diff --git a/CMakeLists.txt b/CMakeLists.txt index 2aefdecad794f1051289c6b4eb33e9280a283882..9bd2b5e9110234ef1f1010729d33adc6fa7d786d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -105,11 +105,11 @@ set(DCC_INTERFACE_PATH ${PROJECT_SOURCE_DIR}/src/interface) ## other dependency include set(DCC_SECUREC_INC_PATH ${CMAKE_CURRENT_SOURCE_DIR}/library/huawei_security/include) -set(DCC_OPENSSL_PATH ${CMAKE_CURRENT_SOURCE_DIR}/library/openssl/include) +set(DCC_OPENSSL_PATH /usr/include/openssl) set(DCC_CJSON_PATH ${CMAKE_CURRENT_SOURCE_DIR}/library/cJSON/include) -set(DCC_LZ4_INC_PATH ${CMAKE_CURRENT_SOURCE_DIR}/library/lz4/include) +set(DCC_LZ4_INC_PATH /usr/include/lz4) set(DCC_ZLIB_INC_PATH ${CMAKE_CURRENT_SOURCE_DIR}/library/zlib/include) -set(DCC_ZSTANDARD_INC_PATH ${CMAKE_CURRENT_SOURCE_DIR}/library/zstd/include) +set(DCC_ZSTANDARD_INC_PATH /usr/include/zstd) set(DCC_LIBAIO_INC_PATH ${CMAKE_CURRENT_SOURCE_DIR}/library/libaio/include) set(DCC_DCF_INC_PATH ${CMAKE_CURRENT_SOURCE_DIR}/library/dcf/include) set(DCC_CBB_INC_PATH ${CMAKE_CURRENT_SOURCE_DIR}/library/cbb/include) @@ -121,11 +121,11 @@ set(DCC_ZEKERNEL_COMMON_PATH ${CMAKE_CURRENT_SOURCE_DIR}/library/zekernel/in ## lib set(SECUREC_LIB_PATH ${CMAKE_CURRENT_SOURCE_DIR}/library/huawei_security/lib) -set(OPENSSL_LIB_PATH ${CMAKE_CURRENT_SOURCE_DIR}/library/openssl/lib) +set(OPENSSL_LIB_PATH /usr/lib64) set(CJSON_LIB_PATH ${CMAKE_CURRENT_SOURCE_DIR}/library/cJSON/lib) -set(DCC_LZ4_LIB_PATH ${CMAKE_CURRENT_SOURCE_DIR}/library/lz4/lib) +set(DCC_LZ4_LIB_PATH /usr/lib64) set(DCC_ZLIB_LIB_PATH ${CMAKE_CURRENT_SOURCE_DIR}/library/zlib/lib) -set(DCC_ZSTANDARD_LIB_PATH ${CMAKE_CURRENT_SOURCE_DIR}/library/zstd/lib) +set(DCC_ZSTANDARD_LIB_PATH /usr/lib64) set(DCC_ZEKERNEL_LIB_PATH ${CMAKE_CURRENT_SOURCE_DIR}/library/zekernel/lib) set(DCC_DCF_LIB_PATH ${CMAKE_CURRENT_SOURCE_DIR}/library/dcf/lib) set(DCC_CBB_LIB_PATH ${CMAKE_CURRENT_SOURCE_DIR}/library/cbb/lib) diff --git a/build/linux/opengauss/build.sh b/build/linux/opengauss/build.sh index 4d5f098183add34c08b32c7299a9965de0b330b6..3844de0dc746cad2bb46432147b1e80c05519963 100644 --- a/build/linux/opengauss/build.sh +++ b/build/linux/opengauss/build.sh @@ -100,11 +100,7 @@ export DCC_LIBRARYS=$(pwd)/../../../library [ -d "${DCC_LIBRARYS}" ] && rm -rf ${DCC_LIBRARYS} mkdir -p $DCC_LIBRARYS/huawei_security -mkdir -p $DCC_LIBRARYS/openssl mkdir -p $DCC_LIBRARYS/huawei_security -mkdir -p $DCC_LIBRARYS/openssl -mkdir -p $DCC_LIBRARYS/lz4 -mkdir -p $DCC_LIBRARYS/zstd mkdir -p $DCC_LIBRARYS/cJSON mkdir -p $DCC_LIBRARYS/zlib mkdir -p $DCC_LIBRARYS/libaio/include @@ -116,16 +112,10 @@ PLAT_LIB_PATH=${binarylib_dir}/kernel/platform/ COPT_LIB_PATH=${binarylib_dir}/kernel/component/ cp -r $PLAT_LIB_PATH/Huawei_Secure_C/comm/lib $DCC_LIBRARYS/huawei_security/lib -cp -r $LIB_PATH/openssl/comm/lib $DCC_LIBRARYS/openssl/lib -cp -r $LIB_PATH/zstd/lib $DCC_LIBRARYS/zstd/lib -cp -r $LIB_PATH/lz4/comm/lib $DCC_LIBRARYS/lz4/lib cp -r $LIB_PATH/cjson/comm/lib $DCC_LIBRARYS/cJSON/lib cp -r $LIB_PATH/zlib*/comm/lib $DCC_LIBRARYS/zlib/lib cp -r $PLAT_LIB_PATH/Huawei_Secure_C/comm/include $DCC_LIBRARYS/huawei_security/include -cp -r $LIB_PATH/openssl/comm/include $DCC_LIBRARYS/openssl/include -cp -r $LIB_PATH/zstd/include $DCC_LIBRARYS/zstd/include -cp -r $LIB_PATH/lz4/comm/include $DCC_LIBRARYS/lz4/include cp -r $LIB_PATH/cjson/comm/include/cjson $DCC_LIBRARYS/cJSON/include cp -r $LIB_PATH/zlib*/comm/include $DCC_LIBRARYS/zlib/include cp -r /usr/include/libaio.h $DCC_LIBRARYS/libaio/include diff --git a/src/executor/executor.c b/src/executor/executor.c index 763b515127ba588ceb403c76dc9b60ff311c4882..4dda938e871c5d3bfd6cae2884a5f0ce5f507510 100644 --- a/src/executor/executor.c +++ b/src/executor/executor.c @@ -94,7 +94,7 @@ static void dcf_log_output_callback(int log_type, int log_level, const char *cod { va_list args; va_start(args, format); - if (log_type == LOG_RUN || log_type == LOG_DEBUG || log_type == LOG_OPER || log_type == LOG_PROFILE) { + if (log_type == CM_LOG_RUN || log_type == CM_LOG_DEBUG || log_type == CM_LOG_OPER || log_type == CM_LOG_PROFILE) { cm_write_normal_log_common((log_type_t)log_type, (log_level_t)log_level, code_file_name, code_line_num, module_name, CM_TRUE, format, args); } diff --git a/src/server/srv_logger.c b/src/server/srv_logger.c index 7555f4fab081007c3ad31c1f5fdc45a6ccfa2353..0da4e778c68b40b950d2400d771eed33a17e3a89 100644 --- a/src/server/srv_logger.c +++ b/src/server/srv_logger.c @@ -90,31 +90,31 @@ status_t init_logger(void) CM_RETURN_IFERR(init_logger_param(log_param)); PRTS_RETURN_IFERR(snprintf_s(file_name, CM_FULL_PATH_BUFFER_SIZE, CM_FULL_PATH_BUFFER_SIZE - 1, "%s/run/%s", log_param->log_home, "run.log")); - CM_RETURN_IFERR(cm_log_init(LOG_RUN, file_name)); + CM_RETURN_IFERR(cm_log_init(CM_LOG_RUN, file_name)); PRTS_RETURN_IFERR(snprintf_s(file_name, CM_FULL_PATH_BUFFER_SIZE, CM_FULL_PATH_BUFFER_SIZE - 1, "%s/debug/%s", log_param->log_home, "debug.log")); - CM_RETURN_IFERR(cm_log_init(LOG_DEBUG, file_name)); + CM_RETURN_IFERR(cm_log_init(CM_LOG_DEBUG, file_name)); PRTS_RETURN_IFERR(snprintf_s(file_name, CM_FULL_PATH_BUFFER_SIZE, CM_FULL_PATH_BUFFER_SIZE - 1, "%s/oper/%s", log_param->log_home, "oper.log")); - CM_RETURN_IFERR(cm_log_init(LOG_OPER, file_name)); + CM_RETURN_IFERR(cm_log_init(CM_LOG_OPER, file_name)); PRTS_RETURN_IFERR(snprintf_s(file_name, CM_FULL_PATH_BUFFER_SIZE, CM_FULL_PATH_BUFFER_SIZE - 1, "%s/alarm/%s", log_param->log_home, "alarm.log")); - CM_RETURN_IFERR(cm_log_init(LOG_ALARM, file_name)); + CM_RETURN_IFERR(cm_log_init(CM_LOG_ALARM, file_name)); PRTS_RETURN_IFERR(snprintf_s(file_name, CM_FULL_PATH_BUFFER_SIZE, CM_FULL_PATH_BUFFER_SIZE - 1, "%s/mec/%s", log_param->log_home, "mec.log")); - CM_RETURN_IFERR(cm_log_init(LOG_MEC, file_name)); + CM_RETURN_IFERR(cm_log_init(CM_LOG_MEC, file_name)); PRTS_RETURN_IFERR(snprintf_s(file_name, CM_FULL_PATH_BUFFER_SIZE, CM_FULL_PATH_BUFFER_SIZE - 1, "%s/trace/%s", log_param->log_home, "trace.log")); - CM_RETURN_IFERR(cm_log_init(LOG_TRACE, file_name)); + CM_RETURN_IFERR(cm_log_init(CM_LOG_TRACE, file_name)); PRTS_RETURN_IFERR(snprintf_s(file_name, CM_FULL_PATH_BUFFER_SIZE, CM_FULL_PATH_BUFFER_SIZE - 1, "%s/profile/%s", log_param->log_home, "profile.log")); - CM_RETURN_IFERR(cm_log_init(LOG_PROFILE, file_name)); + CM_RETURN_IFERR(cm_log_init(CM_LOG_PROFILE, file_name)); log_param->log_instance_startup = CM_TRUE; log_param->log_suppress_enable = CM_FALSE; diff --git a/src/storage/gstor/CMakeLists.txt b/src/storage/gstor/CMakeLists.txt index a84ffe857e496f19593058d72d5c412138658e14..abe5404756de6af03a93b7c04be6abc055753773 100644 --- a/src/storage/gstor/CMakeLists.txt +++ b/src/storage/gstor/CMakeLists.txt @@ -84,19 +84,19 @@ set(ZEKERNEL_PROTOCOL_PATH ${CMAKE_CURRENT_SOURCE_DIR}/zekernel/protocol) set(ZEKERNEL_COMMON_PATH ${CMAKE_CURRENT_SOURCE_DIR}/zekernel/common) set(SECUREC_INC_PATH "${DCC_HOME}/library/huawei_security/include") -set(OPENSSL_PATH "${DCC_HOME}/library/openssl/include/") -set(OPENSSL_PATH_EX "${DCC_HOME}/library/openssl/include/openssl") -set(LZ4_INC_PATH "${DCC_HOME}/library/lz4/include") +set(OPENSSL_PATH "/usr/include/openssl/") +set(OPENSSL_PATH_EX "/usr/include/openssl/openssl") +set(LZ4_INC_PATH "/usr/include/lz4") set(ZLIB_INC_PATH "${DCC_HOME}/library/zlib/include") -set(ZSTANDARD_INC_PATH "${DCC_HOME}/library/zstd/include") +set(ZSTANDARD_INC_PATH "/usr/include/zstd") set(LIBAIO_INC_PATH "${DCC_HOME}/library/libaio/include") # open source lib set(SECUREC_LIB_PATH "${DCC_HOME}/library/huawei_security/lib") -set(OPENSSL_LIB_PATH "${DCC_HOME}/library/openssl/lib") -set(LZ4_LIB_PATH "${DCC_HOME}/library/lz4/lib") +set(OPENSSL_LIB_PATH "/usr/lib64") +set(LZ4_LIB_PATH "/usr/lib64") set(ZLIB_LIB_PATH "${DCC_HOME}/library/zlib/lib") -set(ZSTANDARD_LIB_PATH "${DCC_HOME}/library/zstd/lib") +set(ZSTANDARD_LIB_PATH "/usr/lib64") # output library path set(LIBRARY_OUTPUT_PATH ${DCC_HOME}/output/lib) diff --git a/src/storage/gstor/zekernel/CMakeLists.txt b/src/storage/gstor/zekernel/CMakeLists.txt index c9457fd1b75a64516defa820f9bc1507e6ef71f5..03243b62ae02260fdd288c4473e69e001c654175 100644 --- a/src/storage/gstor/zekernel/CMakeLists.txt +++ b/src/storage/gstor/zekernel/CMakeLists.txt @@ -86,20 +86,20 @@ set(ZEKERNEL_PROTOCOL_PATH protocol) # open source include set(DCC_HOME ../../../..) set(SECUREC_INC_PATH "${DCC_HOME}/library/huawei_security/include") -set(OPENSSL_PATH "${DCC_HOME}/library/openssl/include/") -set(OPENSSL_PATH_EX "${DCC_HOME}/library/openssl/include/openssl") -set(LZ4_INC_PATH "${DCC_HOME}/library/lz4/include") +set(OPENSSL_PATH "/usr/include/openssl") +set(OPENSSL_PATH_EX "/usr/include/openssl/openssl") +set(LZ4_INC_PATH "/usr/include/lz4") set(ZLIB_INC_PATH "${DCC_HOME}/library/zlib/include") -set(ZSTANDARD_INC_PATH "${DCC_HOME}/library/zstd/include") +set(ZSTANDARD_INC_PATH "/usr/include/zstd") set(LIBAIO_INC_PATH "${DCC_HOME}/library/libaio/include") set(PCRE_INC_PATH "${DCC_HOME}/library/pcre/include") # open source lib set(SECUREC_LIB_PATH "${DCC_HOME}/library/huawei_security/lib") -set(OPENSSL_LIB_PATH "${DCC_HOME}/library/openssl/lib") -set(LZ4_LIB_PATH "${DCC_HOME}/library/lz4/lib") +set(OPENSSL_LIB_PATH "/usr/lib64") +set(LZ4_LIB_PATH "/usr/lib64") set(ZLIB_LIB_PATH "${DCC_HOME}/library/zlib/lib") -set(ZSTANDARD_LIB_PATH "${DCC_HOME}/library/zstd/lib") +set(ZSTANDARD_LIB_PATH "/usr/lib64") set(PCRE_LIB_PATH "${DCC_HOME}/library/pcre/lib") set(vpp_libsecurec "securec") diff --git a/src/storage/gstor/zekernel/common/cm_encrypt.c b/src/storage/gstor/zekernel/common/cm_encrypt.c index 214eaf0c124b7632dba7975306a1c2e9034f2cd7..51ae5b80a944918f4e16cd9cbd3baf531bb5890f 100644 --- a/src/storage/gstor/zekernel/common/cm_encrypt.c +++ b/src/storage/gstor/zekernel/common/cm_encrypt.c @@ -289,6 +289,7 @@ status_t cm_encyrpt_init(cm_encrypt_ctrl *ctrl, cipher_alg_type alg_type, uchar status_t cm_init_drbg(void) { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L RAND_DRBG *master_drbg = NULL; master_drbg = RAND_DRBG_get0_master(); @@ -296,7 +297,7 @@ status_t cm_init_drbg(void) GS_THROW_ERROR(ERR_RANDOM_INIT); return GS_ERROR; } - + /* * Initialize a pre-existing DRBG context with the required internal algorithm and flag * Based on the algorithm id type internal algorithm will be decided. Select the flag @@ -311,11 +312,19 @@ status_t cm_init_drbg(void) GS_THROW_ERROR(ERR_RANDOM_INIT); return GS_ERROR; } - + if (RAND_DRBG_instantiate(master_drbg, NULL, 0) != 1) { GS_THROW_ERROR(ERR_RANDOM_INIT); return GS_ERROR; } +#else + /* For OpenSSL versions