diff --git a/crypto-openssl-10.cpp b/crypto-openssl-10.cpp index f0f2c53..5dc9362 100644 --- a/crypto-openssl-10.cpp +++ b/crypto-openssl-10.cpp @@ -35,7 +35,6 @@ #include "crypto.hpp" #include "key.hpp" #include "util.hpp" -#include #include #include #include @@ -50,14 +49,16 @@ void init_crypto () } struct Aes_ecb_encryptor::Aes_impl { - AES_KEY key; + EVP_CIPHER_CTX *ctx; }; Aes_ecb_encryptor::Aes_ecb_encryptor (const unsigned char* raw_key) : impl(new Aes_impl) { - if (AES_set_encrypt_key(raw_key, KEY_LEN * 8, &(impl->key)) != 0) { - throw Crypto_error("Aes_ctr_encryptor::Aes_ctr_encryptor", "AES_set_encrypt_key failed"); + impl->ctx = EVP_CIPHER_CTX_new(); + if (!EVP_EncryptInit_ex(impl->ctx, EVP_aes_256_ecb(), NULL, + raw_key, NULL)) { + throw Crypto_error("Aes_ctr_encryptor::Aes_ctr_encryptor", "EVP_EncryptInit_ex failed"); } } @@ -66,12 +67,15 @@ Aes_ecb_encryptor::~Aes_ecb_encryptor () // Note: Explicit destructor necessary because class contains an unique_ptr // which contains an incomplete type when the unique_ptr is declared. - explicit_memset(&impl->key, '\0', sizeof(impl->key)); + EVP_CIPHER_CTX_free(impl->ctx); } void Aes_ecb_encryptor::encrypt(const unsigned char* plain, unsigned char* cipher) { - AES_encrypt(plain, cipher, &(impl->key)); + int ciphertext_len; + if (1!=EVP_EncryptUpdate(impl->ctx, cipher, &ciphertext_len, plain, BLOCK_LEN)) { + throw Crypto_error("Aes_ctr_encryptor::encrypt", "EVP_EncryptUpdate failed"); + } } struct Hmac_sha1_state::Hmac_impl { diff --git a/crypto-openssl-11.cpp b/crypto-openssl-11.cpp index adf03bb..f52266e 100644 --- a/crypto-openssl-11.cpp +++ b/crypto-openssl-11.cpp @@ -35,7 +35,6 @@ #include "crypto.hpp" #include "key.hpp" #include "util.hpp" -#include #include #include #include @@ -50,14 +49,16 @@ void init_crypto () } struct Aes_ecb_encryptor::Aes_impl { - AES_KEY key; + EVP_CIPHER_CTX *ctx; }; Aes_ecb_encryptor::Aes_ecb_encryptor (const unsigned char* raw_key) : impl(new Aes_impl) { - if (AES_set_encrypt_key(raw_key, KEY_LEN * 8, &(impl->key)) != 0) { - throw Crypto_error("Aes_ctr_encryptor::Aes_ctr_encryptor", "AES_set_encrypt_key failed"); + impl->ctx = EVP_CIPHER_CTX_new(); + if (!EVP_EncryptInit_ex(impl->ctx, EVP_aes_256_ecb(), NULL, + raw_key, NULL)) { + throw Crypto_error("Aes_ctr_encryptor::Aes_ctr_encryptor", "EVP_EncryptInit_ex failed"); } } @@ -66,12 +67,15 @@ Aes_ecb_encryptor::~Aes_ecb_encryptor () // Note: Explicit destructor necessary because class contains an unique_ptr // which contains an incomplete type when the unique_ptr is declared. - explicit_memset(&impl->key, '\0', sizeof(impl->key)); + EVP_CIPHER_CTX_free(impl->ctx); } void Aes_ecb_encryptor::encrypt(const unsigned char* plain, unsigned char* cipher) { - AES_encrypt(plain, cipher, &(impl->key)); + int ciphertext_len; + if (1!=EVP_EncryptUpdate(impl->ctx, cipher, &ciphertext_len, plain, BLOCK_LEN)) { + throw Crypto_error("Aes_ctr_encryptor::encrypt", "EVP_EncryptUpdate failed"); + } } struct Hmac_sha1_state::Hmac_impl { diff --git a/crypto.cpp b/crypto.cpp index 3ae3ecb..6c6bb09 100644 --- a/crypto.cpp +++ b/crypto.cpp @@ -51,14 +51,14 @@ void Aes_ctr_encryptor::process (const unsigned char* in, unsigned char* out, si for (size_t i = 0; i < len; ++i) { if (byte_counter % BLOCK_LEN == 0) { // Set last 4 bytes of CTR to the (big-endian) block number (sequentially increasing with each block) - store_be32(ctr_value + NONCE_LEN, byte_counter / BLOCK_LEN); + store_be32(ctr_value + NONCE_LEN, byte_counter >> 4); // Generate a new pad ecb.encrypt(ctr_value, pad); } // encrypt one byte - out[i] = in[i] ^ pad[byte_counter++ % BLOCK_LEN]; + out[i] = in[i] ^ pad[byte_counter++ & (BLOCK_LEN -1)]; if (byte_counter == 0) { throw Crypto_error("Aes_ctr_encryptor::process", "Too much data to encrypt securely");