On Mon, Jul 11, 2005 at 02:59:54PM +0300, Marko Kreen wrote: > On Mon, Jul 11, 2005 at 05:50:32AM -0500, Andrew Dunstan wrote: > > Marko Kreen said: > > http://www.pgbuildfarm.org/cgi-bin/show_log.pl?nm=canary&dt=2005-07-11%2002:30:00> > > > NetBSD 1.6 with older OpenSSL. OpenSSL < 0.9.7 does not have > > > AES, but most of PGP tests use it as it is the preferred cipher. > > > And the AES tests fails anyway. I guess it can stay as expected > > > failure. > > > > Please try to avoid expected failures if possible. If you must have them, > > move them into a test file of their own. Consider the possibility of using > > alternative .out files. > > I need either to use included rijndael.c for AES with older > OpenSSL or rerun all tests to be Blowfish-only. > > I want to standardise on AES so the former is preferred. > > Now there's a choice: > > 1. Check OpenSSL version in main configure > 2. #include "rijndael.c" in openssl.c > > I guess 1. is nicer. I try to hack something together.
I tried 1. but that was messing with main build system for no good reason. As the openssl.c would still be mess, so I went with 2. Result is - it's not so bad. As I used rijndael.c to provide OpenSSL's own interface, I even got rid of all the ifdefs inside the code. -- marko
Index: contrib/pgcrypto/openssl.c =================================================================== RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/openssl.c,v retrieving revision 1.22 diff -u -c -r1.22 openssl.c *** contrib/pgcrypto/openssl.c 10 Jul 2005 13:54:34 -0000 1.22 --- contrib/pgcrypto/openssl.c 11 Jul 2005 13:02:00 -0000 *************** *** 44,53 **** /* * Does OpenSSL support AES? */ - #undef GOT_AES #if OPENSSL_VERSION_NUMBER >= 0x00907000L ! #define GOT_AES #include <openssl/aes.h> #endif /* --- 44,89 ---- /* * Does OpenSSL support AES? */ #if OPENSSL_VERSION_NUMBER >= 0x00907000L ! ! /* Yes, it does. */ #include <openssl/aes.h> + + #else + + /* + * No, it does not. So use included rijndael code to emulate it. + */ + #include "rijndael.c" + + #define AES_ENCRYPT 1 + #define AES_DECRYPT 0 + #define AES_KEY rijndael_ctx + + #define AES_set_encrypt_key(key, kbits, ctx) \ + aes_set_key((ctx), (key), (kbits), 1) + + #define AES_set_decrypt_key(key, kbits, ctx) \ + aes_set_key((ctx), (key), (kbits), 0) + + #define AES_ecb_encrypt(src, dst, ctx, enc) \ + do { \ + memcpy((dst), (src), 16); \ + if (enc) \ + aes_ecb_encrypt((ctx), (dst), 16); \ + else \ + aes_ecb_decrypt((ctx), (dst), 16); \ + } while (0) + + #define AES_cbc_encrypt(src, dst, len, ctx, iv, enc) \ + do { \ + memcpy((dst), (src), (len)); \ + if (enc) \ + aes_cbc_encrypt((ctx), (iv), (dst), (len)); \ + else \ + aes_cbc_decrypt((ctx), (iv), (dst), (len)); \ + } while (0) + #endif /* *************** *** 205,213 **** DES_key_schedule k1, k2, k3; } des3; CAST_KEY cast_key; - #ifdef GOT_AES AES_KEY aes_key; - #endif } u; uint8 key[EVP_MAX_KEY_LENGTH]; uint8 iv[EVP_MAX_IV_LENGTH]; --- 241,247 ---- *************** *** 549,556 **** /* AES */ - #ifdef GOT_AES - static int ossl_aes_init(PX_Cipher * c, const uint8 *key, unsigned klen, const uint8 *iv) { --- 583,588 ---- *************** *** 642,648 **** AES_cbc_encrypt(data, res, dlen, &od->u.aes_key, od->iv, AES_DECRYPT); return 0; } - #endif /* * aliases --- 674,679 ---- *************** *** 711,717 **** 64 / 8, 128 / 8, 0 }; - #ifdef GOT_AES static const struct ossl_cipher ossl_aes_ecb = { ossl_aes_init, ossl_aes_ecb_encrypt, ossl_aes_ecb_decrypt, 128 / 8, 256 / 8, 0 --- 742,747 ---- *************** *** 721,727 **** ossl_aes_init, ossl_aes_cbc_encrypt, ossl_aes_cbc_decrypt, 128 / 8, 256 / 8, 0 }; - #endif /* * Special handlers --- 751,756 ---- *************** *** 742,751 **** {"des3-cbc", &ossl_des3_cbc}, {"cast5-ecb", &ossl_cast_ecb}, {"cast5-cbc", &ossl_cast_cbc}, - #ifdef GOT_AES {"aes-ecb", &ossl_aes_ecb}, {"aes-cbc", &ossl_aes_cbc}, - #endif {NULL} }; --- 771,778 ----
---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings