summaryrefslogtreecommitdiffstats
path: root/src/crypto/cipher
diff options
context:
space:
mode:
authorKenny Root <kroot@google.com>2015-10-02 16:09:15 -0700
committerKenny Root <kroot@google.com>2015-10-02 16:09:49 -0700
commitfe7305364c3369f9222a61646c5c9842eae9bceb (patch)
tree360ada970b7bb1046ae069d253ba24d9622eb3ad /src/crypto/cipher
parent691ef9d0ff0ece39ffd6a58960a7cd195ef584ae (diff)
parentb452bce3bf2034466cee6206ebf3994409468ee4 (diff)
downloadexternal_boringssl-fe7305364c3369f9222a61646c5c9842eae9bceb.zip
external_boringssl-fe7305364c3369f9222a61646c5c9842eae9bceb.tar.gz
external_boringssl-fe7305364c3369f9222a61646c5c9842eae9bceb.tar.bz2
Merge mnc-dr-dev-plus-aosp into mnc-ub-dev
This pulls in the latest version of BoringSSL. Change-Id: I0ab5c73d60f41a696c9a828fac87670aaca10dec
Diffstat (limited to 'src/crypto/cipher')
-rw-r--r--src/crypto/cipher/CMakeLists.txt2
-rw-r--r--src/crypto/cipher/aead.c15
-rw-r--r--src/crypto/cipher/aead_test.cc62
-rw-r--r--src/crypto/cipher/cipher.c41
-rw-r--r--src/crypto/cipher/cipher_test.cc57
-rw-r--r--src/crypto/cipher/e_aes.c108
-rw-r--r--src/crypto/cipher/e_chacha20poly1305.c22
-rw-r--r--src/crypto/cipher/e_des.c78
-rw-r--r--src/crypto/cipher/e_rc2.c27
-rw-r--r--src/crypto/cipher/e_rc4.c22
-rw-r--r--src/crypto/cipher/e_ssl3.c56
-rw-r--r--src/crypto/cipher/e_tls.c56
-rw-r--r--src/crypto/cipher/test/aes_128_gcm_tests.txt6
-rw-r--r--src/crypto/cipher/test/cipher_test.txt60
14 files changed, 407 insertions, 205 deletions
diff --git a/src/crypto/cipher/CMakeLists.txt b/src/crypto/cipher/CMakeLists.txt
index 2775698..6b4c729 100644
--- a/src/crypto/cipher/CMakeLists.txt
+++ b/src/crypto/cipher/CMakeLists.txt
@@ -1,4 +1,4 @@
-include_directories(. .. ../../include)
+include_directories(../../include)
add_library(
cipher
diff --git a/src/crypto/cipher/aead.c b/src/crypto/cipher/aead.c
index 20d699d..7e747f8 100644
--- a/src/crypto/cipher/aead.c
+++ b/src/crypto/cipher/aead.c
@@ -30,11 +30,15 @@ size_t EVP_AEAD_max_overhead(const EVP_AEAD *aead) { return aead->overhead; }
size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead) { return aead->max_tag_len; }
+void EVP_AEAD_CTX_zero(EVP_AEAD_CTX *ctx) {
+ memset(ctx, 0, sizeof(EVP_AEAD_CTX));
+}
+
int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
const uint8_t *key, size_t key_len, size_t tag_len,
ENGINE *impl) {
if (!aead->init) {
- OPENSSL_PUT_ERROR(CIPHER, EVP_AEAD_CTX_init, CIPHER_R_NO_DIRECTION_SET);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_NO_DIRECTION_SET);
ctx->aead = NULL;
return 0;
}
@@ -47,8 +51,7 @@ int EVP_AEAD_CTX_init_with_direction(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
size_t tag_len,
enum evp_aead_direction_t dir) {
if (key_len != aead->key_len) {
- OPENSSL_PUT_ERROR(CIPHER, EVP_AEAD_CTX_init_with_direction,
- CIPHER_R_UNSUPPORTED_KEY_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_KEY_SIZE);
ctx->aead = NULL;
return 0;
}
@@ -101,12 +104,12 @@ int EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len,
size_t possible_out_len = in_len + ctx->aead->overhead;
if (possible_out_len < in_len /* overflow */) {
- OPENSSL_PUT_ERROR(CIPHER, EVP_AEAD_CTX_seal, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
goto error;
}
if (!check_alias(in, in_len, out)) {
- OPENSSL_PUT_ERROR(CIPHER, EVP_AEAD_CTX_seal, CIPHER_R_OUTPUT_ALIASES_INPUT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_OUTPUT_ALIASES_INPUT);
goto error;
}
@@ -128,7 +131,7 @@ int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len,
size_t nonce_len, const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
if (!check_alias(in, in_len, out)) {
- OPENSSL_PUT_ERROR(CIPHER, EVP_AEAD_CTX_open, CIPHER_R_OUTPUT_ALIASES_INPUT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_OUTPUT_ALIASES_INPUT);
goto error;
}
diff --git a/src/crypto/cipher/aead_test.cc b/src/crypto/cipher/aead_test.cc
index e4b75d6..baaee9e 100644
--- a/src/crypto/cipher/aead_test.cc
+++ b/src/crypto/cipher/aead_test.cc
@@ -22,6 +22,7 @@
#include <openssl/err.h>
#include "../test/file_test.h"
+#include "../test/scoped_types.h"
#include "../test/stl_compat.h"
@@ -35,18 +36,6 @@
// CT: 5294265a60
// TAG: 1d45758621762e061368e68868e2f929
-// EVP_AEAD_CTX lacks a zero state, so it doesn't fit easily into
-// ScopedOpenSSLContext.
-class EVP_AEAD_CTXScoper {
- public:
- EVP_AEAD_CTXScoper(EVP_AEAD_CTX *ctx) : ctx_(ctx) {}
- ~EVP_AEAD_CTXScoper() {
- EVP_AEAD_CTX_cleanup(ctx_);
- }
- private:
- EVP_AEAD_CTX *ctx_;
-};
-
static bool TestAEAD(FileTest *t, void *arg) {
const EVP_AEAD *aead = reinterpret_cast<const EVP_AEAD*>(arg);
@@ -60,20 +49,19 @@ static bool TestAEAD(FileTest *t, void *arg) {
return false;
}
- EVP_AEAD_CTX ctx;
- if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bssl::vector_data(&key),
- key.size(), tag.size(),
- evp_aead_seal)) {
+ ScopedEVP_AEAD_CTX ctx;
+ if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead,
+ bssl::vector_data(&key), key.size(),
+ tag.size(), evp_aead_seal)) {
t->PrintLine("Failed to init AEAD.");
return false;
}
- EVP_AEAD_CTXScoper cleanup(&ctx);
std::vector<uint8_t> out(in.size() + EVP_AEAD_max_overhead(aead));
if (!t->HasAttribute("NO_SEAL")) {
size_t out_len;
- if (!EVP_AEAD_CTX_seal(&ctx, bssl::vector_data(&out), &out_len, out.size(),
- bssl::vector_data(&nonce), nonce.size(),
+ if (!EVP_AEAD_CTX_seal(ctx.get(), bssl::vector_data(&out), &out_len,
+ out.size(), bssl::vector_data(&nonce), nonce.size(),
bssl::vector_data(&in), in.size(),
bssl::vector_data(&ad), ad.size())) {
t->PrintLine("Failed to run AEAD.");
@@ -101,17 +89,17 @@ static bool TestAEAD(FileTest *t, void *arg) {
// The "stateful" AEADs for implementing pre-AEAD cipher suites need to be
// reset after each operation.
