifdef WITH_OPENSSL
|
|
|
76b11c |
+
|
|
|
76b11c |
+#include <openssl/evp.h>
|
|
|
76b11c |
+
|
|
|
76b11c |
+#define DIGEST_ROUNDS 5
|
|
|
76b11c |
+
|
|
|
76b11c |
+#define AES_KEY_NBYTES 32
|
|
|
76b11c |
+#define AES_IV_NBYTES 32
|
|
|
76b11c |
+
|
|
|
76b11c |
+bool aes_initialize(const unsigned char *key, const size_t key_length,
|
|
|
76b11c |
+ encryption_context_t *crypto_context) {
|
|
|
76b11c |
+ unsigned char aes_key[AES_KEY_NBYTES];
|
|
|
76b11c |
+ unsigned char aes_iv[AES_IV_NBYTES];
|
|
|
76b11c |
+ if (aes_key == NULL || aes_iv == NULL) {
|
|
|
76b11c |
+ return false;
|
|
|
76b11c |
+ }
|
|
|
76b11c |
+
|
|
|
76b11c |
+ int i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha256(), NULL, key, key_length, DIGEST_ROUNDS,
|
|
|
76b11c |
+ aes_key, aes_iv);
|
|
|
76b11c |
+ if (i != AES_KEY_NBYTES) {
|
|
|
76b11c |
+ return false;
|
|
|
76b11c |
+ }
|
|
|
76b11c |
+
|
|
|
76b11c |
+ EVP_CIPHER_CTX_init(crypto_context->encryption_context);
|
|
|
76b11c |
+ EVP_CIPHER_CTX_init(crypto_context->decryption_context);
|
|
|
76b11c |
+ if (EVP_EncryptInit_ex(crypto_context->encryption_context, EVP_aes_256_cbc(), NULL, key, aes_iv)
|
|
|
76b11c |
+ != 1
|
|
|
76b11c |
+ || EVP_DecryptInit_ex(crypto_context->decryption_context, EVP_aes_256_cbc(), NULL, key,
|
|
|
76b11c |
+ aes_iv)
|
|
|
76b11c |
+ != 1)
|
|
|
76b11c |
+ {
|
|
|
76b11c |
+ return false;
|
|
|
76b11c |
+ }
|
|
|
76b11c |
+ return true;
|
|
|
76b11c |
+}
|
|
|
76b11c |
+
|
|
|
76b11c |
+hashkit_string_st *aes_encrypt(encryption_context_t *crypto_context, const unsigned char *source,
|
|
|
76b11c |
+ size_t source_length) {
|
|
|
76b11c |
+EVP_CIPHER_CTX *encryption_context = crypto_context->encryption_context;
|
|
|
76b11c |
+int cipher_length = source_length + EVP_CIPHER_CTX_block_size(encryption_context);
|
|
|
76b11c |
+int final_length = 0;
|
|
|
76b11c |
+unsigned char *cipher_text = (unsigned char *) malloc(cipher_length);
|
|
|
76b11c |
+if (cipher_text == NULL) {
|
|
|
76b11c |
+ return NULL;
|
|
|
76b11c |
+}
|
|
|
76b11c |
+if (EVP_EncryptInit_ex(encryption_context, NULL, NULL, NULL, NULL) != 1
|
|
|
76b11c |
+ || EVP_EncryptUpdate(encryption_context, cipher_text, &cipher_length, source, source_length)
|
|
|
76b11c |
+ != 1
|
|
|
76b11c |
+ || EVP_EncryptFinal_ex(encryption_context, cipher_text + cipher_length, &final_length) != 1)
|
|
|
76b11c |
+{
|
|
|
76b11c |
+ free(cipher_text);
|
|
|
76b11c |
+ return NULL;
|
|
|
76b11c |
+}
|
|
|
76b11c |
+
|
|
|
76b11c |
+hashkit_string_st *destination = hashkit_string_create(cipher_length + final_length);
|
|
|
76b11c |
+if (destination == NULL) {
|
|
|
76b11c |
+ return NULL;
|
|
|
76b11c |
+}
|
|
|
76b11c |
+char *dest = hashkit_string_c_str_mutable(destination);
|
|
|
76b11c |
+memcpy(dest, cipher_text, cipher_length + final_length);
|
|
|
76b11c |
+hashkit_string_set_length(destination, cipher_length + final_length);
|
|
|
76b11c |
+return destination;
|
|
|
76b11c |
+}
|
|
|
76b11c |
+
|
|
|
76b11c |
+hashkit_string_st *aes_decrypt(encryption_context_t *crypto_context, const unsigned char *source,
|
|
|
76b11c |
+ size_t source_length) {
|
|
|
76b11c |
+EVP_CIPHER_CTX *decryption_context = crypto_context->decryption_context;
|
|
|
76b11c |
+int plain_text_length = source_length;
|
|
|
76b11c |
+int final_length = 0;
|
|
|
76b11c |
+unsigned char *plain_text = (unsigned char *) malloc(plain_text_length);
|
|
|
76b11c |
+if (plain_text == NULL) {
|
|
|
76b11c |
+ return NULL;
|
|
|
76b11c |
+}
|
|
|
76b11c |
+if (EVP_DecryptInit_ex(decryption_context, NULL, NULL, NULL, NULL) != 1
|
|
|
76b11c |
+ || EVP_DecryptUpdate(decryption_context, plain_text, &plain_text_length, source, source_length)
|
|
|
76b11c |
+ != 1
|
|
|
76b11c |
+ || EVP_DecryptFinal_ex(decryption_context, plain_text + plain_text_length, &final_length) != 1)
|
|
|
76b11c |
+{
|
|
|
76b11c |
+ free(plain_text);
|
|
|
76b11c |
+ return NULL;
|
|
|
76b11c |
+}
|
|
|
76b11c |
+
|
|
|
76b11c |
+hashkit_string_st *destination = hashkit_string_create(plain_text_length + final_length);
|
|
|
76b11c |
+if (destination == NULL) {
|
|
|
76b11c |
+ return NULL;
|
|
|
76b11c |
+}
|
|
|
76b11c |
+char *dest = hashkit_string_c_str_mutable(destination);
|
|
|
76b11c |
+memcpy(dest, plain_text, plain_text_length + final_length);
|
|
|
76b11c |
+hashkit_string_set_length(destination, plain_text_length + final_length);
|
|
|
76b11c |
+return destination;
|
|
|
76b11c |
+}
|
|
|
76b11c |
+
|
|
|
76b11c |
+encryption_context_t *aes_clone_cryptographic_context(encryption_context_t *source) {
|
|
|
76b11c |
+ encryption_context_t *new_context = (encryption_context_t *) malloc(sizeof(encryption_context_t));
|
|
|
76b11c |
+ if (new_context == NULL)
|
|
|
76b11c |
+ return NULL;
|
|
|
76b11c |
+
|
|
|
76b11c |
+ new_context->encryption_context = EVP_CIPHER_CTX_new();
|
|
|
76b11c |
+ new_context->decryption_context = EVP_CIPHER_CTX_new();
|
|
|
76b11c |
+ if (new_context->encryption_context == NULL || new_context->decryption_context == NULL) {
|
|
|
76b11c |
+ free(new_context);
|
|
|
76b11c |
+ return NULL;
|
|
|
76b11c |
+ }
|
|
|
76b11c |
+ EVP_CIPHER_CTX_copy(new_context->encryption_context, source->encryption_context);
|
|
|
76b11c |
+ EVP_CIPHER_CTX_copy(new_context->decryption_context, source->decryption_context);
|
|
|
76b11c |
+ return new_context;
|
|
|
76b11c |
+}
|
|
|
76b11c |
+
|
|
|
76b11c |
+#else
|
|
|
76b11c |
+
|
|
|
76b11c |
+# include "libhashkit/rijndael.hpp"
|
|
|
76b11c |
+
|
|
|
76b11c |
+# define AES_KEY_LENGTH 256 /* 128, 192, 256 */
|
|
|
76b11c |
+# define AES_BLOCK_SIZE 16
|
|
|
76b11c |
|
|
|
76b11c |
enum encrypt_t { AES_ENCRYPT, AES_DECRYPT };
|
|
|
76b11c |
|
|
|
76b11c |
@@ -49,7 +159,7 @@ aes_key_t *aes_create_key(const char *key, const size_t key_length) {
|
|
|
76b11c |
if (ptr == rkey_end) {
|
|
|
76b11c |
ptr = rkey; /* Just loop over tmp_key until we used all key */
|
|
|
76b11c |
}
|
|
|
76b11c |
- *ptr ^= (uint8_t)(*sptr);
|
|
|
76b11c |
+ *ptr ^= (uint8_t) (*sptr);
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
_aes_key->decode_key.nr = rijndaelKeySetupDec(_aes_key->decode_key.rk, rkey, AES_KEY_LENGTH);
|
|
|
76b11c |
@@ -140,3 +250,4 @@ hashkit_string_st *aes_decrypt(aes_key_t *_aes_key, const char *source, size_t s
|
|
|
76b11c |
|
|
|
76b11c |
return destination;
|
|
|
76b11c |
}
|
|
|
76b11c |
+#endif
|
|
|
76b11c |
\ No newline at end of file
|
|
|
76b11c |
diff --git a/src/libhashkit/aes.h b/src/libhashkit/aes.h
|
|
|
76b11c |
index 43a18b35..e021c5f1 100644
|
|
|
76b11c |
--- a/src/libhashkit/aes.h
|
|
|
76b11c |
+++ b/src/libhashkit/aes.h
|
|
|
76b11c |
@@ -15,6 +15,27 @@
|
|
|
76b11c |
|
|
|
76b11c |
#pragma once
|
|
|
76b11c |
|
|
|
76b11c |
+#ifdef WITH_OPENSSL
|
|
|
76b11c |
+
|
|
|
76b11c |
+#include <openssl/evp.h>
|
|
|
76b11c |
+
|
|
|
76b11c |
+typedef struct encryption_context {
|
|
|
76b11c |
+ EVP_CIPHER_CTX *encryption_context;
|
|
|
76b11c |
+ EVP_CIPHER_CTX *decryption_context;
|
|
|
76b11c |
+} encryption_context_t;
|
|
|
76b11c |
+
|
|
|
76b11c |
+hashkit_string_st *aes_encrypt(encryption_context_t *crypto_context, const unsigned char *source,
|
|
|
76b11c |
+ size_t source_length);
|
|
|
76b11c |
+
|
|
|
76b11c |
+hashkit_string_st *aes_decrypt(encryption_context_t *crypto_context, const unsigned char *source,
|
|
|
76b11c |
+ size_t source_length);
|
|
|
76b11c |
+
|
|
|
76b11c |
+bool aes_initialize(const unsigned char *key, const size_t key_length,
|
|
|
76b11c |
+ encryption_context_t *crypto_context);
|
|
|
76b11c |
+
|
|
|
76b11c |
+encryption_context_t *aes_clone_cryptographic_context(encryption_context_t *source);
