summaryrefslogtreecommitdiffstats
path: root/libmemcached-awesome-aes.patch
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2021-09-20 17:14:47 +0200
committerRemi Collet <remi@remirepo.net>2021-09-20 17:14:47 +0200
commit19bea0aada3cb5befef6aa97e596a0313efd6c12 (patch)
treeeae2f1b277531e17beba1d644f36cc4eeee34006 /libmemcached-awesome-aes.patch
parent7b59928129d230d7f017391b5497331a37adeea0 (diff)
update to 1.1.0
Diffstat (limited to 'libmemcached-awesome-aes.patch')
-rw-r--r--libmemcached-awesome-aes.patch1303
1 files changed, 0 insertions, 1303 deletions
diff --git a/libmemcached-awesome-aes.patch b/libmemcached-awesome-aes.patch
deleted file mode 100644
index 059bbee..0000000
--- a/libmemcached-awesome-aes.patch
+++ /dev/null
@@ -1,1303 +0,0 @@
-From 2aab18117a2b078dd0eb366f3766a1fef06da695 Mon Sep 17 00:00:00 2001
-From: Tomas Korbar <tkorbar@redhat.com>
-Date: Fri, 25 Jun 2021 11:55:46 +0200
-Subject: [PATCH 1/7] Add possibility to use libcrypto for encryption
-
----
- include/libhashkit-1.0/hashkit.h | 4 +-
- src/libhashkit/CMakeLists.txt | 9 +++
- src/libhashkit/aes.cc | 121 +++++++++++++++++++++++++++++--
- src/libhashkit/aes.h | 22 ++++++
- src/libhashkit/encrypt.cc | 42 +++++++++--
- src/libhashkit/hashkit.cc | 43 +++++++++--
- src/libhashkit/rijndael.hpp | 2 +-
- src/libmemcached/is.h | 2 +-
- 8 files changed, 225 insertions(+), 20 deletions(-)
-
-diff --git a/include/libhashkit-1.0/hashkit.h b/include/libhashkit-1.0/hashkit.h
-index a05eb5f8..0f67e377 100644
---- a/include/libhashkit-1.0/hashkit.h
-+++ b/include/libhashkit-1.0/hashkit.h
-@@ -49,7 +49,7 @@ struct hashkit_st {
- bool is_allocated : 1;
- } options;
-
-- void *_key;
-+ void *_cryptographic_context;
- };
-
- #ifdef __cplusplus
-@@ -75,7 +75,7 @@ HASHKIT_API
- hashkit_string_st *hashkit_decrypt(hashkit_st *, const char *source, size_t source_length);
-
- HASHKIT_API
--bool hashkit_key(hashkit_st *, const char *key, const size_t key_length);
-+bool hashkit_key(hashkit_st *kit, const char *key, const size_t key_length);
-
- #ifdef __cplusplus
- } // extern "C"
-diff --git a/src/libhashkit/CMakeLists.txt b/src/libhashkit/CMakeLists.txt
-index 355afabb..d0e03d15 100644
---- a/src/libhashkit/CMakeLists.txt
-+++ b/src/libhashkit/CMakeLists.txt
-@@ -39,6 +39,15 @@ target_include_directories(libhashkit PUBLIC
- $<BUILD_INTERFACE:${CMAKE_SOURCE_DIR}/include>
- $<BUILD_INTERFACE:${CMAKE_BINARY_DIR}/include>
- $<INSTALL_INTERFACE:include>)
-+
-+find_package(OpenSSL)
-+if(NOT OPENSSL_FOUND)
-+ message(WARNING "crypto library not found")
-+else()
-+ add_compile_definitions(WITH_OPENSSL)
-+ target_link_libraries(libhashkit PUBLIC OpenSSL::Crypto)
-+endif()
-+
- configure_file(hashkitcon.h.in hashkitcon.h @ONLY)
-
- install(TARGETS libhashkit EXPORT libhashkit-targets
-diff --git a/src/libhashkit/aes.cc b/src/libhashkit/aes.cc
-index 0b2f73d8..d4fdad5a 100644
---- a/src/libhashkit/aes.cc
-+++ b/src/libhashkit/aes.cc
-@@ -15,12 +15,122 @@
-
- #include "libhashkit/common.h"
-
--#include "libhashkit/rijndael.hpp"
--
- #include <cstring>
-
--#define AES_KEY_LENGTH 256 /* 128, 192, 256 */
--#define AES_BLOCK_SIZE 16
-+#ifdef WITH_OPENSSL
-+
-+#include <openssl/evp.h>
-+
-+#define DIGEST_ROUNDS 5
-+
-+#define AES_KEY_NBYTES 32
-+#define AES_IV_NBYTES 32
-+
-+bool aes_initialize(const unsigned char *key, const size_t key_length,
-+ encryption_context_t *crypto_context) {
-+ unsigned char aes_key[AES_KEY_NBYTES];
-+ unsigned char aes_iv[AES_IV_NBYTES];
-+ if (aes_key == NULL || aes_iv == NULL) {
-+ return false;
-+ }
-+
-+ int i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha256(), NULL, key, key_length, DIGEST_ROUNDS,
-+ aes_key, aes_iv);
-+ if (i != AES_KEY_NBYTES) {
-+ return false;
-+ }
-+
-+ EVP_CIPHER_CTX_init(crypto_context->encryption_context);
-+ EVP_CIPHER_CTX_init(crypto_context->decryption_context);
-+ if (EVP_EncryptInit_ex(crypto_context->encryption_context, EVP_aes_256_cbc(), NULL, key, aes_iv)
-+ != 1
-+ || EVP_DecryptInit_ex(crypto_context->decryption_context, EVP_aes_256_cbc(), NULL, key,
-+ aes_iv)
-+ != 1)
-+ {
-+ return false;
-+ }
-+ return true;
-+}
-+
-+hashkit_string_st *aes_encrypt(encryption_context_t *crypto_context, const unsigned char *source,
-+ size_t source_length) {
-+EVP_CIPHER_CTX *encryption_context = crypto_context->encryption_context;
-+int cipher_length = source_length + EVP_CIPHER_CTX_block_size(encryption_context);
-+int final_length = 0;
-+unsigned char *cipher_text = (unsigned char *) malloc(cipher_length);
-+if (cipher_text == NULL) {
-+ return NULL;
-+}
-+if (EVP_EncryptInit_ex(encryption_context, NULL, NULL, NULL, NULL) != 1
-+ || EVP_EncryptUpdate(encryption_context, cipher_text, &cipher_length, source, source_length)
-+ != 1
-+ || EVP_EncryptFinal_ex(encryption_context, cipher_text + cipher_length, &final_length) != 1)
-+{
-+ free(cipher_text);
-+ return NULL;
-+}
-+
-+hashkit_string_st *destination = hashkit_string_create(cipher_length + final_length);
-+if (destination == NULL) {
-+ return NULL;
-+}
-+char *dest = hashkit_string_c_str_mutable(destination);
-+memcpy(dest, cipher_text, cipher_length + final_length);
-+hashkit_string_set_length(destination, cipher_length + final_length);
-+return destination;
-+}
-+
-+hashkit_string_st *aes_decrypt(encryption_context_t *crypto_context, const unsigned char *source,
-+ size_t source_length) {
-+EVP_CIPHER_CTX *decryption_context = crypto_context->decryption_context;
-+int plain_text_length = source_length;
-+int final_length = 0;
-+unsigned char *plain_text = (unsigned char *) malloc(plain_text_length);
-+if (plain_text == NULL) {
-+ return NULL;
-+}
-+if (EVP_DecryptInit_ex(decryption_context, NULL, NULL, NULL, NULL) != 1
-+ || EVP_DecryptUpdate(decryption_context, plain_text, &plain_text_length, source, source_length)
-+ != 1
-+ || EVP_DecryptFinal_ex(decryption_context, plain_text + plain_text_length, &final_length) != 1)
-+{
-+ free(plain_text);
-+ return NULL;
-+}
-+
-+hashkit_string_st *destination = hashkit_string_create(plain_text_length + final_length);
-+if (destination == NULL) {
-+ return NULL;
-+}
-+char *dest = hashkit_string_c_str_mutable(destination);
-+memcpy(dest, plain_text, plain_text_length + final_length);
-+hashkit_string_set_length(destination, plain_text_length + final_length);
-+return destination;
-+}
-+
-+encryption_context_t *aes_clone_cryptographic_context(encryption_context_t *source) {
-+ encryption_context_t *new_context = (encryption_context_t *) malloc(sizeof(encryption_context_t));
-+ if (new_context == NULL)
-+ return NULL;
-+
-+ new_context->encryption_context = EVP_CIPHER_CTX_new();
-+ new_context->decryption_context = EVP_CIPHER_CTX_new();
-+ if (new_context->encryption_context == NULL || new_context->decryption_context == NULL) {
-+ free(new_context);
-+ return NULL;
-+ }
-+ EVP_CIPHER_CTX_copy(new_context->encryption_context, source->encryption_context);
-+ EVP_CIPHER_CTX_copy(new_context->decryption_context, source->decryption_context);
-+ return new_context;
-+}
-+
-+#else
-+
-+# include "libhashkit/rijndael.hpp"
-+
-+# define AES_KEY_LENGTH 256 /* 128, 192, 256 */
-+# define AES_BLOCK_SIZE 16
-
- enum encrypt_t { AES_ENCRYPT, AES_DECRYPT };
-
-@@ -49,7 +159,7 @@ aes_key_t *aes_create_key(const char *key, const size_t key_length) {
- if (ptr == rkey_end) {
- ptr = rkey; /* Just loop over tmp_key until we used all key */
- }
-- *ptr ^= (uint8_t)(*sptr);
-+ *ptr ^= (uint8_t) (*sptr);
- }
-
- _aes_key->decode_key.nr = rijndaelKeySetupDec(_aes_key->decode_key.rk, rkey, AES_KEY_LENGTH);
-@@ -140,3 +250,4 @@ hashkit_string_st *aes_decrypt(aes_key_t *_aes_key, const char *source, size_t s
-
- return destination;
- }
-+#endif
-\ No newline at end of file
-diff --git a/src/libhashkit/aes.h b/src/libhashkit/aes.h
-index 43a18b35..e021c5f1 100644
---- a/src/libhashkit/aes.h
-+++ b/src/libhashkit/aes.h
-@@ -15,6 +15,27 @@
-
- #pragma once
-
-+#ifdef WITH_OPENSSL
-+
-+#include <openssl/evp.h>
-+
-+typedef struct encryption_context {
-+ EVP_CIPHER_CTX *encryption_context;
-+ EVP_CIPHER_CTX *decryption_context;
-+} encryption_context_t;
-+
-+hashkit_string_st *aes_encrypt(encryption_context_t *crypto_context, const unsigned char *source,
-+ size_t source_length);
-+
-+hashkit_string_st *aes_decrypt(encryption_context_t *crypto_context, const unsigned char *source,
-+ size_t source_length);
-+
-+bool aes_initialize(const unsigned char *key, const size_t key_length,
-+ encryption_context_t *crypto_context);
-+
-+encryption_context_t *aes_clone_cryptographic_context(encryption_context_t *source);
-+#else
-+
- struct aes_key_t;
-
- hashkit_string_st *aes_encrypt(aes_key_t *_aes_key, const char *source, size_t source_length);
-@@ -24,3 +45,4 @@ hashkit_string_st *aes_decrypt(aes_key_t *_aes_key, const char *source, size_t s
- aes_key_t *aes_create_key(const char *key, const size_t key_length);
-
- aes_key_t *aes_clone_key(aes_key_t *_aes_key);
-+#endif
-\ No newline at end of file
-diff --git a/src/libhashkit/encrypt.cc b/src/libhashkit/encrypt.cc
-index 6446c018..dbc051ae 100644
---- a/src/libhashkit/encrypt.cc
-+++ b/src/libhashkit/encrypt.cc
-@@ -15,20 +15,50 @@
-
- #include "libhashkit/common.h"
-
-+#ifdef WITH_OPENSSL
-+# include <openssl/evp.h>
-+#endif
-+
- hashkit_string_st *hashkit_encrypt(hashkit_st *kit, const char *source, size_t source_length) {
-- return aes_encrypt(static_cast<aes_key_t *>(kit->_key), source, source_length);
-+#ifdef WITH_OPENSSL
-+ return aes_encrypt((encryption_context_t *) kit->_cryptographic_context,
-+ (const unsigned char *) source, source_length);
-+#else
-+ return aes_encrypt((aes_key_t *) kit->_cryptographic_context, source,
-+ source_length);
-+#endif
- }
-
- hashkit_string_st *hashkit_decrypt(hashkit_st *kit, const char *source, size_t source_length) {
-- return aes_decrypt(static_cast<aes_key_t *>(kit->_key), source, source_length);
-+#ifdef WITH_OPENSSL
-+ return aes_decrypt((encryption_context_t *) kit->_cryptographic_context,
-+ (const unsigned char *) source, source_length);
-+#else
-+ return aes_decrypt((aes_key_t *)kit->_cryptographic_context, source, source_length);
-+#endif
- }
-
-+#ifdef WITH_OPENSSL
-+bool hashkit_key(hashkit_st *kit, const char *key, const size_t key_length) {
-+ kit->_cryptographic_context = (encryption_context_t *) malloc(sizeof(encryption_context_t));
-+ ((encryption_context_t *) kit->_cryptographic_context)->encryption_context = EVP_CIPHER_CTX_new();
-+ ((encryption_context_t *) kit->_cryptographic_context)->decryption_context = EVP_CIPHER_CTX_new();
-+ if (((encryption_context_t *) kit->_cryptographic_context)->encryption_context == NULL
-+ || ((encryption_context_t *) kit->_cryptographic_context)->decryption_context == NULL)
-+ {
-+ return false;
-+ }
-+ return aes_initialize((const unsigned char *) key, key_length,
-+ (encryption_context_t *) kit->_cryptographic_context);
-+}
-+#else
- bool hashkit_key(hashkit_st *kit, const char *key, const size_t key_length) {
-- if (kit->_key) {
-- free(kit->_key);
-+ if (kit->_cryptographic_context) {
-+ free(kit->_cryptographic_context);
- }
-
-- kit->_key = aes_create_key(key, key_length);
-+ kit->_cryptographic_context = aes_create_key(key, key_length);
-
-- return bool(kit->_key);
-+ return bool(kit->_cryptographic_context);
- }
-+#endif
-\ No newline at end of file
-diff --git a/src/libhashkit/hashkit.cc b/src/libhashkit/hashkit.cc
-index 6a179573..46cf6368 100644
---- a/src/libhashkit/hashkit.cc
-+++ b/src/libhashkit/hashkit.cc
-@@ -15,6 +15,10 @@
-
- #include "libhashkit/common.h"
-
-+#ifdef WITH_OPENSSL
-+# include <openssl/evp.h>
-+#endif
-+
- static inline void _hashkit_init(hashkit_st *self) {
- self->base_hash.function = hashkit_one_at_a_time;
- self->base_hash.context = NULL;
-@@ -23,7 +27,7 @@ static inline void _hashkit_init(hashkit_st *self) {
- self->distribution_hash.context = NULL;
-
- self->flags.is_base_same_distributed = true;
-- self->_key = NULL;
-+ self->_cryptographic_context = NULL;
- }
-
- static inline hashkit_st *_hashkit_create(hashkit_st *self) {
-@@ -52,11 +56,26 @@ hashkit_st *hashkit_create(hashkit_st *self) {
- return self;
- }
-
-+#ifdef WITH_OPENSSL
-+static void cryptographic_context_free(encryption_context_t *context) {
-+ EVP_CIPHER_CTX_free(context->encryption_context);
-+ EVP_CIPHER_CTX_free(context->decryption_context);
-+ free(context);
-+}
-+#endif
-+
- void hashkit_free(hashkit_st *self) {
-- if (self and self->_key) {
-- free(self->_key);
-- self->_key = NULL;
-+#ifdef WITH_OPENSSL
-+ if (self and self->_cryptographic_context) {
-+ cryptographic_context_free((encryption_context_t *)self->_cryptographic_context);
-+ self->_cryptographic_context = NULL;
-+ }
-+#else
-+ if (self and self->_cryptographic_context) {
-+ free(self->_cryptographic_context);
-+ self->_cryptographic_context = NULL;
- }
-+#endif
-
- if (hashkit_is_allocated(self)) {
- free(self);
-@@ -79,7 +98,21 @@ hashkit_st *hashkit_clone(hashkit_st *destination, const hashkit_st *source) {
- destination->base_hash = source->base_hash;
- destination->distribution_hash = source->distribution_hash;
- destination->flags = source->flags;
-- destination->_key = aes_clone_key(static_cast<aes_key_t *>(source->_key));
-+#ifdef WITH_OPENSSL
-+ if (destination->_cryptographic_context) {
-+ cryptographic_context_free((encryption_context_t *)destination->_cryptographic_context);
-+ destination->_cryptographic_context = NULL;
-+ }
-+ if (source->_cryptographic_context) {
-+ destination->_cryptographic_context =
-+ aes_clone_cryptographic_context(((encryption_context_t *) source->_cryptographic_context));
-+ if (destination->_cryptographic_context) {
-+
-+ }
-+ }
-+#else
-+ destination->_cryptographic_context = aes_clone_key(static_cast<aes_key_t *>(source->_cryptographic_context));
-+#endif
-
- return destination;
- }
-diff --git a/src/libhashkit/rijndael.hpp b/src/libhashkit/rijndael.hpp
-index 96f48e34..96961f8c 100644
---- a/src/libhashkit/rijndael.hpp
-+++ b/src/libhashkit/rijndael.hpp
-@@ -35,4 +35,4 @@ void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 p
- #ifdef INTERMEDIATE_VALUE_KAT
- void rijndaelEncryptRound(const u32 rk[/*4*(Nr + 1)*/], int Nr, u8 block[16], int rounds);
- void rijndaelDecryptRound(const u32 rk[/*4*(Nr + 1)*/], int Nr, u8 block[16], int rounds);
--#endif /* INTERMEDIATE_VALUE_KAT */
-+#endif /* INTERMEDIATE_VALUE_KAT */
-\ No newline at end of file
-diff --git a/src/libmemcached/is.h b/src/libmemcached/is.h
-index d73b54e7..3987332f 100644
---- a/src/libmemcached/is.h
-+++ b/src/libmemcached/is.h
-@@ -17,7 +17,7 @@
-
- /* These are private */
- #define memcached_is_allocated(__object) ((__object)->options.is_allocated)
--#define memcached_is_encrypted(__object) ((__object)->hashkit._key)
-+#define memcached_is_encrypted(__object) (!!(__object)->hashkit._cryptographic_context)
- #define memcached_is_initialized(__object) ((__object)->options.is_initialized)
- #define memcached_is_purging(__object) ((__object)->state.is_purging)
- #define memcached_is_processing_input(__object) ((__object)->state.is_processing_input)
---
-2.31.1
-
-From b7f446e55146456e368c3926347f4c771afcea8c Mon Sep 17 00:00:00 2001
-From: Michael Wallner <mike@php.net>
-Date: Mon, 12 Jul 2021 15:08:57 +0200
-Subject: [PATCH 2/7] libhashkit/aes: make using openssl configurable
-
----
- CMakeConfig.txt | 3 +++
- src/libhashkit/CMakeLists.txt | 16 ++++++++++------
- src/libhashkit/aes.cc | 4 ++--
- src/libhashkit/aes.h | 4 ++--
- src/libhashkit/encrypt.cc | 10 +++++-----
- src/libhashkit/hashkit.cc | 8 ++++----
- 6 files changed, 26 insertions(+), 19 deletions(-)
-
-diff --git a/CMakeConfig.txt b/CMakeConfig.txt
-index 973ff824..d8afcaef 100644
---- a/CMakeConfig.txt
-+++ b/CMakeConfig.txt
-@@ -65,6 +65,9 @@ if(NOT DEFINED ENV{ENABLE_MEMASLAP})
- endif()
- option(ENABLE_MEMASLAP "enable memaslap client"
- $ENV{ENABLE_MEMASLAP})
-+option(ENABLE_OPENSSL_CRYPTO
-+ "enable OpenSSL's libcrypto instead of bundled AES implementation"
-+ $ENV{ENABLE_OPENSSL_CRYPTO})
-
- if(BUILD_TESTING)
- set(MEMCACHED_BINARY "$ENV{MEMCACHED_BINARY}"
-diff --git a/src/libhashkit/CMakeLists.txt b/src/libhashkit/CMakeLists.txt
-index d0e03d15..ed3f7f1d 100644
---- a/src/libhashkit/CMakeLists.txt
-+++ b/src/libhashkit/CMakeLists.txt
-@@ -40,12 +40,16 @@ target_include_directories(libhashkit PUBLIC
- $<BUILD_INTERFACE:${CMAKE_BINARY_DIR}/include>
- $<INSTALL_INTERFACE:include>)
-
--find_package(OpenSSL)
--if(NOT OPENSSL_FOUND)
-- message(WARNING "crypto library not found")
--else()
-- add_compile_definitions(WITH_OPENSSL)
-- target_link_libraries(libhashkit PUBLIC OpenSSL::Crypto)
-+if(ENABLE_OPENSSL_CRYPTO)
-+ find_package(OpenSSL)
-+ if(OPENSSL_FOUND)
-+ if(OPENSSL_CRYPTO_LIBRARY)
-+ target_compile_definitions(libhashkit PRIVATE HAVE_OPENSSL_CRYPTO)
-+ target_link_libraries(libhashkit PUBLIC OpenSSL::Crypto)
-+ else()
-+ message(WARNING "Could not find OpenSSL::Crypto")
-+ endif()
-+ endif()
- endif()
-
- configure_file(hashkitcon.h.in hashkitcon.h @ONLY)
-diff --git a/src/libhashkit/aes.cc b/src/libhashkit/aes.cc
-index d4fdad5a..d65a9d91 100644
---- a/src/libhashkit/aes.cc
-+++ b/src/libhashkit/aes.cc
-@@ -17,7 +17,7 @@
-
- #include <cstring>
-
--#ifdef WITH_OPENSSL
-+#ifdef HAVE_OPENSSL_CRYPTO
-
- #include <openssl/evp.h>
-
-@@ -250,4 +250,4 @@ hashkit_string_st *aes_decrypt(aes_key_t *_aes_key, const char *source, size_t s
-
- return destination;
- }
--#endif
-\ No newline at end of file
-+#endif
-diff --git a/src/libhashkit/aes.h b/src/libhashkit/aes.h
-index e021c5f1..243d501f 100644
---- a/src/libhashkit/aes.h
-+++ b/src/libhashkit/aes.h
-@@ -15,7 +15,7 @@
-
- #pragma once
-
--#ifdef WITH_OPENSSL
-+#ifdef HAVE_OPENSSL_CRYPTO
-
- #include <openssl/evp.h>
-
-@@ -45,4 +45,4 @@ hashkit_string_st *aes_decrypt(aes_key_t *_aes_key, const char *source, size_t s
- aes_key_t *aes_create_key(const char *key, const size_t key_length);
-
- aes_key_t *aes_clone_key(aes_key_t *_aes_key);
--#endif
-\ No newline at end of file
-+#endif
-diff --git a/src/libhashkit/encrypt.cc b/src/libhashkit/encrypt.cc
-index dbc051ae..e7898a6a 100644
---- a/src/libhashkit/encrypt.cc
-+++ b/src/libhashkit/encrypt.cc
-@@ -15,12 +15,12 @@
-
- #include "libhashkit/common.h"
-
--#ifdef WITH_OPENSSL
-+#ifdef HAVE_OPENSSL_CRYPTO
- # include <openssl/evp.h>
- #endif
-
- hashkit_string_st *hashkit_encrypt(hashkit_st *kit, const char *source, size_t source_length) {
--#ifdef WITH_OPENSSL
-+#ifdef HAVE_OPENSSL_CRYPTO
- return aes_encrypt((encryption_context_t *) kit->_cryptographic_context,
- (const unsigned char *) source, source_length);
- #else
-@@ -30,7 +30,7 @@ hashkit_string_st *hashkit_encrypt(hashkit_st *kit, const char *source, size_t s
- }
-
- hashkit_string_st *hashkit_decrypt(hashkit_st *kit, const char *source, size_t source_length) {
--#ifdef WITH_OPENSSL
-+#ifdef HAVE_OPENSSL_CRYPTO
- return aes_decrypt((encryption_context_t *) kit->_cryptographic_context,
- (const unsigned char *) source, source_length);
- #else
-@@ -38,7 +38,7 @@ hashkit_string_st *hashkit_decrypt(hashkit_st *kit, const char *source, size_t s
- #endif
- }
-
--#ifdef WITH_OPENSSL
-+#ifdef HAVE_OPENSSL_CRYPTO
- bool hashkit_key(hashkit_st *kit, const char *key, const size_t key_length) {
- kit->_cryptographic_context = (encryption_context_t *) malloc(sizeof(encryption_context_t));
- ((encryption_context_t *) kit->_cryptographic_context)->encryption_context = EVP_CIPHER_CTX_new();
-@@ -61,4 +61,4 @@ bool hashkit_key(hashkit_st *kit, const char *key, const size_t key_length) {
-
- return bool(kit->_cryptographic_context);
- }
--#endif
-\ No newline at end of file
-+#endif
-diff --git a/src/libhashkit/hashkit.cc b/src/libhashkit/hashkit.cc
-index 46cf6368..d15d7372 100644
---- a/src/libhashkit/hashkit.cc
-+++ b/src/libhashkit/hashkit.cc
-@@ -15,7 +15,7 @@
-
- #include "libhashkit/common.h"
-
--#ifdef WITH_OPENSSL
-+#ifdef HAVE_OPENSSL_CRYPTO
- # include <openssl/evp.h>
- #endif
-
-@@ -56,7 +56,7 @@ hashkit_st *hashkit_create(hashkit_st *self) {
- return self;
- }
-
--#ifdef WITH_OPENSSL
-+#ifdef HAVE_OPENSSL_CRYPTO
- static void cryptographic_context_free(encryption_context_t *context) {
- EVP_CIPHER_CTX_free(context->encryption_context);
- EVP_CIPHER_CTX_free(context->decryption_context);
-@@ -65,7 +65,7 @@ static void cryptographic_context_free(encryption_context_t *context) {
- #endif
-
- void hashkit_free(hashkit_st *self) {
--#ifdef WITH_OPENSSL
-+#ifdef HAVE_OPENSSL_CRYPTO
- if (self and self->_cryptographic_context) {
- cryptographic_context_free((encryption_context_t *)self->_cryptographic_context);
- self->_cryptographic_context = NULL;
-@@ -98,7 +98,7 @@ hashkit_st *hashkit_clone(hashkit_st *destination, const hashkit_st *source) {
- destination->base_hash = source->base_hash;
- destination->distribution_hash = source->distribution_hash;
- destination->flags = source->flags;
--#ifdef WITH_OPENSSL
-+#ifdef HAVE_OPENSSL_CRYPTO
- if (destination->_cryptographic_context) {
- cryptographic_context_free((encryption_context_t *)destination->_cryptographic_context);
- destination->_cryptographic_context = NULL;
---
-2.31.1
-
-From 0d7a3e0e040ddf840d656b61f41419c252debcde Mon Sep 17 00:00:00 2001
-From: Michael Wallner <mike@php.net>
-Date: Mon, 12 Jul 2021 15:57:32 +0200
-Subject: [PATCH 3/7] libhashkit/aes: keep API compatible
-
----
- include/libhashkit-1.0/hashkit.h | 2 +-
- src/libhashkit/encrypt.cc | 28 ++++++++++++++--------------
- src/libhashkit/hashkit.cc | 30 +++++++++++++++---------------
- src/libmemcached/is.h | 2 +-
- 4 files changed, 31 insertions(+), 31 deletions(-)
-
-diff --git a/include/libhashkit-1.0/hashkit.h b/include/libhashkit-1.0/hashkit.h
-index 0f67e377..09b7edeb 100644
---- a/include/libhashkit-1.0/hashkit.h
-+++ b/include/libhashkit-1.0/hashkit.h
-@@ -49,7 +49,7 @@ struct hashkit_st {
- bool is_allocated : 1;
- } options;
-
-- void *_cryptographic_context;
-+ void *_key;
- };
-
- #ifdef __cplusplus
-diff --git a/src/libhashkit/encrypt.cc b/src/libhashkit/encrypt.cc
-index e7898a6a..effa299f 100644
---- a/src/libhashkit/encrypt.cc
-+++ b/src/libhashkit/encrypt.cc
-@@ -21,44 +21,44 @@
-
- hashkit_string_st *hashkit_encrypt(hashkit_st *kit, const char *source, size_t source_length) {
- #ifdef HAVE_OPENSSL_CRYPTO
-- return aes_encrypt((encryption_context_t *) kit->_cryptographic_context,
-+ return aes_encrypt((encryption_context_t *) kit->_key,
- (const unsigned char *) source, source_length);
- #else
-- return aes_encrypt((aes_key_t *) kit->_cryptographic_context, source,
-+ return aes_encrypt((aes_key_t *) kit->_key, source,
- source_length);
- #endif
- }
-
- hashkit_string_st *hashkit_decrypt(hashkit_st *kit, const char *source, size_t source_length) {
- #ifdef HAVE_OPENSSL_CRYPTO
-- return aes_decrypt((encryption_context_t *) kit->_cryptographic_context,
-+ return aes_decrypt((encryption_context_t *) kit->_key,
- (const unsigned char *) source, source_length);
- #else
-- return aes_decrypt((aes_key_t *)kit->_cryptographic_context, source, source_length);
-+ return aes_decrypt((aes_key_t *)kit->_key, source, source_length);
- #endif
- }
-
- #ifdef HAVE_OPENSSL_CRYPTO
- bool hashkit_key(hashkit_st *kit, const char *key, const size_t key_length) {
-- kit->_cryptographic_context = (encryption_context_t *) malloc(sizeof(encryption_context_t));