below 1.1.0, use RAND_bytes directly */ + unsigned char random_data[32]; // Example buffer for random data + if (RAND_bytes(random_data, sizeof(random_data)) != 1) { + GS_THROW_ERROR(ERR_RANDOM_INIT); + return GS_ERROR; + } +#endif return GS_SUCCESS; } @@ -326,10 +335,17 @@ status_t cm_rand(uchar *buf, uint32 len) return GS_ERROR; } +#if OPENSSL_VERSION_NUMBER >= 0x10101000L if (RAND_priv_bytes(buf, (int)len) != 1) { GS_THROW_ERROR(ERR_RANDOM_GENERATE); return GS_ERROR; } +#else + if (RAND_bytes(buf, (int)len) != 1) { + GS_THROW_ERROR(ERR_RANDOM_GENERATE); + return GS_ERROR; + } +#endif return GS_SUCCESS; } @@ -922,7 +938,7 @@ status_t cm_get_PDB_init_key_double(char *init_key, const char *local_key, const return GS_ERROR; } - // work key 的长度会在decryptWorkKey时重新得到。 + // work key 碌脛鲁陇露脠禄谩脭脷decryptWorkKey脢卤脰脴脨脗碌脙碌陆隆拢 uint32 work_key_clear_len = 0; size_t local_key_len = strlen(local_key); size_t factor_key_len = strlen(factor_key); @@ -1308,7 +1324,11 @@ status_t cm_encrypt_end_by_gcm(EVP_CIPHER_CTX *ctx, char *out_buf) return GS_ERROR; } +#if OPENSSL_VERSION_NUMBER >= 0x10100000L res = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, EVP_GCM_TLS_TAG_LEN, out_buf); +#else + res = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, EVP_GCM_TLS_TAG_LEN, out_buf); +#endif if (res == 0) { GS_THROW_ERROR(ERR_ENCRYPTION_ERROR); return GS_ERROR; @@ -1321,7 +1341,11 @@ status_t cm_dencrypt_end_by_gcm(EVP_CIPHER_CTX *ctx, char *out_buf) { int32 out_len, res; +#if OPENSSL_VERSION_NUMBER >= 0x10100000L res = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, EVP_GCM_TLS_TAG_LEN, (void *)out_buf); +#else + res = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, EVP_GCM_TLS_TAG_LEN, (void *)out_buf); +#endif if (res == 0) { GS_THROW_ERROR(ERR_ENCRYPTION_ERROR); return GS_ERROR; diff --git a/src/storage/gstor/zekernel/common/cm_encrypt.h b/src/storage/gstor/zekernel/common/cm_encrypt.h index 7743128d3152dc9e17a69fd0f29fdda50dcd6989..3c2b490e23a51c0560ebbd47a26ed9488a41467c 100644 --- a/src/storage/gstor/zekernel/common/cm_encrypt.h +++ b/src/storage/gstor/zekernel/common/cm_encrypt.h @@ -27,7 +27,7 @@ #include "cm_defs.h" #include "cm_text.h" #include "openssl/evp.h" -#include "openssl/rand_drbg.h" +#include "openssl/rand.h" #include "openssl/ssl.h" #ifdef __cplusplus @@ -47,7 +47,7 @@ typedef enum e_cipheralg { #define GS_MAX_WORK_KEY_CLEAR_LEN 64 #define GS_MAX_LOCAL_KEY_STR_LEN 24 #define GS_MAX_FACTOR_KEY_STR_LEN 24 -#define GS_MAX_LOCAL_KEY_STR_LEN_DOUBLE 88 // local key 在双层密钥时的长度 +#define GS_MAX_LOCAL_KEY_STR_LEN_DOUBLE 88 // local key 脭脷脣芦虏茫脙脺脭驴脢卤碌脛鲁陇露脠 #define GS_MAX_CIPHER_LEN 128 #define GS_AESBLOCKSIZE 16 #define GS_AES256KEYSIZE 32 @@ -56,7 +56,7 @@ typedef enum e_cipheralg { #define GS_HMAC256MAXSTRSIZE 64 // ((HMAC256SALTSIZE+HMAC256MAXSIZE )/3*4 #define GS_KDF2KEYSIZE 32 #define GS_KDF2SALTSIZE 16 -#define GS_KDF2SALTSIZE_DOUBLE 16 // 双层密钥获取初始密钥时,盐值长度 +#define GS_KDF2SALTSIZE_DOUBLE 16 // 脣芦虏茫脙脺脭驴禄帽脠隆鲁玫脢录脙脺脭驴脢卤拢卢脩脦脰碌鲁陇露脠 #define GS_KDF2MAXSTRSIZE 64 // ((KDF2SALTSIZE+KDF2KEYSIZE )/3*4 #define GS_MAX_SHA1_BINLEN 20 #define GS_MAX_CHALLENGE_LEN 32 diff --git a/src/storage/gstor/zekernel/common/cm_entropy.c b/src/storage/gstor/zekernel/common/cm_entropy.c index 0c328f15405a58eaec6f0da380cd815b35a4b585..14dec98f935f17c754c4ff451feea7e947a0598f 100644 --- a/src/storage/gstor/zekernel/common/cm_entropy.c +++ b/src/storage/gstor/zekernel/common/cm_entropy.c @@ -210,6 +210,7 @@ static void cm_entropy_read(uint8 *data, int len) return; } +#if OPENSSL_VERSION_NUMBER >= 0x10100000L size_t cm_get_entropy(RAND_DRBG *dctx, unsigned char **pout, int entropy, size_t minLen, size_t maxLen, int predictionResistance) { @@ -257,4 +258,44 @@ size_t cm_get_nonce(RAND_DRBG *dctx, unsigned char **pout, int entropy, size_t m /* Return nonce length */ return nonceLen; } +#else +size_t cm_get_entropy(unsigned char **pout, int entropy, size_t minLen, size_t maxLen, + int predictionResistance) +{ + size_t entLen = 0; + errno_t rc; + + rc = memset_s(g_entropy_ctx.buff, ENTROPY_BUFF_LEN, 0, ENTROPY_BUFF_LEN); + if (rc != EOK) { + *pout = NULL; + return entLen; + } + + cm_entropy_read((uint8*)g_entropy_ctx.buff, ENTROPY_BUFF_LEN); + g_entropy_ctx.entropy_cnt++; + *pout = (uint8*)g_entropy_ctx.buff; + entLen = ENTROPY_BUFF_LEN; + + return entLen; +} + +size_t cm_get_nonce(unsigned char **pout, int entropy, size_t minLen, size_t maxLen) +{ + size_t nonceLen = 0; + errno_t rc; + + rc = memset_s(g_entropy_ctx.buff, ENTROPY_BUFF_LEN, 0, ENTROPY_BUFF_LEN); + if (rc != EOK) { + *pout = NULL; + return nonceLen; + } + + cm_entropy_read((uint8*)g_entropy_ctx.buff, ENTROPY_BUFF_LEN); + g_entropy_ctx.nonce_cnt++; + *pout = (uint8*)g_entropy_ctx.buff; + nonceLen = ENTROPY_BUFF_LEN; + + return nonceLen; +} +#endif diff --git a/src/storage/gstor/zekernel/common/cm_entropy.h b/src/storage/gstor/zekernel/common/cm_entropy.h index 1390a7204ada4544ad0049d718206eba707b40f0..59f7239e92b0cec006c5c474b891c8779a44f03b 100644 --- a/src/storage/gstor/zekernel/common/cm_entropy.h +++ b/src/storage/gstor/zekernel/common/cm_entropy.h @@ -25,16 +25,21 @@ #define __CM_ENTROPY_H__ #include "cm_defs.h" -#include "openssl/rand_drbg.h" #include "openssl/evp.h" #ifdef __cplusplus extern "C" { #endif +#if OPENSSL_VERSION_NUMBER >= 0x10100000L size_t cm_get_nonce(RAND_DRBG *dctx, unsigned char **pout, int entropy, size_t minLen, size_t maxLen); size_t cm_get_entropy(RAND_DRBG *dctx, unsigned char **pout, int entropy, size_t minLen, size_t maxLen, int predictionResistance); +#else +size_t cm_get_entropy(unsigned char **pout, int entropy, size_t minLen, size_t maxLen, + int predictionResistance); +size_t cm_get_nonce(unsigned char **pout, int entropy, size_t minLen, size_t maxLen); +#endif #ifdef __cplusplus } #endif diff --git a/src/storage/gstor/zekernel/kernel/backup/bak_common.c b/src/storage/gstor/zekernel/kernel/backup/bak_common.c index f8a51e5ac21b489803de1b282d0b14bfdbb319c6..2396fcf908e13188223d75ec0b71cb7b893979c8 100644 --- a/src/storage/gstor/zekernel/kernel/backup/bak_common.c +++ b/src/storage/gstor/zekernel/kernel/backup/bak_common.c @@ -184,11 +184,7 @@ status_t bak_encrypt_init(bak_t *bak, bak_encrypt_ctx_t *encrypt_ctx, bak_file_t errno_t ret; int32 res; - res = EVP_CIPHER_CTX_init(encrypt_ctx->ctx); - if (res == 0) { - GS_THROW_ERROR(ERR_CRYPTION_ERROR, "failed to init evp cipher ctx"); - return GS_ERROR; - } + EVP_CIPHER_CTX_init(encrypt_ctx->ctx); if (is_encrypt) { if (cm_rand(iv, BAK_DEFAULT_GCM_IV_LENGTH) != GS_SUCCESS) { @@ -221,8 +217,7 @@ status_t bak_encrypt_end(bak_t *bak, bak_encrypt_ctx_t *encrypt_ctx) return GS_ERROR; } - res = EVP_CIPHER_CTX_ctrl(encrypt_ctx->ctx, EVP_CTRL_AEAD_GET_TAG, EVP_GCM_TLS_TAG_LEN, - encrypt_ctx->encrypt_buf.aligned_buf); + res = EVP_EncryptFinal_ex(encrypt_ctx->ctx, (unsigned char *)encrypt_ctx->encrypt_buf.aligned_buf, &out_len); if (res == 0) { GS_THROW_ERROR(ERR_CRYPTION_ERROR, "failed to get the encryption tag"); return GS_ERROR; @@ -239,9 +234,15 @@ status_t bak_decrypt_end(bak_t *bak, bak_encrypt_ctx_t *encrypt_ctx, bak_file_t // the logfile is ignored, do not check tag return GS_SUCCESS; } + size_t tag_len = EVP_GCM_TLS_TAG_LEN; + unsigned char *tag = (unsigned char *)file->gcm_tag; // Set expected tag value from file +#if OPENSSL_VERSION_NUMBER >= 0x10100000L res = EVP_CIPHER_CTX_ctrl(encrypt_ctx->ctx, EVP_CTRL_AEAD_SET_TAG, EVP_GCM_TLS_TAG_LEN, (void *)file->gcm_tag); +#else + res = EVP_CIPHER_CTX_ctrl(encrypt_ctx->ctx, EVP_CTRL_GCM_SET_TAG, tag_len, (void *)tag); +#endif if (res == 0) { GS_THROW_ERROR(ERR_CRYPTION_ERROR, "failed to set tag"); return GS_ERROR; diff --git a/src/storage/gstor/zekernel/kernel/backup/bak_paral.c b/src/storage/gstor/zekernel/kernel/backup/bak_paral.c index 20cc7b1a89e4e2768f08e6121c966f84e50fd04a..974aa3f5d4bedb059d61dd582f5874ac89ff4fa2 100644 --- a/src/storage/gstor/zekernel/kernel/backup/bak_paral.c +++ b/src/storage/gstor/zekernel/kernel/backup/bak_paral.c @@ -94,10 +94,17 @@ static status_t bak_block_encrypt(bak_t *bak, bak_encrypt_ctx_t *encrypt_ctx, co char *encrypt_buf = encrypt_ctx->encrypt_buf.aligned_buf; int32 out_len = 0; - if (EVP_CIPHER_CTX_init(encrypt_ctx->ctx) == 0) { - GS_THROW_ERROR(ERR_CRYPTION_ERROR, "failed to init evp cipher ctx"); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + if (encrypt_ctx->ctx == NULL) { + encrypt_ctx->ctx = EVP_CIPHER_CTX_new(); + } + if (encrypt_ctx->ctx == NULL) { + GS_THROW_ERROR(ERR_CRYPTION_ERROR, "failed to create evp cipher ctx"); return GS_ERROR; } +#else + EVP_CIPHER_CTX_init(encrypt_ctx->ctx); +#endif if (EVP_EncryptInit_ex(encrypt_ctx->ctx, EVP_aes_256_gcm(), NULL, key, gcm_iv) == 0) { GS_THROW_ERROR(ERR_CRYPTION_ERROR, "failed to init cryption ctx"); @@ -115,11 +122,21 @@ static status_t bak_block_encrypt(bak_t *bak, bak_encrypt_ctx_t *encrypt_ctx, co return GS_ERROR; } knl_panic(out_len == 0); + +#if OPENSSL_VERSION_NUMBER >= 0x10100000L if (EVP_CIPHER_CTX_ctrl(encrypt_ctx->ctx, EVP_CTRL_AEAD_GET_TAG, EVP_GCM_TLS_TAG_LEN, encrypt_buf + src_size) == 0) { GS_THROW_ERROR(ERR_CRYPTION_ERROR, "failed to get the encryption tag"); return GS_ERROR; } +#else + if (EVP_CIPHER_CTX_ctrl(encrypt_ctx->ctx, EVP_CTRL_GCM_GET_TAG, EVP_GCM_TLS_TAG_LEN, + encrypt_buf + src_size) == 0) { + GS_THROW_ERROR(ERR_CRYPTION_ERROR, "failed to get the encryption tag"); + return GS_ERROR; + } +#endif + return GS_SUCCESS; } @@ -132,10 +149,18 @@ static status_t rst_block_decrypt(bak_t *bak, bak_encrypt_ctx_t *encrypt_ctx, ch int32 out_len; char *tag = NULL; - if (EVP_CIPHER_CTX_init(encrypt_ctx->ctx) == 0) { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + if (EVP_CIPHER_CTX_reset(encrypt_ctx->ctx) == 0) { + GS_THROW_ERROR(ERR_CRYPTION_ERROR, "failed to reset evp cipher ctx"); + return GS_ERROR; + } +#else + EVP_CIPHER_CTX_init(encrypt_ctx->ctx); + if (encrypt_ctx->ctx == NULL) { GS_THROW_ERROR(ERR_CRYPTION_ERROR, "failed to init evp cipher ctx"); return GS_ERROR; } +#endif int32 res = EVP_DecryptInit_ex(encrypt_ctx->ctx, EVP_aes_256_gcm(), NULL, key, gcm_iv); if (res == 0) { @@ -153,7 +178,11 @@ static status_t rst_block_decrypt(bak_t *bak, bak_encrypt_ctx_t *encrypt_ctx, ch } // Set expected tag value from block tail +#if OPENSSL_VERSION_NUMBER >= 0x10100000L if (EVP_CIPHER_CTX_ctrl(encrypt_ctx->ctx, EVP_CTRL_AEAD_SET_TAG, EVP_GCM_TLS_TAG_LEN, (void *)tag) == 0) { +#else + if (EVP_CIPHER_CTX_ctrl(encrypt_ctx->ctx, EVP_CTRL_GCM_SET_TAG, EVP_GCM_TLS_TAG_LEN, (void *)tag) == 0) { +#endif GS_THROW_ERROR(ERR_CRYPTION_ERROR, "failed to set tag"); return GS_ERROR; }