- EVP_AEAD_CTX_cleanup(&ctx);
- if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bssl::vector_data(&key),
- key.size(), tag.size(),
- evp_aead_open)) {
+ ctx.Reset();
+ if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead,
+ bssl::vector_data(&key), key.size(),
+ tag.size(), evp_aead_open)) {
t->PrintLine("Failed to init AEAD.");
return false;
}
std::vector<uint8_t> out2(out.size());
size_t out2_len;
- int ret = EVP_AEAD_CTX_open(&ctx,
+ int ret = EVP_AEAD_CTX_open(ctx.get(),
bssl::vector_data(&out2), &out2_len, out2.size(),
bssl::vector_data(&nonce), nonce.size(),
bssl::vector_data(&out), out.size(),
@@ -137,10 +125,10 @@ static bool TestAEAD(FileTest *t, void *arg) {
// The "stateful" AEADs for implementing pre-AEAD cipher suites need to be
// reset after each operation.
- EVP_AEAD_CTX_cleanup(&ctx);
- if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bssl::vector_data(&key),
- key.size(), tag.size(),
- evp_aead_open)) {
+ ctx.Reset();
+ if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead,
+ bssl::vector_data(&key), key.size(),
+ tag.size(), evp_aead_open)) {
t->PrintLine("Failed to init AEAD.");
return false;
}
@@ -148,8 +136,8 @@ static bool TestAEAD(FileTest *t, void *arg) {
// Garbage at the end isn't ignored.
out.push_back(0);
out2.resize(out.size());
- if (EVP_AEAD_CTX_open(&ctx, bssl::vector_data(&out2), &out2_len, out2.size(),
- bssl::vector_data(&nonce), nonce.size(),
+ if (EVP_AEAD_CTX_open(ctx.get(), bssl::vector_data(&out2), &out2_len,
+ out2.size(), bssl::vector_data(&nonce), nonce.size(),
bssl::vector_data(&out), out.size(),
bssl::vector_data(&ad), ad.size())) {
t->PrintLine("Decrypted bad data with trailing garbage.");
@@ -159,10 +147,10 @@ static bool TestAEAD(FileTest *t, void *arg) {
// The "stateful" AEADs for implementing pre-AEAD cipher suites need to be
// reset after each operation.
- EVP_AEAD_CTX_cleanup(&ctx);
- if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bssl::vector_data(&key),
- key.size(), tag.size(),
- evp_aead_open)) {
+ ctx.Reset();
+ if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead,
+ bssl::vector_data(&key), key.size(),
+ tag.size(), evp_aead_open)) {
t->PrintLine("Failed to init AEAD.");
return false;
}
@@ -171,8 +159,8 @@ static bool TestAEAD(FileTest *t, void *arg) {
out[0] ^= 0x80;
out.resize(out.size() - 1);
out2.resize(out.size());
- if (EVP_AEAD_CTX_open(&ctx, bssl::vector_data(&out2), &out2_len, out2.size(),
- bssl::vector_data(&nonce), nonce.size(),
+ if (EVP_AEAD_CTX_open(ctx.get(), bssl::vector_data(&out2), &out2_len,
+ out2.size(), bssl::vector_data(&nonce), nonce.size(),
bssl::vector_data(&out), out.size(),
bssl::vector_data(&ad), ad.size())) {
t->PrintLine("Decrypted bad data with corrupted byte.");
@@ -200,6 +188,7 @@ static int TestCleanupAfterInitFailure(const EVP_AEAD *aead) {
fprintf(stderr, "A silly tag length didn't trigger an error!\n");
return 0;
}
+ ERR_clear_error();
/* Running a second, failed _init should not cause a memory leak. */
if (EVP_AEAD_CTX_init(&ctx, aead, key, key_len,
@@ -208,6 +197,7 @@ static int TestCleanupAfterInitFailure(const EVP_AEAD *aead) {
fprintf(stderr, "A silly tag length didn't trigger an error!\n");
return 0;
}
+ ERR_clear_error();
/* Calling _cleanup on an |EVP_AEAD_CTX| after a failed _init should be a
* no-op. */
diff --git a/src/crypto/cipher/cipher.c b/src/crypto/cipher/cipher.c
index 400c3f5..4401867 100644
--- a/src/crypto/cipher/cipher.c
+++ b/src/crypto/cipher/cipher.c
@@ -68,12 +68,18 @@
const EVP_CIPHER *EVP_get_cipherbynid(int nid) {
switch (nid) {
+ case NID_rc2_cbc:
+ return EVP_rc2_cbc();
+ case NID_rc2_40_cbc:
+ return EVP_rc2_40_cbc();
case NID_des_ede3_cbc:
return EVP_des_ede3_cbc();
case NID_des_ede_cbc:
return EVP_des_cbc();
case NID_aes_128_cbc:
return EVP_aes_128_cbc();
+ case NID_aes_192_cbc:
+ return EVP_aes_192_cbc();
case NID_aes_256_cbc:
return EVP_aes_256_cbc();
default:
@@ -115,7 +121,7 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) {
int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) {
if (in == NULL || in->cipher == NULL) {
- OPENSSL_PUT_ERROR(CIPHER, EVP_CIPHER_CTX_copy, CIPHER_R_INPUT_NOT_INITIALIZED);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INPUT_NOT_INITIALIZED);
return 0;
}
@@ -125,7 +131,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) {
if (in->cipher_data && in->cipher->ctx_size) {
out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
if (!out->cipher_data) {
- OPENSSL_PUT_ERROR(CIPHER, EVP_CIPHER_CTX_copy, ERR_R_MALLOC_FAILURE);
+ OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE);
return 0;
}
memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
@@ -165,7 +171,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size);
if (!ctx->cipher_data) {
ctx->cipher = NULL;
- OPENSSL_PUT_ERROR(CIPHER, EVP_CipherInit_ex, ERR_R_MALLOC_FAILURE);
+ OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE);
return 0;
}
} else {
@@ -178,12 +184,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
ctx->cipher = NULL;
- OPENSSL_PUT_ERROR(CIPHER, EVP_CipherInit_ex, CIPHER_R_INITIALIZATION_ERROR);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INITIALIZATION_ERROR);
return 0;
}
}
} else if (!ctx->cipher) {
