diff options
Diffstat (limited to 'mysys_ssl')
-rw-r--r-- | mysys_ssl/my_aes.cc | 19 | ||||
-rw-r--r-- | mysys_ssl/my_md5.cc | 18 |
2 files changed, 25 insertions, 12 deletions
diff --git a/mysys_ssl/my_aes.cc b/mysys_ssl/my_aes.cc index 9327bc32a3b..05dbfdb4f0b 100644 --- a/mysys_ssl/my_aes.cc +++ b/mysys_ssl/my_aes.cc @@ -24,6 +24,7 @@ #elif defined(HAVE_OPENSSL) #include <openssl/aes.h> #include <openssl/evp.h> +#include <openssl/err.h> // Wrap C struct, to ensure resources are released. struct MyCipherCtx @@ -165,14 +166,17 @@ int my_aes_encrypt(const char* source, int source_length, char* dest, #elif defined(HAVE_OPENSSL) if (! EVP_EncryptInit(&ctx.ctx, EVP_aes_128_ecb(), (const unsigned char *) rkey, NULL)) - return AES_BAD_DATA; /* Error */ + goto err; if (! EVP_EncryptUpdate(&ctx.ctx, (unsigned char *) dest, &u_len, (unsigned const char *) source, source_length)) - return AES_BAD_DATA; /* Error */ + goto err; if (! EVP_EncryptFinal(&ctx.ctx, (unsigned char *) dest + u_len, &f_len)) - return AES_BAD_DATA; /* Error */ + goto err; return u_len + f_len; +err: + ERR_remove_state(0); + return AES_BAD_DATA; #endif } @@ -248,13 +252,16 @@ int my_aes_decrypt(const char *source, int source_length, char *dest, #elif defined(HAVE_OPENSSL) if (! EVP_DecryptInit(&ctx.ctx, EVP_aes_128_ecb(), (const unsigned char *) rkey, NULL)) - return AES_BAD_DATA; /* Error */ + goto err; if (! EVP_DecryptUpdate(&ctx.ctx, (unsigned char *) dest, &u_len, (unsigned const char *) source, source_length)) - return AES_BAD_DATA; /* Error */ + goto err; if (! EVP_DecryptFinal(&ctx.ctx, (unsigned char *) dest + u_len, &f_len)) - return AES_BAD_DATA; /* Error */ + goto err; return u_len + f_len; +err: + ERR_remove_state(0); + return AES_BAD_DATA; #endif } diff --git a/mysys_ssl/my_md5.cc b/mysys_ssl/my_md5.cc index 4c14366a4e3..4e362e647a1 100644 --- a/mysys_ssl/my_md5.cc +++ b/mysys_ssl/my_md5.cc @@ -37,14 +37,20 @@ static void my_md5_hash(char *digest, const char *buf, int len) } #elif defined(HAVE_OPENSSL) -#include <openssl/md5.h> +#include <openssl/evp.h> -static void my_md5_hash(unsigned char* digest, unsigned const char *buf, int len) +static void my_md5_hash(uchar* digest, const uchar *buf, uint len) { - MD5_CTX ctx; - MD5_Init (&ctx); - MD5_Update (&ctx, buf, len); - MD5_Final (digest, &ctx); + EVP_MD_CTX ctx; + EVP_MD_CTX_init(&ctx); +#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW + /* Ok to ignore FIPS: MD5 is not used for crypto here */ + EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); +#endif + EVP_DigestInit_ex(&ctx, EVP_md5(), NULL); + EVP_DigestUpdate(&ctx, buf, len); + EVP_DigestFinal(&ctx, digest, &len); + EVP_MD_CTX_cleanup(&ctx); } #endif /* HAVE_YASSL */ |