|
|
|
76b11c |
+#else
|
|
|
76b11c |
+
|
|
|
76b11c |
struct aes_key_t;
|
|
|
76b11c |
|
|
|
76b11c |
hashkit_string_st *aes_encrypt(aes_key_t *_aes_key, const char *source, size_t source_length);
|
|
|
76b11c |
@@ -24,3 +45,4 @@ hashkit_string_st *aes_decrypt(aes_key_t *_aes_key, const char *source, size_t s
|
|
|
76b11c |
aes_key_t *aes_create_key(const char *key, const size_t key_length);
|
|
|
76b11c |
|
|
|
76b11c |
aes_key_t *aes_clone_key(aes_key_t *_aes_key);
|
|
|
76b11c |
+#endif
|
|
|
76b11c |
\ No newline at end of file
|
|
|
76b11c |
diff --git a/src/libhashkit/encrypt.cc b/src/libhashkit/encrypt.cc
|
|
|
76b11c |
index 6446c018..dbc051ae 100644
|
|
|
76b11c |
--- a/src/libhashkit/encrypt.cc
|
|
|
76b11c |
+++ b/src/libhashkit/encrypt.cc
|
|
|
76b11c |
@@ -15,20 +15,50 @@
|
|
|
76b11c |
|
|
|
76b11c |
#include "libhashkit/common.h"
|
|
|
76b11c |
|
|
|
76b11c |
+#ifdef WITH_OPENSSL
|
|
|
76b11c |
+# include <openssl/evp.h>
|
|
|
76b11c |
+#endif
|
|
|
76b11c |
+
|
|
|
76b11c |
hashkit_string_st *hashkit_encrypt(hashkit_st *kit, const char *source, size_t source_length) {
|
|
|
76b11c |
- return aes_encrypt(static_cast<aes_key_t *>(kit->_key), source, source_length);
|
|
|
76b11c |
+#ifdef WITH_OPENSSL
|
|
|
76b11c |
+ return aes_encrypt((encryption_context_t *) kit->_cryptographic_context,
|
|
|
76b11c |
+ (const unsigned char *) source, source_length);
|
|
|
76b11c |
+#else
|
|
|
76b11c |
+ return aes_encrypt((aes_key_t *) kit->_cryptographic_context, source,
|
|
|
76b11c |
+ source_length);
|
|
|
76b11c |
+#endif
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
hashkit_string_st *hashkit_decrypt(hashkit_st *kit, const char *source, size_t source_length) {
|
|
|
76b11c |
- return aes_decrypt(static_cast<aes_key_t *>(kit->_key), source, source_length);
|
|
|
76b11c |
+#ifdef WITH_OPENSSL
|
|
|
76b11c |
+ return aes_decrypt((encryption_context_t *) kit->_cryptographic_context,
|
|
|
76b11c |
+ (const unsigned char *) source, source_length);
|
|
|
76b11c |
+#else
|
|
|
76b11c |
+ return aes_decrypt((aes_key_t *)kit->_cryptographic_context, source, source_length);
|
|
|
76b11c |
+#endif
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
+#ifdef WITH_OPENSSL
|
|
|
76b11c |
+bool hashkit_key(hashkit_st *kit, const char *key, const size_t key_length) {
|
|
|
76b11c |
+ kit->_cryptographic_context = (encryption_context_t *) malloc(sizeof(encryption_context_t));
|
|
|
76b11c |
+ ((encryption_context_t *) kit->_cryptographic_context)->encryption_context = EVP_CIPHER_CTX_new();
|
|
|
76b11c |
+ ((encryption_context_t *) kit->_cryptographic_context)->decryption_context = EVP_CIPHER_CTX_new();
|
|
|
76b11c |
+ if (((encryption_context_t *) kit->_cryptographic_context)->encryption_context == NULL
|
|
|
76b11c |
+ || ((encryption_context_t *) kit->_cryptographic_context)->decryption_context == NULL)
|
|
|
76b11c |
+ {
|
|
|
76b11c |
+ return false;
|
|
|
76b11c |
+ }
|
|
|
76b11c |
+ return aes_initialize((const unsigned char *) key, key_length,
|
|
|
76b11c |
+ (encryption_context_t *) kit->_cryptographic_context);
|
|
|
76b11c |
+}
|
|
|
76b11c |
+#else
|
|
|
76b11c |
bool hashkit_key(hashkit_st *kit, const char *key, const size_t key_length) {
|
|
|
76b11c |
- if (kit->_key) {
|
|
|
76b11c |
- free(kit->_key);
|
|
|
76b11c |
+ if (kit->_cryptographic_context) {
|
|
|
76b11c |
+ free(kit->_cryptographic_context);
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
- kit->_key = aes_create_key(key, key_length);
|
|
|
76b11c |
+ kit->_cryptographic_context = aes_create_key(key, key_length);
|
|
|
76b11c |
|
|
|
76b11c |
- return bool(kit->_key);
|
|
|
76b11c |
+ return bool(kit->_cryptographic_context);
|
|
|
76b11c |
}
|
|
|
76b11c |
+#endif
|
|
|
76b11c |
\ No newline at end of file
|
|
|
76b11c |
diff --git a/src/libhashkit/hashkit.cc b/src/libhashkit/hashkit.cc
|
|
|
76b11c |
index 6a179573..46cf6368 100644
|
|
|
76b11c |
--- a/src/libhashkit/hashkit.cc
|
|
|
76b11c |
+++ b/src/libhashkit/hashkit.cc
|
|
|
76b11c |
@@ -15,6 +15,10 @@
|
|
|
76b11c |
|
|
|
76b11c |
#include "libhashkit/common.h"
|
|
|
76b11c |
|
|
|
76b11c |
+#ifdef WITH_OPENSSL
|
|
|
76b11c |
+# include <openssl/evp.h>
|
|
|
76b11c |
+#endif
|
|
|
76b11c |
+
|
|
|
76b11c |
static inline void _hashkit_init(hashkit_st *self) {
|
|
|
76b11c |
self->base_hash.function = hashkit_one_at_a_time;
|
|
|
76b11c |
self->base_hash.context = NULL;
|
|
|
76b11c |
@@ -23,7 +27,7 @@ static inline void _hashkit_init(hashkit_st *self) {
|
|
|
76b11c |
self->distribution_hash.context = NULL;
|
|
|
76b11c |
|
|
|
76b11c |
self->flags.is_base_same_distributed = true;
|
|
|
76b11c |
- self->_key = NULL;
|
|
|
76b11c |
+ self->_cryptographic_context = NULL;
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
static inline hashkit_st *_hashkit_create(hashkit_st *self) {
|
|
|
76b11c |
@@ -52,11 +56,26 @@ hashkit_st *hashkit_create(hashkit_st *self) {
|
|
|
76b11c |
return self;
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
+#ifdef WITH_OPENSSL
|
|
|
76b11c |
+static void cryptographic_context_free(encryption_context_t *context) {
|
|
|
76b11c |
+ EVP_CIPHER_CTX_free(context->encryption_context);
|
|
|
76b11c |
+ EVP_CIPHER_CTX_free(context->decryption_context);
|
|
|
76b11c |
+ free(context);
|
|
|
76b11c |
+}
|
|
|
76b11c |
+#endif
|
|
|
76b11c |
+
|
|
|
76b11c |
void hashkit_free(hashkit_st *self) {
|
|
|
76b11c |
- if (self and self->_key) {
|
|
|
76b11c |
- free(self->_key);
|
|
|
76b11c |
- self->_key = NULL;
|
|
|
76b11c |
+#ifdef WITH_OPENSSL
|
|
|
76b11c |
+ if (self and self->_cryptographic_context) {
|
|
|
76b11c |
+ cryptographic_context_free((encryption_context_t *)self->_cryptographic_context);
|
|
|
76b11c |
+ self->_cryptographic_context = NULL;
|
|
|
76b11c |
+ }
|
|
|
76b11c |
+#else
|
|
|
76b11c |
+ if (self and self->_cryptographic_context) {
|
|
|
76b11c |
+ free(self->_cryptographic_context);
|
|
|
76b11c |
+ self->_cryptographic_context = NULL;
|
|
|
76b11c |
}
|
|
|
76b11c |
+#endif
|
|
|
76b11c |
|
|
|
76b11c |
if (hashkit_is_allocated(self)) {
|
|
|
76b11c |
free(self);
|
|
|
76b11c |
@@ -79,7 +98,21 @@ hashkit_st *hashkit_clone(hashkit_st *destination, const hashkit_st *source) {
|
|
|
76b11c |
destination->base_hash = source->base_hash;
|
|
|
76b11c |
destination->distribution_hash = source->distribution_hash;
|
|
|
76b11c |
destination->flags = source->flags;
|
|
|
76b11c |
- destination->_key = aes_clone_key(static_cast<aes_key_t *>(source->_key));
|
|
|
76b11c |
+#ifdef WITH_OPENSSL
|
|
|
76b11c |
+ if (destination->_cryptographic_context) {
|
|
|
76b11c |
+ cryptographic_context_free((encryption_context_t *)destination->_cryptographic_context);
|
|
|
76b11c |
+ destination->_cryptographic_context = NULL;
|
|
|
76b11c |
+ }
|
|
|
76b11c |
+ if (source->_cryptographic_context) {
|
|
|
76b11c |
+ destination->_cryptographic_context =
|
|
|
76b11c |
+ aes_clone_cryptographic_context(((encryption_context_t *) source->_cryptographic_context));
|
|
|
76b11c |
+ if (destination->_cryptographic_context) {
|
|
|
76b11c |
+
|
|
|
76b11c |
+ }
|
|
|
76b11c |
+ }
|
|
|
76b11c |
+#else
|
|
|
76b11c |
+ destination->_cryptographic_context = aes_clone_key(static_cast<aes_key_t *>(source->_cryptographic_context));
|
|
|
76b11c |
+#endif
|
|
|
76b11c |
|
|
|
76b11c |
return destination;
|
|
|
76b11c |
}
|
|
|
76b11c |
diff --git a/src/libhashkit/rijndael.hpp b/src/libhashkit/rijndael.hpp
|
|
|
76b11c |
index 96f48e34..96961f8c 100644
|
|
|
76b11c |
--- a/src/libhashkit/rijndael.hpp
|
|
|
76b11c |
+++ b/src/libhashkit/rijndael.hpp
|
|
|
76b11c |
