On Mon, Jul 11, 2005 at 02:59:54PM +0300, Marko Kreen wrote:
> On Mon, Jul 11, 2005 at 05:50:32AM -0500, Andrew Dunstan wrote:
> > Marko Kreen said:
> > http://www.pgbuildfarm.org/cgi-bin/show_log.pl?nm=canary&dt=2005-07-11%2002:30:00>
> > > NetBSD 1.6 with older OpenSSL. OpenSSL < 0.9.7 does not have
> > > AES, but most of PGP tests use it as it is the preferred cipher.
> > > And the AES tests fails anyway. I guess it can stay as expected
> > > failure.
> >
> > Please try to avoid expected failures if possible. If you must have them,
> > move them into a test file of their own. Consider the possibility of using
> > alternative .out files.
>
> I need either to use included rijndael.c for AES with older
> OpenSSL or rerun all tests to be Blowfish-only.
>
> I want to standardise on AES so the former is preferred.
>
> Now there's a choice:
>
> 1. Check OpenSSL version in main configure
> 2. #include "rijndael.c" in openssl.c
>
> I guess 1. is nicer. I try to hack something together.
I tried 1. but that was messing with main build system for no
good reason. As the openssl.c would still be mess, so I went
with 2.
Result is - it's not so bad. As I used rijndael.c to provide
OpenSSL's own interface, I even got rid of all the ifdefs inside
the code.
--
marko
Index: contrib/pgcrypto/openssl.c
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/openssl.c,v
retrieving revision 1.22
diff -u -c -r1.22 openssl.c
*** contrib/pgcrypto/openssl.c 10 Jul 2005 13:54:34 -0000 1.22
--- contrib/pgcrypto/openssl.c 11 Jul 2005 13:02:00 -0000
***************
*** 44,53 ****
/*
* Does OpenSSL support AES?
*/
- #undef GOT_AES
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
! #define GOT_AES
#include <openssl/aes.h>
#endif
/*
--- 44,89 ----
/*
* Does OpenSSL support AES?
*/
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
!
! /* Yes, it does. */
#include <openssl/aes.h>
+
+ #else
+
+ /*
+ * No, it does not. So use included rijndael code to emulate it.
+ */
+ #include "rijndael.c"
+
+ #define AES_ENCRYPT 1
+ #define AES_DECRYPT 0
+ #define AES_KEY rijndael_ctx
+
+ #define AES_set_encrypt_key(key, kbits, ctx) \
+ aes_set_key((ctx), (key), (kbits), 1)
+
+ #define AES_set_decrypt_key(key, kbits, ctx) \
+ aes_set_key((ctx), (key), (kbits), 0)
+
+ #define AES_ecb_encrypt(src, dst, ctx, enc) \
+ do { \
+ memcpy((dst), (src), 16); \
+ if (enc) \
+ aes_ecb_encrypt((ctx), (dst), 16); \
+ else \
+ aes_ecb_decrypt((ctx), (dst), 16); \
+ } while (0)
+
+ #define AES_cbc_encrypt(src, dst, len, ctx, iv, enc) \
+ do { \
+ memcpy((dst), (src), (len)); \
+ if (enc) \
+ aes_cbc_encrypt((ctx), (iv), (dst), (len)); \
+ else \
+ aes_cbc_decrypt((ctx), (iv), (dst), (len)); \
+ } while (0)
+
#endif
/*
***************
*** 205,213 ****
DES_key_schedule k1, k2, k3;
} des3;
CAST_KEY cast_key;
- #ifdef GOT_AES
AES_KEY aes_key;
- #endif
} u;
uint8 key[EVP_MAX_KEY_LENGTH];
uint8 iv[EVP_MAX_IV_LENGTH];
--- 241,247 ----
***************
*** 549,556 ****
/* AES */
- #ifdef GOT_AES
-
static int
ossl_aes_init(PX_Cipher * c, const uint8 *key, unsigned klen, const uint8 *iv)
{
--- 583,588 ----
***************
*** 642,648 ****
AES_cbc_encrypt(data, res, dlen, &od->u.aes_key, od->iv, AES_DECRYPT);
return 0;
}
- #endif
/*
* aliases
--- 674,679 ----
***************
*** 711,717 ****
64 / 8, 128 / 8, 0
};
- #ifdef GOT_AES
static const struct ossl_cipher ossl_aes_ecb = {
ossl_aes_init, ossl_aes_ecb_encrypt, ossl_aes_ecb_decrypt,
128 / 8, 256 / 8, 0
--- 742,747 ----
***************
*** 721,727 ****
ossl_aes_init, ossl_aes_cbc_encrypt, ossl_aes_cbc_decrypt,
128 / 8, 256 / 8, 0
};
- #endif
/*
* Special handlers
--- 751,756 ----
***************
*** 742,751 ****
{"des3-cbc", &ossl_des3_cbc},
{"cast5-ecb", &ossl_cast_ecb},
{"cast5-cbc", &ossl_cast_cbc},
- #ifdef GOT_AES
{"aes-ecb", &ossl_aes_ecb},
{"aes-cbc", &ossl_aes_cbc},
- #endif
{NULL}
};
--- 771,778 ----
---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings
