crypto-openssl: use no padding for encrypt/decrypt
Internaly, vpp uses it's own padding, so all the data
is padded using blocksize in /src/vnet/ipsec/ipsec.c
Openssl should add it's own padding, but the data
is already padded. So on decrypt stage when padding
should be removed, it can't be done. And it produces
error `bad decrypt`
Previous versions of openSSL decrypted data almost
at the beginning of EVP_DecryptUpdate/EVP_DecryptFinal_ex
and produced the same error, but data was already decrypted.
Now it's not, so some algorithms could have some problems
with it
PS. openSSL 3.x.x
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: If715a80228548b4e588cee222968d9da9024c438
diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c
index c0f7ee2..251e75d 100644
--- a/src/plugins/crypto_openssl/main.c
+++ b/src/plugins/crypto_openssl/main.c
@@ -110,9 +110,6 @@
EVP_EncryptInit_ex (ctx, cipher, NULL, key->data, op->iv);
if (op->flags & VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS)
- EVP_CIPHER_CTX_set_padding (ctx, 0);
-
- if (op->flags & VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS)
{
chp = chunks + op->chunk_index;
u32 offset = 0;
@@ -168,9 +165,6 @@
EVP_DecryptInit_ex (ctx, cipher, NULL, key->data, op->iv);
if (op->flags & VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS)
- EVP_CIPHER_CTX_set_padding (ctx, 0);
-
- if (op->flags & VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS)
{
chp = chunks + op->chunk_index;
u32 offset = 0;
@@ -518,6 +512,7 @@
vec_foreach (ptd, per_thread_data)
{
ptd->evp_cipher_ctx = EVP_CIPHER_CTX_new ();
+ EVP_CIPHER_CTX_set_padding (ptd->evp_cipher_ctx, 0);
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
ptd->hmac_ctx = HMAC_CTX_new ();
ptd->hash_ctx = EVP_MD_CTX_create ();