- OPENSSL_PUT_ERROR(CIPHER, EVP_CipherInit_ex, CIPHER_R_NO_CIPHER_SET);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_NO_CIPHER_SET);
return 0;
}
@@ -338,8 +344,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len) {
bl = ctx->buf_len;
if (ctx->flags & EVP_CIPH_NO_PADDING) {
if (bl) {
- OPENSSL_PUT_ERROR(CIPHER, EVP_EncryptFinal_ex,
- CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
return 0;
}
*out_len = 0;
@@ -434,8 +439,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len) {
b = ctx->cipher->block_size;
if (ctx->flags & EVP_CIPH_NO_PADDING) {
if (ctx->buf_len) {
- OPENSSL_PUT_ERROR(CIPHER, EVP_DecryptFinal_ex,
- CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
return 0;
}
*out_len = 0;
@@ -444,8 +448,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len) {
if (b > 1) {
if (ctx->buf_len || !ctx->final_used) {
- OPENSSL_PUT_ERROR(CIPHER, EVP_DecryptFinal_ex,
- CIPHER_R_WRONG_FINAL_BLOCK_LENGTH);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_WRONG_FINAL_BLOCK_LENGTH);
return 0;
}
assert(b <= sizeof(ctx->final));
@@ -454,13 +457,13 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len) {
* Otherwise it provides a padding oracle. */
n = ctx->final[b - 1];
if (n == 0 || n > (int)b) {
- OPENSSL_PUT_ERROR(CIPHER, EVP_DecryptFinal_ex, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
for (i = 0; i < n; i++) {
if (ctx->final[--b] != n) {
- OPENSSL_PUT_ERROR(CIPHER, EVP_DecryptFinal_ex, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
}
@@ -538,19 +541,18 @@ uint32_t EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx) {
int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int command, int arg, void *ptr) {
int ret;
if (!ctx->cipher) {
- OPENSSL_PUT_ERROR(CIPHER, EVP_CIPHER_CTX_ctrl, CIPHER_R_NO_CIPHER_SET);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_NO_CIPHER_SET);
return 0;
}
if (!ctx->cipher->ctrl) {
- OPENSSL_PUT_ERROR(CIPHER, EVP_CIPHER_CTX_ctrl, CIPHER_R_CTRL_NOT_IMPLEMENTED);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_CTRL_NOT_IMPLEMENTED);
return 0;
}
ret = ctx->cipher->ctrl(ctx, command, arg, ptr);
if (ret == -1) {
- OPENSSL_PUT_ERROR(CIPHER, EVP_CIPHER_CTX_ctrl,
- CIPHER_R_CTRL_OPERATION_NOT_IMPLEMENTED);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_CTRL_OPERATION_NOT_IMPLEMENTED);
return 0;
}
@@ -572,8 +574,7 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, unsigned key_len) {
}
if (key_len == 0 || !(c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
- OPENSSL_PUT_ERROR(CIPHER, EVP_CIPHER_CTX_set_key_length,
- CIPHER_R_INVALID_KEY_LENGTH);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_KEY_LENGTH);
return 0;
}
@@ -630,7 +631,7 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) {
return EVP_rc4();
} else if (OPENSSL_strcasecmp(name, "des-cbc") == 0) {
return EVP_des_cbc();
- } else if (OPENSSL_strcasecmp(name, "3des-cbc") == 0 ||
+ } else if (OPENSSL_strcasecmp(name, "des-ede3-cbc") == 0 ||
OPENSSL_strcasecmp(name, "3des") == 0) {
return EVP_des_ede3_cbc();
} else if (OPENSSL_strcasecmp(name, "aes-128-cbc") == 0) {
diff --git a/src/crypto/cipher/cipher_test.cc b/src/crypto/cipher/cipher_test.cc
index 97a84e0..5f04178 100644
--- a/src/crypto/cipher/cipher_test.cc
+++ b/src/crypto/cipher/cipher_test.cc
@@ -69,6 +69,12 @@
static const EVP_CIPHER *GetCipher(const std::string &name) {
if (name == "DES-CBC") {
return EVP_des_cbc();
+ } else if (name == "DES-ECB") {
+ return EVP_des_ecb();
+ } else if (name == "DES-EDE") {
+ return EVP_des_ede();
+ } else if (name == "DES-EDE-CBC") {
+ return EVP_des_ede_cbc();
} else if (name == "DES-EDE3-CBC") {
return EVP_des_ede3_cbc();
} else if (name == "RC4") {
@@ -104,6 +110,7 @@ static const EVP_CIPHER *GetCipher(const std::string &name) {
static bool TestOperation(FileTest *t,
const EVP_CIPHER *cipher,
bool encrypt,
+ bool streaming,
const std::vector<uint8_t> &key,
const std::vector<uint8_t> &iv,
const std::vector<uint8_t> &plaintext,
@@ -160,11 +167,29 @@ static bool TestOperation(FileTest *t,
(!aad.empty() &&
!EVP_CipherUpdate(ctx.get(), nullptr, &unused, bssl::vector_data(&aad),
aad.size())) ||
- !EVP_CIPHER_CTX_set_padding(ctx.get(), 0) ||
- (!in->empty() &&
- !EVP_CipherUpdate(ctx.get(), bssl::vector_data(&result), &result_len1,
- bssl::vector_data(in), in->size())) ||
- !EVP_CipherFinal_ex(ctx.get(), bssl::vector_data(&result) + result_len1,
+ !EVP_CIPHER_CTX_set_padding(ctx.get(), 0)) {
+ t->PrintLine("Operation failed.");
+ return false;
+ }
+ if (streaming) {
+ for (size_t i = 0; i < in->size(); i++) {
+ uint8_t c = (*in)[i];
+ int len;
+ if (!EVP_CipherUpdate(ctx.get(), bssl::vector_data(&result) + result_len1,
+ &len, &c, 1)) {
+ t->PrintLine("Operation failed.");
+ return false;
+ }
+ result_len1 += len;
+ }
+ } else if (!in->empty() &&
+ !EVP_CipherUpdate(ctx.get(), bssl::vector_data(&result),
+ &result_len1, bssl::vector_data(in),
+ in->size())) {
+ t->PrintLine("Operation failed.");
+ return false;
+ }
+ if (!EVP_CipherFinal_ex(ctx.get(), bssl::vector_data(&result) + result_len1,
&result_len2)) {
t->PrintLine("Operation failed.");
return false;
@@ -236,15 +261,21 @@ static bool TestCipher(FileTest *t, void *arg) {
}
// By default, both directions are run, unless overridden by the operation.
