yassl support

3bbe2057 · Sergei Golubchik · 2f8d101f · 3bbe2057 · 3bbe2057
Commit 3bbe2057 authored Mar 25, 2015 by Sergei Golubchik
Show whitespace changes
Inline Side-by-side

Showing with 72 additions and 39 deletions

include/my_crypt.h include/my_crypt.h +9 -9

mysys_ssl/my_crypt.cc mysys_ssl/my_crypt.cc +63 -30

No files found.
--- a/include/my_crypt.h
+++ b/include/my_crypt.h
@@ -17,14 +17,15 @@
 // TODO: Add Windows support
-#ifndef MYSYS_MY_CRYPT_H_
+#ifndef MY_CRYPT_INCLUDED
-#define MYSYS_MY_CRYPT_H_
+#define MY_CRYPT_INCLUDED
 #include <my_aes.h>
-#if !defined(HAVE_YASSL) && defined(HAVE_OPENSSL)
 C_MODE_START
+#ifdef HAVE_EncryptAes128Ctr
 Crypt_result my_aes_encrypt_ctr(const uchar* source, uint32 source_length,
                                uchar* dest, uint32* dest_length,
                                const unsigned char* key, uint8 key_length,
@@ -37,6 +38,8 @@ Crypt_result my_aes_decrypt_ctr(const uchar* source, uint32 source_length,
                                const unsigned char* iv, uint8 iv_length,
                                uint no_padding);
+#endif
 Crypt_result my_aes_encrypt_cbc(const uchar* source, uint32 source_length,
                                uchar* dest, uint32* dest_length,
                                const unsigned char* key, uint8 key_length,
@@ -60,12 +63,9 @@ Crypt_result my_aes_decrypt_ecb(const uchar* source, uint32 source_length,
                                const unsigned char* key, uint8 key_length,
                                const unsigned char* iv, uint8 iv_length,
                                uint no_padding);
-C_MODE_END
-#endif /* !defined(HAVE_YASSL) && defined(HAVE_OPENSSL) */
-C_MODE_START
 Crypt_result my_random_bytes(uchar* buf, int num);
 C_MODE_END
-#endif /* MYSYS_MY_CRYPT_H_ */
+#endif /* MY_CRYPT_INCLUDED */
--- a/mysys_ssl/my_crypt.cc
+++ b/mysys_ssl/my_crypt.cc
@@ -15,49 +15,84 @@
 along with this program; if not, write to the Free Software
 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
-/*
-  TODO: add support for YASSL
-*/
 #include <my_global.h>
 #include <my_crypt.h>
-#ifdef HAVE_EncryptAes128Ctr
+// TODO
+// different key lengths
+#ifdef HAVE_YASSL
+#include "aes.hpp"
+typedef TaoCrypt::CipherDir Dir;
+static const Dir CRYPT_ENCRYPT = TaoCrypt::ENCRYPTION;
+static const Dir CRYPT_DECRYPT = TaoCrypt::DECRYPTION;
+typedef TaoCrypt::Mode CipherMode;
+static inline CipherMode EVP_aes_128_ecb() { return TaoCrypt::ECB; }
+static inline CipherMode EVP_aes_128_cbc() { return TaoCrypt::CBC; }
+typedef TaoCrypt::byte KeyByte;
+#else
 #include <openssl/evp.h>
 #include <openssl/aes.h>
-static const int CRYPT_ENCRYPT = 1;
+typedef int Dir;
-static const int CRYPT_DECRYPT = 0;
+static const Dir CRYPT_ENCRYPT = 1;
+static const Dir CRYPT_DECRYPT = 0;
-C_MODE_START
+typedef const EVP_CIPHER *CipherMode;
+struct MyCTX : EVP_CIPHER_CTX {
+  MyCTX()  { EVP_CIPHER_CTX_init(this); }
+  ~MyCTX() { EVP_CIPHER_CTX_cleanup(this); }
+};
-static int do_crypt(const EVP_CIPHER *cipher, int encrypt,
+typedef uchar KeyByte;
+#endif
+static int do_crypt(CipherMode cipher, Dir dir,
                    const uchar* source, uint32 source_length,
                    uchar* dest, uint32* dest_length,
-                    const uchar* key, uint8 key_length,
+                    const KeyByte *key, uint8 key_length,
-                    const uchar* iv, uint8 iv_length, int no_padding)
+                    const KeyByte *iv, uint8 iv_length, int no_padding)
 {
-  int res= AES_OPENSSL_ERROR, fin;
  int tail= no_padding ? source_length % MY_AES_BLOCK_SIZE : 0;
+  DBUG_ASSERT(source_length - tail >= MY_AES_BLOCK_SIZE);
-  EVP_CIPHER_CTX ctx;