@@ -35,4 +35,4 @@ void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 p
|
|
|
76b11c |
#ifdef INTERMEDIATE_VALUE_KAT
|
|
|
76b11c |
void rijndaelEncryptRound(const u32 rk[/*4*(Nr + 1)*/], int Nr, u8 block[16], int rounds);
|
|
|
76b11c |
void rijndaelDecryptRound(const u32 rk[/*4*(Nr + 1)*/], int Nr, u8 block[16], int rounds);
|
|
|
76b11c |
-#endif /* INTERMEDIATE_VALUE_KAT */
|
|
|
76b11c |
+#endif /* INTERMEDIATE_VALUE_KAT */
|
|
|
76b11c |
\ No newline at end of file
|
|
|
76b11c |
diff --git a/src/libmemcached/is.h b/src/libmemcached/is.h
|
|
|
76b11c |
index d73b54e7..3987332f 100644
|
|
|
76b11c |
--- a/src/libmemcached/is.h
|
|
|
76b11c |
+++ b/src/libmemcached/is.h
|
|
|
76b11c |
@@ -17,7 +17,7 @@
|
|
|
76b11c |
|
|
|
76b11c |
/* These are private */
|
|
|
76b11c |
#define memcached_is_allocated(__object) ((__object)->options.is_allocated)
|
|
|
76b11c |
-#define memcached_is_encrypted(__object) ((__object)->hashkit._key)
|
|
|
76b11c |
+#define memcached_is_encrypted(__object) (!!(__object)->hashkit._cryptographic_context)
|
|
|
76b11c |
#define memcached_is_initialized(__object) ((__object)->options.is_initialized)
|
|
|
76b11c |
#define memcached_is_purging(__object) ((__object)->state.is_purging)
|
|
|
76b11c |
#define memcached_is_processing_input(__object) ((__object)->state.is_processing_input)
|
|
|
76b11c |
--
|
|
|
76b11c |
2.31.1
|
|
|
76b11c |
|
|
|
76b11c |
From b7f446e55146456e368c3926347f4c771afcea8c Mon Sep 17 00:00:00 2001
|
|
|
76b11c |
From: Michael Wallner <mike@php.net>
|
|
|
76b11c |
Date: Mon, 12 Jul 2021 15:08:57 +0200
|
|
|
76b11c |
Subject: [PATCH 2/7] libhashkit/aes: make using openssl configurable
|
|
|
76b11c |
|
|
|
76b11c |
---
|
|
|
76b11c |
CMakeConfig.txt | 3 +++
|
|
|
76b11c |
src/libhashkit/CMakeLists.txt | 16 ++++++++++------
|
|
|
76b11c |
src/libhashkit/aes.cc | 4 ++--
|
|
|
76b11c |
src/libhashkit/aes.h | 4 ++--
|
|
|
76b11c |
src/libhashkit/encrypt.cc | 10 +++++-----
|
|
|
76b11c |
src/libhashkit/hashkit.cc | 8 ++++----
|
|
|
76b11c |
6 files changed, 26 insertions(+), 19 deletions(-)
|
|
|
76b11c |
|
|
|
76b11c |
diff --git a/CMakeConfig.txt b/CMakeConfig.txt
|
|
|
76b11c |
index 973ff824..d8afcaef 100644
|
|
|
76b11c |
--- a/CMakeConfig.txt
|
|
|
76b11c |
+++ b/CMakeConfig.txt
|
|
|
76b11c |
@@ -65,6 +65,9 @@ if(NOT DEFINED ENV{ENABLE_MEMASLAP})
|
|
|
76b11c |
endif()
|
|
|
76b11c |
option(ENABLE_MEMASLAP "enable memaslap client"
|
|
|
76b11c |
$ENV{ENABLE_MEMASLAP})
|
|
|
76b11c |
+option(ENABLE_OPENSSL_CRYPTO
|
|
|
76b11c |
+ "enable OpenSSL's libcrypto instead of bundled AES implementation"
|
|
|
76b11c |
+ $ENV{ENABLE_OPENSSL_CRYPTO})
|
|
|
76b11c |
|
|
|
76b11c |
if(BUILD_TESTING)
|
|
|
76b11c |
set(MEMCACHED_BINARY "$ENV{MEMCACHED_BINARY}"
|
|
|
76b11c |
diff --git a/src/libhashkit/CMakeLists.txt b/src/libhashkit/CMakeLists.txt
|
|
|
76b11c |
index d0e03d15..ed3f7f1d 100644
|
|
|
76b11c |
--- a/src/libhashkit/CMakeLists.txt
|
|
|
76b11c |
+++ b/src/libhashkit/CMakeLists.txt
|
|
|
76b11c |
@@ -40,12 +40,16 @@ target_include_directories(libhashkit PUBLIC
|
|
|
76b11c |
$<BUILD_INTERFACE:${CMAKE_BINARY_DIR}/include>
|
|
|
76b11c |
$<INSTALL_INTERFACE:include>)
|
|
|
76b11c |
|
|
|
76b11c |
-find_package(OpenSSL)
|
|
|
76b11c |
-if(NOT OPENSSL_FOUND)
|
|
|
76b11c |
- message(WARNING "crypto library not found")
|
|
|
76b11c |
-else()
|
|
|
76b11c |
- add_compile_definitions(WITH_OPENSSL)
|
|
|
76b11c |
- target_link_libraries(libhashkit PUBLIC OpenSSL::Crypto)
|
|
|
76b11c |
+if(ENABLE_OPENSSL_CRYPTO)
|
|
|
76b11c |
+ find_package(OpenSSL)
|
|
|
76b11c |
+ if(OPENSSL_FOUND)
|
|
|
76b11c |
+ if(OPENSSL_CRYPTO_LIBRARY)
|
|
|
76b11c |
+ target_compile_definitions(libhashkit PRIVATE HAVE_OPENSSL_CRYPTO)
|
|
|
76b11c |
+ target_link_libraries(libhashkit PUBLIC OpenSSL::Crypto)
|
|
|
76b11c |
+ else()
|
|
|
76b11c |
+ message(WARNING "Could not find OpenSSL::Crypto")
|
|
|
76b11c |
+ endif()
|
|
|
76b11c |
+ endif()
|
|
|
76b11c |
endif()
|
|
|
76b11c |
|
|
|
76b11c |
configure_file(hashkitcon.h.in hashkitcon.h @ONLY)
|
|
|
76b11c |
diff --git a/src/libhashkit/aes.cc b/src/libhashkit/aes.cc
|
|
|
76b11c |
index d4fdad5a..d65a9d91 100644
|
|
|
76b11c |
--- a/src/libhashkit/aes.cc
|
|
|
76b11c |
+++ b/src/libhashkit/aes.cc
|
|
|
76b11c |
@@ -17,7 +17,7 @@
|
|
|
76b11c |
|
|
|
76b11c |
#include <cstring>
|
|
|
76b11c |
|
|
|
76b11c |
-#ifdef WITH_OPENSSL
|
|
|
76b11c |
+#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
|
|
|
76b11c |
#include <openssl/evp.h>
|
|
|
76b11c |
|
|
|
76b11c |
@@ -250,4 +250,4 @@ hashkit_string_st *aes_decrypt(aes_key_t *_aes_key, const char *source, size_t s
|
|
|
76b11c |
|
|
|
76b11c |
return destination;
|
|
|
76b11c |
}
|
|
|
76b11c |
-#endif
|
|
|
76b11c |
\ No newline at end of file
|
|
|
76b11c |
+#endif
|
|
|
76b11c |
diff --git a/src/libhashkit/aes.h b/src/libhashkit/aes.h
|
|
|
76b11c |
index e021c5f1..243d501f 100644
|
|
|
76b11c |
--- a/src/libhashkit/aes.h
|
|
|
76b11c |
+++ b/src/libhashkit/aes.h
|
|
|
76b11c |
@@ -15,7 +15,7 @@
|
|
|
76b11c |
|
|
|
76b11c |
#pragma once
|
|
|
76b11c |
|
|
|
76b11c |
-#ifdef WITH_OPENSSL
|
|
|
76b11c |
+#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
|
|
|
76b11c |
#include <openssl/evp.h>
|
|
|
76b11c |
|
|
|
76b11c |
@@ -45,4 +45,4 @@ hashkit_string_st *aes_decrypt(aes_key_t *_aes_key, const char *source, size_t s
|
|
|
76b11c |
aes_key_t *aes_create_key(const char *key, const size_t key_length);
|
|
|
76b11c |
|
|
|
76b11c |
aes_key_t *aes_clone_key(aes_key_t *_aes_key);
|
|
|
76b11c |
-#endif
|
|
|
76b11c |
\ No newline at end of file
|
|
|
76b11c |
+#endif
|
|
|
76b11c |
diff --git a/src/libhashkit/encrypt.cc b/src/libhashkit/encrypt.cc
|
|
|
76b11c |
index dbc051ae..e7898a6a 100644
|
|
|
76b11c |
--- a/src/libhashkit/encrypt.cc
|
|
|
76b11c |
+++ b/src/libhashkit/encrypt.cc
|
|
|
76b11c |
@@ -15,12 +15,12 @@
|
|
|
76b11c |
|
|
|
76b11c |
#include "libhashkit/common.h"
|
|
|
76b11c |
|
|
|
76b11c |
-#ifdef WITH_OPENSSL
|
|
|
76b11c |
+#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
# include <openssl/evp.h>
|
|
|
76b11c |
#endif
|
|
|
76b11c |
|
|
|
76b11c |
hashkit_string_st *hashkit_encrypt(hashkit_st *kit, const char *source, size_t source_length) {
|
|
|
76b11c |
-#ifdef WITH_OPENSSL
|
|
|
76b11c |
+#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
return aes_encrypt((encryption_context_t *) kit->_cryptographic_context,
|
|
|
76b11c |
(const unsigned char *) source, source_length);
|
|
|
76b11c |
#else
|
|
|
76b11c |
@@ -30,7 +30,7 @@ hashkit_string_st *hashkit_encrypt(hashkit_st *kit, const char *source, size_t s
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
hashkit_string_st *hashkit_decrypt(hashkit_st *kit, const char *source, size_t source_length) {
|
|
|
76b11c |
-#ifdef WITH_OPENSSL
|
|
|
76b11c |
+#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
return aes_decrypt((encryption_context_t *) kit->_cryptographic_context,
|
|
|
76b11c |
(const unsigned char *) source, source_length);
|
|
|
76b11c |
#else
|
|
|
76b11c |
@@ -38,7 +38,7 @@ hashkit_string_st *hashkit_decrypt(hashkit_st *kit, const char *source, size_t s
|
|
|
76b11c |
#endif
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
-#ifdef WITH_OPENSSL
|
|
|
76b11c |
+#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
bool hashkit_key(hashkit_st *kit, const char *key, const size_t key_length) {
|
|
|
76b11c |
kit->_cryptographic_context = (encryption_context_t *) malloc(sizeof(encryption_context_t));
|
|
|
76b11c |
((encryption_context_t *) kit->_cryptographic_context)->encryption_context = EVP_CIPHER_CTX_new();