- if (operation != kDecrypt &&
- !TestOperation(t, cipher, true /* encrypt */, key, iv, plaintext,
- ciphertext, aad, tag)) {
- return false;
+ if (operation != kDecrypt) {
+ if (!TestOperation(t, cipher, true /* encrypt */, false /* single-shot */,
+ key, iv, plaintext, ciphertext, aad, tag) ||
+ !TestOperation(t, cipher, true /* encrypt */, true /* streaming */, key,
+ iv, plaintext, ciphertext, aad, tag)) {
+ return false;
+ }
}
- if (operation != kEncrypt &&
- !TestOperation(t, cipher, false /* decrypt */, key, iv, plaintext,
- ciphertext, aad, tag)) {
- return false;
+ if (operation != kEncrypt) {
+ if (!TestOperation(t, cipher, false /* decrypt */, false /* single-shot */,
+ key, iv, plaintext, ciphertext, aad, tag) ||
+ !TestOperation(t, cipher, false /* decrypt */, true /* streaming */,
+ key, iv, plaintext, ciphertext, aad, tag)) {
+ return false;
+ }
}
return true;
diff --git a/src/crypto/cipher/e_aes.c b/src/crypto/cipher/e_aes.c
index 41d0aec..e8905f6 100644
--- a/src/crypto/cipher/e_aes.c
+++ b/src/crypto/cipher/e_aes.c
@@ -64,7 +64,7 @@
#include "../modes/internal.h"
#if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
-#include "../arm_arch.h"
+#include <openssl/arm_arch.h>
#endif
@@ -98,8 +98,6 @@ typedef struct {
#if !defined(OPENSSL_NO_ASM) && \
(defined(OPENSSL_X86_64) || defined(OPENSSL_X86))
#define VPAES
-extern unsigned int OPENSSL_ia32cap_P[];
-
static char vpaes_capable(void) {
return (OPENSSL_ia32cap_P[1] & (1 << (41 - 32))) != 0;
}
@@ -113,7 +111,6 @@ static char bsaes_capable(void) {
#elif !defined(OPENSSL_NO_ASM) && \
(defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
-#include "../arm_arch.h"
#if defined(OPENSSL_ARM) && __ARM_MAX_ARCH__ >= 7
#define BSAES
@@ -338,7 +335,7 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
}
if (ret < 0) {
- OPENSSL_PUT_ERROR(CIPHER, aes_init_key, CIPHER_R_AES_KEY_SETUP_FAILED);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED);
return 0;
}
@@ -711,7 +708,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
} else {
if (!ctx->encrypt) {
if (gctx->taglen < 0 ||
- !CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen) != 0) {
+ !CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen)) {
return -1;
}
gctx->iv_set = 0;
@@ -853,7 +850,7 @@ static int aesni_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
}
if (ret < 0) {
- OPENSSL_PUT_ERROR(CIPHER, aesni_init_key, CIPHER_R_AES_KEY_SETUP_FAILED);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED);
return 0;
}
@@ -1066,7 +1063,7 @@ static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
const size_t key_bits = key_len * 8;
if (key_bits != 128 && key_bits != 256) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_init, CIPHER_R_BAD_KEY_LENGTH);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH);
return 0; /* EVP_AEAD_CTX_init should catch this. */
}
@@ -1075,7 +1072,7 @@ static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
}
if (tag_len > EVP_AEAD_AES_GCM_TAG_LEN) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_init, CIPHER_R_TAG_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TAG_TOO_LARGE);
return 0;
}
@@ -1108,12 +1105,12 @@ static int aead_aes_gcm_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
GCM128_CONTEXT gcm;
if (in_len + gcm_ctx->tag_len < in_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_seal, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (max_out_len < in_len + gcm_ctx->tag_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_seal, CIPHER_R_BUFFER_TOO_SMALL);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
@@ -1152,14 +1149,14 @@ static int aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
GCM128_CONTEXT gcm;
if (in_len < gcm_ctx->tag_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_open, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
plaintext_len = in_len - gcm_ctx->tag_len;
if (max_out_len < plaintext_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_open, CIPHER_R_BUFFER_TOO_SMALL);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
@@ -1185,7 +1182,7 @@ static int aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len);
if (CRYPTO_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_open, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
@@ -1239,7 +1236,7 @@ static int aead_aes_key_wrap_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
const size_t key_bits = key_len * 8;
if (key_bits != 128 && key_bits != 256) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_init, CIPHER_R_BAD_KEY_LENGTH);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH);
return 0; /* EVP_AEAD_CTX_init should catch this. */
}
@@ -1248,14 +1245,13 @@ static int aead_aes_key_wrap_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
}
if (tag_len != 8) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_init,
- CIPHER_R_UNSUPPORTED_TAG_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_TAG_SIZE);
return 0;
}
kw_ctx = OPENSSL_malloc(sizeof(struct aead_aes_key_wrap_ctx));
if (kw_ctx == NULL) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_init, ERR_R_MALLOC_FAILURE);
+ OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE);
return 0;
}
@@ -1293,8 +1289,7 @@ static int aead_aes_key_wrap_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
uint8_t A[AES_BLOCK_SIZE];
if (ad_len != 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal,
- CIPHER_R_UNSUPPORTED_AD_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_AD_SIZE);
return 0;
}
@@ -1304,14 +1299,12 @@ static int aead_aes_key_wrap_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
}
if (nonce_len != 8) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal,
- CIPHER_R_UNSUPPORTED_NONCE_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
return 0;
}
if (in_len % 8 != 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal,
- CIPHER_R_UNSUPPORTED_INPUT_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_INPUT_SIZE);
return 0;
}
@@ -1320,32 +1313,29 @@ static int aead_aes_key_wrap_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
* conservatively cap it to 2^32-16 to stop 32-bit platforms complaining that
* a comparison is always true. */
if (in_len > 0xfffffff0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
n = in_len / 8;
if (n < 2) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal,
- CIPHER_R_UNSUPPORTED_INPUT_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_INPUT_SIZE);
return 0;
}
if (in_len + 8 < in_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (max_out_len < in_len + 8) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal,
- CIPHER_R_BUFFER_TOO_SMALL);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
if (AES_set_encrypt_key(kw_ctx->key, kw_ctx->key_bits, &ks.ks) < 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal,
- CIPHER_R_AES_KEY_SETUP_FAILED);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED);
return 0;
}
@@ -1388,8 +1378,7 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
uint8_t A[AES_BLOCK_SIZE];
if (ad_len != 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open,
- CIPHER_R_UNSUPPORTED_AD_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_AD_SIZE);
