88
88
i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), salt, key_data,
89
89
key_data_len, nrounds, key, iv);
91
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
92
"oidc_crypto_init: key size must be 256 bits!");
91
oidc_serror(s, "key size must be 256 bits!");
100
99
EVP_CIPHER_CTX_init(cfg->encrypt_ctx);
101
100
if (!EVP_EncryptInit_ex(cfg->encrypt_ctx, EVP_aes_256_cbc(), NULL, key,
103
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
104
"oidc_crypto_init: EVP_EncryptInit_ex on the encrypt context failed: %s", ERR_error_string(ERR_get_error(), NULL));
102
oidc_serror(s, "EVP_EncryptInit_ex on the encrypt context failed: %s",
103
ERR_error_string(ERR_get_error(), NULL));
109
108
EVP_CIPHER_CTX_init(cfg->decrypt_ctx);
110
109
if (!EVP_DecryptInit_ex(cfg->decrypt_ctx, EVP_aes_256_cbc(), NULL, key,
112
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
113
"oidc_crypto_init: EVP_DecryptInit_ex on the decrypt context failed: %s", ERR_error_string(ERR_get_error(), NULL));
111
oidc_serror(s, "EVP_DecryptInit_ex on the decrypt context failed: %s",
112
ERR_error_string(ERR_get_error(), NULL));
123
122
unsigned char *oidc_crypto_aes_encrypt(request_rec *r, oidc_cfg *cfg,
124
123
unsigned char *plaintext, int *len) {
126
if (oidc_crypto_init(cfg, r->server) == FALSE) return NULL;
125
if (oidc_crypto_init(cfg, r->server) == FALSE)
128
128
/* max ciphertext len for a n bytes of plaintext is n + AES_BLOCK_SIZE -1 bytes */
129
129
int c_len = *len + AES_BLOCK_SIZE, f_len = 0;
132
132
/* allows reusing of 'e' for multiple encryption cycles */
133
133
if (!EVP_EncryptInit_ex(cfg->encrypt_ctx, NULL, NULL, NULL, NULL)) {
134
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
135
"oidc_crypto_aes_encrypt: EVP_EncryptInit_ex failed: %s", ERR_error_string(ERR_get_error(), NULL));
134
oidc_error(r, "EVP_EncryptInit_ex failed: %s",
135
ERR_error_string(ERR_get_error(), NULL));
139
139
/* update ciphertext, c_len is filled with the length of ciphertext generated, len is the size of plaintext in bytes */
140
140
if (!EVP_EncryptUpdate(cfg->encrypt_ctx, ciphertext, &c_len, plaintext,
142
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
143
"oidc_crypto_aes_encrypt: EVP_EncryptUpdate failed: %s", ERR_error_string(ERR_get_error(), NULL));
142
oidc_error(r, "EVP_EncryptUpdate failed: %s",
143
ERR_error_string(ERR_get_error(), NULL));
147
147
/* update ciphertext with the final remaining bytes */
148
148
if (!EVP_EncryptFinal_ex(cfg->encrypt_ctx, ciphertext + c_len, &f_len)) {
149
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
150
"oidc_crypto_aes_encrypt: EVP_EncryptFinal_ex failed: %s", ERR_error_string(ERR_get_error(), NULL));
149
oidc_error(r, "EVP_EncryptFinal_ex failed: %s",
150
ERR_error_string(ERR_get_error(), NULL));
162
162
unsigned char *oidc_crypto_aes_decrypt(request_rec *r, oidc_cfg *cfg,
163
163
unsigned char *ciphertext, int *len) {
165
if (oidc_crypto_init(cfg, r->server) == FALSE) return NULL;
165
if (oidc_crypto_init(cfg, r->server) == FALSE)
167
168
/* because we have padding ON, we must allocate an extra cipher block size of memory */
168
169
int p_len = *len, f_len = 0;
171
172
/* allows reusing of 'e' for multiple encryption cycles */
172
173
if (!EVP_DecryptInit_ex(cfg->decrypt_ctx, NULL, NULL, NULL, NULL)) {
173
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
174
"oidc_crypto_aes_decrypt: EVP_DecryptInit_ex failed: %s", ERR_error_string(ERR_get_error(), NULL));
174
oidc_error(r, "EVP_DecryptInit_ex failed: %s",
175
ERR_error_string(ERR_get_error(), NULL));
178
179
/* update plaintext, p_len is filled with the length of plaintext generated, len is the size of ciphertext in bytes */
179
180
if (!EVP_DecryptUpdate(cfg->decrypt_ctx, plaintext, &p_len, ciphertext,
181
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
182
"oidc_crypto_aes_decrypt: EVP_DecryptUpdate failed: %s", ERR_error_string(ERR_get_error(), NULL));
182
oidc_error(r, "EVP_DecryptUpdate failed: %s",
183
ERR_error_string(ERR_get_error(), NULL));
186
187
/* update plaintext with the final remaining bytes */
187
188
if (!EVP_DecryptFinal_ex(cfg->decrypt_ctx, plaintext + p_len, &f_len)) {
188
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
189
"oidc_crypto_aes_decrypt: EVP_DecryptFinal_ex failed: %s", ERR_error_string(ERR_get_error(), NULL));
189
oidc_error(r, "EVP_DecryptFinal_ex failed: %s",
190
ERR_error_string(ERR_get_error(), NULL));