+#ifdef HAVE_YASSL
-  EVP_CIPHER_CTX_init(&ctx);
+  TaoCrypt::AES ctx(dir, cipher);
-  if (!EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, encrypt))
-    goto err;
+  ctx.SetKey(key, key_length);
+  if (iv)
+  {
+    ctx.SetIV(iv);
+    DBUG_ASSERT(TaoCrypt::AES::BLOCK_SIZE == iv_length);
+  }
+  DBUG_ASSERT(TaoCrypt::AES::BLOCK_SIZE == MY_AES_BLOCK_SIZE);
+  ctx.Process(dest, source, source_length - tail);
+  *dest_length= source_length;
+#else // HAVE_OPENSSL
+  int fin;
+  struct MyCTX ctx;
+  if (!EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, dir))
+    return AES_OPENSSL_ERROR;
  EVP_CIPHER_CTX_set_padding(&ctx, !no_padding);
  DBUG_ASSERT(EVP_CIPHER_CTX_key_length(&ctx) == key_length);
-  DBUG_ASSERT(EVP_CIPHER_CTX_iv_length(&ctx) == iv_length || !EVP_CIPHER_CTX_iv_length(&ctx));
+  DBUG_ASSERT(EVP_CIPHER_CTX_iv_length(&ctx) == iv_length);
  DBUG_ASSERT(EVP_CIPHER_CTX_block_size(&ctx) == MY_AES_BLOCK_SIZE || !no_padding);
  if (!EVP_CipherUpdate(&ctx, dest, (int*)dest_length, source, source_length - tail))
-    goto err;
+    return AES_OPENSSL_ERROR;
  if (!EVP_CipherFinal_ex(&ctx, dest + *dest_length, &fin))
-    goto err;
+    return AES_OPENSSL_ERROR;
  *dest_length += fin;
+#endif
  if (tail)
  {
    /*
@@ -66,25 +101,24 @@ static int do_crypt(const EVP_CIPHER *cipher, int encrypt,
      What we do here, we XOR the tail with the previous encrypted block.
    */
-    DBUG_ASSERT(source_length - tail == *dest_length);
-    DBUG_ASSERT(source_length - tail > MY_AES_BLOCK_SIZE);
    const uchar *s= source + source_length - tail;
    const uchar *e= source + source_length;
    uchar *d= dest + source_length - tail;
-    const uchar *m= (encrypt ? d : s) - MY_AES_BLOCK_SIZE;
+    const uchar *m= (dir == CRYPT_ENCRYPT ? d : s) - MY_AES_BLOCK_SIZE;
    while (s < e)
      *d++ = *s++ ^ *m++;
    *dest_length= source_length;
  }
-  res= AES_OK;
+  return AES_OK;
-err:
-  EVP_CIPHER_CTX_cleanup(&ctx);
-  return res;
 }
+C_MODE_START
 /* CTR is a stream cypher mode, it needs no special padding code */
+#ifdef HAVE_EncryptAes128Ctr
 int my_aes_encrypt_ctr(const uchar* source, uint32 source_length,
                       uchar* dest, uint32* dest_length,
                       const uchar* key, uint8 key_length,
@@ -106,6 +140,7 @@ int my_aes_decrypt_ctr(const uchar* source, uint32 source_length,
                  dest, dest_length, key, key_length, iv, iv_length, 0);
 }
+#endif /* HAVE_EncryptAes128Ctr */
 int my_aes_encrypt_ecb(const uchar* source, uint32 source_length,
                       uchar* dest, uint32* dest_length,
@@ -114,7 +149,7 @@ int my_aes_encrypt_ecb(const uchar* source, uint32 source_length,
                       uint no_padding)
 {
  return do_crypt(EVP_aes_128_ecb(), CRYPT_ENCRYPT, source, source_length,
-                        dest, dest_length, key, key_length, iv, iv_length, no_padding);
+                        dest, dest_length, key, key_length, 0, 0, no_padding);
 }
 int my_aes_decrypt_ecb(const uchar* source, uint32 source_length,
@@ -124,7 +159,7 @@ int my_aes_decrypt_ecb(const uchar* source, uint32 source_length,
                       uint no_padding)
 {
  return do_crypt(EVP_aes_128_ecb(), CRYPT_DECRYPT, source, source_length,
-                        dest, dest_length, key, key_length, iv, iv_length, no_padding);
+                        dest, dest_length, key, key_length, 0, 0, no_padding);
 }
 int my_aes_encrypt_cbc(const uchar* source, uint32 source_length,
@@ -149,8 +184,6 @@ int my_aes_decrypt_cbc(const uchar* source, uint32 source_length,
 C_MODE_END
-#endif /* HAVE_EncryptAes128Ctr */
 #if defined(HAVE_YASSL)
 #include <random.hpp>