diff options
| author | Miloslav Trmač <mitr@redhat.com> | 2010-11-02 20:11:41 +0100 |
|---|---|---|
| committer | Miloslav Trmač <mitr@redhat.com> | 2010-11-02 20:11:41 +0100 |
| commit | 278a10d4af56af2af8fcb4aa81f492db6109ef58 (patch) | |
| tree | 4f349d2e3cb0c34507e23a1705ebbd5debae1a76 | |
| parent | fd80d48ded8f550f9d2853721b5200bde0d951fa (diff) | |
| download | ncrypto-278a10d4af56af2af8fcb4aa81f492db6109ef58.tar.gz ncrypto-278a10d4af56af2af8fcb4aa81f492db6109ef58.tar.xz ncrypto-278a10d4af56af2af8fcb4aa81f492db6109ef58.zip | |
Drop support for the *_CBC_PAD mechanisms.
| -rw-r--r-- | include/ncrypto/ncrypto.h | 3 | ||||
| -rw-r--r-- | lib/ncrypto_local.c | 16 | ||||
| -rw-r--r-- | tests/symm_ciphers.c | 1 |
3 files changed, 4 insertions, 16 deletions
diff --git a/include/ncrypto/ncrypto.h b/include/ncrypto/ncrypto.h index 76c695a..024d5a7 100644 --- a/include/ncrypto/ncrypto.h +++ b/include/ncrypto/ncrypto.h @@ -152,8 +152,7 @@ CK_RV ncr_digest_standalone (CK_MECHANISM_TYPE mech, void *dest, struct ncr_symm_cipher_session; -/* Note that for *_ECB and *_CBC, the input must be block-aligned. For - *_CBC_PAD, it does not have to be. */ +/* Note that for *_ECB and *_CBC, the input must be block-aligned. */ /* Session lifetime management. */ CK_RV ncr_symm_cipher_alloc (struct ncr_symm_cipher_session **sess, diff --git a/lib/ncrypto_local.c b/lib/ncrypto_local.c index 1e88d2a..da1ccab 100644 --- a/lib/ncrypto_local.c +++ b/lib/ncrypto_local.c @@ -466,7 +466,6 @@ struct ncr_symm_cipher_session { EVP_CIPHER_CTX ctx; CK_MECHANISM_TYPE mech; - size_t padding_size; /* Additional space to reserve for padding */ bool encrypting; /* Debugging only */ enum { NSCS_NEW, NSCS_INITIALIZED, NSCS_UPDATED, NSCS_FINISHED } state; @@ -508,7 +507,6 @@ symm_cipher_init (struct ncr_symm_cipher_session *sess, bool encrypt, size_t param_size) { const EVP_CIPHER *type; - bool padding; g_return_val_if_fail (sess != NULL, CKR_SESSION_HANDLE_INVALID); g_return_val_if_fail (sess->state == NSCS_NEW || sess->state == NSCS_FINISHED, @@ -536,15 +534,12 @@ symm_cipher_init (struct ncr_symm_cipher_session *sess, bool encrypt, g_return_val_if_fail (key->type == CKK_AES, CKR_KEY_TYPE_INCONSISTENT); g_return_val_if_fail (param_size == 0, CKR_MECHANISM_PARAM_INVALID); AES_SWITCH (ecb); - padding = false; break; case CKM_AES_CBC: - case CKM_AES_CBC_PAD: g_return_val_if_fail (key->type == CKK_AES, CKR_KEY_TYPE_INCONSISTENT); g_return_val_if_fail (param_size == 16, CKR_MECHANISM_PARAM_INVALID); AES_SWITCH (cbc); - padding = sess->mech == CKM_AES_CBC_PAD; break; #undef AES_ENTRY @@ -553,16 +548,13 @@ symm_cipher_init (struct ncr_symm_cipher_session *sess, bool encrypt, g_return_val_if_fail (key->size == 24, CKR_KEY_SIZE_RANGE); g_return_val_if_fail (param_size == 0, CKR_MECHANISM_PARAM_INVALID); type = EVP_des_ede3 (); - padding = false; break; case CKM_DES3_CBC: - case CKM_DES3_CBC_PAD: g_return_val_if_fail (key->type == CKK_DES3, CKR_KEY_TYPE_INCONSISTENT); g_return_val_if_fail (key->size == 24, CKR_KEY_SIZE_RANGE); g_return_val_if_fail (param_size == 8, CKR_MECHANISM_PARAM_INVALID); type = EVP_des_ede3_cbc (); - padding = sess->mech == CKM_DES3_CBC_PAD; break; default: @@ -572,10 +564,9 @@ symm_cipher_init (struct ncr_symm_cipher_session *sess, bool encrypt, if (EVP_CipherInit_ex (&sess->ctx, type, NULL, key->value, param_size != 0 ? param : NULL, encrypt ? 1 : 0) == 0) return ckr_openssl (); - if (!padding && EVP_CIPHER_CTX_set_padding (&sess->ctx, 0) == 0) + if (EVP_CIPHER_CTX_set_padding (&sess->ctx, 0) == 0) return ckr_openssl (); - sess->padding_size = padding ? EVP_CIPHER_block_size (type) : 0; sess->encrypting = encrypt; sess->state = NSCS_INITIALIZED; return CKR_OK; @@ -598,7 +589,7 @@ symm_cipher_update (struct ncr_symm_cipher_session *sess, bool encrypt, if (dest == NULL) { - *dest_size_ptr = src_size + sess->padding_size; + *dest_size_ptr = src_size; return CKR_OK; } if (*dest_size_ptr < src_size) /* FIXME? this does not handle partial data */ @@ -634,10 +625,9 @@ do_symm_cipher_update_final (struct ncr_symm_cipher_session *sess, if (dest == NULL) { - *dest_size_ptr = src_size + sess->padding_size; + *dest_size_ptr = src_size; return CKR_OK; } - /* FIXME? this does not handle partial data or padding. */ if (*dest_size_ptr < src_size) { *dest_size_ptr = src_size; diff --git a/tests/symm_ciphers.c b/tests/symm_ciphers.c index 0722a0e..27a9752 100644 --- a/tests/symm_ciphers.c +++ b/tests/symm_ciphers.c @@ -49,7 +49,6 @@ struct tv size_t output_size; }; -/* FIXME: Test CBC_PAD as well. */ static const struct tv tvs[] = { #define TV(M, GM, K, KEY, IV, IN, OUT) \ |