[COMMIT] branch master updated. v1.21.0.0-44-gb3cacf62c - git-lng-odp

16 Apr 2019

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, master has been updated
       via  b3cacf62c188e2d2696bb6993a9328127274b9b0 (commit)
      from  6811aabac773f935d5eedcd7d781eeb3cf06056f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b3cacf62c188e2d2696bb6993a9328127274b9b0
Author: Dmitry Eremin-Solenikov deremin-solenikov@cavium.com
Date:   Sat Apr 6 12:28:30 2019 +0300
linux-gen: crypto: fix AES-GMAC with OpenSSL 1.1.1b
OpenSSL 1.1.1b (and master branches) have changed semantics of
    EVP_En/Decrypt operations by diallowing now to call EVP_Decrypt on the
    context initialized with EVP_EncryptInit_ex (which was allowed before).
Fix this by calling corresponding function for data processing.
Signed-off-by: Dmitry Eremin-Solenikov deremin-solenikov@cavium.com
    Reviewed-by: Matias Elo matias.elo@nokia.com

diff --git a/platform/linux-generic/odp_crypto_openssl.c b/platform/linux-generic/odp_crypto_openssl.c
index 7507f1aa8..b7cce4a39 100644
--- a/platform/linux-generic/odp_crypto_openssl.c
+++ b/platform/linux-generic/odp_crypto_openssl.c
@@ -621,7 +621,8 @@ odp_crypto_alg_err_t auth_cmac_check(odp_packet_t pkt,
 static
 int internal_aad(EVP_CIPHER_CTX *ctx,
    	 odp_packet_t pkt,
-		 const odp_crypto_packet_op_param_t *param)
+		 const odp_crypto_packet_op_param_t *param,
+		 odp_bool_t encrypt)
 {
    uint32_t offset = param->auth_range.offset;
    uint32_t len   = param->auth_range.length;
@@ -635,12 +636,18 @@ int internal_aad(EVP_CIPHER_CTX *ctx,
    	void *mapaddr = odp_packet_offset(pkt, offset, &seglen, NULL);
    	uint32_t maclen = len > seglen ? seglen : len;
-		EVP_EncryptUpdate(ctx, NULL, &dummy_len, mapaddr, maclen);
+		if (encrypt)
+			EVP_EncryptUpdate(ctx, NULL, &dummy_len, mapaddr, maclen);
+		else
+			EVP_DecryptUpdate(ctx, NULL, &dummy_len, mapaddr, maclen);
    	offset  += maclen;
    	len     -= maclen;
    }
-	ret = EVP_EncryptFinal_ex(ctx, NULL, &dummy_len);
+	if (encrypt)
+		ret = EVP_EncryptFinal_ex(ctx, NULL, &dummy_len);
+	else
+		ret = EVP_DecryptFinal_ex(ctx, NULL, &dummy_len);
return ret;
 }
@@ -1019,7 +1026,7 @@ odp_crypto_alg_err_t aes_gmac_gen(odp_packet_t pkt,
EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
-	ret = internal_aad(ctx, pkt, param);
+	ret = internal_aad(ctx, pkt, param, true);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG,
    		    session->p.auth_digest_len, block);
@@ -1068,7 +1075,7 @@ odp_crypto_alg_err_t aes_gmac_check(odp_packet_t pkt,
    _odp_packet_set_data(pkt, param->hash_result_offset,
    		     0, session->p.auth_digest_len);
-	ret = internal_aad(ctx, pkt, param);
+	ret = internal_aad(ctx, pkt, param, false);
return ret <= 0 ? ODP_CRYPTO_ALG_ERR_ICV_CHECK :
    		  ODP_CRYPTO_ALG_ERR_NONE;
-----------------------------------------------------------------------
Summary of changes:
 platform/linux-generic/odp_crypto_openssl.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)
hooks/post-receive
-- 


    