|
|
|
76b11c |
@@ -61,4 +61,4 @@ bool hashkit_key(hashkit_st *kit, const char *key, const size_t key_length) {
|
|
|
76b11c |
|
|
|
76b11c |
return bool(kit->_cryptographic_context);
|
|
|
76b11c |
}
|
|
|
76b11c |
-#endif
|
|
|
76b11c |
\ No newline at end of file
|
|
|
76b11c |
+#endif
|
|
|
76b11c |
diff --git a/src/libhashkit/hashkit.cc b/src/libhashkit/hashkit.cc
|
|
|
76b11c |
index 46cf6368..d15d7372 100644
|
|
|
76b11c |
--- a/src/libhashkit/hashkit.cc
|
|
|
76b11c |
+++ b/src/libhashkit/hashkit.cc
|
|
|
76b11c |
@@ -15,7 +15,7 @@
|
|
|
76b11c |
|
|
|
76b11c |
#include "libhashkit/common.h"
|
|
|
76b11c |
|
|
|
76b11c |
-#ifdef WITH_OPENSSL
|
|
|
76b11c |
+#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
# include <openssl/evp.h>
|
|
|
76b11c |
#endif
|
|
|
76b11c |
|
|
|
76b11c |
@@ -56,7 +56,7 @@ hashkit_st *hashkit_create(hashkit_st *self) {
|
|
|
76b11c |
return self;
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
-#ifdef WITH_OPENSSL
|
|
|
76b11c |
+#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
static void cryptographic_context_free(encryption_context_t *context) {
|
|
|
76b11c |
EVP_CIPHER_CTX_free(context->encryption_context);
|
|
|
76b11c |
EVP_CIPHER_CTX_free(context->decryption_context);
|
|
|
76b11c |
@@ -65,7 +65,7 @@ static void cryptographic_context_free(encryption_context_t *context) {
|
|
|
76b11c |
#endif
|
|
|
76b11c |
|
|
|
76b11c |
void hashkit_free(hashkit_st *self) {
|
|
|
76b11c |
-#ifdef WITH_OPENSSL
|
|
|
76b11c |
+#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
if (self and self->_cryptographic_context) {
|
|
|
76b11c |
cryptographic_context_free((encryption_context_t *)self->_cryptographic_context);
|
|
|
76b11c |
self->_cryptographic_context = NULL;
|
|
|
76b11c |
@@ -98,7 +98,7 @@ hashkit_st *hashkit_clone(hashkit_st *destination, const hashkit_st *source) {
|
|
|
76b11c |
destination->base_hash = source->base_hash;
|
|
|
76b11c |
destination->distribution_hash = source->distribution_hash;
|
|
|
76b11c |
destination->flags = source->flags;
|
|
|
76b11c |
-#ifdef WITH_OPENSSL
|
|
|
76b11c |
+#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
if (destination->_cryptographic_context) {
|
|
|
76b11c |
cryptographic_context_free((encryption_context_t *)destination->_cryptographic_context);
|
|
|
76b11c |
destination->_cryptographic_context = NULL;
|
|
|
76b11c |
--
|
|
|
76b11c |
2.31.1
|
|
|
76b11c |
|
|
|
76b11c |
From 0d7a3e0e040ddf840d656b61f41419c252debcde Mon Sep 17 00:00:00 2001
|
|
|
76b11c |
From: Michael Wallner <mike@php.net>
|
|
|
76b11c |
Date: Mon, 12 Jul 2021 15:57:32 +0200
|
|
|
76b11c |
Subject: [PATCH 3/7] libhashkit/aes: keep API compatible
|
|
|
76b11c |
|
|
|
76b11c |
---
|
|
|
76b11c |
include/libhashkit-1.0/hashkit.h | 2 +-
|
|
|
76b11c |
src/libhashkit/encrypt.cc | 28 ++++++++++++++--------------
|
|
|
76b11c |
src/libhashkit/hashkit.cc | 30 +++++++++++++++---------------
|
|
|
76b11c |
src/libmemcached/is.h | 2 +-
|
|
|
76b11c |
4 files changed, 31 insertions(+), 31 deletions(-)
|
|
|
76b11c |
|
|
|
76b11c |
diff --git a/include/libhashkit-1.0/hashkit.h b/include/libhashkit-1.0/hashkit.h
|
|
|
76b11c |
index 0f67e377..09b7edeb 100644
|
|
|
76b11c |
--- a/include/libhashkit-1.0/hashkit.h
|
|
|
76b11c |
+++ b/include/libhashkit-1.0/hashkit.h
|
|
|
76b11c |
@@ -49,7 +49,7 @@ struct hashkit_st {
|
|
|
76b11c |
bool is_allocated : 1;
|
|
|
76b11c |
} options;
|
|
|
76b11c |
|
|
|
76b11c |
- void *_cryptographic_context;
|
|
|
76b11c |
+ void *_key;
|
|
|
76b11c |
};
|
|
|
76b11c |
|
|
|
76b11c |
#ifdef __cplusplus
|
|
|
76b11c |
diff --git a/src/libhashkit/encrypt.cc b/src/libhashkit/encrypt.cc
|
|
|
76b11c |
index e7898a6a..effa299f 100644
|
|
|
76b11c |
--- a/src/libhashkit/encrypt.cc
|
|
|
76b11c |
+++ b/src/libhashkit/encrypt.cc
|
|
|
76b11c |
@@ -21,44 +21,44 @@
|
|
|
76b11c |
|
|
|
76b11c |
hashkit_string_st *hashkit_encrypt(hashkit_st *kit, const char *source, size_t source_length) {
|
|
|
76b11c |
#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
- return aes_encrypt((encryption_context_t *) kit->_cryptographic_context,
|
|
|
76b11c |
+ return aes_encrypt((encryption_context_t *) kit->_key,
|
|
|
76b11c |
(const unsigned char *) source, source_length);
|
|
|
76b11c |
#else
|
|
|
76b11c |
- return aes_encrypt((aes_key_t *) kit->_cryptographic_context, source,
|
|
|
76b11c |
+ return aes_encrypt((aes_key_t *) kit->_key, source,
|
|
|
76b11c |
source_length);
|
|
|
76b11c |
#endif
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
hashkit_string_st *hashkit_decrypt(hashkit_st *kit, const char *source, size_t source_length) {
|
|
|
76b11c |
#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
- return aes_decrypt((encryption_context_t *) kit->_cryptographic_context,
|
|
|
76b11c |
+ return aes_decrypt((encryption_context_t *) kit->_key,
|
|
|
76b11c |
(const unsigned char *) source, source_length);
|
|
|
76b11c |
#else
|
|
|
76b11c |
- return aes_decrypt((aes_key_t *)kit->_cryptographic_context, source, source_length);
|
|
|
76b11c |
+ return aes_decrypt((aes_key_t *)kit->_key, source, source_length);
|
|
|
76b11c |
#endif
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
bool hashkit_key(hashkit_st *kit, const char *key, const size_t key_length) {
|
|
|
76b11c |
- kit->_cryptographic_context = (encryption_context_t *) malloc(sizeof(encryption_context_t));
|
|
|
76b11c |
- ((encryption_context_t *) kit->_cryptographic_context)->encryption_context = EVP_CIPHER_CTX_new();
|
|
|
76b11c |
- ((encryption_context_t *) kit->_cryptographic_context)->decryption_context = EVP_CIPHER_CTX_new();
|
|
|
76b11c |
- if (((encryption_context_t *) kit->_cryptographic_context)->encryption_context == NULL
|
|
|
76b11c |
- || ((encryption_context_t *) kit->_cryptographic_context)->decryption_context == NULL)
|
|
|
76b11c |
+ kit->_key = (encryption_context_t *) malloc(sizeof(encryption_context_t));
|
|
|
76b11c |
+ ((encryption_context_t *) kit->_key)->encryption_context = EVP_CIPHER_CTX_new();
|
|
|
76b11c |
+ ((encryption_context_t *) kit->_key)->decryption_context = EVP_CIPHER_CTX_new();
|
|
|
76b11c |
+ if (((encryption_context_t *) kit->_key)->encryption_context == NULL
|
|
|
76b11c |
+ || ((encryption_context_t *) kit->_key)->decryption_context == NULL)
|
|
|
76b11c |
{
|
|
|
76b11c |
return false;
|
|
|
76b11c |
}
|
|
|
76b11c |
return aes_initialize((const unsigned char *) key, key_length,
|
|
|
76b11c |
- (encryption_context_t *) kit->_cryptographic_context);
|
|
|
76b11c |
+ (encryption_context_t *) kit->_key);
|
|
|
76b11c |
}
|
|
|
76b11c |
#else
|
|
|
76b11c |
bool hashkit_key(hashkit_st *kit, const char *key, const size_t key_length) {
|
|
|
76b11c |
- if (kit->_cryptographic_context) {
|
|
|
76b11c |
- free(kit->_cryptographic_context);
|
|
|
76b11c |
+ if (kit->_key) {
|
|
|
76b11c |
+ free(kit->_key);
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
- kit->_cryptographic_context = aes_create_key(key, key_length);
|
|
|
76b11c |
+ kit->_key = aes_create_key(key, key_length);
|
|
|
76b11c |
|
|
|
76b11c |
- return bool(kit->_cryptographic_context);
|
|
|
76b11c |
+ return bool(kit->_key);
|
|
|
76b11c |
}
|
|
|
76b11c |
#endif
|
|
|
76b11c |
diff --git a/src/libhashkit/hashkit.cc b/src/libhashkit/hashkit.cc
|
|
|
76b11c |
index d15d7372..e61b014d 100644
|
|
|
76b11c |
--- a/src/libhashkit/hashkit.cc
|
|
|
76b11c |
+++ b/src/libhashkit/hashkit.cc
|
|
|
76b11c |
@@ -27,7 +27,7 @@ static inline void _hashkit_init(hashkit_st *self) {
|
|
|
76b11c |
self->distribution_hash.context = NULL;
|
|
|
76b11c |
|
|
|
76b11c |
self->flags.is_base_same_distributed = true;
