Hi Matt, I'm able resolve for AES and DES errors, I replaced with function but few parameter are filled with NULL, please suggest its correct way of doing
The below is the actual source code I'm trying to change https://github.com/digsrc/wpa_supplicant/blob/master/src/crypto/crypto_openssl.c trying to upgrade this function in the above file des_encrypt aes_wrap aes_unwrap I called below function for both DES AES In des_encrypt:I changed below code int clen = 16; evp_encrypt_wrapper((unsigned char *)clear, clen, (unsigned char *)pkey, NULL, (unsigned char *)cypher, EVP_des_ecb()); In aes_wrap:I changed below code evp_encrypt_wrapper((unsigned char *)plain, n * 8, (unsigned char *)kek, NULL, (unsigned char *)cipher, aes_wrap_get_evp_cipher(kek_len << 3)); Please suggest how do I manage inputLen and iv parameter int evp_encrypt_wrapper(unsigned char *input, unsigned int inputLen, unsigned char *key, unsigned char *iv, unsigned char *output, const EVP_CIPHER *type) { EVP_CIPHER_CTX *ctx = NULL; int len = 0; int outputLen = 0; do { /* Create and initialize the context */ if(!(ctx = EVP_CIPHER_CTX_new())) { break; } /* * Initialize the encryption operation. */ if(1 != EVP_EncryptInit_ex2(ctx, type, key, iv, NULL)) { break; } /* * Provide the message to be encrypted, and obtain the encrypted output. * EVP_EncryptUpdate can be called multiple times if necessary */ if(1 != EVP_EncryptUpdate(ctx, output, &outputLen, input, inputLen)) { break; } /* * Finalize the encryption. Further output bytes may be written at * this stage. */ if(1 != EVP_EncryptFinal_ex(ctx, output + outputLen, &len)) { break; } outputLen += len; }while(false); /* Clean up */ if(ctx) EVP_CIPHER_CTX_free(ctx); return outputLen; } ________________________________ From: Matt Caswell <m...@openssl.org> Sent: Monday, December 6, 2021 7:19 PM To: Shivakumar Poojari <shivakumar.pooj...@rbbn.com>; openssl-users@openssl.org <openssl-users@openssl.org> Cc: Amballi, Kishor <kamba...@rbbn.com>; Bhattacharjee, Debapriyo (c) <dbhattachar...@rbbn.com>; Kumar Mishra, Sanjeev <sanjeev.kumar-mis...@rbbn.com> Subject: [EXTERNAL] Re: Need Replacement for Deprecated function On 06/12/2021 12:26, Shivakumar Poojari wrote: > Hi All, > > We are upgrading our code to openssl 3.0. > > Need Replacement for below Deprecated function. > > DSE: > DES_set_key(); > DES_ecb_encrypt(); > > AES: > AES_set_encrypt_key(); > AES_set_decrypt_key(); > AES_wrap_key(); > AES_unwrap_key();--- perivously i upgraded AES function with EVP related > function but wrap/unwraper is something new. > All the DES and AES functions are just replaced by the EVP functions. From the migration guide: "Low-level encryption functions such as AES_encrypt(3) and AES_decrypt(3) have been informally discouraged from use for a long time. Applications should instead use the high level EVP APIs EVP_EncryptInit_ex(3), EVP_EncryptUpdate(3), and EVP_EncryptFinal_ex(3) or EVP_DecryptInit_ex(3), EVP_DecryptUpdate(3) and EVP_DecryptFinal_ex(3)." The wrap/unwrap functionality is the same but you use the "wrap" ciphers: https://clicktime.symantec.com/3YBoRtRxfsEzqu7jB1kQRdi6H2?u=https%3A%2F%2Fwww.openssl.org%2Fdocs%2Fman3.0%2Fman7%2FEVP_CIPHER-AES.html The following "wrap" ciphers are supported: "AES-128-WRAP", "AES-192-WRAP", "AES-256-WRAP", "AES-128-WRAP-PAD", "AES-192-WRAP-PAD", "AES-256-WRAP-PAD", "AES-128-WRAP-INV", "AES-192-WRAP-INV", "AES-256-WRAP-INV", "AES-128-WRAP-PAD-INV", "AES-192-WRAP-PAD-INV" and "AES-256-WRAP-PAD-INV" > DH: > DH_new(); > DH_set0_pqg(); > DH_generate_key(); > DH_get0_key(); > DH_free(); > DH_set0_key(); > DH_size(); > DH_compute_key(); All the DH functions are replaced by the EVP key exchange functionality. In particular see this page: https://clicktime.symantec.com/3QwQe8oMQp2ycuXi1g6n3276H2?u=https%3A%2F%2Fwww.openssl.org%2Fdocs%2Fman3.0%2Fman7%2FEVP_KEYEXCH-DH.html and https://clicktime.symantec.com/3HxeDKVhVDjB4zstTvgpdpJ6H2?u=https%3A%2F%2Fwww.openssl.org%2Fdocs%2Fman3.0%2Fman3%2FEVP_PKEY_derive.html > > HMAC: > HMAC_CTX_new();compiler suggestion EVP_MAC_CTX_new(); > HMAC_Init_ex(); > HMAC_CTX_free();compiler suggestion EVP_MAC_CTX_free(); > HMAC_Update();compiler suggestion EVP_MAC_update(); > HMAC_Final();compiler suggestion EVP_MAC_final(); Use the EVP_MAC functions. In particular see: https://clicktime.symantec.com/3E4wr8pyUbGoHvQV24ZcU176H2?u=https%3A%2F%2Fwww.openssl.org%2Fdocs%2Fman3.0%2Fman3%2FEVP_MAC.html and https://clicktime.symantec.com/3Jt5BYvGZ2j2MurnueNjzss6H2?u=https%3A%2F%2Fwww.openssl.org%2Fdocs%2Fman3.0%2Fman7%2FEVP_MAC-HMAC.html Matt > > I'm not able to find proper replacement, Please help me out > > Thanks, > Shiva Kumar > > Notice: This e-mail together with any attachments may contain > information of Ribbon Communications Inc. and its Affiliates that is > confidential and/or proprietary for the sole use of the intended > recipient. Any review, disclosure, reliance or distribution by others or > forwarding without express permission is strictly prohibited. If you are > not the intended recipient, please notify the sender immediately and > then delete all copies, including any attachments. Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.
