~ubuntu-branches/ubuntu/vivid/libapache2-mod-auth-openidc/vivid-proposed
» Revision
5
: src/crypto.c
« back to all changes in this revision
Viewing changes to src/crypto.c
- browse files at revision 5
- compare with another revision
- download diff
- download tarball
- view history from revision 5
- Committer: Package Import Robot
- Author(s): Hans Zandbelt
- Date: 2014-10-13 12:23:35 UTC
- mfrom: (1.1.3)
- Revision ID: package-import@ubuntu.com-20141013122335-31wgnq50ascmubib
Tags: 1.6.0-1
new upstream release; add libssl-dev dependency
- files modified:
- AUTHORS
added
removed
src/crypto.c
88
88
i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), salt, key_data,
89
89
key_data_len, nrounds, key, iv);
90
90
if (i != 32) {
91
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
92
"oidc_crypto_init: key size must be 256 bits!");
91
oidc_serror(s, "key size must be 256 bits!");
93
92
return FALSE;
94
93
}
95
94
100
99
EVP_CIPHER_CTX_init(cfg->encrypt_ctx);
101
100
if (!EVP_EncryptInit_ex(cfg->encrypt_ctx, EVP_aes_256_cbc(), NULL, key,
102
101
iv)) {
103
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
104
"oidc_crypto_init: EVP_EncryptInit_ex on the encrypt context failed: %s", ERR_error_string(ERR_get_error(), NULL));
102
oidc_serror(s, "EVP_EncryptInit_ex on the encrypt context failed: %s",
103
ERR_error_string(ERR_get_error(), NULL));
105
104
return FALSE;
106
105
}
107
106
109
108
EVP_CIPHER_CTX_init(cfg->decrypt_ctx);
110
109
if (!EVP_DecryptInit_ex(cfg->decrypt_ctx, EVP_aes_256_cbc(), NULL, key,
111
110
iv)) {
112
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
113
"oidc_crypto_init: EVP_DecryptInit_ex on the decrypt context failed: %s", ERR_error_string(ERR_get_error(), NULL));
111
oidc_serror(s, "EVP_DecryptInit_ex on the decrypt context failed: %s",
112
ERR_error_string(ERR_get_error(), NULL));
114
113
return FALSE;
115
114
}
116
115
123
122
unsigned char *oidc_crypto_aes_encrypt(request_rec *r, oidc_cfg *cfg,
124
123
unsigned char *plaintext, int *len) {
125
124
126
if (oidc_crypto_init(cfg, r->server) == FALSE) return NULL;
125
if (oidc_crypto_init(cfg, r->server) == FALSE)
126
return NULL;
127
127
128
128
/* max ciphertext len for a n bytes of plaintext is n + AES_BLOCK_SIZE -1 bytes */
129
129
int c_len = *len + AES_BLOCK_SIZE, f_len = 0;
131
131
132
132
/* allows reusing of 'e' for multiple encryption cycles */
133
133
if (!EVP_EncryptInit_ex(cfg->encrypt_ctx, NULL, NULL, NULL, NULL)) {
134
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
135
"oidc_crypto_aes_encrypt: EVP_EncryptInit_ex failed: %s", ERR_error_string(ERR_get_error(), NULL));
134
oidc_error(r, "EVP_EncryptInit_ex failed: %s",
135
ERR_error_string(ERR_get_error(), NULL));
136
136
return NULL;
137
137
}
138
138
139
139
/* update ciphertext, c_len is filled with the length of ciphertext generated, len is the size of plaintext in bytes */
140
140
if (!EVP_EncryptUpdate(cfg->encrypt_ctx, ciphertext, &c_len, plaintext,
141
141
*len)) {
142
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
143
"oidc_crypto_aes_encrypt: EVP_EncryptUpdate failed: %s", ERR_error_string(ERR_get_error(), NULL));
142
oidc_error(r, "EVP_EncryptUpdate failed: %s",
143
ERR_error_string(ERR_get_error(), NULL));
144
144
return NULL;
145
145
}
146
146
147
147
/* update ciphertext with the final remaining bytes */
148
148
if (!EVP_EncryptFinal_ex(cfg->encrypt_ctx, ciphertext + c_len, &f_len)) {
149
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
150
"oidc_crypto_aes_encrypt: EVP_EncryptFinal_ex failed: %s", ERR_error_string(ERR_get_error(), NULL));
149
oidc_error(r, "EVP_EncryptFinal_ex failed: %s",
150
ERR_error_string(ERR_get_error(), NULL));
151
151
return NULL;
152
152
}
153
153
162
162
unsigned char *oidc_crypto_aes_decrypt(request_rec *r, oidc_cfg *cfg,
163
163
unsigned char *ciphertext, int *len) {
164
164
165
if (oidc_crypto_init(cfg, r->server) == FALSE) return NULL;
165
if (oidc_crypto_init(cfg, r->server) == FALSE)
166
return NULL;
166
167
167
168
/* because we have padding ON, we must allocate an extra cipher block size of memory */
168
169
int p_len = *len, f_len = 0;
170
171
171
172
/* allows reusing of 'e' for multiple encryption cycles */
172
173
if (!EVP_DecryptInit_ex(cfg->decrypt_ctx, NULL, NULL, NULL, NULL)) {
173
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
174
"oidc_crypto_aes_decrypt: EVP_DecryptInit_ex failed: %s", ERR_error_string(ERR_get_error(), NULL));
174
oidc_error(r, "EVP_DecryptInit_ex failed: %s",
175
ERR_error_string(ERR_get_error(), NULL));
175
176
return NULL;
176
177
}
177
178
178
179
/* update plaintext, p_len is filled with the length of plaintext generated, len is the size of ciphertext in bytes */
179
180
if (!EVP_DecryptUpdate(cfg->decrypt_ctx, plaintext, &p_len, ciphertext,
180
181
*len)) {
181
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
182
"oidc_crypto_aes_decrypt: EVP_DecryptUpdate failed: %s", ERR_error_string(ERR_get_error(), NULL));
182
oidc_error(r, "EVP_DecryptUpdate failed: %s",
183
ERR_error_string(ERR_get_error(), NULL));
183
184
return NULL;
184
185
}
185
186
186
187
/* update plaintext with the final remaining bytes */
187
188
if (!EVP_DecryptFinal_ex(cfg->decrypt_ctx, plaintext + p_len, &f_len)) {
188
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
189
"oidc_crypto_aes_decrypt: EVP_DecryptFinal_ex failed: %s", ERR_error_string(ERR_get_error(), NULL));
189
oidc_error(r, "EVP_DecryptFinal_ex failed: %s",
190
ERR_error_string(ERR_get_error(), NULL));
190
191
return NULL;
191
192
}
192
193
Loggerhead is a web-based interface for Breezy
Version: 2.0.1