Add support for OpenSSL 1.1.0
With OpenSSL 1.1.0, some of the functions were deprecated, such
as EVP_CIPHER_CTX_cleanup.
Replace EVP_CIPHER_CTX_cleanup with EVP_CIPHER_CTX_free and
replace EVP_CIPHER_CTX_init with EVP_CIPHER_CTX_new as these
are the new recommended interfaces.
These exist in OpenSSL 1.0.2 already so this change is
backward compatible.
Resolves openbmc/openbmc#3135
Change-Id: I937d19708b10c33d9544f27af47963634c2bd36b
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
diff --git a/crypt_algo.cpp b/crypt_algo.cpp
index 21a2ff6..90ba26a 100644
--- a/crypt_algo.cpp
+++ b/crypt_algo.cpp
@@ -90,18 +90,16 @@
const uint8_t* input,
const int inputLen) const
{
- EVP_CIPHER_CTX ctx;
-
// Initializes Cipher context
- EVP_CIPHER_CTX_init(&ctx);
+ EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
auto cleanupFunc = [](EVP_CIPHER_CTX* ctx)
{
- EVP_CIPHER_CTX_cleanup(ctx);
+ EVP_CIPHER_CTX_free(ctx);
};
std::unique_ptr<EVP_CIPHER_CTX, decltype(cleanupFunc)>
- ctxPtr(&ctx, cleanupFunc);
+ ctxPtr(ctx, cleanupFunc);
/*
* EVP_DecryptInit_ex sets up cipher context ctx for encryption with type
@@ -156,18 +154,16 @@
throw std::runtime_error("RAND_bytes failed");
}
- EVP_CIPHER_CTX ctx;
-
// Initializes Cipher context
- EVP_CIPHER_CTX_init(&ctx);
+ EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
auto cleanupFunc = [](EVP_CIPHER_CTX* ctx)
{
- EVP_CIPHER_CTX_cleanup(ctx);
+ EVP_CIPHER_CTX_free(ctx);
};
std::unique_ptr<EVP_CIPHER_CTX, decltype(cleanupFunc)>
- ctxPtr(&ctx, cleanupFunc);
+ ctxPtr(ctx, cleanupFunc);
/*
* EVP_EncryptInit_ex sets up cipher context ctx for encryption with type
diff --git a/test/cipher.cpp b/test/cipher.cpp
index 3fa985c..432612e 100644
--- a/test/cipher.cpp
+++ b/test/cipher.cpp
@@ -392,32 +392,31 @@
* implementation
*/
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
- if (!EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, k2.data(),
+ EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
+ if (!EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, k2.data(),
cipher.data()))
{
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
FAIL() << "EVP_DecryptInit_ex failed for type AES-CBC-128";
}
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
std::vector<uint8_t> output(
cipher.size() + cipher::crypt::AlgoAES128::AESCBC128BlockSize);
int outputLen = 0;
- if (!EVP_DecryptUpdate(&ctx, output.data(), &outputLen,
+ if (!EVP_DecryptUpdate(ctx, output.data(), &outputLen,
cipher.data() +
cipher::crypt::AlgoAES128::AESCBC128ConfHeader,
cipher.size() -
cipher::crypt::AlgoAES128::AESCBC128ConfHeader))
{
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
FAIL() << "EVP_DecryptUpdate failed";
}
output.resize(outputLen);
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
/*
* Step -3 Check if the plain payload matches with the decrypted one
@@ -441,8 +440,8 @@
// Hardcoded Session Integrity Key
std::vector<uint8_t> sik = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
13, 14, 15, 16, 17, 18, 19, 20 };
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
+ EVP_CIPHER_CTX* ctx;
+ ctx = EVP_CIPHER_CTX_new();
std::vector<uint8_t> k2(SHA_DIGEST_LENGTH);
unsigned int mdLen = 0;
constexpr rmcp::Const_n const1 = { 0x02, 0x02, 0x02, 0x02, 0x02,
@@ -467,29 +466,29 @@
FAIL() << "Generating K2 for confidentiality algorithm failed";
}
- if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, k2.data(),
+ if (!EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, k2.data(),
output.data()))
{
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
FAIL() << "EVP_EncryptInit_ex failed for type AES-CBC-128";
}
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
int outputLen = 0;
- if (!EVP_EncryptUpdate(&ctx,
+ if (!EVP_EncryptUpdate(ctx,
output.data() +
cipher::crypt::AlgoAES128::AESCBC128ConfHeader,
&outputLen,
payload.data(),
payload.size()))
{
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
FAIL() << "EVP_EncryptUpdate failed";
}
output.resize(cipher::crypt::AlgoAES128::AESCBC128ConfHeader + outputLen);
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
/*
* Step-2 Decrypt the encrypted payload using the implemented API for