return 0;
}
@@ -1399,14 +1388,12 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
}
if (nonce_len != 8) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open,
- CIPHER_R_UNSUPPORTED_NONCE_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
return 0;
}
if (in_len % 8 != 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open,
- CIPHER_R_UNSUPPORTED_INPUT_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_INPUT_SIZE);
return 0;
}
@@ -1415,26 +1402,24 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
* conservatively cap it to 2^32-8 to stop 32-bit platforms complaining that
* a comparison is always true. */
if (in_len > 0xfffffff8) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (in_len < 24) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
n = (in_len / 8) - 1;
if (max_out_len < in_len - 8) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open,
- CIPHER_R_BUFFER_TOO_SMALL);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
if (AES_set_decrypt_key(kw_ctx->key, kw_ctx->key_bits, &ks.ks) < 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open,
- CIPHER_R_AES_KEY_SETUP_FAILED);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED);
return 0;
}
@@ -1457,7 +1442,7 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
}
if (CRYPTO_memcmp(A, nonce, 8) != 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
@@ -1541,15 +1526,13 @@ static int aead_aes_ctr_hmac_sha256_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
static const size_t hmac_key_len = 32;
if (key_len < hmac_key_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init,
- CIPHER_R_BAD_KEY_LENGTH);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH);
return 0; /* EVP_AEAD_CTX_init should catch this. */
}
const size_t aes_key_len = key_len - hmac_key_len;
if (aes_key_len != 16 && aes_key_len != 32) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init,
- CIPHER_R_BAD_KEY_LENGTH);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH);
return 0; /* EVP_AEAD_CTX_init should catch this. */
}
@@ -1558,15 +1541,13 @@ static int aead_aes_ctr_hmac_sha256_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
}
if (tag_len > EVP_AEAD_AES_CTR_HMAC_SHA256_TAG_LEN) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init,
- CIPHER_R_TAG_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TAG_TOO_LARGE);
return 0;
}
aes_ctx = OPENSSL_malloc(sizeof(struct aead_aes_ctr_hmac_sha256_ctx));
if (aes_ctx == NULL) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init,
- ERR_R_MALLOC_FAILURE);
+ OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE);
return 0;
}
@@ -1666,20 +1647,17 @@ static int aead_aes_ctr_hmac_sha256_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
if (in_len + aes_ctx->tag_len < in_len ||
/* This input is so large it would overflow the 32-bit block counter. */
in_len_64 >= (OPENSSL_U64(1) << 32) * AES_BLOCK_SIZE) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_seal,
- CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (max_out_len < in_len + aes_ctx->tag_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_seal,
- CIPHER_R_BUFFER_TOO_SMALL);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
if (nonce_len != EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_seal,
- CIPHER_R_UNSUPPORTED_NONCE_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
return 0;
}
@@ -1703,22 +1681,19 @@ static int aead_aes_ctr_hmac_sha256_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
size_t plaintext_len;
if (in_len < aes_ctx->tag_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open,
- CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
plaintext_len = in_len - aes_ctx->tag_len;
if (max_out_len < plaintext_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open,
- CIPHER_R_BUFFER_TOO_SMALL);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
if (nonce_len != EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open,
- CIPHER_R_UNSUPPORTED_NONCE_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
return 0;
}
@@ -1727,8 +1702,7 @@ static int aead_aes_ctr_hmac_sha256_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
&aes_ctx->outer_init_state, ad, ad_len, nonce, in,
plaintext_len);
if (CRYPTO_memcmp(hmac_result, in + plaintext_len, aes_ctx->tag_len) != 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open,
- CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
diff --git a/src/crypto/cipher/e_chacha20poly1305.c b/src/crypto/cipher/e_chacha20poly1305.c
index ebf0088..9dda1b0 100644
--- a/src/crypto/cipher/e_chacha20poly1305.c
+++ b/src/crypto/cipher/e_chacha20poly1305.c
@@ -42,7 +42,7 @@ static int aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
}
if (tag_len > POLY1305_TAG_LEN) {
- OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_init, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
@@ -107,23 +107,22 @@ static int aead_chacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
* Casting to uint64_t inside the conditional is not sufficient to stop
* the warning. */
if (in_len_64 >= (1ull << 32) * 64 - 64) {
- OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_seal, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (in_len + c20_ctx->tag_len < in_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_seal, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (max_out_len < in_len + c20_ctx->tag_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_seal,
- CIPHER_R_BUFFER_TOO_SMALL);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
if (nonce_len != CHACHA20_NONCE_LEN) {
- OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_seal, CIPHER_R_IV_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_IV_TOO_LARGE);
return 0;
}
@@ -156,7 +155,7 @@ static int aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
const uint64_t in_len_64 = in_len;
if (in_len < c20_ctx->tag_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_open, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
@@ -168,20 +167,19 @@ static int aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
* Casting to uint64_t inside the conditional is not sufficient to stop
* the warning. */
if (in_len_64 >= (1ull << 32) * 64 - 64) {
- OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_open, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (nonce_len != CHACHA20_NONCE_LEN) {
- OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_open, CIPHER_R_IV_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_IV_TOO_LARGE);
return 0;
}
plaintext_len = in_len - c20_ctx->tag_len;
if (max_out_len < plaintext_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_open,
- CIPHER_R_BUFFER_TOO_SMALL);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
@@ -195,7 +193,7 @@ static int aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
CRYPTO_poly1305_finish(&poly1305, mac);
if (CRYPTO_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_open, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
diff --git a/src/crypto/cipher/e_des.c b/src/crypto/cipher/e_des.c
index 74e1fce..b1d312c 100644
--- a/src/crypto/cipher/e_des.c
+++ b/src/crypto/cipher/e_des.c
@@ -96,6 +96,31 @@ static const EVP_CIPHER des_cbc = {