-- ((encryption_context_t *) kit->_cryptographic_context)->encryption_context = EVP_CIPHER_CTX_new();
-- ((encryption_context_t *) kit->_cryptographic_context)->decryption_context = EVP_CIPHER_CTX_new();
-- if (((encryption_context_t *) kit->_cryptographic_context)->encryption_context == NULL
-- || ((encryption_context_t *) kit->_cryptographic_context)->decryption_context == NULL)
-+ kit->_key = (encryption_context_t *) malloc(sizeof(encryption_context_t));
-+ ((encryption_context_t *) kit->_key)->encryption_context = EVP_CIPHER_CTX_new();
-+ ((encryption_context_t *) kit->_key)->decryption_context = EVP_CIPHER_CTX_new();
-+ if (((encryption_context_t *) kit->_key)->encryption_context == NULL
-+ || ((encryption_context_t *) kit->_key)->decryption_context == NULL)
- {
- return false;
- }
- return aes_initialize((const unsigned char *) key, key_length,
-- (encryption_context_t *) kit->_cryptographic_context);
-+ (encryption_context_t *) kit->_key);
- }
- #else
- bool hashkit_key(hashkit_st *kit, const char *key, const size_t key_length) {
-- if (kit->_cryptographic_context) {
-- free(kit->_cryptographic_context);
-+ if (kit->_key) {
-+ free(kit->_key);
- }
-
-- kit->_cryptographic_context = aes_create_key(key, key_length);
-+ kit->_key = aes_create_key(key, key_length);
-
-- return bool(kit->_cryptographic_context);
-+ return bool(kit->_key);
- }
- #endif
-diff --git a/src/libhashkit/hashkit.cc b/src/libhashkit/hashkit.cc
-index d15d7372..e61b014d 100644
---- a/src/libhashkit/hashkit.cc
-+++ b/src/libhashkit/hashkit.cc
-@@ -27,7 +27,7 @@ static inline void _hashkit_init(hashkit_st *self) {
- self->distribution_hash.context = NULL;
-
- self->flags.is_base_same_distributed = true;
-- self->_cryptographic_context = NULL;
-+ self->_key = NULL;
- }
-
- static inline hashkit_st *_hashkit_create(hashkit_st *self) {
-@@ -66,14 +66,14 @@ static void cryptographic_context_free(encryption_context_t *context) {
-
- void hashkit_free(hashkit_st *self) {
- #ifdef HAVE_OPENSSL_CRYPTO
-- if (self and self->_cryptographic_context) {
-- cryptographic_context_free((encryption_context_t *)self->_cryptographic_context);
-- self->_cryptographic_context = NULL;
-+ if (self and self->_key) {
-+ cryptographic_context_free((encryption_context_t *)self->_key);
-+ self->_key = NULL;
- }
- #else
-- if (self and self->_cryptographic_context) {
-- free(self->_cryptographic_context);
-- self->_cryptographic_context = NULL;
-+ if (self and self->_key) {
-+ free(self->_key);
-+ self->_key = NULL;
- }
- #endif
-
-@@ -99,19 +99,19 @@ hashkit_st *hashkit_clone(hashkit_st *destination, const hashkit_st *source) {
- destination->distribution_hash = source->distribution_hash;
- destination->flags = source->flags;
- #ifdef HAVE_OPENSSL_CRYPTO
-- if (destination->_cryptographic_context) {
-- cryptographic_context_free((encryption_context_t *)destination->_cryptographic_context);
-- destination->_cryptographic_context = NULL;
-+ if (destination->_key) {
-+ cryptographic_context_free((encryption_context_t *)destination->_key);
-+ destination->_key = NULL;
- }
-- if (source->_cryptographic_context) {
-- destination->_cryptographic_context =
-- aes_clone_cryptographic_context(((encryption_context_t *) source->_cryptographic_context));
-- if (destination->_cryptographic_context) {
-+ if (source->_key) {
-+ destination->_key =
-+ aes_clone_cryptographic_context(((encryption_context_t *) source->_key));
-+ if (destination->_key) {
-
- }
- }
- #else
-- destination->_cryptographic_context = aes_clone_key(static_cast<aes_key_t *>(source->_cryptographic_context));
-+ destination->_key = aes_clone_key(static_cast<aes_key_t *>(source->_key));
- #endif
-
- return destination;
-diff --git a/src/libmemcached/is.h b/src/libmemcached/is.h
-index 3987332f..229fd9b0 100644
---- a/src/libmemcached/is.h
-+++ b/src/libmemcached/is.h
-@@ -17,7 +17,7 @@
-
- /* These are private */
- #define memcached_is_allocated(__object) ((__object)->options.is_allocated)
--#define memcached_is_encrypted(__object) (!!(__object)->hashkit._cryptographic_context)
-+#define memcached_is_encrypted(__object) (!!(__object)->hashkit._key)
- #define memcached_is_initialized(__object) ((__object)->options.is_initialized)
- #define memcached_is_purging(__object) ((__object)->state.is_purging)
- #define memcached_is_processing_input(__object) ((__object)->state.is_processing_input)
---
-2.31.1
-
-From 6f1f694418c7effef13972ea135ce1c735042a8f Mon Sep 17 00:00:00 2001
-From: Michael Wallner <mike@php.net>
-Date: Mon, 12 Jul 2021 15:11:32 +0200
-Subject: [PATCH 4/7] libhashkit/aes: fix logic error in aes_initialize
-
----
- src/libhashkit/aes.cc | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/libhashkit/aes.cc b/src/libhashkit/aes.cc
-index d65a9d91..e4ae96f8 100644
---- a/src/libhashkit/aes.cc
-+++ b/src/libhashkit/aes.cc
-@@ -30,7 +30,7 @@ bool aes_initialize(const unsigned char *key, const size_t key_length,
- encryption_context_t *crypto_context) {
- unsigned char aes_key[AES_KEY_NBYTES];
- unsigned char aes_iv[AES_IV_NBYTES];
-- if (aes_key == NULL || aes_iv == NULL) {
-+ if (!key) {
- return false;
- }
-
---
-2.31.1
-
-From c8300fc7f692c617f1a583a9cb22732a840e7d3e Mon Sep 17 00:00:00 2001
-From: Michael Wallner <mike@php.net>
-Date: Mon, 12 Jul 2021 15:13:53 +0200
-Subject: [PATCH 5/7] libhashkit/aes: fix code indentation
-
----
- src/libhashkit/aes.cc | 94 ++++++++++++++++++++++---------------------
- 1 file changed, 48 insertions(+), 46 deletions(-)
-
-diff --git a/src/libhashkit/aes.cc b/src/libhashkit/aes.cc
-index e4ae96f8..156bcd3d 100644
---- a/src/libhashkit/aes.cc
-+++ b/src/libhashkit/aes.cc
-@@ -55,58 +55,60 @@ bool aes_initialize(const unsigned char *key, const size_t key_length,
-
- hashkit_string_st *aes_encrypt(encryption_context_t *crypto_context, const unsigned char *source,
- size_t source_length) {
--EVP_CIPHER_CTX *encryption_context = crypto_context->encryption_context;
--int cipher_length = source_length + EVP_CIPHER_CTX_block_size(encryption_context);
--int final_length = 0;
--unsigned char *cipher_text = (unsigned char *) malloc(cipher_length);
--if (cipher_text == NULL) {
-- return NULL;
--}
--if (EVP_EncryptInit_ex(encryption_context, NULL, NULL, NULL, NULL) != 1
-- || EVP_EncryptUpdate(encryption_context, cipher_text, &cipher_length, source, source_length)
-- != 1
-- || EVP_EncryptFinal_ex(encryption_context, cipher_text + cipher_length, &final_length) != 1)
--{
-- free(cipher_text);
-- return NULL;
--}
-+ EVP_CIPHER_CTX *encryption_context = crypto_context->encryption_context;
-+ int cipher_length = source_length + EVP_CIPHER_CTX_block_size(encryption_context);
-+ int final_length = 0;
-+ unsigned char *cipher_text = (unsigned char *) malloc(cipher_length);
-+ if (cipher_text == NULL) {
-+ return NULL;
-+ }
-+ if (EVP_EncryptInit_ex(encryption_context, NULL, NULL, NULL, NULL) != 1
-+ || EVP_EncryptUpdate(encryption_context, cipher_text, &cipher_length, source, source_length)
-+ != 1
-+ || EVP_EncryptFinal_ex(encryption_context, cipher_text + cipher_length, &final_length) != 1)
-+ {
-+ free(cipher_text);
-+ return NULL;
-+ }
-
--hashkit_string_st *destination = hashkit_string_create(cipher_length + final_length);
--if (destination == NULL) {
-- return NULL;
--}
--char *dest = hashkit_string_c_str_mutable(destination);
--memcpy(dest, cipher_text, cipher_length + final_length);
--hashkit_string_set_length(destination, cipher_length + final_length);
--return destination;
-+ hashkit_string_st *destination = hashkit_string_create(cipher_length + final_length);
-+ if (destination == NULL) {
-+ return NULL;
-+ }
-+ char *dest = hashkit_string_c_str_mutable(destination);
-+ memcpy(dest, cipher_text, cipher_length + final_length);
-+ hashkit_string_set_length(destination, cipher_length + final_length);
-+ return destination;
- }
-
- hashkit_string_st *aes_decrypt(encryption_context_t *crypto_context, const unsigned char *source,
- size_t source_length) {
--EVP_CIPHER_CTX *decryption_context = crypto_context->decryption_context;
--int plain_text_length = source_length;
--int final_length = 0;
--unsigned char *plain_text = (unsigned char *) malloc(plain_text_length);
--if (plain_text == NULL) {
-- return NULL;
--}
--if (EVP_DecryptInit_ex(decryption_context, NULL, NULL, NULL, NULL) != 1
-- || EVP_DecryptUpdate(decryption_context, plain_text, &plain_text_length, source, source_length)
-- != 1
-- || EVP_DecryptFinal_ex(decryption_context, plain_text + plain_text_length, &final_length) != 1)
--{
-- free(plain_text);
-- return NULL;
--}
-+ EVP_CIPHER_CTX *decryption_context = crypto_context->decryption_context;
-+ int plain_text_length = source_length;
-+ int final_length = 0;
-+ unsigned char *plain_text = (unsigned char *) malloc(plain_text_length);
-+ if (plain_text == NULL) {
-+ return NULL;
-+ }
-+ if (EVP_DecryptInit_ex(decryption_context, NULL, NULL, NULL, NULL) != 1
-+ || EVP_DecryptUpdate(decryption_context, plain_text, &plain_text_length, source,
-+ source_length)
-+ != 1
-+ || EVP_DecryptFinal_ex(decryption_context, plain_text + plain_text_length, &final_length)
-+ != 1)
-+ {
-+ free(plain_text);
-+ return NULL;
-+ }
-
--hashkit_string_st *destination = hashkit_string_create(plain_text_length + final_length);
--if (destination == NULL) {
-- return NULL;
--}
--char *dest = hashkit_string_c_str_mutable(destination);
--memcpy(dest, plain_text, plain_text_length + final_length);
--hashkit_string_set_length(destination, plain_text_length + final_length);
--return destination;
-+ hashkit_string_st *destination = hashkit_string_create(plain_text_length + final_length);
-+ if (destination == NULL) {
-+ return NULL;
-+ }
-+ char *dest = hashkit_string_c_str_mutable(destination);
-+ memcpy(dest, plain_text, plain_text_length + final_length);
-+ hashkit_string_set_length(destination, plain_text_length + final_length);
-+ return destination;
- }
-
- encryption_context_t *aes_clone_cryptographic_context(encryption_context_t *source) {
---
-2.31.1
-
-From 72df8af3b9cc00f590afa31371be571c1169a268 Mon Sep 17 00:00:00 2001
-From: Michael Wallner <mike@php.net>
-Date: Mon, 12 Jul 2021 15:59:57 +0200
-Subject: [PATCH 6/7] libhashkit/aes: simplify code
-
----
- src/libhashkit/aes.cc | 125 ++++++++++++++++++++++++--------------
- src/libhashkit/aes.h | 26 +-------
- src/libhashkit/encrypt.cc | 31 +---------
- src/libhashkit/hashkit.cc | 37 +----------
- 4 files changed, 87 insertions(+), 132 deletions(-)
-
-diff --git a/src/libhashkit/aes.cc b/src/libhashkit/aes.cc
-index 156bcd3d..86a41dd7 100644
---- a/src/libhashkit/aes.cc
-+++ b/src/libhashkit/aes.cc
-@@ -26,45 +26,60 @@
- #define AES_KEY_NBYTES 32
- #define AES_IV_NBYTES 32
-
--bool aes_initialize(const unsigned char *key, const size_t key_length,
-- encryption_context_t *crypto_context) {
-+struct aes_key_t {
-+ EVP_CIPHER_CTX *encryption_context;
-+ EVP_CIPHER_CTX *decryption_context;
-+};
-+
-+
-+aes_key_t *aes_create_key(const char *key, const size_t key_length) {
- unsigned char aes_key[AES_KEY_NBYTES];
- unsigned char aes_iv[AES_IV_NBYTES];
-+ const unsigned char *ukey = (const unsigned char *) key;
-+
- if (!key) {
-- return false;
-+ return NULL;
- }
-
-- int i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha256(), NULL, key, key_length, DIGEST_ROUNDS,
-+ int i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha256(), NULL, ukey, key_length, DIGEST_ROUNDS,
- aes_key, aes_iv);
- if (i != AES_KEY_NBYTES) {
-- return false;
-+ return NULL;
- }
-
-- EVP_CIPHER_CTX_init(crypto_context->encryption_context);
-- EVP_CIPHER_CTX_init(crypto_context->decryption_context);
-- if (EVP_EncryptInit_ex(crypto_context->encryption_context, EVP_aes_256_cbc(), NULL, key, aes_iv)
-- != 1
-- || EVP_DecryptInit_ex(crypto_context->decryption_context, EVP_aes_256_cbc(), NULL, key,
-- aes_iv)
-- != 1)
-+ aes_key_t *aes_ctx = (aes_key_t *) malloc(sizeof(aes_key_t));
-+
-+ if (!(aes_ctx->encryption_context = EVP_CIPHER_CTX_new())) {
-+ return NULL;
-+ }
-+ if (!(aes_ctx->decryption_context = EVP_CIPHER_CTX_new())) {
-+ EVP_CIPHER_CTX_free(aes_ctx->encryption_context);
-+ return NULL;
-+ }
-+
-+ EVP_CIPHER_CTX_init(aes_ctx->encryption_context);
-+ EVP_CIPHER_CTX_init(aes_ctx->decryption_context);
-+ if (EVP_EncryptInit_ex(aes_ctx->encryption_context, EVP_aes_256_cbc(), NULL, ukey, aes_iv) != 1
-+ || EVP_DecryptInit_ex(aes_ctx->decryption_context, EVP_aes_256_cbc(), NULL, ukey, aes_iv) != 1)
- {
-- return false;
-+ aes_free_key(aes_ctx);
-+ return NULL;
- }
-- return true;
-+
-+ return aes_ctx;
- }
-
--hashkit_string_st *aes_encrypt(encryption_context_t *crypto_context, const unsigned char *source,
-- size_t source_length) {
-- EVP_CIPHER_CTX *encryption_context = crypto_context->encryption_context;
-+hashkit_string_st *aes_encrypt(aes_key_t *ctx, const char *source, size_t source_length) {
-+ EVP_CIPHER_CTX *encryption_context = ctx->encryption_context;
- int cipher_length = source_length + EVP_CIPHER_CTX_block_size(encryption_context);
- int final_length = 0;
-+ const unsigned char *usource = (const unsigned char *) source;
- unsigned char *cipher_text = (unsigned char *) malloc(cipher_length);
-- if (cipher_text == NULL) {
-+ if (!cipher_text) {
- return NULL;
- }
- if (EVP_EncryptInit_ex(encryption_context, NULL, NULL, NULL, NULL) != 1
-- || EVP_EncryptUpdate(encryption_context, cipher_text, &cipher_length, source, source_length)
-- != 1
-+ || EVP_EncryptUpdate(encryption_context, cipher_text, &cipher_length, usource, source_length) != 1
- || EVP_EncryptFinal_ex(encryption_context, cipher_text + cipher_length, &final_length) != 1)
- {
- free(cipher_text);
-@@ -72,7 +87,7 @@ hashkit_string_st *aes_encrypt(encryption_context_t *crypto_context, const unsig
- }
-
- hashkit_string_st *destination = hashkit_string_create(cipher_length + final_length);
-- if (destination == NULL) {
-+ if (!destination) {
- return NULL;
- }
- char *dest = hashkit_string_c_str_mutable(destination);
-@@ -81,28 +96,25 @@ hashkit_string_st *aes_encrypt(encryption_context_t *crypto_context, const unsig
- return destination;
- }
-
--hashkit_string_st *aes_decrypt(encryption_context_t *crypto_context, const unsigned char *source,
-- size_t source_length) {
-- EVP_CIPHER_CTX *decryption_context = crypto_context->decryption_context;
-+hashkit_string_st *aes_decrypt(aes_key_t *ctx, const char *source, size_t source_length) {
-+ EVP_CIPHER_CTX *decryption_context = ctx->decryption_context;
- int plain_text_length = source_length;
- int final_length = 0;
-+ const unsigned char *usource = (const unsigned char *) source;
- unsigned char *plain_text = (unsigned char *) malloc(plain_text_length);
-- if (plain_text == NULL) {
-+ if (!plain_text) {
- return NULL;
- }
- if (EVP_DecryptInit_ex(decryption_context, NULL, NULL, NULL, NULL) != 1
-- || EVP_DecryptUpdate(decryption_context, plain_text, &plain_text_length, source,
-- source_length)
-- != 1
-- || EVP_DecryptFinal_ex(decryption_context, plain_text + plain_text_length, &final_length)
-- != 1)
-+ || EVP_DecryptUpdate(decryption_context, plain_text, &plain_text_length, usource, source_length) != 1
-+ || EVP_DecryptFinal_ex(decryption_context, plain_text + plain_text_length, &final_length) != 1)
- {
- free(plain_text);
- return NULL;
- }
-
- hashkit_string_st *destination = hashkit_string_create(plain_text_length + final_length);
-- if (destination == NULL) {
-+ if (!destination) {
- return NULL;
- }
- char *dest = hashkit_string_c_str_mutable(destination);
-@@ -111,22 +123,40 @@ hashkit_string_st *aes_decrypt(encryption_context_t *crypto_context, const unsig
- return destination;
- }
-
--encryption_context_t *aes_clone_cryptographic_context(encryption_context_t *source) {
-- encryption_context_t *new_context = (encryption_context_t *) malloc(sizeof(encryption_context_t));
-- if (new_context == NULL)
-+aes_key_t *aes_clone_key(aes_key_t *old_context) {
-+ if (!old_context) {
- return NULL;
-+ }
-
-- new_context->encryption_context = EVP_CIPHER_CTX_new();
-- new_context->decryption_context = EVP_CIPHER_CTX_new();
-- if (new_context->encryption_context == NULL || new_context->decryption_context == NULL) {
-- free(new_context);
-- return NULL;
-+ aes_key_t *new_context = (aes_key_t *) malloc(sizeof(aes_key_t));
-+ if (new_context) {
-+ new_context->encryption_context = EVP_CIPHER_CTX_new();
-+ new_context->decryption_context = EVP_CIPHER_CTX_new();
-+ if (!new_context->encryption_context || !new_context->decryption_context) {
-+ aes_free_key(new_context);
-+ return NULL;
-+ }
-+ EVP_CIPHER_CTX_copy(new_context->encryption_context, old_context->encryption_context);
-+ EVP_CIPHER_CTX_copy(new_context->decryption_context, old_context->decryption_context);
- }
-- EVP_CIPHER_CTX_copy(new_context->encryption_context, source->encryption_context);
-- EVP_CIPHER_CTX_copy(new_context->decryption_context, source->decryption_context);
-+
- return new_context;
- }
-
-+void aes_free_key(aes_key_t *context) {
-+ if (context) {
-+ if (context->encryption_context) {
-+ EVP_CIPHER_CTX_free(context->encryption_context);
-+ context->encryption_context = NULL;
-+ }
-+ if (context->decryption_context) {
-+ EVP_CIPHER_CTX_free(context->decryption_context);
-+ context->decryption_context = NULL;
-+ }
-+ free(context);
-+ }
-+}
-+
- #else
-
- # include "libhashkit/rijndael.hpp"
-@@ -172,7 +202,7 @@ aes_key_t *aes_create_key(const char *key, const size_t key_length) {
- }
-
- aes_key_t *aes_clone_key(aes_key_t *_aes_key) {
-- if (_aes_key == NULL) {
-+ if (!_aes_key) {
- return NULL;
- }
-