|
|
|
76b11c |
- self->_cryptographic_context = NULL;
|
|
|
76b11c |
+ self->_key = NULL;
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
static inline hashkit_st *_hashkit_create(hashkit_st *self) {
|
|
|
76b11c |
@@ -66,14 +66,14 @@ static void cryptographic_context_free(encryption_context_t *context) {
|
|
|
76b11c |
|
|
|
76b11c |
void hashkit_free(hashkit_st *self) {
|
|
|
76b11c |
#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
- if (self and self->_cryptographic_context) {
|
|
|
76b11c |
- cryptographic_context_free((encryption_context_t *)self->_cryptographic_context);
|
|
|
76b11c |
- self->_cryptographic_context = NULL;
|
|
|
76b11c |
+ if (self and self->_key) {
|
|
|
76b11c |
+ cryptographic_context_free((encryption_context_t *)self->_key);
|
|
|
76b11c |
+ self->_key = NULL;
|
|
|
76b11c |
}
|
|
|
76b11c |
#else
|
|
|
76b11c |
- if (self and self->_cryptographic_context) {
|
|
|
76b11c |
- free(self->_cryptographic_context);
|
|
|
76b11c |
- self->_cryptographic_context = NULL;
|
|
|
76b11c |
+ if (self and self->_key) {
|
|
|
76b11c |
+ free(self->_key);
|
|
|
76b11c |
+ self->_key = NULL;
|
|
|
76b11c |
}
|
|
|
76b11c |
#endif
|
|
|
76b11c |
|
|
|
76b11c |
@@ -99,19 +99,19 @@ hashkit_st *hashkit_clone(hashkit_st *destination, const hashkit_st *source) {
|
|
|
76b11c |
destination->distribution_hash = source->distribution_hash;
|
|
|
76b11c |
destination->flags = source->flags;
|
|
|
76b11c |
#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
- if (destination->_cryptographic_context) {
|
|
|
76b11c |
- cryptographic_context_free((encryption_context_t *)destination->_cryptographic_context);
|
|
|
76b11c |
- destination->_cryptographic_context = NULL;
|
|
|
76b11c |
+ if (destination->_key) {
|
|
|
76b11c |
+ cryptographic_context_free((encryption_context_t *)destination->_key);
|
|
|
76b11c |
+ destination->_key = NULL;
|
|
|
76b11c |
}
|
|
|
76b11c |
- if (source->_cryptographic_context) {
|
|
|
76b11c |
- destination->_cryptographic_context =
|
|
|
76b11c |
- aes_clone_cryptographic_context(((encryption_context_t *) source->_cryptographic_context));
|
|
|
76b11c |
- if (destination->_cryptographic_context) {
|
|
|
76b11c |
+ if (source->_key) {
|
|
|
76b11c |
+ destination->_key =
|
|
|
76b11c |
+ aes_clone_cryptographic_context(((encryption_context_t *) source->_key));
|
|
|
76b11c |
+ if (destination->_key) {
|
|
|
76b11c |
|
|
|
76b11c |
}
|
|
|
76b11c |
}
|
|
|
76b11c |
#else
|
|
|
76b11c |
- destination->_cryptographic_context = aes_clone_key(static_cast<aes_key_t *>(source->_cryptographic_context));
|
|
|
76b11c |
+ destination->_key = aes_clone_key(static_cast<aes_key_t *>(source->_key));
|
|
|
76b11c |
#endif
|
|
|
76b11c |
|
|
|
76b11c |
return destination;
|
|
|
76b11c |
diff --git a/src/libmemcached/is.h b/src/libmemcached/is.h
|
|
|
76b11c |
index 3987332f..229fd9b0 100644
|
|
|
76b11c |
--- a/src/libmemcached/is.h
|
|
|
76b11c |
+++ b/src/libmemcached/is.h
|
|
|
76b11c |
@@ -17,7 +17,7 @@
|
|
|
76b11c |
|
|
|
76b11c |
/* These are private */
|
|
|
76b11c |
#define memcached_is_allocated(__object) ((__object)->options.is_allocated)
|
|
|
76b11c |
-#define memcached_is_encrypted(__object) (!!(__object)->hashkit._cryptographic_context)
|
|
|
76b11c |
+#define memcached_is_encrypted(__object) (!!(__object)->hashkit._key)
|
|
|
76b11c |
#define memcached_is_initialized(__object) ((__object)->options.is_initialized)
|
|
|
76b11c |
#define memcached_is_purging(__object) ((__object)->state.is_purging)
|
|
|
76b11c |
#define memcached_is_processing_input(__object) ((__object)->state.is_processing_input)
|
|
|
76b11c |
--
|
|
|
76b11c |
2.31.1
|
|
|
76b11c |
|
|
|
76b11c |
From 6f1f694418c7effef13972ea135ce1c735042a8f Mon Sep 17 00:00:00 2001
|
|
|
76b11c |
From: Michael Wallner <mike@php.net>
|
|
|
76b11c |
Date: Mon, 12 Jul 2021 15:11:32 +0200
|
|
|
76b11c |
Subject: [PATCH 4/7] libhashkit/aes: fix logic error in aes_initialize
|
|
|
76b11c |
|
|
|
76b11c |
---
|
|
|
76b11c |
src/libhashkit/aes.cc | 2 +-
|
|
|
76b11c |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
76b11c |
|
|
|
76b11c |
diff --git a/src/libhashkit/aes.cc b/src/libhashkit/aes.cc
|
|
|
76b11c |
index d65a9d91..e4ae96f8 100644
|
|
|
76b11c |
--- a/src/libhashkit/aes.cc
|
|
|
76b11c |
+++ b/src/libhashkit/aes.cc
|
|
|
76b11c |
@@ -30,7 +30,7 @@ bool aes_initialize(const unsigned char *key, const size_t key_length,
|
|
|
76b11c |
encryption_context_t *crypto_context) {
|
|
|
76b11c |
unsigned char aes_key[AES_KEY_NBYTES];
|
|
|
76b11c |
unsigned char aes_iv[AES_IV_NBYTES];
|
|
|
76b11c |
- if (aes_key == NULL || aes_iv == NULL) {
|
|
|
76b11c |
+ if (!key) {
|
|
|
76b11c |
return false;
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
--
|
|
|
76b11c |
2.31.1
|
|
|
76b11c |
|
|
|
76b11c |
From c8300fc7f692c617f1a583a9cb22732a840e7d3e Mon Sep 17 00:00:00 2001
|
|
|
76b11c |
From: Michael Wallner <mike@php.net>
|
|
|
76b11c |
Date: Mon, 12 Jul 2021 15:13:53 +0200
|
|
|
76b11c |
Subject: [PATCH 5/7] libhashkit/aes: fix code indentation
|
|
|
76b11c |
|
|
|
76b11c |
---
|
|
|
76b11c |
src/libhashkit/aes.cc | 94 ++++++++++++++++++++++---------------------
|
|
|
76b11c |
1 file changed, 48 insertions(+), 46 deletions(-)
|
|
|
76b11c |
|
|
|
76b11c |
diff --git a/src/libhashkit/aes.cc b/src/libhashkit/aes.cc
|
|
|
76b11c |
index e4ae96f8..156bcd3d 100644
|
|
|
76b11c |
--- a/src/libhashkit/aes.cc
|
|
|
76b11c |
+++ b/src/libhashkit/aes.cc
|
|
|
76b11c |
@@ -55,58 +55,60 @@ bool aes_initialize(const unsigned char *key, const size_t key_length,
|
|
|
76b11c |
|
|
|
76b11c |
hashkit_string_st *aes_encrypt(encryption_context_t *crypto_context, const unsigned char *source,
|
|
|
76b11c |
size_t source_length) {
|
|
|
76b11c |
-EVP_CIPHER_CTX *encryption_context = crypto_context->encryption_context;
|
|
|
76b11c |
-int cipher_length = source_length + EVP_CIPHER_CTX_block_size(encryption_context);
|
|
|
76b11c |
-int final_length = 0;
|
|
|
76b11c |
-unsigned char *cipher_text = (unsigned char *) malloc(cipher_length);
|
|
|
76b11c |
-if (cipher_text == NULL) {
|
|
|
76b11c |
- return NULL;
|
|
|
76b11c |
-}
|
|
|
76b11c |
-if (EVP_EncryptInit_ex(encryption_context, NULL, NULL, NULL, NULL) != 1
|
|
|
76b11c |
- || EVP_EncryptUpdate(encryption_context, cipher_text, &cipher_length, source, source_length)
|
|
|
76b11c |
- != 1
|
|
|
76b11c |
- || EVP_EncryptFinal_ex(encryption_context, cipher_text + cipher_length, &final_length) != 1)
|
|
|
76b11c |
-{
|
|
|
76b11c |
- free(cipher_text);
|
|
|
76b11c |
- return NULL;
|
|
|
76b11c |
-}
|
|
|
76b11c |
+ EVP_CIPHER_CTX *encryption_context = crypto_context->encryption_context;
|
|
|
76b11c |
+ int cipher_length = source_length + EVP_CIPHER_CTX_block_size(encryption_context);
|
|
|
76b11c |
+ int final_length = 0;
|
|
|
76b11c |
+ unsigned char *cipher_text = (unsigned char *) malloc(cipher_length);
|
|
|
76b11c |
+ if (cipher_text == NULL) {
|
|
|
76b11c |
+ return NULL;
|
|
|
76b11c |
+ }
|
|
|
76b11c |
+ if (EVP_EncryptInit_ex(encryption_context, NULL, NULL, NULL, NULL) != 1
|
|
|
76b11c |
+ || EVP_EncryptUpdate(encryption_context, cipher_text, &cipher_length, source, source_length)
|
|
|
76b11c |
+ != 1
|
|
|
76b11c |
+ || EVP_EncryptFinal_ex(encryption_context, cipher_text + cipher_length, &final_length) != 1)
|
|
|
76b11c |
+ {
|
|
|
76b11c |
+ free(cipher_text);
|
|
|
76b11c |
+ return NULL;
|
|
|
76b11c |
+ }
|
|
|
76b11c |
|
|
|
76b11c |
-hashkit_string_st *destination = hashkit_string_create(cipher_length + final_length);
|
|
|
76b11c |
-if (destination == NULL) {
|
|
|
76b11c |