const EVP_CIPHER *EVP_des_cbc(void) { return &des_cbc; }
+static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
+ size_t in_len) {
+ if (in_len < ctx->cipher->block_size) {
+ return 1;
+ }
+ in_len -= ctx->cipher->block_size;
+
+ EVP_DES_KEY *dat = (EVP_DES_KEY *) ctx->cipher_data;
+ size_t i;
+ for (i = 0; i <= in_len; i += ctx->cipher->block_size) {
+ DES_ecb_encrypt((DES_cblock *) (in + i), (DES_cblock *) (out + i),
+ &dat->ks.ks, ctx->encrypt);
+ }
+ return 1;
+}
+
+static const EVP_CIPHER des_ecb = {
+ NID_des_ecb, 8 /* block_size */, 8 /* key_size */,
+ 0 /* iv_len */, sizeof(EVP_DES_KEY), EVP_CIPH_ECB_MODE,
+ NULL /* app_data */, des_init_key, des_ecb_cipher,
+ NULL /* cleanup */, NULL /* ctrl */, };
+
+const EVP_CIPHER *EVP_des_ecb(void) { return &des_ecb; }
+
+
typedef struct {
union {
double align;
@@ -126,10 +151,57 @@ static int des_ede3_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
return 1;
}
-static const EVP_CIPHER des3_cbc = {
- NID_des_cbc, 8 /* block_size */, 24 /* key_size */,
+static const EVP_CIPHER des_ede3_cbc = {
+ NID_des_ede3_cbc, 8 /* block_size */, 24 /* key_size */,
8 /* iv_len */, sizeof(DES_EDE_KEY), EVP_CIPH_CBC_MODE,
NULL /* app_data */, des_ede3_init_key, des_ede3_cbc_cipher,
NULL /* cleanup */, NULL /* ctrl */, };
-const EVP_CIPHER *EVP_des_ede3_cbc(void) { return &des3_cbc; }
+const EVP_CIPHER *EVP_des_ede3_cbc(void) { return &des_ede3_cbc; }
+
+
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
+ const uint8_t *iv, int enc) {
+ DES_cblock *deskey = (DES_cblock *) key;
+ DES_EDE_KEY *dat = (DES_EDE_KEY *) ctx->cipher_data;
+
+ DES_set_key(&deskey[0], &dat->ks.ks[0]);
+ DES_set_key(&deskey[1], &dat->ks.ks[1]);
+ DES_set_key(&deskey[0], &dat->ks.ks[2]);
+
+ return 1;
+}
+
+static const EVP_CIPHER des_ede_cbc = {
+ NID_des_ede_cbc, 8 /* block_size */, 16 /* key_size */,
+ 8 /* iv_len */, sizeof(DES_EDE_KEY), EVP_CIPH_CBC_MODE,
+ NULL /* app_data */, des_ede_init_key , des_ede3_cbc_cipher,
+ NULL /* cleanup */, NULL /* ctrl */, };
+
+const EVP_CIPHER *EVP_des_ede_cbc(void) { return &des_ede_cbc; }
+
+
+static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
+ const uint8_t *in, size_t in_len) {
+ if (in_len < ctx->cipher->block_size) {
+ return 1;
+ }
+ in_len -= ctx->cipher->block_size;
+
+ DES_EDE_KEY *dat = (DES_EDE_KEY *) ctx->cipher_data;
+ size_t i;
+ for (i = 0; i <= in_len; i += ctx->cipher->block_size) {
+ DES_ecb3_encrypt((DES_cblock *) (in + i), (DES_cblock *) (out + i),
+ &dat->ks.ks[0], &dat->ks.ks[1], &dat->ks.ks[2],
+ ctx->encrypt);
+ }
+ return 1;
+}
+
+static const EVP_CIPHER des_ede_ecb = {
+ NID_des_ede_cbc, 8 /* block_size */, 16 /* key_size */,
+ 0 /* iv_len */, sizeof(DES_EDE_KEY), EVP_CIPH_ECB_MODE,
+ NULL /* app_data */, des_ede_init_key , des_ede_ecb_cipher,
+ NULL /* cleanup */, NULL /* ctrl */, };
+
+const EVP_CIPHER *EVP_des_ede(void) { return &des_ede_ecb; }
diff --git a/src/crypto/cipher/e_rc2.c b/src/crypto/cipher/e_rc2.c
index c90ab93..8ca7bba 100644
--- a/src/crypto/cipher/e_rc2.c
+++ b/src/crypto/cipher/e_rc2.c
@@ -395,13 +395,18 @@ static int rc2_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) {
case EVP_CTRL_INIT:
key->key_bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
return 1;
+ case EVP_CTRL_SET_RC2_KEY_BITS:
+ /* Should be overridden by later call to |EVP_CTRL_INIT|, but
+ * people call it, so it may as well work. */
+ key->key_bits = arg;
+ return 1;
default:
return -1;
}
}
-static const EVP_CIPHER rc2_40_cbc_cipher = {
+static const EVP_CIPHER rc2_40_cbc = {
NID_rc2_40_cbc,
8 /* block size */,
5 /* 40 bit */,
@@ -416,5 +421,23 @@ static const EVP_CIPHER rc2_40_cbc_cipher = {
};
const EVP_CIPHER *EVP_rc2_40_cbc(void) {
- return &rc2_40_cbc_cipher;
+ return &rc2_40_cbc;
+}
+
+static const EVP_CIPHER rc2_cbc = {
+ NID_rc2_cbc,
+ 8 /* block size */,
+ 16 /* 128 bit */,
+ 8 /* iv len */,
+ sizeof(EVP_RC2_KEY),
+ EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+ NULL /* app_data */,
+ rc2_init_key,
+ rc2_cbc_cipher,
+ NULL,
+ rc2_ctrl,
+};
+
+const EVP_CIPHER *EVP_rc2_cbc(void) {
+ return &rc2_cbc;
}
diff --git a/src/crypto/cipher/e_rc4.c b/src/crypto/cipher/e_rc4.c
index 80dea36..e05b9fd 100644
--- a/src/crypto/cipher/e_rc4.c
+++ b/src/crypto/cipher/e_rc4.c
@@ -115,20 +115,20 @@ aead_rc4_md5_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len,
}
if (tag_len > MD5_DIGEST_LENGTH) {
- OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_init, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
/* The keys consists of |MD5_DIGEST_LENGTH| bytes of HMAC(MD5) key followed
* by some number of bytes of RC4 key. */
if (key_len <= MD5_DIGEST_LENGTH) {
- OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_init, CIPHER_R_BAD_KEY_LENGTH);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH);
return 0;
}
rc4_ctx = OPENSSL_malloc(sizeof(struct aead_rc4_md5_tls_ctx));
if (rc4_ctx == NULL) {
- OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_init, ERR_R_MALLOC_FAILURE);
+ OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE);
return 0;
}
memset(rc4_ctx, 0, sizeof(struct aead_rc4_md5_tls_ctx));
@@ -185,22 +185,22 @@ static int aead_rc4_md5_tls_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
uint8_t digest[MD5_DIGEST_LENGTH];
if (in_len + rc4_ctx->tag_len < in_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_seal, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (nonce_len != 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_seal, CIPHER_R_IV_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_IV_TOO_LARGE);
return 0;
}
if (max_out_len < in_len + rc4_ctx->tag_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_seal, CIPHER_R_BUFFER_TOO_SMALL);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
if (nonce_len != 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_seal, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
@@ -288,21 +288,21 @@ static int aead_rc4_md5_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
uint8_t digest[MD5_DIGEST_LENGTH];
if (in_len < rc4_ctx->tag_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_open, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
plaintext_len = in_len - rc4_ctx->tag_len;
if (nonce_len != 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_open, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (max_out_len < in_len) {
/* This requires that the caller provide space for the MAC, even though it
* will always be removed on return. */
- OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_open, CIPHER_R_BUFFER_TOO_SMALL);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
@@ -366,7 +366,7 @@ static int aead_rc4_md5_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
MD5_Final(digest, &md);
if (CRYPTO_memcmp(out + plaintext_len, digest, rc4_ctx->tag_len)) {
- OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_open, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
diff --git a/src/crypto/cipher/e_ssl3.c b/src/crypto/cipher/e_ssl3.c
index 1031d9b..389c52f 100644
--- a/src/crypto/cipher/e_ssl3.c
+++ b/src/crypto/cipher/e_ssl3.c
@@ -85,12 +85,12 @@ static int aead_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len,