-@@ -185,7 +215,7 @@ aes_key_t *aes_clone_key(aes_key_t *_aes_key) {
- }
-
- hashkit_string_st *aes_encrypt(aes_key_t *_aes_key, const char *source, size_t source_length) {
-- if (_aes_key == NULL) {
-+ if (!_aes_key) {
- return NULL;
- }
-
-@@ -214,7 +244,7 @@ hashkit_string_st *aes_encrypt(aes_key_t *_aes_key, const char *source, size_t s
- }
-
- hashkit_string_st *aes_decrypt(aes_key_t *_aes_key, const char *source, size_t source_length) {
-- if (_aes_key == NULL) {
-+ if (!_aes_key) {
- return NULL;
- }
-
-@@ -252,4 +282,11 @@ hashkit_string_st *aes_decrypt(aes_key_t *_aes_key, const char *source, size_t s
-
- return destination;
- }
-+
-+void aes_free_key(aes_key_t *key) {
-+ if (key) {
-+ free(key);
-+ }
-+}
-+
- #endif
-diff --git a/src/libhashkit/aes.h b/src/libhashkit/aes.h
-index 243d501f..4d3e6d7f 100644
---- a/src/libhashkit/aes.h
-+++ b/src/libhashkit/aes.h
-@@ -15,34 +15,14 @@
-
- #pragma once
-
--#ifdef HAVE_OPENSSL_CRYPTO
--
--#include <openssl/evp.h>
--
--typedef struct encryption_context {
-- EVP_CIPHER_CTX *encryption_context;
-- EVP_CIPHER_CTX *decryption_context;
--} encryption_context_t;
--
--hashkit_string_st *aes_encrypt(encryption_context_t *crypto_context, const unsigned char *source,
-- size_t source_length);
--
--hashkit_string_st *aes_decrypt(encryption_context_t *crypto_context, const unsigned char *source,
-- size_t source_length);
--
--bool aes_initialize(const unsigned char *key, const size_t key_length,
-- encryption_context_t *crypto_context);
--
--encryption_context_t *aes_clone_cryptographic_context(encryption_context_t *source);
--#else
--
- struct aes_key_t;
-
- hashkit_string_st *aes_encrypt(aes_key_t *_aes_key, const char *source, size_t source_length);
-
- hashkit_string_st *aes_decrypt(aes_key_t *_aes_key, const char *source, size_t source_length);
-
--aes_key_t *aes_create_key(const char *key, const size_t key_length);
-+aes_key_t *aes_create_key(const char *key, size_t key_length);
-
- aes_key_t *aes_clone_key(aes_key_t *_aes_key);
--#endif
-+
-+void aes_free_key(aes_key_t *_aes_key);
-diff --git a/src/libhashkit/encrypt.cc b/src/libhashkit/encrypt.cc
-index effa299f..ff269c05 100644
---- a/src/libhashkit/encrypt.cc
-+++ b/src/libhashkit/encrypt.cc
-@@ -15,50 +15,21 @@
-
- #include "libhashkit/common.h"
-
--#ifdef HAVE_OPENSSL_CRYPTO
--# include <openssl/evp.h>
--#endif
--
- hashkit_string_st *hashkit_encrypt(hashkit_st *kit, const char *source, size_t source_length) {
--#ifdef HAVE_OPENSSL_CRYPTO
-- return aes_encrypt((encryption_context_t *) kit->_key,
-- (const unsigned char *) source, source_length);
--#else
- return aes_encrypt((aes_key_t *) kit->_key, source,
- source_length);
--#endif
- }
-
- hashkit_string_st *hashkit_decrypt(hashkit_st *kit, const char *source, size_t source_length) {
--#ifdef HAVE_OPENSSL_CRYPTO
-- return aes_decrypt((encryption_context_t *) kit->_key,
-- (const unsigned char *) source, source_length);
--#else
- return aes_decrypt((aes_key_t *)kit->_key, source, source_length);
--#endif
- }
-
--#ifdef HAVE_OPENSSL_CRYPTO
--bool hashkit_key(hashkit_st *kit, const char *key, const size_t key_length) {
-- kit->_key = (encryption_context_t *) malloc(sizeof(encryption_context_t));
-- ((encryption_context_t *) kit->_key)->encryption_context = EVP_CIPHER_CTX_new();
-- ((encryption_context_t *) kit->_key)->decryption_context = EVP_CIPHER_CTX_new();
-- if (((encryption_context_t *) kit->_key)->encryption_context == NULL
-- || ((encryption_context_t *) kit->_key)->decryption_context == NULL)
-- {
-- return false;
-- }
-- return aes_initialize((const unsigned char *) key, key_length,
-- (encryption_context_t *) kit->_key);
--}
--#else
- bool hashkit_key(hashkit_st *kit, const char *key, const size_t key_length) {
- if (kit->_key) {
-- free(kit->_key);
-+ aes_free_key((aes_key_t *) kit->_key);
- }
-
- kit->_key = aes_create_key(key, key_length);
-
- return bool(kit->_key);
- }
--#endif
-diff --git a/src/libhashkit/hashkit.cc b/src/libhashkit/hashkit.cc
-index e61b014d..63b7f62e 100644
---- a/src/libhashkit/hashkit.cc
-+++ b/src/libhashkit/hashkit.cc
-@@ -15,10 +15,6 @@
-
- #include "libhashkit/common.h"
-
--#ifdef HAVE_OPENSSL_CRYPTO
--# include <openssl/evp.h>
--#endif
--
- static inline void _hashkit_init(hashkit_st *self) {
- self->base_hash.function = hashkit_one_at_a_time;
- self->base_hash.context = NULL;
-@@ -56,26 +52,11 @@ hashkit_st *hashkit_create(hashkit_st *self) {
- return self;
- }
-
--#ifdef HAVE_OPENSSL_CRYPTO
--static void cryptographic_context_free(encryption_context_t *context) {
-- EVP_CIPHER_CTX_free(context->encryption_context);
-- EVP_CIPHER_CTX_free(context->decryption_context);
-- free(context);
--}
--#endif
--
- void hashkit_free(hashkit_st *self) {
--#ifdef HAVE_OPENSSL_CRYPTO
- if (self and self->_key) {
-- cryptographic_context_free((encryption_context_t *)self->_key);
-+ aes_free_key((aes_key_t *) self->_key);
- self->_key = NULL;
- }
--#else
-- if (self and self->_key) {
-- free(self->_key);
-- self->_key = NULL;
-- }
--#endif
-
- if (hashkit_is_allocated(self)) {
- free(self);
-@@ -98,21 +79,7 @@ hashkit_st *hashkit_clone(hashkit_st *destination, const hashkit_st *source) {
- destination->base_hash = source->base_hash;
- destination->distribution_hash = source->distribution_hash;
- destination->flags = source->flags;
--#ifdef HAVE_OPENSSL_CRYPTO
-- if (destination->_key) {
-- cryptographic_context_free((encryption_context_t *)destination->_key);
-- destination->_key = NULL;
-- }
-- if (source->_key) {
-- destination->_key =
-- aes_clone_cryptographic_context(((encryption_context_t *) source->_key));
-- if (destination->_key) {
--
-- }
-- }
--#else
-- destination->_key = aes_clone_key(static_cast<aes_key_t *>(source->_key));
--#endif
-+ destination->_key = aes_clone_key((aes_key_t *) source->_key);
-
- return destination;
- }
---
-2.31.1
-