summaryrefslogtreecommitdiff
blob: c85e3750a1b58563406ff98be7cf916306390b1c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
Backport of https://github.com/cisco/libsrtp/commit/1acba569915d8124b627a29dd5e3500332618eac

--- a/crypto/cipher/aes_gcm_ossl.c	2018-06-10 18:51:02 UTC
+++ b/crypto/cipher/aes_gcm_ossl.c
@@ -187,22 +187,28 @@ err_status_t aes_gcm_openssl_dealloc (cipher_t *c)
  */
 err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key)
 {
+    const EVP_CIPHER *evp;
+
     c->dir = direction_any;
 
-    /* copy key to be used later when CiscoSSL crypto context is created */
-    v128_copy_octet_string((v128_t*)&c->key, key);
+    debug_print(mod_aes_gcm, "key:  %s", octet_string_hex_string(key, c->key_size));
 
-    if (c->key_size == AES_256_KEYSIZE) {
-        debug_print(mod_aes_gcm, "Copying last 16 bytes of key: %s",
-                    v128_hex_string((v128_t*)(key + AES_128_KEYSIZE)));
-        v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, 
-		               key + AES_128_KEYSIZE);
+    switch (c->key_size) {
+    case AES_256_KEYSIZE:
+        evp = EVP_aes_256_gcm();
+        break;
+    case AES_128_KEYSIZE:
+        evp = EVP_aes_128_gcm();
+        break;
+    default:
+        return (err_status_bad_param);
+        break;
     }
 
-    debug_print(mod_aes_gcm, "key:  %s", v128_hex_string((v128_t*)&c->key));
+    if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, key, NULL, 0)) {
+        return (err_status_init_fail);
+    }
 
-    EVP_CIPHER_CTX_cleanup(&c->ctx);
-
     return (err_status_ok);
 }
 
@@ -214,8 +220,6 @@ err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx
 err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv,
 	                             int direction)
 {
-    const EVP_CIPHER *evp;
-
     if (direction != direction_encrypt && direction != direction_decrypt) {
         return (err_status_bad_param);
     }
@@ -223,19 +227,7 @@ err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c,
 
     debug_print(mod_aes_gcm, "setting iv: %s", v128_hex_string(iv));
 
-    switch (c->key_size) {
-    case AES_256_KEYSIZE:
-        evp = EVP_aes_256_gcm();
-        break;
-    case AES_128_KEYSIZE:
-        evp = EVP_aes_128_gcm();
-        break;
-    default:
-        return (err_status_bad_param);
-        break;
-    }
-
-    if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, (const unsigned char*)&c->key.v8,
+    if (!EVP_CipherInit_ex(&c->ctx, NULL, NULL, NULL,
                            NULL, (c->dir == direction_encrypt ? 1 : 0))) {
         return (err_status_init_fail);
     }
--- a/crypto/include/aes_gcm_ossl.h	2017-08-01 11:57:38 UTC
+++ b/crypto/include/aes_gcm_ossl.h
@@ -52,7 +52,6 @@
 #include <openssl/aes.h>
 
 typedef struct {
-  v256_t   key;
   int      key_size;
   int      tag_len;
   EVP_CIPHER_CTX ctx;