const EVP_CIPHER *cipher, const EVP_MD *md) {
if (tag_len != EVP_AEAD_DEFAULT_TAG_LENGTH &&
tag_len != EVP_MD_size(md)) {
- OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_init, CIPHER_R_UNSUPPORTED_TAG_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_TAG_SIZE);
return 0;
}
if (key_len != EVP_AEAD_key_length(ctx->aead)) {
- OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_init, CIPHER_R_BAD_KEY_LENGTH);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH);
return 0;
}
@@ -102,7 +102,7 @@ static int aead_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len,
AEAD_SSL3_CTX *ssl3_ctx = OPENSSL_malloc(sizeof(AEAD_SSL3_CTX));
if (ssl3_ctx == NULL) {
- OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_init, ERR_R_MALLOC_FAILURE);
+ OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE);
return 0;
}
EVP_CIPHER_CTX_init(&ssl3_ctx->cipher_ctx);
@@ -133,29 +133,29 @@ static int aead_ssl3_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
if (!ssl3_ctx->cipher_ctx.encrypt) {
/* Unlike a normal AEAD, an SSL3 AEAD may only be used in one direction. */
- OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_seal, CIPHER_R_INVALID_OPERATION);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_OPERATION);
return 0;
}
if (in_len + EVP_AEAD_max_overhead(ctx->aead) < in_len ||
in_len > INT_MAX) {
/* EVP_CIPHER takes int as input. */
- OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_seal, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (max_out_len < in_len + EVP_AEAD_max_overhead(ctx->aead)) {
- OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_seal, CIPHER_R_BUFFER_TOO_SMALL);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
if (nonce_len != 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_seal, CIPHER_R_IV_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_IV_TOO_LARGE);
return 0;
}
if (ad_len != 11 - 2 /* length bytes */) {
- OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_seal, CIPHER_R_INVALID_AD_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_AD_SIZE);
return 0;
}
@@ -217,36 +217,36 @@ static int aead_ssl3_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
if (ssl3_ctx->cipher_ctx.encrypt) {
/* Unlike a normal AEAD, an SSL3 AEAD may only be used in one direction. */
- OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_INVALID_OPERATION);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_OPERATION);
return 0;
}
size_t mac_len = EVP_MD_CTX_size(&ssl3_ctx->md_ctx);
if (in_len < mac_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
if (max_out_len < in_len) {
/* This requires that the caller provide space for the MAC, even though it
* will always be removed on return. */
- OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_BUFFER_TOO_SMALL);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
if (nonce_len != 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (ad_len != 11 - 2 /* length bytes */) {
- OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_INVALID_AD_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_AD_SIZE);
return 0;
}
if (in_len > INT_MAX) {
/* EVP_CIPHER takes int as input. */
- OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
@@ -270,12 +270,12 @@ static int aead_ssl3_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
if (EVP_CIPHER_CTX_mode(&ssl3_ctx->cipher_ctx) == EVP_CIPH_CBC_MODE) {
unsigned padding_length = out[total - 1];
if (total < padding_length + 1 + mac_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
/* The padding must be minimal. */
if (padding_length + 1 > EVP_CIPHER_CTX_block_size(&ssl3_ctx->cipher_ctx)) {
- OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
data_len = total - padding_length - 1 - mac_len;
@@ -289,7 +289,7 @@ static int aead_ssl3_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
return 0;
}
if (CRYPTO_memcmp(&out[data_len], mac, mac_len) != 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
@@ -340,6 +340,13 @@ static int aead_des_ede3_cbc_sha1_ssl3_init(EVP_AEAD_CTX *ctx,
EVP_sha1());
}
+static int aead_null_sha1_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
+ size_t key_len, size_t tag_len,
+ enum evp_aead_direction_t dir) {
+ return aead_ssl3_init(ctx, key, key_len, tag_len, dir, EVP_enc_null(),
+ EVP_sha1());
+}
+
static const EVP_AEAD aead_rc4_md5_ssl3 = {
MD5_DIGEST_LENGTH + 16, /* key len (MD5 + RC4) */
0, /* nonce len */
@@ -405,6 +412,19 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_ssl3 = {
NULL, /* get_rc4_state */
};
+static const EVP_AEAD aead_null_sha1_ssl3 = {
+ SHA_DIGEST_LENGTH, /* key len */
+ 0, /* nonce len */
+ SHA_DIGEST_LENGTH, /* overhead (SHA1) */
+ SHA_DIGEST_LENGTH, /* max tag length */
+ NULL, /* init */
+ aead_null_sha1_ssl3_init,
+ aead_ssl3_cleanup,
+ aead_ssl3_seal,
+ aead_ssl3_open,
+ NULL, /* get_rc4_state */
+};
+
const EVP_AEAD *EVP_aead_rc4_md5_ssl3(void) { return &aead_rc4_md5_ssl3; }
const EVP_AEAD *EVP_aead_rc4_sha1_ssl3(void) { return &aead_rc4_sha1_ssl3; }
@@ -420,3 +440,5 @@ const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_ssl3(void) {
const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_ssl3(void) {
return &aead_des_ede3_cbc_sha1_ssl3;
}
+
+const EVP_AEAD *EVP_aead_null_sha1_ssl3(void) { return &aead_null_sha1_ssl3; }
diff --git a/src/crypto/cipher/e_tls.c b/src/crypto/cipher/e_tls.c
index bed02cb..2778881 100644
--- a/src/crypto/cipher/e_tls.c
+++ b/src/crypto/cipher/e_tls.c
@@ -57,12 +57,12 @@ static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len,
char implicit_iv) {
if (tag_len != EVP_AEAD_DEFAULT_TAG_LENGTH &&
tag_len != EVP_MD_size(md)) {
- OPENSSL_PUT_ERROR(CIPHER, aead_tls_init, CIPHER_R_UNSUPPORTED_TAG_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_TAG_SIZE);
return 0;
}
if (key_len != EVP_AEAD_key_length(ctx->aead)) {
- OPENSSL_PUT_ERROR(CIPHER, aead_tls_init, CIPHER_R_BAD_KEY_LENGTH);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH);
return 0;
}
@@ -75,7 +75,7 @@ static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len,
AEAD_TLS_CTX *tls_ctx = OPENSSL_malloc(sizeof(AEAD_TLS_CTX));
if (tls_ctx == NULL) {
- OPENSSL_PUT_ERROR(CIPHER, aead_tls_init, ERR_R_MALLOC_FAILURE);
+ OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE);
return 0;
}
EVP_CIPHER_CTX_init(&tls_ctx->cipher_ctx);
@@ -109,7 +109,7 @@ static int aead_tls_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
if (!tls_ctx->cipher_ctx.encrypt) {
/* Unlike a normal AEAD, a TLS AEAD may only be used in one direction. */
- OPENSSL_PUT_ERROR(CIPHER, aead_tls_seal, CIPHER_R_INVALID_OPERATION);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_OPERATION);
return 0;
}
@@ -117,22 +117,22 @@ static int aead_tls_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
if (in_len + EVP_AEAD_max_overhead(ctx->aead) < in_len ||
in_len > INT_MAX) {
/* EVP_CIPHER takes int as input. */
- OPENSSL_PUT_ERROR(CIPHER, aead_tls_seal, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (max_out_len < in_len + EVP_AEAD_max_overhead(ctx->aead)) {
- OPENSSL_PUT_ERROR(CIPHER, aead_tls_seal, CIPHER_R_BUFFER_TOO_SMALL);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