- return NULL;
|
|
|
76b11c |
-}
|
|
|
76b11c |
-char *dest = hashkit_string_c_str_mutable(destination);
|
|
|
76b11c |
-memcpy(dest, cipher_text, cipher_length + final_length);
|
|
|
76b11c |
-hashkit_string_set_length(destination, cipher_length + final_length);
|
|
|
76b11c |
-return destination;
|
|
|
76b11c |
+ hashkit_string_st *destination = hashkit_string_create(cipher_length + final_length);
|
|
|
76b11c |
+ if (destination == NULL) {
|
|
|
76b11c |
+ return NULL;
|
|
|
76b11c |
+ }
|
|
|
76b11c |
+ char *dest = hashkit_string_c_str_mutable(destination);
|
|
|
76b11c |
+ memcpy(dest, cipher_text, cipher_length + final_length);
|
|
|
76b11c |
+ hashkit_string_set_length(destination, cipher_length + final_length);
|
|
|
76b11c |
+ return destination;
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
hashkit_string_st *aes_decrypt(encryption_context_t *crypto_context, const unsigned char *source,
|
|
|
76b11c |
size_t source_length) {
|
|
|
76b11c |
-EVP_CIPHER_CTX *decryption_context = crypto_context->decryption_context;
|
|
|
76b11c |
-int plain_text_length = source_length;
|
|
|
76b11c |
-int final_length = 0;
|
|
|
76b11c |
-unsigned char *plain_text = (unsigned char *) malloc(plain_text_length);
|
|
|
76b11c |
-if (plain_text == NULL) {
|
|
|
76b11c |
- return NULL;
|
|
|
76b11c |
-}
|
|
|
76b11c |
-if (EVP_DecryptInit_ex(decryption_context, NULL, NULL, NULL, NULL) != 1
|
|
|
76b11c |
- || EVP_DecryptUpdate(decryption_context, plain_text, &plain_text_length, source, source_length)
|
|
|
76b11c |
- != 1
|
|
|
76b11c |
- || EVP_DecryptFinal_ex(decryption_context, plain_text + plain_text_length, &final_length) != 1)
|
|
|
76b11c |
-{
|
|
|
76b11c |
- free(plain_text);
|
|
|
76b11c |
- return NULL;
|
|
|
76b11c |
-}
|
|
|
76b11c |
+ EVP_CIPHER_CTX *decryption_context = crypto_context->decryption_context;
|
|
|
76b11c |
+ int plain_text_length = source_length;
|
|
|
76b11c |
+ int final_length = 0;
|
|
|
76b11c |
+ unsigned char *plain_text = (unsigned char *) malloc(plain_text_length);
|
|
|
76b11c |
+ if (plain_text == NULL) {
|
|
|
76b11c |
+ return NULL;
|
|
|
76b11c |
+ }
|
|
|
76b11c |
+ if (EVP_DecryptInit_ex(decryption_context, NULL, NULL, NULL, NULL) != 1
|
|
|
76b11c |
+ || EVP_DecryptUpdate(decryption_context, plain_text, &plain_text_length, source,
|
|
|
76b11c |
+ source_length)
|
|
|
76b11c |
+ != 1
|
|
|
76b11c |
+ || EVP_DecryptFinal_ex(decryption_context, plain_text + plain_text_length, &final_length)
|
|
|
76b11c |
+ != 1)
|
|
|
76b11c |
+ {
|
|
|
76b11c |
+ free(plain_text);
|
|
|
76b11c |
+ return NULL;
|
|
|
76b11c |
+ }
|
|
|
76b11c |
|
|
|
76b11c |
-hashkit_string_st *destination = hashkit_string_create(plain_text_length + final_length);
|
|
|
76b11c |
-if (destination == NULL) {
|
|
|
76b11c |
- return NULL;
|
|
|
76b11c |
-}
|
|
|
76b11c |
-char *dest = hashkit_string_c_str_mutable(destination);
|
|
|
76b11c |
-memcpy(dest, plain_text, plain_text_length + final_length);
|
|
|
76b11c |
-hashkit_string_set_length(destination, plain_text_length + final_length);
|
|
|
76b11c |
-return destination;
|
|
|
76b11c |
+ hashkit_string_st *destination = hashkit_string_create(plain_text_length + final_length);
|
|
|
76b11c |
+ if (destination == NULL) {
|
|
|
76b11c |
+ return NULL;
|
|
|
76b11c |
+ }
|
|
|
76b11c |
+ char *dest = hashkit_string_c_str_mutable(destination);
|
|
|
76b11c |
+ memcpy(dest, plain_text, plain_text_length + final_length);
|
|
|
76b11c |
+ hashkit_string_set_length(destination, plain_text_length + final_length);
|
|
|
76b11c |
+ return destination;
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
encryption_context_t *aes_clone_cryptographic_context(encryption_context_t *source) {
|
|
|
76b11c |
--
|
|
|
76b11c |
2.31.1
|
|
|
76b11c |
|
|
|
76b11c |
From 72df8af3b9cc00f590afa31371be571c1169a268 Mon Sep 17 00:00:00 2001
|
|
|
76b11c |
From: Michael Wallner <mike@php.net>
|
|
|
76b11c |
Date: Mon, 12 Jul 2021 15:59:57 +0200
|
|
|
76b11c |
Subject: [PATCH 6/7] libhashkit/aes: simplify code
|
|
|
76b11c |
|
|
|
76b11c |
---
|
|
|
76b11c |
src/libhashkit/aes.cc | 125 ++++++++++++++++++++++++--------------
|
|
|
76b11c |
src/libhashkit/aes.h | 26 +-------
|
|
|
76b11c |
src/libhashkit/encrypt.cc | 31 +---------
|
|
|
76b11c |
src/libhashkit/hashkit.cc | 37 +----------
|
|
|
76b11c |
4 files changed, 87 insertions(+), 132 deletions(-)
|
|
|
76b11c |
|
|
|
76b11c |
diff --git a/src/libhashkit/aes.cc b/src/libhashkit/aes.cc
|
|
|
76b11c |
index 156bcd3d..86a41dd7 100644
|
|
|
76b11c |
--- a/src/libhashkit/aes.cc
|
|
|
76b11c |
+++ b/src/libhashkit/aes.cc
|
|
|
76b11c |
@@ -26,45 +26,60 @@
|
|
|
76b11c |
#define AES_KEY_NBYTES 32
|
|
|
76b11c |
#define AES_IV_NBYTES 32
|
|
|
76b11c |
|
|
|
76b11c |
-bool aes_initialize(const unsigned char *key, const size_t key_length,
|
|
|
76b11c |
- encryption_context_t *crypto_context) {
|
|
|
76b11c |
+struct aes_key_t {
|
|
|
76b11c |
+ EVP_CIPHER_CTX *encryption_context;
|
|
|
76b11c |
+ EVP_CIPHER_CTX *decryption_context;
|
|
|
76b11c |
+};
|
|
|
76b11c |
+
|
|
|
76b11c |
+
|
|
|
76b11c |
+aes_key_t *aes_create_key(const char *key, const size_t key_length) {
|
|
|
76b11c |
unsigned char aes_key[AES_KEY_NBYTES];
|
|
|
76b11c |
unsigned char aes_iv[AES_IV_NBYTES];
|
|
|
76b11c |
+ const unsigned char *ukey = (const unsigned char *) key;
|
|
|
76b11c |
+
|
|
|
76b11c |
if (!key) {
|
|
|
76b11c |
- return false;
|
|
|
76b11c |
+ return NULL;
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
- int i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha256(), NULL, key, key_length, DIGEST_ROUNDS,
|
|
|
76b11c |
+ int i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha256(), NULL, ukey, key_length, DIGEST_ROUNDS,
|
|
|
76b11c |
aes_key, aes_iv);
|
|
|
76b11c |
if (i != AES_KEY_NBYTES) {
|
|
|
76b11c |
- return false;
|
|
|
76b11c |
+ return NULL;
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
- EVP_CIPHER_CTX_init(crypto_context->encryption_context);
|
|
|
76b11c |
- EVP_CIPHER_CTX_init(crypto_context->decryption_context);
|
|
|
76b11c |
- if (EVP_EncryptInit_ex(crypto_context->encryption_context, EVP_aes_256_cbc(), NULL, key, aes_iv)
|
|
|
76b11c |
- != 1
|
|
|
76b11c |
- || EVP_DecryptInit_ex(crypto_context->decryption_context, EVP_aes_256_cbc(), NULL, key,
|
|
|
76b11c |
- aes_iv)
|
|
|
76b11c |
- != 1)
|
|
|
76b11c |
+ aes_key_t *aes_ctx = (aes_key_t *) malloc(sizeof(aes_key_t));
|
|
|
76b11c |
+
|
|
|
76b11c |
+ if (!(aes_ctx->encryption_context = EVP_CIPHER_CTX_new())) {
|
|
|
76b11c |
+ return NULL;
|
|
|
76b11c |
+ }
|
|
|
76b11c |
+ if (!(aes_ctx->decryption_context = EVP_CIPHER_CTX_new())) {
|
|
|
76b11c |
+ EVP_CIPHER_CTX_free(aes_ctx->encryption_context);
|
|
|
76b11c |
+ return NULL;
|
|
|
76b11c |
+ }
|
|
|
76b11c |
+
|
|
|
76b11c |
+ EVP_CIPHER_CTX_init(aes_ctx->encryption_context);
|
|
|
76b11c |
+ EVP_CIPHER_CTX_init(aes_ctx->decryption_context);
|
|
|
76b11c |
+ if (EVP_EncryptInit_ex(aes_ctx->encryption_context, EVP_aes_256_cbc(), NULL, ukey, aes_iv) != 1
|
|
|
76b11c |
+ || EVP_DecryptInit_ex(aes_ctx->decryption_context, EVP_aes_256_cbc(), NULL, ukey, aes_iv) != 1)
|
|
|
76b11c |
{
|
|
|
76b11c |
- return false;
|
|
|
76b11c |
+ aes_free_key(aes_ctx);
|
|
|
76b11c |
+ return NULL;
|
|
|
76b11c |
}
|
|
|
76b11c |
- return true;
|
|
|
76b11c |
+
|
|
|
76b11c |
+ return aes_ctx;
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
-hashkit_string_st *aes_encrypt(encryption_context_t *crypto_context, const unsigned char *source,
|
|
|
76b11c |
- size_t source_length) {
|
|
|
76b11c |
- EVP_CIPHER_CTX *encryption_context = crypto_context->encryption_context;