if (nonce_len != EVP_AEAD_nonce_length(ctx->aead)) {
- OPENSSL_PUT_ERROR(CIPHER, aead_tls_seal, CIPHER_R_INVALID_NONCE_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE);
return 0;
}
if (ad_len != 13 - 2 /* length bytes */) {
- OPENSSL_PUT_ERROR(CIPHER, aead_tls_seal, CIPHER_R_INVALID_AD_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_AD_SIZE);
return 0;
}
@@ -214,36 +214,36 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
if (tls_ctx->cipher_ctx.encrypt) {
/* Unlike a normal AEAD, a TLS AEAD may only be used in one direction. */
- OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_INVALID_OPERATION);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_OPERATION);
return 0;
}
if (in_len < HMAC_size(&tls_ctx->hmac_ctx)) {
- OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
if (max_out_len < in_len) {
/* This requires that the caller provide space for the MAC, even though it
* will always be removed on return. */
- OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_BUFFER_TOO_SMALL);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
if (nonce_len != EVP_AEAD_nonce_length(ctx->aead)) {
- OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_INVALID_NONCE_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE);
return 0;
}
if (ad_len != 13 - 2 /* length bytes */) {
- OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_INVALID_AD_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_AD_SIZE);
return 0;
}
if (in_len > INT_MAX) {
/* EVP_CIPHER takes int as input. */
- OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
@@ -278,7 +278,7 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
(unsigned)HMAC_size(&tls_ctx->hmac_ctx));
/* Publicly invalid. This can be rejected in non-constant time. */
if (padding_ok == 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
} else {
@@ -312,7 +312,7 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
if (!EVP_tls_cbc_digest_record(tls_ctx->hmac_ctx.md, mac, &mac_len,
ad_fixed, out, data_plus_mac_len, total,
tls_ctx->mac_key, tls_ctx->mac_key_len)) {
- OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
assert(mac_len == HMAC_size(&tls_ctx->hmac_ctx));
@@ -349,7 +349,7 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
0);
good &= constant_time_eq_int(padding_ok, 1);
if (!good) {
- OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
@@ -444,6 +444,13 @@ static int aead_rc4_sha1_tls_get_rc4_state(const EVP_AEAD_CTX *ctx,
return 1;
}
+static int aead_null_sha1_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
+ size_t key_len, size_t tag_len,
+ enum evp_aead_direction_t dir) {
+ return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_enc_null(),
+ EVP_sha1(), 1 /* implicit iv */);
+}
+
static const EVP_AEAD aead_rc4_sha1_tls = {
SHA_DIGEST_LENGTH + 16, /* key len (SHA1 + RC4) */
0, /* nonce len */
@@ -574,6 +581,19 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_tls_implicit_iv = {
NULL, /* get_rc4_state */
};
+static const EVP_AEAD aead_null_sha1_tls = {
+ SHA_DIGEST_LENGTH, /* key len */
+ 0, /* nonce len */
+ SHA_DIGEST_LENGTH, /* overhead (SHA1) */
+ SHA_DIGEST_LENGTH, /* max tag length */
+ NULL, /* init */
+ aead_null_sha1_tls_init,
+ aead_tls_cleanup,
+ aead_tls_seal,
+ aead_tls_open,
+ NULL, /* get_rc4_state */
+};
+
const EVP_AEAD *EVP_aead_rc4_sha1_tls(void) { return &aead_rc4_sha1_tls; }
const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_tls(void) {
@@ -611,3 +631,5 @@ const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls(void) {
const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv(void) {
return &aead_des_ede3_cbc_sha1_tls_implicit_iv;
}
+
+const EVP_AEAD *EVP_aead_null_sha1_tls(void) { return &aead_null_sha1_tls; }
diff --git a/src/crypto/cipher/test/aes_128_gcm_tests.txt b/src/crypto/cipher/test/aes_128_gcm_tests.txt
index 5f7ad35..75466fe 100644
--- a/src/crypto/cipher/test/aes_128_gcm_tests.txt
+++ b/src/crypto/cipher/test/aes_128_gcm_tests.txt
@@ -418,3 +418,9 @@ AD: 18e2ed6d500b176e49f7e1b5074c0b7dbfdefdf00a63d9fa2fea8c5e78a1c4ae00f17b234429
CT: 5f3627bd53f8da0bbe6f3c9246d6f96fe9abb91cdecf66ddd42f833d98f4d4634c2e1e1ad4088c84c22191bdb9d99ef227320e455dd112c4a9e9cca95724fcc9ae024ed12bf60a802d0b87b99d9bf22590786567c2962171d2b05bec9754c627608e9eba7bccc70540aa4da72e1e04b26d8f968b10230f707501c0091a8ac118f86e87aae1ac00257aee29c3345bd3839154977acd378fc1b2197f5c1fd8e12262f9c2974fb92dc481eeb51aadd44a8851f61b93a84ba57f2870df0423d289bfdcfe634f9ecb7d7c6110a95b49418a2dd6663377690275c205b3efa79a0a77c92567fb429d8ee437312a39df7516dc238f7b9414938223d7ec24d256d3fb3a5954a7c75dbd79486d49ba6bb38a7ccce0f58700260b71319adf98ab8684e34913abe2d9d97193e2
TAG: e690e89af39ff367f5d40a1b7c7ccd4f
+KEY: 31323334353637383930313233343536
+NONCE: 31323334353637383930313233343536
+IN: 48656c6c6f2c20576f726c64
+AD:
+CT: cec189d0e8419b90fb16d555
+TAG: 32893832a8d609224d77c2e56a922282
diff --git a/src/crypto/cipher/test/cipher_test.txt b/src/crypto/cipher/test/cipher_test.txt
index 93cb8f3..21fffdb 100644
--- a/src/crypto/cipher/test/cipher_test.txt
+++ b/src/crypto/cipher/test/cipher_test.txt
@@ -38,6 +38,22 @@ Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
+# DES EDE CBC tests
+Cipher = DES-EDE-CBC
+Key = 0123456789abcdeff1e0d3c2b5a49786
+IV = fedcba9876543210
+Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
+Ciphertext = 7948C0DA4FE91CD815DCA96DBC9B60A857EB954F4DEB08EB98722642AE69257B
+
+
+# DES EDE tests
+Cipher = DES-EDE
+Key = 0123456789abcdeff1e0d3c2b5a49786
+IV = fedcba9876543210
+Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
+Ciphertext = 22E889402E28422F8167AD279D90A566DA75B734E12C671FC2669AECB3E4FE8F
+
+
# AES 128 ECB tests (from FIPS-197 test vectors, encrypt)
Cipher = AES-128-ECB
Key = 000102030405060708090A0B0C0D0E0F
@@ -360,6 +376,13 @@ Ciphertext = 6268c6fa2a80b2d137467f092f657ac04d89be2beaa623d61b5a868c8f03ff95d3d
AAD = 00000000000000000000000000000000101112131415161718191a1b1c1d1e1f
Tag = 3b629ccfbc1119b7319e1dce2cd6fd6d
+Cipher = AES-128-GCM
+Key = 31323334353637383930313233343536
+IV = 31323334353637383930313233343536
+Plaintext = 48656c6c6f2c20576f726c64
+Ciphertext = cec189d0e8419b90fb16d555
+Tag = 32893832a8d609224d77c2e56a922282
+AAD =
# OFB tests from OpenSSL upstream.
@@ -535,3 +558,40 @@ Cipher = AES-192-ECB
Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
Ciphertext = 9A4B41BA738D6C72FB16691603C18E0E
+
+# DES ECB tests
+
+Cipher = DES-ECB
+Key = 0000000000000000
+Plaintext = 0000000000000000
+Ciphertext = 8CA64DE9C1B123A7
+
+Cipher = DES-ECB
+Key = FFFFFFFFFFFFFFFF
+Plaintext = FFFFFFFFFFFFFFFF
+Ciphertext = 7359B2163E4EDC58
+
+Cipher = DES-ECB
+Key = 3000000000000000
+Plaintext = 1000000000000001
+Ciphertext = 958E6E627A05557B
+
+Cipher = DES-ECB
+Key = 1111111111111111
+Plaintext = 1111111111111111
+Ciphertext = F40379AB9E0EC533
+
+Cipher = DES-ECB
+Key = 0123456789ABCDEF
+Plaintext = 1111111111111111
+Ciphertext = 17668DFC7292532D
+
+Cipher = DES-ECB
+Key = 1111111111111111
+Plaintext = 0123456789ABCDEF
+Ciphertext = 8A5AE1F81AB8F2DD
+
+Cipher = DES-ECB
+Key = FEDCBA9876543210
+Plaintext = 0123456789ABCDEF
+Ciphertext = ED39D950FA74BCC4