|
|
|
76b11c |
+hashkit_string_st *aes_encrypt(aes_key_t *ctx, const char *source, size_t source_length) {
|
|
|
76b11c |
+ EVP_CIPHER_CTX *encryption_context = ctx->encryption_context;
|
|
|
76b11c |
int cipher_length = source_length + EVP_CIPHER_CTX_block_size(encryption_context);
|
|
|
76b11c |
int final_length = 0;
|
|
|
76b11c |
+ const unsigned char *usource = (const unsigned char *) source;
|
|
|
76b11c |
unsigned char *cipher_text = (unsigned char *) malloc(cipher_length);
|
|
|
76b11c |
- if (cipher_text == NULL) {
|
|
|
76b11c |
+ if (!cipher_text) {
|
|
|
76b11c |
return NULL;
|
|
|
76b11c |
}
|
|
|
76b11c |
if (EVP_EncryptInit_ex(encryption_context, NULL, NULL, NULL, NULL) != 1
|
|
|
76b11c |
- || EVP_EncryptUpdate(encryption_context, cipher_text, &cipher_length, source, source_length)
|
|
|
76b11c |
- != 1
|
|
|
76b11c |
+ || EVP_EncryptUpdate(encryption_context, cipher_text, &cipher_length, usource, source_length) != 1
|
|
|
76b11c |
|| EVP_EncryptFinal_ex(encryption_context, cipher_text + cipher_length, &final_length) != 1)
|
|
|
76b11c |
{
|
|
|
76b11c |
free(cipher_text);
|
|
|
76b11c |
@@ -72,7 +87,7 @@ hashkit_string_st *aes_encrypt(encryption_context_t *crypto_context, const unsig
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
hashkit_string_st *destination = hashkit_string_create(cipher_length + final_length);
|
|
|
76b11c |
- if (destination == NULL) {
|
|
|
76b11c |
+ if (!destination) {
|
|
|
76b11c |
return NULL;
|
|
|
76b11c |
}
|
|
|
76b11c |
char *dest = hashkit_string_c_str_mutable(destination);
|
|
|
76b11c |
@@ -81,28 +96,25 @@ hashkit_string_st *aes_encrypt(encryption_context_t *crypto_context, const unsig
|
|
|
76b11c |
return destination;
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
-hashkit_string_st *aes_decrypt(encryption_context_t *crypto_context, const unsigned char *source,
|
|
|
76b11c |
- size_t source_length) {
|
|
|
76b11c |
- EVP_CIPHER_CTX *decryption_context = crypto_context->decryption_context;
|
|
|
76b11c |
+hashkit_string_st *aes_decrypt(aes_key_t *ctx, const char *source, size_t source_length) {
|
|
|
76b11c |
+ EVP_CIPHER_CTX *decryption_context = ctx->decryption_context;
|
|
|
76b11c |
int plain_text_length = source_length;
|
|
|
76b11c |
int final_length = 0;
|
|
|
76b11c |
+ const unsigned char *usource = (const unsigned char *) source;
|
|
|
76b11c |
unsigned char *plain_text = (unsigned char *) malloc(plain_text_length);
|
|
|
76b11c |
- if (plain_text == NULL) {
|
|
|
76b11c |
+ if (!plain_text) {
|
|
|
76b11c |
return NULL;
|
|
|
76b11c |
}
|
|
|
76b11c |
if (EVP_DecryptInit_ex(decryption_context, NULL, NULL, NULL, NULL) != 1
|
|
|
76b11c |
- || EVP_DecryptUpdate(decryption_context, plain_text, &plain_text_length, source,
|
|
|
76b11c |
- source_length)
|
|
|
76b11c |
- != 1
|
|
|
76b11c |
- || EVP_DecryptFinal_ex(decryption_context, plain_text + plain_text_length, &final_length)
|
|
|
76b11c |
- != 1)
|
|
|
76b11c |
+ || EVP_DecryptUpdate(decryption_context, plain_text, &plain_text_length, usource, source_length) != 1
|
|
|
76b11c |
+ || EVP_DecryptFinal_ex(decryption_context, plain_text + plain_text_length, &final_length) != 1)
|
|
|
76b11c |
{
|
|
|
76b11c |
free(plain_text);
|
|
|
76b11c |
return NULL;
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
hashkit_string_st *destination = hashkit_string_create(plain_text_length + final_length);
|
|
|
76b11c |
- if (destination == NULL) {
|
|
|
76b11c |
+ if (!destination) {
|
|
|
76b11c |
return NULL;
|
|
|
76b11c |
}
|
|
|
76b11c |
char *dest = hashkit_string_c_str_mutable(destination);
|
|
|
76b11c |
@@ -111,22 +123,40 @@ hashkit_string_st *aes_decrypt(encryption_context_t *crypto_context, const unsig
|
|
|
76b11c |
return destination;
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
-encryption_context_t *aes_clone_cryptographic_context(encryption_context_t *source) {
|
|
|
76b11c |
- encryption_context_t *new_context = (encryption_context_t *) malloc(sizeof(encryption_context_t));
|
|
|
76b11c |
- if (new_context == NULL)
|
|
|
76b11c |
+aes_key_t *aes_clone_key(aes_key_t *old_context) {
|
|
|
76b11c |
+ if (!old_context) {
|
|
|
76b11c |
return NULL;
|
|
|
76b11c |
+ }
|
|
|
76b11c |
|
|
|
76b11c |
- new_context->encryption_context = EVP_CIPHER_CTX_new();
|
|
|
76b11c |
- new_context->decryption_context = EVP_CIPHER_CTX_new();
|
|
|
76b11c |
- if (new_context->encryption_context == NULL || new_context->decryption_context == NULL) {
|
|
|
76b11c |
- free(new_context);
|
|
|
76b11c |
- return NULL;
|
|
|
76b11c |
+ aes_key_t *new_context = (aes_key_t *) malloc(sizeof(aes_key_t));
|
|
|
76b11c |
+ if (new_context) {
|
|
|
76b11c |
+ new_context->encryption_context = EVP_CIPHER_CTX_new();
|
|
|
76b11c |
+ new_context->decryption_context = EVP_CIPHER_CTX_new();
|
|
|
76b11c |
+ if (!new_context->encryption_context || !new_context->decryption_context) {
|
|
|
76b11c |
+ aes_free_key(new_context);
|
|
|
76b11c |
+ return NULL;
|
|
|
76b11c |
+ }
|
|
|
76b11c |
+ EVP_CIPHER_CTX_copy(new_context->encryption_context, old_context->encryption_context);
|
|
|
76b11c |
+ EVP_CIPHER_CTX_copy(new_context->decryption_context, old_context->decryption_context);
|
|
|
76b11c |
}
|
|
|
76b11c |
- EVP_CIPHER_CTX_copy(new_context->encryption_context, source->encryption_context);
|
|
|
76b11c |
- EVP_CIPHER_CTX_copy(new_context->decryption_context, source->decryption_context);
|
|
|
76b11c |
+
|
|
|
76b11c |
return new_context;
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
+void aes_free_key(aes_key_t *context) {
|
|
|
76b11c |
+ if (context) {
|
|
|
76b11c |
+ if (context->encryption_context) {
|
|
|
76b11c |
+ EVP_CIPHER_CTX_free(context->encryption_context);
|
|
|
76b11c |
+ context->encryption_context = NULL;
|
|
|
76b11c |
+ }
|
|
|
76b11c |
+ if (context->decryption_context) {
|
|
|
76b11c |
+ EVP_CIPHER_CTX_free(context->decryption_context);
|
|
|
76b11c |
+ context->decryption_context = NULL;
|
|
|
76b11c |
+ }
|
|
|
76b11c |
+ free(context);
|
|
|
76b11c |
+ }
|
|
|
76b11c |
+}
|
|
|
76b11c |
+
|
|
|
76b11c |
#else
|
|
|
76b11c |
|
|
|
76b11c |
# include "libhashkit/rijndael.hpp"
|
|
|
76b11c |
@@ -172,7 +202,7 @@ aes_key_t *aes_create_key(const char *key, const size_t key_length) {
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
aes_key_t *aes_clone_key(aes_key_t *_aes_key) {
|
|
|
76b11c |
- if (_aes_key == NULL) {
|
|
|
76b11c |
+ if (!_aes_key) {
|
|
|
76b11c |
return NULL;
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
@@ -185,7 +215,7 @@ aes_key_t *aes_clone_key(aes_key_t *_aes_key) {
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
hashkit_string_st *aes_encrypt(aes_key_t *_aes_key, const char *source, size_t source_length) {
|
|
|
76b11c |
- if (_aes_key == NULL) {
|
|
|
76b11c |
+ if (!_aes_key) {
|
|
|
76b11c |
return NULL;
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
@@ -214,7 +244,7 @@ hashkit_string_st *aes_encrypt(aes_key_t *_aes_key, const char *source, size_t s
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
hashkit_string_st *aes_decrypt(aes_key_t *_aes_key, const char *source, size_t source_length) {
|
|
|
76b11c |
- if (_aes_key == NULL) {
|
|
|
76b11c |
+ if (!_aes_key) {
|
|
|
76b11c |
return NULL;
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
@@ -252,4 +282,11 @@ hashkit_string_st *aes_decrypt(aes_key_t *_aes_key, const char *source, size_t s
|
|
|
76b11c |
|
|
|
76b11c |
return destination;
|
|
|
76b11c |
}
|
|
|
76b11c |
+
|
|
|
76b11c |
+void aes_free_key(aes_key_t *key) {
|
|
|
76b11c |
+ if (key) {
|
|
|
76b11c |
+ free(key);
|
|
|
76b11c |
+ }
|
|
|
76b11c |
+}
|
|
|
76b11c |
+
|
|
|
76b11c |
#endif
|
|
|
76b11c |
diff --git a/src/libhashkit/aes.h b/src/libhashkit/aes.h
|
|
|
76b11c |
index 243d501f..4d3e6d7f 100644
|
|
|
76b11c |
--- a/src/libhashkit/aes.h
|
|
|
76b11c |
+++ b/src/libhashkit/aes.h
|
|
|
76b11c |
@@ -15,34 +15,14 @@
|
|
|
76b11c |
|
|
|
76b11c |
#pragma once
|
|
|
76b11c |
|
|
|
76b11c |
-#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
-
|
|
|
76b11c |
-#include <openssl/evp.h>
|
|
|
76b11c |
-
|
|
|
76b11c |
-typedef struct encryption_context {
|
|
|
76b11c |
- EVP_CIPHER_CTX *encryption_context;
|
|
|
76b11c |
- EVP_CIPHER_CTX *decryption_context;
|
|
|
76b11c |
-} encryption_context_t;
|
|
|
76b11c |
-
|
|
|
76b11c |
-hashkit_string_st *aes_encrypt(encryption_context_t *crypto_context, const unsigned char *source,
|
|
|
76b11c |
- size_t source_length);
|
|
|
76b11c |
-
|
|
|
76b11c |
-hashkit_string_st *aes_decrypt(encryption_context_t *crypto_context, const unsigned char *source,
|
|
|
76b11c |
- size_t source_length);
|
|
|
76b11c |
-
|
|
|
76b11c |
-bool aes_initialize(const unsigned char *key, const size_t key_length,
|
|
|
76b11c |
- encryption_context_t *crypto_context);
|
|
|
76b11c |
-
|
|
|
76b11c |
-encryption_context_t *aes_clone_cryptographic_context(encryption_context_t *source);
|
|
|
76b11c |
-#else
|
|
|
76b11c |
-
|
|
|
76b11c |
struct aes_key_t;
|
|
|
76b11c |
|
|
|
76b11c |
hashkit_string_st *aes_encrypt(aes_key_t *_aes_key, const char *source, size_t source_length);
|
|
|
76b11c |
|
|
|
76b11c |
hashkit_string_st *aes_decrypt(aes_key_t *_aes_key, const char *source, size_t source_length);
|
|
|
76b11c |
|
|
|
76b11c |
-aes_key_t *aes_create_key(const char *key, const size_t key_length);
|
|
|
76b11c |
+aes_key_t *aes_create_key(const char *key, size_t key_length);
|
|
|
76b11c |
|
|
|
76b11c |
aes_key_t *aes_clone_key(aes_key_t *_aes_key);
|
|
|
76b11c |
-#endif
|
|
|
76b11c |
+
|
|
|
76b11c |
+void aes_free_key(aes_key_t *_aes_key);
|
|
|
76b11c |
diff --git a/src/libhashkit/encrypt.cc b/src/libhashkit/encrypt.cc
|
|
|
76b11c |
index effa299f..ff269c05 100644
|
|
|
76b11c |
--- a/src/libhashkit/encrypt.cc
|
|
|
76b11c |
+++ b/src/libhashkit/encrypt.cc
|
|
|
76b11c |
@@ -15,50 +15,21 @@
|
|
|
76b11c |
|
|
|
76b11c |
#include "libhashkit/common.h"
|
|
|
76b11c |
|
|
|
76b11c |
-#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
-# include <openssl/evp.h>
|
|
|
76b11c |
-#endif
|
|
|
76b11c |
-
|
|
|
76b11c |
hashkit_string_st *hashkit_encrypt(hashkit_st *kit, const char *source, size_t source_length) {
|
|
|
76b11c |
-#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
- return aes_encrypt((encryption_context_t *) kit->_key,
|
|
|
76b11c |
- (const unsigned char *) source, source_length);
|
|
|
76b11c |
-#else
|
|
|
76b11c |
return aes_encrypt((aes_key_t *) kit->_key, source,
|
|
|
76b11c |
source_length);
|
|
|
76b11c |
-#endif
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
hashkit_string_st *hashkit_decrypt(hashkit_st *kit, const char *source, size_t source_length) {
|
|
|
76b11c |
-#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
- return aes_decrypt((encryption_context_t *) kit->_key,
|
|
|
76b11c |
- (const unsigned char *) source, source_length);
|
|
|
76b11c |
-#else
|
|
|
76b11c |
return aes_decrypt((aes_key_t *)kit->_key, source, source_length);
|
|
|
76b11c |
-#endif
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
-#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
-bool hashkit_key(hashkit_st *kit, const char *key, const size_t key_length) {
|
|
|
76b11c |
- kit->_key = (encryption_context_t *) malloc(sizeof(encryption_context_t));
|
|
|
76b11c |
- ((encryption_context_t *) kit->_key)->encryption_context = EVP_CIPHER_CTX_new();
|
|
|
76b11c |
- ((encryption_context_t *) kit->_key)->decryption_context = EVP_CIPHER_CTX_new();
|
|
|
76b11c |
- if (((encryption_context_t *) kit->_key)->encryption_context == NULL
|
|
|
76b11c |
- || ((encryption_context_t *) kit->_key)->decryption_context == NULL)
|
|
|
76b11c |
- {
|
|
|
76b11c |
- return false;
|
|
|
76b11c |
- }
|
|
|
76b11c |
- return aes_initialize((const unsigned char *) key, key_length,
|
|
|
76b11c |
- (encryption_context_t *) kit->_key);
|
|
|
76b11c |
-}
|
|
|
76b11c |
-#else
|
|
|
76b11c |
bool hashkit_key(hashkit_st *kit, const char *key, const size_t key_length) {
|
|
|
76b11c |
if (kit->_key) {
|
|
|
76b11c |
- free(kit->_key);
|
|
|
76b11c |
+ aes_free_key((aes_key_t *) kit->_key);
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
kit->_key = aes_create_key(key, key_length);
|
|
|
76b11c |
|
|
|
76b11c |
return bool(kit->_key);
|
|
|
76b11c |
}
|
|
|
76b11c |
-#endif
|
|
|
76b11c |
diff --git a/src/libhashkit/hashkit.cc b/src/libhashkit/hashkit.cc
|
|
|
76b11c |
index e61b014d..63b7f62e 100644
|
|
|
76b11c |
--- a/src/libhashkit/hashkit.cc
|
|
|
76b11c |
+++ b/src/libhashkit/hashkit.cc
|
|
|
76b11c |
@@ -15,10 +15,6 @@
|
|
|
76b11c |
|
|
|
76b11c |
#include "libhashkit/common.h"
|
|
|
76b11c |
|
|
|
76b11c |
-#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
-# include <openssl/evp.h>
|
|
|
76b11c |
-#endif
|
|
|
76b11c |
-
|
|
|
76b11c |
static inline void _hashkit_init(hashkit_st *self) {
|
|
|
76b11c |
self->base_hash.function = hashkit_one_at_a_time;
|
|
|
76b11c |
self->base_hash.context = NULL;
|
|
|
76b11c |
@@ -56,26 +52,11 @@ hashkit_st *hashkit_create(hashkit_st *self) {
|
|
|
76b11c |
return self;
|
|
|
76b11c |
}
|
|
|
76b11c |
|
|
|
76b11c |
-#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
-static void cryptographic_context_free(encryption_context_t *context) {
|
|
|
76b11c |
- EVP_CIPHER_CTX_free(context->encryption_context);
|
|
|
76b11c |
- EVP_CIPHER_CTX_free(context->decryption_context);
|
|
|
76b11c |
- free(context);
|
|
|
76b11c |
-}
|
|
|
76b11c |
-#endif
|
|
|
76b11c |
-
|
|
|
76b11c |
void hashkit_free(hashkit_st *self) {
|
|
|
76b11c |
-#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
if (self and self->_key) {
|
|
|
76b11c |
- cryptographic_context_free((encryption_context_t *)self->_key);
|
|
|
76b11c |
+ aes_free_key((aes_key_t *) self->_key);
|
|
|
76b11c |
self->_key = NULL;
|
|
|
76b11c |
}
|
|
|
76b11c |
-#else
|
|
|
76b11c |
- if (self and self->_key) {
|
|
|
76b11c |
- free(self->_key);
|
|
|
76b11c |
- self->_key = NULL;
|
|
|
76b11c |
- }
|
|
|
76b11c |
-#endif
|
|
|
76b11c |
|
|
|
76b11c |
if (hashkit_is_allocated(self)) {
|
|
|
76b11c |
free(self);
|
|
|
76b11c |
@@ -98,21 +79,7 @@ hashkit_st *hashkit_clone(hashkit_st *destination, const hashkit_st *source) {
|
|
|
76b11c |
destination->base_hash = source->base_hash;
|
|
|
76b11c |
destination->distribution_hash = source->distribution_hash;
|
|
|
76b11c |
destination->flags = source->flags;
|
|
|
76b11c |
-#ifdef HAVE_OPENSSL_CRYPTO
|
|
|
76b11c |
- if (destination->_key) {
|
|
|
76b11c |
- cryptographic_context_free((encryption_context_t *)destination->_key);
|
|
|
76b11c |
- destination->_key = NULL;
|
|
|
76b11c |
- }
|
|
|
76b11c |
- if (source->_key) {
|
|
|
76b11c |
- destination->_key =
|
|
|
76b11c |
- aes_clone_cryptographic_context(((encryption_context_t *) source->_key));
|
|
|
76b11c |
- if (destination->_key) {
|
|
|
76b11c |
-
|
|
|
76b11c |
- }
|
|
|
76b11c |
- }
|
|
|
76b11c |
-#else
|
|
|
76b11c |
- destination->_key = aes_clone_key(static_cast<aes_key_t *>(source->_key));
|
|
|
76b11c |
-#endif
|
|
|
76b11c |
+ destination->_key = aes_clone_key((aes_key_t *) source->_key);
|
|
|
76b11c |
|
|
|
76b11c |
return destination;
|
|
|
76b11c |
}
|
|
|
76b11c |
--
|
|
|
76b11c |
2.31.1
|
|
|
76b11c |
|